summaryrefslogtreecommitdiffstats
path: root/data/CVE/2021.list
diff options
context:
space:
mode:
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r--data/CVE/2021.list71102
1 files changed, 71102 insertions, 0 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
new file mode 100644
index 0000000000..06406baf29
--- /dev/null
+++ b/data/CVE/2021.list
@@ -0,0 +1,71102 @@
+CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...)
+ NOT-FOR-US: PreMiD
+CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
+ - libsixel <unfixed>
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/158
+CVE-2021-4222
+ RESERVED
+CVE-2021-4221
+ RESERVED
+CVE-2021-46699
+ RESERVED
+CVE-2021-4220
+ REJECTED
+CVE-2021-4219
+ RESERVED
+CVE-2021-46687
+ RESERVED
+CVE-2021-46270
+ RESERVED
+CVE-2021-45730
+ RESERVED
+CVE-2021-45721
+ RESERVED
+CVE-2021-45074
+ RESERVED
+CVE-2021-41834
+ RESERVED
+CVE-2021-23163
+ RESERVED
+CVE-2021-22590
+ RESERVED
+CVE-2021-46681
+ RESERVED
+CVE-2021-46680
+ RESERVED
+CVE-2021-46679
+ RESERVED
+CVE-2021-46678
+ RESERVED
+CVE-2021-46677
+ RESERVED
+CVE-2021-46676
+ RESERVED
+CVE-2021-46675
+ RESERVED
+CVE-2021-46674
+ RESERVED
+CVE-2021-46673
+ RESERVED
+CVE-2021-46672
+ RESERVED
+CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...)
+ - atftp 0.7.git20210915-1 (bug #1004974)
+ [bullseye] - atftp <no-dsa> (Minor issue)
+ [buster] - atftp <no-dsa> (Minor issue)
+ [stretch] - atftp <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
+CVE-2021-46670
+ RESERVED
+CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25638
+CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25787
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an ...)
+ - mariadb-10.6 1:10.6.5-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-26350
+ NOTE: Fixed in MariaDB: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5
+CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of mishandli ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25635
+ NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
+CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash because ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25636
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in sub_select_postj ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25761
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application crash via ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-26351
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash via certa ...)
+ - mariadb-10.6 1:10.6.5-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25637
+ NOTE: https://jira.mariadb.org/browse/MDEV-22464
+ NOTE: Fixed in MariaDB: 10.3.32, 10.4.22, 10.5.13, 10.6.5
+CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field_in_ta ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25766
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-4218
+ RESERVED
+ - linux 5.8.7-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359
+ NOTE: Fixed by: https://git.kernel.org/linus/32927393dc1ccd60fb2bdc05b9e8e88753761469 (5.8-rc1)
+CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...)
+ NOT-FOR-US: Signiant Manager+Agents
+CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25631
+ NOTE: Fixed in MariaDB: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2
+CVE-2021-46658 (save_window_function_values in MariaDB before 10.6.3 allows an applica ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25630
+ NOTE: Fixed in MariaDB: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.3
+CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application crash ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25629
+ NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
+CVE-2021-4217 [Null pointer dereference in Unicode strings code]
+ RESERVED
+ - unzip <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-4216
+ RESERVED
+CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
+ NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API
+CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
+ NOT-FOR-US: Moxa
+CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...)
+ NOT-FOR-US: Moxa
+CVE-2021-4215
+ RESERVED
+CVE-2021-4214
+ RESERVED
+ - libpng1.6 <unfixed> (unimportant)
+ NOTE: https://github.com/glennrp/libpng/issues/302
+ NOTE: Crash in CLI package, not shipped in binary packages
+CVE-2021-4213
+ RESERVED
+ - jss <unfixed>
+ [bullseye] - jss <no-dsa> (Minor issue)
+ [buster] - jss <no-dsa> (Minor issue)
+ [stretch] - jss <postponed> (revisit when/if fix is complete)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
+ NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
+CVE-2021-4212
+ RESERVED
+CVE-2021-4211
+ RESERVED
+CVE-2021-4210
+ RESERVED
+CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...)
+ NOT-FOR-US: Issabel
+CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...)
+ NOT-FOR-US: Vicidial
+CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46555
+ RESERVED
+CVE-2021-46554 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46553 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46552
+ RESERVED
+CVE-2021-46551
+ RESERVED
+CVE-2021-46550 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46549 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46548 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46547 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46546 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46545 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46544 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46543 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46542 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46541 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46540 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46539 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46538 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46537 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46536
+ RESERVED
+CVE-2021-46535 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46534 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46533
+ RESERVED
+CVE-2021-46532 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46531 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46530 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46529 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46528 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46527 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46526 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46525 (Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free vi ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46524 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46523 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46522 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46521 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46520 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46519 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46518 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46517 (There is an Assertion `mjs_stack_size(&amp;mjs-&gt;scopes) &gt; 0' fai ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46516 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46515 (There is an Assertion `mjs_stack_size(&amp;mjs-&gt;scopes) &gt;= scope ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46514 (There is an Assertion 'ppos != NULL &amp;&amp; mjs_is_number(*ppos)' f ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46513 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46512 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46511 (There is an Assertion `m-&gt;len &gt;= sizeof(v)' failed at src/mjs_co ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46510 (There is an Assertion `s &lt; mjs-&gt;owned_strings.buf + mjs-&gt;owne ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46509 (Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snq ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46508 (There is an Assertion `i &lt; parts_cnt' failed at src/mjs_bcode.c in ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46507 (Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46506 (There is an Assertion 'v-&gt;d.lval != v' failed at src/jsiValue.c in ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46505 (Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46504 (There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5 ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46503 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46502 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46501 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortS ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46500 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_A ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46499 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46498 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_w ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46497 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_U ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46496 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_O ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46495 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Delet ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46494 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46493
+ RESERVED
+CVE-2021-46492 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Fu ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46491 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Co ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46490 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Number ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46489 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_D ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46488 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46487 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46486 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46485 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Va ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46484 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_I ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46479
+ RESERVED
+CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46476
+ RESERVED
+CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46473
+ RESERVED
+CVE-2021-46472
+ RESERVED
+CVE-2021-46471
+ RESERVED
+CVE-2021-46470
+ RESERVED
+CVE-2021-46469
+ RESERVED
+CVE-2021-46468
+ RESERVED
+CVE-2021-46467
+ RESERVED
+CVE-2021-46466
+ RESERVED
+CVE-2021-46465
+ RESERVED
+CVE-2021-46464
+ RESERVED
+CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control ...)
+ NOT-FOR-US: njs
+CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...)
+ NOT-FOR-US: njs
+CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...)
+ NOT-FOR-US: njs
+CVE-2021-46460
+ RESERVED
+CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-46457 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46456 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46455 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46454 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46453 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46452 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online Project ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46450
+ RESERVED
+CVE-2021-46449
+ RESERVED
+CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46443
+ RESERVED
+CVE-2021-46442
+ RESERVED
+CVE-2021-46441
+ RESERVED
+CVE-2021-46440
+ RESERVED
+CVE-2021-46439
+ RESERVED
+CVE-2021-46438
+ RESERVED
+CVE-2021-46437
+ RESERVED
+CVE-2021-46436
+ RESERVED
+CVE-2021-46435
+ RESERVED
+CVE-2021-46434
+ RESERVED
+CVE-2021-46433
+ RESERVED
+CVE-2021-46432
+ RESERVED
+CVE-2021-46431
+ RESERVED
+CVE-2021-46430
+ RESERVED
+CVE-2021-46429
+ RESERVED
+CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester S ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46426
+ RESERVED
+CVE-2021-46425
+ RESERVED
+CVE-2021-46424
+ RESERVED
+CVE-2021-46423
+ RESERVED
+CVE-2021-46422
+ RESERVED
+CVE-2021-46421
+ RESERVED
+CVE-2021-46420
+ RESERVED
+CVE-2021-46419
+ RESERVED
+CVE-2021-46418
+ RESERVED
+CVE-2021-46417
+ RESERVED
+CVE-2021-46416
+ RESERVED
+CVE-2021-46415
+ RESERVED
+CVE-2021-46414
+ RESERVED
+CVE-2021-46413
+ RESERVED
+CVE-2021-46412
+ RESERVED
+CVE-2021-46411
+ RESERVED
+CVE-2021-46410
+ RESERVED
+CVE-2021-46409
+ RESERVED
+CVE-2021-46408
+ RESERVED
+CVE-2021-46407
+ RESERVED
+CVE-2021-46406
+ RESERVED
+CVE-2021-46405
+ RESERVED
+CVE-2021-46404
+ RESERVED
+CVE-2021-4209
+ RESERVED
+CVE-2021-46403
+ RESERVED
+CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-46402
+ RESERVED
+CVE-2021-46401
+ RESERVED
+CVE-2021-46400
+ RESERVED
+CVE-2021-46399
+ RESERVED
+CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser &lt; ...)
+ NOT-FOR-US: FileBrowser
+CVE-2021-46397
+ RESERVED
+CVE-2021-46396
+ RESERVED
+CVE-2021-46395
+ RESERVED
+CVE-2021-46394
+ RESERVED
+CVE-2021-46393
+ RESERVED
+CVE-2021-46392
+ RESERVED
+CVE-2021-46391
+ RESERVED
+CVE-2021-46390
+ RESERVED
+CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
+ NOT-FOR-US: IIPImage High Resolution Streaming Image Server
+CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...)
+ NOT-FOR-US: WAGO
+CVE-2021-46387
+ RESERVED
+CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: File U ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: SQL In ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46384
+ RESERVED
+CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: SQL In ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46382
+ RESERVED
+CVE-2021-46381
+ RESERVED
+CVE-2021-46380
+ RESERVED
+CVE-2021-46379
+ RESERVED
+CVE-2021-46378
+ RESERVED
+CVE-2021-46377 (There is a front-end sql injection vulnerability in cszcms 1.2.9 via c ...)
+ NOT-FOR-US: cszcms
+CVE-2021-46376
+ RESERVED
+CVE-2021-46375
+ RESERVED
+CVE-2021-46374
+ RESERVED
+CVE-2021-46373
+ RESERVED
+CVE-2021-46372 (Scoold 1.47.2 is a Q&amp;A/knowledge base platform written in Java. Wh ...)
+ NOT-FOR-US: Scoold
+CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...)
+ NOT-FOR-US: antd-admin
+CVE-2021-46370
+ RESERVED
+CVE-2021-46369
+ RESERVED
+CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...)
+ NOT-FOR-US: TRIGONE Remote System Monitor
+CVE-2021-46367
+ RESERVED
+CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
+ NOT-FOR-US: Composr-CMS
+CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
+ NOT-FOR-US: FISCO-BCOS
+CVE-2021-46358
+ RESERVED
+CVE-2021-46357
+ RESERVED
+CVE-2021-46356
+ RESERVED
+CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To expl ...)
+ NOT-FOR-US: OCS Inventory (not the same as ocsinventory-server)
+CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-46353
+ RESERVED
+CVE-2021-46352
+ RESERVED
+CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940
+CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936
+CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937
+CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941
+CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938
+CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939
+CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920
+CVE-2021-46344 (There is an Assertion 'flags &amp; PARSER_PATTERN_HAS_REST_ELEMENT' fa ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928
+CVE-2021-46343 (There is an Assertion 'context_p-&gt;token.type == LEXER_LITERAL' fail ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921
+CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934
+CVE-2021-46341
+ RESERVED
+CVE-2021-46340 (There is an Assertion 'context_p-&gt;stack_top_uint8 == SCAN_STACK_TRY ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924
+CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...)
+ - iotjs <undetermined>
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935
+CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900
+CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930
+CVE-2021-46336 (There is an Assertion 'opts &amp; PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927
+CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid memory acces ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer overflow vi ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...)
+ NOT-FOR-US: Duktape
+CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46320 (In OpenZeppelin &lt;=v4.4.0, initializer functions that are invoked se ...)
+ NOT-FOR-US: OpenZeppelin
+CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...)
+ NOT-FOR-US: Dlink DIR-846 Router
+CVE-2021-46318
+ RESERVED
+CVE-2021-46317
+ RESERVED
+CVE-2021-46316
+ RESERVED
+CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2039
+ NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba
+CVE-2021-46312
+ RESERVED
+CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2038
+ NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491
+CVE-2021-46310
+ RESERVED
+CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...)
+ NOT-FOR-US: Projectworlds Online Examination System
+CVE-2021-46306
+ RESERVED
+CVE-2021-46305
+ RESERVED
+CVE-2021-46304
+ RESERVED
+CVE-2021-46303
+ RESERVED
+CVE-2021-46302
+ RESERVED
+CVE-2021-46301
+ RESERVED
+CVE-2021-46300
+ RESERVED
+CVE-2021-46299
+ RESERVED
+CVE-2021-46298
+ RESERVED
+CVE-2021-46297
+ RESERVED
+CVE-2021-46296
+ RESERVED
+CVE-2021-46295
+ RESERVED
+CVE-2021-46294
+ RESERVED
+CVE-2021-46293
+ RESERVED
+CVE-2021-46292
+ RESERVED
+CVE-2021-46291
+ RESERVED
+CVE-2021-46290
+ RESERVED
+CVE-2021-46289
+ RESERVED
+CVE-2021-46288
+ RESERVED
+CVE-2021-46287
+ RESERVED
+CVE-2021-46286
+ RESERVED
+CVE-2021-46285
+ RESERVED
+CVE-2021-46284
+ RESERVED
+CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44760
+ RESERVED
+CVE-2021-4207
+ RESERVED
+CVE-2021-4206
+ RESERVED
+CVE-2021-4205
+ RESERVED
+CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23209
+ RESERVED
+CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23150
+ RESERVED
+CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7)
+CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
+ RESERVED
+ - linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4
+CVE-2021-46269
+ RESERVED
+CVE-2021-46268
+ RESERVED
+CVE-2021-46267
+ RESERVED
+CVE-2021-46266
+ RESERVED
+CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46261
+ RESERVED
+CVE-2021-46260
+ RESERVED
+CVE-2021-46259
+ RESERVED
+CVE-2021-46258
+ RESERVED
+CVE-2021-46257
+ RESERVED
+CVE-2021-46256
+ RESERVED
+CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to ...)
+ NOT-FOR-US: eyouCMS
+CVE-2021-46254
+ RESERVED
+CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...)
+ NOT-FOR-US: Anchor CMS
+CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...)
+ NOT-FOR-US: scratch-confirmaccount-v3
+CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46248
+ RESERVED
+CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...)
+ NOT-FOR-US: ASUS
+CVE-2021-46246
+ RESERVED
+CVE-2021-46245
+ RESERVED
+CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1327
+ NOTE: https://github.com/advisories/GHSA-vrxh-5gxg-rmhm
+CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1326
+ NOTE: https://github.com/advisories/GHSA-2rqw-mg55-mp69
+CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1329
+ NOTE: https://github.com/advisories/GHSA-x9pw-hh7v-wjpf
+CVE-2021-46241
+ RESERVED
+CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2028
+ NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d
+CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2026
+ NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4
+CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2027
+ NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf
+CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2033
+ NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00
+CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2024
+ NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d
+CVE-2021-46235
+ RESERVED
+CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2023
+ NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5
+CVE-2021-46233 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46232 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46231 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46230 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46229 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46228 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46227 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46226 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...)
+ NOT-FOR-US: libMeshb
+CVE-2021-46224
+ RESERVED
+CVE-2021-46223
+ RESERVED
+CVE-2021-46222
+ RESERVED
+CVE-2021-46221
+ RESERVED
+CVE-2021-46220
+ RESERVED
+CVE-2021-46219
+ RESERVED
+CVE-2021-46218
+ RESERVED
+CVE-2021-46217
+ RESERVED
+CVE-2021-46216
+ RESERVED
+CVE-2021-46215
+ RESERVED
+CVE-2021-46214
+ RESERVED
+CVE-2021-46213
+ RESERVED
+CVE-2021-46212
+ RESERVED
+CVE-2021-46211
+ RESERVED
+CVE-2021-46210
+ RESERVED
+CVE-2021-46209
+ RESERVED
+CVE-2021-46208
+ RESERVED
+CVE-2021-46207
+ RESERVED
+CVE-2021-46206
+ RESERVED
+CVE-2021-46205
+ RESERVED
+CVE-2021-46204 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
+ NOT-FOR-US: taocms
+CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
+ NOT-FOR-US: taocms
+CVE-2021-46202
+ RESERVED
+CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...)
+ NOT-FOR-US: Sourcecodester Online Resort Management System
+CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46199
+ RESERVED
+CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46197
+ RESERVED
+CVE-2021-46196
+ RESERVED
+CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the ...)
+ - binutils <unfixed> (unimportant)
+ NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841
+ NOTE: binutils not covered by security support
+CVE-2021-46194
+ RESERVED
+CVE-2021-46193
+ RESERVED
+CVE-2021-46192
+ RESERVED
+CVE-2021-46191
+ RESERVED
+CVE-2021-46190
+ RESERVED
+CVE-2021-46189
+ RESERVED
+CVE-2021-46188
+ RESERVED
+CVE-2021-46187
+ RESERVED
+CVE-2021-46186
+ RESERVED
+CVE-2021-46185
+ RESERVED
+CVE-2021-46184
+ RESERVED
+CVE-2021-46183
+ RESERVED
+CVE-2021-46182
+ RESERVED
+CVE-2021-46181
+ RESERVED
+CVE-2021-46180
+ RESERVED
+CVE-2021-46179
+ RESERVED
+CVE-2021-46178
+ RESERVED
+CVE-2021-46177
+ RESERVED
+CVE-2021-46176
+ RESERVED
+CVE-2021-46175
+ RESERVED
+CVE-2021-46174
+ RESERVED
+CVE-2021-46173
+ RESERVED
+CVE-2021-46172
+ RESERVED
+CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...)
+ NOT-FOR-US: Modex
+CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...)
+ - iotjs <unfixed>
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d
+CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability ...)
+ NOT-FOR-US: Modex
+CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...)
+ NOT-FOR-US: Spin
+CVE-2021-46167
+ RESERVED
+CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...)
+ NOT-FOR-US: Lens
+CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
+ NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4)
+CVE-2021-4202
+ RESERVED
+ - linux 5.15.5-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
+ NOTE: CONFIG_NFC_NCI not enabled in Debian
+CVE-2021-23218 (When running with FIPS mode enabled, Mirantis Container Runtime 20.10. ...)
+ NOT-FOR-US: Mirantis Container Runtime
+CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates helm c ...)
+ NOT-FOR-US: Lens
+CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote code e ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media ...)
+ NOT-FOR-US: Kentico Xperience CMS
+CVE-2021-46162
+ RESERVED
+CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension CheckUser
+CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension UniversalLanguageSelector
+CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension SecurePoll
+CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension MassEditRegex
+CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
+CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...)
+ NOT-FOR-US: ForgeRock
+CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
+ NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
+CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1
+ NOTE: https://github.com/libexpat/libexpat/issues/532
+ NOTE: https://github.com/libexpat/libexpat/pull/538
+ NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b (R_2_4_3)
+CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ {DSA-5063-1 DLA-2883-1}
+ - uriparser 0.9.6+dfsg-1
+ NOTE: https://github.com/uriparser/uriparser/issues/122
+ NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/pull/124
+CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ {DSA-5063-1 DLA-2883-2 DLA-2883-1}
+ - uriparser 0.9.6+dfsg-1
+ NOTE: https://github.com/uriparser/uriparser/issues/121
+ NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/commit/b1a34743bc1472e055d886e29e9b53f670eb3282 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/pull/124
+CVE-2021-4200
+ RESERVED
+CVE-2021-46140
+ RESERVED
+CVE-2021-46139
+ RESERVED
+CVE-2021-46138
+ RESERVED
+CVE-2021-46137
+ RESERVED
+CVE-2021-46136
+ RESERVED
+CVE-2021-46135
+ RESERVED
+CVE-2021-46134
+ RESERVED
+CVE-2021-46133
+ RESERVED
+CVE-2021-46132
+ RESERVED
+CVE-2021-46131
+ RESERVED
+CVE-2021-45722
+ RESERVED
+CVE-2021-45110
+ RESERVED
+CVE-2021-45073
+ RESERVED
+CVE-2021-44778
+ RESERVED
+CVE-2021-44468
+ RESERVED
+CVE-2021-44456
+ RESERVED
+CVE-2021-44452
+ RESERVED
+CVE-2021-43352
+ RESERVED
+CVE-2021-4199
+ RESERVED
+CVE-2021-4198
+ RESERVED
+CVE-2021-31564
+ RESERVED
+CVE-2021-23229
+ RESERVED
+CVE-2021-46130
+ RESERVED
+CVE-2021-46129
+ RESERVED
+CVE-2021-46128
+ RESERVED
+CVE-2021-46127
+ RESERVED
+CVE-2021-46126
+ RESERVED
+CVE-2021-46125
+ RESERVED
+CVE-2021-46124
+ RESERVED
+CVE-2021-46123
+ RESERVED
+CVE-2021-46122
+ RESERVED
+CVE-2021-46121
+ RESERVED
+CVE-2021-46120
+ RESERVED
+CVE-2021-46119
+ RESERVED
+CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ NOT-FOR-US: jpress
+CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ NOT-FOR-US: jpress
+CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...)
+ NOT-FOR-US: jpress
+CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...)
+ NOT-FOR-US: jpress
+CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...)
+ NOT-FOR-US: jpress
+CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...)
+ NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source
+CVE-2021-46112
+ RESERVED
+CVE-2021-46111
+ RESERVED
+CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...)
+ NOT-FOR-US: Online Shopping Portal
+CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...)
+ NOT-FOR-US: ASUS
+CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46107
+ RESERVED
+CVE-2021-46106
+ RESERVED
+CVE-2021-46105
+ RESERVED
+CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...)
+ NOT-FOR-US: webp_server_go
+CVE-2021-46103
+ RESERVED
+CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in ...)
+ NOT-FOR-US: Solana rBBP
+CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...)
+ NOT-FOR-US: Git for Windows
+CVE-2021-46100
+ RESERVED
+CVE-2021-46099
+ RESERVED
+CVE-2021-46098
+ RESERVED
+CVE-2021-46097 (Dolphinphp v1.5.0 contains a remote code execution vulnerability in /a ...)
+ NOT-FOR-US: Dolphinphp
+CVE-2021-46096
+ RESERVED
+CVE-2021-46095
+ RESERVED
+CVE-2021-46094
+ RESERVED
+CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...)
+ NOT-FOR-US: eliteCMS
+CVE-2021-46092
+ RESERVED
+CVE-2021-46091
+ RESERVED
+CVE-2021-46090
+ RESERVED
+CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...)
+ NOT-FOR-US: JeecgBoot
+CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...)
+ - zabbix <undetermined>
+ NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely
+ NOTE: https://github.com/paalbra/zabbix-zbxsec-7
+ NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command
+ NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions
+CVE-2021-46087 (In jfinal_cms &gt;= 5.1 0, there is a storage XSS vulnerability in the ...)
+ NOT-FOR-US: jfinal_cms
+CVE-2021-46086 (xzs-mysql &gt;= t3.4.0 is vulnerable to Insecure Permissions. The fron ...)
+ NOT-FOR-US: xzs-mysql
+CVE-2021-46085 (OneBlog &lt;= 2.2.8 is vulnerable to Insecure Permissions. Low level a ...)
+ NOT-FOR-US: OneBlog
+CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: uscat
+CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: uscat
+CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...)
+ NOT-FOR-US: Moxa
+CVE-2021-46081
+ RESERVED
+CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46077
+ RESERVED
+CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46066
+ RESERVED
+CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46064
+ RESERVED
+CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46060
+ REJECTED
+CVE-2021-46059
+ REJECTED
+CVE-2021-46058
+ REJECTED
+CVE-2021-46057
+ RESERVED
+CVE-2021-46056
+ RESERVED
+CVE-2021-46055 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4413
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46054 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4410
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46053 (A Denial of Service vulnerability exists in Binaryen 103. The program ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4392
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4411
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2011
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4391
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2013
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4412
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2008
+ NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd
+CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2005
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2007
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2006
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2001
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2002
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2004
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2003
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1999
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2000
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46035
+ RESERVED
+CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
+ NOT-FOR-US: ForestBlog
+CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification. ...)
+ NOT-FOR-US: ForestBlog
+CVE-2021-46032
+ RESERVED
+CVE-2021-46031
+ RESERVED
+CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuar ...)
+ NOT-FOR-US: JavaQuarkBBS
+CVE-2021-46029
+ RESERVED
+CVE-2021-46028 (In mblog &lt;= 3.5.0 there is a CSRF vulnerability in the background a ...)
+ NOT-FOR-US: mblog
+CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...)
+ NOT-FOR-US: mysiteforme
+CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...)
+ NOT-FOR-US: mysiteforme
+CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog &lt;= 2.2 ...)
+ NOT-FOR-US: OneBlog
+CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...)
+ NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php
+CVE-2021-46023
+ RESERVED
+CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html
+ NOTE: Negligible security impact
+CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html
+ NOTE: Negligible security impact
+CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...)
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
+ NOTE: https://github.com/mruby/mruby/issues/5613
+CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00009.html
+ NOTE: Negligible security impact
+CVE-2021-46018
+ RESERVED
+CVE-2021-46017
+ RESERVED
+CVE-2021-46016
+ RESERVED
+CVE-2021-46015
+ RESERVED
+CVE-2021-46014
+ RESERVED
+CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46012
+ REJECTED
+CVE-2021-46011
+ RESERVED
+CVE-2021-46010
+ RESERVED
+CVE-2021-46009
+ RESERVED
+CVE-2021-46008
+ RESERVED
+CVE-2021-46007
+ RESERVED
+CVE-2021-46006
+ RESERVED
+CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46004
+ RESERVED
+CVE-2021-46003
+ RESERVED
+CVE-2021-46002
+ RESERVED
+CVE-2021-46001
+ RESERVED
+CVE-2021-46000
+ RESERVED
+CVE-2021-45999
+ RESERVED
+CVE-2021-45998 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-45997 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45996 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45995 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45994 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45993 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45992 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45991 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45990 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45989 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45988 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45985
+ RESERVED
+CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm checks]
+ RESERVED
+ - linux 5.15.15-1
+ NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
+CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...)
+ {DSA-5037-1 DLA-2878-1}
+ - roundcube <unfixed> (bug #1003027)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
+ NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released
+ NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
+CVE-2021-45984
+ RESERVED
+CVE-2021-45983
+ RESERVED
+CVE-2021-45982
+ RESERVED
+CVE-2021-45981
+ RESERVED
+CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45977
+ RESERVED
+CVE-2021-45976
+ RESERVED
+CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...)
+ NOT-FOR-US: Acer
+CVE-2021-45974
+ RESERVED
+CVE-2021-45973
+ RESERVED
+CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...)
+ - giftrans <unfixed> (bug #1002739; unimportant)
+ NOTE: Negligible security impact; crash in CLI tool
+CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45968
+ RESERVED
+CVE-2021-45967
+ RESERVED
+CVE-2021-45966
+ RESERVED
+CVE-2021-45965
+ RESERVED
+CVE-2021-45964
+ RESERVED
+CVE-2021-45963
+ RESERVED
+CVE-2021-45962
+ RESERVED
+CVE-2021-45961
+ RESERVED
+CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1002994)
+ NOTE: https://github.com/libexpat/libexpat/issues/531
+ NOTE: https://github.com/libexpat/libexpat/pull/534
+ NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea (R_2_4_3)
+CVE-2021-45959
+ REJECTED
+CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow ...)
+ - ujson <unfixed> (bug #1005140)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
+ NOTE: https://github.com/ultrajson/ultrajson/issues/501
+ NOTE: https://github.com/ultrajson/ultrajson/issues/502
+CVE-2021-45957 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45956 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_ ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45955 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45954 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45953 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45952 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_r ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45951 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_ ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)
+ {DSA-5038-1 DLA-2879-1}
+ - ghostscript 9.55.0~dfsg-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
+CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...)
+ - assimp 5.1.1~ds0-1
+ [bullseye] - assimp <not-affected> (Vulnerable code not present)
+ [buster] - assimp <not-affected> (Vulnerable code not present)
+ [stretch] - assimp <not-affected> (M3D format support not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
+ NOTE: https://github.com/assimp/assimp/pull/4146
+ NOTE: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0)
+ NOTE: Introduced by: https://github.com/assimp/assimp/commit/a622e109a0739435e3e2f05bfbedba0e8385282d (v5.1.0.rc1)
+CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45945
+ REJECTED
+CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
+ {DSA-5038-1 DLA-2879-1}
+ - ghostscript 9.54.0~dfsg-5
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25
+CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
+ {DLA-2877-1}
+ [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1
+ - gdal <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
+ NOTE: https://github.com/OSGeo/gdal/pull/4944
+ NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master)
+ NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947
+ NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
+CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
+ - openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1209
+CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...)
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
+CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...)
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
+CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: uWebSockets
+CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...)
+ - libgrokj2k <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021
+ NOTE: Referenced fix isn't in the upstream repo
+CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...)
+ - harfbuzz <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml
+ NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1)
+ TODO: check correctness of commit, might not affect any Debian released version
+CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...)
+ {DLA-2895-1 DLA-2885-1}
+ - qtsvg-opensource-src 5.15.2-4 (bug #1002991)
+ [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ [buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ - qt4-x11 <removed>
+ [buster] - qt4-x11 <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
+ NOTE: https://bugreports.qt.io/browse/QTBUG-96044
+ NOTE: https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev)
+ NOTE: https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2)
+ NOTE: https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12)
+CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other produ ...)
+ - jpeg-xl <not-affected> (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456
+ NOTE: https://github.com/libjxl/libjxl/issues/360
+ NOTE: https://github.com/libjxl/libjxl/pull/365
+ NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6)
+ NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6)
+CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ - mdbtools <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187
+ TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
+CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ - mdbtools <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972
+ TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
+CVE-2021-4196
+ RESERVED
+CVE-2021-4195
+ RESERVED
+CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...)
+ NOT-FOR-US: Netgear
+CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
+ NOT-FOR-US: Bitmask Riseup VPN
+CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
+ NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950)
+CVE-2021-4192 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
+ NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949)
+CVE-2021-4191
+ RESERVED
+CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. ...)
+ NOT-FOR-US: Studio 42 elFinder
+CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
+CVE-2021-4189 [ftplib should not use the host from the PASV response]
+ RESERVED
+ {DLA-2919-1}
+ - python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ [stretch] - python3.5 <no-dsa> (Minor issue)
+ - python2.7 <unfixed>
+ [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue43285
+ NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
+ NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
+ NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
+ NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020
+CVE-2021-45918
+ RESERVED
+CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...)
+ NOT-FOR-US: Shockwall system
+CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...)
+ NOT-FOR-US: Shockwall system
+CVE-2021-45915
+ RESERVED
+CVE-2021-45914
+ RESERVED
+CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
+ NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
+CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...)
+ NOT-FOR-US: ControlUp Real-Time Agent
+CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
+ NOT-FOR-US: ControlUp Real-Time Agent
+CVE-2021-44775
+ RESERVED
+CVE-2021-44465
+ RESERVED
+CVE-2021-4187 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e
+ NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923)
+CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002687)
+CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002667)
+CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002668)
+CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+ - gif2apng <removed> (bug #1002669; unimportant)
+ NOTE: Negligible security impact
+CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+ - gif2apng <removed> (bug #1002669; unimportant)
+ NOTE: Negligible security impact
+CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45902
+ RESERVED
+CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...)
+ NOT-FOR-US: ServiceNow Orlando
+CVE-2021-45900
+ RESERVED
+CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...)
+ NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices
+CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...)
+ NOT-FOR-US: Netgen Tags Bundle
+CVE-2021-45894
+ RESERVED
+CVE-2021-45893
+ RESERVED
+CVE-2021-45892
+ RESERVED
+CVE-2021-45891
+ RESERVED
+CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...)
+ NOT-FOR-US: AuthGuard
+CVE-2021-45889
+ RESERVED
+CVE-2021-45888
+ RESERVED
+CVE-2021-45887
+ RESERVED
+CVE-2021-45886
+ RESERVED
+CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
+ - wireshark 3.6.0-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
+CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
+CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
+CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
+CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
+CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
+CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-45883
+ RESERVED
+CVE-2021-45882
+ RESERVED
+CVE-2021-45881
+ RESERVED
+CVE-2021-45880
+ RESERVED
+CVE-2021-45879
+ RESERVED
+CVE-2021-45878
+ RESERVED
+CVE-2021-45877
+ RESERVED
+CVE-2021-45876
+ RESERVED
+CVE-2021-45875
+ RESERVED
+CVE-2021-45874
+ RESERVED
+CVE-2021-45873
+ RESERVED
+CVE-2021-45872
+ RESERVED
+CVE-2021-45871
+ RESERVED
+CVE-2021-45870
+ RESERVED
+CVE-2021-45869
+ RESERVED
+CVE-2021-45868
+ RESERVED
+CVE-2021-45867
+ RESERVED
+CVE-2021-45866
+ RESERVED
+CVE-2021-45865
+ RESERVED
+CVE-2021-45864
+ RESERVED
+CVE-2021-45863
+ RESERVED
+CVE-2021-45862
+ RESERVED
+CVE-2021-45861
+ RESERVED
+CVE-2021-45860
+ RESERVED
+CVE-2021-45859
+ RESERVED
+CVE-2021-45858
+ RESERVED
+CVE-2021-45857
+ RESERVED
+CVE-2021-45856 (Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buf ...)
+ NOT-FOR-US: Accu-Time Systems MAXIMUS
+CVE-2021-45855
+ RESERVED
+CVE-2021-45854
+ RESERVED
+CVE-2021-45853
+ RESERVED
+CVE-2021-45852
+ RESERVED
+CVE-2021-45851
+ RESERVED
+CVE-2021-45850
+ RESERVED
+CVE-2021-45849
+ RESERVED
+CVE-2021-45848
+ RESERVED
+CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...)
+ - slic3r <unfixed>
+ NOTE: https://github.com/slic3r/Slic3r/issues/5118
+ NOTE: https://github.com/slic3r/Slic3r/issues/5119
+ NOTE: https://github.com/slic3r/Slic3r/issues/5120
+CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ...)
+ - slic3r <unfixed>
+ NOTE: https://github.com/slic3r/Slic3r/issues/5117
+CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...)
+ - freecad <unfixed>
+ [stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17)
+ NOTE: https://github.com/FreeCAD/FreeCAD/pull/5306
+ NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406
+ NOTE: https://tracker.freecad.org/view.php?id=4810
+CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...)
+ - freecad <unfixed> (bug #1005747)
+ NOTE: https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (0.20)
+ NOTE: https://tracker.freecad.org/view.php?id=4809
+CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-45842
+ RESERVED
+CVE-2021-45841
+ RESERVED
+CVE-2021-45840
+ RESERVED
+CVE-2021-45839
+ RESERVED
+CVE-2021-45838
+ RESERVED
+CVE-2021-45837
+ RESERVED
+CVE-2021-45836
+ RESERVED
+CVE-2021-45835
+ RESERVED
+CVE-2021-45834
+ RESERVED
+CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1313
+ NOTE: https://github.com/advisories/GHSA-x57p-jwp6-4v79
+CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1315
+ NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8
+CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1990
+ NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765
+CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1314
+ NOTE: https://github.com/advisories/GHSA-5h2h-fjjr-x9m2
+CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1317
+ NOTE: https://github.com/advisories/GHSA-23gx-cm6v-952g
+CVE-2021-45828
+ RESERVED
+CVE-2021-45827
+ RESERVED
+CVE-2021-45826
+ RESERVED
+CVE-2021-45825
+ RESERVED
+CVE-2021-45824
+ RESERVED
+CVE-2021-45823
+ RESERVED
+CVE-2021-45822
+ RESERVED
+CVE-2021-45821
+ RESERVED
+CVE-2021-45820
+ RESERVED
+CVE-2021-45819
+ RESERVED
+CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...)
+ NOT-FOR-US: SAFARI Montage
+CVE-2021-45817
+ REJECTED
+CVE-2021-45816
+ RESERVED
+CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...)
+ NOT-FOR-US: Quectel UC20 UMTS/HSPA+ UC20
+CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...)
+ NOT-FOR-US: Nettmp NNT
+CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...)
+ NOT-FOR-US: SLICAN WebCTI
+CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...)
+ NOT-FOR-US: NUUO Network Video Recorder NVRsolo
+CVE-2021-45811
+ RESERVED
+CVE-2021-45810
+ RESERVED
+CVE-2021-45809
+ RESERVED
+CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...)
+ NOT-FOR-US: jpress
+CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
+ NOT-FOR-US: jpress
+CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...)
+ NOT-FOR-US: jpress
+CVE-2021-45805
+ RESERVED
+CVE-2021-45804
+ RESERVED
+CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
+ NOT-FOR-US: MartDevelopers iResturant
+CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
+ NOT-FOR-US: MartDevelopers iResturant
+CVE-2021-45801
+ RESERVED
+CVE-2021-45800
+ RESERVED
+CVE-2021-45799
+ RESERVED
+CVE-2021-45798
+ RESERVED
+CVE-2021-45797
+ RESERVED
+CVE-2021-45796
+ RESERVED
+CVE-2021-45795
+ RESERVED
+CVE-2021-45794
+ RESERVED
+CVE-2021-45793
+ RESERVED
+CVE-2021-45792
+ RESERVED
+CVE-2021-45791
+ RESERVED
+CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45787
+ RESERVED
+CVE-2021-45786
+ RESERVED
+CVE-2021-45785
+ RESERVED
+CVE-2021-45784
+ RESERVED
+CVE-2021-45783
+ RESERVED
+CVE-2021-45782
+ REJECTED
+CVE-2021-45781
+ REJECTED
+CVE-2021-45780
+ REJECTED
+CVE-2021-45779
+ REJECTED
+CVE-2021-45778
+ REJECTED
+CVE-2021-45777
+ RESERVED
+CVE-2021-45776
+ RESERVED
+CVE-2021-45775
+ REJECTED
+CVE-2021-45774
+ REJECTED
+CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...)
+ NOT-FOR-US: lib60870
+CVE-2021-45772
+ RESERVED
+CVE-2021-45771
+ RESERVED
+CVE-2021-45770
+ RESERVED
+CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...)
+ NOT-FOR-US: libiec61850
+CVE-2021-45768
+ RESERVED
+CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1982
+ NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde
+CVE-2021-45766
+ RESERVED
+CVE-2021-45765
+ RESERVED
+CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1971
+ NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb
+CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1974
+ NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec
+CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1978
+ NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788
+CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...)
+ NOT-FOR-US: ROPium
+CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1966
+ NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea
+CVE-2021-45759
+ RESERVED
+CVE-2021-45758
+ RESERVED
+CVE-2021-45757
+ RESERVED
+CVE-2021-45756
+ RESERVED
+CVE-2021-45755
+ RESERVED
+CVE-2021-45754
+ RESERVED
+CVE-2021-45753
+ RESERVED
+CVE-2021-45752
+ RESERVED
+CVE-2021-45751
+ RESERVED
+CVE-2021-45750
+ RESERVED
+CVE-2021-45749
+ RESERVED
+CVE-2021-45748
+ RESERVED
+CVE-2021-45747
+ RESERVED
+CVE-2021-45746
+ RESERVED
+CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...)
+ NOT-FOR-US: Bludit
+CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...)
+ NOT-FOR-US: Bludit
+CVE-2021-45743
+ RESERVED
+CVE-2021-45742 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a comm ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45741 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45740 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45739 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45738 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45737 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45736 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45735 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45734 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45733 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-4180
+ RESERVED
+ - tripleo-heat-templates <removed>
+ NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397
+CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
+ NOT-FOR-US: Rust crate lru
+CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...)
+ NOT-FOR-US: Rust crate rust-embed
+CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...)
+ NOT-FOR-US: Rust crate simple_asn1
+CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...)
+ - rust-tokio <unfixed>
+ [bullseye] - rust-tokio <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
+ NOTE: https://github.com/tokio-rs/tokio/issues/4225
+CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...)
+ NOT-FOR-US: Rust crate crypto2
+CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...)
+ NOT-FOR-US: Rust crate abomonation
+CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x before ...)
+ - rust-nix 0.23.0-1
+ [bullseye] - rust-nix <no-dsa> (Minor issue)
+ [buster] - rust-nix <not-affected> (Introduced in 0.16)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
+CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...)
+ NOT-FOR-US: Rust crate zeroize_derive
+CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...)
+ NOT-FOR-US: Rust crate nanorand
+CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...)
+ NOT-FOR-US: Rust crate metrics-util
+CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...)
+ NOT-FOR-US: Rust crate tectonic_xdv
+CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+ NOT-FOR-US: Rust crate tremor-script
+CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+ NOT-FOR-US: Rust crate tremor-script
+CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...)
+ NOT-FOR-US: Rust crate molecule
+CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...)
+ - rust-sha2 <not-affected> (Only affetced 0.9.7, never uploaded to the archive)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html
+CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...)
+ NOT-FOR-US: Rust crate mopa
+CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...)
+ NOT-FOR-US: Rust crate rdiff
+CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for ...)
+ NOT-FOR-US: Rust crate gfx-auxil
+CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...)
+ NOT-FOR-US: Rust crate ash
+CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. ...)
+ NOT-FOR-US: Rust crate raw-cpuid
+CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...)
+ NOT-FOR-US: Rust crate csv-sniffer
+CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...)
+ NOT-FOR-US: Rust crate columnar
+CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...)
+ NOT-FOR-US: Rust crate flumedb
+CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...)
+ NOT-FOR-US: Rust crate binjs
+CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...)
+ NOT-FOR-US: Rust crate bronzedb-protocol
+CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...)
+ NOT-FOR-US: Rust crate derive-com-impl
+CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...)
+ NOT-FOR-US: Rust crate vec-const
+CVE-2021-45111
+ RESERVED
+CVE-2021-45071
+ RESERVED
+CVE-2021-44547
+ RESERVED
+CVE-2021-44476
+ RESERVED
+CVE-2021-44475
+ RESERVED
+CVE-2021-44461
+ RESERVED
+CVE-2021-44460
+ RESERVED
+CVE-2021-4178
+ RESERVED
+ NOT-FOR-US: fabric8io/kubernetes-client
+ NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388
+CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-26947
+ RESERVED
+CVE-2021-23186
+ RESERVED
+CVE-2021-23178
+ RESERVED
+CVE-2021-23176
+ RESERVED
+CVE-2021-23166
+ RESERVED
+CVE-2021-4174
+ RESERVED
+CVE-2021-4173 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766
+ NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902)
+CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45677 (Certain NETGEAR devices are affected by stored XSS. This affects GS108 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45676 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45675 (Certain NETGEAR devices are affected by stored XSS. This affects R6120 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45674 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45673 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45672 (Certain NETGEAR devices are affected by Stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45671 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45670 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45669 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45668 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45667 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45666 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45665 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45664 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45663 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45662 (NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45661 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45660 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45659 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45658 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45657 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45656 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45655 (NETGEAR R6400 devices before 1.0.1.70 are affected by server-side inje ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45654 (NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of s ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45653 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45652 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45651 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45650 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45649 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45648 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45647 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45646 (NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45645 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45644 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45643 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45642 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45641 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45640 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45639 (Certain NETGEAR devices are affected by reflected XSS. This affects CB ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45638 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45637 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45636 (NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based bu ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45635 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45634 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45633 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45632 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45631 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45630 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45629 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45628 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45627 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45626 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45625 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45624 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45623 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45622 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45621 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45620 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45619 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45618 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45617 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45616 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45615 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45614 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45613 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45612 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45611 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...)
+ NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices
+CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45605 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45604 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45603 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45602 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45601 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45600 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45599 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45598 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45597 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45596 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45595 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45594 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45593 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45592 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45591 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45590 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45589 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45588 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45587 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45586 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45585 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45584 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45583 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45582 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45581 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45580 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45579 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45578 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45577 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45576 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45575 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45574 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45573 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45572 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45571 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45570 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45569 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45568 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45567 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45566 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45565 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45564 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45563 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45562 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45561 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45560 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45559 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45558 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45557 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45556 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45555 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45554 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45553 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45552 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45551 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45550 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45549 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45548 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45547 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45546 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45545 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45544 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45543 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45542 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45541 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45540 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45539 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45538 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45537 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45536 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45535 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45534 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45533 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45532 (NETGEAR R8000 devices before 1.0.4.76 are affected by command injectio ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45531 (NETGEAR D6220 devices before 1.0.0.76 are affected by command injectio ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45530 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45529 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45528 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45527 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45526 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45525 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45524 (NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45523 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45522 (NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded pas ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45521 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45520 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45519 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45518 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45517 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45516 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45514 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45513 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45512 (Certain NETGEAR devices are affected by weak cryptography. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45511 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45510 (NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45509 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45508 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45507 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45506 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45505 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45504 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45503 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45502 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45501 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45500 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45499 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45498 (NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45497 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45496 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45495 (NETGEAR D7000 devices before 1.0.1.68 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to read ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-45492
+ RESERVED
+CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-45491
+ RESERVED
+CVE-2021-45490
+ RESERVED
+CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://arxiv.org/pdf/2112.09604.pdf
+ NOTE: https://git.kernel.org/linus/aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba (5.13-rc1)
+CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://arxiv.org/pdf/2112.09604.pdf
+ NOTE: https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99 (5.14-rc1)
+CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
+CVE-2021-4167
+ RESERVED
+CVE-2021-45479
+ RESERVED
+CVE-2021-45478
+ RESERVED
+CVE-2021-45477
+ RESERVED
+CVE-2021-45476
+ RESERVED
+CVE-2021-45475
+ RESERVED
+CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
+ NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884)
+CVE-2021-4165
+ RESERVED
+CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-4163
+ RESERVED
+CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: archivy
+CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...)
+ NOT-FOR-US: FileImporter MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
+ NOTE: https://phabricator.wikimedia.org/T296605
+CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...)
+ NOT-FOR-US: WikiBase MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d
+ NOTE: https://phabricator.wikimedia.org/T294693
+CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...)
+ NOT-FOR-US: WikiBase MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd
+ NOTE: https://phabricator.wikimedia.org/T297570
+CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
+ NOT-FOR-US: EntitySchema MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9
+ NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c
+ NOTE: https://phabricator.wikimedia.org/T296578
+CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
+ NOT-FOR-US: cve-search
+CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
+ NOT-FOR-US: Moxa
+CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
+CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
+ NOT-FOR-US: Imperva Web Application Firewall
+CVE-2021-45467
+ RESERVED
+CVE-2021-45466
+ RESERVED
+CVE-2021-45465
+ RESERVED
+CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...)
+ - openssl 1.1.1m-1
+ [bullseye] - openssl <no-dsa> (Minor issue)
+ [buster] - openssl <no-dsa> (Minor issue)
+ [stretch] - openssl <ignored> (This is MIPS-specific and we don't support MIPS for stretch-security)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m)
+ NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html
+ NOTE: https://www.openssl.org/news/secadv/20220128.txt
+CVE-2021-4159 [bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()]
+ RESERVED
+ - linux 5.7.6-1
+ NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1)
+CVE-2021-45464 [hypervisor escape and host code execution]
+ RESERVED
+ - kvmtool <unfixed>
+ NOTE: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/
+CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...)
+ - gegl 1:0.4.34-1 (bug #1002661)
+ [bullseye] - gegl <no-dsa> (Minor issue)
+ [buster] - gegl <no-dsa> (Minor issue)
+ [stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
+ NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)
+CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c]
+ RESERVED
+ - qemu 1:6.2+dfsg-2
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770
+ NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html
+CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
+ NOT-FOR-US: FreePBX
+CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
+ RESERVED
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
+CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
+ RESERVED
+ - libsndfile <unfixed>
+ [bullseye] - libsndfile <no-dsa> (Minor issue)
+ [buster] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <no-dsa> (Minor issue)
+ NOTE: https://github.com/libsndfile/libsndfile/issues/731
+ NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
+CVE-2021-4155
+ RESERVED
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
+ NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1
+CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
+ NOT-FOR-US: Node windows
+CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3b0462726e7ef281c35a7a4ae33e93ee2bc9975b (5.14-rc2)
+CVE-2021-4153
+ RESERVED
+CVE-2021-4152
+ RESERVED
+CVE-2021-4151
+ RESERVED
+CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45455
+ RESERVED
+CVE-2021-45454
+ RESERVED
+CVE-2021-45453
+ RESERVED
+CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11)
+ NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26)
+CVE-2021-4150 [Block subsystem mishandles reference counts]
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
+CVE-2021-4149 [Improper lock operation in btrfs]
+ RESERVED
+ - linux 5.14.16-1
+ NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
+CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users to crash the kernel]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://lkml.org/lkml/2021/9/17/1037
+ NOTE: https://lkml.org/lkml/2021/9/12/323
+CVE-2021-4147 [deadlock and crash in libxl driver]
+ RESERVED
+ - libvirt 7.10.0-2 (bug #1002535)
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
+ NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
+CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...)
+ NOT-FOR-US: pimcore
+CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0)
+CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...)
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/cae590905363747d26fb5617b71bd567541a2f39 (mbedtls-3.1.0)
+CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...)
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0)
+CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...)
+ NOT-FOR-US: Docker Desktop on Windows
+CVE-2021-45448
+ RESERVED
+CVE-2021-45447
+ RESERVED
+CVE-2021-45446
+ RESERVED
+CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
+ NOT-FOR-US: Unisys
+CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
+ {DSA-5078-1 DLA-2926-1}
+ - zsh 5.8.1-1
+ NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
+ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
+ NOTE: https://sourceforge.net/p/zsh/code/ci/bdc4d70a7e033b754e68a8659a037ea0fc5f38de/
+CVE-2021-45443
+ RESERVED
+CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2021-45442 (A link following denial-of-service vulnerability in Trend Micro Worry- ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45441 (A origin validation error vulnerability in Trend Micro Apex One (on-pr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45440 (A unnecessary privilege vulnerability in Trend Micro Apex One and Tren ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45439
+ RESERVED
+CVE-2021-45438
+ RESERVED
+CVE-2021-45437
+ RESERVED
+CVE-2021-45436
+ RESERVED
+CVE-2021-45435 (An SQL Injection vulnerability exists in Sourcecodester Simple Cold St ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-45434
+ RESERVED
+CVE-2021-45433
+ RESERVED
+CVE-2021-45432
+ RESERVED
+CVE-2021-45431
+ RESERVED
+CVE-2021-45430
+ RESERVED
+CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 6 ...)
+ - yara <unfixed>
+ [stretch] - yara <no-dsa> (Minor issue)
+ NOTE: https://github.com/VirusTotal/yara/issues/1616
+ NOTE: https://github.com/VirusTotal/yara/commit/a36b497926b141624ea673111a101e9ddd7ac2eb (v4.2.0-rc1)
+CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability. ...)
+ NOT-FOR-US: TLR-2005KSH
+CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45426
+ RESERVED
+CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...)
+ NOT-FOR-US: SAFARI Montage
+CVE-2021-45424
+ RESERVED
+CVE-2021-45423
+ RESERVED
+CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
+ NOT-FOR-US: Reprise License Manager
+CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
+ NOT-FOR-US: Nova 360 Cabinet
+CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...)
+ NOT-FOR-US: Nova 360 Cabinet
+CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...)
+ {DSA-5051-1 DLA-2894-1}
+ - aide 0.17.4-1
+ NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
+CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 ...)
+ NOT-FOR-US: RosarioSIS
+CVE-2021-45415
+ RESERVED
+CVE-2021-45414
+ RESERVED
+CVE-2021-45413
+ RESERVED
+CVE-2021-45412
+ RESERVED
+CVE-2021-45411 (In Sourcecodetester Printable Staff ID Card Creator System 1.0 after c ...)
+ NOT-FOR-US: Sourcecodetester
+CVE-2021-45410
+ RESERVED
+CVE-2021-45409
+ RESERVED
+CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-45407
+ RESERVED
+CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
+ NOT-FOR-US: SalonERP
+CVE-2021-45405
+ RESERVED
+CVE-2021-45404
+ RESERVED
+CVE-2021-45403
+ RESERVED
+CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linux kern ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60
+ NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
+ NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6
+CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45400
+ RESERVED
+CVE-2021-45399
+ RESERVED
+CVE-2021-45398
+ RESERVED
+CVE-2021-45397
+ RESERVED
+CVE-2021-45396
+ RESERVED
+CVE-2021-45395
+ RESERVED
+CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...)
+ NOT-FOR-US: PHP HTML2PDF
+CVE-2021-45393
+ RESERVED
+CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45390
+ RESERVED
+CVE-2021-45389 (StarWind SAN &amp; NAS build 1578 and StarWind Command Center Build 68 ...)
+ NOT-FOR-US: StarWind
+CVE-2021-45388
+ REJECTED
+CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...)
+ - tcpreplay 4.4.0-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/687
+ NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...)
+ - tcpreplay 4.4.0-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/687
+ NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-45384
+ RESERVED
+CVE-2021-45383
+ RESERVED
+CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...)
+ NOT-FOR-US: D-Link
+CVE-2021-45381
+ RESERVED
+CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...)
+ NOT-FOR-US: AppCMS
+CVE-2021-45378
+ RESERVED
+CVE-2021-45377
+ RESERVED
+CVE-2021-45376
+ RESERVED
+CVE-2021-45375
+ RESERVED
+CVE-2021-45374
+ RESERVED
+CVE-2021-45373
+ RESERVED
+CVE-2021-45372
+ RESERVED
+CVE-2021-45371
+ RESERVED
+CVE-2021-45370
+ RESERVED
+CVE-2021-45369
+ RESERVED
+CVE-2021-45368
+ RESERVED
+CVE-2021-45367
+ RESERVED
+CVE-2021-45366
+ RESERVED
+CVE-2021-45365
+ RESERVED
+CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...)
+ NOT-FOR-US: Statamic
+CVE-2021-45363
+ RESERVED
+CVE-2021-45362
+ RESERVED
+CVE-2021-45361
+ RESERVED
+CVE-2021-45360
+ RESERVED
+CVE-2021-45359
+ RESERVED
+CVE-2021-45358
+ RESERVED
+CVE-2021-45357 (Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the ...)
+ - piwigo <removed>
+CVE-2021-45356
+ RESERVED
+CVE-2021-45355
+ RESERVED
+CVE-2021-45354
+ RESERVED
+CVE-2021-45353
+ RESERVED
+CVE-2021-45352
+ RESERVED
+CVE-2021-45351
+ RESERVED
+CVE-2021-45350
+ RESERVED
+CVE-2021-45349
+ RESERVED
+CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...)
+ NOT-FOR-US: zzcms
+CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...)
+ - sqlite3 <unfixed> (bug #1005974)
+ NOTE: https://github.com/guyinatuxedo/sqlite3_record_leaking
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054793
+CVE-2021-45345
+ RESERVED
+CVE-2021-45344
+ RESERVED
+CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7
+CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4
+CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997
+CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...)
+ - libsixel <unfixed> (bug #1004377)
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/libsixel/libsixel/issues/51
+ NOTE: Fixed by: https://github.com/libsixel/libsixel/pull/52
+CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45338 (Multiple privilege escalation vulnerabilities in Avast Antivirus prior ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45337 (Privilege escalation vulnerability in the Self-Defense driver of Avast ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45336 (Privilege escalation vulnerability in the Sandbox component of Avast A ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45335 (Sandbox component in Avast Antivirus prior to 20.4 has an insecure per ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45334 (Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL ...)
+ NOT-FOR-US: Sourcecodester Online Thesis Archiving System
+CVE-2021-45333
+ RESERVED
+CVE-2021-45332
+ RESERVED
+CVE-2021-45331 (An Authentication Bypass vulnerability exists in Gitea before 1.5.0, w ...)
+ - gitea <removed>
+CVE-2021-45330 (An issue exsits in Gitea through 1.15.7, which could let a malicious u ...)
+ - gitea <removed>
+CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...)
+ - gitea <removed>
+CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
+ - gitea <removed>
+CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...)
+ - gitea <removed>
+CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...)
+ - gitea <removed>
+CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...)
+ - gitea <removed>
+CVE-2021-45324
+ RESERVED
+CVE-2021-45323
+ RESERVED
+CVE-2021-45322
+ RESERVED
+CVE-2021-45321
+ RESERVED
+CVE-2021-45320
+ RESERVED
+CVE-2021-45319
+ RESERVED
+CVE-2021-45318
+ RESERVED
+CVE-2021-45317
+ RESERVED
+CVE-2021-45316
+ RESERVED
+CVE-2021-45315
+ RESERVED
+CVE-2021-45314
+ RESERVED
+CVE-2021-45313
+ RESERVED
+CVE-2021-45312
+ RESERVED
+CVE-2021-45311
+ RESERVED
+CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...)
+ NOT-FOR-US: Sangoma Technologies Corporation Switchvox
+CVE-2021-45309
+ RESERVED
+CVE-2021-45308
+ RESERVED
+CVE-2021-45307
+ RESERVED
+CVE-2021-45306
+ RESERVED
+CVE-2021-45305
+ RESERVED
+CVE-2021-45304
+ RESERVED
+CVE-2021-45303
+ RESERVED
+CVE-2021-45302
+ RESERVED
+CVE-2021-45301
+ RESERVED
+CVE-2021-45300
+ RESERVED
+CVE-2021-45299
+ RESERVED
+CVE-2021-45298
+ RESERVED
+CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1973
+ NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770
+CVE-2021-45296
+ RESERVED
+CVE-2021-45295
+ RESERVED
+CVE-2021-45294
+ RESERVED
+CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...)
+ - binaryen 104-1 (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4384
+ NOTE: https://github.com/WebAssembly/binaryen/pull/4388
+ NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1958
+ NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6
+CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1955
+ NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc
+CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...)
+ - binaryen 104-1 (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4383
+ NOTE: https://github.com/WebAssembly/binaryen/pull/4389
+ NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1972
+ NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d
+CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1956
+ NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3
+CVE-2021-45287
+ RESERVED
+CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...)
+ NOT-FOR-US: ZZCMS
+CVE-2021-45285
+ RESERVED
+CVE-2021-45284
+ RESERVED
+CVE-2021-45283
+ RESERVED
+CVE-2021-45282
+ RESERVED
+CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: QuickBox Pro
+CVE-2021-45280
+ RESERVED
+CVE-2021-45279
+ RESERVED
+CVE-2021-45278
+ RESERVED
+CVE-2021-45277
+ RESERVED
+CVE-2021-45276
+ RESERVED
+CVE-2021-45275
+ RESERVED
+CVE-2021-45274
+ RESERVED
+CVE-2021-45273
+ RESERVED
+CVE-2021-45272
+ RESERVED
+CVE-2021-45271
+ RESERVED
+CVE-2021-45270
+ RESERVED
+CVE-2021-45269
+ RESERVED
+CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...)
+ NOT-FOR-US: Backdrop CMS
+CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1965
+ NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487
+CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1985
+ NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e
+CVE-2021-45265
+ RESERVED
+CVE-2021-45264
+ RESERVED
+CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1975
+ NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9
+CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1980
+ NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a
+CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...)
+ - patch <unfixed> (unimportant)
+ NOTE: https://savannah.gnu.org/bugs/?61685
+ NOTE: Negligible security impact
+CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1979
+ NOTE: https://github.com/gpac/gpac/issues/1977
+ NOTE: https://github.com/gpac/gpac/commit/5e5e9c48b1a61e3844e9fbe26292305ab4c06d04
+ NOTE: Reported twice upstream, fix is in issue 1977 - identical report in issue 1979
+CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1986
+ NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29
+CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1970
+ NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad
+CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392790
+ NOTE: Negligible security impact
+CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...)
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392789
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...)
+ NOT-FOR-US: Video Sharing Website
+CVE-2021-45254
+ RESERVED
+CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...)
+ NOT-FOR-US: Simple Cold Storage Management System
+CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...)
+ NOT-FOR-US: Simple Forum-Discussion System
+CVE-2021-45251
+ RESERVED
+CVE-2021-45250
+ RESERVED
+CVE-2021-45249
+ RESERVED
+CVE-2021-45248
+ RESERVED
+CVE-2021-45247
+ RESERVED
+CVE-2021-45246
+ RESERVED
+CVE-2021-45245
+ RESERVED
+CVE-2021-45244
+ RESERVED
+CVE-2021-45243
+ RESERVED
+CVE-2021-45242
+ RESERVED
+CVE-2021-45241
+ RESERVED
+CVE-2021-45240
+ RESERVED
+CVE-2021-45239
+ RESERVED
+CVE-2021-45238
+ RESERVED
+CVE-2021-45237
+ RESERVED
+CVE-2021-45236
+ RESERVED
+CVE-2021-45235
+ RESERVED
+CVE-2021-45234
+ RESERVED
+CVE-2021-4142
+ RESERVED
+ NOT-FOR-US: Red Hat Satellite / Candlepin
+CVE-2021-4141
+ RESERVED
+CVE-2021-4140
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2021-4140
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140
+CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4138
+ RESERVED
+ - geckodriver <itp> (bug #989456)
+CVE-2021-45233
+ RESERVED
+CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...)
+ NOT-FOR-US: Apache APISIX Dashboard
+CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-45229
+ RESERVED
+CVE-2021-45228
+ RESERVED
+CVE-2021-45227
+ RESERVED
+CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45221
+ RESERVED
+CVE-2021-45220
+ RESERVED
+CVE-2021-45219
+ RESERVED
+CVE-2021-45218
+ RESERVED
+CVE-2021-45217
+ RESERVED
+CVE-2021-45216
+ RESERVED
+CVE-2021-45215
+ RESERVED
+CVE-2021-45214
+ RESERVED
+CVE-2021-45213
+ RESERVED
+CVE-2021-45212
+ RESERVED
+CVE-2021-45211
+ RESERVED
+CVE-2021-45210
+ RESERVED
+CVE-2021-45209
+ RESERVED
+CVE-2021-45208
+ RESERVED
+CVE-2021-45207
+ RESERVED
+CVE-2021-45206
+ RESERVED
+CVE-2021-45205
+ RESERVED
+CVE-2021-45204
+ RESERVED
+CVE-2021-45203
+ RESERVED
+CVE-2021-45202
+ RESERVED
+CVE-2021-45201
+ RESERVED
+CVE-2021-45200
+ RESERVED
+CVE-2021-45199
+ RESERVED
+CVE-2021-45198
+ RESERVED
+CVE-2021-45197
+ RESERVED
+CVE-2021-45196
+ RESERVED
+CVE-2021-45195
+ RESERVED
+CVE-2021-45194
+ RESERVED
+CVE-2021-45193
+ RESERVED
+CVE-2021-45192
+ RESERVED
+CVE-2021-45191
+ RESERVED
+CVE-2021-45190
+ RESERVED
+CVE-2021-45189
+ RESERVED
+CVE-2021-45188
+ RESERVED
+CVE-2021-45187
+ RESERVED
+CVE-2021-45186
+ RESERVED
+CVE-2021-45185
+ RESERVED
+CVE-2021-45184
+ RESERVED
+CVE-2021-45183
+ RESERVED
+CVE-2021-45182
+ RESERVED
+CVE-2021-45181
+ RESERVED
+CVE-2021-45180
+ RESERVED
+CVE-2021-45179
+ RESERVED
+CVE-2021-45178
+ RESERVED
+CVE-2021-45177
+ RESERVED
+CVE-2021-45176
+ RESERVED
+CVE-2021-45175
+ RESERVED
+CVE-2021-45174
+ RESERVED
+CVE-2021-45173
+ RESERVED
+CVE-2021-45172
+ RESERVED
+CVE-2021-45171
+ RESERVED
+CVE-2021-45170
+ RESERVED
+CVE-2021-45169
+ RESERVED
+CVE-2021-45168
+ RESERVED
+CVE-2021-45167
+ RESERVED
+CVE-2021-45166
+ RESERVED
+CVE-2021-45165
+ RESERVED
+CVE-2021-45164
+ RESERVED
+CVE-2021-45163
+ RESERVED
+CVE-2021-45162
+ RESERVED
+CVE-2021-45161
+ RESERVED
+CVE-2021-45160
+ RESERVED
+CVE-2021-45159
+ RESERVED
+CVE-2021-45158
+ RESERVED
+CVE-2021-45157
+ RESERVED
+CVE-2021-45156
+ RESERVED
+CVE-2021-45155
+ RESERVED
+CVE-2021-45154
+ RESERVED
+CVE-2021-45153
+ RESERVED
+CVE-2021-45152
+ RESERVED
+CVE-2021-45151
+ RESERVED
+CVE-2021-45150
+ RESERVED
+CVE-2021-45149
+ RESERVED
+CVE-2021-45148
+ RESERVED
+CVE-2021-45147
+ RESERVED
+CVE-2021-45146
+ RESERVED
+CVE-2021-45145
+ RESERVED
+CVE-2021-45144
+ RESERVED
+CVE-2021-45143
+ RESERVED
+CVE-2021-45142
+ RESERVED
+CVE-2021-45141
+ RESERVED
+CVE-2021-45140
+ RESERVED
+CVE-2021-45139
+ RESERVED
+CVE-2021-45138
+ RESERVED
+CVE-2021-45137
+ RESERVED
+CVE-2021-45136
+ RESERVED
+CVE-2021-45135
+ RESERVED
+CVE-2021-45134
+ RESERVED
+CVE-2021-45133
+ RESERVED
+CVE-2021-45132
+ RESERVED
+CVE-2021-45131
+ RESERVED
+CVE-2021-45130
+ RESERVED
+CVE-2021-45129
+ RESERVED
+CVE-2021-45128
+ RESERVED
+CVE-2021-45127
+ RESERVED
+CVE-2021-45126
+ RESERVED
+CVE-2021-45125
+ RESERVED
+CVE-2021-45124
+ RESERVED
+CVE-2021-45123
+ RESERVED
+CVE-2021-45122
+ RESERVED
+CVE-2021-45121
+ RESERVED
+CVE-2021-45120
+ RESERVED
+CVE-2021-45119
+ RESERVED
+CVE-2021-45118
+ RESERVED
+CVE-2021-45117
+ RESERVED
+CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11)
+ NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26)
+CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
+ NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26)
+CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
+ NOT-FOR-US: Emerson
+CVE-2021-44462
+ RESERVED
+CVE-2021-4137
+ RESERVED
+CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1002534)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938
+ NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847)
+CVE-2021-4135
+ RESERVED
+ - linux 5.15.15-1 (unimportant)
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
+ NOTE: CONFIG_NETDEVSIM is not set in Debian
+CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4129
+ RESERVED
+CVE-2021-4128
+ RESERVED
+CVE-2021-4127
+ RESERVED
+CVE-2021-4126
+ RESERVED
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.4.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
+CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control ...)
+ NOT-FOR-US: DeltaV Distributed Control System Controllers
+CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
+ NOT-FOR-US: Philips
+CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...)
+ - glewlwyd 2.6.1-1
+ [bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
+CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)
+ {DSA-5024-1 DLA-2852-1}
+ - apache-log4j2 2.17.0-1 (bug #1001891)
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
+CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive]
+ RESERVED
+ - libarchive 3.5.2-1 (bug #1001990)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ NOTE: https://github.com/libarchive/libarchive/issues/1566
+ NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2)
+ NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2)
+CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target]
+ RESERVED
+ - libarchive 3.5.2-1 (bug #1001986)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ NOTE: https://github.com/libarchive/libarchive/issues/1565
+ NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2)
+CVE-2021-45104
+ RESERVED
+CVE-2021-45103
+ RESERVED
+CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...)
+ - condor <not-affected> (Only affects 9.0.0 and above)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
+CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...)
+ - condor <unfixed> (bug #1002540)
+ [stretch] - condor <ignored> (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
+ NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14)
+CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)
+ NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal
+CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...)
+ - suricata 1:6.0.4-1
+ [bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
+ NOTE: https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df
+ NOTE: https://redmine.openinfosecfoundation.org/issues/4710
+CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...)
+ NOT-FOR-US: NIME Server
+CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
+ NOT-FOR-US: KNIME Analytics Platform
+CVE-2021-45094
+ RESERVED
+CVE-2021-45093
+ RESERVED
+CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45084
+ RESERVED
+CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...)
+ - cobbler <removed>
+CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...)
+ - cobbler <removed>
+CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...)
+ - cobbler <removed>
+CVE-2021-45080
+ RESERVED
+CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...)
+ {DSA-5056-1 DLA-2909-1}
+ - strongswan 5.9.5-1
+ NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
+ NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/
+CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...)
+ - binutils 2.37.50.20220106-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
+ NOTE: binutils not covered by security support
+CVE-2021-4125
+ RESERVED
+ NOT-FOR-US: OpenShift metering hive containers
+CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...)
+ - logback 1:1.2.8-1
+ [bullseye] - logback <no-dsa> (Minor issue)
+ [buster] - logback <no-dsa> (Minor issue)
+ [stretch] - logback <no-dsa> (Minor issue)
+ NOTE: https://jira.qos.ch/browse/LOGBACK-1591
+ NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8)
+CVE-2021-44771
+ REJECTED
+CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
+ - janus <unfixed> (unimportant)
+ NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190
+ NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d
+ NOTE: Issues only in janus-demos built from src:janus
+CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4122 [decryption through LUKS2 reencryption crash recovery]
+ RESERVED
+ {DSA-5070-1}
+ - cryptsetup 2:2.4.3-1 (bug #1003686)
+ [buster] - cryptsetup <not-affected> (Vulnerable code not present; does not support online LUKS2 reencryption)
+ [stretch] - cryptsetup <not-affected> (Vulnerable code not present; does not support LUKS2)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2032401
+ NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c
+ NOTE: 2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e
+ NOTE: 2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc
+CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-23151
+ REJECTED
+CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
+ - linux 5.15.15-1 (unimportant)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/cifsd-team/ksmbd/issues/550
+ NOTE: https://github.com/cifsd-team/ksmbd/pull/551
+ NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
+ NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
+CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
+CVE-2021-45070
+ RESERVED
+CVE-2021-45069
+ RESERVED
+CVE-2021-45068 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45067 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45066
+ RESERVED
+CVE-2021-45065
+ RESERVED
+CVE-2021-45064 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45063 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45062 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45061 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45060 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45059 (Adobe InDesign version 16.4 (and earlier) is affected by a use-after-f ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45058 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45057 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45056 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45055 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45054 (Adobe InCopy version 16.4 (and earlier) is affected by a use-after-fre ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45053 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...)
+ - snapd <unfixed>
+ [bullseye] - snapd 2.49-1+deb11u1
+ NOTE: https://bugs.launchpad.net/snapd/+bug/1949368
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/18/2
+CVE-2021-45050
+ RESERVED
+CVE-2021-45049
+ RESERVED
+CVE-2021-45048
+ RESERVED
+CVE-2021-45047
+ RESERVED
+CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...)
+ {DSA-5022-1}
+ - apache-log4j2 2.16.0-1 (bug #1001729)
+ [stretch] - apache-log4j2 <not-affected> (JndiLookup class has been removed)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3221
+ NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
+CVE-2021-45045
+ RESERVED
+CVE-2021-45044
+ RESERVED
+CVE-2021-44768
+ RESERVED
+CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data ...)
+ NOT-FOR-US: pytorch-lightning
+CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...)
+ [experimental] - policykit-1 0.120-6
+ - policykit-1 0.105-32 (bug #1005784)
+ [bullseye] - policykit-1 <no-dsa> (Minor issue)
+ [buster] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported)
+ [stretch] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-077-polkit/
+ NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
+ NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38
+ NOTE: Debian backported 0.113 commits in 0.105-26
+CVE-2021-4114
+ REJECTED
+CVE-2021-4113
+ REJECTED
+CVE-2021-4112
+ RESERVED
+ NOT-FOR-US: Ansible Tower
+CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
+ NOT-FOR-US: HD-Network Real-time Monitoring System
+CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby 3.0.0-2 (bug #1001768)
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
+ NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20
+ NOTE: https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34
+CVE-2021-4109
+ RESERVED
+CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-45040
+ RESERVED
+CVE-2021-45039
+ RESERVED
+CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T297574
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-45037
+ RESERVED
+CVE-2021-45036
+ RESERVED
+CVE-2021-45035
+ RESERVED
+CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
+ NOT-FOR-US: Siemens
+CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
+ NOT-FOR-US: Siemens
+CVE-2021-45032
+ RESERVED
+CVE-2021-45031
+ RESERVED
+CVE-2021-45030
+ RESERVED
+CVE-2021-45029 (Groovy Code Injection &amp; SpEL Injection which lead to Remote Code E ...)
+ NOT-FOR-US: Apache ShenYu
+CVE-2021-45028
+ RESERVED
+CVE-2021-45027
+ RESERVED
+CVE-2021-45026
+ RESERVED
+CVE-2021-45025
+ RESERVED
+CVE-2021-45024
+ RESERVED
+CVE-2021-45023
+ RESERVED
+CVE-2021-45022
+ RESERVED
+CVE-2021-45021
+ RESERVED
+CVE-2021-45020
+ RESERVED
+CVE-2021-45019
+ RESERVED
+CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish &lt;=6.3.0 ...)
+ NOT-FOR-US: CatFish (not same as src:catfish)
+CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish &lt;= ...)
+ NOT-FOR-US: CatFish (not same as src:catfish)
+CVE-2021-45016
+ RESERVED
+CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
+ NOT-FOR-US: taocms
+CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...)
+ NOT-FOR-US: taocms
+CVE-2021-45013
+ RESERVED
+CVE-2021-45012
+ RESERVED
+CVE-2021-45011
+ RESERVED
+CVE-2021-45010
+ RESERVED
+CVE-2021-45009
+ RESERVED
+CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...)
+ NOT-FOR-US: Plesk CMS
+CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...)
+ NOT-FOR-US: Plesk
+CVE-2021-45006
+ RESERVED
+CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...)
+ - mujs <unfixed>
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704749 (not public)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=df8559e7bdbc6065276e786217eeee70f28fce66 (1.2.0)
+CVE-2021-45004
+ RESERVED
+CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...)
+ NOT-FOR-US: Laundry Booking Management System
+CVE-2021-45002
+ RESERVED
+CVE-2021-45001
+ RESERVED
+CVE-2021-45000
+ RESERVED
+CVE-2021-44999
+ RESERVED
+CVE-2021-44998
+ RESERVED
+CVE-2021-44997
+ RESERVED
+CVE-2021-44996
+ RESERVED
+CVE-2021-44995
+ RESERVED
+CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4894
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4944
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4895
+CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4876
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
+CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4875
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4879
+CVE-2021-44991
+ RESERVED
+CVE-2021-44990
+ RESERVED
+CVE-2021-44989
+ RESERVED
+CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4891
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
+CVE-2021-44987
+ RESERVED
+CVE-2021-44986
+ RESERVED
+CVE-2021-44985
+ RESERVED
+CVE-2021-44984
+ RESERVED
+CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...)
+ NOT-FOR-US: taocms
+CVE-2021-44982
+ RESERVED
+CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...)
+ NOT-FOR-US: QuickBox Pro
+CVE-2021-44980
+ RESERVED
+CVE-2021-44979
+ RESERVED
+CVE-2021-44978 (iCMS &lt;= 8.0.0 allows users to add and render a comtom template, whi ...)
+ NOT-FOR-US: iCMS
+CVE-2021-44977 (In iCMS &lt;=8.0.0, a directory traversal vulnerability allows an atta ...)
+ NOT-FOR-US: iCMS
+CVE-2021-44976
+ RESERVED
+CVE-2021-44975
+ RESERVED
+CVE-2021-44974
+ RESERVED
+CVE-2021-44973
+ RESERVED
+CVE-2021-44972
+ RESERVED
+CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...)
+ NOT-FOR-US: Tenda
+CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...)
+ NOT-FOR-US: MiniCMS
+CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
+ NOT-FOR-US: Taocms
+CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...)
+ NOT-FOR-US: IOBit Advanced SystemCare
+CVE-2021-44967
+ RESERVED
+CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
+ NOT-FOR-US: PHPGURUKUL Employee Record Management System
+CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...)
+ NOT-FOR-US: PHPGURUKUL Employee Record Management System
+CVE-2021-44964
+ RESERVED
+CVE-2021-44963
+ RESERVED
+CVE-2021-44962
+ RESERVED
+CVE-2021-44961
+ RESERVED
+CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
+ - svgpp <unfixed>
+ [bullseye] - svgpp <no-dsa> (Minor issue)
+ [buster] - svgpp <no-dsa> (Minor issue)
+ NOTE: https://github.com/svgpp/svgpp/issues/101
+CVE-2021-44959
+ RESERVED
+CVE-2021-44958
+ RESERVED
+CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-44955
+ RESERVED
+CVE-2021-44954
+ RESERVED
+CVE-2021-44953
+ RESERVED
+CVE-2021-44952
+ RESERVED
+CVE-2021-44951
+ RESERVED
+CVE-2021-44950
+ RESERVED
+CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44948
+ REJECTED
+CVE-2021-44947
+ RESERVED
+CVE-2021-44946
+ RESERVED
+CVE-2021-44945
+ RESERVED
+CVE-2021-44944
+ RESERVED
+CVE-2021-44943
+ RESERVED
+CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44941
+ RESERVED
+CVE-2021-44940
+ RESERVED
+CVE-2021-44939
+ RESERVED
+CVE-2021-44938
+ RESERVED
+CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44936
+ RESERVED
+CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44934
+ RESERVED
+CVE-2021-44933
+ RESERVED
+CVE-2021-44932
+ RESERVED
+CVE-2021-44931
+ RESERVED
+CVE-2021-44930
+ RESERVED
+CVE-2021-44929
+ RESERVED
+CVE-2021-44928
+ RESERVED
+CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1960
+ NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92
+CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1961
+ NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e
+CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1967
+ NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2
+CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1959
+ NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497
+CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1962
+ NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
+CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1969
+ NOTE: https://github.com/gpac/gpac/issues/1968
+ NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
+CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1964
+ NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2
+CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1957
+ NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4
+CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1963
+ NOTE: https://github.com/gpac/gpac/issues/1962
+ NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
+CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1968
+ NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
+CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...)
+ - gnuplot 5.4.2+dfsg2-2 (unimportant; bug #1002539)
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/4cc2a4c83bc95470caa525cda52fba683e95bbb9/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/7285b0c578a067d8d9fe0566ccefaee131f62087/ (branch-5-4-stable)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/bac7cf51333242999ecb66883fd6076168ec3441/ (branch-5-4-stable)
+ NOTE: Crash in CLI tool, negligible security impact
+CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-44915
+ RESERVED
+CVE-2021-44914
+ RESERVED
+CVE-2021-44913
+ RESERVED
+CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...)
+ NOT-FOR-US: XE
+CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...)
+ NOT-FOR-US: XE
+CVE-2021-44910
+ RESERVED
+CVE-2021-44909
+ RESERVED
+CVE-2021-44908
+ RESERVED
+CVE-2021-44907
+ RESERVED
+CVE-2021-44906
+ RESERVED
+CVE-2021-44905
+ RESERVED
+CVE-2021-44904
+ RESERVED
+CVE-2021-44903 (Micro-Star International (MSI) Center Pro &lt;= 2.0.16.0 is vulnerable ...)
+ NOT-FOR-US: Micro-Star International (MSI) Center Pro
+CVE-2021-44902
+ RESERVED
+CVE-2021-44901 (Micro-Star International (MSI) Dragon Center &lt;= 2.0.116.0 is vulner ...)
+ NOT-FOR-US: Micro-Star International (MSI) Dragon Center
+CVE-2021-44900 (Micro-Star International (MSI) App Player &lt;= 4.280.1.6309 is vulner ...)
+ NOT-FOR-US: Micro-Star International (MSI) App Player
+CVE-2021-44899 (Micro-Star International (MSI) Center &lt;= 1.0.31.0 is vulnerable to ...)
+ NOT-FOR-US: Micro-Star International (MSI) Center
+CVE-2021-44898
+ RESERVED
+CVE-2021-44897
+ RESERVED
+CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS. ...)
+ NOT-FOR-US: DMP Roadmap
+CVE-2021-44895
+ RESERVED
+CVE-2021-44894
+ RESERVED
+CVE-2021-44893
+ RESERVED
+CVE-2021-44892 (A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x v ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2021-44891
+ RESERVED
+CVE-2021-44890
+ RESERVED
+CVE-2021-44889
+ RESERVED
+CVE-2021-44888
+ RESERVED
+CVE-2021-44887
+ RESERVED
+CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-44885
+ RESERVED
+CVE-2021-44884
+ RESERVED
+CVE-2021-44883
+ RESERVED
+CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, ...)
+ - linux 5.16.7-1
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1
+ NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1)
+CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
+ NOT-FOR-US: Pac4j
+CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44873
+ RESERVED
+CVE-2021-44872
+ RESERVED
+CVE-2021-44871
+ RESERVED
+CVE-2021-44870
+ RESERVED
+CVE-2021-44869
+ RESERVED
+CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...)
+ NOT-FOR-US: ming-soft MCMS
+CVE-2021-44867
+ RESERVED
+CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
+ NOT-FOR-US: Online-Movie-Ticket-Booking-System
+CVE-2021-44865
+ RESERVED
+CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-44863
+ RESERVED
+CVE-2021-44862
+ RESERVED
+CVE-2021-44861
+ RESERVED
+CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1 DLA-2847-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki 1:1.31.16-1+deb10u2
+ NOTE: https://phabricator.wikimedia.org/T297322
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T297322
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeContentModel]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <postponed> (Minor issue)
+ [stretch] - mediawiki <postponed> (Minor issue)
+ NOTE: https://phabricator.wikimedia.org/T271037
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T293589
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results from private wikis]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T292763
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44853
+ RESERVED
+CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...)
+ NOT-FOR-US: Biostar RACING GT Evo
+CVE-2021-44851
+ RESERVED
+CVE-2021-44850 (On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot i ...)
+ NOT-FOR-US: Xilinx Zynq-7000 SoC device
+CVE-2021-44849
+ RESERVED
+CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...)
+ NOT-FOR-US: Cibele Thinfinity VirtualUI
+CVE-2021-44847 (A stack-based buffer overflow in handle_request function in DHT.c in t ...)
+ - libtoxcore 0.2.13-1 (bug #1001711)
+ [bullseye] - libtoxcore <no-dsa> (Minor issue)
+ [buster] - libtoxcore <no-dsa> (Minor issue)
+ NOTE: https://github.com/TokTok/c-toxcore/pull/1718
+ NOTE: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/
+ NOTE: Introduced by: https://github.com/TokTok/c-toxcore/commit/71260e38e8d12547b0e55916daf6cadd72f52e19 (v0.1.9)
+ NOTE: Fixed by: https://github.com/TokTok/c-toxcore/commit/1b02bad36864fdfc36694e3f96d2dc6c58a891e4 (v0.2.13)
+CVE-2021-44846
+ RESERVED
+CVE-2021-44845
+ RESERVED
+CVE-2021-44844
+ RESERVED
+CVE-2021-44843
+ RESERVED
+CVE-2021-44842
+ RESERVED
+CVE-2021-44841
+ RESERVED
+CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to request a n ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44835
+ RESERVED
+CVE-2021-44834
+ RESERVED
+CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...)
+ NOT-FOR-US: Snow Inventory Java Scanner
+CVE-2021-4105
+ RESERVED
+CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
+ NOT-FOR-US: CLI for Amazon AWS OpenSearch
+CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1
+ NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
+ NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
+CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
+ NOT-FOR-US: vditor
+CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...)
+ {DLA-2870-1}
+ - apache-log4j2 2.17.1-1 (bug #1002813)
+ [bullseye] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
+ [buster] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293
+ NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
+ NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1)
+ NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2
+CVE-2021-44831
+ RESERVED
+CVE-2021-44830
+ RESERVED
+CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...)
+ NOT-FOR-US: AFI WebACMS
+CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...)
+ NOT-FOR-US: ARM
+CVE-2021-44827
+ RESERVED
+CVE-2021-44826
+ RESERVED
+CVE-2021-44825
+ RESERVED
+CVE-2021-44824
+ RESERVED
+CVE-2021-44823
+ RESERVED
+CVE-2021-44822
+ RESERVED
+CVE-2021-44821
+ RESERVED
+CVE-2021-44820
+ RESERVED
+CVE-2021-44819
+ RESERVED
+CVE-2021-44818
+ RESERVED
+CVE-2021-44817
+ RESERVED
+CVE-2021-44816
+ RESERVED
+CVE-2021-44815
+ RESERVED
+CVE-2021-44814
+ RESERVED
+CVE-2021-44813
+ RESERVED
+CVE-2021-44812
+ RESERVED
+CVE-2021-44811
+ RESERVED
+CVE-2021-44810
+ RESERVED
+CVE-2021-44809
+ RESERVED
+CVE-2021-44808
+ RESERVED
+CVE-2021-44807
+ RESERVED
+CVE-2021-44806
+ RESERVED
+CVE-2021-44805
+ RESERVED
+CVE-2021-44804
+ RESERVED
+CVE-2021-44803
+ RESERVED
+CVE-2021-44802
+ RESERVED
+CVE-2021-44801
+ RESERVED
+CVE-2021-44800
+ RESERVED
+CVE-2021-44799
+ RESERVED
+CVE-2021-44798
+ RESERVED
+CVE-2021-44797
+ RESERVED
+CVE-2021-44796
+ RESERVED
+CVE-2021-4102 (Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
+ NOT-FOR-US: phpservermon
+CVE-2021-4096
+ RESERVED
+CVE-2021-44795 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44794 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Kron Single Connect
+CVE-2021-44791
+ RESERVED
+CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
+ {DSA-5035-1 DLA-2907-1}
+ - apache2 2.4.52-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
+ NOTE: Fixed by: https://svn.apache.org/r1896039
+CVE-2021-4095
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/
+ NOTE: https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194
+CVE-2021-4094
+ RESERVED
+CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...)
+ - linux 5.14.16-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
+CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
+ - 389-ds-base <unfixed>
+ [stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
+ NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
+CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...)
+ - linux 5.15.5-1
+ [bullseye] - linux <not-affected> (Vulnerable code introduced later)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101
+ NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
+CVE-2021-44789
+ RESERVED
+CVE-2021-44788
+ RESERVED
+CVE-2021-44787
+ RESERVED
+CVE-2021-44786
+ RESERVED
+CVE-2021-44785
+ RESERVED
+CVE-2021-44784
+ RESERVED
+CVE-2021-44783
+ RESERVED
+CVE-2021-44782
+ RESERVED
+CVE-2021-44781
+ RESERVED
+CVE-2021-44780
+ RESERVED
+CVE-2021-44764
+ RESERVED
+CVE-2021-4089 (snipe-it is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-37408
+ RESERVED
+CVE-2021-31565
+ RESERVED
+CVE-2021-26261
+ RESERVED
+CVE-2021-26255
+ RESERVED
+CVE-2021-23189
+ RESERVED
+CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2021-23171
+ RESERVED
+CVE-2021-23170
+ RESERVED
+CVE-2021-23148
+ RESERVED
+CVE-2021-44759
+ RESERVED
+CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...)
+ NOT-FOR-US: McAfee
+CVE-2021-4087
+ RESERVED
+CVE-2021-4086
+ RESERVED
+CVE-2021-4085
+ RESERVED
+CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...)
+ - linux 5.15.5-2
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4)
+CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-44758
+ RESERVED
+CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44756
+ RESERVED
+CVE-2021-44755
+ RESERVED
+CVE-2021-44754
+ RESERVED
+CVE-2021-44753
+ RESERVED
+CVE-2021-44752
+ RESERVED
+CVE-2021-44751
+ RESERVED
+CVE-2021-44750
+ RESERVED
+CVE-2021-44749
+ RESERVED
+CVE-2021-44748
+ RESERVED
+CVE-2021-44747
+ RESERVED
+CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...)
+ NOT-FOR-US: UNIVERGE
+CVE-2021-44745
+ RESERVED
+CVE-2021-44744
+ RESERVED
+CVE-2021-44743 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44742 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44741 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44545
+ RESERVED
+CVE-2021-44457
+ RESERVED
+CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
+ NOT-FOR-US: Intel
+CVE-2021-43351
+ RESERVED
+CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
+ NOT-FOR-US: Crater
+CVE-2021-26946
+ RESERVED
+CVE-2021-26254
+ RESERVED
+CVE-2021-23188
+ RESERVED
+CVE-2021-23168
+ RESERVED
+CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...)
+ NOT-FOR-US: Intel
+CVE-2021-23145
+ RESERVED
+CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
+ - rainloop 1.14.0-1 (bug #962629)
+ [buster] - rainloop <no-dsa> (Minor issue)
+ NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
+CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747
+CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...)
+ [experimental] - mbedtls 2.28.0-0.1
+ - mbedtls 2.28.0-0.3 (bug #1002631)
+ NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
+CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...)
+ {DSA-5080-1}
+ - snapd <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
+CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
+ {DSA-5080-1}
+ - snapd <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
+CVE-2021-44729
+ RESERVED
+CVE-2021-44728
+ RESERVED
+CVE-2021-44727
+ RESERVED
+CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
+ NOT-FOR-US: KNIME Server
+CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
+ NOT-FOR-US: KNIME Server
+CVE-2021-44724
+ RESERVED
+CVE-2021-44723
+ RESERVED
+CVE-2021-44722
+ RESERVED
+CVE-2021-44721
+ RESERVED
+CVE-2021-44720
+ RESERVED
+CVE-2021-44719
+ RESERVED
+CVE-2021-44718
+ RESERVED
+CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.5-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50057
+ NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
+ NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5)
+ NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12)
+CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.5-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ - golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1
+ - golang-golang-x-net-dev <removed>
+ [stretch] - golang-golang-x-net-dev <postponed> (Limited support in stretch)
+ NOTE: https://github.com/golang/go/issues/50058
+ NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
+ NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)
+ NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12)
+ NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70
+CVE-2021-44715 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44714 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44713 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44712 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44711 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44710 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44709 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44708 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44707 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44706 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44705 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44704 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44703 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44702 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44701 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44700 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44696
+ RESERVED
+CVE-2021-44695
+ RESERVED
+CVE-2021-44694
+ RESERVED
+CVE-2021-44693
+ RESERVED
+CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4077
+ RESERVED
+CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
+ RESERVED
+ {DSA-5025-1}
+ - tang 11-1
+ [buster] - tang <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/latchset/tang/pull/81
+ NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8)
+ NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11)
+CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...)
+ NOT-FOR-US: BuddyBoss Platform
+CVE-2021-44691
+ RESERVED
+CVE-2021-44690
+ RESERVED
+CVE-2021-44689
+ RESERVED
+CVE-2021-44688
+ RESERVED
+CVE-2021-44687
+ RESERVED
+CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...)
+ - calibre 5.33.0+dfsg-1
+ [bullseye] - calibre <no-dsa> (Minor issue)
+ [buster] - calibre <no-dsa> (Minor issue)
+ [stretch] - calibre <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/calibre/+bug/1951979
+ NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)
+CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...)
+ NOT-FOR-US: git-it
+CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...)
+ NOT-FOR-US: naholyr github-todos
+CVE-2021-44683
+ RESERVED
+CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...)
+ NOT-FOR-US: elgg
+CVE-2021-4071
+ RESERVED
+CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-44673
+ RESERVED
+CVE-2021-44672
+ RESERVED
+CVE-2021-44671
+ RESERVED
+CVE-2021-44670
+ RESERVED
+CVE-2021-44669
+ RESERVED
+CVE-2021-44668
+ RESERVED
+CVE-2021-44667
+ RESERVED
+CVE-2021-44666
+ RESERVED
+CVE-2021-44665
+ RESERVED
+CVE-2021-44664
+ RESERVED
+CVE-2021-44663
+ RESERVED
+CVE-2021-44662
+ RESERVED
+CVE-2021-44661
+ RESERVED
+CVE-2021-44660
+ RESERVED
+CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...)
+ NOT-FOR-US: GoCD server
+CVE-2021-44658
+ RESERVED
+CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
+ NOT-FOR-US: StackStorm
+CVE-2021-44656
+ RESERVED
+CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...)
+ NOT-FOR-US: Online Pre-owned/Used Car Showroom Management System
+CVE-2021-44654
+ RESERVED
+CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...)
+ NOT-FOR-US: Online Magazine Management System
+CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
+ - python-django-cms <itp> (bug #516183)
+CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
+ - gdk-pixbuf <unfixed>
+ [buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ [stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
+ NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
+ NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac (2.39.2)
+CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...)
+ - lua5.4 5.4.4-1 (bug #1004189)
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html
+ NOTE: Fixed by: https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f
+ TODO: check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet
+CVE-2021-44646
+ RESERVED
+CVE-2021-44645
+ RESERVED
+CVE-2021-44644
+ RESERVED
+CVE-2021-44643
+ RESERVED
+CVE-2021-44642
+ RESERVED
+CVE-2021-44641
+ RESERVED
+CVE-2021-44640
+ RESERVED
+CVE-2021-44639
+ RESERVED
+CVE-2021-44638
+ RESERVED
+CVE-2021-44637
+ RESERVED
+CVE-2021-44636
+ RESERVED
+CVE-2021-44635
+ RESERVED
+CVE-2021-44634
+ RESERVED
+CVE-2021-44633
+ RESERVED
+CVE-2021-44632
+ RESERVED
+CVE-2021-44631
+ RESERVED
+CVE-2021-44630
+ RESERVED
+CVE-2021-44629
+ RESERVED
+CVE-2021-44628
+ RESERVED
+CVE-2021-44627
+ RESERVED
+CVE-2021-44626
+ RESERVED
+CVE-2021-44625
+ RESERVED
+CVE-2021-44624
+ RESERVED
+CVE-2021-44623
+ RESERVED
+CVE-2021-44622
+ RESERVED
+CVE-2021-44621
+ RESERVED
+CVE-2021-44620
+ RESERVED
+CVE-2021-44619
+ RESERVED
+CVE-2021-44618
+ RESERVED
+CVE-2021-44617
+ RESERVED
+CVE-2021-44616
+ RESERVED
+CVE-2021-44615
+ RESERVED
+CVE-2021-44614
+ RESERVED
+CVE-2021-44613
+ RESERVED
+CVE-2021-44612
+ RESERVED
+CVE-2021-44611
+ RESERVED
+CVE-2021-44610
+ RESERVED
+CVE-2021-44609
+ RESERVED
+CVE-2021-44608
+ RESERVED
+CVE-2021-44607
+ RESERVED
+CVE-2021-44606
+ RESERVED
+CVE-2021-44605
+ RESERVED
+CVE-2021-44604
+ RESERVED
+CVE-2021-44603
+ RESERVED
+CVE-2021-44602
+ RESERVED
+CVE-2021-44601
+ RESERVED
+CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...)
+ NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
+CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...)
+ NOT-FOR-US: Online Enrollment Management System
+CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
+ NOT-FOR-US: Attendance Management System
+CVE-2021-44597
+ RESERVED
+CVE-2021-44596
+ RESERVED
+CVE-2021-44595
+ RESERVED
+CVE-2021-44594
+ RESERVED
+CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
+ NOT-FOR-US: Simple College Website
+CVE-2021-44592
+ RESERVED
+CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/235
+CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...)
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/236
+CVE-2021-44589
+ RESERVED
+CVE-2021-44588
+ RESERVED
+CVE-2021-44587
+ RESERVED
+CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...)
+ NOT-FOR-US: dst-admin
+CVE-2021-44585
+ RESERVED
+CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
+ NOT-FOR-US: emlog
+CVE-2021-44583
+ RESERVED
+CVE-2021-44582
+ RESERVED
+CVE-2021-44581
+ RESERVED
+CVE-2021-44580
+ RESERVED
+CVE-2021-44579
+ RESERVED
+CVE-2021-44578
+ RESERVED
+CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/428
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/426
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv through 1 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/427
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv through 13 De ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/429
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/430
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44572
+ RESERVED
+CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv through 13 D ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/421
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 1 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/424
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solve ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/423
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/425
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44567
+ RESERVED
+CVE-2021-44566
+ RESERVED
+CVE-2021-44565
+ RESERVED
+CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...)
+ NOT-FOR-US: SYNC2101
+CVE-2021-44563
+ RESERVED
+CVE-2021-44562
+ RESERVED
+CVE-2021-44561
+ RESERVED
+CVE-2021-44560
+ RESERVED
+CVE-2021-44559
+ RESERVED
+CVE-2021-44558
+ RESERVED
+CVE-2021-44557 (National Library of the Netherlands multiNER &lt;= c0440948057afc6e3d6 ...)
+ NOT-FOR-US: National Library of the Netherlands multiNER
+CVE-2021-44556 (National Library of the Netherlands digger &lt; 6697d1269d981e35e11f24 ...)
+ NOT-FOR-US: National Library of the Netherlands digger
+CVE-2021-44555
+ RESERVED
+CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-44553
+ RESERVED
+CVE-2021-44552
+ RESERVED
+CVE-2021-44551
+ RESERVED
+CVE-2021-44550
+ RESERVED
+CVE-2021-4070
+ RESERVED
+CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...)
+ NOT-FOR-US: Apache Sling
+CVE-2021-4069 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
+ NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741)
+CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...)
+ - lucene-solr <not-affected> (Issue only affects Windows)
+ NOTE: https://issues.apache.org/jira/browse/SOLR-15826
+CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4060
+ RESERVED
+CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4051
+ RESERVED
+CVE-2021-44543 (An XSS vulnerability was found in Privoxy which was fixed in cgi_error ...)
+ {DLA-2844-1}
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33)
+CVE-2021-44542 (A memory leak vulnerability was found in Privoxy when handling errors. ...)
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08996116cbcea55cd3fc6c2a558e499a (v_3_0_33)
+CVE-2021-44541 (A vulnerability was found in Privoxy which was fixed in process_encryp ...)
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044 (v_3_0_33)
+CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_spec_p ...)
+ {DLA-2844-1}
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33)
+CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-44539
+ RESERVED
+CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...)
+ {DSA-5034-1 DLA-2874-1}
+ - element-web <itp> (bug #866502)
+ - olm 3.2.8~dfsg-1 (bug #1001664)
+ [bullseye] - olm <no-dsa> (Minor issue)
+ [buster] - olm <not-affected> (Vulnerable code introduced later)
+ - thunderbird 1:91.4.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538
+ NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/
+ NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4)
+ NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8)
+CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...)
+ - owncloud-client <unfixed>
+ NOTE: https://owncloud.com/security-advisories/cve-2021-44537/
+CVE-2021-44536
+ RESERVED
+CVE-2021-44535
+ RESERVED
+CVE-2021-44534
+ RESERVED
+CVE-2021-44533 [Incorrect handling of certificate subject and issuer fields]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533
+ NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x)
+CVE-2021-44532 [Certificate Verification Bypass via String Injection]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532
+ NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x)
+CVE-2021-44531 [Improper handling of URI Subject Alternative Names]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531
+ NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x)
+ NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x)
+CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...)
+ NOT-FOR-US: UniFi Network
+CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-44528 (A open redirect vulnerability exists in Action Pack &gt;= 6.0.0 that c ...)
+ - rails <unfixed> (bug #1001817)
+ [buster] - rails <not-affected> (Vulnerable code introduced later)
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/5
+ NOTE: https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 (master)
+ NOTE: https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107 (v6.1.4.2)
+ NOTE: https://github.com/rails/rails/commit/fd6a64fef1d0f7f40a8d4b046da882e83163299c (v6.0.4.2)
+ NOTE: Introduced by: https://github.com/rails/rails/commit/07ec8062e605ba4e9bd153e1d264b02ac4ab8a0f (v6.0.0.beta1)
+CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...)
+ NOT-FOR-US: UniFi Switch firmware
+CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44477
+ RESERVED
+CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...)
+ - lapack 3.10.0-2 (bug #1001902)
+ [bullseye] - lapack <no-dsa> (Minor issue)
+ [buster] - lapack <no-dsa> (Minor issue)
+ [stretch] - lapack <no-dsa> (Minor issue)
+ - openblas 0.3.18+ds-1
+ [bullseye] - openblas <no-dsa> (Minor issue)
+ [buster] - openblas <no-dsa> (Minor issue)
+ [stretch] - openblas <no-dsa> (Minor issue)
+ NOTE: https://github.com/Reference-LAPACK/lapack/pull/625
+ NOTE: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
+ NOTE: https://github.com/JuliaLang/julia/issues/42415
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 (v0.3.18)
+CVE-2021-4047
+ RESERVED
+ NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242
+CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...)
+ - cassandra <itp> (bug #585905)
+CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-4045
+ RESERVED
+CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
+ [experimental] - openssl 3.0.1-1
+ - openssl <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openssl.org/news/secadv/20211214.txt
+CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47
+ NOTE: https://github.com/gpac/gpac/issues/2092
+ NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db
+CVE-2021-4042
+ RESERVED
+CVE-2021-4041 [Improper shell escaping in ansible-runner]
+ RESERVED
+ - ansible-runner 2.1.1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074
+ NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0)
+CVE-2021-4040
+ RESERVED
+ NOT-FOR-US: Red Hat AMQ Broker
+CVE-2021-4039
+ RESERVED
+CVE-2021-44520
+ RESERVED
+CVE-2021-44519
+ RESERVED
+CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
+ NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android
+CVE-2021-44517
+ RESERVED
+CVE-2021-44516
+ RESERVED
+CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...)
+ - tmate-ssh-server <unfixed> (bug #1001225)
+ [bullseye] - tmate-ssh-server <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388
+CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions directory in tma ...)
+ - tmate-ssh-server <unfixed> (bug #1001225)
+ [bullseye] - tmate-ssh-server <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388
+CVE-2021-44511
+ RESERVED
+CVE-2021-44510
+ RESERVED
+CVE-2021-44509
+ RESERVED
+CVE-2021-44508
+ RESERVED
+CVE-2021-44507
+ RESERVED
+CVE-2021-44506
+ RESERVED
+CVE-2021-44505
+ RESERVED
+CVE-2021-44504
+ RESERVED
+CVE-2021-44503
+ RESERVED
+CVE-2021-44502
+ RESERVED
+CVE-2021-44501
+ RESERVED
+CVE-2021-44500
+ RESERVED
+CVE-2021-44499
+ RESERVED
+CVE-2021-44498
+ RESERVED
+CVE-2021-44497
+ RESERVED
+CVE-2021-44496
+ RESERVED
+CVE-2021-44495
+ RESERVED
+CVE-2021-44494
+ RESERVED
+CVE-2021-44493
+ RESERVED
+CVE-2021-44492
+ RESERVED
+CVE-2021-44491
+ RESERVED
+CVE-2021-44490
+ RESERVED
+CVE-2021-44489
+ RESERVED
+CVE-2021-44488
+ RESERVED
+CVE-2021-44487
+ RESERVED
+CVE-2021-44486
+ RESERVED
+CVE-2021-44485
+ RESERVED
+CVE-2021-44484
+ RESERVED
+CVE-2021-44483
+ RESERVED
+CVE-2021-44482
+ RESERVED
+CVE-2021-44481
+ RESERVED
+CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...)
+ NOT-FOR-US: Wokka Lokka Q50 devices
+CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...)
+ NOT-FOR-US: NXP Kinetis K82 devices
+CVE-2021-44478
+ RESERVED
+CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
+ NOT-FOR-US: McAfee
+CVE-2021-44470
+ RESERVED
+CVE-2021-4037 [security regression for CVE-2018-13405]
+ RESERVED
+ - linux 5.14.6-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239
+ NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
+CVE-2021-4036
+ RESERVED
+CVE-2021-37409
+ RESERVED
+CVE-2021-37405
+ RESERVED
+CVE-2021-33847
+ RESERVED
+CVE-2021-26950
+ RESERVED
+CVE-2021-26258
+ RESERVED
+CVE-2021-26257
+ RESERVED
+CVE-2021-26251
+ RESERVED
+CVE-2021-23223
+ RESERVED
+CVE-2021-23179
+ RESERVED
+CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...)
+ NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for registered datab ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-4035 (A stored cross site scripting have been identified at the comments in ...)
+ NOT-FOR-US: Wocu Monitoring
+CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link+
+CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant MasterMed
+CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...)
+ NOT-FOR-US: Agilia Link+
+CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...)
+ NOT-FOR-US: Serva
+CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...)
+ NOT-FOR-US: Pinkie
+CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...)
+ NOT-FOR-US: Rosario Student Information System
+CVE-2021-44426
+ RESERVED
+CVE-2021-44425
+ RESERVED
+CVE-2021-44424
+ RESERVED
+CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...)
+ NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
+CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44421
+ RESERVED
+CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
+ - python-django 2:3.2.10-1
+ [bullseye] - python-django 2:2.2.25-1~deb11u1
+ [buster] - python-django <no-dsa> (Minor issue)
+ [stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
+ NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
+ NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
+ NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25)
+CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44394
+ RESERVED
+CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44375
+ RESERVED
+CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44366
+ RESERVED
+CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44357
+ RESERVED
+CVE-2021-44356
+ RESERVED
+CVE-2021-44355
+ RESERVED
+CVE-2021-44354
+ RESERVED
+CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...)
+ {DSA-5059-1 DLA-2899-1}
+ - policykit-1 0.105-31.1
+ NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11
+CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44353
+ RESERVED
+CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
+ NOT-FOR-US: Tenda
+CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x &lt;=5.1.22 via ...)
+ NOT-FOR-US: ThinkPHP5
+CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Con ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44346
+ RESERVED
+CVE-2021-44345
+ RESERVED
+CVE-2021-44344
+ RESERVED
+CVE-2021-44343
+ RESERVED
+CVE-2021-44342
+ RESERVED
+CVE-2021-44341
+ RESERVED
+CVE-2021-44340
+ RESERVED
+CVE-2021-44339
+ RESERVED
+CVE-2021-44338
+ RESERVED
+CVE-2021-44337
+ RESERVED
+CVE-2021-44336
+ RESERVED
+CVE-2021-44335
+ RESERVED
+CVE-2021-44334
+ RESERVED
+CVE-2021-44333
+ RESERVED
+CVE-2021-44332
+ RESERVED
+CVE-2021-44331
+ RESERVED
+CVE-2021-44330
+ RESERVED
+CVE-2021-44329
+ RESERVED
+CVE-2021-44328
+ RESERVED
+CVE-2021-44327
+ RESERVED
+CVE-2021-44326
+ RESERVED
+CVE-2021-44325
+ RESERVED
+CVE-2021-44324
+ RESERVED
+CVE-2021-44323
+ RESERVED
+CVE-2021-44322
+ RESERVED
+CVE-2021-44321
+ RESERVED
+CVE-2021-44320
+ RESERVED
+CVE-2021-44319
+ RESERVED
+CVE-2021-44318
+ RESERVED
+CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...)
+ NOT-FOR-US: Bus Pass Management System
+CVE-2021-44316
+ RESERVED
+CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...)
+ NOT-FOR-US: Bus Pass Management System
+CVE-2021-44314
+ RESERVED
+CVE-2021-44313
+ RESERVED
+CVE-2021-44312
+ RESERVED
+CVE-2021-44311
+ RESERVED
+CVE-2021-44310
+ RESERVED
+CVE-2021-44309
+ RESERVED
+CVE-2021-44308
+ RESERVED
+CVE-2021-44307
+ RESERVED
+CVE-2021-44306
+ RESERVED
+CVE-2021-44305
+ RESERVED
+CVE-2021-44304
+ RESERVED
+CVE-2021-44303
+ RESERVED
+CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...)
+ NOT-FOR-US: BaiCloud-cms
+CVE-2021-44301
+ RESERVED
+CVE-2021-44300
+ RESERVED
+CVE-2021-44299 (A reflected cross-site scripting (XSS) vulnerability in \lib\packages\ ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2021-44298
+ RESERVED
+CVE-2021-44297
+ RESERVED
+CVE-2021-44296
+ RESERVED
+CVE-2021-44295
+ RESERVED
+CVE-2021-44294
+ RESERVED
+CVE-2021-44293
+ RESERVED
+CVE-2021-44292
+ RESERVED
+CVE-2021-44291
+ RESERVED
+CVE-2021-44290
+ RESERVED
+CVE-2021-44289
+ RESERVED
+CVE-2021-44288
+ RESERVED
+CVE-2021-44287
+ RESERVED
+CVE-2021-44286
+ RESERVED
+CVE-2021-44285
+ RESERVED
+CVE-2021-44284
+ RESERVED
+CVE-2021-44283
+ RESERVED
+CVE-2021-44282
+ RESERVED
+CVE-2021-44281
+ RESERVED
+CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
+ NOT-FOR-US: attendance management system
+CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation vulnerability in i ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44276
+ RESERVED
+CVE-2021-44275
+ RESERVED
+CVE-2021-44274
+ RESERVED
+CVE-2021-44273 (e2guardian v5.4.x &lt;= v5.4.3r is affected by missing SSL certificate ...)
+ - e2guardian 5.3.5-3 (bug #1003125)
+ [bullseye] - e2guardian <no-dsa> (Minor issue)
+ [buster] - e2guardian <no-dsa> (Minor issue)
+ [stretch] - e2guardian <no-dsa> (Minor issue; can be fixed later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/23/2
+ NOTE: https://github.com/e2guardian/e2guardian/issues/707
+ NOTE: Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2
+CVE-2021-44272
+ RESERVED
+CVE-2021-44271
+ RESERVED
+CVE-2021-44270
+ RESERVED
+CVE-2021-44269
+ RESERVED
+CVE-2021-44268
+ RESERVED
+CVE-2021-44267
+ RESERVED
+CVE-2021-44266
+ RESERVED
+CVE-2021-44265
+ RESERVED
+CVE-2021-44264
+ RESERVED
+CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...)
+ NOT-FOR-US: Gurock TestRail
+CVE-2021-44262
+ RESERVED
+CVE-2021-44261
+ RESERVED
+CVE-2021-44260
+ RESERVED
+CVE-2021-44259
+ RESERVED
+CVE-2021-44258
+ RESERVED
+CVE-2021-44257
+ RESERVED
+CVE-2021-44256
+ RESERVED
+CVE-2021-44255 (Authenticated remote code execution in MotionEye &lt;= 0.42.1 and Moti ...)
+ NOT-FOR-US: MotionEye
+CVE-2021-44254
+ RESERVED
+CVE-2021-44253
+ RESERVED
+CVE-2021-44252
+ RESERVED
+CVE-2021-44251
+ RESERVED
+CVE-2021-44250
+ RESERVED
+CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...)
+ NOT-FOR-US: Online Motorcycle (Bike) Rental System
+CVE-2021-44248
+ RESERVED
+CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
+ NOT-FOR-US: Totolink
+CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
+ NOT-FOR-US: Totolink
+CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
+ NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS)
+CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
+ NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System
+CVE-2021-44243
+ RESERVED
+CVE-2021-44242
+ RESERVED
+CVE-2021-44241
+ RESERVED
+CVE-2021-44240
+ RESERVED
+CVE-2021-44239
+ RESERVED
+CVE-2021-44238
+ RESERVED
+CVE-2021-44237
+ RESERVED
+CVE-2021-44236
+ RESERVED
+CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...)
+ - linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7)
+ NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
+CVE-2021-4031
+ RESERVED
+CVE-2021-4030
+ RESERVED
+CVE-2021-4029
+ RESERVED
+CVE-2021-4028 [use-after-free in RDMA listen()]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201
+ NOTE: https://git.kernel.org/linus/bc0bdc5afaa740d782fbf936aaeebd65e5c2921d (5.15-rc4)
+CVE-2021-4027
+ RESERVED
+CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4025
+ RESERVED
+CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...)
+ NOT-FOR-US: SAP
+CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that ...)
+ NOT-FOR-US: SAP
+CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...)
+ NOT-FOR-US: SAP
+CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...)
+ NOT-FOR-US: SAP
+CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...)
+ NOT-FOR-US: SAP
+CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...)
+ NOT-FOR-US: Burp Suite (different from src:burp)
+CVE-2021-44229
+ RESERVED
+CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...)
+ {DSA-5020-1 DLA-2842-1}
+ - apache-log4j2 2.15.0-1 (bug #1001478)
+ - apache-log4j1.2 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
+ NOTE: https://github.com/apache/logging-log4j2/pull/608
+ NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day/
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3198
+ NOTE: https://github.com/apache/logging-log4j2/commit/c77b3cb39312b83b053d23a2158b99ac7de44dd3
+ NOTE: The lookup is performed *after* formatting the message, which includes the user input. Hence
+ NOTE: the vulnerability can still be triggered using a ParametrizedMessage.
+CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used to cre ...)
+ - libpod 3.4.3+ds1-1 (bug #1000844)
+ [bullseye] - libpod <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675
+ NOTE: https://twitter.com/discordianfish/status/1463462371675066371
+ NOTE: https://github.com/containers/podman/pull/12283
+ NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1)
+ NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main)
+ NOTE: Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3)
+CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...)
+ - mailman <removed>
+ [buster] - mailman <no-dsa> (Minor issue)
+ [stretch] - mailman <no-dsa> (Minor issue; can be fixed with the next DLA)
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
+ NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt
+ NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
+ NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
+CVE-2021-44226
+ RESERVED
+CVE-2021-4023
+ RESERVED
+CVE-2021-4022
+ RESERVED
+CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...)
+ - keepalived 1:2.2.4-0.2
+ [bullseye] - keepalived 1:2.1.5-0.2+deb11u1
+ [buster] - keepalived <no-dsa> (Minor issue)
+ [stretch] - keepalived <no-dsa> (Minor issue)
+ NOTE: https://github.com/acassen/keepalived/pull/2063
+ NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
+CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...)
+ {DSA-5035-1 DLA-2907-1}
+ - apache2 2.4.52-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224
+ NOTE: Fixed by: https://svn.apache.org/r1895955
+ NOTE: Fixed by: https://svn.apache.org/r1896044
+CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...)
+ - wordpress 5.8.1+dfsg1-1
+ [bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ [buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ [stretch] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation
+ NOTE: options documented in:
+ NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
+ NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/
+CVE-2021-44222
+ RESERVED
+CVE-2021-44221
+ RESERVED
+CVE-2021-4021
+ RESERVED
+ - radare2 <unfixed>
+ NOTE: https://github.com/radareorg/radare2/issues/19436
+CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
+ - janus 0.11.5-4 (unimportant; bug #1000831)
+ NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/
+ NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
+ NOTE: Issues only in janus-demos built from src:janus
+CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
+ NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669)
+CVE-2021-44220
+ RESERVED
+CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...)
+ NOT-FOR-US: Gin-Vue-Admin
+CVE-2021-44218
+ RESERVED
+CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...)
+ NOT-FOR-US: Ericsson
+CVE-2021-44216
+ RESERVED
+CVE-2021-44215
+ RESERVED
+CVE-2021-44214
+ RESERVED
+CVE-2021-44213
+ RESERVED
+CVE-2021-44212
+ RESERVED
+CVE-2021-44211
+ RESERVED
+CVE-2021-44210
+ RESERVED
+CVE-2021-44209
+ RESERVED
+CVE-2021-44208
+ RESERVED
+CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...)
+ NOT-FOR-US: Acclaim USAHERDS
+CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44197
+ RESERVED
+CVE-2021-44196
+ RESERVED
+CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
+ NOT-FOR-US: Rapid7 Insight Agent
+CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-4014
+ RESERVED
+CVE-2021-4013
+ RESERVED
+CVE-2021-4012
+ RESERVED
+CVE-2021-44195
+ RESERVED
+CVE-2021-44194
+ RESERVED
+CVE-2021-44193
+ RESERVED
+CVE-2021-44192
+ RESERVED
+CVE-2021-44191
+ RESERVED
+CVE-2021-44190
+ RESERVED
+CVE-2021-44189
+ RESERVED
+CVE-2021-44188
+ RESERVED
+CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44185 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44184
+ RESERVED
+CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44178 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44177 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44176 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44175
+ RESERVED
+CVE-2021-44174
+ RESERVED
+CVE-2021-44173
+ RESERVED
+CVE-2021-44172
+ RESERVED
+CVE-2021-44171
+ RESERVED
+CVE-2021-44170
+ RESERVED
+CVE-2021-44169
+ RESERVED
+CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-44167
+ RESERVED
+CVE-2021-44166
+ RESERVED
+CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44164 (Chain Sea ai chatbot system&#8217;s file upload function has insuffici ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44162 (Chain Sea ai chatbot system&#8217;s specific file download function ha ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system&#8217;s specific funct ...)
+ NOT-FOR-US: MOTP (Mobile One Time Password) system&
+CVE-2021-44160 (Carinal Tien Hospital Health Report System&#8217;s login page has impr ...)
+ NOT-FOR-US: Carinal Tien Hospital Health Report System&
+CVE-2021-44159 (4MOSAn GCB Doctor&#8217;s file upload function has improper user privi ...)
+ NOT-FOR-US: 4MOSAn GCB Doctor
+CVE-2021-44158 (ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflo ...)
+ NOT-FOR-US: ASUS
+CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768
+CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1}
+ - xorg-server 2:1.20.13-3
+ [stretch] - xorg-server <not-affected> (Vulnerable code introduced later)
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
+CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02
+CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
+CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...)
+ NOT-FOR-US: Rapid7 Insight Agent
+CVE-2021-4006
+ RESERVED
+CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-44157
+ RESERVED
+CVE-2021-44156
+ RESERVED
+CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise RLM 14.2. ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin account ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the license ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because /goform/change_pa ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cookies ar ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
+ NOT-FOR-US: tusdotnet
+CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...)
+ NOT-FOR-US: Linaro/OP-TEE OP-TEE
+CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
+ NOT-FOR-US: GL.iNet
+CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
+ NOT-FOR-US: Claris
+CVE-2021-44146
+ RESERVED
+CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...)
+ NOT-FOR-US: Croatia Control Asterix
+CVE-2021-4004
+ RESERVED
+CVE-2021-4003
+ RESERVED
+CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare]
+ RESERVED
+ - linux 5.15.5-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1
+ NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890
+CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...)
+ - isync 1.4.4-1 (bug #999804)
+ [bullseye] - isync <not-affected> (Vulnerable code introduced later)
+ [buster] - isync <not-affected> (Vulnerable code introduced later)
+ [stretch] - isync <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2
+CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...)
+ {DSA-5071-1}
+ - samba <unfixed> (bug #1004693)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/
+CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...)
+ - samba <unfixed> (bug #1004692)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911
+CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...)
+ - jspwiki <removed>
+CVE-2021-44139
+ RESERVED
+CVE-2021-44138
+ RESERVED
+CVE-2021-44137
+ RESERVED
+CVE-2021-44136
+ RESERVED
+CVE-2021-44135
+ RESERVED
+CVE-2021-44134
+ RESERVED
+CVE-2021-44133
+ RESERVED
+CVE-2021-44132
+ RESERVED
+CVE-2021-44131
+ RESERVED
+CVE-2021-44130
+ RESERVED
+CVE-2021-44129
+ RESERVED
+CVE-2021-44128
+ RESERVED
+CVE-2021-44127
+ RESERVED
+CVE-2021-44126
+ RESERVED
+CVE-2021-44125
+ RESERVED
+CVE-2021-44124
+ RESERVED
+CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master)
+ NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db
+ NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44121
+ REJECTED
+CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81
+ NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44119
+ RESERVED
+CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba
+ NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
+ NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44117
+ RESERVED
+CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS &lt;=0.12 ...)
+ NOT-FOR-US: Anchor CMS
+CVE-2021-44115
+ RESERVED
+CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-44113
+ RESERVED
+CVE-2021-44112
+ RESERVED
+CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...)
+ NOT-FOR-US: S-Cart
+CVE-2021-44110
+ RESERVED
+CVE-2021-44109
+ RESERVED
+CVE-2021-44108
+ RESERVED
+CVE-2021-44107
+ RESERVED
+CVE-2021-44106
+ RESERVED
+CVE-2021-44105
+ RESERVED
+CVE-2021-44104
+ RESERVED
+CVE-2021-44103
+ RESERVED
+CVE-2021-44102
+ RESERVED
+CVE-2021-44101
+ RESERVED
+CVE-2021-44100
+ RESERVED
+CVE-2021-44099
+ RESERVED
+CVE-2021-44098
+ RESERVED
+CVE-2021-44097
+ RESERVED
+CVE-2021-44096
+ RESERVED
+CVE-2021-44095
+ RESERVED
+CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...)
+ NOT-FOR-US: zrlog
+CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
+ NOT-FOR-US: zrlog
+CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...)
+ NOT-FOR-US: code-projects Pharmacy Management
+CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...)
+ NOT-FOR-US: Sourcecodester Multi Restaurant Table Reservation System
+CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...)
+ NOT-FOR-US: Sourcecodester Online Reviewer System
+CVE-2021-44089
+ RESERVED
+CVE-2021-44088
+ RESERVED
+CVE-2021-44087
+ RESERVED
+CVE-2021-44086
+ RESERVED
+CVE-2021-44085
+ RESERVED
+CVE-2021-44084
+ RESERVED
+CVE-2021-44083
+ RESERVED
+CVE-2021-44082
+ RESERVED
+CVE-2021-44081
+ RESERVED
+CVE-2021-44080
+ RESERVED
+CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...)
+ - linux 5.15.5-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53
+CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()]
+ RESERVED
+ - glibc 2.33-4
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=472e799a5f2102bc0c3206dbd5a801765fceb39c
+CVE-2021-3998 [Unexpected return value from realpath() for too long results]
+ RESERVED
+ - glibc 2.33-4
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770
+ NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5
+CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]
+ RESERVED
+ - systemd 250.2-1 (bug #1003467)
+ [bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - systemd <ignored> (Minor issue; not exploitable before upstream commit e535840)
+ [stretch] - systemd <ignored> (Minor issue; utility segfault; not exploitable before upstream commit e535840, PoC doesn't segfault on stretch)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639
+ NOTE: https://github.com/systemd/systemd/pull/22070
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2
+ NOTE: Exploitable after (but present before): https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c (v242-rc1)
+ NOTE: PoC still crashes on jessie/215-17+deb8u14
+ NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11
+ NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
+CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...)
+ NOT-FOR-US: Wazuh
+CVE-2021-3996
+ RESERVED
+ {DSA-5055-1}
+ - util-linux 2.37.3-1
+ [buster] - util-linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - util-linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1)
+ NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b (v2.37.3)
+ NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
+CVE-2021-3995
+ RESERVED
+ {DSA-5055-1}
+ - util-linux 2.37.3-1
+ [buster] - util-linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - util-linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1)
+ NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929 (v2.37.3)
+ NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
+CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ NOT-FOR-US: django-helpdesk
+CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44078 (An issue was discovered in split_region in uc.c in Unicorn Engine befo ...)
+ NOT-FOR-US: Unicorn Engine
+CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-3991
+ RESERVED
+CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3988
+ RESERVED
+CVE-2021-3987
+ RESERVED
+CVE-2021-3986
+ RESERVED
+CVE-2021-44076
+ RESERVED
+CVE-2021-44075
+ RESERVED
+CVE-2021-44074
+ RESERVED
+CVE-2021-44073
+ RESERVED
+CVE-2021-44072
+ RESERVED
+CVE-2021-44071
+ RESERVED
+CVE-2021-44070
+ RESERVED
+CVE-2021-44069
+ RESERVED
+CVE-2021-44068
+ RESERVED
+CVE-2021-44067
+ RESERVED
+CVE-2021-44066
+ RESERVED
+CVE-2021-44065
+ RESERVED
+CVE-2021-44064
+ RESERVED
+CVE-2021-44063
+ RESERVED
+CVE-2021-44062
+ RESERVED
+CVE-2021-44061
+ RESERVED
+CVE-2021-44060
+ RESERVED
+CVE-2021-44059
+ RESERVED
+CVE-2021-44058
+ RESERVED
+CVE-2021-44057
+ RESERVED
+CVE-2021-44056
+ RESERVED
+CVE-2021-44055
+ RESERVED
+CVE-2021-44054
+ RESERVED
+CVE-2021-44053
+ RESERVED
+CVE-2021-44052
+ RESERVED
+CVE-2021-44051
+ RESERVED
+CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
+ NOT-FOR-US: CA Network Flow Analysis (NFA)
+CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...)
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
+CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...)
+ NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
+CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44046 (An out-of-bounds write vulnerability exists when reading U3D files in ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44045 (An out-of-bounds write vulnerability exists when reading a DGN file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44044 (An out-of-bounds write vulnerability exists when reading a JPG file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44043 (An issue was discovered in UiPath App Studio 21.4.4. There is a persis ...)
+ NOT-FOR-US: UiPath
+CVE-2021-44042 (An issue was discovered in UiPath Assistant 21.4.4. User-controlled da ...)
+ NOT-FOR-US: UiPath
+CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlled data ...)
+ NOT-FOR-US: UiPath
+CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: kimai2
+CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1001896)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
+ NOTE: https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 (v8.2.3625)
+CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44040
+ RESERVED
+CVE-2021-44039
+ RESERVED
+CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...)
+ - quagga <removed>
+ [buster] - quagga <no-dsa> (Minor issue)
+ [stretch] - quagga <postponed> (revisit when/if fixed upstream)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890
+ NOTE: Debian installed systemd unit files install the problematic redhat/*.service
+ NOTE: files with the unsafe chmod/chown calls in the Debian packaging.
+CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 allo ...)
+ NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
+CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...)
+ NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
+CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...)
+ NOT-FOR-US: Wolters Kluwer TeamMate AM
+CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation]
+ RESERVED
+ - gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284
+CVE-2021-3981 [Incorrect permission in grub.cfg allow unprivileged user to read the file content]
+ RESERVED
+ - grub2 <unfixed> (bug #1001414)
+ [bullseye] - grub2 <not-affected> (Vulnerable code introduced later)
+ [buster] - grub2 <not-affected> (Vulnerable code introduced later)
+ [stretch] - grub2 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024170
+ NOTE: Introduced by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d (grub-2.06-rc1)
+ NOTE: https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html
+CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...)
+ - elgg <itp> (bug #526197)
+CVE-2021-3979 [ceph: Ceph volume does not honour osd_dmcrypt_key_size]
+ RESERVED
+ - ceph <unfixed>
+ [bullseye] - ceph <no-dsa> (Minor issue)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5
+CVE-2021-44034
+ RESERVED
+CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...)
+ NOT-FOR-US: Ionic Identity Vault
+CVE-2021-44032
+ RESERVED
+CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before 11.2. T ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 because the ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44027
+ RESERVED
+CVE-2021-44024 (A link following denial-of-service vulnerability in Trend Micro Apex O ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3978
+ RESERVED
+CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: invoiceninja
+CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <not-affected> (SAML is not supported)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7
+CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
+ RESERVED
+ - libvirt 7.6.0-1
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326
+ NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2)
+CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...)
+ {DSA-5013-1 DLA-2840-1}
+ - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+ NOTE: https://github.com/roundcube/roundcubemail/issues/8193
+ NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
+CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...)
+ {DSA-5013-1 DLA-2840-1}
+ - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
+CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)
+ NOT-FOR-US: Amazon FreeRTOS
+CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...)
+ NOT-FOR-US: Laravel Ignition component
+CVE-2021-43995
+ RESERVED
+CVE-2021-43994
+ RESERVED
+CVE-2021-43993
+ RESERVED
+CVE-2021-43992
+ RESERVED
+CVE-2021-43991 (The Kentico Xperience CMS version 13.0 &#8211; 13.0.43 is vulnerable t ...)
+ NOT-FOR-US: Kentico Xperience CMS
+CVE-2021-43990
+ RESERVED
+CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43988
+ RESERVED
+CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43986
+ RESERVED
+CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...)
+ NOT-FOR-US: Delta
+CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43980
+ RESERVED
+CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 ...)
+ NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper
+CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator database cre ...)
+ NOT-FOR-US: Allegro WIndows
+CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...)
+ NOT-FOR-US: SmarterTools
+CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...)
+ - linux 5.15.15-2
+ NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
+CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...)
+ - linux 5.15.5-2
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
+CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg en ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysA ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSettings.js ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43970
+ RESERVED
+CVE-2021-43969
+ RESERVED
+CVE-2021-43968
+ RESERVED
+CVE-2021-43967
+ RESERVED
+CVE-2021-43966
+ RESERVED
+CVE-2021-43965
+ RESERVED
+CVE-2021-43964
+ RESERVED
+CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...)
+ NOT-FOR-US: Couchbase Sync Gateway
+CVE-2021-43962
+ RESERVED
+CVE-2021-43961
+ RESERVED
+CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...)
+ NOT-FOR-US: Lorensbergs Connect2
+CVE-2021-3974 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1 (bug #1001897)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
+ NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612)
+CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1001899)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e
+ NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611)
+CVE-2021-3972
+ RESERVED
+CVE-2021-3971
+ RESERVED
+CVE-2021-3970
+ RESERVED
+CVE-2021-3969
+ RESERVED
+CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1001900)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (Vulnerable code not present)
+ NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
+ NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610)
+CVE-2021-43959
+ RESERVED
+CVE-2021-43958
+ RESERVED
+CVE-2021-43957
+ RESERVED
+CVE-2021-43956
+ RESERVED
+CVE-2021-43955
+ RESERVED
+CVE-2021-43954
+ RESERVED
+CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43945
+ RESERVED
+CVE-2021-43944
+ RESERVED
+CVE-2021-43943
+ RESERVED
+CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+ NOT-FOR-US: Atlassian Confluence
+CVE-2021-43939
+ RESERVED
+CVE-2021-43938
+ RESERVED
+CVE-2021-43937
+ RESERVED
+CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...)
+ NOT-FOR-US: Distributed Data Systems
+CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...)
+ NOT-FOR-US: Hillrom
+CVE-2021-43934
+ RESERVED
+CVE-2021-43933
+ RESERVED
+CVE-2021-43932
+ RESERVED
+CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)
+ NOT-FOR-US: Distributed Data Systems
+CVE-2021-43930
+ RESERVED
+CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
+ NOT-FOR-US: Synology
+CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
+ NOT-FOR-US: Synology
+CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43924
+ RESERVED
+CVE-2021-43923
+ RESERVED
+CVE-2021-43922
+ RESERVED
+CVE-2021-43921
+ RESERVED
+CVE-2021-43920
+ RESERVED
+CVE-2021-43919
+ RESERVED
+CVE-2021-43918
+ RESERVED
+CVE-2021-43917
+ RESERVED
+CVE-2021-43916
+ RESERVED
+CVE-2021-43915
+ RESERVED
+CVE-2021-43914
+ RESERVED
+CVE-2021-43913
+ RESERVED
+CVE-2021-43912
+ RESERVED
+CVE-2021-43911
+ RESERVED
+CVE-2021-43910
+ RESERVED
+CVE-2021-43909
+ RESERVED
+CVE-2021-43908 (Visual Studio Code Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43907 (Visual Studio Code WSL Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43906
+ RESERVED
+CVE-2021-43905 (Microsoft Office app Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43904
+ RESERVED
+CVE-2021-43903
+ RESERVED
+CVE-2021-43902
+ RESERVED
+CVE-2021-43901
+ RESERVED
+CVE-2021-43900
+ RESERVED
+CVE-2021-43899 (Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43898
+ RESERVED
+CVE-2021-43897
+ RESERVED
+CVE-2021-43896 (Microsoft PowerShell Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43895
+ RESERVED
+CVE-2021-43894
+ RESERVED
+CVE-2021-43893 (Windows Encrypting File System (EFS) Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43890 (Windows AppX Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43887
+ RESERVED
+CVE-2021-43886
+ RESERVED
+CVE-2021-43885
+ RESERVED
+CVE-2021-43884
+ RESERVED
+CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43881
+ RESERVED
+CVE-2021-43880 (Windows Mobile Device Management Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43879
+ RESERVED
+CVE-2021-43878
+ RESERVED
+CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: .NET core
+CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43874
+ RESERVED
+CVE-2021-43873
+ RESERVED
+CVE-2021-43872
+ RESERVED
+CVE-2021-43871
+ RESERVED
+CVE-2021-43870
+ RESERVED
+CVE-2021-43869
+ RESERVED
+CVE-2021-43868
+ RESERVED
+CVE-2021-43867
+ RESERVED
+CVE-2021-43866
+ RESERVED
+CVE-2021-43865
+ RESERVED
+CVE-2021-43864
+ RESERVED
+CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...)
+ NOT-FOR-US: jQuery Terminal Emulator
+CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...)
+ - node-mermaid 8.13.8+~cs10.4.16-1
+ [bullseye] - node-mermaid <no-dsa> (Minor issue)
+ NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
+ NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
+CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...)
+ {DSA-5049-1}
+ - flatpak 1.12.3-1
+ [buster] - flatpak <ignored> (Intrusive and risky to backport)
+ [stretch] - flatpak <ignored> (Intrusive and risky to backport)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
+ NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
+ NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee
+ NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
+ NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
+CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...)
+ {DLA-2924-1}
+ - libxstream-java <unfixed>
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
+ NOTE: https://x-stream.github.io/CVE-2021-43859.html
+ NOTE: https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
+CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...)
+ NOT-FOR-US: MinIO
+CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...)
+ NOT-FOR-US: Gerapy
+CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
+ - nltk 3.6.7-1 (bug #1002623)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x
+ NOTE: https://github.com/nltk/nltk/issues/2866
+ NOTE: https://github.com/nltk/nltk/pull/2869
+ NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6)
+CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...)
+ NOT-FOR-US: Ajax.NET Professional
+CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ NOT-FOR-US: OroPlatform
+CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...)
+ NOT-FOR-US: cordova-plugin-fingerprint-aio
+CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...)
+ - h2o <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4
+ NOTE: Introduced by: https://github.com/h2o/h2o/commit/93af1383b248e9284ba5f63211b4fbb4c828d060
+ NOTE: Fixed by: https://github.com/h2o/h2o/commit/8c0eca3d9bc1f08e7c6bdf57645f3d54aed7d844
+CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...)
+ NOT-FOR-US: HumHub Social Network Kit Enterprise
+CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
+ NOT-FOR-US: solidus_frontend
+CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
+ NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
+ NOTE: https://github.com/pjsip/pjproject/pull/2924
+CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...)
+ NOT-FOR-US: MSEdgeRedirect
+CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...)
+ NOT-FOR-US: jsx-slack
+CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...)
+ NOT-FOR-US: XWiki
+CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...)
+ NOT-FOR-US: Discourse Message Bus middleware
+CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
+ NOT-FOR-US: Cronos
+CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...)
+ NOT-FOR-US: jsx-slack
+CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...)
+ NOT-FOR-US: Hashicorp vault-cli
+CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ NOT-FOR-US: Spinnaker
+CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
+ NOT-FOR-US: gradio
+CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
+ NOT-FOR-US: OpenProject
+CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...)
+ NOT-FOR-US: PatrOwl
+CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security ...)
+ NOT-FOR-US: PatrOwl
+CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...)
+ NOT-FOR-US: discourse-footnote
+CVE-2021-43826
+ RESERVED
+CVE-2021-43825
+ RESERVED
+CVE-2021-43824
+ RESERVED
+CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...)
+ NOT-FOR-US: Jackalope Doctrine-DBAL
+CVE-2021-43821 (Opencast is an Open Source Lecture Capture &amp; Video Management for ...)
+ NOT-FOR-US: Opencast
+CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...)
+ - seafile-server <itp> (bug #865830)
+ NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
+ NOTE: https://github.com/haiwen/seafile-server/pull/520
+CVE-2021-43819
+ RESERVED
+CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...)
+ {DSA-5043-1 DLA-2871-1}
+ - lxml 4.7.1-1 (bug #1001885)
+ NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
+ NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)
+ NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)
+CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...)
+ NOT-FOR-US: Collabora Online
+CVE-2021-43816 (containerd is an open source container runtime. On installations using ...)
+ - containerd 1.5.9~ds1-1
+ [bullseye] - containerd <not-affected> (Vulnerable code introduced in 1.5.0)
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
+ NOTE: Fixed by: https://github.com/containerd/containerd/commit/1407cab509ff0d96baa4f0eb6ff9980270e6e620
+CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ NOT-FOR-US: Rizin
+CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ NOT-FOR-US: Auth0 Next.js SDK
+CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
+ NOT-FOR-US: Sockeye
+CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
+ NOT-FOR-US: Admidio
+CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...)
+ - rubygems 3.3.5-1
+ NOTE: https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
+ NOTE: https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c (v3.3.0)
+ NOTE: https://github.com/rubygems/rubygems/pull/5142
+CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
+ - php-laravel-framework 6.20.14+dfsg-3 (bug #1001333)
+ [bullseye] - php-laravel-framework <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
+ NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42)
+CVE-2021-43807 (Opencast is an Open Source Lecture Capture &amp; Video Management for ...)
+ NOT-FOR-US: Opencast
+CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
+ NOT-FOR-US: Solidus
+CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
+ NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
+CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
+ NOT-FOR-US: next.js
+CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8 ...)
+ NOT-FOR-US: Mercurius
+CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
+ - netty <unfixed> (bug #1001437)
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
+ NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
+CVE-2021-43796
+ RESERVED
+CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
+ NOT-FOR-US: Armeria
+CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43792 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43791 (Zulip is an open source group chat application that combines real-time ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in ...)
+ NOT-FOR-US: Lucet
+CVE-2021-43789 (PrestaShop is an Open Source e-commerce web application. Versions of P ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-43788 (Nodebb is an open source Node.js based forum software. Prior to v1.18. ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43787 (Nodebb is an open source Node.js based forum software. In affected ver ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affected ver ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...)
+ NOT-FOR-US: @joeattardi/emoji-button
+CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...)
+ {DLA-2841-1}
+ - runc 1.0.3+ds1-1
+ [bullseye] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
+ [buster] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
+ NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1
+ NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
+CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
+ NOT-FOR-US: @backstage/plugin-scaffolder-backend
+CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...)
+ NOT-FOR-US: Invenio-Drafts-Resources
+CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
+ NOT-FOR-US: Redash
+CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking system and ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...)
+ NOT-FOR-US: GLPI plugin
+CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
+ NOT-FOR-US: Redash
+CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...)
+ NOT-FOR-US: Backstage
+CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...)
+ NOT-FOR-US: Aim
+CVE-2021-3967
+ RESERVED
+CVE-2021-3966
+ RESERVED
+CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
+ NOT-FOR-US: HP
+CVE-2021-43774
+ RESERVED
+CVE-2021-43773
+ RESERVED
+CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key ...)
+ - elgg <itp> (bug #526197)
+CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...)
+ - imagemagick <not-affected> (Specific to 7.x)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/4446
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e
+CVE-2021-43770
+ RESERVED
+CVE-2021-43769
+ RESERVED
+CVE-2021-43768
+ RESERVED
+CVE-2021-43767
+ RESERVED
+CVE-2021-43766
+ RESERVED
+CVE-2021-43765 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43764 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43760
+ RESERVED
+CVE-2021-43759
+ RESERVED
+CVE-2021-43758
+ RESERVED
+CVE-2021-43757
+ RESERVED
+CVE-2021-43756
+ RESERVED
+CVE-2021-43755
+ RESERVED
+CVE-2021-43754
+ RESERVED
+CVE-2021-43753
+ RESERVED
+CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43751
+ RESERVED
+CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
+ NOT-FOR-US: iPack SCADA Automation
+CVE-2021-43745
+ RESERVED
+CVE-2021-43744
+ RESERVED
+CVE-2021-43743
+ RESERVED
+CVE-2021-43742
+ RESERVED
+CVE-2021-43741
+ RESERVED
+CVE-2021-43740
+ RESERVED
+CVE-2021-43739
+ RESERVED
+CVE-2021-43738
+ RESERVED
+CVE-2021-43737
+ RESERVED
+CVE-2021-43736
+ RESERVED
+CVE-2021-43735
+ RESERVED
+CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...)
+ NOT-FOR-US: kkFileview
+CVE-2021-43733
+ RESERVED
+CVE-2021-43732
+ RESERVED
+CVE-2021-43731
+ RESERVED
+CVE-2021-43730
+ RESERVED
+CVE-2021-43729
+ RESERVED
+CVE-2021-43728
+ RESERVED
+CVE-2021-43727
+ RESERVED
+CVE-2021-43726
+ RESERVED
+CVE-2021-43725
+ RESERVED
+CVE-2021-43724
+ RESERVED
+CVE-2021-43723
+ RESERVED
+CVE-2021-43722
+ RESERVED
+CVE-2021-43721
+ RESERVED
+CVE-2021-43720
+ RESERVED
+CVE-2021-43719
+ RESERVED
+CVE-2021-43718
+ RESERVED
+CVE-2021-43717
+ RESERVED
+CVE-2021-43716
+ RESERVED
+CVE-2021-43715
+ RESERVED
+CVE-2021-43714
+ RESERVED
+CVE-2021-43713
+ RESERVED
+CVE-2021-43712
+ RESERVED
+CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-43710
+ RESERVED
+CVE-2021-43709
+ RESERVED
+CVE-2021-43708
+ RESERVED
+CVE-2021-43707
+ RESERVED
+CVE-2021-43706
+ RESERVED
+CVE-2021-43705
+ RESERVED
+CVE-2021-43704
+ RESERVED
+CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...)
+ NOT-FOR-US: zzcms
+CVE-2021-43702
+ RESERVED
+CVE-2021-43701
+ RESERVED
+CVE-2021-43700
+ RESERVED
+CVE-2021-43699
+ RESERVED
+CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...)
+ NOT-FOR-US: phpWhois
+CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...)
+ NOT-FOR-US: Workerman-ThinkPHP-Redis
+CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...)
+ NOT-FOR-US: twmap
+CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...)
+ NOT-FOR-US: issabelPBX
+CVE-2021-43694
+ RESERVED
+CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...)
+ NOT-FOR-US: Vesta Control Panel
+CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...)
+ NOT-FOR-US: youtube-php-mirroring
+CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...)
+ NOT-FOR-US: tripexpress
+CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: YurunProxy
+CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...)
+ NOT-FOR-US: thinkphp manage
+CVE-2021-43688
+ RESERVED
+CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: nZEDb
+CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
+ - libretime <itp> (bug #888687)
+CVE-2021-43684
+ RESERVED
+CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: pictshare
+CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...)
+ NOT-FOR-US: ThinkPHP BJY Blog
+CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
+ NOT-FOR-US: SakuraPanel
+CVE-2021-43680
+ RESERVED
+CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
+ NOT-FOR-US: ecshop
+CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
+ NOT-FOR-US: Wechat-php-sdk
+CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: Fluxbb
+CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
+ NOT-FOR-US: matyhtf framework
+CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: Lychee-v3
+CVE-2021-43674 (** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a p ...)
+ NOT-FOR-US: ThinkUp
+CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: dzzoffice
+CVE-2021-43672
+ RESERVED
+CVE-2021-43671
+ RESERVED
+CVE-2021-43670
+ RESERVED
+CVE-2021-43669 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...)
+ NOT-FOR-US: HyperLedger
+CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a s ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+ NOTE: https://github.com/ethereum/go-ethereum/issues/23866
+CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...)
+ NOT-FOR-US: HyperLedger
+CVE-2021-43666
+ RESERVED
+CVE-2021-43665
+ RESERVED
+CVE-2021-43664
+ RESERVED
+CVE-2021-43663
+ RESERVED
+CVE-2021-43662
+ RESERVED
+CVE-2021-43661
+ RESERVED
+CVE-2021-43660
+ RESERVED
+CVE-2021-43659
+ RESERVED
+CVE-2021-43658
+ RESERVED
+CVE-2021-43657
+ RESERVED
+CVE-2021-43656
+ RESERVED
+CVE-2021-43655
+ RESERVED
+CVE-2021-43654
+ RESERVED
+CVE-2021-43653
+ RESERVED
+CVE-2021-43652
+ RESERVED
+CVE-2021-43651
+ RESERVED
+CVE-2021-43650
+ RESERVED
+CVE-2021-43649
+ RESERVED
+CVE-2021-43648
+ RESERVED
+CVE-2021-43647
+ RESERVED
+CVE-2021-43646
+ RESERVED
+CVE-2021-43645
+ RESERVED
+CVE-2021-43644
+ RESERVED
+CVE-2021-43643
+ RESERVED
+CVE-2021-43642
+ RESERVED
+CVE-2021-43641
+ RESERVED
+CVE-2021-43640
+ RESERVED
+CVE-2021-43639
+ RESERVED
+CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...)
+ NOT-FOR-US: Amazon
+CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Amazon
+CVE-2021-43636
+ RESERVED
+CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...)
+ NOT-FOR-US: Codex
+CVE-2021-43634
+ RESERVED
+CVE-2021-43633
+ RESERVED
+CVE-2021-43632
+ RESERVED
+CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43627
+ RESERVED
+CVE-2021-43626
+ RESERVED
+CVE-2021-43625
+ RESERVED
+CVE-2021-43624
+ RESERVED
+CVE-2021-43623
+ RESERVED
+CVE-2021-43622
+ RESERVED
+CVE-2021-43621
+ RESERVED
+CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...)
+ NOT-FOR-US: Rust crate fruity
+CVE-2021-43619
+ RESERVED
+CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
+ {DLA-2837-1}
+ - gmp 2:6.2.1+dfsg-3 (bug #994405)
+ [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
+ [buster] - gmp <no-dsa> (Minor issue)
+ NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
+ NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...)
+ - php-laravel-framework 6.20.14+dfsg-3 (bug #1002728)
+ [bullseye] - php-laravel-framework <no-dsa> (Can be fixed via point release)
+ NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
+CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
+ - npm <unfixed>
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
+ NOTE: https://github.com/npm/cli/issues/2701
+CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2021-43614
+ RESERVED
+CVE-2021-43613
+ RESERVED
+CVE-2021-43612 [crash in SONMP decoder]
+ RESERVED
+ - lldpd 1.0.13-1
+ [bullseye] - lldpd 1.0.11-1+deb11u1
+ [buster] - lldpd <no-dsa> (Minor issue)
+ [stretch] - lldpd <no-dsa> (Minor issue)
+ NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13)
+CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...)
+ NOT-FOR-US: Belledonne Belle-sip
+CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...)
+ NOT-FOR-US: Belledonne Belle-sip
+CVE-2021-43609
+ RESERVED
+CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...)
+ - php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
+ NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and
+ NOTE: only present in experimental suite.
+ NOTE: https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
+CVE-2021-43607
+ RESERVED
+CVE-2021-43606
+ RESERVED
+CVE-2021-43605
+ RESERVED
+CVE-2021-43604
+ RESERVED
+CVE-2021-43603
+ RESERVED
+CVE-2021-43602
+ RESERVED
+CVE-2021-43601
+ RESERVED
+CVE-2021-43600
+ RESERVED
+CVE-2021-43599
+ RESERVED
+CVE-2021-43598
+ RESERVED
+CVE-2021-43597
+ RESERVED
+CVE-2021-43596
+ RESERVED
+CVE-2021-43595
+ RESERVED
+CVE-2021-43594
+ RESERVED
+CVE-2021-43593
+ RESERVED
+CVE-2021-43592
+ RESERVED
+CVE-2021-43591
+ RESERVED
+CVE-2021-43590
+ RESERVED
+CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...)
+ NOT-FOR-US: EMC
+CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...)
+ NOT-FOR-US: EMC
+CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...)
+ NOT-FOR-US: Dell
+CVE-2021-43586
+ RESERVED
+CVE-2021-43585
+ RESERVED
+CVE-2021-43584
+ RESERVED
+CVE-2021-43583
+ RESERVED
+CVE-2021-3956
+ RESERVED
+CVE-2021-3955
+ RESERVED
+CVE-2021-3954
+ RESERVED
+CVE-2021-3953
+ RESERVED
+CVE-2021-3952
+ RESERVED
+CVE-2021-3951
+ RESERVED
+CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...)
+ NOT-FOR-US: Open Design Alliance PRC SDK
+CVE-2021-43580
+ RESERVED
+CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC &lt;= 1.9 ...)
+ - htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/453
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ NOT-FOR-US: django-helpdesk
+CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive informatio ...)
+ NOT-FOR-US: Philips
+CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorre ...)
+ NOT-FOR-US: Philips
+CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outs ...)
+ NOT-FOR-US: Philips
+CVE-2021-3949
+ RESERVED
+CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...)
+ NOT-FOR-US: Migration Toolkit for Containers
+CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2021869
+ NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f432fdfa1215bc3a00468b2e711176be279b0fd2 (v6.0.0-rc0)
+ NOTE: https://lore.kernel.org/qemu-devel/20211111153125.2258176-1-philmd@redhat.com/
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e2c57529c9306e4c9aac75d9879f6e7699584a22 (v6.2.0-rc3)
+CVE-2021-3946
+ RESERVED
+CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ NOT-FOR-US: django-helpdesk
+CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
+ NOT-FOR-US: KNX ETS6
+CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 ...)
+ - atmailopen <removed>
+CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
+ NOT-FOR-US: Realtek
+CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43570 (The verify function in the Stark Bank Java ECDSA library (ecdsa-java) ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43569 (The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elix ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43567
+ RESERVED
+CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...)
+ - samba <unfixed> (bug #1004691)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-43566.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13979
+CVE-2021-43565 [x/crypto/ssh: empty plaintext packet causes panic]
+ RESERVED
+ - golang-go.crypto 1:0.0~git20211202.5770296-1
+ [stretch] - golang-go.crypto <postponed> (Limited support in stretch)
+ NOTE: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
+ NOTE: https://github.com/golang/go/issues/49932
+CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-3942
+ RESERVED
+CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...)
+ NOT-FOR-US: Apache Apisix
+CVE-2021-3941
+ RESERVED
+ - openexr <unfixed>
+ [stretch] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153
+ NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed
+CVE-2021-3940
+ RESERVED
+CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...)
+ NOT-FOR-US: FATEK WinProladder
+CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...)
+ NOT-FOR-US: mySCADA myDESIGNER
+CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an ...)
+ NOT-FOR-US: FATEK WinProladder
+CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...)
+ NOT-FOR-US: OSIsoft
+CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the ...)
+ NOT-FOR-US: Philips
+CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...)
+ NOT-FOR-US: OSIsoft
+CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an unnecessary ...)
+ NOT-FOR-US: Philips
+CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...)
+ NOT-FOR-US: OSIsoft
+CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...)
+ NOT-FOR-US: Philips
+CVE-2021-43547
+ RESERVED
+CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43546
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
+CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43545
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43545
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43545
+CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have searche ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
+CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43543
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
+CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43542
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
+CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541
+CVE-2021-43540 (WebExtensions with the correct permissions were able to create and ins ...)
+ - firefox 95.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
+CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43539
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
+CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43538
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
+CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43537
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
+CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43536
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
+CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 93.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-43535
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
+CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43534
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43534
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43534
+CVE-2021-43533 (When parsing internationalized domain names, high bits of the characte ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43533
+CVE-2021-43532 (The 'Copy Image Link' context menu action would copy the final image U ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43532
+CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web Extension co ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43531
+CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android resul ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
+CVE-2021-43529
+ RESERVED
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
+CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...)
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
+CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...)
+ {DSA-5016-1 DLA-2836-1}
+ - nss 2:3.73-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4
+ NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
+ NOTE: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
+CVE-2021-43526
+ RESERVED
+CVE-2021-43525
+ RESERVED
+CVE-2021-43524
+ RESERVED
+CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ...)
+ - uclibc <unfixed> (unimportant)
+ - uclibc-ng <itp> (bug #811275)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1
+ NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174
+CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...)
+ - accountsservice <not-affected> (Ubuntu specific patch)
+ NOTE: https://ubuntu.com/security/CVE-2021-3939
+CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3937
+ RESERVED
+CVE-2021-3936
+ RESERVED
+CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...)
+ {DLA-2922-1}
+ - pgbouncer 1.16.1-1
+ [bullseye] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1
+ NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1
+ NOTE: https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 (v1.16.1)
+CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3933
+ RESERVED
+ - openexr <unfixed>
+ [stretch] - openexr <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
+ NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
+CVE-2021-43521
+ RESERVED
+CVE-2021-43520
+ RESERVED
+CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...)
+ - lua5.4 5.4.4-1 (bug #1000228)
+ [bullseye] - lua5.4 <no-dsa> (Minor issue)
+ - lua5.3 <unfixed>
+ [bullseye] - lua5.3 <no-dsa> (Minor issue)
+ [buster] - lua5.3 <no-dsa> (Minor issue)
+ [stretch] - lua5.3 <no-dsa> (Minor issue)
+ - lua5.2 <unfixed>
+ [bullseye] - lua5.2 <no-dsa> (Minor issue)
+ [buster] - lua5.2 <no-dsa> (Minor issue)
+ [stretch] - lua5.2 <no-dsa> (Minor issue)
+ - lua5.1 <unfixed>
+ [bullseye] - lua5.1 <no-dsa> (Minor issue)
+ [buster] - lua5.1 <no-dsa> (Minor issue)
+ [stretch] - lua5.1 <no-dsa> (Minor issue)
+ - lua50 <not-affected> (Vulnerable code not present)
+ NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html
+ NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
+CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. ...)
+ - teeworlds <unfixed>
+ [bullseye] - teeworlds <no-dsa> (Minor issue)
+ [buster] - teeworlds <no-dsa> (Minor issue)
+ NOTE: https://github.com/teeworlds/teeworlds/issues/2981
+ NOTE: https://github.com/teeworlds/teeworlds/pull/3018
+ NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368
+ NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
+CVE-2021-43517
+ RESERVED
+CVE-2021-43516
+ RESERVED
+CVE-2021-43515
+ RESERVED
+CVE-2021-43514
+ RESERVED
+CVE-2021-43513
+ RESERVED
+CVE-2021-43512
+ RESERVED
+CVE-2021-43511
+ RESERVED
+CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43508
+ RESERVED
+CVE-2021-43507
+ RESERVED
+CVE-2021-43506
+ RESERVED
+CVE-2021-43505
+ RESERVED
+CVE-2021-43504
+ RESERVED
+CVE-2021-43503
+ RESERVED
+CVE-2021-43502
+ RESERVED
+CVE-2021-43501
+ RESERVED
+CVE-2021-43500
+ RESERVED
+CVE-2021-43499
+ RESERVED
+CVE-2021-43498
+ RESERVED
+CVE-2021-43497
+ RESERVED
+CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
+ NOT-FOR-US: Clustering
+CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+ NOT-FOR-US: AlquistManager
+CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
+ NOT-FOR-US: OpenCV-REST-API
+CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
+ NOT-FOR-US: ServerManagement
+CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+ NOT-FOR-US: AlquistManager
+CVE-2021-43491
+ RESERVED
+CVE-2021-43490
+ RESERVED
+CVE-2021-43489
+ RESERVED
+CVE-2021-43488
+ RESERVED
+CVE-2021-43487
+ RESERVED
+CVE-2021-43486
+ RESERVED
+CVE-2021-43485
+ RESERVED
+CVE-2021-43484
+ RESERVED
+CVE-2021-43483
+ RESERVED
+CVE-2021-43482
+ RESERVED
+CVE-2021-43481
+ RESERVED
+CVE-2021-43480
+ RESERVED
+CVE-2021-43479
+ RESERVED
+CVE-2021-43478
+ RESERVED
+CVE-2021-43477
+ RESERVED
+CVE-2021-43476
+ RESERVED
+CVE-2021-43475
+ RESERVED
+CVE-2021-43474
+ RESERVED
+CVE-2021-43473
+ RESERVED
+CVE-2021-43472
+ RESERVED
+CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does not requi ...)
+ NOT-FOR-US: Canon
+CVE-2021-43470
+ RESERVED
+CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulner ...)
+ NOT-FOR-US: VINGA
+CVE-2021-43468
+ RESERVED
+CVE-2021-43467
+ RESERVED
+CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...)
+ NOT-FOR-US: thymeleaf-spring5
+CVE-2021-43465
+ RESERVED
+CVE-2021-43464
+ RESERVED
+CVE-2021-43463
+ RESERVED
+CVE-2021-43462
+ RESERVED
+CVE-2021-43461
+ RESERVED
+CVE-2021-43460
+ RESERVED
+CVE-2021-43459
+ RESERVED
+CVE-2021-43458
+ RESERVED
+CVE-2021-43457
+ RESERVED
+CVE-2021-43456
+ RESERVED
+CVE-2021-43455
+ RESERVED
+CVE-2021-43454
+ RESERVED
+CVE-2021-43453
+ RESERVED
+CVE-2021-43452
+ RESERVED
+CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...)
+ NOT-FOR-US: PHPGURUKUL
+CVE-2021-43450
+ RESERVED
+CVE-2021-43449
+ RESERVED
+CVE-2021-43448
+ RESERVED
+CVE-2021-43447
+ RESERVED
+CVE-2021-43446
+ RESERVED
+CVE-2021-43445
+ RESERVED
+CVE-2021-43444
+ RESERVED
+CVE-2021-43443
+ RESERVED
+CVE-2021-43442
+ RESERVED
+CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...)
+ NOT-FOR-US: iOrder
+CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...)
+ NOT-FOR-US: iOrder
+CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...)
+ NOT-FOR-US: iResturant
+CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...)
+ NOT-FOR-US: iResturant
+CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...)
+ NOT-FOR-US: sourcecodetester Engineers Online Portal
+CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...)
+ NOT-FOR-US: MartDevelopers Inc iResturant
+CVE-2021-43435
+ RESERVED
+CVE-2021-43434
+ RESERVED
+CVE-2021-43433
+ RESERVED
+CVE-2021-43432
+ RESERVED
+CVE-2021-43431
+ RESERVED
+CVE-2021-43430
+ RESERVED
+CVE-2021-43429
+ RESERVED
+CVE-2021-43428
+ RESERVED
+CVE-2021-43427
+ RESERVED
+CVE-2021-43426
+ RESERVED
+CVE-2021-43425
+ RESERVED
+CVE-2021-43424
+ RESERVED
+CVE-2021-43423
+ RESERVED
+CVE-2021-43422
+ RESERVED
+CVE-2021-43421
+ RESERVED
+CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43419
+ RESERVED
+CVE-2021-43418
+ RESERVED
+CVE-2021-43417
+ RESERVED
+CVE-2021-43416
+ RESERVED
+CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...)
+ - nomad <undetermined>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
+ TODO: check
+CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pa ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43412 (An issue was discovered in GNU Hurd before 0.9 20210404-9. libports ac ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43410 (Apache Airavata Django Portal allows CRLF log injection because of lac ...)
+ NOT-FOR-US: Apache Airavata
+CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: twill
+CVE-2021-43409 (The &#8220;WPO365 | LOGIN&#8221; WordPress plugin (up to and including ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-43408 (The "Duplicate Post" WordPress plugin up to and including version 1.1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-43407
+ RESERVED
+CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The fax_extension ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX file name ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43402
+ RESERVED
+CVE-2021-43401
+ RESERVED
+CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 (v6.2.0-rc0)
+CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free]
+ RESERVED
+ - qemu <unfixed>
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556
+ NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
+ - bluez 5.62-1 (bug #998626)
+ [bullseye] - bluez <no-dsa> (Minor issue; can be fixed in point release)
+ [buster] - bluez <no-dsa> (Minor issue; can be fixed in point release)
+ [stretch] - bluez <ignored> (invasive patch, requires post-stretch revamps)
+ NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f (5.40)
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62)
+CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...)
+ NOT-FOR-US: yubihsm-shell
+CVE-2021-43398 (** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a ti ...)
+ - libcrypto++ <unfixed> (unimportant; bug #1000227)
+ NOTE: https://github.com/weidai11/cryptopp/issues/1080
+ NOTE: As per upstream believed to be the expected behaviour:
+ NOTE: https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996492222
+CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
+ NOT-FOR-US: LiquidFiles
+CVE-2021-43395
+ RESERVED
+CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
+ NOT-FOR-US: Unisys
+CVE-2021-43393
+ RESERVED
+CVE-2021-43392
+ RESERVED
+CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka ...)
+ - glibc 2.32-5 (unimportant; bug #998622)
+ [buster] - glibc <not-affected> (Vulnerable code not present)
+ [stretch] - glibc <not-affected> (Vulnerable code not present)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28524
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
+ NOTE: Introduced by the fix for CVE-2021-3326 / BZ#27256: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
+ NOTE: No security impact per upstream assessment
+CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...)
+ {DLA-2843-1}
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
+ NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d
+CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...)
+ NOT-FOR-US: Unisys Cargo Mobile Application
+CVE-2021-43387
+ RESERVED
+CVE-2021-43386
+ RESERVED
+CVE-2021-43385
+ RESERVED
+CVE-2021-43384
+ RESERVED
+CVE-2021-43383
+ RESERVED
+CVE-2021-43382
+ RESERVED
+CVE-2021-43381
+ RESERVED
+CVE-2021-43380
+ RESERVED
+CVE-2021-43379
+ RESERVED
+CVE-2021-43378
+ RESERVED
+CVE-2021-43377
+ RESERVED
+CVE-2021-43376
+ RESERVED
+CVE-2021-43375
+ RESERVED
+CVE-2021-43374
+ RESERVED
+CVE-2021-43373
+ RESERVED
+CVE-2021-43372
+ RESERVED
+CVE-2021-43371
+ RESERVED
+CVE-2021-43370
+ RESERVED
+CVE-2021-43369
+ RESERVED
+CVE-2021-43368
+ RESERVED
+CVE-2021-43367
+ RESERVED
+CVE-2021-43366
+ RESERVED
+CVE-2021-43365
+ RESERVED
+CVE-2021-43364
+ RESERVED
+CVE-2021-43363
+ RESERVED
+CVE-2021-43362
+ RESERVED
+CVE-2021-43361
+ RESERVED
+CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule&#8217;s serialization functi ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
+ NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
+CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
+ NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)
+CVE-2021-43357
+ RESERVED
+CVE-2021-43350 (An unauthenticated Apache Traffic Control Traffic Ops user can send a ...)
+ NOT-FOR-US: Apache Traffic Control
+CVE-2021-43349
+ RESERVED
+CVE-2021-43348
+ RESERVED
+CVE-2021-43347
+ RESERVED
+CVE-2021-43346
+ RESERVED
+CVE-2021-43345
+ RESERVED
+CVE-2021-43344
+ RESERVED
+CVE-2021-43343
+ RESERVED
+CVE-2021-43342
+ RESERVED
+CVE-2021-43341
+ RESERVED
+CVE-2021-43340
+ RESERVED
+CVE-2021-43339 (In Ericsson Network Location before 2021-07-31, it is possible for an ...)
+ NOT-FOR-US: Ericsson
+CVE-2021-43338
+ REJECTED
+CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On ...)
+ - slurm-wlm <not-affected> (Affects only 21.08 series; vulnerable code introduced later)
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
+ NOTE: https://www.schedmd.com/news.php?id=256
+CVE-2021-42743
+ RESERVED
+CVE-2021-3926
+ RESERVED
+CVE-2021-3925
+ RESERVED
+CVE-2021-33845
+ RESERVED
+CVE-2021-31559
+ RESERVED
+CVE-2021-26253
+ RESERVED
+CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43335
+ RESERVED
+CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...)
+ NOT-FOR-US: BuddyBoss
+CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
+ NOT-FOR-US: Datalogic
+CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
+ - mailman <removed> (bug #1000367)
+ [buster] - mailman <no-dsa> (Minor issue)
+ [stretch] - mailman <no-dsa> (Minor issue)
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1949403
+CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...)
+ - mailman <removed> (bug #1000367)
+ [buster] - mailman <no-dsa> (Minor issue)
+ [stretch] - mailman <no-dsa> (Minor issue)
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1949401
+CVE-2021-43330
+ RESERVED
+CVE-2021-43329
+ RESERVED
+CVE-2021-43328
+ RESERVED
+CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC ...)
+ NOT-FOR-US: Renesas
+CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets permissions on a t ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a temporar ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2021-43322
+ RESERVED
+CVE-2021-43321
+ RESERVED
+CVE-2021-43320
+ REJECTED
+CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43318
+ RESERVED
+CVE-2021-43317
+ RESERVED
+CVE-2021-43316
+ RESERVED
+CVE-2021-43315
+ RESERVED
+CVE-2021-43314
+ RESERVED
+CVE-2021-43313
+ RESERVED
+CVE-2021-43312
+ RESERVED
+CVE-2021-43311
+ RESERVED
+CVE-2021-43310
+ RESERVED
+CVE-2021-43309
+ RESERVED
+CVE-2021-43308
+ RESERVED
+CVE-2021-43307
+ RESERVED
+CVE-2021-43306
+ RESERVED
+CVE-2021-43305
+ RESERVED
+CVE-2021-43304
+ RESERVED
+CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...)
+ NOT-FOR-US: GoAhead Web Server
+CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-23222
+ RESERVED
+ {DSA-5007-1 DSA-5006-1 DLA-2817-1}
+ - postgresql-14 14.1-1
+ - postgresql-13 <unfixed>
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228 (REL9_6_24)
+CVE-2021-23214
+ RESERVED
+ {DSA-5007-1 DSA-5006-1 DLA-2817-1}
+ - postgresql-14 14.1-1
+ - postgresql-13 <unfixed>
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24)
+CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-43292
+ RESERVED
+CVE-2021-43291
+ RESERVED
+CVE-2021-43290
+ RESERVED
+CVE-2021-43289
+ RESERVED
+CVE-2021-43288
+ RESERVED
+CVE-2021-43287
+ RESERVED
+CVE-2021-43286
+ RESERVED
+CVE-2021-43285
+ RESERVED
+CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...)
+ NOT-FOR-US: MyBB
+CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43279 (An out-of-bounds write vulnerability exists in the U3D file reading pr ...)
+ NOT-FOR-US: Open Design Alliance PRC SDK
+CVE-2021-43278 (An Out-of-bounds Read vulnerability exists in the OBJ file reading pro ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43277 (An out-of-bounds read vulnerability exists in the U3D file reading pro ...)
+ NOT-FOR-US: Open Design Alliance PRC SDK
+CVE-2021-43276 (An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA ...)
+ NOT-FOR-US: Open Design Alliance ODA Viewer
+CVE-2021-43275 (A Use After Free vulnerability exists in the DGN file reading procedur ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43274 (A Use After Free Vulnerability exists in the Open Design Alliance Draw ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43273 (An Out-of-bounds Read vulnerability exists in the DGN file reading pro ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43272 (An improper handling of exceptional conditions vulnerability exists in ...)
+ NOT-FOR-US: Open Design Alliance ODA Viewer
+CVE-2021-43271
+ RESERVED
+CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
+ NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
+CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...)
+ NOT-FOR-US: Code42 app
+CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
+ - mahara <removed>
+CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...)
+ - mahara <removed>
+CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...)
+ - mahara <removed>
+CVE-2021-43263
+ RESERVED
+CVE-2021-43262
+ RESERVED
+CVE-2021-43261
+ RESERVED
+CVE-2021-43260
+ RESERVED
+CVE-2021-43259
+ RESERVED
+CVE-2021-43258
+ RESERVED
+CVE-2021-43257
+ RESERVED
+CVE-2021-3923
+ RESERVED
+CVE-2021-3922
+ RESERVED
+CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15)
+CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43254
+ RESERVED
+CVE-2021-43253
+ RESERVED
+CVE-2021-43252
+ RESERVED
+CVE-2021-43251
+ RESERVED
+CVE-2021-43250
+ RESERVED
+CVE-2021-43249
+ RESERVED
+CVE-2021-43248 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43247 (Windows TCP/IP Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43246 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43245 (Windows Digital TV Tuner Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43241
+ RESERVED
+CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43239 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43228 (SymCrypt Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43225 (Bot Framework SDK Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43219 (DirectX Graphics Kernel File Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43218
+ RESERVED
+CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43216 (Microsoft Local Security Authority Server (lsasrv) Information Disclos ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43214 (Web Media Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43213
+ RESERVED
+CVE-2021-43212
+ RESERVED
+CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43210
+ RESERVED
+CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43206
+ RESERVED
+CVE-2021-43205
+ RESERVED
+CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-3919
+ RESERVED
+CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in the Create ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible. ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications could inclu ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure via the Do ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security headers were ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was possible. ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution via the a ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking i ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the security scree ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side cache on i ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header in ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication throttling me ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user information is po ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible. ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure via avata ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43179
+ RESERVED
+CVE-2021-43178
+ RESERVED
+CVE-2021-43177
+ RESERVED
+CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
+ NOT-FOR-US: GOautodial API
+CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
+ NOT-FOR-US: GOautodial API
+CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
+ - node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
+ [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
+ [buster] - node-json-schema <no-dsa> (Minor issue)
+ NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0)
+CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
+ {DSA-5041-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/667
+CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...)
+ {DSA-5041-1 DSA-5033-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/666
+ NOTE: https://github.com/NLnetLabs/routinator/pull/612
+CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...)
+ - routinator <itp> (bug #929024)
+ - fort-validator <unfixed>
+ [bullseye] - fort-validator <postponed> (Minor issue, revisit when fixed upstream)
+ - cfrpki <unfixed>
+ [bullseye] - cfrpki <postponed> (Minor issue, revisit when fixed upstream)
+ - rpki-client 7.5-1
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/665
+CVE-2021-3917
+ RESERVED
+ NOT-FOR-US: coreos-installer
+CVE-2021-43171
+ RESERVED
+CVE-2021-43170
+ RESERVED
+CVE-2021-43169
+ RESERVED
+CVE-2021-43168
+ RESERVED
+CVE-2021-43167
+ RESERVED
+CVE-2021-43166
+ RESERVED
+CVE-2021-43165
+ RESERVED
+CVE-2021-43164
+ RESERVED
+CVE-2021-43163
+ RESERVED
+CVE-2021-43162
+ RESERVED
+CVE-2021-43161
+ RESERVED
+CVE-2021-43160
+ RESERVED
+CVE-2021-43159
+ RESERVED
+CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...)
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
+CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
+CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...)
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
+CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
+CVE-2021-43154
+ RESERVED
+CVE-2021-43153
+ RESERVED
+CVE-2021-43152
+ RESERVED
+CVE-2021-43151
+ RESERVED
+CVE-2021-43150
+ RESERVED
+CVE-2021-43149
+ RESERVED
+CVE-2021-43148
+ RESERVED
+CVE-2021-43147
+ RESERVED
+CVE-2021-43146
+ RESERVED
+CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-43144
+ RESERVED
+CVE-2021-43143
+ RESERVED
+CVE-2021-43142
+ RESERVED
+CVE-2021-43141 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simp ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Subscript ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43139
+ RESERVED
+CVE-2021-43138
+ RESERVED
+CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...)
+ NOT-FOR-US: hostel management system
+CVE-2021-43136 (An authentication bypass issue in FormaLMS &lt;= 2.4.4 allows an attac ...)
+ NOT-FOR-US: FormaLMS
+CVE-2021-43135
+ RESERVED
+CVE-2021-43134
+ RESERVED
+CVE-2021-43133
+ RESERVED
+CVE-2021-43132
+ RESERVED
+CVE-2021-43131
+ RESERVED
+CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43129
+ RESERVED
+CVE-2021-43128
+ RESERVED
+CVE-2021-43127
+ RESERVED
+CVE-2021-43126
+ RESERVED
+CVE-2021-43125
+ RESERVED
+CVE-2021-43124
+ RESERVED
+CVE-2021-43123
+ RESERVED
+CVE-2021-43122
+ RESERVED
+CVE-2021-43121
+ RESERVED
+CVE-2021-43120
+ RESERVED
+CVE-2021-43119
+ RESERVED
+CVE-2021-43118
+ RESERVED
+CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...)
+ NOT-FOR-US: fastadmin
+CVE-2021-43116
+ RESERVED
+CVE-2021-43115
+ RESERVED
+CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...)
+ {DSA-5033-1}
+ - fort-validator 1.5.2-1
+CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection via a Co ...)
+ NOT-FOR-US: iText
+CVE-2021-43112
+ RESERVED
+CVE-2021-43111
+ RESERVED
+CVE-2021-43110
+ RESERVED
+CVE-2021-43109
+ RESERVED
+CVE-2021-43108
+ RESERVED
+CVE-2021-43107
+ RESERVED
+CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...)
+ NOT-FOR-US: Compass Plus TranzWare
+CVE-2021-43105
+ RESERVED
+CVE-2021-43104
+ RESERVED
+CVE-2021-43103
+ RESERVED
+CVE-2021-43102
+ RESERVED
+CVE-2021-43101
+ RESERVED
+CVE-2021-43100
+ RESERVED
+CVE-2021-43099
+ RESERVED
+CVE-2021-43098
+ RESERVED
+CVE-2021-43097
+ RESERVED
+CVE-2021-43096
+ RESERVED
+CVE-2021-43095
+ RESERVED
+CVE-2021-43094
+ RESERVED
+CVE-2021-43093
+ RESERVED
+CVE-2021-43092
+ RESERVED
+CVE-2021-43091
+ RESERVED
+CVE-2021-43090
+ RESERVED
+CVE-2021-43089
+ RESERVED
+CVE-2021-43088
+ RESERVED
+CVE-2021-43087
+ RESERVED
+CVE-2021-43086
+ RESERVED
+CVE-2021-43085
+ RESERVED
+CVE-2021-43084
+ RESERVED
+CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
+ NOT-FOR-US: bookstack
+CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...)
+ NOT-FOR-US: Apache PLC4X
+CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ - trafficserver 9.1.1+ds-1
+ [bullseye] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
+ [buster] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8475
+ NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master)
+ NOTE: CVE description is wrong, this doesn't affect 8.1, only 9.x/master:
+ NOTE: Introduced with https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396 (9.1.0-rc0)
+CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
+ NOT-FOR-US: bookstack
+CVE-2021-43081
+ RESERVED
+CVE-2021-43080
+ RESERVED
+CVE-2021-43079
+ RESERVED
+CVE-2021-43078
+ RESERVED
+CVE-2021-43077
+ RESERVED
+CVE-2021-43076
+ RESERVED
+CVE-2021-43075
+ RESERVED
+CVE-2021-43074
+ RESERVED
+CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43072
+ RESERVED
+CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43070
+ RESERVED
+CVE-2021-43069
+ RESERVED
+CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43066
+ RESERVED
+CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43061
+ RESERVED
+CVE-2021-43060
+ RESERVED
+CVE-2021-43059
+ RESERVED
+CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic versions p ...)
+ NOT-FOR-US: Replicated
+CVE-2021-3914
+ RESERVED
+CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...)
+ - linux 5.14.9-1
+ [bullseye] - linux <not-affected> (Vulnerable code introduced later)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
+CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ NOT-FOR-US: Spotfire Server component of TIBCO
+CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...)
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6)
+CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...)
+ NOT-FOR-US: Apache Avro
+CVE-2021-3913
+ RESERVED
+CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43043 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43042 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43041 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43040 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43039 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43038 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43037 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43036 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43035 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43034 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory, ...)
+ {DSA-5041-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg
+CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...)
+ {DSA-5041-1}
+ - cfrpki 1.4.0-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22
+CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...)
+ {DSA-5041-1}
+ - cfrpki 1.4.0-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j
+CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...)
+ {DSA-5041-1 DSA-5033-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
+CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...)
+ {DSA-5041-1}
+ - cfrpki 1.4.0-1
+ - routinator <itp> (bug #929024)
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
+CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...)
+ {DSA-5041-1 DSA-5033-1}
+ - cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
+CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
+ NOT-FOR-US: bookstack
+CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admin pane ...)
+ NOT-FOR-US: XenForo
+CVE-2021-43031
+ RESERVED
+CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43027
+ RESERVED
+CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43020
+ RESERVED
+CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43018
+ RESERVED
+CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43014
+ RESERVED
+CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43012 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43011 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...)
+ NOT-FOR-US: Adobe
+CVE-2021-3905 [External triggered memory leak in Open vSwitch while processing fragmented packets]
+ RESERVED
+ - openvswitch <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/openvswitch/ovs-issues/issues/226
+ NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1 (v2.16.0)
+ NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
+CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3565-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
+ NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
+ NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)
+CVE-2021-43010
+ RESERVED
+CVE-2021-43009
+ RESERVED
+CVE-2021-43008
+ RESERVED
+CVE-2021-43007
+ RESERVED
+CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
+ NOT-FOR-US: AmZetta Amzetta zPortal DVM Tools
+CVE-2021-43005
+ RESERVED
+CVE-2021-43004
+ RESERVED
+CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...)
+ NOT-FOR-US: Amzetta
+CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...)
+ NOT-FOR-US: Amzetta
+CVE-2021-43001
+ RESERVED
+CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...)
+ NOT-FOR-US: Amzetta
+CVE-2021-42999
+ RESERVED
+CVE-2021-42998
+ RESERVED
+CVE-2021-42997
+ RESERVED
+CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
+ NOT-FOR-US: Donglify
+CVE-2021-42995
+ RESERVED
+CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
+ NOT-FOR-US: Donglify
+CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
+ NOT-FOR-US: FlexiHub For Windows
+CVE-2021-42992
+ RESERVED
+CVE-2021-42991
+ RESERVED
+CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...)
+ NOT-FOR-US: FlexiHub For Windows
+CVE-2021-42989
+ RESERVED
+CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Eltima USB Network Gate
+CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Eltima USB Network Gate
+CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42985
+ RESERVED
+CVE-2021-42984
+ RESERVED
+CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42982
+ RESERVED
+CVE-2021-42981
+ RESERVED
+CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42978
+ RESERVED
+CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42975
+ RESERVED
+CVE-2021-42974
+ RESERVED
+CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42971
+ RESERVED
+CVE-2021-42970
+ RESERVED
+CVE-2021-42969
+ RESERVED
+CVE-2021-42968
+ RESERVED
+CVE-2021-42967
+ RESERVED
+CVE-2021-42966
+ RESERVED
+CVE-2021-42965
+ RESERVED
+CVE-2021-42964
+ RESERVED
+CVE-2021-42963
+ RESERVED
+CVE-2021-42962
+ RESERVED
+CVE-2021-42961
+ RESERVED
+CVE-2021-42960
+ RESERVED
+CVE-2021-42959
+ RESERVED
+CVE-2021-42958
+ RESERVED
+CVE-2021-42957
+ RESERVED
+CVE-2021-42956 (Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.21 ...)
+ NOT-FOR-US: Zoho
+CVE-2021-42955 (Zoho Remote Access Plus Server Windows Desktop binary fixed in version ...)
+ NOT-FOR-US: Zoho
+CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1. ...)
+ NOT-FOR-US: Zoho
+CVE-2021-42953
+ RESERVED
+CVE-2021-42952
+ RESERVED
+CVE-2021-42951
+ RESERVED
+CVE-2021-42950
+ RESERVED
+CVE-2021-42949
+ RESERVED
+CVE-2021-42948
+ RESERVED
+CVE-2021-42947
+ RESERVED
+CVE-2021-42946
+ RESERVED
+CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...)
+ NOT-FOR-US: ZZCMS
+CVE-2021-42944
+ RESERVED
+CVE-2021-42943
+ RESERVED
+CVE-2021-42942
+ RESERVED
+CVE-2021-42941
+ RESERVED
+CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...)
+ NOT-FOR-US: Projeqtor
+CVE-2021-42939
+ RESERVED
+CVE-2021-42938
+ RESERVED
+CVE-2021-42937
+ RESERVED
+CVE-2021-42936
+ RESERVED
+CVE-2021-42935
+ RESERVED
+CVE-2021-42934
+ RESERVED
+CVE-2021-42933
+ RESERVED
+CVE-2021-42932
+ RESERVED
+CVE-2021-42931
+ RESERVED
+CVE-2021-42930
+ RESERVED
+CVE-2021-42929
+ RESERVED
+CVE-2021-42928
+ RESERVED
+CVE-2021-42927
+ RESERVED
+CVE-2021-42926
+ RESERVED
+CVE-2021-42925
+ RESERVED
+CVE-2021-42924
+ RESERVED
+CVE-2021-42923
+ RESERVED
+CVE-2021-42922
+ RESERVED
+CVE-2021-42921
+ RESERVED
+CVE-2021-42920
+ RESERVED
+CVE-2021-42919
+ RESERVED
+CVE-2021-42918
+ RESERVED
+CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
+ - kodi 2:19.3+dfsg1-1 (bug #998419)
+ [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
+ [buster] - kodi <no-dsa> (Minor issue)
+ [stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
+ - xbmc <removed>
+ NOTE: https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
+ NOTE: https://github.com/xbmc/xbmc/issues/20305
+ NOTE: https://github.com/xbmc/xbmc/pull/20306
+CVE-2021-42916
+ RESERVED
+CVE-2021-42915
+ RESERVED
+CVE-2021-42914
+ RESERVED
+CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...)
+ NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers
+CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
+ NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
+CVE-2021-42911
+ RESERVED
+CVE-2021-42910
+ RESERVED
+CVE-2021-42909
+ RESERVED
+CVE-2021-42908
+ RESERVED
+CVE-2021-42907
+ RESERVED
+CVE-2021-42906
+ RESERVED
+CVE-2021-42905
+ RESERVED
+CVE-2021-42904
+ RESERVED
+CVE-2021-42903
+ RESERVED
+CVE-2021-42902
+ RESERVED
+CVE-2021-42901
+ RESERVED
+CVE-2021-42900
+ RESERVED
+CVE-2021-42899
+ RESERVED
+CVE-2021-42898
+ RESERVED
+CVE-2021-42897
+ RESERVED
+CVE-2021-42896
+ RESERVED
+CVE-2021-42895
+ RESERVED
+CVE-2021-42894
+ RESERVED
+CVE-2021-42893
+ RESERVED
+CVE-2021-42892
+ RESERVED
+CVE-2021-42891
+ RESERVED
+CVE-2021-42890
+ RESERVED
+CVE-2021-42889
+ RESERVED
+CVE-2021-42888
+ RESERVED
+CVE-2021-42887
+ RESERVED
+CVE-2021-42886
+ RESERVED
+CVE-2021-42885
+ RESERVED
+CVE-2021-42884
+ RESERVED
+CVE-2021-42883
+ RESERVED
+CVE-2021-42882
+ RESERVED
+CVE-2021-42881
+ RESERVED
+CVE-2021-42880
+ RESERVED
+CVE-2021-42879
+ RESERVED
+CVE-2021-42878
+ RESERVED
+CVE-2021-42877
+ RESERVED
+CVE-2021-42876
+ RESERVED
+CVE-2021-42875
+ RESERVED
+CVE-2021-42874
+ RESERVED
+CVE-2021-42873
+ RESERVED
+CVE-2021-42872
+ RESERVED
+CVE-2021-42871
+ RESERVED
+CVE-2021-42870
+ RESERVED
+CVE-2021-42869
+ RESERVED
+CVE-2021-42868
+ RESERVED
+CVE-2021-42867
+ RESERVED
+CVE-2021-42866
+ RESERVED
+CVE-2021-42865
+ RESERVED
+CVE-2021-42864
+ RESERVED
+CVE-2021-42863
+ RESERVED
+CVE-2021-42862
+ RESERVED
+CVE-2021-42861
+ RESERVED
+CVE-2021-42860
+ RESERVED
+CVE-2021-42859
+ RESERVED
+CVE-2021-42858
+ RESERVED
+CVE-2021-42857
+ RESERVED
+CVE-2021-42856
+ RESERVED
+CVE-2021-42855
+ RESERVED
+CVE-2021-42854
+ RESERVED
+CVE-2021-42853
+ RESERVED
+CVE-2021-3902
+ RESERVED
+CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-42852
+ RESERVED
+CVE-2021-42851
+ RESERVED
+CVE-2021-42850
+ RESERVED
+CVE-2021-42849
+ RESERVED
+CVE-2021-42848
+ RESERVED
+CVE-2021-3899
+ RESERVED
+CVE-2021-3898
+ RESERVED
+CVE-2021-3897
+ RESERVED
+CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-42846
+ RESERVED
+CVE-2021-42845
+ RESERVED
+CVE-2021-42844
+ RESERVED
+CVE-2021-42843
+ RESERVED
+CVE-2021-42842
+ RESERVED
+CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of improper vali ...)
+ NOT-FOR-US: Insta HMS
+CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...)
+ NOT-FOR-US: Grand Vice info Co. webopac7 file upload function
+CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...)
+ NOT-FOR-US: Grand Vice info Co. webopac7 book search field parameter
+CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...)
+ NOT-FOR-US: Talend Data Catalog
+CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
+ - golang-github-tidwall-gjson <unfixed> (bug #1000225)
+ NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
+ NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
+ NOTE: https://github.com/tidwall/gjson/issues/236
+ NOTE: https://github.com/tidwall/gjson/issues/237
+CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...)
+ NOT-FOR-US: Plex Media Server
+CVE-2021-42834
+ RESERVED
+CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...)
+ NOT-FOR-US: AquaView
+CVE-2021-42832
+ RESERVED
+CVE-2021-42831
+ RESERVED
+CVE-2021-42830
+ RESERVED
+CVE-2021-42829
+ RESERVED
+CVE-2021-42828
+ RESERVED
+CVE-2021-42827
+ RESERVED
+CVE-2021-42826
+ RESERVED
+CVE-2021-42825
+ RESERVED
+CVE-2021-42824
+ RESERVED
+CVE-2021-42823
+ RESERVED
+CVE-2021-42822
+ RESERVED
+CVE-2021-42821
+ RESERVED
+CVE-2021-42820
+ RESERVED
+CVE-2021-42819
+ RESERVED
+CVE-2021-42818
+ RESERVED
+CVE-2021-42817
+ RESERVED
+CVE-2021-42816
+ RESERVED
+CVE-2021-42815
+ RESERVED
+CVE-2021-42814
+ RESERVED
+CVE-2021-42813
+ RESERVED
+CVE-2021-3896
+ REJECTED
+CVE-2021-42812
+ RESERVED
+CVE-2021-42811
+ RESERVED
+CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...)
+ NOT-FOR-US: Thales SafeNet Agent
+CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...)
+ NOT-FOR-US: ThalesThales Sentinel Protection Installer
+CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could ...)
+ NOT-FOR-US: Thales Sentinel Protection Installer
+CVE-2021-42807
+ RESERVED
+CVE-2021-42806
+ RESERVED
+CVE-2021-42805
+ RESERVED
+CVE-2021-42804
+ RESERVED
+CVE-2021-42803
+ RESERVED
+CVE-2021-42802
+ RESERVED
+CVE-2021-42801
+ RESERVED
+CVE-2021-42800
+ RESERVED
+CVE-2021-42799
+ RESERVED
+CVE-2021-42798
+ RESERVED
+CVE-2021-42797
+ RESERVED
+CVE-2021-42796
+ RESERVED
+CVE-2021-42795
+ RESERVED
+CVE-2021-42794
+ RESERVED
+CVE-2021-42793
+ RESERVED
+CVE-2021-42792
+ RESERVED
+CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...)
+ NOT-FOR-US: VeridiumID
+CVE-2021-42790
+ RESERVED
+CVE-2021-42789
+ RESERVED
+CVE-2021-42788
+ RESERVED
+CVE-2021-42787
+ RESERVED
+CVE-2021-42786
+ RESERVED
+CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...)
+ NOT-FOR-US: TightVNC Viewer
+CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...)
+ NOT-FOR-US: D-Link
+CVE-2021-42782
+ RESERVED
+CVE-2021-42781
+ RESERVED
+CVE-2021-42780
+ RESERVED
+CVE-2021-42779
+ RESERVED
+CVE-2021-42778
+ RESERVED
+CVE-2021-42777
+ RESERVED
+CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...)
+ NOT-FOR-US: CloverDX Server
+CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...)
+ {DSA-5018-1 DLA-2790-1}
+ - python-babel 2.8.0+dfsg.1-7 (bug #987824)
+ NOTE: https://www.tenable.com/security/research/tra-2021-14
+ NOTE: https://github.com/python-babel/babel/pull/782
+CVE-2021-42770 (A Cross-site scripting (XSS) vulnerability was discovered in OPNsense ...)
+ NOT-FOR-US: OPNsense
+CVE-2021-42769
+ RESERVED
+CVE-2021-42768
+ RESERVED
+CVE-2021-42767
+ RESERVED
+CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...)
+ NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
+CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...)
+ NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
+CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...)
+ NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
+CVE-2021-42763 (Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive In ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
+CVE-2021-42761
+ RESERVED
+CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42756
+ RESERVED
+CVE-2021-42755
+ RESERVED
+CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42751
+ RESERVED
+CVE-2021-42750
+ RESERVED
+CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...)
+ NOT-FOR-US: Beaver
+CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...)
+ NOT-FOR-US: Beaver
+CVE-2021-42747
+ RESERVED
+CVE-2021-42745
+ RESERVED
+CVE-2021-3895
+ RESERVED
+CVE-2021-23192 [dcerpc requests don't check all fragments against the first auth_state]
+ RESERVED
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <not-affected> (Vulnerable code introduced later)
+ [stretch] - samba <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14875
+ NOTE: https://www.samba.org/samba/security/CVE-2021-23192.html
+CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations]
+ - rust-chrono <unfixed> (bug #996913)
+ [bullseye] - rust-chrono <no-dsa> (Minor issue)
+ [buster] - rust-chrono <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html
+ NOTE: https://github.com/chronotope/chrono/issues/499
+CVE-2021-42742
+ RESERVED
+CVE-2021-42741
+ RESERVED
+CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...)
+ - node-shell-quote 1.7.3+~1.7.1-1 (bug #998418)
+ NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3)
+CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
+ {DLA-2843-1}
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://seclists.org/oss-sec/2021/q2/46
+ NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
+CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42736
+ RESERVED
+CVE-2021-42735
+ RESERVED
+CVE-2021-42734
+ RESERVED
+CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42732
+ RESERVED
+CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42730
+ RESERVED
+CVE-2021-42729
+ RESERVED
+CVE-2021-42728
+ RESERVED
+CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42724
+ RESERVED
+CVE-2021-42723 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42722
+ RESERVED
+CVE-2021-42721 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42720
+ RESERVED
+CVE-2021-42719
+ RESERVED
+CVE-2021-42718
+ RESERVED
+CVE-2021-3894 [sctp: local DoS: unprivileged user can cause BUG()]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014970
+CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
+ {DSA-5023-1}
+ - modsecurity 3.0.6-1
+ [bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
+ [buster] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
+ - modsecurity-apache 2.9.5-1
+ [stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
+ NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647
+ NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/
+ NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4 (v2.9.5)
+ NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/ac79c1c29b7e6323e26cc984ad4f76ef62c731cd (v3.0.6)
+CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...)
+ - libstb <unfixed>
+ [bullseye] - libstb <no-dsa> (Minor issue)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/1166
+ NOTE: https://github.com/nothings/stb/issues/1225
+ NOTE: https://github.com/nothings/stb/pull/1223
+CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...)
+ - libstb <unfixed>
+ [bullseye] - libstb <no-dsa> (Minor issue)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/1224
+ NOTE: https://github.com/nothings/stb/pull/1223
+CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...)
+ NOT-FOR-US: Splashtop Remote Client
+CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...)
+ NOT-FOR-US: Splashtop Remote Client
+CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...)
+ NOT-FOR-US: Splashtop Streamer
+CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...)
+ NOT-FOR-US: Barracuda Network Access Client
+CVE-2021-42710
+ RESERVED
+CVE-2021-42709
+ RESERVED
+CVE-2021-42708
+ RESERVED
+CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds ...)
+ NOT-FOR-US: PLC Editor
+CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
+ NOT-FOR-US: Advantech
+CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...)
+ NOT-FOR-US: PLC Editor
+CVE-2021-42704
+ RESERVED
+CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
+ NOT-FOR-US: Advantech
+CVE-2021-42702
+ RESERVED
+CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42700
+ RESERVED
+CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...)
+ NOT-FOR-US: Akka HTTP
+CVE-2021-42696
+ RESERVED
+CVE-2021-42695
+ RESERVED
+CVE-2021-42694 (An issue was discovered in the character definitions of the Unicode Sp ...)
+ NOT-FOR-US: Unicode spec
+CVE-2021-42693
+ RESERVED
+CVE-2021-42692
+ RESERVED
+CVE-2021-42691
+ RESERVED
+CVE-2021-42690
+ RESERVED
+CVE-2021-42689
+ RESERVED
+CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
+CVE-2021-42684
+ RESERVED
+CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
+CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
+CVE-2021-42680
+ RESERVED
+CVE-2021-42679
+ RESERVED
+CVE-2021-42678
+ RESERVED
+CVE-2021-42677
+ RESERVED
+CVE-2021-42676
+ RESERVED
+CVE-2021-42675
+ RESERVED
+CVE-2021-42674
+ RESERVED
+CVE-2021-42673
+ RESERVED
+CVE-2021-42672
+ RESERVED
+CVE-2021-42671 (An incorrect access control vulnerability exists in Sourcecodester Eng ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers Online ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online Event Bo ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester Engineers Onli ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecod ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester Online Event ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42661
+ RESERVED
+CVE-2021-42660
+ RESERVED
+CVE-2021-42659
+ RESERVED
+CVE-2021-42658
+ RESERVED
+CVE-2021-42657
+ RESERVED
+CVE-2021-42656
+ RESERVED
+CVE-2021-42655
+ RESERVED
+CVE-2021-42654
+ RESERVED
+CVE-2021-42653
+ RESERVED
+CVE-2021-42652
+ RESERVED
+CVE-2021-42651
+ RESERVED
+CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...)
+ NOT-FOR-US: Portainer
+CVE-2021-42649
+ RESERVED
+CVE-2021-42648
+ RESERVED
+CVE-2021-42647
+ RESERVED
+CVE-2021-42646
+ RESERVED
+CVE-2021-42645
+ RESERVED
+CVE-2021-42644
+ RESERVED
+CVE-2021-42643
+ RESERVED
+CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42636
+ RESERVED
+CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42634
+ RESERVED
+CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42632
+ RESERVED
+CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42630
+ RESERVED
+CVE-2021-42629
+ RESERVED
+CVE-2021-42628
+ RESERVED
+CVE-2021-42627
+ RESERVED
+CVE-2021-42626
+ RESERVED
+CVE-2021-42625
+ RESERVED
+CVE-2021-42624 (A local buffer overflow vulnerability exists in the latest version of ...)
+ NOT-FOR-US: Miniftpd
+CVE-2021-42623
+ RESERVED
+CVE-2021-42622
+ RESERVED
+CVE-2021-42621
+ RESERVED
+CVE-2021-42620
+ RESERVED
+CVE-2021-42619
+ RESERVED
+CVE-2021-42618
+ RESERVED
+CVE-2021-42617
+ RESERVED
+CVE-2021-42616
+ RESERVED
+CVE-2021-42615
+ RESERVED
+CVE-2021-42614
+ RESERVED
+CVE-2021-42613
+ RESERVED
+CVE-2021-42612
+ RESERVED
+CVE-2021-42611
+ RESERVED
+CVE-2021-42610
+ RESERVED
+CVE-2021-42609
+ RESERVED
+CVE-2021-42608
+ RESERVED
+CVE-2021-42607
+ RESERVED
+CVE-2021-42606
+ RESERVED
+CVE-2021-42605
+ RESERVED
+CVE-2021-42604
+ RESERVED
+CVE-2021-42603
+ RESERVED
+CVE-2021-42602
+ RESERVED
+CVE-2021-42601
+ RESERVED
+CVE-2021-42600
+ RESERVED
+CVE-2021-42599
+ RESERVED
+CVE-2021-42598
+ RESERVED
+CVE-2021-42597
+ RESERVED
+CVE-2021-42596
+ RESERVED
+CVE-2021-42595
+ RESERVED
+CVE-2021-42594
+ RESERVED
+CVE-2021-42593
+ RESERVED
+CVE-2021-42592
+ RESERVED
+CVE-2021-42591
+ RESERVED
+CVE-2021-42590
+ RESERVED
+CVE-2021-42589
+ RESERVED
+CVE-2021-42588
+ RESERVED
+CVE-2021-42587
+ RESERVED
+CVE-2021-42586
+ RESERVED
+CVE-2021-42585
+ RESERVED
+CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
+ NOT-FOR-US: Convos-Chat
+CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy ...)
+ NOT-FOR-US: Max Mazurov Maddy
+CVE-2021-42582
+ RESERVED
+CVE-2021-42581
+ RESERVED
+CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42579
+ RESERVED
+CVE-2021-42578
+ RESERVED
+CVE-2021-42577
+ RESERVED
+CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...)
+ - golang-github-microcosm-cc-bluemonday 1.0.16-1
+ [bullseye] - golang-github-microcosm-cc-bluemonday <no-dsa> (Minor issue)
+ NOTE: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
+CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...)
+ NOT-FOR-US: OWASP HTML Sanitizer
+CVE-2021-42574 (An issue was discovered in the Bidirectional Algorithm in the Unicode ...)
+ - rustc <unfixed>
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/01/1
+ NOTE: https://github.com/rust-lang/rust/commit/dd61274930ec0cd17711fab52d2bc9ad3e9053de (1.56.1)
+CVE-2021-42573
+ RESERVED
+CVE-2021-42572
+ RESERVED
+CVE-2021-42571
+ RESERVED
+CVE-2021-42570
+ RESERVED
+CVE-2021-42569
+ RESERVED
+CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...)
+ NOT-FOR-US: Apereo CAS
+CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
+ NOT-FOR-US: myfactory.FMS
+CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
+ NOT-FOR-US: myfactory.FMS
+CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...)
+ NOT-FOR-US: Cryptshare Server
+CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...)
+ NOT-FOR-US: NI Service Locator
+CVE-2021-3893
+ RESERVED
+CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
+ NOT-FOR-US: Jeedom
+CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
+ NOT-FOR-US: Rasa X
+CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...)
+ NOT-FOR-US: Insyde
+CVE-2021-3892
+ REJECTED
+CVE-2021-26247 (As an unauthenticated remote user, visit "http://&lt;CACTI_SERVER&gt;/ ...)
+ - cacti 0.8.7i-1
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h)
+ NOTE: Addressed again as a side-note in the same issue and fix for CVE-2021-3816
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1)
+CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
+ - cacti 1.2.1+ds1-1
+ [stretch] - cacti <postponed> (Minor issue; stored XSS requires prior admin access)
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+CVE-2021-42553
+ RESERVED
+CVE-2021-42552
+ RESERVED
+CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...)
+ NOT-FOR-US: AlCoda NetBiblio WebOPAC
+CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42543 (The affected application uses specific functions that could be abused ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42541
+ RESERVED
+CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42537
+ RESERVED
+CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42535
+ RESERVED
+CVE-2021-42534 (The affected product&#8217;s web application does not properly neutral ...)
+ NOT-FOR-US: Trane
+CVE-2021-42533
+ RESERVED
+CVE-2021-42532
+ RESERVED
+CVE-2021-42531
+ RESERVED
+CVE-2021-42530
+ RESERVED
+CVE-2021-42529
+ RESERVED
+CVE-2021-42528
+ RESERVED
+CVE-2021-42527
+ RESERVED
+CVE-2021-42526
+ RESERVED
+CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-3891
+ RESERVED
+CVE-2021-3890
+ RESERVED
+CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8)
+CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8)
+CVE-2021-3887
+ RESERVED
+CVE-2021-42523
+ RESERVED
+CVE-2021-42522
+ RESERVED
+CVE-2021-42521
+ RESERVED
+CVE-2021-42520
+ RESERVED
+CVE-2021-42519
+ RESERVED
+CVE-2021-42518
+ RESERVED
+CVE-2021-42517
+ RESERVED
+CVE-2021-42516
+ RESERVED
+CVE-2021-42515
+ RESERVED
+CVE-2021-42514
+ RESERVED
+CVE-2021-42513
+ RESERVED
+CVE-2021-42512
+ RESERVED
+CVE-2021-42511
+ RESERVED
+CVE-2021-42510
+ RESERVED
+CVE-2021-42509
+ RESERVED
+CVE-2021-42508
+ RESERVED
+CVE-2021-42507
+ RESERVED
+CVE-2021-42506
+ RESERVED
+CVE-2021-42505
+ RESERVED
+CVE-2021-42504
+ RESERVED
+CVE-2021-42503
+ RESERVED
+CVE-2021-42502
+ RESERVED
+CVE-2021-42501
+ RESERVED
+CVE-2021-42500
+ RESERVED
+CVE-2021-42499
+ RESERVED
+CVE-2021-42498
+ RESERVED
+CVE-2021-42497
+ RESERVED
+CVE-2021-42496
+ RESERVED
+CVE-2021-42495
+ RESERVED
+CVE-2021-42494
+ RESERVED
+CVE-2021-42493
+ RESERVED
+CVE-2021-42492
+ RESERVED
+CVE-2021-42491
+ RESERVED
+CVE-2021-42490
+ RESERVED
+CVE-2021-42489
+ RESERVED
+CVE-2021-42488
+ RESERVED
+CVE-2021-42487
+ RESERVED
+CVE-2021-42486
+ RESERVED
+CVE-2021-42485
+ RESERVED
+CVE-2021-42484
+ RESERVED
+CVE-2021-42483
+ RESERVED
+CVE-2021-42482
+ RESERVED
+CVE-2021-42481
+ RESERVED
+CVE-2021-42480
+ RESERVED
+CVE-2021-42479
+ RESERVED
+CVE-2021-42478
+ RESERVED
+CVE-2021-42477
+ RESERVED
+CVE-2021-42476
+ RESERVED
+CVE-2021-42475
+ RESERVED
+CVE-2021-42474
+ RESERVED
+CVE-2021-42473
+ RESERVED
+CVE-2021-42472
+ RESERVED
+CVE-2021-42471
+ RESERVED
+CVE-2021-42470
+ RESERVED
+CVE-2021-42469
+ RESERVED
+CVE-2021-42468
+ RESERVED
+CVE-2021-42467
+ RESERVED
+CVE-2021-42466
+ RESERVED
+CVE-2021-42465
+ RESERVED
+CVE-2021-42464
+ RESERVED
+CVE-2021-42463
+ RESERVED
+CVE-2021-42462
+ RESERVED
+CVE-2021-42461
+ RESERVED
+CVE-2021-42460
+ RESERVED
+CVE-2021-42459
+ RESERVED
+CVE-2021-42458
+ RESERVED
+CVE-2021-42457
+ RESERVED
+CVE-2021-42456
+ RESERVED
+CVE-2021-42455
+ RESERVED
+CVE-2021-42454
+ RESERVED
+CVE-2021-42453
+ RESERVED
+CVE-2021-42452
+ RESERVED
+CVE-2021-42451
+ RESERVED
+CVE-2021-42450
+ RESERVED
+CVE-2021-42449
+ RESERVED
+CVE-2021-42448
+ RESERVED
+CVE-2021-42447
+ RESERVED
+CVE-2021-42446
+ RESERVED
+CVE-2021-42445
+ RESERVED
+CVE-2021-42444
+ RESERVED
+CVE-2021-42443
+ RESERVED
+CVE-2021-42442
+ RESERVED
+CVE-2021-42441
+ RESERVED
+CVE-2021-42440
+ RESERVED
+CVE-2021-42439
+ RESERVED
+CVE-2021-42438
+ RESERVED
+CVE-2021-42437
+ RESERVED
+CVE-2021-42436
+ RESERVED
+CVE-2021-42435
+ RESERVED
+CVE-2021-42434
+ RESERVED
+CVE-2021-42433
+ RESERVED
+CVE-2021-42432
+ RESERVED
+CVE-2021-42431
+ RESERVED
+CVE-2021-42430
+ RESERVED
+CVE-2021-42429
+ RESERVED
+CVE-2021-42428
+ RESERVED
+CVE-2021-42427
+ RESERVED
+CVE-2021-42426
+ RESERVED
+CVE-2021-42425
+ RESERVED
+CVE-2021-42424
+ RESERVED
+CVE-2021-42423
+ RESERVED
+CVE-2021-42422
+ RESERVED
+CVE-2021-42421
+ RESERVED
+CVE-2021-42420
+ RESERVED
+CVE-2021-42419
+ RESERVED
+CVE-2021-42418
+ RESERVED
+CVE-2021-42417
+ RESERVED
+CVE-2021-42416
+ RESERVED
+CVE-2021-42415
+ RESERVED
+CVE-2021-42414
+ RESERVED
+CVE-2021-42413
+ RESERVED
+CVE-2021-42412
+ RESERVED
+CVE-2021-42411
+ RESERVED
+CVE-2021-42410
+ RESERVED
+CVE-2021-42409
+ RESERVED
+CVE-2021-42408
+ RESERVED
+CVE-2021-42407
+ RESERVED
+CVE-2021-42406
+ RESERVED
+CVE-2021-42405
+ RESERVED
+CVE-2021-42404
+ RESERVED
+CVE-2021-42403
+ RESERVED
+CVE-2021-42402
+ RESERVED
+CVE-2021-42401
+ RESERVED
+CVE-2021-42400
+ RESERVED
+CVE-2021-42399
+ RESERVED
+CVE-2021-42398
+ RESERVED
+CVE-2021-42397
+ RESERVED
+CVE-2021-42396
+ RESERVED
+CVE-2021-42395
+ RESERVED
+CVE-2021-42394
+ RESERVED
+CVE-2021-42393
+ RESERVED
+CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
+ {DSA-5076-1 DLA-2923-1}
+ - h2database 2.1.210-1 (bug #1003894)
+ NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
+ NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
+ NOTE: Fixed by https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7
+ NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd
+CVE-2021-42391
+ RESERVED
+CVE-2021-42390
+ RESERVED
+CVE-2021-42389
+ RESERVED
+CVE-2021-42388
+ RESERVED
+CVE-2021-42387
+ RESERVED
+CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ [stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash applet lea ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-42374 (An out-of-bounds heap read in Busybox's unlzma applet leads to informa ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ [stretch] - busybox <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool with information leak
+ NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0)
+ NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
+CVE-2021-42373 (A NULL pointer dereference in Busybox's man applet leads to denial of ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-42372 (A shell command injection in the HW Events SNMP community in XoruX LPA ...)
+ NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
+CVE-2021-42371 (lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD ...)
+ NOT-FOR-US: XoruX LPAR2RRD
+CVE-2021-42370 (A password mismanagement situation exists in XoruX LPAR2RRD and STOR2R ...)
+ NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
+CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...)
+ NOT-FOR-US: Imagicle Application Suite
+CVE-2021-42368
+ RESERVED
+CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42366
+ RESERVED
+CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress installed, i ...)
+ NOT-FOR-US: Elementor plugin for WordPress
+CVE-2021-42359 (WP DSGVO Tools (GDPR) &lt;= 3.1.23 had an AJAX action, &#8216;admin-di ...)
+ NOT-FOR-US: WP DSGVO Tools (GDPR)
+CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted ...)
+ NOT-FOR-US: Apache Knox
+CVE-2021-42356
+ RESERVED
+CVE-2021-42355
+ RESERVED
+CVE-2021-42354
+ RESERVED
+CVE-2021-42353
+ RESERVED
+CVE-2021-42352
+ RESERVED
+CVE-2021-42351
+ RESERVED
+CVE-2021-42350
+ RESERVED
+CVE-2021-42349
+ RESERVED
+CVE-2021-42348
+ RESERVED
+CVE-2021-42347
+ RESERVED
+CVE-2021-42346
+ RESERVED
+CVE-2021-42345
+ RESERVED
+CVE-2021-42344
+ RESERVED
+CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...)
+ - dask.distributed 2021.09.1+ds.1-2
+ [bullseye] - dask.distributed <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - dask.distributed <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/dask/distributed/pull/5427
+ NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
+CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...)
+ NOT-FOR-US: Embedthis GoAhead
+CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...)
+ - openrc <not-affected> (Introduced in 0.44)
+ NOTE: https://github.com/OpenRC/openrc/issues/459
+ NOTE: https://github.com/OpenRC/openrc/pull/462
+ NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204
+CVE-2021-3886
+ RESERVED
+CVE-2021-3885
+ RESERVED
+CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
+ {DSA-5009-1}
+ - tomcat9 9.0.54-1
+ [buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
+ - tomcat8 <removed>
+ [stretch] - tomcat8 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1
+ NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54)
+ NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72)
+ NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak.
+CVE-2021-3884
+ RESERVED
+CVE-2021-3883
+ RESERVED
+CVE-2021-42339
+ RESERVED
+CVE-2021-42338 (4MOSAn GCB Doctor&#8217;s login page has improper validation of Cookie ...)
+ NOT-FOR-US: 4MOSAn GCB Doctor
+CVE-2021-42337 (The permission control of AIFU cashier management salary query functio ...)
+ NOT-FOR-US: AIFU cashier management salary
+CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42332 (The &#8220;List View&#8221; function of ShinHer StudyOnline System is ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42331 (The &#8220;Study Edit&#8221; function of ShinHer StudyOnline System do ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42330 (The &#8220;Teacher Edit&#8221; function of ShinHer StudyOnline System ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42329 (The &#8220;List_Add&#8221; function of message board of ShinHer StudyO ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42328
+ RESERVED
+CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html
+CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...)
+ {DLA-2787-1}
+ - redmine <unfixed> (bug #998417)
+ NOTE: https://www.redmine.org/news/133
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/21209
+CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...)
+ NOT-FOR-US: Froxlor
+CVE-2021-42324
+ RESERVED
+CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42318
+ RESERVED
+CVE-2021-42317
+ RESERVED
+CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42312 (Microsoft Defender for IOT Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42307
+ RESERVED
+CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42300 (Azure Sphere Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42290
+ RESERVED
+CVE-2021-42289
+ RESERVED
+CVE-2021-42288 (Windows Hello Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42286 (Windows Core Shell SI Host Extension Framework for Composable Shell El ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42285 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42284 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42281
+ RESERVED
+CVE-2021-42280 (Windows Feedback Hub Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42279 (Chakra Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42277 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42276 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42275 (Microsoft COM for Windows Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42274 (Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vul ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42273
+ RESERVED
+CVE-2021-42272 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42271 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42270 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42269 (Adobe Animate version 21.0.9 (and earlier) are affected by a use-after ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42268 (Adobe Animate version 21.0.9 (and earlier) is affected by a Null point ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42267 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42265
+ RESERVED
+CVE-2021-42264
+ RESERVED
+CVE-2021-42263
+ RESERVED
+CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...)
+ - ledgersmb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
+ NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie
+CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8)
+CVE-2021-3880
+ RESERVED
+CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-42262
+ RESERVED
+CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...)
+ NOT-FOR-US: Revisor Video Management System (VMS)
+CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...)
+ - tinyxml 2.6.2-6
+ [bullseye] - tinyxml <no-dsa> (Minor issue)
+ [buster] - tinyxml <no-dsa> (Minor issue)
+ [stretch] - tinyxml <no-dsa> (Minor issue; can be fixed with the next DLA)
+ NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
+ NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
+CVE-2021-42259
+ RESERVED
+CVE-2021-42258 (BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL i ...)
+ NOT-FOR-US: BQE BillQuick Web Suite
+CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an unprivil ...)
+ NOT-FOR-US: check_smart Icinga plugin
+CVE-2021-42256
+ RESERVED
+CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: CoreNLP
+CVE-2021-42255
+ RESERVED
+CVE-2021-42254 (BeyondTrust Privilege Management prior to version 21.6 creates a Tempo ...)
+ NOT-FOR-US: BeyondTrust Privilege Management
+CVE-2021-42253
+ RESERVED
+CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...)
+ {DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/b49a0e69a7b1a68c8d3f64097d06dabb770fec96 (5.15-rc1)
+CVE-2021-42251
+ RESERVED
+CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Superset HT ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-42249
+ RESERVED
+CVE-2021-42248
+ RESERVED
+CVE-2021-42247
+ RESERVED
+CVE-2021-42246
+ RESERVED
+CVE-2021-42245
+ RESERVED
+CVE-2021-42244
+ RESERVED
+CVE-2021-42243
+ RESERVED
+CVE-2021-42242
+ RESERVED
+CVE-2021-42241
+ RESERVED
+CVE-2021-42240
+ RESERVED
+CVE-2021-42239
+ RESERVED
+CVE-2021-42238
+ RESERVED
+CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnera ...)
+ NOT-FOR-US: Sitecore
+CVE-2021-42236
+ RESERVED
+CVE-2021-42235
+ RESERVED
+CVE-2021-42234
+ RESERVED
+CVE-2021-42233
+ RESERVED
+CVE-2021-42232
+ RESERVED
+CVE-2021-42231
+ RESERVED
+CVE-2021-42230
+ RESERVED
+CVE-2021-42229
+ RESERVED
+CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-42226
+ RESERVED
+CVE-2021-42225
+ RESERVED
+CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...)
+ NOT-FOR-US: IFSC Code Finder Project
+CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...)
+ NOT-FOR-US: Online DJ Booking Management System
+CVE-2021-42222
+ RESERVED
+CVE-2021-42221
+ RESERVED
+CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 1 ...)
+ - dolibarr <removed>
+CVE-2021-42219
+ RESERVED
+CVE-2021-42218
+ RESERVED
+CVE-2021-42217
+ RESERVED
+CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...)
+ NOT-FOR-US: AnonAddy
+CVE-2021-42215
+ RESERVED
+CVE-2021-42214
+ RESERVED
+CVE-2021-42213
+ RESERVED
+CVE-2021-42212
+ RESERVED
+CVE-2021-42211
+ RESERVED
+CVE-2021-42210
+ RESERVED
+CVE-2021-42209
+ RESERVED
+CVE-2021-42208
+ RESERVED
+CVE-2021-42207
+ RESERVED
+CVE-2021-42206
+ RESERVED
+CVE-2021-42205
+ RESERVED
+CVE-2021-42204
+ RESERVED
+CVE-2021-42203
+ RESERVED
+CVE-2021-42202
+ RESERVED
+CVE-2021-42201
+ RESERVED
+CVE-2021-42200
+ RESERVED
+CVE-2021-42199
+ RESERVED
+CVE-2021-42198
+ RESERVED
+CVE-2021-42197
+ RESERVED
+CVE-2021-42196
+ RESERVED
+CVE-2021-42195
+ RESERVED
+CVE-2021-42194
+ RESERVED
+CVE-2021-42193
+ RESERVED
+CVE-2021-42192
+ RESERVED
+CVE-2021-42191
+ RESERVED
+CVE-2021-42190
+ RESERVED
+CVE-2021-42189
+ RESERVED
+CVE-2021-42188
+ RESERVED
+CVE-2021-42187
+ RESERVED
+CVE-2021-42186
+ RESERVED
+CVE-2021-42185
+ RESERVED
+CVE-2021-42184
+ RESERVED
+CVE-2021-42183
+ RESERVED
+CVE-2021-42182
+ RESERVED
+CVE-2021-42181
+ RESERVED
+CVE-2021-42180
+ RESERVED
+CVE-2021-42179
+ RESERVED
+CVE-2021-42178
+ RESERVED
+CVE-2021-42177
+ RESERVED
+CVE-2021-42176
+ RESERVED
+CVE-2021-42175
+ RESERVED
+CVE-2021-42174
+ RESERVED
+CVE-2021-42173
+ RESERVED
+CVE-2021-42172
+ RESERVED
+CVE-2021-42171
+ RESERVED
+CVE-2021-42170
+ RESERVED
+CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...)
+ NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code
+CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sha ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42167
+ RESERVED
+CVE-2021-42166
+ RESERVED
+CVE-2021-42165
+ RESERVED
+CVE-2021-42164
+ RESERVED
+CVE-2021-42163
+ RESERVED
+CVE-2021-42162
+ RESERVED
+CVE-2021-42161
+ RESERVED
+CVE-2021-42160
+ RESERVED
+CVE-2021-42159
+ RESERVED
+CVE-2021-42158
+ RESERVED
+CVE-2021-42157
+ RESERVED
+CVE-2021-42156
+ RESERVED
+CVE-2021-42155
+ RESERVED
+CVE-2021-42154
+ RESERVED
+CVE-2021-42153
+ RESERVED
+CVE-2021-42152
+ RESERVED
+CVE-2021-42151
+ RESERVED
+CVE-2021-42150
+ RESERVED
+CVE-2021-42149
+ RESERVED
+CVE-2021-42148
+ RESERVED
+CVE-2021-3877
+ RESERVED
+CVE-2021-42147
+ RESERVED
+CVE-2021-42146
+ RESERVED
+CVE-2021-42145
+ RESERVED
+CVE-2021-42144
+ RESERVED
+CVE-2021-42143
+ RESERVED
+CVE-2021-42142
+ RESERVED
+CVE-2021-42141
+ RESERVED
+CVE-2021-42140
+ RESERVED
+CVE-2021-42139 (Deno Standard Modules before 0.107.0 allows Code Injection via an untr ...)
+ NOT-FOR-US: Deno
+CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon may l ...)
+ NOT-FOR-US: SafeNet
+CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42136
+ RESERVED
+CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...)
+ NOT-FOR-US: Django Unicorn, different from src:unicorn
+CVE-2021-3876
+ RESERVED
+CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3565-1 (bug #996593)
+ [bullseye] - vim <not-affected> (Vulnerable feature and code introduced later)
+ [buster] - vim <not-affected> (Vulnerable feature and code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable feature and code introduced later)
+ NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/
+ NOTE: Search from cursor position introduced in: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975 (v8.2.3110)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489)
+CVE-2021-42133 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42132 (A command Injection vulnerability exists in Ivanti Avalanche before 6. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42131 (A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 a ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42130 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42129 (A command injection vulnerability exists in Ivanti Avalanche before 6. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42128 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42127 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42126 (An improper authorization control vulnerability exists in Ivanti Avala ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42125 (An unrestricted file upload vulnerability exists in Ivanti Avalanche b ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42124 (An improper access control vulnerability exists in Ivanti Avalanche be ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...)
+ NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
+ NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
+ NOTE: https://comsec.ethz.ch/research/dram/blacksmith/
+CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...)
+ NOT-FOR-US: Insyde
+CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
+ NOT-FOR-US: RCDevs OpenOTP app
+CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...)
+ NOT-FOR-US: Allegro Windows
+CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3873
+ RESERVED
+CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
+ NOT-FOR-US: VITEC Exterity IPTV products
+CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42107 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42106 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42105 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42104 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42103 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3565-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
+ NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b
+CVE-2021-3871
+ RESERVED
+CVE-2021-3870
+ RESERVED
+CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4984-1}
+ - flatpak 1.12.1-1 (bug #995935)
+ [buster] - flatpak <ignored> (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp)
+ [stretch] - flatpak <ignored> (Difficult to exploit)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
+ NOTE: Sourcewise fixed in 1.12.0-1 already, but 1.12.1-1 adds stricter dependency
+ NOTE: to libseccomp 2.5.2 so that CVE-2021-41133 is fully prevented.
+ NOTE: https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf
+ NOTE: https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48
+ NOTE: https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca
+ NOTE: https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330
+ NOTE: https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f
+ NOTE: https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36
+ NOTE: https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999
+ NOTE: https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf
+ NOTE: Regression followups:
+ NOTE: https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8
+ NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861
+CVE-2021-42100
+ RESERVED
+CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...)
+ NOT-FOR-US: Devolutions
+CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...)
+ {DSA-4991-1 DLA-2791-1}
+ - mailman <removed>
+ NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1947640
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4
+ NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
+ NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
+CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...)
+ {DSA-4991-1 DLA-2791-1}
+ - mailman <removed>
+ NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1947639
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4
+CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by triggering ...)
+ NOT-FOR-US: NetSarang Xshell
+CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command Injection can ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42093 (An issue was discovered in Zammad before 4.1.1. An admin can execute c ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42092 (An issue was discovered in Zammad before 4.1.1. Stored XSS may occur v ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42091 (An issue was discovered in Zammad before 4.1.1. SSRF can occur via Git ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42090 (An issue was discovered in Zammad before 4.1.1. The Form functionality ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42089 (An issue was discovered in Zammad before 4.1.1. The REST API discloses ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42088 (An issue was discovered in Zammad before 4.1.1. The Chat functionality ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42087 (An issue was discovered in Zammad before 4.1.1. An admin can discover ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42086 (An issue was discovered in Zammad before 4.1.1. An Agent account can m ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored XSS vi ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: CoreNLP
+CVE-2021-42083
+ RESERVED
+CVE-2021-42082
+ RESERVED
+CVE-2021-42081
+ RESERVED
+CVE-2021-42080
+ RESERVED
+CVE-2021-42079
+ RESERVED
+CVE-2021-42078 (PHP Event Calendar through 2021-11-04 allows persistent cross-site scr ...)
+ NOT-FOR-US: PHP Event Calendar
+CVE-2021-42077 (PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstr ...)
+ NOT-FOR-US: PHP Event Calendar
+CVE-2021-42076 (An issue was discovered in Barrier before 2.3.4. An attacker can cause ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42075 (An issue was discovered in Barrier before 2.3.4. The barriers componen ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42074 (An issue was discovered in Barrier before 2.3.4. An unauthenticated at ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42073 (An issue was discovered in Barrier before 2.4.0. An attacker can enter ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42072 (An issue was discovered in Barrier before 2.4.0. The barriers componen ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...)
+ NOT-FOR-US: Visual Tools DVR VX16
+CVE-2021-42070 (When a user opens manipulated Jupiter Tessellation (.jt) file received ...)
+ NOT-FOR-US: SAP
+CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) file rec ...)
+ NOT-FOR-US: SAP
+CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...)
+ NOT-FOR-US: SAP
+CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...)
+ NOT-FOR-US: SAP
+CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...)
+ NOT-FOR-US: SAP
+CVE-2021-42065
+ RESERVED
+CVE-2021-42064 (If configured to use an Oracle database and if a query is created usin ...)
+ NOT-FOR-US: SAP
+CVE-2021-42063 (A security vulnerability has been discovered in the SAP Knowledge Ware ...)
+ NOT-FOR-US: SAP
+CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...)
+ NOT-FOR-US: SAP
+CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...)
+ NOT-FOR-US: SAP
+CVE-2021-3868
+ RESERVED
+CVE-2021-3867
+ RESERVED
+CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...)
+ - zulip-server <itp> (bug #800052)
+ NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
+CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-42058
+ RESERVED
+CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...)
+ NOT-FOR-US: Obsidian Dataview
+CVE-2021-42056
+ RESERVED
+CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...)
+ NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware
+CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...)
+ NOT-FOR-US: Django Unicorn, different from src:unicorn
+CVE-2021-42052
+ RESERVED
+CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...)
+ NOT-FOR-US: AbanteCart
+CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...)
+ NOT-FOR-US: AbanteCart
+CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...)
+ NOT-FOR-US: Translate MediaWiki extension
+CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...)
+ NOT-FOR-US: Growth MediaWiki extension
+CVE-2021-42047 (An issue was discovered in the Growth extension in MediaWiki through 1 ...)
+ NOT-FOR-US: Growth MediaWiki extension
+CVE-2021-42046 (An issue was discovered in the GlobalWatchlist extension in MediaWiki ...)
+ NOT-FOR-US: GlobalWatchlist MediaWiki extension
+CVE-2021-42045 (An issue was discovered in SecurePoll in the Growth extension in Media ...)
+ NOT-FOR-US: SecurePoll MediaWiki extension
+CVE-2021-42044 (An issue was discovered in the Mentor dashboard in the GrowthExperimen ...)
+ NOT-FOR-US: GrowthExperiments MediaWiki extension
+CVE-2021-42043 (An issue was discovered in Special:MediaSearch in the MediaSearch exte ...)
+ NOT-FOR-US: MediaSearch MediaWiki extension
+CVE-2021-42042 (An issue was discovered in SpecialEditGrowthConfig in the GrowthExperi ...)
+ NOT-FOR-US: GrowthExperiments MediaWiki extension
+CVE-2021-42041 (An issue was discovered in CentralAuth in MediaWiki through 1.36.2. Th ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+CVE-2021-42040 (An issue was discovered in MediaWiki through 1.36.2. A parser function ...)
+ NOT-FOR-US: Loops MediaWiki extension
+CVE-2021-3865
+ RESERVED
+CVE-2021-42039
+ RESERVED
+CVE-2021-42038
+ RESERVED
+CVE-2021-42037
+ RESERVED
+CVE-2021-42036
+ RESERVED
+CVE-2021-42035
+ RESERVED
+CVE-2021-42034
+ RESERVED
+CVE-2021-42033
+ RESERVED
+CVE-2021-42032
+ RESERVED
+CVE-2021-42031
+ RESERVED
+CVE-2021-42030
+ RESERVED
+CVE-2021-42029
+ RESERVED
+CVE-2021-42028
+ RESERVED
+CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42020
+ RESERVED
+CVE-2021-42019
+ RESERVED
+CVE-2021-42018
+ RESERVED
+CVE-2021-42017
+ RESERVED
+CVE-2021-42016
+ RESERVED
+CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42014
+ RESERVED
+CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...)
+ - apache2 2.4.51-1
+ [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
+ [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
+ [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
+CVE-2021-3864 [descendant's dumpable setting with certain SUID binaries]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/20/2
+CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-42010
+ RESERVED
+CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
+ NOT-FOR-US: Apache Traffic Control
+CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: icecoder
+CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerability. Z ...)
+ NOT-FOR-US: zephyr-rtos
+CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
+ NOT-FOR-US: JFrog Artifactory
+CVE-2021-3859
+ RESERVED
+ - undertow <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378
+ TODO: check details
+CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7)
+CVE-2021-42007
+ RESERVED
+CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...)
+ - libgclib 0.12.7+ds-2 (bug #996591)
+ [bullseye] - libgclib <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpertea/gclib/issues/11
+CVE-2021-42005
+ RESERVED
+CVE-2021-42004
+ RESERVED
+CVE-2021-42003
+ RESERVED
+CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-42001
+ RESERVED
+CVE-2021-42000 (When a password reset or password change flow with an authentication p ...)
+ NOT-FOR-US: pingidentity
+CVE-2021-41999
+ RESERVED
+CVE-2021-41998
+ RESERVED
+CVE-2021-41997
+ RESERVED
+CVE-2021-41996
+ RESERVED
+CVE-2021-41995
+ RESERVED
+CVE-2021-41994
+ RESERVED
+CVE-2021-41993
+ RESERVED
+CVE-2021-41992
+ RESERVED
+CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...)
+ {DSA-4989-1 DLA-2788-1}
+ - strongswan 5.9.4-1
+ NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
+CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...)
+ {DSA-4989-1}
+ - strongswan 5.9.4-1
+ [stretch] - strongswan <not-affected> (The vulnerable code was introduced later in version 5.6.1)
+ NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
+CVE-2021-41989
+ RESERVED
+CVE-2021-41988
+ RESERVED
+CVE-2021-41987
+ RESERVED
+CVE-2021-41986
+ RESERVED
+CVE-2021-41985
+ RESERVED
+CVE-2021-41984
+ RESERVED
+CVE-2021-41983
+ RESERVED
+CVE-2021-41982
+ RESERVED
+CVE-2021-41981
+ RESERVED
+CVE-2021-41980
+ RESERVED
+CVE-2021-41979
+ RESERVED
+CVE-2021-41978
+ RESERVED
+CVE-2021-41977
+ RESERVED
+CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...)
+ NOT-FOR-US: Tad Uploader
+CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...)
+ NOT-FOR-US: TadTools
+CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...)
+ NOT-FOR-US: Tad Book3
+CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: chaskiq
+CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
+ NOT-FOR-US: Apache MINA
+CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-3856
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-3855
+ RESERVED
+CVE-2021-3854
+ RESERVED
+CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist]
+ - rust-nix 0.19.0-2 (bug #995562)
+ [bullseye] - rust-nix <no-dsa> (Minor issue)
+ [buster] - rust-nix <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
+ NOTE: https://github.com/nix-rust/nix/issues/1541
+CVE-2021-41970
+ RESERVED
+CVE-2021-41969
+ RESERVED
+CVE-2021-41968
+ RESERVED
+CVE-2021-41967
+ RESERVED
+CVE-2021-41966
+ RESERVED
+CVE-2021-41965
+ RESERVED
+CVE-2021-41964
+ RESERVED
+CVE-2021-41963
+ RESERVED
+CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41961
+ RESERVED
+CVE-2021-41960
+ RESERVED
+CVE-2021-41959
+ RESERVED
+CVE-2021-41958
+ RESERVED
+CVE-2021-41957
+ RESERVED
+CVE-2021-41956
+ RESERVED
+CVE-2021-41955
+ RESERVED
+CVE-2021-41954
+ RESERVED
+CVE-2021-41953
+ RESERVED
+CVE-2021-41952
+ RESERVED
+CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...)
+ NOT-FOR-US: ResourceSpace
+CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...)
+ NOT-FOR-US: ResourceSpace
+CVE-2021-41949
+ RESERVED
+CVE-2021-41948
+ RESERVED
+CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
+ NOT-FOR-US: Subrion CMS
+CVE-2021-41946
+ RESERVED
+CVE-2021-41945
+ RESERVED
+CVE-2021-41944
+ RESERVED
+CVE-2021-41943
+ RESERVED
+CVE-2021-41942
+ RESERVED
+CVE-2021-41941
+ RESERVED
+CVE-2021-41940
+ RESERVED
+CVE-2021-41939
+ RESERVED
+CVE-2021-41938
+ RESERVED
+CVE-2021-41937
+ RESERVED
+CVE-2021-41936
+ RESERVED
+CVE-2021-41935
+ RESERVED
+CVE-2021-41934
+ RESERVED
+CVE-2021-41933
+ RESERVED
+CVE-2021-41932
+ RESERVED
+CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...)
+ NOT-FOR-US: Company's Recruitment Management System
+CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Mana ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41927
+ RESERVED
+CVE-2021-41926
+ RESERVED
+CVE-2021-41925
+ RESERVED
+CVE-2021-41924
+ RESERVED
+CVE-2021-41923
+ RESERVED
+CVE-2021-41922
+ RESERVED
+CVE-2021-41921
+ RESERVED
+CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41915
+ RESERVED
+CVE-2021-41914
+ RESERVED
+CVE-2021-41913
+ RESERVED
+CVE-2021-41912
+ RESERVED
+CVE-2021-41911
+ RESERVED
+CVE-2021-41910
+ RESERVED
+CVE-2021-41909
+ RESERVED
+CVE-2021-41908
+ RESERVED
+CVE-2021-41907
+ RESERVED
+CVE-2021-41906
+ RESERVED
+CVE-2021-41905
+ RESERVED
+CVE-2021-41904
+ RESERVED
+CVE-2021-41903
+ RESERVED
+CVE-2021-41902
+ RESERVED
+CVE-2021-41901
+ RESERVED
+CVE-2021-41900
+ RESERVED
+CVE-2021-41899
+ RESERVED
+CVE-2021-41898
+ RESERVED
+CVE-2021-41897
+ RESERVED
+CVE-2021-41896
+ RESERVED
+CVE-2021-41895
+ RESERVED
+CVE-2021-41894
+ RESERVED
+CVE-2021-41893
+ RESERVED
+CVE-2021-41892
+ RESERVED
+CVE-2021-41891
+ RESERVED
+CVE-2021-41890
+ RESERVED
+CVE-2021-41889
+ RESERVED
+CVE-2021-41888
+ RESERVED
+CVE-2021-41887
+ RESERVED
+CVE-2021-41886
+ RESERVED
+CVE-2021-41885
+ RESERVED
+CVE-2021-41884
+ RESERVED
+CVE-2021-41883
+ RESERVED
+CVE-2021-41882
+ RESERVED
+CVE-2021-41881
+ RESERVED
+CVE-2021-41880
+ RESERVED
+CVE-2021-41879
+ RESERVED
+CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...)
+ NOT-FOR-US: i-Panel Administration System
+CVE-2021-41877
+ RESERVED
+CVE-2021-41876
+ RESERVED
+CVE-2021-41875
+ RESERVED
+CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...)
+ NOT-FOR-US: Portainer
+CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
+ NOT-FOR-US: Penguin Aurora TV Box 41502
+CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
+ NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
+CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper ...)
+ NOT-FOR-US: Socomec
+CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec REMOTE ...)
+ NOT-FOR-US: Socomec
+CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...)
+ - onionshare <undetermined>
+ TODO: check details, exact fixing commits unclear
+CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...)
+ - onionshare <undetermined>
+ TODO: check details, exact fixing commits unclear
+CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
+ NOT-FOR-US: MyBB
+CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: chaskiq
+CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
+ NOT-FOR-US: GROWI
+CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
+ - nomad <not-affected> (Only affects 1.1.x)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
+ NOTE: https://github.com/hashicorp/nomad/issues/11243
+ NOTE: https://github.com/hashicorp/nomad/pull/11257
+CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...)
+ {DLA-2843-1}
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
+CVE-2021-41863
+ RESERVED
+CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...)
+ NOT-FOR-US: AviatorScript
+CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...)
+ NOT-FOR-US: Telegram for Android
+CVE-2021-41860
+ RESERVED
+CVE-2021-41859
+ RESERVED
+CVE-2021-41858
+ RESERVED
+CVE-2021-41857
+ RESERVED
+CVE-2021-41856
+ RESERVED
+CVE-2021-41855
+ RESERVED
+CVE-2021-41854
+ RESERVED
+CVE-2021-41853
+ RESERVED
+CVE-2021-41852
+ RESERVED
+CVE-2021-41851
+ RESERVED
+CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...)
+ {DLA-2912-1}
+ - libphp-adodb <unfixed> (bug #1004376)
+ NOTE: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29
+ NOTE: https://github.com/ADOdb/ADOdb/issues/793
+CVE-2021-3849
+ RESERVED
+CVE-2021-41850
+ RESERVED
+CVE-2021-41849
+ RESERVED
+CVE-2021-41848
+ RESERVED
+CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...)
+ NOT-FOR-US: 3xLogic
+CVE-2021-41846
+ RESERVED
+CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...)
+ NOT-FOR-US: ThycoticCentrify Secret Server
+CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...)
+ NOT-FOR-US: Crocoblock JetEngine
+CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3847 [low-privileged user privileges escalation]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3
+CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...)
+ NOT-FOR-US: ws-scrcpy
+CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-3844
+ RESERVED
+CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+ - nltk 3.6.7-1 (bug #1003142)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/
+ NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6)
+CVE-2021-3841
+ RESERVED
+CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...)
+ NOT-FOR-US: PlaceOS Authentication Service
+CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection ...)
+ NOT-FOR-US: Verint Workforce Optimization (WFO)
+CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-41823
+ RESERVED
+CVE-2021-41822
+ RESERVED
+CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...)
+ NOT-FOR-US: Wazuh
+CVE-2021-41820
+ RESERVED
+CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...)
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
+ NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1)
+CVE-2021-41818
+ RESERVED
+CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...)
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+ NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2)
+ NOTE: Followups to mimic previous behaviour:
+ NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
+ NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
+CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...)
+ {DSA-5067-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <not-affected> (Vulnerable code introduced later)
+ - ruby2.3 <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
+ NOTE: Introduced by: https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c (v0.1.0)
+ NOTE: Fixed by: https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a (v0.3.1)
+CVE-2021-41815
+ RESERVED
+CVE-2021-41814
+ RESERVED
+CVE-2021-41813
+ RESERVED
+CVE-2021-41812
+ RESERVED
+CVE-2021-41811
+ RESERVED
+CVE-2021-41810
+ RESERVED
+CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41806
+ RESERVED
+CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...)
+ - consul <not-affected> (Only affects Consul Enterprise)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
+CVE-2021-41804
+ RESERVED
+CVE-2021-41803
+ RESERVED
+CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...)
+ {DSA-4979-1}
+ - mediawiki 1:1.35.4-1
+ [stretch] - mediawiki <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T279090
+CVE-2021-41800 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...)
+ {DSA-4979-1}
+ - mediawiki 1:1.35.4-1
+ [stretch] - mediawiki <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T284419
+ NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
+CVE-2021-41799 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...)
+ {DSA-4979-1 DLA-2779-1}
+ - mediawiki 1:1.35.4-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T290379
+CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...)
+ {DSA-4979-1 DLA-2779-1}
+ - mediawiki 1:1.35.4-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T285515
+CVE-2021-41797
+ REJECTED
+CVE-2021-41796
+ REJECTED
+CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...)
+ NOT-FOR-US: 1Password
+CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-41793
+ RESERVED
+CVE-2021-41792 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
+ NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
+CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 a ...)
+ NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share
+CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
+ NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
+CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...)
+ NOT-FOR-US: Mediatek devices
+CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...)
+ NOT-FOR-US: Antilles
+CVE-2021-41787
+ RESERVED
+CVE-2021-41786
+ RESERVED
+CVE-2021-41785
+ RESERVED
+CVE-2021-41784
+ RESERVED
+CVE-2021-41783
+ RESERVED
+CVE-2021-41782
+ RESERVED
+CVE-2021-41781
+ RESERVED
+CVE-2021-41780
+ RESERVED
+CVE-2021-41779
+ RESERVED
+CVE-2021-41778
+ RESERVED
+CVE-2021-41777
+ RESERVED
+CVE-2021-41776
+ RESERVED
+CVE-2021-41775
+ RESERVED
+CVE-2021-41774
+ RESERVED
+CVE-2021-41773 (A flaw was found in a change made to path normalization in Apache HTTP ...)
+ - apache2 2.4.50-1
+ [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41773
+ NOTE: Fixed by: https://svn.apache.org/r1893775
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
+CVE-2021-3839
+ RESERVED
+CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...)
+ - golang-1.17 1.17.3-1
+ - golang-1.16 1.16.10-1
+ - golang-1.15 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.11 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.8 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.7 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ NOTE: https://github.com/golang/go/issues/48085
+ NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ NOTE: Introduced in: https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085 (go1.16beta1)
+ NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3)
+ NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10)
+CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.3-1
+ - golang-1.16 1.16.10-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/48990
+ NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3)
+ NOTE: https://github.com/golang/go/commit/d19c5bdb24e093a2d5097b7623284eb02726cede (go1.16.10)
+CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing valida ...)
+ NOT-FOR-US: Ping Identity PingFederate
+CVE-2021-3838
+ RESERVED
+CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41768
+ RESERVED
+CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...)
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <end-of-life> (unmaintained stretch-only package)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6
+CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...)
+ NOT-FOR-US: openwhyd
+CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...)
+ - apache-karaf <itp> (bug #881297)
+CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...)
+ - dbeaver <itp> (bug #680987)
+ NOTE: https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22
+CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions &gt;= v2.6.0 cont ...)
+ NOT-FOR-US: zephyr-rtos
+CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...)
+ NOT-FOR-US: Integria IMS
+CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...)
+ NOT-FOR-US: Integria IMS
+CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...)
+ NOT-FOR-US: Integria IMS
+CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: gnuboard5
+CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...)
+ NOT-FOR-US: ResourceSpace
+CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...)
+ NOT-FOR-US: Streama
+CVE-2021-41763
+ RESERVED
+CVE-2021-41762
+ RESERVED
+CVE-2021-41761
+ RESERVED
+CVE-2021-41760
+ RESERVED
+CVE-2021-41759
+ RESERVED
+CVE-2021-41758
+ RESERVED
+CVE-2021-41757
+ RESERVED
+CVE-2021-41756
+ RESERVED
+CVE-2021-41755
+ RESERVED
+CVE-2021-41754
+ RESERVED
+CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41752
+ RESERVED
+CVE-2021-41751
+ RESERVED
+CVE-2021-41750
+ RESERVED
+CVE-2021-41749
+ RESERVED
+CVE-2021-41748
+ REJECTED
+CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
+ NOT-FOR-US: Csdn APP
+CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...)
+ NOT-FOR-US: Yonyou TurboCRM
+CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...)
+ NOT-FOR-US: yongyou PLM
+CVE-2021-41743
+ RESERVED
+CVE-2021-41742
+ RESERVED
+CVE-2021-41741
+ RESERVED
+CVE-2021-41740
+ RESERVED
+CVE-2021-41739
+ RESERVED
+CVE-2021-41738
+ RESERVED
+CVE-2021-41737
+ RESERVED
+CVE-2021-41736
+ RESERVED
+CVE-2021-41735
+ RESERVED
+CVE-2021-41734
+ RESERVED
+CVE-2021-41733 (Oppia 3.1.4 does not verify that certain URLs are valid before navigat ...)
+ NOT-FOR-US: Oppia
+CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ...)
+ - zeek <unfixed> (unimportant)
+ NOTE: https://github.com/zeek/zeek/issues/1798
+ NOTE: Disputed validitity of the security issue
+CVE-2021-41731
+ RESERVED
+CVE-2021-41730
+ RESERVED
+CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)
+ NOT-FOR-US: BaiCloud-cms
+CVE-2021-41728 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41727
+ RESERVED
+CVE-2021-41726
+ RESERVED
+CVE-2021-41725
+ RESERVED
+CVE-2021-41724
+ RESERVED
+CVE-2021-41723
+ RESERVED
+CVE-2021-41722
+ RESERVED
+CVE-2021-41721
+ RESERVED
+CVE-2021-41720
+ REJECTED
+CVE-2021-41719
+ RESERVED
+CVE-2021-41718
+ RESERVED
+CVE-2021-41717
+ RESERVED
+CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...)
+ NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android Application
+CVE-2021-41715
+ RESERVED
+CVE-2021-41714
+ RESERVED
+CVE-2021-41713
+ RESERVED
+CVE-2021-41712
+ RESERVED
+CVE-2021-41711
+ RESERVED
+CVE-2021-41710
+ RESERVED
+CVE-2021-41709
+ RESERVED
+CVE-2021-41708
+ RESERVED
+CVE-2021-41707
+ RESERVED
+CVE-2021-41706
+ RESERVED
+CVE-2021-41705
+ RESERVED
+CVE-2021-41704
+ RESERVED
+CVE-2021-41703
+ RESERVED
+CVE-2021-41702
+ RESERVED
+CVE-2021-41701
+ RESERVED
+CVE-2021-41700
+ RESERVED
+CVE-2021-41699
+ RESERVED
+CVE-2021-41698
+ RESERVED
+CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41693
+ RESERVED
+CVE-2021-41692
+ RESERVED
+CVE-2021-41691
+ RESERVED
+CVE-2021-41690
+ RESERVED
+CVE-2021-41689
+ RESERVED
+CVE-2021-41688
+ RESERVED
+CVE-2021-41687
+ RESERVED
+CVE-2021-41686
+ RESERVED
+CVE-2021-41685
+ RESERVED
+CVE-2021-41684
+ RESERVED
+CVE-2021-41683
+ RESERVED
+CVE-2021-41682
+ RESERVED
+CVE-2021-41681
+ RESERVED
+CVE-2021-41680
+ RESERVED
+CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...)
+ NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
+CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41673
+ RESERVED
+CVE-2021-41672
+ RESERVED
+CVE-2021-41671
+ RESERVED
+CVE-2021-41670
+ RESERVED
+CVE-2021-41669
+ RESERVED
+CVE-2021-41668
+ RESERVED
+CVE-2021-41667
+ RESERVED
+CVE-2021-41666
+ RESERVED
+CVE-2021-41665
+ RESERVED
+CVE-2021-41664
+ RESERVED
+CVE-2021-41663
+ RESERVED
+CVE-2021-41662
+ RESERVED
+CVE-2021-41661
+ RESERVED
+CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41657
+ RESERVED
+CVE-2021-41656
+ RESERVED
+CVE-2021-41655
+ RESERVED
+CVE-2021-41654
+ RESERVED
+CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41652
+ RESERVED
+CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
+ NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system
+CVE-2021-41650
+ RESERVED
+CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+ NOT-FOR-US: PuneethReddyHC online-shopping-system
+CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+ NOT-FOR-US: PuneethReddyHC online-shopping-system
+CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...)
+ NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App
+CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41642
+ RESERVED
+CVE-2021-41641
+ RESERVED
+CVE-2021-41640
+ RESERVED
+CVE-2021-41639
+ RESERVED
+CVE-2021-41638
+ RESERVED
+CVE-2021-41637
+ RESERVED
+CVE-2021-41636
+ RESERVED
+CVE-2021-41635
+ RESERVED
+CVE-2021-41634
+ RESERVED
+CVE-2021-41633
+ RESERVED
+CVE-2021-41632
+ RESERVED
+CVE-2021-41631
+ RESERVED
+CVE-2021-41630
+ RESERVED
+CVE-2021-41629
+ RESERVED
+CVE-2021-41628
+ RESERVED
+CVE-2021-41627
+ RESERVED
+CVE-2021-41626
+ RESERVED
+CVE-2021-41625
+ RESERVED
+CVE-2021-41624
+ RESERVED
+CVE-2021-41623
+ RESERVED
+CVE-2021-41622
+ RESERVED
+CVE-2021-41621
+ RESERVED
+CVE-2021-41620
+ RESERVED
+CVE-2021-41619 (An issue was discovered in Gradle Enterprise before 2021.1.2. There is ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41618
+ RESERVED
+CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...)
+ NOT-FOR-US: Apache DB DdlUtils
+CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: btcpayserver
+CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...)
+ - openssh 1:8.7p1-1 (bug #995130)
+ [bullseye] - openssh <no-dsa> (Minor issue)
+ [buster] - openssh <no-dsa> (Minor issue)
+ [stretch] - openssh <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
+ NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
+ NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
+CVE-2021-41615
+ RESERVED
+CVE-2021-41614
+ RESERVED
+CVE-2021-41613
+ RESERVED
+CVE-2021-41612
+ RESERVED
+CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...)
+ - squid 5.2-1
+ [bullseye] - squid <not-affected> (Vulnerable code introduced later)
+ [buster] - squid <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
+ NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch
+CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: openwhyd
+CVE-2021-41610
+ REJECTED
+CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...)
+ NOT-FOR-US: SelectSurvey.NET
+CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...)
+ NOT-FOR-US: SelectSurvey.NET
+CVE-2021-41607
+ RESERVED
+CVE-2021-41606
+ RESERVED
+CVE-2021-41605
+ RESERVED
+CVE-2021-41604
+ RESERVED
+CVE-2021-41603
+ RESERVED
+CVE-2021-41602
+ RESERVED
+CVE-2021-41601
+ RESERVED
+CVE-2021-41600
+ RESERVED
+CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41594
+ RESERVED
+CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...)
+ NOT-FOR-US: Lightning Labs lnd
+CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...)
+ NOT-FOR-US: Blockstream c-lightning
+CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...)
+ NOT-FOR-US: ACINQ Eclair
+CVE-2021-41590 (In Gradle Enterprise through 2021.3, probing of the server-side networ ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41589 (In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+ - nltk 3.6.5-1 (bug #995226)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
+ NOTE: https://github.com/nltk/nltk/pull/2816
+CVE-2021-41585 (Improper Input Validation vulnerability in accepting socket connection ...)
+ - trafficserver <not-affected> (Only affects FreeBSD)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8456/
+ NOTE: https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master)
+ NOTE: https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x)
+CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...)
+ NOT-FOR-US: vpn-user-portal
+CVE-2021-41582
+ RESERVED
+CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...)
+ - libressl <itp> (bug #754513)
+ NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch
+CVE-2021-41580 (** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mi ...)
+ NOT-FOR-US: Node passport-oauth2
+CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...)
+ NOT-FOR-US: LCDS LAquis SCADA
+CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...)
+ NOT-FOR-US: mySCADA myDESIGNER
+CVE-2021-41577
+ RESERVED
+CVE-2021-41576
+ RESERVED
+CVE-2021-41575
+ RESERVED
+CVE-2021-41574
+ RESERVED
+CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows info ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-3827
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-41572
+ RESERVED
+CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...)
+ NOT-FOR-US: Apache Pulsar
+CVE-2021-41570
+ RESERVED
+CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
+ NOT-FOR-US: SAS/Intrnet
+CVE-2021-3826
+ RESERVED
+CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...)
+ NOT-FOR-US: Tad Web
+CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...)
+ NOT-FOR-US: Tad Uploader
+CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...)
+ NOT-FOR-US: TadTools
+CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...)
+ NOT-FOR-US: TadTools
+CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...)
+ NOT-FOR-US: Tad Honor
+CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...)
+ NOT-FOR-US: Tad Book3
+CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admin user ...)
+ NOT-FOR-US: Snow Snow Agent for Windows
+CVE-2021-41561 (Improper Input Validation vulnerability in Parquet-MR of Apache Parque ...)
+ NOT-FOR-US: Apache Parquet
+CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...)
+ NOT-FOR-US: LiderAhenk
+CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
+ NOT-FOR-US: OpenVPN Access Server
+CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: jsoneditor
+CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...)
+ NOT-FOR-US: OpenCATS
+CVE-2021-41559
+ RESERVED
+CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
+ NOT-FOR-US: set_user extension for Postgres
+CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
+ NOT-FOR-US: Sofico
+CVE-2021-41556
+ RESERVED
+CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
+ NOT-FOR-US: ARCHIBUS Web Central
+CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a ver ...)
+ NOT-FOR-US: ARCHIBUS Web Central
+CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
+ NOT-FOR-US: ARCHIBUS Web Central
+CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...)
+ NOT-FOR-US: CommScope
+CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
+ NOT-FOR-US: Leostream Connection Broker
+CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...)
+ NOT-FOR-US: Leostream Connection Broker
+CVE-2021-41549
+ RESERVED
+CVE-2021-41548
+ RESERVED
+CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41545
+ RESERVED
+CVE-2021-41544
+ RESERVED
+CVE-2021-41543
+ RESERVED
+CVE-2021-41542
+ RESERVED
+CVE-2021-41541
+ RESERVED
+CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41532 (In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to O ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...)
+ - routinator <itp> (bug #929024)
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt
+CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...)
+ NOT-FOR-US: Forcepoint NGFW Engine
+CVE-2021-41529
+ RESERVED
+CVE-2021-41528
+ RESERVED
+CVE-2021-41527
+ RESERVED
+CVE-2021-41526
+ RESERVED
+CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
+ NOT-FOR-US: FlexNet
+CVE-2021-3821
+ RESERVED
+CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: Nodejs inflect
+ NOTE: https://github.com/pksunkara/inflect
+CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ...)
+ - apache2 2.4.50-1
+ [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41524
+ NOTE: Fixed by: https://svn.apache.org/r1893655
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/1
+CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...)
+ NOT-FOR-US: wbce_cms
+CVE-2021-41523
+ RESERVED
+CVE-2021-41522
+ RESERVED
+CVE-2021-41521
+ RESERVED
+CVE-2021-41520
+ RESERVED
+CVE-2021-41519
+ RESERVED
+CVE-2021-41518
+ RESERVED
+CVE-2021-41517
+ RESERVED
+CVE-2021-41516
+ RESERVED
+CVE-2021-41515
+ RESERVED
+CVE-2021-41514
+ RESERVED
+CVE-2021-41513
+ RESERVED
+CVE-2021-41512
+ RESERVED
+CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...)
+ NOT-FOR-US: Lodging Reservation Management System
+CVE-2021-41510
+ RESERVED
+CVE-2021-41509
+ RESERVED
+CVE-2021-41508
+ RESERVED
+CVE-2021-41507
+ RESERVED
+CVE-2021-41506
+ RESERVED
+CVE-2021-41505
+ RESERVED
+CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41502
+ RESERVED
+CVE-2021-41501
+ RESERVED
+CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)
+ - cvxopt 1.2.7+dfsg-1
+ [bullseye] - cvxopt <no-dsa> (Minor issue)
+ [buster] - cvxopt <no-dsa> (Minor issue)
+ [stretch] - cvxopt <no-dsa> (Minor issue)
+ NOTE: https://github.com/cvxopt/cvxopt/issues/193
+CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo &lt; ...)
+ - python-pyo 1.0.4-1
+ [stretch] - python-pyo <no-dsa> (Minor issue)
+ NOTE: https://github.com/belangeo/pyo/issues/222
+ NOTE: https://github.com/belangeo/pyo/commit/e7e6d2880469b523e4c41f0da2087a6a3eec4a45 (1.0.4)
+CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo &amp;lt and 1.03 in the Ser ...)
+ - python-pyo 1.0.4-1
+ [stretch] - python-pyo <no-dsa> (Minor issue)
+ NOTE: https://github.com/belangeo/pyo/issues/221
+ NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4)
+CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...)
+ NOT-FOR-US: RaRe-Technologies bounter
+CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj function of for ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/19000
+ NOTE: https://github.com/numpy/numpy/pull/20630
+ NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2
+CVE-2021-41495 (** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy. ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/19038
+ TODO: check for classification/severity
+CVE-2021-41494
+ RESERVED
+CVE-2021-41493
+ RESERVED
+CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41491
+ RESERVED
+CVE-2021-41490
+ RESERVED
+CVE-2021-41489
+ RESERVED
+CVE-2021-41488
+ RESERVED
+CVE-2021-41487
+ RESERVED
+CVE-2021-41486
+ RESERVED
+CVE-2021-41485
+ RESERVED
+CVE-2021-41484
+ RESERVED
+CVE-2021-41483
+ RESERVED
+CVE-2021-41482
+ RESERVED
+CVE-2021-41481
+ RESERVED
+CVE-2021-41480
+ RESERVED
+CVE-2021-41479
+ RESERVED
+CVE-2021-41478
+ RESERVED
+CVE-2021-41477
+ RESERVED
+CVE-2021-41476
+ RESERVED
+CVE-2021-41475
+ RESERVED
+CVE-2021-41474
+ RESERVED
+CVE-2021-41473
+ RESERVED
+CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple Membership System ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn Online Re ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41470
+ RESERVED
+CVE-2021-41469
+ RESERVED
+CVE-2021-41468
+ RESERVED
+CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...)
+ NOT-FOR-US: JustWriting
+CVE-2021-41466
+ RESERVED
+CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41460
+ RESERVED
+CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ - gpac <unfixed>
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1912
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339
+CVE-2021-41458
+ RESERVED
+CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
+ - gpac <unfixed>
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1909
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619
+CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ - gpac <unfixed>
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1911
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e
+CVE-2021-41455
+ RESERVED
+CVE-2021-41454
+ RESERVED
+CVE-2021-41453
+ RESERVED
+CVE-2021-41452
+ RESERVED
+CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-41448
+ RESERVED
+CVE-2021-41447
+ RESERVED
+CVE-2021-41446
+ RESERVED
+CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41444
+ RESERVED
+CVE-2021-41443
+ RESERVED
+CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41440
+ RESERVED
+CVE-2021-41439
+ RESERVED
+CVE-2021-41438
+ RESERVED
+CVE-2021-41437
+ RESERVED
+CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...)
+ NOT-FOR-US: ASUS
+CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...)
+ NOT-FOR-US: ASUS
+CVE-2021-41434
+ RESERVED
+CVE-2021-41433
+ RESERVED
+CVE-2021-41432
+ RESERVED
+CVE-2021-41431
+ RESERVED
+CVE-2021-41430
+ RESERVED
+CVE-2021-41429
+ RESERVED
+CVE-2021-41428
+ REJECTED
+CVE-2021-41427 (Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: Beeline Smart Box
+CVE-2021-41426 (Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery ( ...)
+ NOT-FOR-US: Beeline Smart Box
+CVE-2021-41425
+ RESERVED
+CVE-2021-41424
+ RESERVED
+CVE-2021-41423
+ RESERVED
+CVE-2021-41422
+ RESERVED
+CVE-2021-41421
+ RESERVED
+CVE-2021-41420
+ RESERVED
+CVE-2021-41419
+ RESERVED
+CVE-2021-41418
+ RESERVED
+CVE-2021-41417
+ RESERVED
+CVE-2021-41416
+ RESERVED
+CVE-2021-41415
+ RESERVED
+CVE-2021-41414
+ RESERVED
+CVE-2021-41413
+ RESERVED
+CVE-2021-41412
+ RESERVED
+CVE-2021-41411
+ RESERVED
+CVE-2021-41410
+ RESERVED
+CVE-2021-41409
+ RESERVED
+CVE-2021-41408
+ RESERVED
+CVE-2021-41407
+ RESERVED
+CVE-2021-41406
+ RESERVED
+CVE-2021-41405
+ RESERVED
+CVE-2021-41404
+ RESERVED
+CVE-2021-41403
+ RESERVED
+CVE-2021-41402
+ RESERVED
+CVE-2021-41401
+ RESERVED
+CVE-2021-41400
+ RESERVED
+CVE-2021-41399
+ RESERVED
+CVE-2021-41398
+ RESERVED
+CVE-2021-41397
+ RESERVED
+CVE-2021-41396
+ RESERVED
+CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...)
+ NOT-FOR-US: Teleport
+CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...)
+ NOT-FOR-US: Teleport
+CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...)
+ NOT-FOR-US: Teleport
+CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...)
+ NOT-FOR-US: BoostNote
+CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management ...)
+ NOT-FOR-US: Ericsson ECM
+CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provider En ...)
+ NOT-FOR-US: Ericsson ECM
+CVE-2021-41389
+ RESERVED
+CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...)
+ NOT-FOR-US: Netskope
+CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...)
+ - seatd <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
+CVE-2021-41386
+ RESERVED
+CVE-2021-41385 (The third party intelligence connector in Securonix SNYPR 6.3.1 Build ...)
+ NOT-FOR-US: third party intelligence connector in Securonix SNYPR
+CVE-2021-41384
+ RESERVED
+CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...)
+ NOT-FOR-US: Netgear
+CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...)
+ NOT-FOR-US: Plastic SCM
+CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...)
+ NOT-FOR-US: Payara Micro Community
+CVE-2021-3816 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
+ - cacti 1.2.1+ds1-1
+ [stretch] - cacti <not-affected> (user_group_admin.php not present, added in 1.0)
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1)
+CVE-2021-41380 (** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to ca ...)
+ NOT-FOR-US: RealVNC
+CVE-2021-41379 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41378 (Windows NTFS Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41377 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41373 (FSLogix Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41372 (Power BI Report Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41369
+ RESERVED
+CVE-2021-41368 (Microsoft Access Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41364
+ RESERVED
+CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41362
+ RESERVED
+CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41359
+ RESERVED
+CVE-2021-41358
+ RESERVED
+CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41356 (Windows Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41352 (SCOM Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41351 (Microsoft Edge (Chrome based) Spoofing on IE Mode ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41341
+ RESERVED
+CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...)
+ NOT-FOR-US: Datalust Seq
+CVE-2021-41328
+ RESERVED
+CVE-2021-41327
+ RESERVED
+CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...)
+ NOT-FOR-US: MISP
+CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Pydio Ce ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2021-41322 (Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin ...)
+ NOT-FOR-US: Poly VVX 400/410
+CVE-2021-41321
+ RESERVED
+CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...)
+ NOT-FOR-US: Wallstreet Suite TRM
+CVE-2021-41319
+ RESERVED
+CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
+ NOT-FOR-US: Progress WhatsUp Gold
+CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...)
+ NOT-FOR-US: XSS Hunter Express
+CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...)
+ NOT-FOR-US: Device42 Main Appliance
+CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...)
+ NOT-FOR-US: Device42 Remote Collector
+CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...)
+ NOT-FOR-US: fabiocaccamo/utils.js
+CVE-2021-3814
+ RESERVED
+CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...)
+ NOT-FOR-US: chatwoot
+CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41306 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41305 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41304 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: adminlte
+CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: adminlte
+CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: code-server
+CVE-2021-3809
+ RESERVED
+CVE-2021-3808
+ RESERVED
+CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-ansi-regex 5.0.1-1 (bug #994568)
+ [bullseye] - node-ansi-regex 5.0.1-1~deb11u1
+ [buster] - node-ansi-regex 3.0.0-1+deb10u1
+ [stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
+ NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1)
+CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...)
+ NOT-FOR-US: Pardus Software Center
+CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...)
+ - node-object-path 0.11.8-1
+ [bullseye] - node-object-path 0.11.5-3+deb11u1
+ [buster] - node-object-path <no-dsa> (Minor issue)
+ [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
+ NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
+CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
+ - shiro <unfixed>
+ [bullseye] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro <no-dsa> (Minor issue)
+ [stretch] - shiro <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
+CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41300 (ECOA BAS controller&#8217;s special page displays user account and pas ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...)
+ NOT-FOR-US: ASUS
+CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41287
+ RESERVED
+CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authent ...)
+ NOT-FOR-US: Omikron MultiCash Desktop
+CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: NervJS Taro
+CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escal ...)
+ NOT-FOR-US: Ballistix MOD Utility
+CVE-2021-41284
+ RESERVED
+CVE-2021-41283
+ RESERVED
+CVE-2021-41282
+ RESERVED
+CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/Twiste ...)
+ - matrix-synapse 1.47.1-1 (bug #1000451)
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
+ NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c
+CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...)
+ NOT-FOR-US: Sharetribe Go
+CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...)
+ NOT-FOR-US: BaserCMS
+CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...)
+ NOT-FOR-US: EdgeX
+CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
+ NOT-FOR-US: Metabase
+CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...)
+ NOT-FOR-US: spree_auth_devise
+CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...)
+ NOT-FOR-US: solidus_auth_devise
+CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with ...)
+ NOT-FOR-US: Pterodactyl
+CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in version 21.10. ...)
+ NOT-FOR-US: Hyperledger Besu
+CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...)
+ - symfony 4.4.19+dfsg-3
+ [bullseye] - symfony <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
+ [stretch] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
+ NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35)
+ NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas
+CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...)
+ NOT-FOR-US: cron-utils Java library
+CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...)
+ - symfony <not-affected> (Vulnerable code never in released version in unstable)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
+ NOTE: https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc (v5.3.12)
+CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...)
+ - symfony <not-affected> (Vulnerable code never in released version in unstable)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
+ NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12)
+CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...)
+ NOT-FOR-US: Minio console
+CVE-2021-41265 (Flask-AppBuilder is a development framework built on top of Flask. Ver ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc (3.3.4)
+CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...)
+ NOT-FOR-US: OpenZeppelin Contracts
+CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...)
+ NOT-FOR-US: rails_multisite
+CVE-2021-41262 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41261 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41260 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
+ - nim <unfixed>
+ [bullseye] - nim <no-dsa> (Minor issue)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc
+CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...)
+ NOT-FOR-US: Kirby
+CVE-2021-41257
+ RESERVED
+CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...)
+ NOT-FOR-US: nextcloud news-android App
+CVE-2021-41255
+ RESERVED
+CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...)
+ NOT-FOR-US: kustomize-controller
+CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
+ - zydis 3.2.1-1 (bug #999431)
+ NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
+ NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master)
+ NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1)
+CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer ...)
+ NOT-FOR-US: Kirby
+CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...)
+ NOT-FOR-US: SAP
+CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...)
+ NOT-FOR-US: Python discord bot
+CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL focused ...)
+ NOT-FOR-US: GraphQL Playground
+CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...)
+ NOT-FOR-US: GraphiQL
+CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...)
+ - jupyterhub 2.0.0+ds1-1
+ NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
+ NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
+CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...)
+ NOT-FOR-US: Express OpenID Connect
+CVE-2021-41245
+ RESERVED
+CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path traversal vu ...)
+ NOT-FOR-US: OpenOlat
+CVE-2021-41241
+ RESERVED
+CVE-2021-41240
+ RESERVED
+CVE-2021-41239
+ RESERVED
+CVE-2021-41238 (Hangfire is an open source system to perform background job processing ...)
+ NOT-FOR-US: Hangfire
+CVE-2021-41237
+ RESERVED
+CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ NOT-FOR-US: OroPlatform
+CVE-2021-41235
+ RESERVED
+CVE-2021-41234
+ RESERVED
+CVE-2021-41233
+ RESERVED
+CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...)
+ NOT-FOR-US: Thunderdome
+CVE-2021-41231
+ RESERVED
+CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...)
+ {DLA-2827-1}
+ - bluez 5.62-2 (bug #1000262)
+ [bullseye] - bluez <no-dsa> (Minor issue)
+ [buster] - bluez <no-dsa> (Minor issue)
+ NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
+ NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d939483328489fb835bb425d36f7c7c73d52c388 (4.0)
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e79417ed7185b150a056d4eb3a1ab528b91d2fc0
+CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41226 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41225 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41224 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41223 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41222 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41221 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41220 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41219 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41218 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41217 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41216 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41215 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41214 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41213 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41212 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41211 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41210 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41209 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41208 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41207 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41206 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41205 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41204 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41203 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41202 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41201 (TensorFlow is an open source platform for machine learning. In affeced ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41200 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41199 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41198 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41197 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41196 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41195 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...)
+ NOT-FOR-US: FirstUseAuthenticator for JupyterHub
+CVE-2021-41193
+ RESERVED
+CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...)
+ NOT-FOR-US: Redash
+CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...)
+ NOT-FOR-US: Roblox-Purchasing-Hub
+CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...)
+ NOT-FOR-US: OCI Distribution Specification
+ NOTE: Issue in the OCI Distribution Specification. Software mitigations are applied to
+ NOTE: containerd/1.5.8~ds1-1 and golang-github-opencontainers-image-spec/1.0.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/10
+ NOTE: https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
+ NOTE: https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh
+CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...)
+ NOT-FOR-US: DSpace
+CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...)
+ NOT-FOR-US: Shopware
+CVE-2021-41187 (DHIS 2 is an information system for data capture, management, validati ...)
+ NOT-FOR-US: DHIS
+CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...)
+ - fluentd <itp> (bug #926692)
+CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...)
+ NOT-FOR-US: Mycodo
+CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ - jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
+ NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
+ NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
+CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
+ - jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
+ NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
+ NOTE: https://bugs.jqueryui.com/ticket/15284
+ NOTE: https://github.com/jquery/jquery-ui/pull/1953
+ NOTE: https://www.drupal.org/sa-core-2022-001
+CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
+ - jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
+ NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
+ NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
+ NOTE: https://www.drupal.org/sa-core-2022-002
+CVE-2021-41181
+ RESERVED
+CVE-2021-41180
+ RESERVED
+CVE-2021-41179 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-41178 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...)
+ NOT-FOR-US: Pterodactyl
+CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-41174 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...)
+ NOT-FOR-US: AntSword plugin for Redis
+CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-41170 (neoan3-apps/template is a neoan3 minimal template engine. Versions pri ...)
+ NOT-FOR-US: neoan3-apps/template
+CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...)
+ NOT-FOR-US: Snudown
+CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...)
+ NOT-FOR-US: modern-async
+CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...)
+ - ckeditor <unfixed> (bug #999909)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
+CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...)
+ - ckeditor <unfixed> (bug #999909)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
+CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41162
+ RESERVED
+CVE-2021-41161
+ RESERVED
+CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+ - freerdp2 2.4.1+dfsg1-1 (bug #1001062)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
+ NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692
+CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+ - freerdp2 2.4.1+dfsg1-1 (bug #1001061)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe
+CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
+CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
+CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...)
+ NOT-FOR-US: anuko/timetracker
+CVE-2021-41155 (Tuleap is a Free &amp; Open Source Suite to improve management of soft ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41154 (Tuleap is a Free &amp; Open Source Suite to improve management of soft ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...)
+ NOT-FOR-US: Rust evm crate
+CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...)
+ NOT-FOR-US: OpenOlat
+CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...)
+ NOT-FOR-US: Backstage
+CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and generat ...)
+ NOT-FOR-US: Tough
+CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...)
+ NOT-FOR-US: Tough
+CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a minimal ...)
+ - qutebrowser <not-affected> (Only affects Windows)
+ NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm
+ NOTE: https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430
+ NOTE: Additional hardening for potential similar issues on Linux were added, but
+ NOTE: are not fixing a security vulnerability.
+CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
+CVE-2021-41144
+ RESERVED
+CVE-2021-41143
+ RESERVED
+CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
+ - pjproject <removed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc
+ NOTE: https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196
+CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...)
+ NOT-FOR-US: Discourse plugin
+CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...)
+ NOT-FOR-US: Frontier
+CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...)
+ NOT-FOR-US: Minio
+CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
+ - puma 5.5.2-1
+ [stretch] - puma <no-dsa> (Minor issue)
+ NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
+ NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
+CVE-2021-41135 (The Cosmos-SDK is a framework for building blockchain applications in ...)
+ NOT-FOR-US: Cosmos-SDK
+CVE-2021-41134 (nbdime provides tools for diffing and merging of Jupyter Notebooks. In ...)
+ - nbdime <itp> (bug #975509)
+CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...)
+ NOT-FOR-US: OMERO.web
+CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...)
+ - python-tuf <itp> (bug #934151)
+CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...)
+ NOT-FOR-US: Extensible Service Proxy
+CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...)
+ NOT-FOR-US: Pterodactyl
+CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...)
+ NOT-FOR-US: Hygeia
+CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...)
+ NOT-FOR-US: Rasa
+CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...)
+ NOT-FOR-US: October CMS
+CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...)
+ - python-scrapy 2.5.1-1
+ [bullseye] - python-scrapy <no-dsa> (Minor issue)
+ [buster] - python-scrapy <no-dsa> (Minor issue)
+ [stretch] - python-scrapy <no-dsa> (Minor issue)
+ NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498
+CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...)
+ NOT-FOR-US: Scrapy-splash
+CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...)
+ NOT-FOR-US: Survey Solutions
+CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
+ NOT-FOR-US: Vyper
+CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
+ NOT-FOR-US: Vyper
+CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...)
+ NOT-FOR-US: sylius/paypal-plugin
+CVE-2021-41119
+ RESERVED
+CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
+ NOT-FOR-US: DynamicPageList3 MediaWiki Extension
+CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...)
+ NOT-FOR-US: keypair
+CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...)
+ - composer <not-affected> (Only affects Windows)
+ NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
+ NOTE: https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa
+CVE-2021-41115 (Zulip is an open source team chat server. In affected versions Zulip a ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...)
+ NOT-FOR-US: Typo3
+CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...)
+ NOT-FOR-US: Typo3
+CVE-2021-41112
+ RESERVED
+CVE-2021-41111
+ RESERVED
+CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...)
+ NOT-FOR-US: cwlviewer
+CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...)
+ NOT-FOR-US: Parse Server
+CVE-2021-41108
+ RESERVED
+CVE-2021-41107
+ RESERVED
+CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...)
+ NOT-FOR-US: PHP lcobucci/jwt
+CVE-2021-41105 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
+CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
+ NOT-FOR-US: ESPHome
+CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...)
+ {DSA-5002-1}
+ - containerd 1.5.7~ds1-1
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
+ NOTE: https://github.com/containerd/containerd/commit/403846c9540f5bfdaf1fe5349cce5fd3bc60f507 (v1.4.11)
+ NOTE: https://github.com/containerd/containerd/commit/38532c6ed7bb9dd683ba9eaca62dd7cce0330cbb (v1.4.11)
+ NOTE: https://github.com/containerd/containerd/commit/0b1bde38546a9283a52cf4970e01fd0f09b0ac4a (v1.4.11)
+CVE-2021-41102
+ RESERVED
+CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
+ NOT-FOR-US: wire-server
+CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...)
+ NOT-FOR-US: wire-server
+CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph
+CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
+ - ruby-nokogiri <not-affected> (jruby implementation not shiped)
+ NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
+ NOTE: https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
+CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...)
+ NOT-FOR-US: Aurelia
+CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 a ...)
+ NOT-FOR-US: Rucky for Android
+CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...)
+ NOT-FOR-US: Wire by Bund
+CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...)
+ NOT-FOR-US: Wire iOS
+CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...)
+ - docker.io 20.10.10+dfsg1-1 (bug #998292)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
+ [buster] - docker.io <no-dsa> (Minor issue)
+ NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
+ NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
+CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...)
+ - docker.io 20.10.10+dfsg1-1
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
+ [buster] - docker.io <no-dsa> (Minor issue)
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
+ NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
+CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and ...)
+ NOT-FOR-US: Grafana Agent
+CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...)
+ - docker.io 20.10.10+dfsg1-1
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
+ [buster] - docker.io <no-dsa> (Minor issue)
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
+CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...)
+ - elvish 0.14.0-1
+ [buster] - elvish <no-dsa> (Minor issue)
+ NOTE: https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r
+ NOTE: https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5
+CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...)
+ NOT-FOR-US: in-toto Go implementation (different from src:in-toto)
+CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...)
+ NOT-FOR-US: jsuites
+CVE-2021-41085
+ RESERVED
+CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...)
+ NOT-FOR-US: Http4s
+CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...)
+ NOT-FOR-US: Dada Mail
+CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before &#65279;&#65279 ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before &#65279;&#65279 ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...)
+ {DSA-4986-1 DLA-2764-1}
+ - tomcat9 9.0.53-1
+ - tomcat8 <removed>
+ NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
+ NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44)
+ NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64)
+CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-nth-check 2.0.1-1
+ [bullseye] - node-nth-check <no-dsa> (Minor issue)
+ [buster] - node-nth-check <no-dsa> (Minor issue)
+ [stretch] - node-nth-check <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 (v2.0.1)
+ NOTE: https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0/
+ NOTE: https://github.com/advisories/GHSA-rp65-9cf3-cjxr
+CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...)
+ {DLA-2809-1}
+ - udisks2 2.9.4-1
+ [bullseye] - udisks2 2.9.2-2+deb11u1
+ [buster] - udisks2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
+ NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
+ NOTE: https://github.com/storaged-project/udisks/commit/38d90a433bda0fc0f2a409f6baa12c3958893571 (udisks-2.9.4)
+CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...)
+ NOT-FOR-US: Nameko
+CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-prismjs 1.25.0+dfsg-1
+ [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1
+ NOTE: https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9
+CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...)
+ NOT-FOR-US: Travis CI
+CVE-2021-41076
+ REJECTED
+CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vu ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41074
+ RESERVED
+CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 ...)
+ {DSA-4978-1}
+ - linux 5.14.6-2
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
+CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...)
+ {DSA-4987-1 DLA-2789-1}
+ - squashfs-tools 1:4.5-3 (bug #994262)
+ NOTE: Prerequisites:
+ NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36
+ NOTE: https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10
+ NOTE: https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d
+ NOTE: Fixed by: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
+ NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c
+ NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
+CVE-2021-41071
+ REJECTED
+CVE-2021-41070
+ REJECTED
+CVE-2021-41069
+ RESERVED
+CVE-2021-41068
+ RESERVED
+CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...)
+ NOT-FOR-US: Listary
+CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...)
+ NOT-FOR-US: Listary
+CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...)
+ NOT-FOR-US: Listary
+CVE-2021-41064
+ RESERVED
+CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...)
+ NOT-FOR-US: Aanderaa GeoView Webservice
+CVE-2021-41062
+ RESERVED
+CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...)
+ NOT-FOR-US: RIOT-OS
+CVE-2021-41060
+ RESERVED
+CVE-2021-41059
+ RESERVED
+CVE-2021-41058
+ RESERVED
+CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles s ...)
+ NOT-FOR-US: WIBU
+CVE-2021-41056
+ RESERVED
+CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...)
+ {DSA-5064-1}
+ - python-nbxmpp 2.0.4-1
+ [buster] - python-nbxmpp <not-affected> (Vulnerable code not present)
+ [stretch] - python-nbxmpp <not-affected> (Vulnerable code introduced later (modules added in v1.0.0))
+ NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638
+ NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f
+ NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version.
+CVE-2021-41053
+ RESERVED
+CVE-2021-41052
+ RESERVED
+CVE-2021-41051
+ RESERVED
+CVE-2021-41050
+ RESERVED
+CVE-2021-41049
+ RESERVED
+CVE-2021-41048
+ RESERVED
+CVE-2021-41047
+ RESERVED
+CVE-2021-41046
+ RESERVED
+CVE-2021-41045
+ RESERVED
+CVE-2021-41044
+ RESERVED
+CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...)
+ - tcpslice <unfixed> (bug #1003190)
+ [bullseye] - tcpslice <no-dsa> (Minor issue)
+ [buster] - tcpslice <no-dsa> (Minor issue)
+ [stretch] - tcpslice <no-dsa> (Minor issue)
+ NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
+ NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5)
+CVE-2021-41042
+ RESERVED
+CVE-2021-41041
+ RESERVED
+CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...)
+ NOT-FOR-US: Eclipse Wakaama
+CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...)
+ - mosquitto <unfixed> (bug #1001028)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
+ NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12)
+CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-41037
+ RESERVED
+CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
+ - paho.mqtt.c <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/eclipse/paho.mqtt.embedded-c/issues/96
+CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
+ NOT-FOR-US: Eclipse OpenJ9
+CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
+ NOT-FOR-US: Eclipse Che
+CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
+ NOT-FOR-US: Eclipse Equinox
+CVE-2021-41032
+ RESERVED
+CVE-2021-41031
+ RESERVED
+CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41026
+ RESERVED
+CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Agent ve ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-41021 (A privilege escalation vulnerability in FortiNAC versions 8.8.8 and be ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41020
+ RESERVED
+CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41013 (An improper access control vulnerability [CWE-284] in FortiWeb version ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41012
+ RESERVED
+CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...)
+ NOT-FOR-US: LINE client for iOS
+CVE-2021-41010
+ RESERVED
+CVE-2021-41009
+ RESERVED
+CVE-2021-41008
+ RESERVED
+CVE-2021-41007
+ RESERVED
+CVE-2021-41006
+ RESERVED
+CVE-2021-41005
+ RESERVED
+CVE-2021-41004
+ RESERVED
+CVE-2021-41003
+ RESERVED
+CVE-2021-41002
+ RESERVED
+CVE-2021-41001
+ RESERVED
+CVE-2021-41000
+ RESERVED
+CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-3800
+ RESERVED
+CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...)
+ - htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/444
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 (v1.9.13)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-40984
+ RESERVED
+CVE-2021-40983
+ RESERVED
+CVE-2021-40982
+ RESERVED
+CVE-2021-40981 (ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain p ...)
+ NOT-FOR-US: ASUS ROG Armoury Crate Lite
+CVE-2021-40980
+ RESERVED
+CVE-2021-40979
+ RESERVED
+CVE-2021-40978 (** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory t ...)
+ - python-mkdocs <unfixed> (unimportant)
+ NOTE: https://github.com/mkdocs/mkdocs/issues/2601
+CVE-2021-40977
+ RESERVED
+CVE-2021-40976
+ RESERVED
+CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2021-40974
+ RESERVED
+CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40967
+ RESERVED
+CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...)
+ NOT-FOR-US: TinyFileManager
+CVE-2021-40965 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileMa ...)
+ NOT-FOR-US: TinyFileManager
+CVE-2021-40964 (A Path Traversal vulnerability exists in TinyFileManager all version u ...)
+ NOT-FOR-US: TinyFileManager
+CVE-2021-40963
+ RESERVED
+CVE-2021-40962
+ RESERVED
+CVE-2021-40961
+ RESERVED
+CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
+ NOT-FOR-US: Galera WebTemplate
+CVE-2021-40959
+ RESERVED
+CVE-2021-40958
+ RESERVED
+CVE-2021-40957
+ RESERVED
+CVE-2021-40956
+ RESERVED
+CVE-2021-40955
+ RESERVED
+CVE-2021-40954
+ RESERVED
+CVE-2021-40953
+ RESERVED
+CVE-2021-40952
+ RESERVED
+CVE-2021-40951
+ RESERVED
+CVE-2021-40950
+ RESERVED
+CVE-2021-40949
+ RESERVED
+CVE-2021-40948
+ RESERVED
+CVE-2021-40947
+ RESERVED
+CVE-2021-40946
+ RESERVED
+CVE-2021-40945
+ RESERVED
+CVE-2021-40944
+ RESERVED
+CVE-2021-40943
+ RESERVED
+CVE-2021-40942
+ RESERVED
+CVE-2021-40941
+ RESERVED
+CVE-2021-40940
+ RESERVED
+CVE-2021-40939
+ RESERVED
+CVE-2021-40938
+ RESERVED
+CVE-2021-40937
+ RESERVED
+CVE-2021-40936
+ RESERVED
+CVE-2021-40935
+ RESERVED
+CVE-2021-40934
+ RESERVED
+CVE-2021-40933
+ RESERVED
+CVE-2021-40932
+ RESERVED
+CVE-2021-40931
+ RESERVED
+CVE-2021-40930
+ RESERVED
+CVE-2021-40929
+ RESERVED
+CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...)
+ NOT-FOR-US: FlexTV
+CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...)
+ NOT-FOR-US: Spotify-for-Alfred
+CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...)
+ - php-getid3 1.9.21+dfsg-1 (unimportant)
+ NOTE: https://github.com/JamesHeinrich/getID3/issues/341
+ NOTE: https://github.com/JamesHeinrich/getID3/commit/0163ba96f7fc64765e499847c2373b1f994797c5 (v1.9.21)
+ NOTE: XSS issue in demo file
+CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...)
+ NOT-FOR-US: infaveo-helpdesk
+CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ NOT-FOR-US: Pixeline Bugs
+CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ NOT-FOR-US: Pixeline Bugs
+CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ NOT-FOR-US: Pixeline Bugs
+CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...)
+ NOT-FOR-US: Detector
+CVE-2021-40920
+ RESERVED
+CVE-2021-40919
+ RESERVED
+CVE-2021-40918
+ RESERVED
+CVE-2021-40917
+ RESERVED
+CVE-2021-40916
+ RESERVED
+CVE-2021-40915
+ RESERVED
+CVE-2021-40914
+ RESERVED
+CVE-2021-40913
+ RESERVED
+CVE-2021-40912
+ RESERVED
+CVE-2021-40911
+ RESERVED
+CVE-2021-40910
+ RESERVED
+CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40906
+ RESERVED
+CVE-2021-40905
+ RESERVED
+CVE-2021-40904
+ RESERVED
+CVE-2021-40903
+ RESERVED
+CVE-2021-40902
+ RESERVED
+CVE-2021-40901
+ RESERVED
+CVE-2021-40900
+ RESERVED
+CVE-2021-40899
+ RESERVED
+CVE-2021-40898
+ RESERVED
+CVE-2021-40897
+ RESERVED
+CVE-2021-40896
+ RESERVED
+CVE-2021-40895
+ RESERVED
+CVE-2021-40894
+ RESERVED
+CVE-2021-40893
+ RESERVED
+CVE-2021-40892
+ RESERVED
+CVE-2021-40891
+ RESERVED
+CVE-2021-40890
+ RESERVED
+CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...)
+ NOT-FOR-US: CMSUno
+CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40885
+ RESERVED
+CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...)
+ NOT-FOR-US: emlog
+CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...)
+ - piwigo <removed>
+CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...)
+ NOT-FOR-US: PublicCMS
+CVE-2021-40880
+ RESERVED
+CVE-2021-40879
+ RESERVED
+CVE-2021-40878
+ RESERVED
+CVE-2021-40877
+ RESERVED
+CVE-2021-40876
+ RESERVED
+CVE-2021-40875 (Improper Access Control in Gurock TestRail versions &lt; 7.2.0.3014 re ...)
+ NOT-FOR-US: Gurock TestRail
+CVE-2021-40874 [RESTServer pwdConfirm always returns true with Combination + Kerberos]
+ RESERVED
+ [experimental] - lemonldap-ng 2.0.14~exp+ds-1
+ - lemonldap-ng <unfixed> (bug #1005302)
+ [bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+ [buster] - lemonldap-ng <no-dsa> (Minor issue)
+ [stretch] - lemonldap-ng <no-dsa> (Minor issue)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/66946e8f754812b375768c2124937137c856fe0c
+CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2021-40872 (An issue was discovered in Softing Industrial Automation uaToolkit Emb ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2021-40871 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...)
+ NOT-FOR-US: Aviatrix Controller
+CVE-2021-40869
+ RESERVED
+CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...)
+ NOT-FOR-US: Cloudron
+CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...)
+ NOT-FOR-US: Netgear
+CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...)
+ NOT-FOR-US: Netgear
+CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...)
+ {DLA-2820-1}
+ - atftp 0.7.git20210915-1 (bug #994895)
+ [bullseye] - atftp 0.7.git20120829-3.3+deb11u1
+ [buster] - atftp 0.7.git20120829-3.2~deb10u2
+ NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
+CVE-2021-3798 [Soft token does not check if an EC key is valid]
+ RESERVED
+ - opencryptoki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780
+ NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0)
+ NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0
+CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...)
+ NOT-FOR-US: Apache Storm
+CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
+ NOT-FOR-US: Hestia Control Panel
+CVE-2021-3796 (vim is vulnerable to Use After Free ...)
+ {DLA-2876-1}
+ - vim 2:8.2.3455-1 (bug #994497)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/
+ NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
+CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...)
+ NOT-FOR-US: Node semver-regex
+CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: vuelidate for Vue.js
+CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...)
+ NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server
+CVE-2021-40863
+ RESERVED
+CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...)
+ NOT-FOR-US: HashiCorp Terraform Enterprise
+CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...)
+ NOT-FOR-US: Genesys
+CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...)
+ NOT-FOR-US: Genesys
+CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...)
+ NOT-FOR-US: Auerswald
+CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Discl ...)
+ NOT-FOR-US: Auerswald COMpact 5500R devices
+CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation ...)
+ NOT-FOR-US: Auerswald COMpact 5500R devices
+CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...)
+ NOT-FOR-US: Auerswald
+CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...)
+ NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates
+CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
+ NOT-FOR-US: AnyDesk
+CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...)
+ - mahara <removed>
+CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...)
+ - mahara <removed>
+CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...)
+ NOT-FOR-US: Netgear
+CVE-2021-40846
+ RESERVED
+CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...)
+ NOT-FOR-US: Zenitel
+CVE-2021-40844
+ RESERVED
+CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...)
+ NOT-FOR-US: LiveConfig
+CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...)
+ NOT-FOR-US: LiveConfig
+CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
+ - python-rencode 1.0.6-2
+ [bullseye] - python-rencode <no-dsa> (Minor issue)
+ [buster] - python-rencode <no-dsa> (Minor issue)
+ [stretch] - python-rencode <no-dsa> (Minor issue)
+ NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
+ NOTE: https://github.com/aresch/rencode/pull/29
+CVE-2021-40838
+ RESERVED
+CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
+ NOT-FOR-US: Safe Browser for iOS
+CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
+ NOT-FOR-US: F-secure
+CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40830 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40829 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) ...)
+ - clementine <unfixed> (unimportant)
+ NOTE: https://voidsec.com/advisories/cve-2021-40827/
+ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but
+ NOTE: regardless just a crash in a CLI tool
+CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User Mode Wri ...)
+ - clementine <unfixed> (unimportant)
+ NOTE: https://voidsec.com/advisories/cve-2021-40826/
+ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but
+ NOTE: regardless just a crash in a CLI tool
+CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...)
+ NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers
+CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...)
+ NOT-FOR-US: matrix-android-sdk2
+CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...)
+ - element-web <itp> (bug #866502)
+ - node-matrix-js-sdk <unfixed> (bug #994213)
+ [bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
+ [buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
+ NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/
+ NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1)
+CVE-2021-40822
+ RESERVED
+CVE-2021-40821
+ RESERVED
+CVE-2021-40820
+ RESERVED
+CVE-2021-40819
+ RESERVED
+CVE-2021-3793 (An improper access control vulnerability was reported in some Motorola ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3792 (Some device communications in some Motorola-branded Binatone Hubble Ca ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3791 (An information disclosure vulnerability was reported in some Motorola- ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3790 (A buffer overflow was reported in the local web server of some Motorol ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3789 (An information disclosure vulnerability was reported in some Motorola- ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3788 (An exposed debug interface was reported in some Motorola-branded Binat ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone Hubble ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CSME co ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: yourls
+CVE-2021-3784
+ RESERVED
+CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: yourls
+CVE-2021-3782
+ RESERVED
+CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...)
+ {DSA-4972-1}
+ - ghostscript 9.53.3~dfsg-8 (bug #994011)
+ [buster] - ghostscript <not-affected> (Vulnerable code introduced later)
+ [stretch] - ghostscript <not-affected> (Vulnerable code introduced later)
+ NOTE: https://twitter.com/ducnt_/status/1434534373416574983
+ NOTE: https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704342
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
+CVE-2021-40817
+ RESERVED
+CVE-2021-40816
+ RESERVED
+CVE-2021-40815
+ RESERVED
+CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...)
+ NOT-FOR-US: PrestaShop addon
+CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
+ NOT-FOR-US: Element-IT HTTP Commander
+CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
+ - libgd2 <unfixed>
+ [bullseye] - libgd2 <no-dsa> (Minor issue)
+ [buster] - libgd2 <no-dsa> (Minor issue)
+ [stretch] - libgd2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385
+ NOTE: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9
+CVE-2021-40811
+ RESERVED
+CVE-2021-40810
+ RESERVED
+CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-40808
+ RESERVED
+CVE-2021-40807
+ RESERVED
+CVE-2021-40806
+ RESERVED
+CVE-2021-40805
+ RESERVED
+CVE-2021-40804
+ RESERVED
+CVE-2021-40803
+ RESERVED
+CVE-2021-40802
+ RESERVED
+CVE-2021-40801
+ RESERVED
+CVE-2021-40800
+ RESERVED
+CVE-2021-40799
+ RESERVED
+CVE-2021-40798
+ RESERVED
+CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Neutron ...)
+ - neutron 2:19.0.0-1 (unimportant; bug #994202)
+ [bullseye] - neutron 2:17.2.1-0+deb11u1
+ [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
+ NOTE: https://launchpad.net/bugs/1942179
+ NOTE: neutron-api in Debian is served over UWSGI, cf. https://bugs.debian.org/994202
+ NOTE: and so serves the requests and stops the process.
+CVE-2021-40796
+ RESERVED
+CVE-2021-40795
+ RESERVED
+CVE-2021-40794
+ RESERVED
+CVE-2021-40793
+ RESERVED
+CVE-2021-40792
+ RESERVED
+CVE-2021-40791
+ RESERVED
+CVE-2021-40790
+ RESERVED
+CVE-2021-40789
+ RESERVED
+CVE-2021-40788
+ RESERVED
+CVE-2021-40787
+ RESERVED
+CVE-2021-40786
+ RESERVED
+CVE-2021-40785
+ RESERVED
+CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40782
+ RESERVED
+CVE-2021-40781
+ RESERVED
+CVE-2021-40780
+ RESERVED
+CVE-2021-40779
+ RESERVED
+CVE-2021-40778
+ RESERVED
+CVE-2021-40777
+ RESERVED
+CVE-2021-40776
+ RESERVED
+CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40769
+ RESERVED
+CVE-2021-40768
+ RESERVED
+CVE-2021-40767
+ RESERVED
+CVE-2021-40766
+ RESERVED
+CVE-2021-40765
+ RESERVED
+CVE-2021-40764
+ RESERVED
+CVE-2021-40763
+ RESERVED
+CVE-2021-40762
+ RESERVED
+CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40759 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40758 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40757 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40756 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40755 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40754 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40753 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40752 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40750
+ RESERVED
+CVE-2021-40749
+ RESERVED
+CVE-2021-40748
+ RESERVED
+CVE-2021-40747
+ RESERVED
+CVE-2021-40746
+ RESERVED
+CVE-2021-40745 (Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Trav ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40744
+ RESERVED
+CVE-2021-40743
+ RESERVED
+CVE-2021-40742
+ RESERVED
+CVE-2021-40741
+ RESERVED
+CVE-2021-40740
+ RESERVED
+CVE-2021-40739
+ RESERVED
+CVE-2021-40738
+ RESERVED
+CVE-2021-40737
+ RESERVED
+CVE-2021-40736
+ RESERVED
+CVE-2021-40735
+ RESERVED
+CVE-2021-40734
+ RESERVED
+CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40727
+ RESERVED
+CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40723
+ RESERVED
+CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40719 (Adobe Connect version 11.2.3 (and earlier) is affected by a Deserializ ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40718
+ RESERVED
+CVE-2021-40717
+ RESERVED
+CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40715 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40713 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40712 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40711 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40710 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40709 (Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40708 (Adobe Genuine Service versions 7.3 (and earlier) are affected by a pri ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40707
+ RESERVED
+CVE-2021-40706
+ RESERVED
+CVE-2021-40705
+ RESERVED
+CVE-2021-40704
+ RESERVED
+CVE-2021-40703 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40702 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40699
+ RESERVED
+CVE-2021-40698
+ RESERVED
+CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40696
+ REJECTED
+CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...)
+ - moodle <removed>
+CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...)
+ - moodle <removed>
+CVE-2021-40693 (An authentication bypass risk was identified in the external database ...)
+ - moodle <removed>
+CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...)
+ - moodle <removed>
+CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...)
+ - moodle <removed>
+CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
+ {DSA-5010-1 DLA-2767-1}
+ - libxml-security-java 2.1.7-1 (bug #994569)
+ NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc
+CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...)
+ - peertube <itp> (bug #950821)
+CVE-2021-40689
+ RESERVED
+CVE-2021-40688
+ RESERVED
+CVE-2021-40687
+ RESERVED
+CVE-2021-40686
+ RESERVED
+CVE-2021-40685
+ RESERVED
+CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R ...)
+ NOT-FOR-US: Talend ESB Runtime
+CVE-2021-XXXX [jwe cbc tag computation error]
+ - rhonabwy 0.9.13-4 (bug #993866)
+ [bullseye] - rhonabwy 0.9.13-3+deb11u1
+ NOTE: https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac (v1.0.0)
+CVE-2021-XXXX [jws alg:none signature verification issue]
+ - rhonabwy 0.9.13-4 (bug #993866)
+ [bullseye] - rhonabwy 0.9.13-3+deb11u1
+ NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0)
+CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...)
+ - glewlwyd 2.5.2-3 (bug #993867)
+ [bullseye] - glewlwyd 2.5.2-2+deb11u1
+ [buster] - glewlwyd <not-affected> (Vulnerable code for FIDO2 signature validation introduced later)
+ NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
+CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...)
+ NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client
+CVE-2021-40682
+ RESERVED
+CVE-2021-3779
+ RESERVED
+CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2876-1}
+ - vim 2:8.2.3455-1 (bug #994498)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
+ NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
+CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: nodejs-tmpl
+CVE-2021-40681
+ RESERVED
+CVE-2021-40680
+ RESERVED
+CVE-2021-40679
+ RESERVED
+CVE-2021-40678
+ RESERVED
+CVE-2021-40677
+ RESERVED
+CVE-2021-40676
+ RESERVED
+CVE-2021-40675
+ RESERVED
+CVE-2021-40674 (An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyV ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2021-40673
+ RESERVED
+CVE-2021-40672
+ RESERVED
+CVE-2021-40671
+ RESERVED
+CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2021-40668
+ RESERVED
+CVE-2021-40667
+ RESERVED
+CVE-2021-40666
+ RESERVED
+CVE-2021-40665
+ RESERVED
+CVE-2021-40664
+ RESERVED
+CVE-2021-40663
+ RESERVED
+CVE-2021-40662
+ RESERVED
+CVE-2021-40661
+ RESERVED
+CVE-2021-40660
+ RESERVED
+CVE-2021-40659
+ RESERVED
+CVE-2021-40658
+ RESERVED
+CVE-2021-40657
+ RESERVED
+CVE-2021-40656
+ RESERVED
+CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...)
+ NOT-FOR-US: D-Link
+CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...)
+ NOT-FOR-US: D-Link
+CVE-2021-40653
+ RESERVED
+CVE-2021-40652
+ RESERVED
+CVE-2021-40651 (OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vu ...)
+ NOT-FOR-US: OS4Ed OpenSIS Community
+CVE-2021-40650
+ RESERVED
+CVE-2021-40649
+ RESERVED
+CVE-2021-40648
+ RESERVED
+CVE-2021-40647
+ RESERVED
+CVE-2021-40646
+ RESERVED
+CVE-2021-40645
+ RESERVED
+CVE-2021-40644
+ RESERVED
+CVE-2021-40643
+ RESERVED
+CVE-2021-40642
+ RESERVED
+CVE-2021-40641
+ RESERVED
+CVE-2021-40640
+ RESERVED
+CVE-2021-40639 (Improper access control in Jfinal CMS 5.1.0 allows attackers to access ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2021-40638
+ RESERVED
+CVE-2021-40637
+ RESERVED
+CVE-2021-40636
+ RESERVED
+CVE-2021-40635
+ RESERVED
+CVE-2021-40634
+ RESERVED
+CVE-2021-40633
+ RESERVED
+CVE-2021-40632
+ RESERVED
+CVE-2021-40631
+ RESERVED
+CVE-2021-40630
+ RESERVED
+CVE-2021-40629
+ RESERVED
+CVE-2021-40628
+ RESERVED
+CVE-2021-40627
+ RESERVED
+CVE-2021-40626
+ RESERVED
+CVE-2021-40625
+ RESERVED
+CVE-2021-40624
+ RESERVED
+CVE-2021-40623
+ RESERVED
+CVE-2021-40622
+ RESERVED
+CVE-2021-40621
+ RESERVED
+CVE-2021-40620
+ RESERVED
+CVE-2021-40619
+ RESERVED
+CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40616
+ RESERVED
+CVE-2021-40615
+ RESERVED
+CVE-2021-40614
+ RESERVED
+CVE-2021-40613
+ RESERVED
+CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...)
+ NOT-FOR-US: Opmantek Open-AudIT
+CVE-2021-40611
+ RESERVED
+CVE-2021-40610
+ RESERVED
+CVE-2021-40609
+ RESERVED
+CVE-2021-40608
+ RESERVED
+CVE-2021-40607
+ RESERVED
+CVE-2021-40606
+ RESERVED
+CVE-2021-40605
+ RESERVED
+CVE-2021-40604
+ RESERVED
+CVE-2021-40603
+ RESERVED
+CVE-2021-40602
+ RESERVED
+CVE-2021-40601
+ RESERVED
+CVE-2021-40600
+ RESERVED
+CVE-2021-40599
+ RESERVED
+CVE-2021-40598
+ RESERVED
+CVE-2021-40597
+ RESERVED
+CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40594
+ RESERVED
+CVE-2021-40593
+ RESERVED
+CVE-2021-40592
+ RESERVED
+CVE-2021-40591
+ RESERVED
+CVE-2021-40590
+ RESERVED
+CVE-2021-40589
+ RESERVED
+CVE-2021-40588
+ RESERVED
+CVE-2021-40587
+ RESERVED
+CVE-2021-40586
+ RESERVED
+CVE-2021-40585
+ RESERVED
+CVE-2021-40584
+ RESERVED
+CVE-2021-40583
+ RESERVED
+CVE-2021-40582
+ RESERVED
+CVE-2021-40581
+ RESERVED
+CVE-2021-40580
+ RESERVED
+CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...)
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
+CVE-2021-40578 (Authenticated Blind &amp; Error-based SQL injection vulnerability was ...)
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
+CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1904
+ NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec
+CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1905
+ NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858
+CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1897
+ NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb
+CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1891
+ NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
+CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1893
+ NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109
+CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1895
+ NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340
+CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1899
+ NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302
+CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1890
+ NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
+CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1900
+ NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30
+CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1889
+ NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816
+CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1887
+ NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391
+CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1902
+ NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b
+CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1898
+ NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618
+CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1892
+ NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137
+CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1901
+ NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3
+CVE-2021-40561
+ RESERVED
+CVE-2021-40560
+ RESERVED
+CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1886
+ NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7
+CVE-2021-40558
+ RESERVED
+CVE-2021-40557
+ RESERVED
+CVE-2021-40556
+ RESERVED
+CVE-2021-40555
+ RESERVED
+CVE-2021-40554
+ RESERVED
+CVE-2021-40553
+ RESERVED
+CVE-2021-40552
+ RESERVED
+CVE-2021-40551
+ RESERVED
+CVE-2021-40550
+ RESERVED
+CVE-2021-40549
+ RESERVED
+CVE-2021-40548
+ RESERVED
+CVE-2021-40547
+ RESERVED
+CVE-2021-40546
+ RESERVED
+CVE-2021-40545
+ RESERVED
+CVE-2021-40544
+ RESERVED
+CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulnerabili ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...)
+ - ulfius 2.7.1-2 (bug #993851)
+ [bullseye] - ulfius 2.7.1-1+deb11u1
+ [buster] - ulfius 2.5.2-4+deb10u1
+ NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa
+CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40538
+ RESERVED
+CVE-2021-40537 (Server Side Request Forgery (SSRF) vulnerability exists in owncloud/us ...)
+ - owncloud <removed>
+CVE-2021-40536
+ RESERVED
+CVE-2021-40535
+ RESERVED
+CVE-2021-40534
+ RESERVED
+CVE-2021-40533
+ RESERVED
+CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...)
+ NOT-FOR-US: tweb
+ NOTE: https://github.com/morethanwords/tweb
+CVE-2021-40531 (Sketch before 75 allows library feeds to be used to bypass file quaran ...)
+ NOT-FOR-US: Sketch collaborative design (Mac or Web app)
+ NOTE: sketch.com, not the sketch package in Debian.
+CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...)
+ - libcrypto++ 8.6.0-1 (bug #993841)
+ [bullseye] - libcrypto++ <no-dsa> (Minor issue)
+ [buster] - libcrypto++ <no-dsa> (Minor issue)
+ [stretch] - libcrypto++ <no-dsa> (Minor issue)
+ NOTE: https://eprint.iacr.org/2021/923
+ NOTE: https://github.com/weidai11/cryptopp/issues/1059
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
+ NOTE: https://github.com/weidai11/cryptopp/commit/bee8e8ca6658 (CRYPTOPP_8_6_0)
+CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...)
+ - botan 2.18.1+dfsg-3 (bug #993840)
+ [bullseye] - botan <no-dsa> (Minor issue)
+ [buster] - botan <no-dsa> (Minor issue)
+ - botan1.10 <removed>
+ [stretch] - botan1.10 <ignored> (Affected function encrypt(...) has changed drastically. Backport is too instrusive to backport)
+ NOTE: https://eprint.iacr.org/2021/923
+ NOTE: https://github.com/randombit/botan/pull/2790
+ NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
+CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...)
+ - libgcrypt20 1.9.4-2
+ [bullseye] - libgcrypt20 <no-dsa> (Minor issue)
+ [buster] - libgcrypt20 <no-dsa> (Minor issue)
+ [stretch] - libgcrypt20 <no-dsa> (Minor issue)
+ NOTE: https://eprint.iacr.org/2021/923
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x)
+ NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and
+ NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding
+ NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on
+ NOTE: a query).
+CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...)
+ NOT-FOR-US: "com.onepeloton.erlich" mobile application
+CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
+ NOT-FOR-US: Peleton
+CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...)
+ NOT-FOR-US: Apache James
+CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
+ NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
+CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
+ NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
+ TODO: fill in tracking details
+CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associations]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694
+CVE-2021-3771
+ RESERVED
+CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...)
+ - pure-ftpd 1.0.50-1 (bug #993810)
+ [bullseye] - pure-ftpd <no-dsa> (Minor issue)
+ [buster] - pure-ftpd <no-dsa> (Minor issue)
+ [stretch] - pure-ftpd <no-dsa> (Minor issue)
+ NOTE: https://github.com/jedisct1/pure-ftpd/pull/158
+CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During negoti ...)
+ NOT-FOR-US: Contiki
+CVE-2021-40522
+ RESERVED
+CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF. ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...)
+ {DLA-2770-1}
+ - weechat 3.2.1-1 (bug #993803)
+ [bullseye] - weechat <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - weechat <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b
+CVE-2021-40515
+ RESERVED
+CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3455-1 (bug #994076)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (Vulnerable code not present)
+ NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/
+ NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402)
+ NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
+CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-40514
+ RESERVED
+CVE-2021-40513
+ RESERVED
+CVE-2021-40512
+ RESERVED
+CVE-2021-40511
+ RESERVED
+CVE-2021-40510
+ RESERVED
+CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. ...)
+ NOT-FOR-US: JForum2
+CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: bookstack
+CVE-2021-40508
+ RESERVED
+CVE-2021-40507
+ RESERVED
+CVE-2021-40506
+ RESERVED
+CVE-2021-40505
+ RESERVED
+CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...)
+ NOT-FOR-US: Node objection.js
+CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Complexit ...)
+ - validator.js <removed>
+ [stretch] - validator.js <postponed> (Minor issue, ReDOS, partial fix, no rdeps)
+ NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0)
+ NOTE: partial fix, only applies to chars==null
+CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...)
+ NOT-FOR-US: SAP
+CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows ...)
+ NOT-FOR-US: SAP
+CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...)
+ NOT-FOR-US: SAP
+CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...)
+ NOT-FOR-US: SAP
+CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...)
+ NOT-FOR-US: SAP
+CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...)
+ NOT-FOR-US: SAP
+CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...)
+ NOT-FOR-US: SAP
+CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...)
+ NOT-FOR-US: SAP
+CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...)
+ NOT-FOR-US: SAP
+CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...)
+ NOT-FOR-US: AdaptiveScale LXDUI
+CVE-2021-40493 (Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injecti ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...)
+ NOT-FOR-US: Gibbon application
+CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40463 (Windows NAT Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40459
+ RESERVED
+CVE-2021-40458
+ RESERVED
+CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40451
+ RESERVED
+CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40446
+ RESERVED
+CVE-2021-40445
+ RESERVED
+CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467
+ NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
+CVE-2021-3763
+ RESERVED
+ NOT-FOR-US: Red Hat AMQ Broker
+CVE-2021-3762
+ RESERVED
+ NOT-FOR-US: Quay/clair
+CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...)
+ {DSA-4982-1 DLA-2776-1}
+ - apache2 2.4.49-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438
+ NOTE: Minimal fix: https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 (2.4.x)
+ NOTE: Future-proof follow-up: https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 (2.4.x)
+ NOTE: Regression fix #1: https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f (2.4.x)
+ NOTE: Regression fix #2: https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c (2.4.x)
+CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...)
+ - inetutils 2:2.2-1 (bug #993476)
+ [bullseye] - inetutils <no-dsa> (Minor issue)
+ [buster] - inetutils <no-dsa> (Minor issue)
+ [stretch] - inetutils <no-dsa> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
+ NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
+CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
+CVE-2021-40437
+ RESERVED
+CVE-2021-40436
+ RESERVED
+CVE-2021-40435
+ RESERVED
+CVE-2021-40434
+ RESERVED
+CVE-2021-40433
+ RESERVED
+CVE-2021-40432
+ RESERVED
+CVE-2021-40431
+ RESERVED
+CVE-2021-40430
+ RESERVED
+CVE-2021-40429
+ RESERVED
+CVE-2021-40428
+ RESERVED
+CVE-2021-40427
+ RESERVED
+CVE-2021-40426
+ RESERVED
+CVE-2021-40425
+ RESERVED
+CVE-2021-40424
+ RESERVED
+CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40422
+ RESERVED
+CVE-2021-40421
+ RESERVED
+CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ NOT-FOR-US: DaVinci Resolve
+CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ NOT-FOR-US: DaVinci Resolve
+CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40405
+ RESERVED
+CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
+ - gerbv <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
+ NOTE: https://github.com/gerbv/gerbv/issues/82
+ NOTE: Proposed patch: https://github.com/gerbv/gerbv/commit/387f07b163cc30cd95e9bedf53bc07e7b38cc318
+CVE-2021-40402
+ RESERVED
+ - gerbv <unfixed>
+ NOTE: https://github.com/gerbv/gerbv/issues/80
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
+CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...)
+ - gerbv <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
+ NOTE: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069
+ NOTE: https://github.com/gerbv/gerbv/issues/81
+CVE-2021-40400
+ RESERVED
+ - gerbv <unfixed>
+ NOTE: https://github.com/gerbv/gerbv/issues/79
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
+CVE-2021-40399
+ RESERVED
+CVE-2021-40398
+ RESERVED
+CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40395
+ REJECTED
+CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ - gerbv 2.8.1-1
+ [bullseye] - gerbv <no-dsa> (Minor issue)
+ [buster] - gerbv <no-dsa> (Minor issue)
+ [stretch] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405
+ NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28
+ NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1)
+CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ - gerbv 2.8.2-1
+ [bullseye] - gerbv <no-dsa> (Minor issue)
+ [buster] - gerbv <no-dsa> (Minor issue)
+ [stretch] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404
+ NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf
+ NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1)
+CVE-2021-40392
+ RESERVED
+CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
+ {DLA-2839-1}
+ - gerbv 2.7.1-1
+ [bullseye] - gerbv 2.7.0-2+deb11u1
+ [buster] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402
+ NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
+ NOTE: https://github.com/gerbv/gerbv/issues/30
+CVE-2021-40390
+ RESERVED
+CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
+ NOT-FOR-US: Kaseya Unitrends Backup Software
+CVE-2021-40386
+ RESERVED
+CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
+ NOT-FOR-US: Kaseya Unitrends Backup Software
+CVE-2021-40384
+ RESERVED
+CVE-2021-40383
+ RESERVED
+CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40380 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...)
+ NOT-FOR-US: SmarterTools
+CVE-2021-40376
+ RESERVED
+CVE-2021-40375
+ RESERVED
+CVE-2021-40374
+ RESERVED
+CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...)
+ NOT-FOR-US: playSMS
+CVE-2021-40372
+ RESERVED
+CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...)
+ NOT-FOR-US: Gridpro Request Management for Windows Azure Pack
+CVE-2021-40370
+ RESERVED
+CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...)
+ - jspwiki <removed>
+CVE-2021-40368
+ RESERVED
+CVE-2021-40367
+ RESERVED
+CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWM module) (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40365
+ RESERVED
+CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40362
+ RESERVED
+CVE-2021-40361
+ RESERVED
+CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...)
+ {DSA-5041-1}
+ - cfrpki 1.3.0-1 (bug #994572)
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
+ NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
+CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...)
+ {DLA-2843-1}
+ - linux 5.14.16-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2
+ NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6)
+ NOTE: CONFIG_NFC_NCI is not set in Debian
+CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40352 (OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Re ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-40351
+ RESERVED
+CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows at ...)
+ NOT-FOR-US: Christie Digital DWU850-GS V06.46 devices
+CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack th ...)
+ NOT-FOR-US: e7d Speed Test
+CVE-2021-40348 (Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code inj ...)
+ NOT-FOR-US: Uyuni / Spacewalk (Red Hat)
+CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...)
+ {DSA-4970-1}
+ - postorius 1.3.5-1 (bug #993746)
+ NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b
+ NOTE: https://phabricator.wikimedia.org/T289798
+CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...)
+ {DSA-4968-1}
+ - haproxy 2.2.16-3
+ [buster] - haproxy <not-affected> (Vulnerable code not present)
+ [stretch] - haproxy <not-affected> (Vulnerable code not present)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
+CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-40342
+ RESERVED
+CVE-2021-40341
+ RESERVED
+CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40336
+ RESERVED
+CVE-2021-40335
+ RESERVED
+CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40332
+ RESERVED
+CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks]
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/
+CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...)
+ NOT-FOR-US: Node immer
+ NOTE: https://github.com/immerjs/immer
+CVE-2021-40331
+ RESERVED
+CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...)
+ - libmysofa 1.2.1~dfsg0-1
+ [bullseye] - libmysofa <no-dsa> (Minor issue)
+ [buster] - libmysofa <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/
+ NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1)
+CVE-2021-3755
+ REJECTED
+CVE-2021-3754
+ RESERVED
+CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
+CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel&#8217;s Bluetooth ...)
+ - linux 5.15.3-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
+CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...)
+ - git 1:2.30.1-1
+ [bullseye] - git <no-dsa> (Minor issue)
+ [buster] - git <no-dsa> (Minor issue)
+ [stretch] - git <no-dsa> (Minor issue)
+ NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
+CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...)
+ NOT-FOR-US: Ping Identity PingFederate
+CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7)
+CVE-2021-40328
+ RESERVED
+CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...)
+ NOT-FOR-US: Trusted Firmware-M (TF-M)
+CVE-2021-40326
+ RESERVED
+CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
+ - cobbler <removed>
+CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...)
+ - cobbler <removed>
+CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...)
+ - cobbler <removed>
+CVE-2021-40322
+ RESERVED
+CVE-2021-40321
+ RESERVED
+CVE-2021-40320
+ RESERVED
+CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free]
+ RESERVED
+ - qemu <unfixed>
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541
+ NOTE: Fix for whole class of DMA MMIO reentrancy issues: https://gitlab.com/qemu-project/qemu/-/issues/556
+ NOTE: Patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-axios 0.21.3+dfsg-1
+ [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1
+ [buster] - node-axios 0.17.1+dfsg-2+deb10u1
+ NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
+ NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
+ NOTE: https://github.com/axios/axios/pull/3980
+CVE-2021-3748 [virtio-net: heap use-after-free in virtio_net_receive_rcu]
+ RESERVED
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-6 (bug #993401)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514
+CVE-2021-40319
+ RESERVED
+CVE-2021-40318
+ RESERVED
+CVE-2021-40317
+ RESERVED
+CVE-2021-40316
+ RESERVED
+CVE-2021-40315
+ RESERVED
+CVE-2021-40314
+ RESERVED
+CVE-2021-40313 (Piwigo v11.5 was discovered to contain a SQL injection vulnerability v ...)
+ - piwigo <removed>
+CVE-2021-40312
+ RESERVED
+CVE-2021-40311
+ RESERVED
+CVE-2021-40310 (OpenSIS Community Edition version 8.0 is affected by a cross-site scri ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-40309 (A SQL injection vulnerability exists in the Take Attendance functional ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-40308
+ RESERVED
+CVE-2021-40307
+ RESERVED
+CVE-2021-40306
+ RESERVED
+CVE-2021-40305
+ RESERVED
+CVE-2021-40304
+ RESERVED
+CVE-2021-40303
+ RESERVED
+CVE-2021-40302
+ RESERVED
+CVE-2021-40301
+ RESERVED
+CVE-2021-40300
+ RESERVED
+CVE-2021-40299
+ RESERVED
+CVE-2021-40298
+ RESERVED
+CVE-2021-40297
+ RESERVED
+CVE-2021-40296
+ RESERVED
+CVE-2021-40295
+ RESERVED
+CVE-2021-40294
+ RESERVED
+CVE-2021-40293
+ RESERVED
+CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...)
+ NOT-FOR-US: DzzOffice
+CVE-2021-40291
+ RESERVED
+CVE-2021-40290
+ RESERVED
+CVE-2021-40289
+ RESERVED
+CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-40287
+ RESERVED
+CVE-2021-40286
+ RESERVED
+CVE-2021-40285
+ RESERVED
+CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...)
+ NOT-FOR-US: D-Link
+CVE-2021-40283
+ RESERVED
+CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40278
+ RESERVED
+CVE-2021-40277
+ RESERVED
+CVE-2021-40276
+ RESERVED
+CVE-2021-40275
+ RESERVED
+CVE-2021-40274
+ RESERVED
+CVE-2021-40273
+ RESERVED
+CVE-2021-40272
+ RESERVED
+CVE-2021-40271
+ RESERVED
+CVE-2021-40270
+ RESERVED
+CVE-2021-40269
+ RESERVED
+CVE-2021-40268
+ RESERVED
+CVE-2021-40267
+ RESERVED
+CVE-2021-40266
+ RESERVED
+CVE-2021-40265
+ RESERVED
+CVE-2021-40264
+ RESERVED
+CVE-2021-40263
+ RESERVED
+CVE-2021-40262
+ RESERVED
+CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-40259
+ RESERVED
+CVE-2021-40258
+ RESERVED
+CVE-2021-40257
+ RESERVED
+CVE-2021-40256
+ RESERVED
+CVE-2021-40255
+ RESERVED
+CVE-2021-40254
+ RESERVED
+CVE-2021-40253
+ RESERVED
+CVE-2021-40252
+ RESERVED
+CVE-2021-40251
+ RESERVED
+CVE-2021-40250
+ RESERVED
+CVE-2021-40249
+ RESERVED
+CVE-2021-40248
+ RESERVED
+CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40246
+ RESERVED
+CVE-2021-40245
+ RESERVED
+CVE-2021-40244
+ RESERVED
+CVE-2021-40243
+ RESERVED
+CVE-2021-40242
+ RESERVED
+CVE-2021-40241
+ RESERVED
+CVE-2021-40240
+ RESERVED
+CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...)
+ NOT-FOR-US: Miniftpd
+CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...)
+ NOT-FOR-US: Webuzo
+CVE-2021-40237
+ RESERVED
+CVE-2021-40236
+ RESERVED
+CVE-2021-40235
+ RESERVED
+CVE-2021-40234
+ RESERVED
+CVE-2021-40233
+ RESERVED
+CVE-2021-40232
+ RESERVED
+CVE-2021-40231
+ RESERVED
+CVE-2021-40230
+ RESERVED
+CVE-2021-40229
+ RESERVED
+CVE-2021-40228
+ RESERVED
+CVE-2021-40227
+ RESERVED
+CVE-2021-40226
+ RESERVED
+CVE-2021-40225
+ RESERVED
+CVE-2021-40224
+ RESERVED
+CVE-2021-40223 (Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitiz ...)
+ NOT-FOR-US: Rittal CMC PU III Web management
+CVE-2021-40222 (Rittal CMC PU III Web management Version affected: V3.11.00_2. Version ...)
+ NOT-FOR-US: Rittal CMC PU III Web management
+CVE-2021-40221
+ RESERVED
+CVE-2021-40220
+ RESERVED
+CVE-2021-40219
+ RESERVED
+CVE-2021-40218
+ RESERVED
+CVE-2021-40217
+ RESERVED
+CVE-2021-40216
+ RESERVED
+CVE-2021-40215
+ RESERVED
+CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...)
+ NOT-FOR-US: Gibbon
+CVE-2021-40213
+ RESERVED
+CVE-2021-40212
+ RESERVED
+CVE-2021-40211
+ RESERVED
+CVE-2021-40210
+ RESERVED
+CVE-2021-40209
+ RESERVED
+CVE-2021-40208
+ RESERVED
+CVE-2021-40207
+ RESERVED
+CVE-2021-40206
+ RESERVED
+CVE-2021-40205
+ RESERVED
+CVE-2021-40204
+ RESERVED
+CVE-2021-40203
+ RESERVED
+CVE-2021-40202
+ RESERVED
+CVE-2021-40201
+ RESERVED
+CVE-2021-40200
+ RESERVED
+CVE-2021-40199
+ RESERVED
+CVE-2021-40198
+ RESERVED
+CVE-2021-40197
+ RESERVED
+CVE-2021-40196
+ RESERVED
+CVE-2021-40195
+ RESERVED
+CVE-2021-40194
+ RESERVED
+CVE-2021-40193
+ RESERVED
+CVE-2021-40192
+ RESERVED
+CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...)
+ NOT-FOR-US: Dzzoffice
+CVE-2021-40190
+ RESERVED
+CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-40187
+ RESERVED
+CVE-2021-40186
+ RESERVED
+CVE-2021-40185
+ RESERVED
+CVE-2021-40184
+ RESERVED
+CVE-2021-40183
+ RESERVED
+CVE-2021-40182
+ RESERVED
+CVE-2021-40181
+ RESERVED
+CVE-2021-40180
+ RESERVED
+CVE-2021-40179
+ RESERVED
+CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the L ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40177 (Zoho ManageEngine Log360 before Build 5225 allows remote code executio ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40176 (Zoho ManageEngine Log360 before Build 5225 allows stored XSS. ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40175 (Zoho ManageEngine Log360 before Build 5219 allows unrestricted file up ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40174 (Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for di ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming attack in ...)
+ NOT-FOR-US: SecuritasHome home alarm system
+CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home alarm syst ...)
+ NOT-FOR-US: SecuritasHome home alarm system
+CVE-2021-40169
+ RESERVED
+CVE-2021-40168
+ RESERVED
+CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40166
+ RESERVED
+CVE-2021-40165
+ RESERVED
+CVE-2021-40164
+ RESERVED
+CVE-2021-40163
+ RESERVED
+CVE-2021-40162
+ RESERVED
+CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...)
+ NOT-FOR-US: Multipass
+CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...)
+ NOT-FOR-US: NXP LPC55S69 devices
+CVE-2021-40152
+ RESERVED
+CVE-2021-40151
+ RESERVED
+CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond the ...)
+ - libtpms 0.9.1-1
+ NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6)
+ NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6)
+ NOTE: https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b (v0.8.5)
+ NOTE: https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab (v0.8.5)
+ NOTE: https://github.com/stefanberger/libtpms/commit/034a5c02488cf7f0048e130177fc71c9e626e135 (v0.9.0)
+ NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0)
+CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
+ NOT-FOR-US: flatcore-cms
+CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627
+ NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
+CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...)
+ {DSA-4967-1 DLA-2752-1}
+ [experimental] - squashfs-tools 1:4.5-1
+ - squashfs-tools 1:4.5-2
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
+ NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5)
+ NOTE: https://github.com/plougher/squashfs-tools/issues/72
+CVE-2021-40150
+ RESERVED
+CVE-2021-40149
+ RESERVED
+CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-3743
+ RESERVED
+ {DSA-4978-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.openwall.net/netdev/2021/08/17/124
+ NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
+CVE-2021-3742
+ RESERVED
+CVE-2021-3741
+ RESERVED
+CVE-2021-3740
+ RESERVED
+CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...)
+ NOT-FOR-US: EmTec ZOC
+CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...)
+ NOT-FOR-US: Apache Any23
+CVE-2021-3738 [crash in dsdb stack]
+ RESERVED
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
+ NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
+CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server]
+ RESERVED
+ {DLA-2808-1}
+ [experimental] - python3.9 3.9.6-1
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python3.4 <removed>
+ NOTE: https://bugs.python.org/issue44022
+ NOTE: https://github.com/python/cpython/pull/25916
+ NOTE: https://github.com/python/cpython/pull/26503
+ NOTE: https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
+ NOTE: https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
+ NOTE: https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
+ NOTE: https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
+ NOTE: https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
+ NOTE: Needs the "Improve the regression test" followup:
+ NOTE: https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
+ NOTE: https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
+ NOTE: https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
+ NOTE: https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
+ NOTE: https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
+CVE-2021-3736 [uninitialized kernel stack may lead to information disclosure]
+ RESERVED
+ - linux 5.14.6-1 (unimportant)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995570
+CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ...)
+ - libgd2 <unfixed>
+ [bullseye] - libgd2 <no-dsa> (Minor issue)
+ [buster] - libgd2 <no-dsa> (Minor issue)
+ [stretch] - libgd2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/libgd/libgd/issues/700
+ NOTE: https://github.com/libgd/libgd/pull/713
+ NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af
+CVE-2021-40144
+ RESERVED
+CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-40142 (In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, re ...)
+ NOT-FOR-US: OPC Foundation Local Discovery Server (LDS)
+CVE-2021-40141
+ RESERVED
+CVE-2021-40140
+ RESERVED
+CVE-2021-40139
+ RESERVED
+CVE-2021-40138
+ RESERVED
+CVE-2021-40137
+ RESERVED
+CVE-2021-40136
+ RESERVED
+CVE-2021-40135
+ RESERVED
+CVE-2021-40134
+ RESERVED
+CVE-2021-40133
+ RESERVED
+CVE-2021-40132
+ RESERVED
+CVE-2021-40131 (A vulnerability in the web-based management interface of Cisco Common ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40130 (A vulnerability in the web application of Cisco Common Services Platfo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40129 (A vulnerability in the configuration dashboard of Cisco Common Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40126 (A vulnerability in the web-based dashboard of Cisco Umbrella could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40124 (A vulnerability in the Network Access Manager (NAM) module of Cisco An ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco Meeting ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40120 (A vulnerability in the web-based management interface of certain Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40118 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...)
+ NOT-FOR-US: Apache James
+CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...)
+ NOT-FOR-US: Apache James
+CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40107
+ RESERVED
+CVE-2021-40106 (An issue was discovered in Concrete CMS through 8.5.5. There is unauth ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40105 (An issue was discovered in Concrete CMS through 8.5.5. There is XSS vi ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40104 (An issue was discovered in Concrete CMS through 8.5.5. There is an SVG ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40096 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40095 (An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40094 (A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. I ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40093 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40092 (A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40090
+ RESERVED
+CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Pu ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40088 (An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode ca ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit log ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...)
+ {DSA-4983-1 DLA-2781-1}
+ - neutron 2:18.1.0-3 (bug #993398)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2
+ NOTE: https://launchpad.net/bugs/1939733
+CVE-2021-40082
+ RESERVED
+CVE-2021-40081
+ RESERVED
+CVE-2021-3739
+ RESERVED
+ {DSA-4978-1}
+ - linux 5.14.6-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3
+CVE-2021-3735 [ahci: deadlock issue leads to denial of service]
+ RESERVED
+ - qemu <unfixed>
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...)
+ [experimental] - knot-resolver 5.4.1-1
+ - knot-resolver 5.4.1-2 (bug #991463)
+ [bullseye] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - knot-resolver <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169
+ NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1)
+CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or ...)
+ NOT-FOR-US: yourls
+CVE-2021-40080
+ RESERVED
+CVE-2021-40079
+ RESERVED
+CVE-2021-40078
+ RESERVED
+CVE-2021-40077
+ RESERVED
+CVE-2021-40076
+ RESERVED
+CVE-2021-40075
+ RESERVED
+CVE-2021-40074
+ RESERVED
+CVE-2021-40073
+ RESERVED
+CVE-2021-40072
+ RESERVED
+CVE-2021-40071
+ RESERVED
+CVE-2021-40070
+ RESERVED
+CVE-2021-40069
+ RESERVED
+CVE-2021-40068
+ RESERVED
+CVE-2021-40067 (The access controls on the Mobility read-write API improperly validate ...)
+ NOT-FOR-US: Mobility
+CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...)
+ NOT-FOR-US: Mobility
+CVE-2021-40065
+ RESERVED
+CVE-2021-40064
+ RESERVED
+CVE-2021-40063
+ RESERVED
+CVE-2021-40062
+ RESERVED
+CVE-2021-40061
+ RESERVED
+CVE-2021-40060
+ RESERVED
+CVE-2021-40059
+ RESERVED
+CVE-2021-40058
+ RESERVED
+CVE-2021-40057
+ RESERVED
+CVE-2021-40056
+ RESERVED
+CVE-2021-40055
+ RESERVED
+CVE-2021-40054
+ RESERVED
+CVE-2021-40053
+ RESERVED
+CVE-2021-40052
+ RESERVED
+CVE-2021-40051
+ RESERVED
+CVE-2021-40050
+ RESERVED
+CVE-2021-40049
+ RESERVED
+CVE-2021-40048
+ RESERVED
+CVE-2021-40047
+ RESERVED
+CVE-2021-40046
+ RESERVED
+CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40043
+ RESERVED
+CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40040
+ RESERVED
+CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40036
+ RESERVED
+CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40034
+ RESERVED
+CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40030
+ RESERVED
+CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40024
+ RESERVED
+CVE-2021-40023
+ RESERVED
+CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40019
+ RESERVED
+CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40017
+ RESERVED
+CVE-2021-40016
+ RESERVED
+CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40013
+ RESERVED
+CVE-2021-40012
+ RESERVED
+CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in the dis ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40006 (The fingerprint module has a security risk of brute force cracking. Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39999
+ RESERVED
+CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39983 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39982 (Phone Manager application has a Improper Privilege Management vulnerab ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39981 (Chang Lian application has a vulnerability which can be maliciously ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39980 (Telephony application has a Exposure of Sensitive Information to an Un ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39979 (HHEE system has a Code Injection vulnerability.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39978 (Telephony application has a SQL Injection vulnerability.Successful exp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39977 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 5800 V200 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39970 (HwPCAssistant has a Improper Input Validation vulnerability.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39969 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39968 (Changlian Blocklist has a Business Logic Errors vulnerability .Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39967 (There is a Vulnerability of obtaining broadcast information improperly ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39966 (There is an Uninitialized AOD driver structure in Smartphones.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39965
+ RESERVED
+CVE-2021-39964
+ RESERVED
+CVE-2021-39963
+ RESERVED
+CVE-2021-39962
+ RESERVED
+CVE-2021-39961
+ RESERVED
+CVE-2021-39960
+ RESERVED
+CVE-2021-39959
+ RESERVED
+CVE-2021-39958
+ RESERVED
+CVE-2021-39957
+ RESERVED
+CVE-2021-39956
+ RESERVED
+CVE-2021-39955
+ RESERVED
+CVE-2021-39954
+ RESERVED
+CVE-2021-39953
+ RESERVED
+CVE-2021-39952
+ RESERVED
+CVE-2021-39951
+ RESERVED
+CVE-2021-39950
+ RESERVED
+CVE-2021-39949
+ RESERVED
+CVE-2021-39948
+ RESERVED
+CVE-2021-39947
+ RESERVED
+CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...)
+ - gitlab <unfixed>
+CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...)
+ - gitlab <unfixed>
+CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...)
+ - gitlab <unfixed>
+ TODO: reach out for details
+CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
+ - gitlab <unfixed>
+CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...)
+ - gitlab <unfixed>
+CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...)
+ - gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
+ NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
+CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...)
+ - gitlab <unfixed>
+CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...)
+ - gitlab <unfixed>
+CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...)
+ - gitlab <unfixed>
+CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...)
+ - gitlab <unfixed>
+CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...)
+ - gitlab <unfixed>
+CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
+CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html
+CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...)
+ - gitlab <unfixed>
+CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <not-affected> (Vulnerable code not present)
+ [stretch] - wireshark <not-affected> (Vulnerable code not present)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
+CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark 2.6.20-0+deb10u2
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
+CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
+CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html
+CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
+CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html
+CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <not-affected> (IPPUSB dissector added in 3.4)
+ [stretch] - wireshark <not-affected> (IPPUSB dissector added in 3.4)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
+CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...)
+ - gitlab <unfixed>
+CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...)
+ - gitlab <unfixed>
+CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...)
+ - gitlab <unfixed>
+CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...)
+ - gitlab <unfixed>
+CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...)
+ - gitlab <unfixed>
+CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...)
+ - gitlab <unfixed>
+CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...)
+ - gitlab <unfixed>
+CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 13.9 exp ...)
+ - gitlab <unfixed>
+CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-39908
+ RESERVED
+CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...)
+ - gitlab <unfixed>
+CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...)
+ - gitlab <unfixed>
+CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since ...)
+ - gitlab <unfixed>
+CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in GitLab ...)
+ - gitlab <unfixed>
+CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...)
+ - gitlab <unfixed>
+CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...)
+ - gitlab <unfixed>
+CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...)
+ - gitlab <unfixed>
+CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...)
+ - gitlab <unfixed>
+CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...)
+ - gitlab <unfixed>
+CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...)
+ - gitlab <unfixed>
+CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...)
+ - gitlab <unfixed>
+CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...)
+ - gitlab <unfixed>
+CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...)
+ - gitlab <unfixed>
+CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...)
+ - gitlab <unfixed>
+CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
+ - gitlab <unfixed>
+CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...)
+ [experimental] - gitlab 14.6.4+ds1-1
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440
+CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
+ - gitlab <unfixed>
+CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...)
+ - gitlab <unfixed>
+CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...)
+ - gitlab <unfixed>
+CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...)
+ - gitlab <unfixed>
+CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5 ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39883 (Improper authorization checks in GitLab EE &gt; 13.11 allows subgroup ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...)
+ - gitlab <unfixed>
+CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...)
+ - gitlab <unfixed>
+CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...)
+ - gitlab <unfixed>
+ - ruby-apollo-upload-server <unfixed>
+ TODO: reach out for details
+CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
+ - gitlab <unfixed>
+CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...)
+ - gitlab <unfixed>
+CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
+ - gitlab <unfixed>
+CVE-2021-39876
+ RESERVED
+CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...)
+ - gitlab <unfixed>
+CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
+ - gitlab <unfixed>
+CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...)
+ - gitlab <unfixed>
+CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...)
+ - gitlab <unfixed>
+CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...)
+ - gitlab <unfixed>
+CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...)
+ - gitlab <unfixed>
+CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...)
+ - gitlab <unfixed>
+CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...)
+ - gitlab <unfixed>
+CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...)
+ - gitlab <unfixed>
+CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...)
+ - gitlab <unfixed>
+CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39859
+ RESERVED
+CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39856 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39855 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39854 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39853 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39852 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39851 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39850 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39848
+ RESERVED
+CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39846 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39845 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39844 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39843 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39842 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39841 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39840 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39839 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39838 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39837 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39836 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39835 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39834 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39833 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39832 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39831 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39830 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39829 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39828 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a p ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39827 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39826 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39825 (Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and e ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39822
+ RESERVED
+CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39820
+ RESERVED
+CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39815
+ RESERVED
+CVE-2021-39814
+ RESERVED
+CVE-2021-39813
+ RESERVED
+CVE-2021-39812
+ RESERVED
+CVE-2021-39811
+ RESERVED
+CVE-2021-39810
+ RESERVED
+CVE-2021-39809
+ RESERVED
+CVE-2021-39808
+ RESERVED
+CVE-2021-39807
+ RESERVED
+CVE-2021-39806
+ RESERVED
+CVE-2021-39805
+ RESERVED
+CVE-2021-39804
+ RESERVED
+CVE-2021-39803
+ RESERVED
+CVE-2021-39802
+ RESERVED
+CVE-2021-39801
+ RESERVED
+CVE-2021-39800
+ RESERVED
+CVE-2021-39799
+ RESERVED
+CVE-2021-39798
+ RESERVED
+CVE-2021-39797
+ RESERVED
+CVE-2021-39796
+ RESERVED
+CVE-2021-39795
+ RESERVED
+CVE-2021-39794
+ RESERVED
+CVE-2021-39793
+ RESERVED
+CVE-2021-39792
+ RESERVED
+CVE-2021-39791
+ RESERVED
+CVE-2021-39790
+ RESERVED
+CVE-2021-39789
+ RESERVED
+CVE-2021-39788
+ RESERVED
+CVE-2021-39787
+ RESERVED
+CVE-2021-39786
+ RESERVED
+CVE-2021-39785
+ RESERVED
+CVE-2021-39784
+ RESERVED
+CVE-2021-39783
+ RESERVED
+CVE-2021-39782
+ RESERVED
+CVE-2021-39781
+ RESERVED
+CVE-2021-39780
+ RESERVED
+CVE-2021-39779
+ RESERVED
+CVE-2021-39778
+ RESERVED
+CVE-2021-39777
+ RESERVED
+CVE-2021-39776
+ RESERVED
+CVE-2021-39775
+ RESERVED
+CVE-2021-39774
+ RESERVED
+CVE-2021-39773
+ RESERVED
+CVE-2021-39772
+ RESERVED
+CVE-2021-39771
+ RESERVED
+CVE-2021-39770
+ RESERVED
+CVE-2021-39769
+ RESERVED
+CVE-2021-39768
+ RESERVED
+CVE-2021-39767
+ RESERVED
+CVE-2021-39766
+ RESERVED
+CVE-2021-39765
+ RESERVED
+CVE-2021-39764
+ RESERVED
+CVE-2021-39763
+ RESERVED
+CVE-2021-39762
+ RESERVED
+CVE-2021-39761
+ RESERVED
+CVE-2021-39760
+ RESERVED
+CVE-2021-39759
+ RESERVED
+CVE-2021-39758
+ RESERVED
+CVE-2021-39757
+ RESERVED
+CVE-2021-39756
+ RESERVED
+CVE-2021-39755
+ RESERVED
+CVE-2021-39754
+ RESERVED
+CVE-2021-39753
+ RESERVED
+CVE-2021-39752
+ RESERVED
+CVE-2021-39751
+ RESERVED
+CVE-2021-39750
+ RESERVED
+CVE-2021-39749
+ RESERVED
+CVE-2021-39748
+ RESERVED
+CVE-2021-39747
+ RESERVED
+CVE-2021-39746
+ RESERVED
+CVE-2021-39745
+ RESERVED
+CVE-2021-39744
+ RESERVED
+CVE-2021-39743
+ RESERVED
+CVE-2021-39742
+ RESERVED
+CVE-2021-39741
+ RESERVED
+CVE-2021-39740
+ RESERVED
+CVE-2021-39739
+ RESERVED
+CVE-2021-39738
+ RESERVED
+CVE-2021-39737
+ RESERVED
+CVE-2021-39736
+ RESERVED
+CVE-2021-39735
+ RESERVED
+CVE-2021-39734
+ RESERVED
+CVE-2021-39733
+ RESERVED
+CVE-2021-39732
+ RESERVED
+CVE-2021-39731
+ RESERVED
+CVE-2021-39730
+ RESERVED
+CVE-2021-39729
+ RESERVED
+CVE-2021-39728
+ RESERVED
+CVE-2021-39727
+ RESERVED
+CVE-2021-39726
+ RESERVED
+CVE-2021-39725
+ RESERVED
+CVE-2021-39724
+ RESERVED
+CVE-2021-39723
+ RESERVED
+CVE-2021-39722
+ RESERVED
+CVE-2021-39721
+ RESERVED
+CVE-2021-39720
+ RESERVED
+CVE-2021-39719
+ RESERVED
+CVE-2021-39718
+ RESERVED
+CVE-2021-39717
+ RESERVED
+CVE-2021-39716
+ RESERVED
+CVE-2021-39715
+ RESERVED
+CVE-2021-39714
+ RESERVED
+CVE-2021-39713
+ RESERVED
+CVE-2021-39712
+ RESERVED
+CVE-2021-39711
+ RESERVED
+CVE-2021-39710
+ RESERVED
+CVE-2021-39709
+ RESERVED
+CVE-2021-39708
+ RESERVED
+CVE-2021-39707
+ RESERVED
+CVE-2021-39706
+ RESERVED
+CVE-2021-39705
+ RESERVED
+CVE-2021-39704
+ RESERVED
+CVE-2021-39703
+ RESERVED
+CVE-2021-39702
+ RESERVED
+CVE-2021-39701
+ RESERVED
+CVE-2021-39700
+ RESERVED
+CVE-2021-39699
+ RESERVED
+CVE-2021-39698
+ RESERVED
+CVE-2021-39697
+ RESERVED
+CVE-2021-39696
+ RESERVED
+CVE-2021-39695
+ RESERVED
+CVE-2021-39694
+ RESERVED
+CVE-2021-39693
+ RESERVED
+CVE-2021-39692
+ RESERVED
+CVE-2021-39691
+ RESERVED
+CVE-2021-39690
+ RESERVED
+CVE-2021-39689
+ RESERVED
+CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-39686
+ RESERVED
+CVE-2021-39685
+ RESERVED
+ {DSA-5050-1}
+ - linux 5.15.5-2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
+CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39678 (In &lt;TBD&gt; of &lt;TBD&gt;, there is a possible bypass of Factory R ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39677 (In startVideoStream() there is a possibility of an OOB Read in the hea ...)
+ NOT-FOR-US: Android
+CVE-2021-39676 (In writeThrowable of AndroidFuture.java, there is a possible parcel se ...)
+ NOT-FOR-US: Android
+CVE-2021-39675 (In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds writ ...)
+ NOT-FOR-US: Android
+CVE-2021-39674 (In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , the ...)
+ NOT-FOR-US: Android
+CVE-2021-39673
+ RESERVED
+CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a configura ...)
+ NOT-FOR-US: Android
+CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...)
+ NOT-FOR-US: Android
+CVE-2021-39670
+ RESERVED
+CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...)
+ NOT-FOR-US: Android
+CVE-2021-39667
+ RESERVED
+CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android
+CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...)
+ NOT-FOR-US: Android
+CVE-2021-39664 (In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-39661
+ RESERVED
+CVE-2021-39660
+ RESERVED
+CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment&#12290;ismsEx s ...)
+ NOT-FOR-US: Android
+CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...)
+ - linux 5.10.12-1
+ [buster] - linux 4.19.171-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+ NOTE: https://git.kernel.org/linus/35fc4cd34426c242ab015ef280853b7bff101f48 (5.11-rc4)
+CVE-2021-39656 (In __configfs_open_file of file.c, there is a possible use-after-free ...)
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+ NOTE: https://git.kernel.org/linus/14fbbc8297728e880070f7b077b3301a8c698ef9 (5.12-rc3)
+CVE-2021-39655 (Product: AndroidVersions: Android kernelAndroid ID: A-192641593Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39654
+ RESERVED
+CVE-2021-39653 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39652 (In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds wri ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39651 (In TBD of TBD, there is a possible way to access PIN protected setting ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39650 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39649 (In regmap_exit of regmap.c, there is a possible use-after-free due to ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39648 (In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...)
+ - linux 5.10.9-1
+ [buster] - linux 4.19.171-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://git.kernel.org/linus/64e6bbfff52db4bf6785fab9cffab850b2de6870
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+CVE-2021-39647 (In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_ ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39646 (Product: AndroidVersions: Android kernelAndroid ID: A-201537251Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39645 (Product: AndroidVersions: Android kernelAndroid ID: A-199805112Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39644 (Product: AndroidVersions: Android kernelAndroid ID: A-199809304Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39643 (In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39642 (In synchronous_process_io_entries of lwis_ioctl.c, there is a possible ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39641 (Product: AndroidVersions: Android kernelAndroid ID: A-126949257Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39640 (In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39639 (In TBD of fvp.c, there is a possible way to glitch CPU behavior due to ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39638 (In periodic_io_work_func of lwis_periodic_io.c, there is a possible ou ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there i ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...)
+ - linux 4.16.5-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+CVE-2021-39635 (ims_ex is a vendor system service used to manage VoLTE in unisoc devic ...)
+ NOT-FOR-US: Android
+CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...)
+ - linux 5.8.14-1
+ [buster] - linux 4.19.152-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://source.android.com/security/bulletin/2022-01-01
+ NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8)
+CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://source.android.com/security/bulletin/2022-01-01
+ NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14)
+CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2021-39631 (In clear_data_dlg_text of strings.xml, there is a possible situation w ...)
+ NOT-FOR-US: Android
+CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...)
+ NOT-FOR-US: Android
+CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
+ NOT-FOR-US: Android
+CVE-2021-39624
+ RESERVED
+CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...)
+ NOT-FOR-US: Android
+CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...)
+ NOT-FOR-US: Android
+CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39617
+ RESERVED
+CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 ...)
+ NOT-FOR-US: Android
+CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
+ RESERVED
+ {DLA-2808-1}
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ NOTE: https://bugs.python.org/issue43075
+ NOTE: https://github.com/python/cpython/pull/24391
+ NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)
+ NOTE: https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)
+ NOTE: https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)
+ NOTE: https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)
+ NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
+CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files]
+ RESERVED
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
+ NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631
+CVE-2021-39615 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39614 (D-Link DVX-2000MS contains hard-coded credentials for undocumented use ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39613 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39612
+ RESERVED
+CVE-2021-39611
+ RESERVED
+CVE-2021-39610
+ RESERVED
+CVE-2021-39609 (Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 v ...)
+ NOT-FOR-US: FlatCore-CMS
+CVE-2021-39608 (Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 ...)
+ NOT-FOR-US: FlatCore-CMS
+CVE-2021-39607
+ RESERVED
+CVE-2021-39606
+ RESERVED
+CVE-2021-39605
+ RESERVED
+CVE-2021-39604
+ RESERVED
+CVE-2021-39603
+ RESERVED
+CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd fu ...)
+ NOT-FOR-US: Miniftpd
+CVE-2021-39601
+ RESERVED
+CVE-2021-39600
+ RESERVED
+CVE-2021-39599 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS ...)
+ NOT-FOR-US: CXUUCMS
+CVE-2021-39598 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/145
+CVE-2021-39597 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/143
+CVE-2021-39596 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/146
+CVE-2021-39595 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/141
+CVE-2021-39594 (Other An issue was discovered in swftools through 20200710. A NULL poi ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/142
+CVE-2021-39593 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/139
+CVE-2021-39592 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/138
+CVE-2021-39591 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/135
+CVE-2021-39590 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/137
+CVE-2021-39589 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/132
+CVE-2021-39588 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/131
+CVE-2021-39587 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/129
+CVE-2021-39586
+ RESERVED
+CVE-2021-39585 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/133
+CVE-2021-39584 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/130
+CVE-2021-39583 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/136
+CVE-2021-39582 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/122
+CVE-2021-39581
+ RESERVED
+CVE-2021-39580
+ RESERVED
+CVE-2021-39579 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/125
+CVE-2021-39578
+ RESERVED
+CVE-2021-39577 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/121
+CVE-2021-39576
+ RESERVED
+CVE-2021-39575 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/128
+CVE-2021-39574 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/124
+CVE-2021-39573
+ RESERVED
+CVE-2021-39572
+ RESERVED
+CVE-2021-39571
+ RESERVED
+CVE-2021-39570
+ RESERVED
+CVE-2021-39569 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/114
+CVE-2021-39568
+ RESERVED
+CVE-2021-39567
+ RESERVED
+CVE-2021-39566
+ RESERVED
+CVE-2021-39565
+ RESERVED
+CVE-2021-39564 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/116
+CVE-2021-39563 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/115
+CVE-2021-39562 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/98
+CVE-2021-39561 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/102
+CVE-2021-39560
+ RESERVED
+CVE-2021-39559 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/101
+CVE-2021-39558 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/106
+CVE-2021-39557 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/97
+CVE-2021-39556 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/105
+CVE-2021-39555 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/99
+CVE-2021-39554 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/100
+CVE-2021-39553 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/103
+CVE-2021-39552 (An issue was discovered in sela through 20200412. file::WavFile::readF ...)
+ NOT-FOR-US: sela
+CVE-2021-39551 (An issue was discovered in sela through 20200412. file::SelaFile::read ...)
+ NOT-FOR-US: sela
+CVE-2021-39550 (An issue was discovered in sela through 20200412. file::SelaFile::read ...)
+ NOT-FOR-US: sela
+CVE-2021-39549 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39548 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39547 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39546 (An issue was discovered in sela through 20200412. rice::RiceDecoder::p ...)
+ NOT-FOR-US: sela
+CVE-2021-39545 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39544 (An issue was discovered in sela through 20200412. file::WavFile::write ...)
+ NOT-FOR-US: sela
+CVE-2021-39543 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39542 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39541 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39540 (An issue was discovered in pdftools through 20200714. A stack-buffer-o ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39539 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39538 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39537 (An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...)
+ - ncurses <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
+ NOTE: Negligible security impact
+CVE-2021-39536 (An issue was discovered in libxsmm through v1.16.1-93. The JIT code ha ...)
+ - libxsmm <unfixed> (bug #996098)
+ NOTE: https://github.com/hfp/libxsmm/issues/402
+ NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375
+ NOTE: https://github.com/hfp/libxsmm/commit/c24027d07eef23411a56958e52afad5ee6db6393
+CVE-2021-39535 (An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer ...)
+ - libxsmm <unfixed> (bug #996098)
+ NOTE: https://github.com/hfp/libxsmm/issues/398
+ NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375
+CVE-2021-39534 (An issue was discovered in libslax through v0.22.1. slaxIsCommentStart ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39533 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39532 (An issue was discovered in libslax through v0.22.1. A NULL pointer der ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39531 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39530 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39529
+ RESERVED
+CVE-2021-39528 (An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MAT ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39527 (An issue was discovered in libredwg through v0.10.1.3751. appinfo_priv ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39526
+ RESERVED
+CVE-2021-39525 (An issue was discovered in libredwg through v0.10.1.3751. bit_read_fix ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39524
+ RESERVED
+CVE-2021-39523 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39522 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len( ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39521 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39520 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/34
+CVE-2021-39519 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/28
+CVE-2021-39518 (An issue was discovered in libjpeg through 2020021. LineBuffer::FetchR ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/35
+CVE-2021-39517 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/33
+CVE-2021-39516 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/42
+CVE-2021-39515 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/37
+CVE-2021-39514 (An issue was discovered in libjpeg through 2020021. An uncaught floati ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/36
+CVE-2021-39513
+ RESERVED
+CVE-2021-39512
+ RESERVED
+CVE-2021-39511
+ RESERVED
+CVE-2021-39510 (An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wirele ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39509 (An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B01 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39508
+ RESERVED
+CVE-2021-39507
+ RESERVED
+CVE-2021-39506
+ RESERVED
+CVE-2021-39505
+ RESERVED
+CVE-2021-39504
+ RESERVED
+CVE-2021-39503 (PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is ...)
+ NOT-FOR-US: PHPMyWind
+CVE-2021-39502
+ RESERVED
+CVE-2021-39501 (EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39500 (Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of i ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39499 (A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouC ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39498
+ RESERVED
+CVE-2021-39497 (eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39496 (Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39495
+ RESERVED
+CVE-2021-39494
+ RESERVED
+CVE-2021-39493
+ RESERVED
+CVE-2021-39492
+ RESERVED
+CVE-2021-39491
+ RESERVED
+CVE-2021-39490
+ RESERVED
+CVE-2021-39489
+ RESERVED
+CVE-2021-39488
+ RESERVED
+CVE-2021-39487
+ RESERVED
+CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...)
+ NOT-FOR-US: Gila CMS
+CVE-2021-39485
+ RESERVED
+CVE-2021-39484
+ RESERVED
+CVE-2021-39483
+ RESERVED
+CVE-2021-39482
+ RESERVED
+CVE-2021-39481
+ RESERVED
+CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...)
+ NOT-FOR-US: bingrep
+CVE-2021-39479
+ RESERVED
+CVE-2021-39478
+ RESERVED
+CVE-2021-39477
+ RESERVED
+CVE-2021-39476
+ RESERVED
+CVE-2021-39475
+ RESERVED
+CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...)
+ NOT-FOR-US: Docsis UBC1319BA00 Router
+CVE-2021-39473
+ RESERVED
+CVE-2021-39472
+ RESERVED
+CVE-2021-39471
+ RESERVED
+CVE-2021-39470
+ RESERVED
+CVE-2021-39469
+ RESERVED
+CVE-2021-39468
+ RESERVED
+CVE-2021-39467
+ RESERVED
+CVE-2021-39466
+ RESERVED
+CVE-2021-39465
+ RESERVED
+CVE-2021-39464
+ RESERVED
+CVE-2021-39463
+ RESERVED
+CVE-2021-39462
+ RESERVED
+CVE-2021-39461
+ RESERVED
+CVE-2021-39460
+ RESERVED
+CVE-2021-39459 (Remote code execution in the modules component in Yakamara Media Redax ...)
+ NOT-FOR-US: Yakamara Media Redaxo CMS
+CVE-2021-39458 (Triggering an error page of the import process in Yakamara Media Redax ...)
+ NOT-FOR-US: Yakamara Media Redaxo CMS
+CVE-2021-39457
+ RESERVED
+CVE-2021-39456
+ RESERVED
+CVE-2021-39455
+ RESERVED
+CVE-2021-39454
+ RESERVED
+CVE-2021-39453
+ RESERVED
+CVE-2021-39452
+ RESERVED
+CVE-2021-39451
+ RESERVED
+CVE-2021-39450
+ RESERVED
+CVE-2021-39449
+ RESERVED
+CVE-2021-39448
+ RESERVED
+CVE-2021-39447
+ RESERVED
+CVE-2021-39446
+ RESERVED
+CVE-2021-39445
+ RESERVED
+CVE-2021-39444
+ RESERVED
+CVE-2021-39443
+ RESERVED
+CVE-2021-39442
+ RESERVED
+CVE-2021-39441
+ RESERVED
+CVE-2021-39440
+ RESERVED
+CVE-2021-39439
+ RESERVED
+CVE-2021-39438
+ RESERVED
+CVE-2021-39437
+ RESERVED
+CVE-2021-39436
+ RESERVED
+CVE-2021-39435
+ RESERVED
+CVE-2021-39434
+ RESERVED
+CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version BIQS IT B ...)
+ NOT-FOR-US: BIQS IT Biqs-drive
+CVE-2021-39432
+ RESERVED
+CVE-2021-39431
+ RESERVED
+CVE-2021-39430
+ RESERVED
+CVE-2021-39429
+ RESERVED
+CVE-2021-39428
+ RESERVED
+CVE-2021-39427
+ RESERVED
+CVE-2021-39426
+ RESERVED
+CVE-2021-39425
+ RESERVED
+CVE-2021-39424
+ RESERVED
+CVE-2021-39423
+ RESERVED
+CVE-2021-39422
+ RESERVED
+CVE-2021-39421
+ RESERVED
+CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...)
+ NOT-FOR-US: VFront
+CVE-2021-39419
+ RESERVED
+CVE-2021-39418
+ RESERVED
+CVE-2021-39417
+ RESERVED
+CVE-2021-39416 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote C ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-39415
+ RESERVED
+CVE-2021-39414
+ RESERVED
+CVE-2021-39413 (Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-39412 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGuruk ...)
+ NOT-FOR-US: PHPGurukul Shopping
+CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGuruku ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System
+CVE-2021-39410
+ RESERVED
+CVE-2021-39409
+ RESERVED
+CVE-2021-39408
+ RESERVED
+CVE-2021-39407
+ RESERVED
+CVE-2021-39406
+ RESERVED
+CVE-2021-39405
+ RESERVED
+CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative user to sav ...)
+ NOT-FOR-US: MaianAffiliate
+CVE-2021-39403
+ RESERVED
+CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...)
+ NOT-FOR-US: MaianAffiliate
+CVE-2021-39401
+ RESERVED
+CVE-2021-39400
+ RESERVED
+CVE-2021-39399
+ RESERVED
+CVE-2021-39398
+ RESERVED
+CVE-2021-39397
+ RESERVED
+CVE-2021-39396
+ RESERVED
+CVE-2021-39395
+ RESERVED
+CVE-2021-39394
+ RESERVED
+CVE-2021-39393
+ RESERVED
+CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...)
+ NOT-FOR-US: MyLittleBackup
+CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...)
+ NOT-FOR-US: Beego
+CVE-2021-39390
+ RESERVED
+CVE-2021-39389
+ RESERVED
+CVE-2021-39388
+ RESERVED
+CVE-2021-39387
+ RESERVED
+CVE-2021-39386
+ RESERVED
+CVE-2021-39385
+ RESERVED
+CVE-2021-39384
+ RESERVED
+CVE-2021-39383
+ RESERVED
+CVE-2021-39382
+ RESERVED
+CVE-2021-39381
+ RESERVED
+CVE-2021-39380
+ RESERVED
+CVE-2021-39379 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...)
+ NOT-FOR-US: openSIS
+CVE-2021-39378 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...)
+ NOT-FOR-US: openSIS
+CVE-2021-39377 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...)
+ NOT-FOR-US: openSIS
+CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
+ NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
+CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
+ NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
+CVE-2021-39374
+ RESERVED
+CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers t ...)
+ NOT-FOR-US: Samsung
+CVE-2021-39372
+ RESERVED
+CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an ...)
+ {DLA-2754-1}
+ - pywps 4.5.0-1
+ [bullseye] - pywps <no-dsa> (Minor issue)
+ [buster] - pywps <no-dsa> (Minor issue)
+ NOTE: https://github.com/geopython/OWSLib/issues/790
+ NOTE: https://github.com/geopython/pywps/pull/616
+CVE-2021-39370
+ RESERVED
+CVE-2021-39369
+ RESERVED
+CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...)
+ NOT-FOR-US: Canon Oce Print Exec Workgroup
+CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. ...)
+ NOT-FOR-US: Canon Oce Print Exec Workgroup
+CVE-2021-39366
+ RESERVED
+CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...)
+ {DSA-4964-1 DLA-2762-1}
+ - grilo 0.3.13-1.1 (bug #992971)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
+CVE-2021-39364
+ RESERVED
+CVE-2021-39363
+ RESERVED
+CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...)
+ NOT-FOR-US: ReCaptcha Solver
+CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable ...)
+ - evolution-rss <unfixed> (bug #996590)
+ [bullseye] - evolution-rss <no-dsa> (Minor issue)
+ [buster] - evolution-rss <no-dsa> (Minor issue)
+ [stretch] - evolution-rss <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11
+CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS ...)
+ - libzapojit <unfixed> (bug #993538)
+ [bullseye] - libzapojit <no-dsa> (Minor issue)
+ [buster] - libzapojit <no-dsa> (Minor issue)
+ [stretch] - libzapojit <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4
+CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS ...)
+ - libgda5 <unfixed> (bug #993592)
+ [bullseye] - libgda5 <no-dsa> (Minor issue)
+ [buster] - libgda5 <no-dsa> (Minor issue)
+ [stretch] - libgda5 <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249
+CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...)
+ - gfbgraph 0.2.5-1 (bug #993537)
+ [bullseye] - gfbgraph <no-dsa> (Minor issue)
+ [buster] - gfbgraph <no-dsa> (Minor issue)
+ [stretch] - gfbgraph <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17
+CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...)
+ {DSA-4962-1}
+ - ledgersmb 1.6.9+ds-2.1 (bug #992817)
+ NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking
+CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39353 (The Easy Registration Forms WordPress plugin is vulnerable to Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39346 (The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39341 (The OptinMonster WordPress plugin is vulnerable to sensitive informati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39340 (The Notification WordPress plugin is vulnerable to Stored Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39333 (The Hashthemes Demo Importer Plugin &lt;= 1.1.1 for WordPress containe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39331
+ RESERVED
+CVE-2021-39330
+ REJECTED
+CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39326
+ RESERVED
+CVE-2021-39325 (The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39324
+ RESERVED
+CVE-2021-39323
+ RESERVED
+CVE-2021-39322 (The Easy Social Icons plugin &lt;= 3.0.8 for WordPress echoes out the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39320 (The underConstruction plugin &lt;= 1.18 for WordPress echoes out the r ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39317 (A WordPress plugin and several WordPress themes developed by AccessPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39316 (The Zoomsounds plugin &lt;= 6.45 for WordPress allows arbitrary files, ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39312 (The True Ranker plugin &lt;= 2.2.2 for WordPress allows arbitrary file ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
+ NOT-FOR-US: PDFTron WebViewer UI
+CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...)
+ NOT-FOR-US: Realtek
+CVE-2021-39305
+ RESERVED
+CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...)
+ NOT-FOR-US: MISP
+CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
+ NOT-FOR-US: OpenBMC
+CVE-2021-39295
+ RESERVED
+CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3724
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-23161
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-23156
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-39294
+ RESERVED
+CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.1-1
+ - golang-1.16 1.16.8-1
+ - golang-1.15 1.15.15-2
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/47801
+ NOTE: https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1)
+ NOTE: https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8)
+CVE-2021-39292
+ RESERVED
+CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...)
+ NOT-FOR-US: IBM
+CVE-2021-3722
+ RESERVED
+CVE-2021-3721
+ RESERVED
+CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3718 (A denial of service vulnerability was reported in some ThinkPad models ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...)
+ NOT-FOR-US: NetModule devices
+CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...)
+ NOT-FOR-US: NetModule devices
+CVE-2021-39289 (Certain NetModule devices have Insecure Password Handling (cleartext o ...)
+ NOT-FOR-US: NetModule devices
+CVE-2021-39288
+ RESERVED
+CVE-2021-39287
+ RESERVED
+CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...)
+ NOT-FOR-US: Webrecorder pywb
+CVE-2021-39285 (A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8 ...)
+ NOT-FOR-US: Versa
+CVE-2021-39284
+ RESERVED
+CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <ignored> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html
+CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <ignored> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html
+CVE-2021-39281
+ RESERVED
+CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...)
+ NOT-FOR-US: Korenix JetWave devices
+CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...)
+ NOT-FOR-US: MOXA
+CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...)
+ NOT-FOR-US: MOXA
+CVE-2021-39277
+ RESERVED
+CVE-2021-39276
+ RESERVED
+CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...)
+ {DSA-4982-1 DLA-2776-1}
+ - apache2 2.4.49-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275
+ NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk)
+ NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62 (trunk)
+ NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk)
+ NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x)
+ NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x)
+CVE-2021-3717
+ RESERVED
+ - wildfly <itp> (bug #752018)
+CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...)
+ NOT-FOR-US: XeroSecurity Sn1per
+CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) ...)
+ NOT-FOR-US: XeroSecurity Sn1per
+CVE-2021-39272 (Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption i ...)
+ - fetchmail 6.4.22-1 (bug #993163)
+ [bullseye] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
+ [buster] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
+ [stretch] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
+ NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
+CVE-2021-39271 (OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code ex ...)
+ NOT-FOR-US: OrbiTeam BSCW Classic
+CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...)
+ NOT-FOR-US: Ping Identity RSA SecurID Integration Kit
+CVE-2021-39269
+ RESERVED
+CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-39266
+ RESERVED
+CVE-2021-39265
+ RESERVED
+CVE-2021-39264
+ RESERVED
+CVE-2021-39263 (A crafted NTFS image can trigger a heap-based buffer overflow, caused ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39262 (A crafted NTFS image can cause an out-of-bounds access in ntfs_decompr ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39261 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_co ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39260 (A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_s ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39259 (A crafted NTFS image can trigger an out-of-bounds access, caused by an ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39258 (A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find a ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39257 (A crafted NTFS image with an unallocated bitmap can lead to a endless ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39256 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_in ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39255 (A crafted NTFS image can trigger an out-of-bounds read, caused by an i ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39254 (A crafted NTFS image can cause an integer overflow in memmove, leading ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39253 (A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_ ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39252 (A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39251 (A crafted NTFS image can cause a NULL pointer dereference in ntfs_exte ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
+ NOT-FOR-US: Invision Community
+CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
+ NOT-FOR-US: Invision Community
+CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...)
+ NOT-FOR-US: Open edX
+CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...)
+ - zint <not-affected> (Introduced and fixed between 2.9.1 and 2.10.0)
+ NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/
+ NOTE: https://sourceforge.net/p/zint/tickets/232/
+ NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/
+CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlatio ...)
+ NOT-FOR-US: Tor Browser
+CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
+ RESERVED
+ - nbdkit 1.26.5-1
+ [bullseye] - nbdkit <no-dsa> (Minor issue)
+ [buster] - nbdkit <not-affected> (Vulnerable code introduced later)
+ [stretch] - nbdkit <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html
+CVE-2021-3715
+ RESERVED
+ - linux 5.5.17-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/07/1
+ NOTE: https://git.kernel.org/linus/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 (5.6)
+CVE-2021-3714
+ RESERVED
+CVE-2021-39245 (Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, ...)
+ NOT-FOR-US: Altus
+CVE-2021-39244 (Authenticated Semi-Blind Command Injection (via Parameter Injection) e ...)
+ NOT-FOR-US: Altus
+CVE-2021-39243 (Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, ...)
+ NOT-FOR-US: Altus
+CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ {DSA-4960-1}
+ - haproxy 2.2.16-1
+ [buster] - haproxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1
+CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...)
+ {DSA-4960-1}
+ - haproxy 2.2.16-1
+ [buster] - haproxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=89265224d314a056d77d974284802c1b8a0dc97f
+CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ {DSA-4960-1}
+ - haproxy 2.2.16-1
+ [buster] - haproxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8
+CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...)
+ NOT-FOR-US: Apache Jena
+CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...)
+ NOT-FOR-US: HP
+CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...)
+ NOT-FOR-US: HP
+CVE-2021-39236 (In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39235 (In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39234 (In Apache Ozone versions prior to 1.2.0, Authenticated users knowing t ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39233 (In Apache Ozone versions prior to 1.2.0, Container related Datanode re ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39232 (In Apache Ozone versions prior to 1.2.0, certain admin related SCM com ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39231 (In Apache Ozone versions prior to 1.2.0, Various internal server-to-se ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...)
+ {DSA-4980-1 DLA-2753-1}
+ - qemu 1:6.1+dfsg-2 (bug #992727)
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a
+CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...)
+ NOT-FOR-US: Butter
+CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...)
+ NOT-FOR-US: Apprise
+CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...)
+ NOT-FOR-US: Tremor event processing (different from Vorbis Tremor)
+CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...)
+ NOT-FOR-US: ZRender
+CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...)
+ - grafana <removed>
+CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ NOT-FOR-US: Nextcloud OfficeOnline
+CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ NOT-FOR-US: Nextcloud Contacts
+CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
+ NOT-FOR-US: Nextcloud Mail
+CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. Wasmtim ...)
+ NOT-FOR-US: wasmtime
+CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. In Wasm ...)
+ NOT-FOR-US: wasmtime
+CVE-2021-39217
+ RESERVED
+CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. In Wasm ...)
+ NOT-FOR-US: wasmtime
+CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...)
+ - jitsi-meet <itp> (bug #760485)
+CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...)
+ - mitmproxy <unfixed> (bug #994570)
+ [bullseye] - mitmproxy <no-dsa> (Minor issue)
+ [buster] - mitmproxy <no-dsa> (Minor issue)
+ [stretch] - mitmproxy <no-dsa> (Minor issue)
+ NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38
+CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...)
+ - imagemagick <unfixed> (bug #996588)
+ [bullseye] - imagemagick <no-dsa> (Minor issue)
+ [buster] - imagemagick <no-dsa> (Minor issue)
+ [stretch] - imagemagick <no-dsa> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e
+CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39210 (GLPI is a free Asset and IT management software package. In versions p ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39209 (GLPI is a free Asset and IT management software package. In versions p ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...)
+ NOT-FOR-US: SharpCompress
+CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...)
+ NOT-FOR-US: Facebook ParlAI
+CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-39205 (Jitsi Meet is an open source video conferencing application. Versions ...)
+ - jitsi-meet <itp> (bug #760485)
+CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-39203 (WordPress is a free and open-source content management system written ...)
+ - wordpress <not-affected> (Only affects 5.8 beta 1; vulnerable code introduced later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6
+CVE-2021-39202 (WordPress is a free and open-source content management system written ...)
+ - wordpress <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297
+CVE-2021-39201 (WordPress is a free and open-source content management system written ...)
+ {DSA-4985-1}
+ - wordpress 5.8.1+dfsg1-1 (bug #994059)
+ [stretch] - wordpress <not-affected> (Vulnerable code added later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v
+CVE-2021-39200 (WordPress is a free and open-source content management system written ...)
+ - wordpress 5.8.1+dfsg1-1 (bug #994060)
+ [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1
+ [buster] - wordpress <not-affected> (Vulnerable code introduced later in 5.2)
+ [stretch] - wordpress <not-affected> (Vulnerable code added later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5
+CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...)
+ NOT-FOR-US: Node remark-html
+CVE-2021-39198 (OroCRM is an open source Client Relationship Management (CRM) applicat ...)
+ NOT-FOR-US: OroCRM
+CVE-2021-39197 (better_errors is an open source replacement for the standard Rails err ...)
+ - ruby-better-errors <itp> (bug #739168)
+CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In affected ...)
+ NOT-FOR-US: pcapture
+CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...)
+ NOT-FOR-US: Misskey
+CVE-2021-39194 (kaml is an open source implementation of the YAML format with support ...)
+ NOT-FOR-US: kaml
+CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
+ NOT-FOR-US: Frontier
+CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...)
+ NOT-FOR-US: Ghost CMS
+CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
+ [bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672
+CVE-2021-39190
+ RESERVED
+CVE-2021-39189 (Pimcore is an open source data &amp; experience management platform. I ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-39188
+ RESERVED
+CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...)
+ NOT-FOR-US: Parse Server
+CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior ...)
+ NOT-FOR-US: Miraheze
+CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...)
+ NOT-FOR-US: Https4s
+CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...)
+ - electron <itp> (bug #842420)
+CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...)
+ NOT-FOR-US: Owncast
+CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...)
+ NOT-FOR-US: EnroCrypt
+CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...)
+ NOT-FOR-US: OpenOlat
+CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...)
+ NOT-FOR-US: OpenOLAT
+CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...)
+ NOT-FOR-US: DHIS 2
+CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...)
+ NOT-FOR-US: next.js
+CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...)
+ NOT-FOR-US: geyser
+CVE-2021-39176 (detect-character-encoding is a package for detecting character encodin ...)
+ NOT-FOR-US: detect-character-encoding
+ NOTE: NPM addon - https://github.com/sonicdoe/detect-character-encoding
+CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...)
+ NOT-FOR-US: hedgedoc
+CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.5.1 au ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39172 (Cachet is an open source status page system. Prior to version 2.5.1, a ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
+ NOT-FOR-US: Node passport-saml
+CVE-2021-39170 (Pimcore is an open source data &amp; experience management platform. P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...)
+ NOT-FOR-US: Misskey
+CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...)
+ NOT-FOR-US: OpenZeppelin
+CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...)
+ NOT-FOR-US: OpenZeppelin
+CVE-2021-39166 (Pimcore is an open source data &amp; experience management platform. P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and includi ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...)
+ - matrix-synapse 1.41.1-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
+ NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1)
+CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...)
+ - matrix-synapse 1.41.1-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
+ NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1)
+CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
+ NOT-FOR-US: nbgitpuller
+CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...)
+ NOT-FOR-US: BinderHub
+CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...)
+ NOT-FOR-US: NVCaffe
+CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...)
+ NOT-FOR-US: detect-character-encoding
+CVE-2021-39156 (Istio is an open source platform for providing a uniform way to integr ...)
+ NOT-FOR-US: Istio
+CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...)
+ NOT-FOR-US: Istio
+CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
+ NOTE: https://x-stream.github.io/CVE-2021-39154.html
+CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
+ NOTE: https://x-stream.github.io/CVE-2021-39153.html
+CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
+ NOTE: https://x-stream.github.io/CVE-2021-39152.html
+CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
+ NOTE: https://x-stream.github.io/CVE-2021-39151.html
+CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
+ NOTE: https://x-stream.github.io/CVE-2021-39150.html
+CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
+ NOTE: https://x-stream.github.io/CVE-2021-39149.html
+CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
+ NOTE: https://x-stream.github.io/CVE-2021-39148.html
+CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
+ NOTE: https://x-stream.github.io/CVE-2021-39147.html
+CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
+ NOTE: https://x-stream.github.io/CVE-2021-39146.html
+CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
+ NOTE: https://x-stream.github.io/CVE-2021-39145.html
+CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
+ NOTE: https://x-stream.github.io/CVE-2021-39144.html
+CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ NOT-FOR-US: Spinnaker
+CVE-2021-39142
+ RESERVED
+CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
+ NOTE: https://x-stream.github.io/CVE-2021-39141.html
+CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
+ NOTE: https://x-stream.github.io/CVE-2021-39140.html
+CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44
+ NOTE: https://x-stream.github.io/CVE-2021-39139.html
+CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...)
+ NOT-FOR-US: Parse Server
+CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...)
+ NOT-FOR-US: go-ethereum
+CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency trees and m ...)
+ [experimental] - npm 7.24.0+ds-1
+ - npm 7.24.0+ds-2 (bug #993405)
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
+ NOTE: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
+CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency trees and m ...)
+ [experimental] - npm 7.24.0+ds-1
+ - npm 7.24.0+ds-2 (bug #993407)
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
+ NOTE: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
+CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...)
+ NOT-FOR-US: Rundeck
+CVE-2021-39132 (Rundeck is an open source automation service with a web console, comma ...)
+ NOT-FOR-US: Rundeck
+CVE-2021-39131 (ced detects character encoding using Google&#8217;s compact_enc_det li ...)
+ NOT-FOR-US: Node ced
+CVE-2021-39130
+ RESERVED
+CVE-2021-39129
+ RESERVED
+CVE-2021-39128 (Affected versions of Atlassian Jira Server or Data Center using the Ji ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39127 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39126 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassi ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39123 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39120
+ RESERVED
+CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39118 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39114
+ RESERVED
+CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center before vers ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39110
+ RESERVED
+CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard before versio ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39108
+ RESERVED
+CVE-2021-39107
+ RESERVED
+CVE-2021-39106
+ RESERVED
+CVE-2021-39105
+ RESERVED
+CVE-2021-39104
+ RESERVED
+CVE-2021-39103
+ RESERVED
+CVE-2021-39102
+ RESERVED
+CVE-2021-39101
+ RESERVED
+CVE-2021-39100
+ RESERVED
+CVE-2021-39099
+ RESERVED
+CVE-2021-39098
+ RESERVED
+CVE-2021-39097
+ RESERVED
+CVE-2021-39096
+ RESERVED
+CVE-2021-39095
+ RESERVED
+CVE-2021-39094
+ RESERVED
+CVE-2021-39093
+ RESERVED
+CVE-2021-39092
+ RESERVED
+CVE-2021-39091
+ RESERVED
+CVE-2021-39090
+ RESERVED
+CVE-2021-39089
+ RESERVED
+CVE-2021-39088
+ RESERVED
+CVE-2021-39087
+ RESERVED
+CVE-2021-39086
+ RESERVED
+CVE-2021-39085
+ RESERVED
+CVE-2021-39084
+ RESERVED
+CVE-2021-39083
+ RESERVED
+CVE-2021-39082
+ RESERVED
+CVE-2021-39081
+ RESERVED
+CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...)
+ NOT-FOR-US: IBM
+CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...)
+ NOT-FOR-US: IBM
+CVE-2021-39078
+ RESERVED
+CVE-2021-39077
+ RESERVED
+CVE-2021-39076
+ RESERVED
+CVE-2021-39075
+ RESERVED
+CVE-2021-39074
+ RESERVED
+CVE-2021-39073
+ RESERVED
+CVE-2021-39072
+ RESERVED
+CVE-2021-39071
+ RESERVED
+CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...)
+ NOT-FOR-US: IBM
+CVE-2021-39069
+ RESERVED
+CVE-2021-39068
+ RESERVED
+CVE-2021-39067
+ RESERVED
+CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...)
+ NOT-FOR-US: IBM
+CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-39063 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin ...)
+ NOT-FOR-US: IBM
+CVE-2021-39062
+ RESERVED
+CVE-2021-39061
+ RESERVED
+CVE-2021-39060
+ RESERVED
+CVE-2021-39059
+ RESERVED
+CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...)
+ NOT-FOR-US: IBM
+CVE-2021-39055
+ RESERVED
+CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39051
+ RESERVED
+CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...)
+ NOT-FOR-US: IBM
+CVE-2021-39047
+ RESERVED
+CVE-2021-39046
+ RESERVED
+CVE-2021-39045
+ RESERVED
+CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...)
+ NOT-FOR-US: IBM
+CVE-2021-39043
+ RESERVED
+CVE-2021-39042
+ RESERVED
+CVE-2021-39041
+ RESERVED
+CVE-2021-39040
+ RESERVED
+CVE-2021-39039
+ RESERVED
+CVE-2021-39038
+ RESERVED
+CVE-2021-39037
+ RESERVED
+CVE-2021-39036
+ RESERVED
+CVE-2021-39035
+ RESERVED
+CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
+ NOT-FOR-US: IBM
+CVE-2021-39033
+ RESERVED
+CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...)
+ NOT-FOR-US: IBM
+CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-39030
+ RESERVED
+CVE-2021-39029
+ RESERVED
+CVE-2021-39028
+ RESERVED
+CVE-2021-39027
+ RESERVED
+CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
+ NOT-FOR-US: IBM
+CVE-2021-39025
+ RESERVED
+CVE-2021-39024
+ RESERVED
+CVE-2021-39023
+ RESERVED
+CVE-2021-39022
+ RESERVED
+CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
+ NOT-FOR-US: IBM
+CVE-2021-39020
+ RESERVED
+CVE-2021-39019
+ RESERVED
+CVE-2021-39018
+ RESERVED
+CVE-2021-39017
+ RESERVED
+CVE-2021-39016
+ RESERVED
+CVE-2021-39015
+ RESERVED
+CVE-2021-39014
+ RESERVED
+CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...)
+ NOT-FOR-US: IBM
+CVE-2021-39012
+ RESERVED
+CVE-2021-39011
+ RESERVED
+CVE-2021-39010
+ RESERVED
+CVE-2021-39009
+ RESERVED
+CVE-2021-39008
+ RESERVED
+CVE-2021-39007
+ RESERVED
+CVE-2021-39006
+ RESERVED
+CVE-2021-39005
+ RESERVED
+CVE-2021-39004
+ RESERVED
+CVE-2021-39003
+ RESERVED
+CVE-2021-39002 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-39001
+ RESERVED
+CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...)
+ NOT-FOR-US: IBM
+CVE-2021-38998
+ RESERVED
+CVE-2021-38997
+ RESERVED
+CVE-2021-38996
+ RESERVED
+CVE-2021-38995
+ RESERVED
+CVE-2021-38994
+ RESERVED
+CVE-2021-38993
+ RESERVED
+CVE-2021-38992
+ RESERVED
+CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...)
+ NOT-FOR-US: IBM
+CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-38989
+ RESERVED
+CVE-2021-38988
+ RESERVED
+CVE-2021-38987
+ RESERVED
+CVE-2021-38986
+ RESERVED
+CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ NOT-FOR-US: IBM
+CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...)
+ NOT-FOR-US: IBM
+CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...)
+ NOT-FOR-US: IBM
+CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle ...)
+ NOT-FOR-US: IBM
+CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...)
+ NOT-FOR-US: IBM
+CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...)
+ NOT-FOR-US: IBM
+CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user ...)
+ NOT-FOR-US: IBM
+CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ NOT-FOR-US: IBM
+CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ NOT-FOR-US: IBM
+CVE-2021-38971
+ RESERVED
+CVE-2021-38970
+ RESERVED
+CVE-2021-38969
+ RESERVED
+CVE-2021-38968
+ RESERVED
+CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...)
+ NOT-FOR-US: IBM
+CVE-2021-38966 (IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site script ...)
+ NOT-FOR-US: IBM
+CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remo ...)
+ NOT-FOR-US: IBM
+CVE-2021-38964
+ RESERVED
+CVE-2021-38963
+ RESERVED
+CVE-2021-38962
+ RESERVED
+CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...)
+ NOT-FOR-US: IBM
+CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...)
+ NOT-FOR-US: IBM
+CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
+ NOT-FOR-US: IBM
+CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...)
+ NOT-FOR-US: IBM
+CVE-2021-38957 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...)
+ NOT-FOR-US: IBM
+CVE-2021-38956 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...)
+ NOT-FOR-US: IBM
+CVE-2021-38955
+ RESERVED
+CVE-2021-38954
+ RESERVED
+CVE-2021-38953
+ RESERVED
+CVE-2021-38952
+ RESERVED
+CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
+ NOT-FOR-US: IBM
+CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...)
+ NOT-FOR-US: IBM
+CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...)
+ NOT-FOR-US: IBM
+CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-38946
+ RESERVED
+CVE-2021-38945
+ RESERVED
+CVE-2021-38944
+ RESERVED
+CVE-2021-38943
+ RESERVED
+CVE-2021-38942
+ RESERVED
+CVE-2021-38941
+ RESERVED
+CVE-2021-38940
+ RESERVED
+CVE-2021-38939
+ RESERVED
+CVE-2021-38938
+ RESERVED
+CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...)
+ NOT-FOR-US: IBM
+CVE-2021-38936
+ RESERVED
+CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
+ NOT-FOR-US: IBM
+CVE-2021-38934
+ RESERVED
+CVE-2021-38933
+ RESERVED
+CVE-2021-38932
+ RESERVED
+CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-38930
+ RESERVED
+CVE-2021-38929
+ RESERVED
+CVE-2021-38928
+ RESERVED
+CVE-2021-38927
+ RESERVED
+CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-38924
+ RESERVED
+CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain ac ...)
+ NOT-FOR-US: IBM
+CVE-2021-38922
+ RESERVED
+CVE-2021-38921 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than ex ...)
+ NOT-FOR-US: IBM
+CVE-2021-38920
+ RESERVED
+CVE-2021-38919
+ RESERVED
+CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a spec ...)
+ NOT-FOR-US: IBM
+CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-38916
+ RESERVED
+CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...)
+ NOT-FOR-US: IBM
+CVE-2021-38914
+ RESERVED
+CVE-2021-38913
+ RESERVED
+CVE-2021-38912
+ RESERVED
+CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...)
+ NOT-FOR-US: IBM
+CVE-2021-38910
+ RESERVED
+CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-38908
+ RESERVED
+CVE-2021-38907
+ RESERVED
+CVE-2021-38906
+ RESERVED
+CVE-2021-38905
+ RESERVED
+CVE-2021-38904
+ RESERVED
+CVE-2021-38903
+ RESERVED
+CVE-2021-38902
+ RESERVED
+CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...)
+ NOT-FOR-US: IBM
+CVE-2021-38900 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
+ NOT-FOR-US: IBM
+CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with special privi ...)
+ NOT-FOR-US: IBM
+CVE-2021-38898
+ RESERVED
+CVE-2021-38897
+ RESERVED
+CVE-2021-38896 (IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scrip ...)
+ NOT-FOR-US: IBM
+CVE-2021-38895 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cr ...)
+ NOT-FOR-US: IBM
+CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
+ NOT-FOR-US: IBM
+CVE-2021-38892
+ REJECTED
+ NOT-FOR-US: IBM
+CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...)
+ NOT-FOR-US: IBM
+CVE-2021-38889
+ RESERVED
+CVE-2021-38888
+ RESERVED
+CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+ NOT-FOR-US: IBM
+CVE-2021-38886
+ RESERVED
+CVE-2021-38885
+ RESERVED
+CVE-2021-38884
+ RESERVED
+CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...)
+ NOT-FOR-US: IBM
+CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...)
+ NOT-FOR-US: IBM
+CVE-2021-38881
+ RESERVED
+CVE-2021-38880
+ RESERVED
+CVE-2021-38879
+ RESERVED
+CVE-2021-38878
+ RESERVED
+CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...)
+ NOT-FOR-US: IBM
+CVE-2021-38876 (IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vu ...)
+ NOT-FOR-US: IBM
+CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2021-38874
+ RESERVED
+CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...)
+ NOT-FOR-US: IBM
+CVE-2021-38872
+ RESERVED
+CVE-2021-38871
+ RESERVED
+CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...)
+ NOT-FOR-US: IBM
+CVE-2021-38869
+ RESERVED
+CVE-2021-38868
+ RESERVED
+CVE-2021-38867
+ RESERVED
+CVE-2021-38866
+ RESERVED
+CVE-2021-38865
+ RESERVED
+CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...)
+ NOT-FOR-US: IBM
+CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...)
+ NOT-FOR-US: IBM
+CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2021-38861
+ RESERVED
+CVE-2021-38860
+ RESERVED
+CVE-2021-38859
+ RESERVED
+CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...)
+ {DSA-4963-1 DLA-2774-1 DLA-2766-1}
+ - openssl 1.1.1l-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20210824.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=174ba8048a7f2f5e1fca31cfb93b1730d9db8300 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f54e57406ca17731b9ade3afd561d3c652e07f2 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23446958685a593d4d9434475734b99138902ed2 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8393de42498f8be75cf0353f5c9f906a43a748d2 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4de66925203ca99189c842136ec4a623137ea447 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bb4d2ed4091408404e18b3326e3df67848ef63d0 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8c74c9d1ade0fbdab5b815ddb747351b8b839641 (OpenSSL_1_1_1l)
+CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...)
+ {DSA-4963-1}
+ - openssl 1.1.1l-1
+ [stretch] - openssl <not-affected> (support for SM2 decryption added in 1.1.1-pre3)
+ - openssl1.0 <not-affected> (Vulnerability does not affect 1.0.2 series)
+ NOTE: https://www.openssl.org/news/secadv/20210824.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=515ac8b5e544dd713a2b4cabfc54b722d122c218 (OpenSSL_1_1_1l)
+CVE-2021-38858
+ RESERVED
+CVE-2021-38857
+ RESERVED
+CVE-2021-38856
+ RESERVED
+CVE-2021-38855
+ RESERVED
+CVE-2021-38854
+ RESERVED
+CVE-2021-38853
+ RESERVED
+CVE-2021-38852
+ RESERVED
+CVE-2021-38851
+ RESERVED
+CVE-2021-38850
+ RESERVED
+CVE-2021-38849
+ RESERVED
+CVE-2021-38848
+ RESERVED
+CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...)
+ NOT-FOR-US: S-Cart
+CVE-2021-38846
+ RESERVED
+CVE-2021-38845
+ RESERVED
+CVE-2021-38844
+ RESERVED
+CVE-2021-38843
+ RESERVED
+CVE-2021-38842
+ RESERVED
+CVE-2021-38841 (Remote Code Execution can occur in Simple Water Refilling Station Mana ...)
+ NOT-FOR-US: Simple Water Refilling Station Management System
+CVE-2021-38840 (SQL Injection can occur in Simple Water Refilling Station Management S ...)
+ NOT-FOR-US: Simple Water Refilling Station Management System
+CVE-2021-38839
+ RESERVED
+CVE-2021-38838
+ RESERVED
+CVE-2021-38837
+ RESERVED
+CVE-2021-38836
+ RESERVED
+CVE-2021-38835
+ RESERVED
+CVE-2021-38834
+ RESERVED
+CVE-2021-38833 (SQL injection vulnerability in PHPGurukul Apartment Visitors Managemen ...)
+ NOT-FOR-US: PHPGurukul Apartment Visitors Management System (AVMS)
+CVE-2021-38832
+ RESERVED
+CVE-2021-38831
+ RESERVED
+CVE-2021-38830
+ RESERVED
+CVE-2021-38829
+ RESERVED
+CVE-2021-38828
+ RESERVED
+CVE-2021-38827
+ RESERVED
+CVE-2021-38826
+ RESERVED
+CVE-2021-38825
+ RESERVED
+CVE-2021-38824
+ RESERVED
+CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...)
+ NOT-FOR-US: IceHrm
+CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload ...)
+ NOT-FOR-US: IceHrm
+CVE-2021-38821
+ RESERVED
+CVE-2021-38820
+ RESERVED
+CVE-2021-38819
+ RESERVED
+CVE-2021-38818
+ RESERVED
+CVE-2021-38817
+ RESERVED
+CVE-2021-38816
+ RESERVED
+CVE-2021-38815
+ RESERVED
+CVE-2021-38814
+ RESERVED
+CVE-2021-38813
+ RESERVED
+CVE-2021-38812
+ RESERVED
+CVE-2021-38811
+ RESERVED
+CVE-2021-38810
+ RESERVED
+CVE-2021-38809
+ RESERVED
+CVE-2021-38808
+ RESERVED
+CVE-2021-38807
+ RESERVED
+CVE-2021-38806
+ RESERVED
+CVE-2021-38805
+ RESERVED
+CVE-2021-38804
+ RESERVED
+CVE-2021-38803
+ RESERVED
+CVE-2021-38802
+ RESERVED
+CVE-2021-38801
+ RESERVED
+CVE-2021-38800
+ RESERVED
+CVE-2021-38799
+ RESERVED
+CVE-2021-38798
+ RESERVED
+CVE-2021-38797
+ RESERVED
+CVE-2021-38796
+ RESERVED
+CVE-2021-38795
+ RESERVED
+CVE-2021-38794
+ RESERVED
+CVE-2021-38793
+ RESERVED
+CVE-2021-38792
+ RESERVED
+CVE-2021-38791
+ RESERVED
+CVE-2021-38790
+ RESERVED
+CVE-2021-38789 (Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38788 (The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38787 (There is an integer overflow in the ION driver "/dev/ion" of Allwinner ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38786 (There is a NULL pointer dereference in media/libcedarc/vdecoder of All ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38782
+ RESERVED
+CVE-2021-38781
+ RESERVED
+CVE-2021-38780
+ RESERVED
+CVE-2021-38779
+ RESERVED
+CVE-2021-38778
+ RESERVED
+CVE-2021-38777
+ RESERVED
+CVE-2021-38776
+ RESERVED
+CVE-2021-38775
+ RESERVED
+CVE-2021-38774
+ RESERVED
+CVE-2021-38773
+ RESERVED
+CVE-2021-38772
+ RESERVED
+CVE-2021-38771
+ RESERVED
+CVE-2021-38770
+ RESERVED
+CVE-2021-38769
+ RESERVED
+CVE-2021-38768
+ RESERVED
+CVE-2021-38767
+ RESERVED
+CVE-2021-38766
+ RESERVED
+CVE-2021-38765
+ RESERVED
+CVE-2021-38764
+ RESERVED
+CVE-2021-38763
+ RESERVED
+CVE-2021-38762
+ RESERVED
+CVE-2021-38761
+ RESERVED
+CVE-2021-38760
+ RESERVED
+CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...)
+ NOT-FOR-US: Raspberry Pi OS
+CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
+ NOT-FOR-US: Directory traversal in Online Catering Reservation System
+CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management System in ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due to lack ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App can be exp ...)
+ NOT-FOR-US: Simple Image Gallery Web App
+CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering Reservat ...)
+ NOT-FOR-US: Online Catering Reservation System
+CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below in /expo ...)
+ NOT-FOR-US: ExponentCMS
+CVE-2021-38750
+ RESERVED
+CVE-2021-38749
+ RESERVED
+CVE-2021-38748
+ RESERVED
+CVE-2021-38747
+ RESERVED
+CVE-2021-38746
+ RESERVED
+CVE-2021-38745
+ RESERVED
+CVE-2021-38744
+ RESERVED
+CVE-2021-38743
+ RESERVED
+CVE-2021-38742
+ RESERVED
+CVE-2021-38741
+ RESERVED
+CVE-2021-38740
+ RESERVED
+CVE-2021-38739
+ RESERVED
+CVE-2021-38738
+ RESERVED
+CVE-2021-38737
+ RESERVED
+CVE-2021-38736
+ RESERVED
+CVE-2021-38735
+ RESERVED
+CVE-2021-38734
+ RESERVED
+CVE-2021-38733
+ RESERVED
+CVE-2021-38732
+ RESERVED
+CVE-2021-38731
+ RESERVED
+CVE-2021-38730
+ RESERVED
+CVE-2021-38729
+ RESERVED
+CVE-2021-38728
+ RESERVED
+CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38726
+ RESERVED
+CVE-2021-38725 (Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/co ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38724
+ RESERVED
+CVE-2021-38723 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38722
+ RESERVED
+CVE-2021-38721 (FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38720
+ RESERVED
+CVE-2021-38719
+ RESERVED
+CVE-2021-38718
+ RESERVED
+CVE-2021-38717
+ RESERVED
+CVE-2021-38716
+ RESERVED
+CVE-2021-38715
+ RESERVED
+CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...)
+ {DLA-2775-1}
+ - plib 1.8.5-10 (bug #992973)
+ [bullseye] - plib 1.8.5-8+deb11u1
+ [buster] - plib <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/plib/bugs/55/
+CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
+ NOT-FOR-US: imgURL
+CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...)
+ NOT-FOR-US: OneNav
+CVE-2021-38710 (** DISPUTED ** Static (Persistent) XSS Vulnerability exists in version ...)
+ NOT-FOR-US: Yclas
+CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
+ NOT-FOR-US: ocProducts Composr CMS
+CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
+ NOT-FOR-US: ocProducts Composr CMS
+CVE-2021-3710 (An information disclosure via path traversal was discovered in apport/ ...)
+ NOT-FOR-US: Apport
+CVE-2021-3709 (Function check_attachment_for_errors() in file data/general-hooks/ubun ...)
+ NOT-FOR-US: Apport
+CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to leak ...)
+ - gitit <unfixed> (bug #992297)
+ [bullseye] - gitit <no-dsa> (Minor issue)
+ [buster] - gitit <no-dsa> (Minor issue)
+ [stretch] - gitit <no-dsa> (Minor issue)
+ NOTE: https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8
+CVE-2021-38707 (Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7 ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38706 (messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL inject ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38705 (ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38704 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Clini ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...)
+ NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware
+CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
+ NOT-FOR-US: D-Link
+CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
+ NOT-FOR-US: D-Link
+CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...)
+ NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
+CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the administr ...)
+ NOT-FOR-US: Motorola Solutions Avigilon devices
+CVE-2021-38700
+ RESERVED
+CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...)
+ NOT-FOR-US: TastyIgniter
+CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...)
+ - consul <unfixed>
+ [bullseye] - consul <no-dsa> (Minor issue)
+ [buster] - consul <no-dsa> (Minor issue)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
+ NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15)
+CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38693
+ RESERVED
+CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38683
+ RESERVED
+CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38679 (An improper authentication vulnerability has been reported to affect Q ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38676
+ RESERVED
+CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...)
+ NOT-FOR-US: adminlte
+CVE-2021-38673
+ RESERVED
+CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38670
+ RESERVED
+CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38668
+ RESERVED
+CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38665 (Remote Desktop Protocol Client Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38664
+ RESERVED
+CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38650 (Microsoft Office Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38643
+ RESERVED
+CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38640
+ RESERVED
+CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38637 (Windows Storage Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38636 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38635 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38634 (Microsoft Windows Update Client Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38633 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38631 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38627
+ RESERVED
+CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...)
+ NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3
+CVE-2021-38622
+ RESERVED
+CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...)
+ NOT-FOR-US: Agora Flat Server
+CVE-2021-38620
+ RESERVED
+CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
+ NOT-FOR-US: openBaraza HCM
+CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application ...)
+ NOT-FOR-US: GFOS Workforce Management
+CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...)
+ NOT-FOR-US: Eigen
+CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...)
+ NOT-FOR-US: Eigen
+CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...)
+ NOT-FOR-US: Eigen
+CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...)
+ NOT-FOR-US: HP
+CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...)
+ NOT-FOR-US: HP
+CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
+ - polipo <removed>
+ [buster] - polipo <ignored> (Minor issue)
+ [stretch] - polipo <ignored> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2
+CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...)
+ NOT-FOR-US: NASCENT RemKon Device Manager
+CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...)
+ NOT-FOR-US: NASCENT RemKon Device Manager
+CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the ...)
+ NOT-FOR-US: NASCENT RemKon Device Manager
+CVE-2021-38610
+ RESERVED
+CVE-2021-38609
+ RESERVED
+CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.73 ...)
+ NOT-FOR-US: Tranquil WAPT Enterprise
+CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated u ...)
+ NOT-FOR-US: Crocoblock JetEngine
+CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...)
+ NOT-FOR-US: reNgine
+CVE-2021-38605
+ RESERVED
+CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...)
+ - glibc <not-affected> (Vulnerability introduced as side effect of the CVE-2021-33574 fix)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
+CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
+ - pluxml <unfixed>
+ [buster] - pluxml <ignored> (Minor issue)
+ [stretch] - pluxml <no-dsa> (Minor issue)
+CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
+ - pluxml <unfixed>
+ [buster] - pluxml <ignored> (Minor issue)
+ [stretch] - pluxml <no-dsa> (Minor issue)
+CVE-2021-38601
+ RESERVED
+CVE-2021-38600
+ RESERVED
+CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...)
+ NOT-FOR-US: WAL-G
+CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows ...)
+ - neutron 2:18.1.0-2
+ [bullseye] - neutron 2:17.2.1-0+deb11u1
+ [buster] - neutron <ignored> (Minor issue, not backported to rocky branch)
+ [stretch] - neutron <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/17/4
+ NOTE: https://launchpad.net/bugs/1938670
+ NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/
+CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...)
+ - wolfssl 5.0.0-1 (bug #992174)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093
+CVE-2021-38596
+ RESERVED
+CVE-2021-38595
+ RESERVED
+CVE-2021-38594
+ RESERVED
+CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::c ...)
+ - qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
+ - qtbase-opensource-src-gles <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml
+ NOTE: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 (6.1)
+ NOTE: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd (6.2)
+ NOTE: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c (dev)
+ NOTE: Introduced by https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510 (6.0)
+CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...)
+ NOT-FOR-US: Wasm3
+CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38589 (In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly re ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38588 (In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the in ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38587 (In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creat ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38586 (In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operatio ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows unseriali ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
+ NOT-FOR-US: openBaraza HCM
+CVE-2021-38582
+ RESERVED
+CVE-2021-38581
+ RESERVED
+CVE-2021-38580
+ RESERVED
+CVE-2021-38579
+ RESERVED
+CVE-2021-38578
+ RESERVED
+CVE-2021-38577
+ RESERVED
+CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...)
+ - edk2 <undetermined>
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private)
+CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...)
+ - edk2 2021.08-1
+ [bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
+ NOTE: https://edk2.groups.io/g/devel/message/76198
+ NOTE: https://github.com/tianocore/edk2/pull/1698
+CVE-2021-38574 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38573 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38572 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38571 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38570 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38569 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38568 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38567 (An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Read ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38566 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38565 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-3703
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-3702
+ RESERVED
+ - ansible-runner <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/0e9aa8a97e7832ef9a1553ef2908632a32d2b8c4
+ NOTE: Introduced in https://github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253
+CVE-2021-3701
+ RESERVED
+ - ansible-runner 2.1.1-1
+ NOTE: https://github.com/ansible/ansible-runner/issues/738
+ NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
+CVE-2021-3700
+ RESERVED
+ - usbredir 0.11.0-1
+ [bullseye] - usbredir <no-dsa> (Minor issue)
+ [buster] - usbredir <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0)
+CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...)
+ - request-tracker5 <unfixed> (bug #995167)
+ - request-tracker4 4.4.4+dfsg-3 (bug #995175)
+ [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1
+ [buster] - request-tracker4 4.4.3-2+deb10u1
+ [stretch] - request-tracker4 <no-dsa> (Minor issue)
+ NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2)
+ NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5)
+ NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17)
+CVE-2021-38561
+ RESERVED
+CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...)
+ - hoteldruid 3.0.3-1
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
+ [buster] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <no-dsa> (Minor issue)
+CVE-2021-38558
+ RESERVED
+CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers to exec ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-38555 (An XML external entity (XXE) injection vulnerability was discovered in ...)
+ NOT-FOR-US: Apache Any23
+CVE-2021-38554 (HashiCorp Vault and Vault Enterprise&#8217;s UI erroneously cached and ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-38552
+ RESERVED
+CVE-2021-38551
+ RESERVED
+CVE-2021-38550
+ RESERVED
+CVE-2021-38549 (MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific ...)
+ NOT-FOR-US: MIRACASE MHUB500 USB splitters
+CVE-2021-38548 (JBL Go 2 devices through 2021-08-09 allow remote attackers to recover ...)
+ NOT-FOR-US: JBL Go 2 devices
+CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote attack ...)
+ NOT-FOR-US: Logitech
+CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...)
+ NOT-FOR-US: CREATIVE Pebble devices
+CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...)
+ NOT-FOR-US: Raspberry Pi hardware
+CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...)
+ NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices
+CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...)
+ NOT-FOR-US: Apache James
+CVE-2021-38541
+ RESERVED
+CVE-2021-3699
+ RESERVED
+CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...)
+ - rust-tar 0.4.37-1 (bug #992173)
+ [bullseye] - rust-tar <no-dsa> (Minor issue)
+ [buster] - rust-tar <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html
+ NOTE: https://github.com/alexcrichton/tar-rs/issues/238
+CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...)
+ NOT-FOR-US: Rust crate actix-http
+CVE-2021-38510 (The executable file warning was not presented when downloading .inetlo ...)
+ - firefox <not-affected> (Only affects Mac OSX)
+ - firefox-esr <not-affected> (Only affects Mac OSX)
+ - thunderbird <not-affected> (Only affects Mac OSX)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38510
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
+CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38509
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
+CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38508
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
+CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38507
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
+CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38506
+CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
+CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
+CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503
+CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
+ {DSA-5034-1 DLA-2874-1}
+ [experimental] - thunderbird 1:91.2.0-1
+ - thunderbird 1:91.2.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
+CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
+CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
+ - firefox 93.0-1
+ - firefox-esr 91.2.0esr-1
+ [experimental] - thunderbird 1:91.2.0-1
+ - thunderbird 1:91.2.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500
+CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92. ...)
+ - firefox 93.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499
+CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498
+CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
+CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...)
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
+ - firefox 93.0-1
+ - firefox-esr 91.2.0esr-1
+ [experimental] - thunderbird 1:91.2.0-1
+ - thunderbird 1:91.2.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496
+CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird ...)
+ - thunderbird <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495
+CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91. ...)
+ - firefox 92.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
+CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...)
+ {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1}
+ - firefox 92.0-1
+ - firefox-esr 78.14.0esr-1
+ - thunderbird 1:78.14.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493
+CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492
+CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...)
+ - firefox 92.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491
+CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...)
+ NOT-FOR-US: Altova MobileTogether Server
+CVE-2021-38489
+ RESERVED
+CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38487
+ RESERVED
+CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...)
+ NOT-FOR-US: Emerson
+CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38483
+ RESERVED
+CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38479 (Many API function codes receive raw pointers remotely from the user an ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38477 (There are multiple API function codes that permit reading and writing ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38475 (The database connection to the server is performed by calling a specif ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38473 (The affected product&#8217;s code base doesn&#8217;t properly control ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38471 (There are multiple API function codes that permit data writing to any ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38469 (Many of the services used by the affected product do not specify full ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38467 (A specific function code receives a raw pointer supplied by the user a ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38465 (The webinstaller is a Golang web server executable that enables the ge ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38463 (The affected product does not properly control the allocation of resou ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38461 (The affected product uses a hard-coded blowfish key for encryption/dec ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38459 (The data of a network capture of the initial handshake phase can be us ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38457 (The server permits communication without any authentication procedure, ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38456 (A use of hard-coded password vulnerability in the Moxa MXview Network ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38455 (The affected product&#8217;s OS Service does not verify any given para ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38453 (Some API functions allow interaction with the registry, which includes ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38451 (The affected product&#8217;s proprietary protocol CSC allows for calli ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...)
+ NOT-FOR-US: Trane
+CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...)
+ NOT-FOR-US: Trane
+CVE-2021-38447
+ RESERVED
+CVE-2021-38446
+ RESERVED
+CVE-2021-38445
+ RESERVED
+CVE-2021-38444
+ RESERVED
+CVE-2021-38443
+ RESERVED
+CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38441
+ RESERVED
+CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38439
+ RESERVED
+CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38437
+ RESERVED
+CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38435
+ RESERVED
+CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38433
+ RESERVED
+CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...)
+ NOT-FOR-US: FATEK Automation Communication Server
+CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...)
+ NOT-FOR-US: Advantech
+CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38429
+ RESERVED
+CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38427
+ RESERVED
+CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38425
+ RESERVED
+CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38423
+ RESERVED
+CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38419 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38417
+ RESERVED
+CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38415 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38414
+ RESERVED
+CVE-2021-38413 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
+ NOT-FOR-US: Digi PortServer TS
+CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38410
+ RESERVED
+CVE-2021-38409 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ NOT-FOR-US: Delta Electronic
+CVE-2021-38405
+ RESERVED
+CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ NOT-FOR-US: Delta Electronic
+CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ NOT-FOR-US: Delta Electronic
+CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...)
+ NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120
+CVE-2021-38399
+ RESERVED
+CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38397
+ RESERVED
+CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38395
+ RESERVED
+CVE-2021-38394 (An attacker with physical access to the device can extract the binary ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to a stack- ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...)
+ NOT-FOR-US: Central Dogma
+CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
+ NOT-FOR-US: Contiki
+CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...)
+ NOT-FOR-US: Contiki
+CVE-2021-38385 (Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship ...)
+ {DSA-4961-1}
+ - tor 0.4.5.10-1
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2062
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40078
+CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...)
+ NOT-FOR-US: Serverless Offline
+CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_ ...)
+ NOT-FOR-US: OwnTone
+CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html
+ NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]
+CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html
+ NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]
+CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html
+ NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
+CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...)
+ NOT-FOR-US: CFEngine Enterprise
+CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...)
+ - kmail <unfixed>
+ [bullseye] - kmail <no-dsa> (Minor issue)
+ [buster] - kmail <no-dsa> (Minor issue)
+ NOTE: https://bugs.kde.org/show_bug.cgi?id=423423
+ NOTE: https://nostarttls.secvuln.info
+CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...)
+ - trojita <itp> (bug #795701)
+CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...)
+ - exim4 <unfixed> (bug #992172)
+ [bullseye] - exim4 <no-dsa> (Minor issue)
+ [buster] - exim4 <no-dsa> (Minor issue)
+ [stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://nostarttls.secvuln.info
+ NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
+CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...)
+ - alpine 2.25+dfsg1-1 (bug #992171)
+ [bullseye] - alpine <no-dsa> (Minor issue)
+ [buster] - alpine <no-dsa> (Minor issue)
+ [stretch] - alpine <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://nostarttls.secvuln.info
+CVE-2021-38369
+ RESERVED
+CVE-2021-38368
+ RESERVED
+CVE-2021-38367
+ RESERVED
+CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...)
+ NOT-FOR-US: Sitecore
+CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...)
+ NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
+CVE-2021-3698 [authenticates with revoked certificates]
+ RESERVED
+ - cockpit 260-1
+ [bullseye] - cockpit <no-dsa> (Minor issue)
+ [buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+ NOTE: Needs sssd 2.6.1
+ NOTE: https://cockpit-project.org/blog/cockpit-260.html
+CVE-2021-3697
+ RESERVED
+CVE-2021-3696
+ RESERVED
+CVE-2021-3695
+ RESERVED
+CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...)
+ - opensysusers 0.6-3 (bug #992058)
+ [bullseye] - opensysusers <no-dsa> (Minor issue; if fixed upstream address via point release)
+CVE-2021-38364
+ RESERVED
+CVE-2021-38363
+ RESERVED
+CVE-2021-38362
+ RESERVED
+CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38356 (The NextScripts: Social Networks Auto-Poster &lt;= 4.3.20 WordPress pl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38352 (The Feedify &#8211; Web Push Notifications WordPress plugin is vulnera ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38346 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress allowed authe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38345 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress used an incor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38344 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress was vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38343 (The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable to an Op ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38342 (The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable to Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38334 (The WP Design Maps &amp; Places WordPress plugin is vulnerable to Refl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38323 (The RentPress WordPress plugin is vulnerable to Reflected Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38322 (The Twitter Friends Widget WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38321 (The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38320 (The simpleSAMLphp Authentication WordPress plugin is vulnerable to Ref ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38319 (The More From Google WordPress plugin is vulnerable to Reflected Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38318 (The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38317 (The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38316 (The WP Academic People List WordPress plugin is vulnerable to Reflecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38315 (The SP Project &amp; Document Manager WordPress plugin is vulnerable t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38314 (The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4.2. ...)
+ NOT-FOR-US: Gutenberg Template Library
+CVE-2021-38313
+ RESERVED
+CVE-2021-38312 (The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4.2. ...)
+ NOT-FOR-US: Gutenberg Template Library
+CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...)
+ NOT-FOR-US: Contiki
+CVE-2021-38310
+ RESERVED
+CVE-2021-38309
+ RESERVED
+CVE-2021-38308
+ RESERVED
+CVE-2021-38307
+ RESERVED
+CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...)
+ NOT-FOR-US: LG
+CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
+ NOT-FOR-US: 23andMe Yamale
+CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...)
+ NOT-FOR-US: National Instruments NI-PAL driver
+CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...)
+ NOT-FOR-US: Sureline SUREedge Migrator
+CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
+ NOT-FOR-US: Newsletter extension for TYPO3
+CVE-2021-38301
+ RESERVED
+CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [stretch] - linux <ignored> (mips not supported in LTS)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5
+ NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/
+CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...)
+ NOT-FOR-US: FIDO2/Webauthn Support for PHP
+CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...)
+ - golang-1.17 1.17.2-1
+ - golang-1.16 1.16.9-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <not-affected> (Vulnerable code not present)
+ - golang-1.7 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4
+ NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A
+ NOTE: https://github.com/golang/go/issues/48797
+CVE-2021-38296
+ RESERVED
+CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...)
+ - couchdb <removed>
+CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...)
+ {DSA-4962-1}
+ - ledgersmb 1.6.9+ds-2.1 (bug #992817)
+ NOTE: https://ledgersmb.org/cve-2021-3694-cross-site-scripting
+CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into the ...)
+ {DSA-4962-1}
+ - ledgersmb 1.6.9+ds-2.1 (bug #992817)
+ NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting
+CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
+ - yii <itp> (bug #597899)
+CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...)
+ NOT-FOR-US: Apache Storm
+CVE-2021-38293
+ RESERVED
+CVE-2021-38292
+ RESERVED
+CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.4.1-1 (unimportant)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1
+ NOTE: https://trac.ffmpeg.org/ticket/9312
+ NOTE: Negligible security impact
+CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38289
+ RESERVED
+CVE-2021-38288
+ RESERVED
+CVE-2021-38287
+ RESERVED
+CVE-2021-38286
+ RESERVED
+CVE-2021-38285
+ RESERVED
+CVE-2021-38284
+ RESERVED
+CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
+CVE-2021-38282
+ RESERVED
+CVE-2021-38281
+ RESERVED
+CVE-2021-38280
+ RESERVED
+CVE-2021-38279
+ RESERVED
+CVE-2021-38278
+ RESERVED
+CVE-2021-38277
+ RESERVED
+CVE-2021-38276
+ RESERVED
+CVE-2021-38275
+ RESERVED
+CVE-2021-38274
+ RESERVED
+CVE-2021-38273
+ RESERVED
+CVE-2021-38272
+ RESERVED
+CVE-2021-38271
+ RESERVED
+CVE-2021-38270
+ RESERVED
+CVE-2021-38269
+ RESERVED
+CVE-2021-38268
+ RESERVED
+CVE-2021-38267
+ RESERVED
+CVE-2021-38266
+ RESERVED
+CVE-2021-38265
+ RESERVED
+CVE-2021-38264
+ RESERVED
+CVE-2021-38263
+ RESERVED
+CVE-2021-38262
+ RESERVED
+CVE-2021-38261
+ RESERVED
+CVE-2021-38260 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...)
+ NOT-FOR-US: NXP MCUXpresso SDK
+CVE-2021-38259
+ RESERVED
+CVE-2021-38258 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...)
+ NOT-FOR-US: NXP MCUXpresso SDK
+CVE-2021-38257
+ RESERVED
+CVE-2021-38256
+ RESERVED
+CVE-2021-38255
+ RESERVED
+CVE-2021-38254
+ RESERVED
+CVE-2021-38253
+ RESERVED
+CVE-2021-38252
+ RESERVED
+CVE-2021-38251
+ RESERVED
+CVE-2021-38250
+ RESERVED
+CVE-2021-38249
+ RESERVED
+CVE-2021-38248
+ RESERVED
+CVE-2021-38247
+ RESERVED
+CVE-2021-38246
+ RESERVED
+CVE-2021-38245
+ RESERVED
+CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...)
+ NOT-FOR-US: cbioportal
+CVE-2021-38243
+ RESERVED
+CVE-2021-38242
+ RESERVED
+CVE-2021-38241
+ RESERVED
+CVE-2021-38240
+ RESERVED
+CVE-2021-38239
+ RESERVED
+CVE-2021-38238
+ RESERVED
+CVE-2021-38237
+ RESERVED
+CVE-2021-38236
+ RESERVED
+CVE-2021-38235
+ RESERVED
+CVE-2021-38234
+ RESERVED
+CVE-2021-38233
+ RESERVED
+CVE-2021-38232
+ RESERVED
+CVE-2021-38231
+ RESERVED
+CVE-2021-38230
+ RESERVED
+CVE-2021-38229
+ RESERVED
+CVE-2021-38228
+ RESERVED
+CVE-2021-38227
+ RESERVED
+CVE-2021-38226
+ RESERVED
+CVE-2021-38225
+ RESERVED
+CVE-2021-38224
+ RESERVED
+CVE-2021-38223
+ RESERVED
+CVE-2021-38222
+ RESERVED
+CVE-2021-38221
+ RESERVED
+CVE-2021-38220
+ RESERVED
+CVE-2021-38219
+ RESERVED
+CVE-2021-38218
+ RESERVED
+CVE-2021-38217
+ RESERVED
+CVE-2021-38216
+ RESERVED
+CVE-2021-38215
+ RESERVED
+CVE-2021-38214
+ RESERVED
+CVE-2021-38213
+ RESERVED
+CVE-2021-38212
+ RESERVED
+CVE-2021-38211
+ RESERVED
+CVE-2021-38210
+ RESERVED
+CVE-2021-3691
+ RESERVED
+CVE-2021-3690 [buffer leak on incoming websocket PONG message may lead to DoS]
+ RESERVED
+ - undertow 2.2.10-1
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1935
+CVE-2021-38209 (net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.1 ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/linus/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6
+CVE-2021-38208 (net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
+CVE-2021-38207 (drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before ...)
+ - linux 5.10.46-1
+ [buster] - linux <ignored> (Not applicable to any release architecture)
+ [stretch] - linux <ignored> (Not applicable to any release architecture)
+ NOTE: https://git.kernel.org/linus/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d
+CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when a devi ...)
+ - linux 5.10.46-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48
+CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37
+CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1 (unimportant)
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b
+CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...)
+ - linux 5.14.6-1
+ [bullseye] - linux <not-affected> (Vulnerability introduced later)
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://git.kernel.org/linus/1cb3db1cf383a3c7dbda1aa0ce748b0958759947
+CVE-2021-38202 (fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote a ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/7b08cf62b1239a4322427d677ea9363f0ab677c6
+CVE-2021-38201 (net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attac ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c
+CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
+CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
+CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7
+CVE-2021-38197 (unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Director ...)
+ NOT-FOR-US: Go unarr
+CVE-2021-38196 (An issue was discovered in the better-macro crate through 2021-07-22 f ...)
+ NOT-FOR-US: Rust crate better macto
+CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rus ...)
+ NOT-FOR-US: Rust crate libsecp256k1
+CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rus ...)
+ NOT-FOR-US: Rust crate ark-r1cs-std
+CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0 for Rust ...)
+ NOT-FOR-US: Rust crate prost-types
+CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1 for Rust. ...)
+ NOT-FOR-US: Rust crate nalgebra
+CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for Rust. In ...)
+ NOT-FOR-US: Rust crate lettre
+CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. ...)
+ NOT-FOR-US: Rust crate iced-x86
+CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for Rust. I ...)
+ - rust-anymap <unfixed> (bug #992046)
+ [bullseye] - rust-anymap <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0065.html
+CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for Rust. It ...)
+ NOT-FOR-US: Rust crate comrak
+CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...)
+ - cpio 2.13+dfsg-5 (bug #992045)
+ [bullseye] - cpio <no-dsa> (Minor issue)
+ [buster] - cpio <no-dsa> (Minor issue)
+ [stretch] - cpio <no-dsa> (Minor issue)
+ NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
+ NOTE: https://github.com/fangqyi/cpiopwn
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html
+ NOTE: Regression: https://bugs.debian.org/992098
+ NOTE: Regression fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
+ NOTE: Regression #2: https://bugs.debian.org/992192
+ NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1
+CVE-2021-38184
+ RESERVED
+CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...)
+ NOT-FOR-US: SAP
+CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can ...)
+ NOT-FOR-US: Kyma
+CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...)
+ NOT-FOR-US: SAP
+CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...)
+ NOT-FOR-US: SAP
+CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...)
+ NOT-FOR-US: SAP
+CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...)
+ NOT-FOR-US: SAP
+CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...)
+ NOT-FOR-US: SAP
+CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...)
+ NOT-FOR-US: SAP
+CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an attacker wi ...)
+ NOT-FOR-US: SAP
+CVE-2021-38174 (When a user opens manipulated files received from untrusted sources in ...)
+ NOT-FOR-US: SAP
+CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
+ - yii <itp> (bug #597899)
+CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mishandlin ...)
+ {DLA-2755-1}
+ - btrbk 0.27.1-2
+ [bullseye] - btrbk 0.27.1-1.1+deb11u1
+ [buster] - btrbk 0.27.1-1+deb10u1
+ NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
+ NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
+CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...)
+ NOT-FOR-US: perM
+CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.4.1-1
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+CVE-2021-38170
+ RESERVED
+CVE-2021-38169 (Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and ...)
+ NOT-FOR-US: Roxy-WI
+CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_ ...)
+ NOT-FOR-US: Roxy-WI
+CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unaut ...)
+ NOT-FOR-US: Roxy-WI
+CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - ...)
+ NOT-FOR-US: SAP
+CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...)
+ NOT-FOR-US: SAP
+CVE-2021-38161 (Improper Authentication vulnerability in TLS origin verification of Ap ...)
+ - trafficserver 9.1.0+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: Mark first 9.x version as the fixed version as workaround, the issue does
+ NOTE: not affect the 9.x series.
+ NOTE: https://github.com/apache/trafficserver/commit/feefc5e4abc5011dfad5dcfef3f22998faf6e2d4 (8.1.x)
+ NOTE: but reverted pot 8.1.3 in https://github.com/apache/trafficserver/commit/bbbf80d75105313b51153c7fde0bf0edc8cf7783
+CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...)
+ {DSA-4978-1}
+ - linux 5.14.6-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+CVE-2021-38159 (In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0 ...)
+ NOT-FOR-US: Progress MOVEit Transfer
+CVE-2021-38158
+ RESERVED
+CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before ...)
+ NOT-FOR-US: LeoStream Connection Broker
+CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboar ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
+ - keystone 2:19.0.0-3 (bug #992070)
+ [bullseye] - keystone 2:18.0.0-3+deb11u1
+ [buster] - keystone <no-dsa> (Minor issue)
+ [stretch] - keystone <end-of-life> (Keystone not supported in stretch)
+ NOTE: https://launchpad.net/bugs/1688137
+CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
+ {DSA-4953-1 DLA-2736-1}
+ [experimental] - lynx 2.9.0dev.9-1
+ - lynx 2.9.0dev.6-3 (bug #991971)
+ [bullseye] - lynx 2.9.0dev.6-3~deb11u1
+ NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
+ NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
+ NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
+CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
+CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...)
+ NOT-FOR-US: Canon
+CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to validate a pass ...)
+ - kafka <itp> (bug #786460)
+CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...)
+ NOT-FOR-US: Chikitsa Patient Management System
+CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...)
+ NOT-FOR-US: Chikitsa Patient Management System
+CVE-2021-38150 (When an attacker manages to get access to the local memory, or the mem ...)
+ NOT-FOR-US: SAP
+CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...)
+ NOT-FOR-US: Chikitsa Patient Management System
+CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...)
+ NOT-FOR-US: Obsidian
+CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
+CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
+CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
+ NOT-FOR-US: Form Tools
+CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...)
+ NOT-FOR-US: Form Tools
+CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...)
+ NOT-FOR-US: Form Tools
+CVE-2021-38142 (Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and ...)
+ NOT-FOR-US: Barco MirrorOp Windows Sender
+CVE-2021-38141
+ RESERVED
+CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...)
+ NOT-FOR-US: set_user extension for Postgres
+CVE-2021-38139
+ RESERVED
+CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...)
+ NOT-FOR-US: OneNav
+CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctly chec ...)
+ NOT-FOR-US: Corero SecureWatch Managed Services
+CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...)
+ NOT-FOR-US: Corero SecureWatch Managed Services
+CVE-2021-3688
+ RESERVED
+ NOT-FOR-US: Red Hat JBoss Core Services HTTP Server
+CVE-2021-38135
+ RESERVED
+CVE-2021-38134
+ RESERVED
+CVE-2021-38133
+ RESERVED
+CVE-2021-38132
+ RESERVED
+CVE-2021-38131
+ RESERVED
+CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38128
+ RESERVED
+CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38125
+ RESERVED
+CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38122
+ RESERVED
+CVE-2021-38121
+ RESERVED
+CVE-2021-38120
+ RESERVED
+CVE-2021-38119
+ RESERVED
+CVE-2021-38118
+ RESERVED
+CVE-2021-38117
+ RESERVED
+CVE-2021-38116
+ RESERVED
+CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...)
+ - libgd2 <unfixed> (bug #991912)
+ [bullseye] - libgd2 <no-dsa> (Minor issue)
+ [buster] - libgd2 <no-dsa> (Minor issue)
+ [stretch] - libgd2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/libgd/libgd/issues/697
+ NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
+CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.4.1-1
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
+CVE-2021-3687
+ RESERVED
+CVE-2021-3686
+ RESERVED
+CVE-2021-3685
+ RESERVED
+CVE-2021-3684
+ RESERVED
+CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
+ NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
+CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...)
+ NOT-FOR-US: Amazon AWS client for Windows
+CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...)
+ NOT-FOR-US: DEF CON 27 badge
+CVE-2021-38110 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...)
+ NOT-FOR-US: Corel WordPerfect
+CVE-2021-38109 (Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Rea ...)
+ NOT-FOR-US: Corel DrawStandard
+CVE-2021-38108 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...)
+ NOT-FOR-US: Corel WordPerfect
+CVE-2021-38107 (CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Ou ...)
+ NOT-FOR-US: Corel DrawStandard
+CVE-2021-38106 (UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38105 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38102 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38101 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
+ NOT-FOR-US: Corel PhotoPaint Standard
+CVE-2021-38100 (Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bou ...)
+ NOT-FOR-US: Corel PhotoPaint Standard
+CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
+ NOT-FOR-US: Corel PhotoPaint Standard
+CVE-2021-38098 (Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerabilit ...)
+ NOT-FOR-US: Corel PDF Fusion
+CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...)
+ NOT-FOR-US: Corel PDF Fusion
+CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...)
+ NOT-FOR-US: Corel PDF Fusion
+CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
+ NOT-FOR-US: Planview Spigit
+CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+ NOTE: Negligible security impact
+CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+ NOTE: Negligible security impact
+CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+CVE-2021-38089
+ REJECTED
+CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...)
+ {DSA-4980-1 DLA-2753-1}
+ - qemu 1:6.0+dfsg-3 (bug #991911)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491
+ NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2)
+CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...)
+ NOT-FOR-US: Acronis Cyber Protect
+CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...)
+ NOT-FOR-US: Acronis Cyber Protect
+CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...)
+ NOT-FOR-US: Acronis Cyber Protect
+CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...)
+ NOT-FOR-US: Canon
+CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...)
+ - courier <unfixed> (bug #989375)
+ [bullseye] - courier <no-dsa> (Minor issue)
+ [buster] - courier <no-dsa> (Minor issue)
+ [stretch] - courier <postponed> (Minor issue, include in next update)
+ NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583
+ NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/
+ NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5)
+CVE-2021-38083
+ RESERVED
+CVE-2021-38082
+ RESERVED
+CVE-2021-38081
+ RESERVED
+CVE-2021-38080
+ RESERVED
+CVE-2021-38079
+ RESERVED
+CVE-2021-38078
+ RESERVED
+CVE-2021-38077
+ RESERVED
+CVE-2021-38076
+ RESERVED
+CVE-2021-38075
+ RESERVED
+CVE-2021-38074
+ RESERVED
+CVE-2021-38073
+ RESERVED
+CVE-2021-38072
+ RESERVED
+CVE-2021-38071
+ RESERVED
+CVE-2021-38070
+ RESERVED
+CVE-2021-38069
+ RESERVED
+CVE-2021-38068
+ RESERVED
+CVE-2021-38067
+ RESERVED
+CVE-2021-38066
+ RESERVED
+CVE-2021-38065
+ RESERVED
+CVE-2021-38064
+ RESERVED
+CVE-2021-38063
+ RESERVED
+CVE-2021-38062
+ RESERVED
+CVE-2021-38061
+ RESERVED
+CVE-2021-38060
+ RESERVED
+CVE-2021-38059
+ RESERVED
+CVE-2021-38058
+ RESERVED
+CVE-2021-38057
+ RESERVED
+CVE-2021-38056
+ RESERVED
+CVE-2021-38055
+ RESERVED
+CVE-2021-38054
+ RESERVED
+CVE-2021-38053
+ RESERVED
+CVE-2021-38052
+ RESERVED
+CVE-2021-38051
+ RESERVED
+CVE-2021-38050
+ RESERVED
+CVE-2021-38049
+ RESERVED
+CVE-2021-38048
+ RESERVED
+CVE-2021-38047
+ RESERVED
+CVE-2021-38046
+ RESERVED
+CVE-2021-38045
+ RESERVED
+CVE-2021-38044
+ RESERVED
+CVE-2021-38043
+ RESERVED
+CVE-2021-38042
+ RESERVED
+CVE-2021-38041
+ RESERVED
+CVE-2021-38040
+ RESERVED
+CVE-2021-38039
+ RESERVED
+CVE-2021-38038
+ RESERVED
+CVE-2021-38037
+ RESERVED
+CVE-2021-38036
+ RESERVED
+CVE-2021-38035
+ RESERVED
+CVE-2021-38034
+ RESERVED
+CVE-2021-38033
+ RESERVED
+CVE-2021-38032
+ RESERVED
+CVE-2021-38031
+ RESERVED
+CVE-2021-38030
+ RESERVED
+CVE-2021-38029
+ RESERVED
+CVE-2021-38028
+ RESERVED
+CVE-2021-38027
+ RESERVED
+CVE-2021-38026
+ RESERVED
+CVE-2021-38025
+ RESERVED
+CVE-2021-38024
+ RESERVED
+CVE-2021-38023
+ RESERVED
+CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37960
+ REJECTED
+CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37955
+ RESERVED
+CVE-2021-37954
+ RESERVED
+CVE-2021-37953
+ RESERVED
+CVE-2021-37952
+ RESERVED
+CVE-2021-37951
+ RESERVED
+CVE-2021-37950
+ RESERVED
+CVE-2021-37949
+ RESERVED
+CVE-2021-37948
+ RESERVED
+CVE-2021-37947
+ RESERVED
+CVE-2021-37946
+ RESERVED
+CVE-2021-37945
+ RESERVED
+CVE-2021-37944
+ RESERVED
+CVE-2021-37943
+ RESERVED
+CVE-2021-37942
+ RESERVED
+CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent, ...)
+ NOT-FOR-US: Elastic APM Java agent
+CVE-2021-37940 (An information disclosure via GET request server-side request forgery ...)
+ NOT-FOR-US: Workplace Search GHES integration
+CVE-2021-37939 (It was discovered that Kibana&#8217;s JIRA connector &amp; IBM Resilie ...)
+ NOT-FOR-US: IBM
+CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...)
+ - kibana <itp> (bug #700337)
+CVE-2021-37937
+ RESERVED
+CVE-2021-37936
+ RESERVED
+CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...)
+ NOT-FOR-US: Huntflow Enterprise
+CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...)
+ NOT-FOR-US: Huntflow Enterprise
+CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...)
+ NOT-FOR-US: Huntflow Enterprise
+CVE-2021-37932
+ RESERVED
+CVE-2021-3681
+ RESERVED
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407
+ TODO: check, needs verifying the affected ansible/ansible-base components
+CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
+CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37929 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37928 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...)
+ NOT-FOR-US: Zoho ManageEngine ADManager Plus
+CVE-2021-37926 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...)
+ NOT-FOR-US: Zoho ManageEngine ADManager Plus
+CVE-2021-37924 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37923 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37922 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37921 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37920 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37919 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37917
+ RESERVED
+CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...)
+ NOT-FOR-US: Joplin
+CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...)
+ NOT-FOR-US: Grandstream
+CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...)
+ NOT-FOR-US: Argo Workflows
+CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...)
+ NOT-FOR-US: HGiga OAKlouds mobile portal
+CVE-2021-37912 (The HGiga OAKlouds mobile portal does not filter special characters of ...)
+ NOT-FOR-US: HGiga OAKlouds mobile portal
+CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...)
+ NOT-FOR-US: BenQ smart wireless conference projector
+CVE-2021-37910 (ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has i ...)
+ NOT-FOR-US: ASUS routers
+CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not filter and v ...)
+ NOT-FOR-US: TSSServiSignAdapter Windows
+CVE-2021-37908
+ RESERVED
+CVE-2021-37907
+ RESERVED
+CVE-2021-37906
+ RESERVED
+CVE-2021-37905
+ RESERVED
+CVE-2021-37904
+ RESERVED
+CVE-2021-37903
+ RESERVED
+CVE-2021-37902
+ RESERVED
+CVE-2021-37901
+ RESERVED
+CVE-2021-37900
+ RESERVED
+CVE-2021-37899
+ RESERVED
+CVE-2021-37898
+ RESERVED
+CVE-2021-37897
+ RESERVED
+CVE-2021-37896
+ RESERVED
+CVE-2021-37895
+ RESERVED
+CVE-2021-37894
+ RESERVED
+CVE-2021-37893
+ RESERVED
+CVE-2021-37892
+ RESERVED
+CVE-2021-37891
+ RESERVED
+CVE-2021-37890
+ RESERVED
+CVE-2021-37889
+ RESERVED
+CVE-2021-37888
+ RESERVED
+CVE-2021-37887
+ RESERVED
+CVE-2021-37886
+ RESERVED
+CVE-2021-37885
+ RESERVED
+CVE-2021-37884
+ RESERVED
+CVE-2021-37883
+ RESERVED
+CVE-2021-37882
+ RESERVED
+CVE-2021-37881
+ RESERVED
+CVE-2021-37880
+ RESERVED
+CVE-2021-37879
+ RESERVED
+CVE-2021-37878
+ RESERVED
+CVE-2021-37877
+ RESERVED
+CVE-2021-37876
+ RESERVED
+CVE-2021-37875
+ RESERVED
+CVE-2021-37874
+ RESERVED
+CVE-2021-37873
+ RESERVED
+CVE-2021-37872
+ RESERVED
+CVE-2021-37871
+ RESERVED
+CVE-2021-37870
+ RESERVED
+CVE-2021-37869
+ RESERVED
+CVE-2021-37868
+ RESERVED
+CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...)
+ NOT-FOR-US: Mattermost Boards plugin
+CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...)
+ NOT-FOR-US: Mattermost Boards plugin
+CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37865 (MMSA-2021-0081)
+CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37864 (MMSA-2021-0076)
+CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37863 (MMSA-2021-0075)
+CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37862 (MMSA-2021-0074)
+CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2021-37858
+ REJECTED
+CVE-2021-37857
+ REJECTED
+CVE-2021-37856
+ REJECTED
+CVE-2021-37855
+ REJECTED
+CVE-2021-37854
+ REJECTED
+CVE-2021-37853
+ REJECTED
+CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...)
+ NOT-FOR-US: ESET
+CVE-2021-37851
+ RESERVED
+CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...)
+ NOT-FOR-US: ESET
+CVE-2021-37849
+ RESERVED
+CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...)
+ NOT-FOR-US: Pengutronix Barebox
+CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing ...)
+ NOT-FOR-US: Pengutronix Barebox
+CVE-2021-37846
+ RESERVED
+CVE-2021-37845
+ RESERVED
+ - citadel <removed>
+ [buster] - citadel <ignored> (Minor issue)
+ [stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259
+ NOTE: https://nostarttls.secvuln.info/
+ NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes
+CVE-2021-37844
+ RESERVED
+CVE-2021-3677 [Memory disclosure in certain queries]
+ RESERVED
+ - postgresql-13 13.4-1
+ [bullseye] - postgresql-13 13.4-0+deb11u1
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.13-0+deb10u1
+ NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/
+CVE-2021-3676
+ RESERVED
+CVE-2021-3675
+ RESERVED
+CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...)
+ NOT-FOR-US: resolution SAML SSO apps for Atlassian products
+CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...)
+ NOT-FOR-US: Docker Desktop on Windows
+CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...)
+ NOT-FOR-US: aaPanel
+CVE-2021-37839
+ RESERVED
+CVE-2021-3674
+ RESERVED
+CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...)
+ - radare2 5.5.0+dfsg-1
+ NOTE: https://github.com/radareorg/radare2/issues/18923
+ NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d
+CVE-2021-37838
+ RESERVED
+CVE-2021-37837
+ RESERVED
+CVE-2021-37836
+ RESERVED
+CVE-2021-37835
+ RESERVED
+CVE-2021-37834
+ RESERVED
+CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...)
+ - hoteldruid 3.0.3-1 (bug #991910)
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
+ [buster] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <no-dsa> (Minor issue)
+ NOTE: https://github.com/dievus/CVE-2021-37833
+CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid w ...)
+ - hoteldruid 3.0.3-1 (bug #991910)
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
+ [buster] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <no-dsa> (Minor issue)
+ NOTE: https://github.com/dievus/CVE-2021-37832
+CVE-2021-37831
+ RESERVED
+CVE-2021-37830
+ RESERVED
+CVE-2021-37829
+ RESERVED
+CVE-2021-37828
+ RESERVED
+CVE-2021-37827
+ RESERVED
+CVE-2021-37826
+ RESERVED
+CVE-2021-37825
+ RESERVED
+CVE-2021-37824
+ RESERVED
+CVE-2021-37823
+ RESERVED
+CVE-2021-37822
+ RESERVED
+CVE-2021-37821
+ RESERVED
+CVE-2021-37820
+ RESERVED
+CVE-2021-37819
+ RESERVED
+CVE-2021-37818
+ RESERVED
+CVE-2021-37817
+ RESERVED
+CVE-2021-37816
+ RESERVED
+CVE-2021-37815
+ RESERVED
+CVE-2021-37814
+ RESERVED
+CVE-2021-37813
+ RESERVED
+CVE-2021-37812
+ RESERVED
+CVE-2021-37811
+ RESERVED
+CVE-2021-37810
+ RESERVED
+CVE-2021-37809
+ RESERVED
+CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com News Por ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com Online ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2021-37806 (An SQL Injection vulnerability exists in https://phpgurukul.com Vehicl ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodes ...)
+ NOT-FOR-US: Sourcecodeste Vehicle Parking Management System
+CVE-2021-37804
+ RESERVED
+CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online Covid V ...)
+ NOT-FOR-US: Sourcecodester Online Covid Vaccination Scheduler System
+CVE-2021-37802
+ RESERVED
+CVE-2021-37801
+ RESERVED
+CVE-2021-37800
+ RESERVED
+CVE-2021-37799
+ RESERVED
+CVE-2021-37798
+ RESERVED
+CVE-2021-37797
+ RESERVED
+CVE-2021-37796
+ RESERVED
+CVE-2021-37795
+ RESERVED
+CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in FileBrowse ...)
+ NOT-FOR-US: FileBrowser
+CVE-2021-37793
+ RESERVED
+CVE-2021-37792
+ RESERVED
+CVE-2021-37791
+ RESERVED
+CVE-2021-37790
+ RESERVED
+CVE-2021-37789
+ RESERVED
+CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...)
+ NOT-FOR-US: Gurock TestRail
+CVE-2021-37787
+ RESERVED
+CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...)
+ NOT-FOR-US: Covid certificate app in Switzerland.
+CVE-2021-37785
+ RESERVED
+CVE-2021-37784
+ RESERVED
+CVE-2021-37783
+ RESERVED
+CVE-2021-37782
+ RESERVED
+CVE-2021-37781
+ RESERVED
+CVE-2021-37780
+ RESERVED
+CVE-2021-37779
+ RESERVED
+CVE-2021-37778
+ RESERVED
+CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...)
+ NOT-FOR-US: Gila CMS
+CVE-2021-37776
+ RESERVED
+CVE-2021-37775
+ RESERVED
+CVE-2021-37774
+ RESERVED
+CVE-2021-37773
+ RESERVED
+CVE-2021-37772
+ RESERVED
+CVE-2021-37771
+ RESERVED
+CVE-2021-37770
+ RESERVED
+CVE-2021-37769
+ RESERVED
+CVE-2021-37768
+ RESERVED
+CVE-2021-37767
+ RESERVED
+CVE-2021-37766
+ RESERVED
+CVE-2021-37765
+ RESERVED
+CVE-2021-37764
+ RESERVED
+CVE-2021-37763
+ RESERVED
+CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...)
+ - graylog2 <itp> (bug #652273)
+CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...)
+ - graylog2 <itp> (bug #652273)
+CVE-2021-37758
+ RESERVED
+CVE-2021-37757
+ RESERVED
+CVE-2021-37756
+ RESERVED
+CVE-2021-37755
+ RESERVED
+CVE-2021-37754
+ RESERVED
+CVE-2021-37753
+ RESERVED
+CVE-2021-37752
+ RESERVED
+CVE-2021-37751
+ RESERVED
+CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...)
+ {DLA-2771-1}
+ - krb5 1.18.3-7 (bug #992607)
+ [bullseye] - krb5 1.18.3-6+deb11u1
+ [buster] - krb5 1.17-3+deb10u3
+ NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
+CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...)
+ NOT-FOR-US: Hexagon GeoMedia WebMap
+CVE-2021-37748 (Multiple buffer overflows in the limited configuration shell (/sbin/gs ...)
+ NOT-FOR-US: Grandstream
+CVE-2021-37747
+ RESERVED
+CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...)
+ - claws-mail 3.18.0-1 (bug #991722)
+ [bullseye] - claws-mail <no-dsa> (Minor issue)
+ [buster] - claws-mail <no-dsa> (Minor issue)
+ [stretch] - claws-mail <no-dsa> (Minor issue)
+ - sylpheed <unfixed> (bug #991723)
+ [bullseye] - sylpheed <no-dsa> (Minor issue)
+ [buster] - sylpheed <no-dsa> (Minor issue)
+ [stretch] - sylpheed <no-dsa> (Minor issue)
+ NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
+CVE-2021-3672 (A flaw was found in c-ares library, where a missing input validation c ...)
+ {DSA-4954-1 DLA-2738-1}
+ - c-ares 1.17.1-1.1 (bug #992053)
+ [bullseye] - c-ares 1.17.1-1+deb11u1
+ NOTE: https://c-ares.haxx.se/adv_20210810.html
+ NOTE: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83
+ NOTE: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14
+CVE-2021-37745
+ RESERVED
+CVE-2021-37744
+ RESERVED
+CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored X ...)
+ NOT-FOR-US: MISP
+CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...)
+ NOT-FOR-US: MISP
+CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37740
+ RESERVED
+CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37723 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37722 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37721 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37720 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37719 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37718 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37717 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba SD-WAN ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...)
+ - heimdal 7.7.0+dfsg-3 (bug #996586)
+ [bullseye] - heimdal <no-dsa> (Minor issue)
+ [buster] - heimdal <no-dsa> (Minor issue)
+ [stretch] - heimdal <no-dsa> (Minor issue)
+ - samba 2:4.13.13+dfsg-1
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u1
+ [buster] - samba <no-dsa> (Minor issue)
+ [stretch] - samba <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770
+ NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
+ NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a
+ NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability.
+ NOTE: Fixed by (Samba): https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5
+CVE-2021-3670
+ RESERVED
+CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...)
+ - jsoup 1.14.2-1 (bug #992590)
+ [bullseye] - jsoup <no-dsa> (Minor issue)
+ [buster] - jsoup <no-dsa> (Minor issue)
+ [stretch] - jsoup <no-dsa> (Minor issue)
+ NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c
+CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...)
+ - node-tar <not-affected> (Only affects node-tar on Windows)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
+CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...)
+ {DSA-5008-1}
+ - node-tar 6.1.11+~cs11.3.10-1 (bug #993981)
+ [stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
+CVE-2021-37711 (Versions prior to 6.4.3.1 contain an authenticated server-side request ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37710 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
+ NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865
+CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...)
+ NOT-FOR-US: OneFuzz
+CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
+ NOT-FOR-US: PhpFastCache
+CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...)
+ NOT-FOR-US: Discourse
+CVE-2021-37702 (Pimcore is an open source data &amp; experience management platform. P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...)
+ {DSA-5008-1}
+ - node-tar 6.1.7+~cs11.3.10-1
+ [stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
+CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...)
+ NOT-FOR-US: Node paste-markdown
+CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
+ NOT-FOR-US: next.js
+CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
+ - icinga2 2.13.1-1
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2
+ NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
+ NOTE: https://github.com/Icinga/icinga2/commit/8910abc5882774c067dfc22cdf8bf8b830257608 (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/bf535969ac23962b65b72ea3893c6b384e1d3218 (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/d7133ae4298d133a088b25c9a71ffeb1f8164a8d (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/6db8795ca4b6a853f49615279f068d4cf2b42087 (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/b7dd909a30367a4b8389e9362f05a856bbd7b081 (v2.12.6)
+CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
+ NOT-FOR-US: tmerc-cogs
+CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
+ NOT-FOR-US: tmerc-cogs
+CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ {DLA-2813-1}
+ - ckeditor 4.16.2+dfsg-1 (bug #992290)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
+CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
+ NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template
+CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...)
+ NOT-FOR-US: Discourse
+CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37690 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37689 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37688 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37687 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37686 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37685 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37684 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37683 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37682 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37681 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37680 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37679 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37678 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37677 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37676 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37675 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37674 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37673 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37672 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37671 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37670 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37669 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37668 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37667 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37666 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37665 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37664 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37663 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37662 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37661 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37659 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37658 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37657 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37656 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37655 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37654 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37652 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37651 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37650 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37648 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37646 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37645 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37644 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37641 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37638 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37635 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...)
+ NOT-FOR-US: Leafkit
+CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...)
+ NOT-FOR-US: Discourse
+CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...)
+ NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft)
+CVE-2021-37631 (Deck is an open source kanban style organization tool aimed at persona ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2021-37630 (Nextcloud Circles is an open source social network built for the nextc ...)
+ NOT-FOR-US: Nextcloud Cirles
+CVE-2021-37629 (Nextcloud Richdocuments is an open source collaborative office suite. ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-37628 (Nextcloud Richdocuments is an open source collaborative office suite. ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...)
+ NOT-FOR-US: Skytable
+CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
+CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
+ NOTE: https://github.com/Exiv2/exiv2/pull/1790
+CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
+ NOTE: https://github.com/Exiv2/exiv2/pull/1788
+CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
+ NOTE: https://github.com/Exiv2/exiv2/pull/1778
+CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <ignored> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728
+ NOTE: https://github.com/Exiv2/exiv2/pull/1769
+CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
+ NOTE: https://github.com/Exiv2/exiv2/pull/1752
+CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
+ NOTE: https://github.com/Exiv2/exiv2/pull/1759
+CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ - nextcloud-desktop <not-affected> (Doesn't affect Nextcloud client as shipped in Debian)
+ NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
+CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
+ NOTE: https://github.com/Exiv2/exiv2/pull/1758
+CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
+ NOTE: https://github.com/Exiv2/exiv2/pull/1758
+CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...)
+ NOT-FOR-US: MOVEit Transfer
+CVE-2021-37613 (Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-37612
+ RESERVED
+CVE-2021-37611
+ RESERVED
+CVE-2021-37610
+ RESERVED
+CVE-2021-37609
+ RESERVED
+CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-37607
+ RESERVED
+CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory segment counts]
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
+CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
+ NOT-FOR-US: Meow hash
+CVE-2021-37605 (In version 6.5 Microchip MiWi software and all previous versions inclu ...)
+ NOT-FOR-US: Microchip MiWi
+CVE-2021-37604 (In version 6.5 of Microchip MiWi software and all previous versions in ...)
+ NOT-FOR-US: Microchip MiWi
+CVE-2021-37603
+ RESERVED
+CVE-2021-37602
+ RESERVED
+CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Winscribe ...)
+ NOT-FOR-US: Nuance
+CVE-2021-3668
+ RESERVED
+CVE-2021-37600 (** DISPUTED ** An integer overflow in util-linux through 2.37.1 can po ...)
+ - util-linux 2.36.1-8 (low; bug #991619)
+ [buster] - util-linux <no-dsa> (Minor issue)
+ [stretch] - util-linux <no-dsa> (Minor issue)
+ NOTE: https://github.com/karelzak/util-linux/issues/1395
+ NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
+CVE-2021-37598 (WP Cerber before 8.9.3 allows bypass of /wp-json access control via a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-37597 (WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name. ...)
+ NOT-FOR-US: Telegram Web K Alpha
+CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
+ - freerdp2 <not-affected> (Windows-specific)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9
+CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
+ - freerdp2 <not-affected> (Windows-specific)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9
+CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...)
+ NOT-FOR-US: PEEL Shopping
+CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a cl ...)
+ - suricata 1:6.0.4-1
+ [bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
+ NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public)
+CVE-2021-37591
+ RESERVED
+CVE-2021-37590
+ RESERVED
+CVE-2021-37589
+ RESERVED
+CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...)
+ NOT-FOR-US: Charm
+CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...)
+ NOT-FOR-US: Charm
+CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...)
+ NOT-FOR-US: Mitel
+CVE-2021-37585
+ RESERVED
+CVE-2021-37584 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37583 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37582
+ RESERVED
+CVE-2021-37581
+ RESERVED
+CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-3667
+ RESERVED
+ - libvirt 7.6.0-1 (bug #991594)
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <not-affected> (Introduced in 4.1)
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 (v7.6.0-rc1)
+ NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
+CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote Method Invo ...)
+ NOT-FOR-US: Apache jUDDI
+CVE-2021-37577
+ RESERVED
+CVE-2021-37575
+ RESERVED
+CVE-2021-37574
+ RESERVED
+CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...)
+ NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS)
+CVE-2021-37572 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37571 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37570 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37569 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37568 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37567 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37566 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37565 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37564 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37563 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37562 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37561 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37560 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37559
+ RESERVED
+CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon before 2 ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon before 2 ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...)
+ NOT-FOR-US: TX9 Automatic Food Dispenser
+CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestri ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
+ NOT-FOR-US: Node body-parser-xml
+CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
+ {DSA-4978-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <ignored> (powerpc architectures not included in LTS)
+ NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
+CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-37537
+ RESERVED
+CVE-2021-37536
+ RESERVED
+CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) - versio ...)
+ NOT-FOR-US: SAP
+CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...)
+ NOT-FOR-US: MISP
+CVE-2021-37533
+ RESERVED
+CVE-2021-37532 (SAP Business One version - 10, due to improper input validation, allow ...)
+ NOT-FOR-US: SAP
+CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...)
+ - fig2dev 1:3.2.8b-1
+ [bullseye] - fig2dev <no-dsa> (Minor issue)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/126/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/ff103511e49c44c83fc58e2092aa37e9019a3a9f/
+CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...)
+ - fig2dev 1:3.2.8b-1
+ [bullseye] - fig2dev <no-dsa> (Minor issue)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/125/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/899ea1277387ca9e9853bf61d29b7419d5692691/
+CVE-2021-37528
+ RESERVED
+CVE-2021-37527
+ RESERVED
+CVE-2021-37526
+ RESERVED
+CVE-2021-37525
+ RESERVED
+CVE-2021-37524
+ RESERVED
+CVE-2021-37523
+ RESERVED
+CVE-2021-37522
+ RESERVED
+CVE-2021-37521
+ RESERVED
+CVE-2021-37520
+ RESERVED
+CVE-2021-37519
+ RESERVED
+CVE-2021-37518
+ RESERVED
+CVE-2021-37517
+ RESERVED
+CVE-2021-37516
+ RESERVED
+CVE-2021-37515
+ RESERVED
+CVE-2021-37514
+ RESERVED
+CVE-2021-37513
+ RESERVED
+CVE-2021-37512
+ RESERVED
+CVE-2021-37511
+ RESERVED
+CVE-2021-37510
+ RESERVED
+CVE-2021-37509
+ RESERVED
+CVE-2021-37508
+ RESERVED
+CVE-2021-37507
+ RESERVED
+CVE-2021-37506
+ RESERVED
+CVE-2021-37505
+ RESERVED
+CVE-2021-37504
+ RESERVED
+CVE-2021-37503
+ RESERVED
+CVE-2021-37502
+ RESERVED
+CVE-2021-37501
+ RESERVED
+CVE-2021-37500
+ RESERVED
+CVE-2021-37499
+ RESERVED
+CVE-2021-37498
+ RESERVED
+CVE-2021-37497
+ RESERVED
+CVE-2021-37496
+ RESERVED
+CVE-2021-37495
+ RESERVED
+CVE-2021-37494
+ RESERVED
+CVE-2021-37493
+ RESERVED
+CVE-2021-37492
+ RESERVED
+CVE-2021-37491
+ RESERVED
+CVE-2021-37490
+ RESERVED
+CVE-2021-37489
+ RESERVED
+CVE-2021-37488
+ RESERVED
+CVE-2021-37487
+ RESERVED
+CVE-2021-37486
+ RESERVED
+CVE-2021-37485
+ RESERVED
+CVE-2021-37484
+ RESERVED
+CVE-2021-37483
+ RESERVED
+CVE-2021-37482
+ RESERVED
+CVE-2021-37481
+ RESERVED
+CVE-2021-37480
+ RESERVED
+CVE-2021-37479
+ RESERVED
+CVE-2021-37478 (In NavigateCMS version 2.9.4 and below, function `block` is vulnerable ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37477 (In NavigateCMS version 2.9.4 and below, function in `structure.php` is ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37476 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37475 (In NavigateCMS version 2.9.4 and below, function in `templates.php` is ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37474
+ RESERVED
+CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37472
+ RESERVED
+CVE-2021-37471 (Cradlepoint IBR900-600 devices running versions &lt; 7.21.10 are vulne ...)
+ NOT-FOR-US: Cradlepoint
+CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...)
+ NOT-FOR-US: NCH
+CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can abuse log ...)
+ NOT-FOR-US: NCH
+CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext user acc ...)
+ NOT-FOR-US: NCH
+CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploa ...)
+ NOT-FOR-US: NCH
+CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (refle ...)
+ NOT-FOR-US: NCH
+CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflec ...)
+ NOT-FOR-US: NCH
+CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference Description ...)
+ NOT-FOR-US: NCH
+CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (sto ...)
+ NOT-FOR-US: NCH
+CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover cleartext ...)
+ NOT-FOR-US: NCH
+CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ NOT-FOR-US: NCH
+CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ NOT-FOR-US: NCH
+CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ NOT-FOR-US: NCH
+CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory traversal ...)
+ NOT-FOR-US: NCH
+CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via the logd ...)
+ NOT-FOR-US: NCH
+CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile ...)
+ NOT-FOR-US: NCH
+CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file deletion ...)
+ NOT-FOR-US: NCH
+CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file disclosu ...)
+ NOT-FOR-US: NCH
+CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vu ...)
+ NOT-FOR-US: NCH
+CVE-2021-37438
+ REJECTED
+CVE-2021-37437
+ RESERVED
+CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, ...)
+ NOT-FOR-US: Amazon Echo
+CVE-2021-37435
+ RESERVED
+CVE-2021-37434
+ RESERVED
+CVE-2021-37433
+ RESERVED
+CVE-2021-37432
+ RESERVED
+CVE-2021-37431
+ RESERVED
+CVE-2021-37430
+ RESERVED
+CVE-2021-37429
+ RESERVED
+CVE-2021-37428
+ RESERVED
+CVE-2021-37427
+ RESERVED
+CVE-2021-37426
+ RESERVED
+CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...)
+ NOT-FOR-US: Altova MobileTogether Server
+CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37418
+ REJECTED
+CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37413
+ RESERVED
+CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...)
+ NOT-FOR-US: TechRadar app for Confluence Server
+CVE-2021-37411
+ RESERVED
+CVE-2021-3665
+ RESERVED
+CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site ...)
+ - node-url-parse 1.5.3-1 (bug #991577)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ [stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/
+ NOTE: https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
+CVE-2021-26250
+ RESERVED
+CVE-2021-23208
+ RESERVED
+CVE-2021-23183
+ RESERVED
+CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...)
+ - prosody 0.11.9-2
+ [buster] - prosody <no-dsa> (Minor issue)
+ [stretch] - prosody <not-affected> (Vulnerable code not present)
+ NOTE: https://prosody.im/security/advisory_20210722/
+CVE-2021-37404
+ RESERVED
+CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...)
+ NOT-FOR-US: HP
+CVE-2021-3661
+ RESERVED
+CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-3660
+ RESERVED
+ - cockpit 254-1
+ [bullseye] - cockpit <ignored> (Minor issue)
+ [buster] - cockpit <ignored> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688
+CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...)
+ NOT-FOR-US: IDEC
+CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...)
+ NOT-FOR-US: IDEC
+CVE-2021-37399
+ RESERVED
+CVE-2021-37398
+ RESERVED
+CVE-2021-37397
+ RESERVED
+CVE-2021-37396
+ RESERVED
+CVE-2021-37395
+ RESERVED
+CVE-2021-37394 (In RPCMS v1.8 and below, attackers can interact with API and change va ...)
+ NOT-FOR-US: RPCMS
+CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...)
+ NOT-FOR-US: RPCMS
+CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...)
+ NOT-FOR-US: RPCMS
+CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...)
+ NOT-FOR-US: D-Link
+CVE-2021-37387
+ RESERVED
+CVE-2021-37386
+ RESERVED
+CVE-2021-37385
+ RESERVED
+CVE-2021-37384
+ RESERVED
+CVE-2021-37383
+ RESERVED
+CVE-2021-37382
+ RESERVED
+CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access ...)
+ NOT-FOR-US: Southsoft GMIS
+CVE-2021-37380
+ RESERVED
+CVE-2021-37379
+ RESERVED
+CVE-2021-37378
+ RESERVED
+CVE-2021-37377
+ RESERVED
+CVE-2021-37376
+ RESERVED
+CVE-2021-37375
+ RESERVED
+CVE-2021-37374
+ RESERVED
+CVE-2021-37373
+ RESERVED
+CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...)
+ NOT-FOR-US: Online Student Admission System
+CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...)
+ NOT-FOR-US: Online Student Admission System
+CVE-2021-37370
+ RESERVED
+CVE-2021-37369
+ RESERVED
+CVE-2021-37368
+ RESERVED
+CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...)
+ NOT-FOR-US: CTparental
+CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...)
+ NOT-FOR-US: CTparental
+CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...)
+ NOT-FOR-US: CTparental
+CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...)
+ NOT-FOR-US: OpenClinic
+CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...)
+ NOT-FOR-US: Gestionale Open
+CVE-2021-37362
+ RESERVED
+CVE-2021-37361
+ RESERVED
+CVE-2021-37360
+ RESERVED
+CVE-2021-37359
+ RESERVED
+CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...)
+ NOT-FOR-US: SEACMS
+CVE-2021-37357
+ RESERVED
+CVE-2021-37356
+ RESERVED
+CVE-2021-37355
+ RESERVED
+CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...)
+ NOT-FOR-US: Xerox
+CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37342
+ RESERVED
+CVE-2021-37341
+ RESERVED
+CVE-2021-37340
+ RESERVED
+CVE-2021-37339
+ RESERVED
+CVE-2021-37338
+ RESERVED
+CVE-2021-37337
+ RESERVED
+CVE-2021-37336
+ RESERVED
+CVE-2021-37335
+ RESERVED
+CVE-2021-37334 (Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vu ...)
+ NOT-FOR-US: Umbraco Forms
+CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...)
+ NOT-FOR-US: Laravel Booking System Booking Core
+CVE-2021-37332
+ RESERVED
+CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...)
+ NOT-FOR-US: Laravel Booking System Booking Core
+CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...)
+ NOT-FOR-US: Laravel Booking System Booking Core
+CVE-2021-37329
+ RESERVED
+CVE-2021-37328
+ RESERVED
+CVE-2021-37327
+ RESERVED
+CVE-2021-37326 (NetSarang Xshell 7 before Build 0077 includes unintended code strings ...)
+ NOT-FOR-US: NetSarang Xshell
+CVE-2021-37325
+ RESERVED
+CVE-2021-37324
+ RESERVED
+CVE-2021-37323
+ RESERVED
+CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...)
+ - binutils 2.27.51.20161102-1 (unimportant)
+ NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188
+ NOTE: binutils not covered by security support
+CVE-2021-37321
+ RESERVED
+CVE-2021-37320
+ RESERVED
+CVE-2021-37319
+ RESERVED
+CVE-2021-37318
+ RESERVED
+CVE-2021-37317
+ RESERVED
+CVE-2021-37316
+ RESERVED
+CVE-2021-37315
+ RESERVED
+CVE-2021-37314
+ RESERVED
+CVE-2021-37313
+ RESERVED
+CVE-2021-37312
+ RESERVED
+CVE-2021-37311
+ RESERVED
+CVE-2021-37310
+ RESERVED
+CVE-2021-37309
+ RESERVED
+CVE-2021-37308
+ RESERVED
+CVE-2021-37307
+ RESERVED
+CVE-2021-37306
+ RESERVED
+CVE-2021-37305
+ RESERVED
+CVE-2021-37304
+ RESERVED
+CVE-2021-37303
+ RESERVED
+CVE-2021-37302
+ RESERVED
+CVE-2021-37301
+ RESERVED
+CVE-2021-37300
+ RESERVED
+CVE-2021-37299
+ RESERVED
+CVE-2021-37298 (Laravel v5.1 was discovered to contain a deserialization vulnerability ...)
+ - php-laravel-framework <undetermined>
+ NOTE: https://github.com/Stakcery/happywd/issues/1
+ TODO: check, unclear status of report to upstream
+CVE-2021-37297
+ RESERVED
+CVE-2021-37296
+ RESERVED
+CVE-2021-37295
+ RESERVED
+CVE-2021-37294
+ RESERVED
+CVE-2021-37293
+ RESERVED
+CVE-2021-37292
+ RESERVED
+CVE-2021-37291
+ RESERVED
+CVE-2021-37290
+ RESERVED
+CVE-2021-37289
+ RESERVED
+CVE-2021-37288
+ RESERVED
+CVE-2021-37287
+ RESERVED
+CVE-2021-37286
+ RESERVED
+CVE-2021-37285
+ RESERVED
+CVE-2021-37284
+ RESERVED
+CVE-2021-37283
+ RESERVED
+CVE-2021-37282
+ RESERVED
+CVE-2021-37281
+ RESERVED
+CVE-2021-37280
+ RESERVED
+CVE-2021-37279
+ RESERVED
+CVE-2021-37278
+ RESERVED
+CVE-2021-37277
+ RESERVED
+CVE-2021-37276
+ RESERVED
+CVE-2021-37275
+ RESERVED
+CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...)
+ NOT-FOR-US: Kingdee KIS Professional Edition
+CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...)
+ NOT-FOR-US: Tianyi Gateway
+CVE-2021-37272
+ RESERVED
+CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...)
+ NOT-FOR-US: UEditor
+CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...)
+ NOT-FOR-US: CMS Enterprise Website Construction System
+CVE-2021-37269
+ RESERVED
+CVE-2021-37268
+ RESERVED
+CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all versions of Kin ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-37266
+ RESERVED
+CVE-2021-37265
+ RESERVED
+CVE-2021-37264
+ RESERVED
+CVE-2021-37263
+ RESERVED
+CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...)
+ NOT-FOR-US: JFinal_cms
+CVE-2021-37261
+ RESERVED
+CVE-2021-37260
+ RESERVED
+CVE-2021-37259
+ RESERVED
+CVE-2021-37258
+ RESERVED
+CVE-2021-37257
+ RESERVED
+CVE-2021-37256
+ RESERVED
+CVE-2021-37255
+ RESERVED
+CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...)
+ NOT-FOR-US: M-Files
+CVE-2021-37253 (** DISPUTED ** M-Files Web before 20.10.9524.1 allows a denial of serv ...)
+ NOT-FOR-US: M-Files Web
+CVE-2021-37252
+ RESERVED
+CVE-2021-37251
+ RESERVED
+CVE-2021-37250
+ RESERVED
+CVE-2021-37249
+ RESERVED
+CVE-2021-37248
+ RESERVED
+CVE-2021-37247
+ RESERVED
+CVE-2021-37246
+ RESERVED
+CVE-2021-37245
+ RESERVED
+CVE-2021-37244
+ RESERVED
+CVE-2021-37243
+ RESERVED
+CVE-2021-37242
+ RESERVED
+CVE-2021-37241
+ RESERVED
+CVE-2021-37240
+ RESERVED
+CVE-2021-37239
+ RESERVED
+CVE-2021-37238
+ RESERVED
+CVE-2021-37237
+ RESERVED
+CVE-2021-37236
+ RESERVED
+CVE-2021-37235
+ RESERVED
+CVE-2021-37234
+ RESERVED
+CVE-2021-37233
+ RESERVED
+CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...)
+ - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366)
+ [bullseye] - atomicparsley <no-dsa> (Minor issue)
+ [buster] - atomicparsley <no-dsa> (Minor issue)
+ [stretch] - atomicparsley <no-dsa> (Minor issue)
+ - gtkpod <unfixed> (bug #993376)
+ [bullseye] - gtkpod <ignored> (Minor issue)
+ [buster] - gtkpod <ignored> (Minor issue)
+ [stretch] - gtkpod <ignored> (Minor issue)
+ NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1
+ NOTE: https://github.com/wez/atomicparsley/issues/32
+CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...)
+ - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372)
+ [bullseye] - atomicparsley <no-dsa> (Minor issue)
+ [buster] - atomicparsley <no-dsa> (Minor issue)
+ [stretch] - atomicparsley <no-dsa> (Minor issue)
+ - gtkpod <unfixed> (bug #993375)
+ [bullseye] - gtkpod <ignored> (Minor issue)
+ [buster] - gtkpod <ignored> (Minor issue)
+ [stretch] - gtkpod <ignored> (Minor issue)
+ NOTE: https://github.com/wez/atomicparsley/issues/30
+ NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335
+CVE-2021-37230
+ RESERVED
+CVE-2021-37229
+ RESERVED
+CVE-2021-37228
+ RESERVED
+CVE-2021-37227
+ RESERVED
+CVE-2021-37226
+ RESERVED
+CVE-2021-37225
+ RESERVED
+CVE-2021-37224
+ RESERVED
+CVE-2021-37223 (Nagios Enterprises NagiosXI &lt;= 5.8.4 contains a Server-Side Request ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...)
+ NOT-FOR-US: RCDCAP
+CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer Relation ...)
+ NOT-FOR-US: Sourcecodester Customer Relationship Management System
+CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...)
+ - mupdf 1.17.0+ds1-2 (bug #991402)
+ [buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - mupdf <not-affected> (Vulnerable code not present)
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791
+ NOTE: On Stretch, an earlier version of the code exits early instead of crashing.
+CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...)
+ - consul <unfixed>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
+CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...)
+ - nomad <unfixed>
+ [bullseye] - nomad <no-dsa> (Minor issue)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
+ NOTE: https://github.com/hashicorp/nomad/pull/11089 (main)
+ NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4)
+ NOTE: https://github.com/hashicorp/nomad/commit/61a922afcf12784281757402c8e0b61686ff855d (release-1.0.11)
+CVE-2021-37217
+ RESERVED
+CVE-2021-3659 [NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c]
+ RESERVED
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8
+CVE-2021-3658
+ RESERVED
+ - bluez 5.61-1 (bug #991596)
+ [bullseye] - bluez <no-dsa> (Minor issue)
+ [buster] - bluez <no-dsa> (Minor issue)
+ [stretch] - bluez <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07 (5.51)
+ NOTE: Fixed by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
+CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...)
+ NOT-FOR-US: QSAN Storage Manager
+CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37210
+ RESERVED
+CVE-2021-37209
+ RESERVED
+CVE-2021-37208
+ RESERVED
+CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...)
+ NOT-FOR-US: Digi TransPort Gateway devices
+CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ NOT-FOR-US: Digi TransPort devices
+CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ NOT-FOR-US: Digi TransPort devices
+CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions &lt ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37182
+ RESERVED
+CVE-2021-37181 (A vulnerability has been identified in Cerberus DMS V4.0 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37177 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37176 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37175 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37174 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37173 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37171
+ RESERVED
+CVE-2021-37170
+ RESERVED
+CVE-2021-37169
+ RESERVED
+CVE-2021-37168
+ RESERVED
+CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control Panel in ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37166 (A buffer overflow issue leading to denial of service was discovered in ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control Panel in ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel conta ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37158 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...)
+ NOT-FOR-US: OpenGamePanel
+CVE-2021-37157 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...)
+ NOT-FOR-US: OpenGamePanel
+CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...)
+ - redmine <not-affected> (Only affected 4.2.0 and 4.2.1 upstream)
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b
+CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...)
+ - wolfssl 5.0.0-1 (bug #991443)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
+ NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
+CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...)
+ NOT-FOR-US: ForgeRock Access Management (AM)
+CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...)
+ NOT-FOR-US: ForgeRock Access Management (AM)
+CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...)
+ NOT-FOR-US: CyberArk Identity
+CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...)
+ - isync 1.4.4-1
+ [bullseye] - isync 1.3.0-2.2+deb11u1
+ [buster] - isync <no-dsa> (Minor issue)
+ [stretch] - isync <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1
+CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
+CVE-2021-37150
+ RESERVED
+CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
+ - trafficserver 9.1.1+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8458/
+ NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master)
+CVE-2021-37148 (Improper input validation vulnerability in header parsing of Apache Tr ...)
+ - trafficserver 9.1.1+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8457/
+ NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master)
+ NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x)
+CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apache Tr ...)
+ - trafficserver 9.1.1+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master)
+ NOTE: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/pull/8460
+CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
+ [experimental] - ros-ros-comm 1.15.13+ds1-1
+ - ros-ros-comm 1.15.13+ds1-2
+ [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1
+ [buster] - ros-ros-comm <no-dsa> (Minor issue)
+ [stretch] - ros-ros-comm <no-dsa> (Minor issue)
+ NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
+ NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
+ NOTE: https://github.com/ros/ros_comm/pull/2185
+ NOTE: https://github.com/ros/ros_comm/commit/41a956c092b2f15405945f40f43dea09516df202 (1.15.12)
+ NOTE: https://github.com/ros/ros_comm/pull/2186
+ NOTE: https://github.com/ros/ros_comm/commit/71ff62670d15eeec39efd16c3ec4d19b6db8380a (1.14.12)
+CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in a ...)
+ NOT-FOR-US: Poly (formerly Polycom)
+CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...)
+ NOT-FOR-US: CSZ CMS
+CVE-2021-37143
+ RESERVED
+CVE-2021-37142
+ RESERVED
+CVE-2021-37141
+ RESERVED
+CVE-2021-37140
+ RESERVED
+CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
+ RESERVED
+ {DSA-4978-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
+CVE-2021-37139
+ RESERVED
+CVE-2021-37138
+ RESERVED
+CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...)
+ - netty <unfixed>
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
+ NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final)
+CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...)
+ - netty <unfixed>
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
+ NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final)
+CVE-2021-37135
+ RESERVED
+CVE-2021-37134 (Location-related APIs exists a Race Condition vulnerability.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37133 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and Access Contro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful exploitat ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...)
+ NOT-FOR-US: Hero-CT060
+CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37119 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional Conditi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37112 (Hisuite module has a External Control of System or Configuration Setti ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful explo ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37108
+ RESERVED
+CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...)
+ NOT-FOR-US: FusionCompute (Huawei)
+CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...)
+ NOT-FOR-US: FusionCompute (Huawei)
+CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37103
+ RESERVED
+CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors vulnerability .Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37097 (There is a Code Injection vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37095 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37094 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37093 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37092 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37091 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37090 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37089 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37088 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37087 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37086 (There is a Improper Preservation of Permissions vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37085 (There is a Encoding timing vulnerability in Huawei Smartphone.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37084 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37083 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37082 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37081 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37080 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37079 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37078 (There is a Uncaught Exception vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37077 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37076 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37075 (There is a Credentials Management Errors vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37074 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37073 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37072 (There is a Incorrect Calculation of Buffer Size vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37071 (There is a Business Logic Errors vulnerability in Huawei Smartphone.Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37070 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37069 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37068 (There is a Resource Management Errors vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37067 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37066 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37065 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37064 (There is a Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37063 (There is a Cryptographic Issues vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37062 (There is a Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37061 (There is a Uncontrolled Resource Consumption vulnerability in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37060 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37059 (There is a Weaknesses Introduced During Design ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-37058 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37057 (There is a Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37056 (There is an Improper permission control vulnerability in Huawei Smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37055 (There is a Logic bypass vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37054 (There is an Identity spoofing and authentication bypass vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37053 (There is a Service logic vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37052 (There is an Exception log vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37051 (There is an Out-of-bounds read vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37050 (There is a Missing sensitive data encryption vulnerability in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37049 (There is a Heap-based buffer overflow vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37048 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37047 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37046 (There is a Memory leak vulnerability with the codec detection module i ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37045 (There is an UAF vulnerability in Huawei Smartphone.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37044 (There is a Permission control vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37043 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37042 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37041 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37040 (There is a Parameter injection vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37039 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37038 (There is an Improper access control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37037 (There is an Invalid address access vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1, ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37035 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37034 (There is an Unstandardized field names in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37033 (There is an Injection attack vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37032 (There is a Bypass vulnerability in Huawei Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37031 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37030 (There is an Improper permission vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37027
+ RESERVED
+CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37024 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37021 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37020 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37017 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37014 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37011 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37008 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37007 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37006 (There is a Improper Preservation of Permissions vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37005 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37004 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37003 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37000
+ RESERVED
+CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36997 (There is a Low memory error in Huawei Smartphone due to the unlimited ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36996 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36995 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36994 (There is a issue that trustlist strings being repeatedly inserted into ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36993 (There is a Memory leaks vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36992 (There is a Public key verification vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36991 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36990 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36989 (There is a Kernel crash vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36988 (There is a Parameter verification issue in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36987 (There is a issue that nodes in the linked list being freed for multipl ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36986 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36985 (There is a Code injection vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36984
+ RESERVED
+CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...)
+ NOT-FOR-US: ReplaySorcery
+CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
+ NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
+CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...)
+ NOT-FOR-US: SerNet verinice
+CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-3
+ [buster] - linux 4.19.208-1
+CVE-2021-3654 [novnc allows open redirection]
+ RESERVED
+ - nova 2:23.0.2-3 (bug #991441)
+ [bullseye] - nova <no-dsa> (Minor issue)
+ [buster] - nova <no-dsa> (Minor issue)
+ [stretch] - nova <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/nova/+bug/1927677
+ NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1
+CVE-2021-26263
+ RESERVED
+CVE-2021-23203
+ RESERVED
+CVE-2021-23184
+ RESERVED
+CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...)
+ - openvswitch 2.15.0+ds1-10 (bug #991308)
+ [bullseye] - openvswitch <no-dsa> (Minor issue)
+ [buster] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11)
+ [stretch] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
+ NOTE: https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
+ NOTE: https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
+ NOTE: https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
+ NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
+ NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
+ NOTE: https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
+ NOTE: Introduced in: https://github.com/openvswitch/ovs/commit/418a7a84245f5fbe589dd1267463fc9ba27a1dd6
+CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...)
+ NOT-FOR-US: Unicorn Engine
+CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...)
+ - qpdf 10.1.0-1
+ [buster] - qpdf <no-dsa> (Minor issue)
+ [stretch] - qpdf <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml
+ NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0)
+CVE-2021-36977 (matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based bu ...)
+ - libmatio <not-affected> (Vulnerable code not yet present)
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml
+CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (ca ...)
+ - libarchive <unfixed> (bug #991442)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ [stretch] - libarchive <not-affected> (Vulnerable code introduced by 47bb818 in version 3.4.1)
+ NOTE: https://github.com/libarchive/libarchive/issues/1554
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
+CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36971
+ RESERVED
+CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36967 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36961 (Windows Installer Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36957 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36956 (Azure Sphere Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36951
+ RESERVED
+CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36944
+ RESERVED
+CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36942 (Windows LSA Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36939
+ RESERVED
+CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36935
+ RESERVED
+CVE-2021-36934 (Windows Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36925 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36924 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36923 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
+ NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
+CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36918
+ RESERVED
+CVE-2021-36917 (WordPress Hide My WP plugin (versions &lt;= 6.2.3) can be deactivated ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36915
+ RESERVED
+CVE-2021-36914
+ RESERVED
+CVE-2021-36913
+ RESERVED
+CVE-2021-36912
+ RESERVED
+CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36910
+ RESERVED
+CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36908 (Cross-Site Request Forgery (CSRF) vulnerability leading to Database Re ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36907
+ RESERVED
+CVE-2021-36906
+ RESERVED
+CVE-2021-36905
+ RESERVED
+CVE-2021-36904
+ RESERVED
+CVE-2021-36903
+ RESERVED
+CVE-2021-36902
+ RESERVED
+CVE-2021-36901
+ RESERVED
+CVE-2021-36900
+ RESERVED
+CVE-2021-36899
+ RESERVED
+CVE-2021-36898
+ RESERVED
+CVE-2021-36897
+ RESERVED
+CVE-2021-36896
+ RESERVED
+CVE-2021-36895
+ RESERVED
+CVE-2021-36894
+ RESERVED
+CVE-2021-36893
+ RESERVED
+CVE-2021-36892
+ RESERVED
+CVE-2021-36891
+ RESERVED
+CVE-2021-36890
+ RESERVED
+CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36883
+ RESERVED
+CVE-2021-36882
+ RESERVED
+CVE-2021-36881
+ RESERVED
+CVE-2021-36880 (Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36879 (Unauthenticated Privilege Escalation vulnerability in WordPress uListi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36878 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36868
+ RESERVED
+CVE-2021-36867
+ RESERVED
+CVE-2021-36866
+ RESERVED
+CVE-2021-36865
+ RESERVED
+CVE-2021-36864
+ RESERVED
+CVE-2021-36863
+ RESERVED
+CVE-2021-36862
+ RESERVED
+CVE-2021-36861
+ RESERVED
+CVE-2021-36860
+ RESERVED
+CVE-2021-36859
+ RESERVED
+CVE-2021-36858
+ RESERVED
+CVE-2021-36857
+ RESERVED
+CVE-2021-36856
+ RESERVED
+CVE-2021-36855
+ RESERVED
+CVE-2021-36854
+ RESERVED
+CVE-2021-36853
+ RESERVED
+CVE-2021-36852
+ RESERVED
+CVE-2021-36851
+ RESERVED
+CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36849
+ RESERVED
+CVE-2021-36848
+ RESERVED
+CVE-2021-36847
+ RESERVED
+CVE-2021-36846
+ RESERVED
+CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36844
+ RESERVED
+CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36842
+ RESERVED
+CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36840
+ RESERVED
+CVE-2021-36839
+ RESERVED
+CVE-2021-36838
+ RESERVED
+CVE-2021-36837
+ RESERVED
+CVE-2021-36836
+ RESERVED
+CVE-2021-36835
+ RESERVED
+CVE-2021-36834
+ RESERVED
+CVE-2021-36833
+ RESERVED
+CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin &#821 ...)
+ NOT-FOR-US: Wordpress plugins
+CVE-2021-36831
+ RESERVED
+CVE-2021-36830
+ RESERVED
+CVE-2021-36829
+ RESERVED
+CVE-2021-36828
+ RESERVED
+CVE-2021-36827
+ RESERVED
+CVE-2021-36826
+ RESERVED
+CVE-2021-36825
+ RESERVED
+CVE-2021-36824
+ RESERVED
+CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36822
+ RESERVED
+CVE-2021-36821
+ RESERVED
+CVE-2021-36820
+ RESERVED
+CVE-2021-36819
+ RESERVED
+CVE-2021-36818
+ RESERVED
+CVE-2021-36817
+ RESERVED
+CVE-2021-36816
+ RESERVED
+CVE-2021-36815
+ RESERVED
+CVE-2021-36814
+ RESERVED
+CVE-2021-36813
+ RESERVED
+CVE-2021-36812
+ RESERVED
+CVE-2021-36811
+ RESERVED
+CVE-2021-36810
+ RESERVED
+CVE-2021-36809
+ RESERVED
+CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...)
+ NOT-FOR-US: Sophos
+CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...)
+ NOT-FOR-US: Sophos
+CVE-2021-36806
+ RESERVED
+CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36799 (** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-c ...)
+ NOT-FOR-US: KNX ETS5
+CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...)
+ NOT-FOR-US: HelpSystems Cobalt Strike
+CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...)
+ NOT-FOR-US: Victron Energy Venus OS
+CVE-2021-36796
+ RESERVED
+CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...)
+ NOT-FOR-US: Cohesity
+CVE-2021-36794 (In Siren Investigate before 11.1.4, when enabling the cluster feature ...)
+ NOT-FOR-US: Siren Investigate
+CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...)
+ NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3
+CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36791 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36790 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36789 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36788 (The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows ...)
+ NOT-FOR-US: yoast_seo (aka Yoast SEO) extension for TYPO3
+CVE-2021-36787 (The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 al ...)
+ NOT-FOR-US: femanager extension for TYPO3
+CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...)
+ NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
+CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...)
+ NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
+CVE-2021-36784
+ RESERVED
+CVE-2021-36783
+ RESERVED
+CVE-2021-36782
+ RESERVED
+CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...)
+ NOT-FOR-US: Parsec
+CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
+ NOT-FOR-US: Longhorn
+CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
+ NOT-FOR-US: Longhorn
+CVE-2021-36778
+ RESERVED
+CVE-2021-36777
+ RESERVED
+CVE-2021-36776
+ RESERVED
+CVE-2021-36775
+ RESERVED
+CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
+CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
+ - ublock-origin 1.37.0+dfsg-1 (bug #991386)
+ [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1
+ [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1
+ [stretch] - ublock-origin <no-dsa> (Minor issue)
+ - umatrix <unfixed> (bug #991344)
+ [buster] - umatrix <no-dsa> (Minor issue)
+ NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc
+CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...)
+ NOT-FOR-US: Zoho
+CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...)
+ NOT-FOR-US: Zoho
+CVE-2021-36770 (Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...)
+ - libencode-perl 3.08-2
+ [bullseye] - libencode-perl 3.08-1+deb11u1
+ [buster] - libencode-perl <not-affected> (Vulnerable code introduced later)
+ [stretch] - libencode-perl <not-affected> (Vulnerable code introduced later)
+ - perl 5.32.1-5
+ [bullseye] - perl 5.32.1-4+deb11u1
+ [buster] - perl <not-affected> (Vulnerable code introduced later)
+ [stretch] - perl <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/dankogai/p5-encode/commit/9c5f5a307863b66da3701f6c7d13139aa20179b8 (3.05)
+ NOTE: Fixed by: https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 (3.12)
+ NOTE: Introduced by: https://github.com/Perl/perl5/commit/8ced1423dbb2a874f2d95e9c5c4c46960c2bf318 (v5.32.0-RC0)
+ NOTE: Fixed by: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9
+CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
+ [experimental] - telegram-desktop 2.9.0+ds-1
+ - telegram-desktop 2.9.2+ds-1 (bug #991493)
+ [bullseye] - telegram-desktop <no-dsa> (Minor issue)
+ [buster] - telegram-desktop <no-dsa> (Minor issue)
+ NOTE: https://mtpsym.github.io/
+CVE-2021-36768
+ RESERVED
+CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed]
+ RESERVED
+ - 389-ds-base 1.4.4.17-1 (bug #991405)
+ [bullseye] - 389-ds-base <no-dsa> (Minor issue)
+ [buster] - 389-ds-base <no-dsa> (Minor issue)
+ [stretch] - 389-ds-base <no-dsa> (Minor issue)
+ NOTE: https://github.com/389ds/389-ds-base/issues/4817
+ NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
+ NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x)
+CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...)
+ NOT-FOR-US: Digi RealPort
+CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
+ NOT-FOR-US: Concrete5
+CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...)
+ NOT-FOR-US: CODESYS EtherNetIP
+CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...)
+ NOT-FOR-US: CODESYS Gateway
+CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...)
+ NOT-FOR-US: CODESYS V3 web server
+CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...)
+ NOT-FOR-US: HCC Embedded InterNiche NicheStack
+CVE-2021-36761
+ RESERVED
+CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...)
+ NOT-FOR-US: WSO2
+CVE-2021-36759
+ RESERVED
+CVE-2021-3651
+ RESERVED
+CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...)
+ NOT-FOR-US: 1Password
+CVE-2021-36757
+ RESERVED
+CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ...)
+ NOT-FOR-US: CFEngine Enterprise
+CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...)
+ NOT-FOR-US: Nightscout Web Monitor
+CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...)
+ - pdns <not-affected> (Vulnerable code introduced in 4.5.0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/26/2
+CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...)
+ NOT-FOR-US: sharkdp BAT
+CVE-2021-36752
+ RESERVED
+CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such ...)
+ NOT-FOR-US: ENC DataVault
+CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...)
+ NOT-FOR-US: ENC
+CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
+ - druid <itp> (bug #825797)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
+CVE-2021-3650
+ RESERVED
+CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: chatwoot
+CVE-2021-36748 (A SQL Injection issue in the list controller of the Prestahome Blog (a ...)
+ NOT-FOR-US: Prestahome Blog
+CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...)
+ NOT-FOR-US: Blackboard Learn
+CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...)
+ NOT-FOR-US: Blackboard Learn
+CVE-2021-36745 (A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerPr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-36744 (Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a dire ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-36743
+ RESERVED
+CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex One, Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3648
+ REJECTED
+CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: URI.js
+CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: btcpayserver
+CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...)
+ NOT-FOR-US: Node viking04/merge
+CVE-2021-3644
+ RESERVED
+ - wildfly <itp> (bug #752018)
+CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...)
+ NOT-FOR-US: Apache Pluto MVCBean JSP portlet
+CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...)
+ NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet
+CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...)
+ NOT-FOR-US: Apache Pluto UrlTestPortlet
+CVE-2021-36736
+ REJECTED
+CVE-2021-36735
+ REJECTED
+CVE-2021-36734
+ REJECTED
+CVE-2021-36733
+ RESERVED
+CVE-2021-36732
+ RESERVED
+CVE-2021-36731
+ RESERVED
+CVE-2021-36730
+ RESERVED
+CVE-2021-36729
+ RESERVED
+CVE-2021-36728
+ RESERVED
+CVE-2021-36727
+ RESERVED
+CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...)
+ - varnish 6.5.2-1 (bug #991040)
+ [stretch] - varnish <ignored> (HTTP/2 support is marked experimental in 5.0 and enabling is not recommended, code is quite different)
+ NOTE: https://varnish-cache.org/security/VSV00007.html
+ NOTE: https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0.8)
+ NOTE: https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5.2)
+CVE-2021-36726
+ RESERVED
+CVE-2021-36725
+ RESERVED
+CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...)
+ NOT-FOR-US: ForeScout - SecureConnector
+CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...)
+ NOT-FOR-US: Emuse - eServices / eNvoice
+CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...)
+ NOT-FOR-US: Emuse - eServices / eNvoice
+CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...)
+ NOT-FOR-US: Sysaid API
+CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...)
+ NOT-FOR-US: PineApp - Mail Secure
+CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...)
+ NOT-FOR-US: PineApp - Mail Secure
+CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...)
+ NOT-FOR-US: SYNEL - eharmonynew / Synel Reports
+CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...)
+ NOT-FOR-US: Synerion TimeNet
+CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
+ NOT-FOR-US: Node is-email
+CVE-2021-3643
+ RESERVED
+CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...)
+ - rust-ammonia 3.1.2-1 (bug #991497)
+ NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0074.html
+CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon ...)
+ - rust-tokio <not-affected> (Introduced in 0.3.0)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0072.html
+ NOTE: https://github.com/tokio-rs/tokio/issues/3929
+ NOTE: https://github.com/tokio-rs/tokio/pull/3934
+ NOTE: https://github.com/tokio-rs/tokio/pull/3934/commits/84394949228d11d1f68925e26f36c435946b9d11
+CVE-2021-36715
+ RESERVED
+CVE-2021-36714
+ RESERVED
+CVE-2021-36713
+ RESERVED
+CVE-2021-36712
+ RESERVED
+CVE-2021-36711
+ RESERVED
+CVE-2021-36710
+ RESERVED
+CVE-2021-36709
+ RESERVED
+CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in th ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the a ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36704
+ RESERVED
+CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...)
+ NOT-FOR-US: htmly
+CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...)
+ NOT-FOR-US: htmly
+CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...)
+ NOT-FOR-US: htmly
+CVE-2021-36700
+ RESERVED
+CVE-2021-36699
+ RESERVED
+CVE-2021-36698 (Pandora FMS through 755 allows XSS via a new Event Filter with a craft ...)
+ NOT-FOR-US: Pandora FMS
+CVE-2021-36697 (With an admin account, the .htaccess file in Artica Pandora FMS &lt;=7 ...)
+ NOT-FOR-US: Pandora FMS
+CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
+ NOT-FOR-US: Deskpro
+CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
+ NOT-FOR-US: Deskpro
+CVE-2021-36694
+ RESERVED
+CVE-2021-36693
+ RESERVED
+CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...)
+ - jpeg-xl <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/308
+ NOTE: https://github.com/libjxl/libjxl/pull/313
+ NOTE: https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b (v0.5)
+CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...)
+ - jpeg-xl <unfixed>
+ NOTE: https://github.com/libjxl/libjxl/issues/422
+ NOTE: Special case of https://github.com/libjxl/libjxl/issues/762
+CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...)
+ - sqlite3 3.36.0-2 (unimportant)
+ [stretch] - sqlite3 <not-affected> (vulnerable code is not present)
+ NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17
+CVE-2021-36689
+ RESERVED
+CVE-2021-36688
+ RESERVED
+CVE-2021-36687
+ RESERVED
+CVE-2021-36686
+ RESERVED
+CVE-2021-36685
+ RESERVED
+CVE-2021-36684
+ RESERVED
+CVE-2021-36683
+ RESERVED
+CVE-2021-36682
+ RESERVED
+CVE-2021-36681
+ RESERVED
+CVE-2021-36680
+ RESERVED
+CVE-2021-36679
+ RESERVED
+CVE-2021-36678
+ RESERVED
+CVE-2021-36677
+ RESERVED
+CVE-2021-36676
+ RESERVED
+CVE-2021-36675
+ RESERVED
+CVE-2021-36674
+ RESERVED
+CVE-2021-36673
+ RESERVED
+CVE-2021-36672
+ RESERVED
+CVE-2021-36671
+ RESERVED
+CVE-2021-36670
+ RESERVED
+CVE-2021-36669
+ RESERVED
+CVE-2021-36668
+ RESERVED
+CVE-2021-36667
+ RESERVED
+CVE-2021-36666
+ RESERVED
+CVE-2021-36665
+ RESERVED
+CVE-2021-36664
+ RESERVED
+CVE-2021-36663
+ RESERVED
+CVE-2021-36662
+ RESERVED
+CVE-2021-36661
+ RESERVED
+CVE-2021-36660
+ RESERVED
+CVE-2021-36659
+ RESERVED
+CVE-2021-36658
+ RESERVED
+CVE-2021-36657
+ RESERVED
+CVE-2021-36656
+ RESERVED
+CVE-2021-36655
+ RESERVED
+CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site scripti ...)
+ NOT-FOR-US: CMSuno
+CVE-2021-36653
+ RESERVED
+CVE-2021-36652
+ RESERVED
+CVE-2021-36651
+ RESERVED
+CVE-2021-36650
+ RESERVED
+CVE-2021-36649
+ RESERVED
+CVE-2021-36648
+ RESERVED
+CVE-2021-36647
+ RESERVED
+CVE-2021-36646
+ RESERVED
+CVE-2021-36645
+ RESERVED
+CVE-2021-36644
+ RESERVED
+CVE-2021-36643
+ RESERVED
+CVE-2021-36642
+ RESERVED
+CVE-2021-36641
+ RESERVED
+CVE-2021-36640
+ RESERVED
+CVE-2021-36639
+ RESERVED
+CVE-2021-36638
+ RESERVED
+CVE-2021-36637
+ RESERVED
+CVE-2021-36636
+ RESERVED
+CVE-2021-36635
+ RESERVED
+CVE-2021-36634
+ RESERVED
+CVE-2021-36633
+ RESERVED
+CVE-2021-36632
+ RESERVED
+CVE-2021-36631
+ RESERVED
+CVE-2021-36630
+ RESERVED
+CVE-2021-36629
+ RESERVED
+CVE-2021-36628
+ RESERVED
+CVE-2021-36627
+ RESERVED
+CVE-2021-36626
+ RESERVED
+CVE-2021-36625
+ RESERVED
+CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affect ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36620
+ RESERVED
+CVE-2021-36619
+ RESERVED
+CVE-2021-36618
+ RESERVED
+CVE-2021-36617
+ RESERVED
+CVE-2021-36616
+ RESERVED
+CVE-2021-36615
+ RESERVED
+CVE-2021-36614
+ RESERVED
+CVE-2021-36613
+ RESERVED
+CVE-2021-36612
+ RESERVED
+CVE-2021-36611
+ RESERVED
+CVE-2021-36610
+ RESERVED
+CVE-2021-36609
+ RESERVED
+CVE-2021-36608
+ RESERVED
+CVE-2021-36607
+ RESERVED
+CVE-2021-36606
+ RESERVED
+CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is ...)
+ NOT-FOR-US: engineercms
+CVE-2021-36604
+ RESERVED
+CVE-2021-36603
+ RESERVED
+CVE-2021-36602
+ RESERVED
+CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2021-36600
+ RESERVED
+CVE-2021-36599
+ RESERVED
+CVE-2021-36598
+ RESERVED
+CVE-2021-36597
+ RESERVED
+CVE-2021-36596
+ RESERVED
+CVE-2021-36595
+ RESERVED
+CVE-2021-36594
+ RESERVED
+CVE-2021-36593
+ RESERVED
+CVE-2021-36592
+ RESERVED
+CVE-2021-36591
+ RESERVED
+CVE-2021-36590
+ RESERVED
+CVE-2021-36589
+ RESERVED
+CVE-2021-36588
+ RESERVED
+CVE-2021-36587
+ RESERVED
+CVE-2021-36586
+ RESERVED
+CVE-2021-36585
+ RESERVED
+CVE-2021-36584 (An issue was discovered in GPAC 1.0.1. There is a heap-based buffer ov ...)
+ - gpac <unfixed> (bug #991965)
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1842
+ NOTE: https://github.com/gpac/gpac/commit/13442ec1c401a4181ba6d7f79c27df6054c817c7
+CVE-2021-36583
+ RESERVED
+CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., ...)
+ NOT-FOR-US: Kooboo CMS
+CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...)
+ NOT-FOR-US: Kooboo CMS
+CVE-2021-36580
+ RESERVED
+CVE-2021-36579
+ RESERVED
+CVE-2021-36578
+ RESERVED
+CVE-2021-36577
+ RESERVED
+CVE-2021-36576
+ RESERVED
+CVE-2021-36575
+ RESERVED
+CVE-2021-36574
+ RESERVED
+CVE-2021-36573
+ RESERVED
+CVE-2021-36572
+ RESERVED
+CVE-2021-36571
+ RESERVED
+CVE-2021-36570
+ RESERVED
+CVE-2021-36569
+ RESERVED
+CVE-2021-36568
+ RESERVED
+CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2021-36566
+ RESERVED
+CVE-2021-36565
+ RESERVED
+CVE-2021-36564 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) does not ...)
+ - check-mk <removed>
+CVE-2021-36562
+ RESERVED
+CVE-2021-36561
+ RESERVED
+CVE-2021-36560 (Phone Shop Sales Managements System using PHP with Source Code 1.0 is ...)
+ NOT-FOR-US: Phone Shop Sales Managements System
+CVE-2021-36559
+ RESERVED
+CVE-2021-36558
+ RESERVED
+CVE-2021-36557
+ RESERVED
+CVE-2021-36556
+ RESERVED
+CVE-2021-36555
+ RESERVED
+CVE-2021-36554
+ RESERVED
+CVE-2021-36553
+ RESERVED
+CVE-2021-36552
+ RESERVED
+CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...)
+ - tikiwiki <removed>
+CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...)
+ - tikiwiki <removed>
+CVE-2021-36549
+ RESERVED
+CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...)
+ NOT-FOR-US: Mara CMS
+CVE-2021-36546
+ RESERVED
+CVE-2021-36545
+ RESERVED
+CVE-2021-36544
+ RESERVED
+CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-36541
+ RESERVED
+CVE-2021-36540
+ RESERVED
+CVE-2021-36539
+ RESERVED
+CVE-2021-36538
+ RESERVED
+CVE-2021-36537
+ RESERVED
+CVE-2021-36536
+ RESERVED
+CVE-2021-36535
+ RESERVED
+CVE-2021-36534
+ RESERVED
+CVE-2021-36533
+ RESERVED
+CVE-2021-36532
+ RESERVED
+CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...)
+ NOT-FOR-US: ngiflib
+CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...)
+ NOT-FOR-US: ngiflib
+CVE-2021-36529
+ RESERVED
+CVE-2021-36528
+ RESERVED
+CVE-2021-36527
+ RESERVED
+CVE-2021-36526
+ RESERVED
+CVE-2021-36525
+ RESERVED
+CVE-2021-36524
+ RESERVED
+CVE-2021-36523
+ RESERVED
+CVE-2021-36522
+ RESERVED
+CVE-2021-36521
+ RESERVED
+CVE-2021-36520
+ RESERVED
+CVE-2021-36519
+ RESERVED
+CVE-2021-36518
+ RESERVED
+CVE-2021-36517
+ RESERVED
+CVE-2021-36516
+ RESERVED
+CVE-2021-36515
+ RESERVED
+CVE-2021-36514
+ RESERVED
+CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify in sofia ...)
+ - freeswitch <itp> (bug #389591)
+CVE-2021-36512 (An issue was discovered in function scanallsubs in src/sbbs3/scansubs. ...)
+ NOT-FOR-US: Synchronet BBS
+CVE-2021-36511
+ RESERVED
+CVE-2021-36510
+ RESERVED
+CVE-2021-36509
+ RESERVED
+CVE-2021-36508
+ RESERVED
+CVE-2021-36507
+ RESERVED
+CVE-2021-36506
+ RESERVED
+CVE-2021-36505
+ RESERVED
+CVE-2021-36504
+ RESERVED
+CVE-2021-36503
+ RESERVED
+CVE-2021-36502
+ RESERVED
+CVE-2021-36501
+ RESERVED
+CVE-2021-36500
+ RESERVED
+CVE-2021-36499
+ RESERVED
+CVE-2021-36498
+ RESERVED
+CVE-2021-36497
+ RESERVED
+CVE-2021-36496
+ RESERVED
+CVE-2021-36495
+ RESERVED
+CVE-2021-36494
+ RESERVED
+CVE-2021-36493
+ RESERVED
+CVE-2021-36492
+ RESERVED
+CVE-2021-36491
+ RESERVED
+CVE-2021-36490
+ RESERVED
+CVE-2021-36489
+ RESERVED
+CVE-2021-36488
+ RESERVED
+CVE-2021-36487
+ RESERVED
+CVE-2021-36486
+ RESERVED
+CVE-2021-36485
+ RESERVED
+CVE-2021-36484
+ RESERVED
+CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...)
+ NOT-FOR-US: DevExpress.XtraReports.UI
+CVE-2021-36482
+ RESERVED
+CVE-2021-36481
+ RESERVED
+CVE-2021-36480
+ RESERVED
+CVE-2021-36479
+ RESERVED
+CVE-2021-36478
+ RESERVED
+CVE-2021-36477
+ RESERVED
+CVE-2021-36476
+ RESERVED
+CVE-2021-36475
+ RESERVED
+CVE-2021-36474
+ RESERVED
+CVE-2021-36473
+ RESERVED
+CVE-2021-36472
+ RESERVED
+CVE-2021-36471
+ RESERVED
+CVE-2021-36470
+ RESERVED
+CVE-2021-36469
+ RESERVED
+CVE-2021-36468
+ RESERVED
+CVE-2021-36467
+ RESERVED
+CVE-2021-36466
+ RESERVED
+CVE-2021-36465
+ RESERVED
+CVE-2021-36464
+ RESERVED
+CVE-2021-36463
+ RESERVED
+CVE-2021-36462
+ RESERVED
+CVE-2021-36461
+ RESERVED
+CVE-2021-36460
+ RESERVED
+CVE-2021-36459
+ RESERVED
+CVE-2021-36458
+ RESERVED
+CVE-2021-36457
+ RESERVED
+CVE-2021-36456
+ RESERVED
+CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quick ...)
+ NOT-FOR-US: Naviwebs Navigate CMS
+CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 ...)
+ NOT-FOR-US: Naviwebs Navigate CMS
+CVE-2021-36453
+ RESERVED
+CVE-2021-36452
+ RESERVED
+CVE-2021-36451
+ RESERVED
+CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the co ...)
+ NOT-FOR-US: Verint
+CVE-2021-36449
+ RESERVED
+CVE-2021-36448
+ RESERVED
+CVE-2021-36447
+ RESERVED
+CVE-2021-36446
+ RESERVED
+CVE-2021-36445
+ RESERVED
+CVE-2021-36444
+ RESERVED
+CVE-2021-36443
+ RESERVED
+CVE-2021-36442
+ RESERVED
+CVE-2021-36441
+ RESERVED
+CVE-2021-36440 (Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-36439
+ RESERVED
+CVE-2021-36438
+ RESERVED
+CVE-2021-36437
+ RESERVED
+CVE-2021-36436
+ RESERVED
+CVE-2021-36435
+ RESERVED
+CVE-2021-36434
+ RESERVED
+CVE-2021-36433
+ RESERVED
+CVE-2021-36432
+ RESERVED
+CVE-2021-36431
+ RESERVED
+CVE-2021-36430
+ RESERVED
+CVE-2021-36429
+ RESERVED
+CVE-2021-36428
+ RESERVED
+CVE-2021-36427
+ RESERVED
+CVE-2021-36426
+ RESERVED
+CVE-2021-36425
+ RESERVED
+CVE-2021-36424
+ RESERVED
+CVE-2021-36423
+ RESERVED
+CVE-2021-36422
+ RESERVED
+CVE-2021-36421
+ RESERVED
+CVE-2021-36420
+ RESERVED
+CVE-2021-3642 (A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final ...)
+ NOT-FOR-US: WildFly Elytron
+CVE-2021-36419
+ RESERVED
+CVE-2021-36418
+ RESERVED
+CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1846
+ NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30
+CVE-2021-36416
+ RESERVED
+CVE-2021-36415
+ RESERVED
+CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1840
+ NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21
+CVE-2021-36413
+ RESERVED
+CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1838
+ NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e
+CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/302
+CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/301
+CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/300
+CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/299
+CVE-2021-36407
+ RESERVED
+CVE-2021-36406
+ RESERVED
+CVE-2021-36405
+ RESERVED
+CVE-2021-36404
+ RESERVED
+CVE-2021-36403
+ RESERVED
+CVE-2021-36402
+ RESERVED
+CVE-2021-36401
+ RESERVED
+CVE-2021-36400
+ RESERVED
+CVE-2021-36399
+ RESERVED
+CVE-2021-36398
+ RESERVED
+CVE-2021-36397
+ RESERVED
+CVE-2021-36396
+ RESERVED
+CVE-2021-36395
+ RESERVED
+CVE-2021-36394
+ RESERVED
+CVE-2021-36393
+ RESERVED
+CVE-2021-36392
+ RESERVED
+CVE-2021-36391
+ RESERVED
+CVE-2021-36390
+ RESERVED
+CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...)
+ NOT-FOR-US: Yellowfin
+CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...)
+ NOT-FOR-US: Yellowfin
+CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...)
+ NOT-FOR-US: Yellowfin
+CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...)
+ - fetchmail 6.4.16-4 (unimportant)
+ NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
+ NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5 (RELEASE_6-4-20)
+ NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21)
+ NOTE: Negligible security impact
+CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...)
+ NOT-FOR-US: Cerner Mobile Care
+CVE-2021-36384
+ RESERVED
+CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...)
+ NOT-FOR-US: Xen Orchestra
+CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...)
+ NOT-FOR-US: Edifecs
+CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...)
+ NOT-FOR-US: Sunhillo SureLine
+CVE-2021-36379
+ REJECTED
+CVE-2021-36378
+ RESERVED
+CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...)
+ - fossil 1:2.15.2-1
+ [buster] - fossil <no-dsa> (Minor issue)
+ [stretch] - fossil <no-dsa> (Minor issue)
+ NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
+CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...)
+ NOT-FOR-US: dandavison delta
+CVE-2021-36375
+ RESERVED
+CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...)
+ - ant 1.10.11-1 (unimportant)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build can b ...)
+ - ant 1.10.11-1 (unimportant)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-36372 (In Apache Ozone versions prior to 1.2.0, Initially generated block tok ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...)
+ NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway)
+CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. When est ...)
+ - mc 3:4.8.27-1 (bug #993404)
+ [bullseye] - mc <no-dsa> (Minor issue)
+ [buster] - mc <no-dsa> (Minor issue)
+ [stretch] - mc <no-dsa> (Minor issue)
+ NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f
+CVE-2021-36369
+ RESERVED
+CVE-2021-36368
+ RESERVED
+CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...)
+ - putty 0.75-3 (bug #990901)
+ [bullseye] - putty <no-dsa> (Minor issue)
+ [buster] - putty <no-dsa> (Minor issue)
+ [stretch] - putty <no-dsa> (Minor issue)
+ NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
+CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36362
+ RESERVED
+CVE-2021-36361
+ RESERVED
+CVE-2021-36360
+ RESERVED
+CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remo ...)
+ NOT-FOR-US: OrbiTeam BSCW Classic
+CVE-2021-36358
+ RESERVED
+CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() ...)
+ NOT-FOR-US: OpenPOWER firwmware
+CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...)
+ NOT-FOR-US: KRAMER VIAware
+CVE-2021-36355
+ RESERVED
+CVE-2021-36354
+ RESERVED
+CVE-2021-36353
+ RESERVED
+CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...)
+ NOT-FOR-US: Care2x Hospital Information Management
+CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...)
+ NOT-FOR-US: Care2x Open Source Hospital Information Management
+CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
+ RESERVED
+ - linux 5.15.3-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
+CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
+ RESERVED
+ - libapache2-mod-auth-mellon 0.18.0-1 (bug #991730)
+ [bullseye] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
+ [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
+ NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
+CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...)
+ NOT-FOR-US: Dell
+CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
+ NOT-FOR-US: EMC
+CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...)
+ NOT-FOR-US: Dell
+CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...)
+ NOT-FOR-US: Dell
+CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...)
+ NOT-FOR-US: Dell
+CVE-2021-36345
+ RESERVED
+CVE-2021-36344
+ RESERVED
+CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...)
+ NOT-FOR-US: Dell
+CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
+ NOT-FOR-US: EMC
+CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...)
+ NOT-FOR-US: EMC
+CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege ...)
+ NOT-FOR-US: Unisphere for PowerMax
+CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...)
+ NOT-FOR-US: Dell
+CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...)
+ NOT-FOR-US: Dell
+CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...)
+ NOT-FOR-US: EMC
+CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...)
+ NOT-FOR-US: EMC
+CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflo ...)
+ NOT-FOR-US: EMC
+CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javas ...)
+ NOT-FOR-US: EMC
+CVE-2021-36331
+ RESERVED
+CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36323 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36322 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a ...)
+ NOT-FOR-US: Dell
+CVE-2021-36321 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...)
+ NOT-FOR-US: Dell
+CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...)
+ NOT-FOR-US: Dell
+CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...)
+ NOT-FOR-US: Dell
+CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...)
+ NOT-FOR-US: EMC
+CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...)
+ NOT-FOR-US: EMC
+CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...)
+ NOT-FOR-US: EMC
+CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...)
+ NOT-FOR-US: EMC
+CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...)
+ NOT-FOR-US: EMC
+CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS command in ...)
+ NOT-FOR-US: EMC
+CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Pas ...)
+ NOT-FOR-US: EMC
+CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper Authoriz ...)
+ NOT-FOR-US: EMC
+CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x &amp; 10.5 ...)
+ NOT-FOR-US: Dell
+CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...)
+ NOT-FOR-US: Dell
+CVE-2021-36308 (Networking OS10, versions prior to October 2021 with Smart Fabric Serv ...)
+ NOT-FOR-US: Dell
+CVE-2021-36307 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...)
+ NOT-FOR-US: Dell
+CVE-2021-36306 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...)
+ NOT-FOR-US: Dell
+CVE-2021-36305 (Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data ...)
+ NOT-FOR-US: Dell
+CVE-2021-36304
+ RESERVED
+CVE-2021-36303
+ RESERVED
+CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...)
+ NOT-FOR-US: EMC
+CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...)
+ NOT-FOR-US: Dell
+CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...)
+ NOT-FOR-US: Dell
+CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and ...)
+ NOT-FOR-US: Dell
+CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...)
+ NOT-FOR-US: EMC
+CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...)
+ NOT-FOR-US: SupportAssist Client (Dell)
+CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36293
+ RESERVED
+CVE-2021-36292
+ RESERVED
+CVE-2021-36291
+ RESERVED
+CVE-2021-36290
+ RESERVED
+CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...)
+ NOT-FOR-US: Dell
+CVE-2021-36288
+ RESERVED
+CVE-2021-36287
+ RESERVED
+CVE-2021-36286 (Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions ...)
+ NOT-FOR-US: Dell SupportAssist Client Consumer
+CVE-2021-36285 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...)
+ NOT-FOR-US: Dell
+CVE-2021-36284 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...)
+ NOT-FOR-US: Dell
+CVE-2021-36283 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36282 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of un ...)
+ NOT-FOR-US: EMC
+CVE-2021-36281 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...)
+ NOT-FOR-US: EMC
+CVE-2021-36280 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...)
+ NOT-FOR-US: EMC
+CVE-2021-36279 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...)
+ NOT-FOR-US: EMC
+CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insert ...)
+ NOT-FOR-US: EMC
+CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update versions prior ...)
+ NOT-FOR-US: Dell
+CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...)
+ NOT-FOR-US: Dell
+CVE-2021-36275
+ RESERVED
+CVE-2021-36274
+ RESERVED
+CVE-2021-36273
+ RESERVED
+CVE-2021-36272
+ RESERVED
+CVE-2021-36271
+ RESERVED
+CVE-2021-36270
+ RESERVED
+CVE-2021-36269
+ RESERVED
+CVE-2021-36268
+ RESERVED
+CVE-2021-36267
+ RESERVED
+CVE-2021-36266
+ RESERVED
+CVE-2021-36265
+ RESERVED
+CVE-2021-36264
+ RESERVED
+CVE-2021-36263
+ RESERVED
+CVE-2021-36262
+ RESERVED
+CVE-2021-36261
+ RESERVED
+CVE-2021-36260 (A command injection vulnerability in the web server of some Hikvision ...)
+ NOT-FOR-US: Hikvision
+CVE-2021-36259
+ RESERVED
+CVE-2021-36258
+ RESERVED
+CVE-2021-36257
+ RESERVED
+CVE-2021-36256
+ RESERVED
+CVE-2021-36255
+ RESERVED
+CVE-2021-36254
+ RESERVED
+CVE-2021-36253
+ RESERVED
+CVE-2021-36252
+ RESERVED
+CVE-2021-36251
+ RESERVED
+CVE-2021-36250
+ RESERVED
+CVE-2021-36249
+ RESERVED
+CVE-2021-36248
+ RESERVED
+CVE-2021-36247
+ RESERVED
+CVE-2021-36246
+ RESERVED
+CVE-2021-36245
+ RESERVED
+CVE-2021-36244
+ RESERVED
+CVE-2021-36243
+ RESERVED
+CVE-2021-36242
+ RESERVED
+CVE-2021-36241
+ RESERVED
+CVE-2021-36240
+ RESERVED
+CVE-2021-36239
+ RESERVED
+CVE-2021-36238
+ RESERVED
+CVE-2021-36237
+ RESERVED
+CVE-2021-36236
+ RESERVED
+CVE-2021-3638 [ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write]
+ RESERVED
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-6 (bug #992726)
+ [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858
+ NOTE: https://lore.kernel.org/qemu-devel/CAA8xKjXkDwPYxSAeRb+2mfHRrbiL_kh9unVkemFXLfF68UXePA@mail.gmail.com
+CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 10.6.30.0. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight 7.9.5.24 ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36231 (Deserialization of untrusted data in multiple functions in MIK.starlig ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did not proper ...)
+ NOT-FOR-US: Terraform Enterprise
+CVE-2021-36229
+ RESERVED
+CVE-2021-36228
+ RESERVED
+CVE-2021-36227
+ RESERVED
+CVE-2021-36226
+ RESERVED
+CVE-2021-36225
+ RESERVED
+CVE-2021-36224
+ RESERVED
+CVE-2021-36223
+ RESERVED
+CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...)
+ {DSA-4944-1}
+ - krb5 1.18.3-6 (bug #991365)
+ [stretch] - krb5 <not-affected> (Vulnerable code (k5memdup0()) introduced later)
+ NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
+ NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
+CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.16 1.16.7-1
+ - golang-1.15 1.15.15-1 (bug #991961)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/46866
+ NOTE: https://github.com/golang/go/commit/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e (master)
+ NOTE: https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 (release-branch.go1.16)
+ NOTE: https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15)
+CVE-2021-36220
+ RESERVED
+CVE-2021-36219 (An issue was discovered in SKALE sgxwallet 1.58.3. The provided input ...)
+ NOT-FOR-US: SKALE sgxwallet
+CVE-2021-36218 (An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GC ...)
+ NOT-FOR-US: SKALE sgxwallet
+CVE-2021-36217
+ REJECTED
+CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...)
+ NOT-FOR-US: LINE for Windows
+CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...)
+ NOT-FOR-US: LINE client for iOS
+CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...)
+ NOT-FOR-US: LINE client for iOS
+CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...)
+ - consul <not-affected> (Only applies to 1.9 and later)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
+ NOTE: https://github.com/hashicorp/consul/pull/10619
+CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...)
+ NOT-FOR-US: MISP
+CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak versions bef ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-36211
+ RESERVED
+CVE-2021-36210
+ RESERVED
+CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-36208
+ RESERVED
+CVE-2021-36207
+ RESERVED
+CVE-2021-36206
+ RESERVED
+CVE-2021-36205
+ RESERVED
+CVE-2021-36204
+ RESERVED
+CVE-2021-36203
+ RESERVED
+CVE-2021-36202
+ RESERVED
+CVE-2021-36201
+ RESERVED
+CVE-2021-36200
+ RESERVED
+CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...)
+ NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
+CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...)
+ NOT-FOR-US: Sensormatic Electronics, LLC
+CVE-2021-36197
+ RESERVED
+CVE-2021-36196
+ RESERVED
+CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, vers ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36185 (A improper neutralization of special elements used in an OS command (' ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36184 (A improper neutralization of Special Elements used in an SQL Command ( ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36183 (An improper authorization vulnerability [CWE-285] in FortiClient for W ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36181 (A concurrent execution using shared resource with improper Synchroniza ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36180 (Multiple improper neutralization of special elements used in a command ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36171
+ RESERVED
+CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36166
+ RESERVED
+CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
+ NOT-FOR-US: RICON Industrial Cellular Router
+CVE-2021-36164
+ RESERVED
+CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-36162 (Apache Dubbo supports various rules to support configuration override ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
+ {DSA-4982-1 DLA-2768-1}
+ - apache2 2.4.49-1
+ [stretch] - apache2 <not-affected> (Vulnerable module not present)
+ - uwsgi <unfixed> (unimportant)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
+ NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b
+ NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
+ NOTE: packages which are provided by src:apache2 itself.
+ NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616
+ NOTE: Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x)
+CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
+ NOT-FOR-US: libfetch
+CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
+ - xrdp <not-affected> (xrdp as packaged in Alpine)
+CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...)
+ NOT-FOR-US: Grafana Cortex
+CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...)
+ NOT-FOR-US: Grafana Loki
+CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...)
+ NOT-FOR-US: gRPC Swift
+CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...)
+ NOT-FOR-US: gRPC Swift
+CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...)
+ NOT-FOR-US: gRPC Swift
+CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...)
+ NOT-FOR-US: Apache Gobblin
+CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is ...)
+ NOT-FOR-US: Apache Gobblin
+CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...)
+ - linux 5.4.19-1
+ [buster] - linux 4.19.98-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946
+CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...)
+ {DSA-4965-1}
+ - libssh 0.9.6-1 (bug #993046)
+ [buster] - libssh <not-affected> (Vulnerable code not present)
+ [stretch] - libssh <not-affected> (Vulnerable code not present)
+ NOTE: https://www.libssh.org/security/advisories/CVE-2021-3634.txt
+ NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/
+ NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6)
+CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS. ...)
+ NOT-FOR-US: SilverStripe CMS
+CVE-2021-36149
+ RESERVED
+CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36147 (An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36146 (ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereferen ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36145 (The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use- ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36144 (The polling timer handler in ACRN before 2.5 has a use-after-free for ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36143 (ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36142
+ RESERVED
+CVE-2021-36141
+ RESERVED
+CVE-2021-36140
+ RESERVED
+CVE-2021-36139
+ RESERVED
+CVE-2021-36138
+ RESERVED
+CVE-2021-36137
+ RESERVED
+CVE-2021-36136
+ RESERVED
+CVE-2021-36135
+ RESERVED
+CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
+ NOT-FOR-US: McAfee
+CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
+ NOT-FOR-US: OP-TEE
+CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
+ NOT-FOR-US: FileImport MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in MediaWiki ...)
+ NOT-FOR-US: SportsTeams MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in MediaWik ...)
+ NOT-FOR-US: SocialProfile MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36129 (An issue was discovered in the Translate extension in MediaWiki throug ...)
+ NOT-FOR-US: Translate MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36128 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36127 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWiki thro ...)
+ NOT-FOR-US: AbuseFilter MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-36120
+ RESERVED
+CVE-2021-36119
+ RESERVED
+CVE-2021-36118
+ RESERVED
+CVE-2021-36117
+ RESERVED
+CVE-2021-36116
+ RESERVED
+CVE-2021-36115
+ RESERVED
+CVE-2021-36114
+ RESERVED
+CVE-2021-36113
+ RESERVED
+CVE-2021-36112
+ RESERVED
+CVE-2021-36111
+ RESERVED
+CVE-2021-36110
+ RESERVED
+CVE-2021-36109
+ RESERVED
+CVE-2021-36108
+ RESERVED
+CVE-2021-36107
+ RESERVED
+CVE-2021-36106
+ RESERVED
+CVE-2021-36105
+ RESERVED
+CVE-2021-36104
+ RESERVED
+CVE-2021-36103
+ RESERVED
+CVE-2021-36102
+ RESERVED
+CVE-2021-36101
+ RESERVED
+CVE-2021-36100
+ RESERVED
+CVE-2021-36099
+ RESERVED
+CVE-2021-36098
+ RESERVED
+CVE-2021-36097 (Agents are able to lock the ticket without the "Owner" permission. Onc ...)
+ - otrs <not-affected> (OTRS 8.x specific)
+ NOTE: znuny forked from OTRS with 6.x, but this issue is specific to OTRS 8.x
+CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+ NOTE: CVE-2021-36096 is an update from the original CVE-2021-21440.
+ TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase
+CVE-2021-36095 (Malicious attacker is able to find out valid user logins by using the ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-18/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-36094 (It's possible to craft a request for appointment edit screen, which co ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-17/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+ TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase
+CVE-2021-36093 (It's possible to create an email which can be stuck while being proces ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-16/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-36092 (It's possible to create an email which contains specially crafted link ...)
+ - otrs2 <undetermined>
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-15/
+ NOTE: Unclear whether this affects Znuny, they could not reproduce it:
+ NOTE: https://github.com/znuny/Znuny/issues/105#issuecomment-894013730
+CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...)
+ - otrs2 6.0.32-6 (bug #991593)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
+ NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-3632
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f
+CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...)
+ - libgrokj2k 9.5.0-1 (bug #990525)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
+CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...)
+ NOT-FOR-US: Fluent Bit
+CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
+ NOTE: https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
+CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
+ NOTE: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
+CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
+ NOTE: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
+CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
+ NOTE: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
+CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...)
+ [experimental] - kimageformats 5.83.0-1
+ - kimageformats 5.78.0-5 (bug #990527)
+ [buster] - kimageformats <no-dsa> (Minor issue)
+ [stretch] - kimageformats <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
+ NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f
+CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...)
+ - ndpi 4.0-1 (bug #990528)
+ [buster] - ndpi <not-affected> (Vulnerable code not present)
+ [stretch] - ndpi <not-affected> (Vulnerable code added later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml
+ NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
+CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...)
+ - tesseract <unfixed> (bug #990529)
+ [bullseye] - tesseract <no-dsa> (Minor issue)
+ [buster] - tesseract <no-dsa> (Minor issue)
+ [stretch] - tesseract <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml
+ NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55
+CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-3631 [insecure sVirt label generation]
+ RESERVED
+ - libvirt 7.6.0-1 (bug #990709)
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153
+ NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 (v7.5.0)
+CVE-2021-36079 (Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36078 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36077 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36076 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36075 (Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overfl ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36074 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36073 (Adobe Bridge version 11.1 (and earlier) is affected by a heap-based bu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36072 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36071 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36070 (Adobe Media Encoder version 15.1 (and earlier) is affected by an impro ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36069 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36068 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36067 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36060
+ RESERVED
+CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36042 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36041 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36040 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36039 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36036
+ RESERVED
+CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36033 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36032 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36031 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36030 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36029 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36028 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36027 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36026 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36023
+ RESERVED
+CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36021
+ RESERVED
+CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36014 (Adobe Media Encoder version 15.2 (and earlier) is affected by an unini ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36013 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36012 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a potent ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36009 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an memor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36008 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36007 (Adobe Prelude version 10.0 (and earlier) are affected by an uninitiali ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36006 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36003 (Adobe Audition version 14.2 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an Creatio ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected by a me ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35999 (Adobe Prelude version 10.0 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35998
+ RESERVED
+CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Imp ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35989 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35988 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35987 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35986 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35985 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35984 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35983 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35980
+ RESERVED
+CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
+ NOT-FOR-US: Digi RealPort
+CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
+ NOT-FOR-US: Digi TransPort devices
+CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...)
+ NOT-FOR-US: Digi RealPort
+CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
+ NOT-FOR-US: Plesk Obsidian
+CVE-2021-35975
+ RESERVED
+CVE-2021-35974
+ RESERVED
+CVE-2021-35973 (NETGEAR WAC104 devices before 1.0.4.15 are affected by an authenticati ...)
+ NOT-FOR-US: Netgear
+CVE-2021-35972
+ RESERVED
+CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 be ...)
+ NOT-FOR-US: Veeam
+CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...)
+ NOT-FOR-US: Coral
+CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...)
+ NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system
+CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...)
+ NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system
+CVE-2021-35960
+ RESERVED
+CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folde ...)
+ NOT-FOR-US: Plone
+CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...)
+ NOT-FOR-US: Stormshield Endpoint Security Evolution
+CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...)
+ NOT-FOR-US: AKCP sensorProbe
+CVE-2021-35955 (Contao &gt;=4.0.0 allows backend XSS via HTML attributes to an HTML fi ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-35954
+ RESERVED
+CVE-2021-35953
+ RESERVED
+CVE-2021-35952
+ RESERVED
+CVE-2021-35951
+ RESERVED
+CVE-2021-35950
+ RESERVED
+CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...)
+ - owncloud <removed>
+CVE-2021-35948 (Session fixation on password protected public links in the ownCloud Se ...)
+ - owncloud <removed>
+CVE-2021-35947 (The public share controller in the ownCloud server before version 10.8 ...)
+ - owncloud <removed>
+CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...)
+ - owncloud <removed>
+CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...)
+ - glibc 2.31-13 (bug #990542)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
+CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...)
+ NOT-FOR-US: Western Digital
+CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...)
+ {DSA-5032-1 DLA-2702-1}
+ - djvulibre 3.5.27.1-12
+ NOTE: https://sourceforge.net/p/djvu/bugs/302/
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
+CVE-2021-3629
+ RESERVED
+ - undertow <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362
+CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...)
+ NOT-FOR-US: OpenKM
+CVE-2021-3627
+ RESERVED
+CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...)
+ - apr 1.7.0-7 (bug #992789)
+ [bullseye] - apr 1.7.0-6+deb11u1
+ [buster] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0)
+ [stretch] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0)
+ NOTE: The issue exists because the CVE-2017-12613 fix was not carried forward
+ NOTE: in the APR 1.7.x branch and hence version 1.7.0 regressed from 1.6.3
+ NOTE: and so vulnerable to the same issue.
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1
+ NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198
+ NOTE: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
+CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary directories]
+ RESERVED
+ - rpm <unfixed> (bug #990543)
+ [bullseye] - rpm <ignored> (Minor issue)
+ [buster] - rpm <ignored> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129
+CVE-2021-35938 [races with chown/chmod/capabilities calls during installation]
+ RESERVED
+ - rpm <unfixed> (bug #990543)
+ [bullseye] - rpm <ignored> (Minor issue)
+ [buster] - rpm <ignored> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114
+CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
+ RESERVED
+ - rpm <unfixed> (bug #990543)
+ [bullseye] - rpm <ignored> (Minor issue)
+ [buster] - rpm <ignored> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125
+CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...)
+ NOT-FOR-US: Multipass
+CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions &gt;= v2.5.0 ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-35935
+ RESERVED
+CVE-2021-35934
+ RESERVED
+CVE-2021-35933
+ RESERVED
+CVE-2021-35932
+ RESERVED
+CVE-2021-35931
+ RESERVED
+CVE-2021-35930
+ RESERVED
+CVE-2021-35929
+ RESERVED
+CVE-2021-35928
+ RESERVED
+CVE-2021-35927
+ RESERVED
+CVE-2021-35926
+ RESERVED
+CVE-2021-35925
+ RESERVED
+CVE-2021-35924
+ RESERVED
+CVE-2021-35923
+ RESERVED
+CVE-2021-35922
+ RESERVED
+CVE-2021-35921
+ RESERVED
+CVE-2021-35920
+ RESERVED
+CVE-2021-35919
+ RESERVED
+CVE-2021-35918
+ RESERVED
+CVE-2021-35917
+ RESERVED
+CVE-2021-35916
+ RESERVED
+CVE-2021-35915
+ RESERVED
+CVE-2021-35914
+ RESERVED
+CVE-2021-35913
+ RESERVED
+CVE-2021-35912
+ RESERVED
+CVE-2021-35911
+ RESERVED
+CVE-2021-35910
+ RESERVED
+CVE-2021-35909
+ RESERVED
+CVE-2021-35908
+ RESERVED
+CVE-2021-35907
+ RESERVED
+CVE-2021-35906
+ RESERVED
+CVE-2021-35905
+ RESERVED
+CVE-2021-35904
+ RESERVED
+CVE-2021-35903
+ RESERVED
+CVE-2021-35902
+ RESERVED
+CVE-2021-35901
+ RESERVED
+CVE-2021-35900
+ RESERVED
+CVE-2021-35899
+ RESERVED
+CVE-2021-35898
+ RESERVED
+CVE-2021-35897
+ RESERVED
+CVE-2021-35896
+ RESERVED
+CVE-2021-35895
+ RESERVED
+CVE-2021-35894
+ RESERVED
+CVE-2021-35893
+ RESERVED
+CVE-2021-35892
+ RESERVED
+CVE-2021-35891
+ RESERVED
+CVE-2021-35890
+ RESERVED
+CVE-2021-35889
+ RESERVED
+CVE-2021-35888
+ RESERVED
+CVE-2021-35887
+ RESERVED
+CVE-2021-35886
+ RESERVED
+CVE-2021-35885
+ RESERVED
+CVE-2021-35884
+ RESERVED
+CVE-2021-35883
+ RESERVED
+CVE-2021-35882
+ RESERVED
+CVE-2021-35881
+ RESERVED
+CVE-2021-35880
+ RESERVED
+CVE-2021-35879
+ RESERVED
+CVE-2021-35878
+ RESERVED
+CVE-2021-35877
+ RESERVED
+CVE-2021-35876
+ RESERVED
+CVE-2021-35875
+ RESERVED
+CVE-2021-35874
+ RESERVED
+CVE-2021-35873
+ RESERVED
+CVE-2021-35872
+ RESERVED
+CVE-2021-35871
+ RESERVED
+CVE-2021-35870
+ RESERVED
+CVE-2021-35869
+ RESERVED
+CVE-2021-35868
+ RESERVED
+CVE-2021-35867
+ RESERVED
+CVE-2021-35866
+ RESERVED
+CVE-2021-35865
+ RESERVED
+CVE-2021-35864
+ RESERVED
+CVE-2021-35863
+ RESERVED
+CVE-2021-35862
+ RESERVED
+CVE-2021-35861
+ RESERVED
+CVE-2021-35860
+ RESERVED
+CVE-2021-35859
+ RESERVED
+CVE-2021-35858
+ RESERVED
+CVE-2021-35857
+ RESERVED
+CVE-2021-35856
+ RESERVED
+CVE-2021-35855
+ RESERVED
+CVE-2021-35854
+ RESERVED
+CVE-2021-35853
+ RESERVED
+CVE-2021-35852
+ RESERVED
+CVE-2021-35851
+ RESERVED
+CVE-2021-35850
+ RESERVED
+CVE-2021-35849
+ RESERVED
+CVE-2021-35848
+ RESERVED
+CVE-2021-35847
+ RESERVED
+CVE-2021-35846
+ RESERVED
+CVE-2021-35845
+ RESERVED
+CVE-2021-35844
+ RESERVED
+CVE-2021-35843
+ RESERVED
+CVE-2021-35842
+ RESERVED
+CVE-2021-35841
+ RESERVED
+CVE-2021-35840
+ RESERVED
+CVE-2021-35839
+ RESERVED
+CVE-2021-35838
+ RESERVED
+CVE-2021-35837
+ RESERVED
+CVE-2021-35836
+ RESERVED
+CVE-2021-35835
+ RESERVED
+CVE-2021-35834
+ RESERVED
+CVE-2021-35833
+ RESERVED
+CVE-2021-35832
+ RESERVED
+CVE-2021-35831
+ RESERVED
+CVE-2021-35830
+ RESERVED
+CVE-2021-35829
+ RESERVED
+CVE-2021-35828
+ RESERVED
+CVE-2021-35827
+ RESERVED
+CVE-2021-35826
+ RESERVED
+CVE-2021-35825
+ RESERVED
+CVE-2021-35824
+ RESERVED
+CVE-2021-35823
+ RESERVED
+CVE-2021-35822
+ RESERVED
+CVE-2021-35821
+ RESERVED
+CVE-2021-35820
+ RESERVED
+CVE-2021-35819
+ RESERVED
+CVE-2021-35818
+ RESERVED
+CVE-2021-35817
+ RESERVED
+CVE-2021-35816
+ RESERVED
+CVE-2021-35815
+ RESERVED
+CVE-2021-35814
+ RESERVED
+CVE-2021-35813
+ RESERVED
+CVE-2021-35812
+ RESERVED
+CVE-2021-35811
+ RESERVED
+CVE-2021-35810
+ RESERVED
+CVE-2021-35809
+ RESERVED
+CVE-2021-35808
+ RESERVED
+CVE-2021-35807
+ RESERVED
+CVE-2021-35806
+ RESERVED
+CVE-2021-35805
+ RESERVED
+CVE-2021-35804
+ RESERVED
+CVE-2021-35803
+ RESERVED
+CVE-2021-35802
+ RESERVED
+CVE-2021-35801
+ RESERVED
+CVE-2021-35800
+ RESERVED
+CVE-2021-35799
+ RESERVED
+CVE-2021-35798
+ RESERVED
+CVE-2021-35797
+ RESERVED
+CVE-2021-35796
+ RESERVED
+CVE-2021-35795
+ RESERVED
+CVE-2021-35794
+ RESERVED
+CVE-2021-35793
+ RESERVED
+CVE-2021-35792
+ RESERVED
+CVE-2021-35791
+ RESERVED
+CVE-2021-35790
+ RESERVED
+CVE-2021-35789
+ RESERVED
+CVE-2021-35788
+ RESERVED
+CVE-2021-35787
+ RESERVED
+CVE-2021-35786
+ RESERVED
+CVE-2021-35785
+ RESERVED
+CVE-2021-35784
+ RESERVED
+CVE-2021-35783
+ RESERVED
+CVE-2021-35782
+ RESERVED
+CVE-2021-35781
+ RESERVED
+CVE-2021-35780
+ RESERVED
+CVE-2021-35779
+ RESERVED
+CVE-2021-35778
+ RESERVED
+CVE-2021-35777
+ RESERVED
+CVE-2021-35776
+ RESERVED
+CVE-2021-35775
+ RESERVED
+CVE-2021-35774
+ RESERVED
+CVE-2021-35773
+ RESERVED
+CVE-2021-35772
+ RESERVED
+CVE-2021-35771
+ RESERVED
+CVE-2021-35770
+ RESERVED
+CVE-2021-35769
+ RESERVED
+CVE-2021-35768
+ RESERVED
+CVE-2021-35767
+ RESERVED
+CVE-2021-35766
+ RESERVED
+CVE-2021-35765
+ RESERVED
+CVE-2021-35764
+ RESERVED
+CVE-2021-35763
+ RESERVED
+CVE-2021-35762
+ RESERVED
+CVE-2021-35761
+ RESERVED
+CVE-2021-35760
+ RESERVED
+CVE-2021-35759
+ RESERVED
+CVE-2021-35758
+ RESERVED
+CVE-2021-35757
+ RESERVED
+CVE-2021-35756
+ RESERVED
+CVE-2021-35755
+ RESERVED
+CVE-2021-35754
+ RESERVED
+CVE-2021-35753
+ RESERVED
+CVE-2021-35752
+ RESERVED
+CVE-2021-35751
+ RESERVED
+CVE-2021-35750
+ RESERVED
+CVE-2021-35749
+ RESERVED
+CVE-2021-35748
+ RESERVED
+CVE-2021-35747
+ RESERVED
+CVE-2021-35746
+ RESERVED
+CVE-2021-35745
+ RESERVED
+CVE-2021-35744
+ RESERVED
+CVE-2021-35743
+ RESERVED
+CVE-2021-35742
+ RESERVED
+CVE-2021-35741
+ RESERVED
+CVE-2021-35740
+ RESERVED
+CVE-2021-35739
+ RESERVED
+CVE-2021-35738
+ RESERVED
+CVE-2021-35737
+ RESERVED
+CVE-2021-35736
+ RESERVED
+CVE-2021-35735
+ RESERVED
+CVE-2021-35734
+ RESERVED
+CVE-2021-35733
+ RESERVED
+CVE-2021-35732
+ RESERVED
+CVE-2021-35731
+ RESERVED
+CVE-2021-35730
+ RESERVED
+CVE-2021-35729
+ RESERVED
+CVE-2021-35728
+ RESERVED
+CVE-2021-35727
+ RESERVED
+CVE-2021-35726
+ RESERVED
+CVE-2021-35725
+ RESERVED
+CVE-2021-35724
+ RESERVED
+CVE-2021-35723
+ RESERVED
+CVE-2021-35722
+ RESERVED
+CVE-2021-35721
+ RESERVED
+CVE-2021-35720
+ RESERVED
+CVE-2021-35719
+ RESERVED
+CVE-2021-35718
+ RESERVED
+CVE-2021-35717
+ RESERVED
+CVE-2021-35716
+ RESERVED
+CVE-2021-35715
+ RESERVED
+CVE-2021-35714
+ RESERVED
+CVE-2021-35713
+ RESERVED
+CVE-2021-35712
+ RESERVED
+CVE-2021-35711
+ RESERVED
+CVE-2021-35710
+ RESERVED
+CVE-2021-35709
+ RESERVED
+CVE-2021-35708
+ RESERVED
+CVE-2021-35707
+ RESERVED
+CVE-2021-35706
+ RESERVED
+CVE-2021-35705
+ RESERVED
+CVE-2021-35704
+ RESERVED
+CVE-2021-35703
+ RESERVED
+CVE-2021-35702
+ RESERVED
+CVE-2021-35701
+ RESERVED
+CVE-2021-35700
+ RESERVED
+CVE-2021-35699
+ RESERVED
+CVE-2021-35698
+ RESERVED
+CVE-2021-35697
+ RESERVED
+CVE-2021-35696
+ RESERVED
+CVE-2021-35695
+ RESERVED
+CVE-2021-35694
+ RESERVED
+CVE-2021-35693
+ RESERVED
+CVE-2021-35692
+ RESERVED
+CVE-2021-35691
+ RESERVED
+CVE-2021-35690
+ RESERVED
+CVE-2021-35689
+ RESERVED
+CVE-2021-35688
+ RESERVED
+CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35685
+ RESERVED
+CVE-2021-35684
+ RESERVED
+CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35682
+ RESERVED
+CVE-2021-35681
+ RESERVED
+CVE-2021-35680
+ RESERVED
+CVE-2021-35679
+ RESERVED
+CVE-2021-35678
+ RESERVED
+CVE-2021-35677
+ RESERVED
+CVE-2021-35676
+ RESERVED
+CVE-2021-35675
+ RESERVED
+CVE-2021-35674
+ RESERVED
+CVE-2021-35673
+ RESERVED
+CVE-2021-35672
+ RESERVED
+CVE-2021-35671
+ RESERVED
+CVE-2021-35670
+ RESERVED
+CVE-2021-35669
+ RESERVED
+CVE-2021-35668
+ RESERVED
+CVE-2021-35667
+ RESERVED
+CVE-2021-35666 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35665 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35664
+ RESERVED
+CVE-2021-35663
+ RESERVED
+CVE-2021-35662 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35661 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35660 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35659 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35658 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35657 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35656 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35655 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35654 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35653 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35652 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35651 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35650 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle Secure Global Desktop
+CVE-2021-35649 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle Secure Global Desktop
+CVE-2021-35648 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35647 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35646 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35645 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35644 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35642 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35639 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35636 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35630 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35629 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35628 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35626 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+ - mysql-5.7 <removed>
+CVE-2021-35623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35622 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35621 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35620 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35619 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35618 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35617 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35616 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35615
+ RESERVED
+CVE-2021-35614
+ RESERVED
+CVE-2021-35613 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35612 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35611 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35610 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35609 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35606 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35605
+ RESERVED
+CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Minor issue)
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 <no-dsa> (Minor issue)
+ - mysql-8.0 <unfixed>
+ - mysql-5.7 <removed>
+ NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
+CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35602 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35601 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35600
+ RESERVED
+CVE-2021-35599 (Vulnerability in the Zero Downtime DB Migration to Cloud component of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35598 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35597 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35596 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35595 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35594 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35593 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35592 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35590 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DLA-2814-1}
+ - openjdk-8 8u312-b07-1
+CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35585 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35584 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35583 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Windows-specific)
+CVE-2021-35582 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35581 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35579
+ RESERVED
+CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35576 (Vulnerability in the Oracle Database Enterprise Edition Unified Audit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35574 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35573 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35572 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35571 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35570 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
+ - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35555
+ RESERVED
+CVE-2021-35554 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35553 (Vulnerability in the PeopleSoft Enterprise CS Student Records product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35548
+ RESERVED
+CVE-2021-35547
+ RESERVED
+CVE-2021-35546 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35545 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-35544
+ RESERVED
+CVE-2021-35543 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35542 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-35541 (Vulnerability in the PeopleSoft Enterprise SCM product of Oracle Peopl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35540 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-35539 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35538 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox <not-affected> (Windows-specific)
+CVE-2021-35537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35536 (Vulnerability in the Oracle Deal Management product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/ ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35532
+ RESERVED
+CVE-2021-35531
+ RESERVED
+CVE-2021-35530
+ RESERVED
+CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35528 (Improper Access Control vulnerability in the application authenticatio ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...)
+ NOT-FOR-US: Hitachi ABB Power Grids eSOMS
+CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...)
+ NOT-FOR-US: Hitachi ABB Power Grids System Data Manager
+CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()]
+ RESERVED
+ - dcraw <unfixed> (bug #984761)
+ [bullseye] - dcraw <no-dsa> (Minor issue)
+ [buster] - dcraw <no-dsa> (Minor issue)
+ [stretch] - dcraw <no-dsa> (Minor issue)
+CVE-2021-3623 [out-of-bounds access when trying to resume the state of the vTPM]
+ RESERVED
+ - libtpms 0.9.1-1 (bug #990522)
+ NOTE: https://github.com/stefanberger/libtpms/pull/223
+ NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
+ NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809
+ NOTE: https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e
+CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...)
+ - postsrsd 1.10-2 (bug #990439)
+ [buster] - postsrsd <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - postsrsd <no-dsa> (Minor issue)
+ NOTE: https://bugs.gentoo.org/793674
+ NOTE: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2
+CVE-2021-35524
+ RESERVED
+CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...)
+ NOT-FOR-US: Securepoint
+CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...)
+ NOT-FOR-US: IDEMIA
+CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...)
+ NOT-FOR-US: IDEMIA
+CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...)
+ NOT-FOR-US: IDEMIA
+CVE-2021-35519
+ RESERVED
+CVE-2021-35518
+ RESERVED
+CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f
+CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=26924e96c7730db014c310757e11c9359db07f3e
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=c51de6cfaec75b21566374158f25e1734c3a94cb
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=0aba8b8fd8053ae323f15d736d1762b2161c76a6
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=60d551a748236d7f4651a4ae88d5a351f7c5754b
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=bf5a5346ae04b9d2a5b0356ca75f11dcc8d94789
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=5761493cbaf7a7d608a3b68f4d61aaa822dbeb4f
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ae2b27cc011f47f0289cb24a11f2d4f1db711f8a
+CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1
+ NOTE: Fixed by https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=3fe6b42110dc56d0d6fe0aaf80cfecb8feea5321
+CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...)
+ NOT-FOR-US: Narou
+CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used. ...)
+ - node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449)
+ NOTE: https://github.com/mermaid-js/mermaid/issues/2122
+ NOTE: https://github.com/mermaid-js/mermaid/pull/2123
+CVE-2021-35512 (An SSRF issue was discovered in Zoho ManageEngine Applications Manager ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-35511
+ RESERVED
+CVE-2021-35510
+ RESERVED
+CVE-2021-35509
+ RESERVED
+CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to ex ...)
+ NOT-FOR-US: TeraRecon AQNetClient
+CVE-2021-35507
+ RESERVED
+CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator encounters a ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...)
+ NOT-FOR-US: MISP
+CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attacker to ...)
+ - hivex 1.3.21-1 (bug #991860)
+ [bullseye] - hivex <no-dsa> (Minor issue)
+ [buster] - hivex <no-dsa> (Minor issue)
+ [stretch] - hivex <no-dsa> (Minor issue)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html
+ NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255
+CVE-2021-35501 (PandoraFMS &lt;=7.54 allows Stored XSS by placing a payload in the nam ...)
+ NOT-FOR-US: PandoraFMS
+CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...)
+ {DLA-2758-1}
+ - sssd 2.5.2-1 (bug #992710)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
+ NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
+ NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91)
+CVE-2021-3620
+ RESERVED
+ - ansible <unfixed>
+ [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
+CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...)
+ NOT-FOR-US: WebFOCUS
+CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
+ NOT-FOR-US: Rapid7 Velociraptor
+CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...)
+ NOT-FOR-US: Thruk
+CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&amp;host={HOSTN ...)
+ NOT-FOR-US: Thruk
+CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&amp;titl ...)
+ NOT-FOR-US: Thruk
+CVE-2021-35487
+ RESERVED
+CVE-2021-35486
+ RESERVED
+CVE-2021-35485
+ RESERVED
+CVE-2021-35484
+ RESERVED
+CVE-2021-35483
+ RESERVED
+CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...)
+ NOT-FOR-US: Barco MirrorOp Windows Sender
+CVE-2021-35481
+ RESERVED
+CVE-2021-35480
+ RESERVED
+CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom colum ...)
+ NOT-FOR-US: Nagios Log Server
+CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...)
+ NOT-FOR-US: Nagios Log Server
+CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+ {DLA-2785-1}
+ - linux 5.10.46-4
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
+CVE-2021-35476
+ RESERVED
+CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...)
+ NOT-FOR-US: SAS Environment Manager
+CVE-2021-3618
+ RESERVED
+ - nginx <unfixed> (bug #991328)
+ [bullseye] - nginx <no-dsa> (Minor issue)
+ [buster] - nginx <no-dsa> (Minor issue)
+ [stretch] - nginx <no-dsa> (Minor issue)
+ - vsftpd <unfixed> (bug #991329)
+ [bullseye] - vsftpd <no-dsa> (Minor issue)
+ [buster] - vsftpd <no-dsa> (Minor issue)
+ [stretch] - vsftpd <no-dsa> (Minor issue)
+ [experimental] - sendmail 8.16.1-1
+ - sendmail <unfixed> (bug #991331)
+ [bullseye] - sendmail <no-dsa> (Minor issue)
+ [buster] - sendmail <no-dsa> (Minor issue)
+ [stretch] - sendmail <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975623
+ NOTE: https://alpaca-attack.com/
+ NOTE: Generic TLS protocol issue, some applications have released mitigations:
+ NOTE: nginx: http://hg.nginx.org/nginx/rev/ec1071830799
+ NOTE: vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4)
+ NOTE: * Close the control connection after 10 unknown commands pre-login.
+ NOTE: * Reject any TLS ALPN advertisement that's not 'ftp'.
+ NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
+ NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2
+ NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html
+CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler]
+ RESERVED
+ - lemonldap-ng 2.0.11+ds-4
+ [buster] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later)
+ [stretch] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549
+CVE-2021-35472 (An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache ...)
+ {DSA-4943-1}
+ - lemonldap-ng 2.0.11+ds-4
+ [stretch] - lemonldap-ng <not-affected> (Vulnerable code not present; updateSession doesn't use in-memory cache)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539
+CVE-2021-35471
+ RESERVED
+CVE-2021-35470
+ RESERVED
+CVE-2021-35469 (The Lexmark Printer Software G2, G3 and G4 Installation Packages have ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-35468
+ RESERVED
+CVE-2021-35467
+ RESERVED
+CVE-2021-35466
+ RESERVED
+CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...)
+ NOT-FOR-US: ARM
+CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...)
+ NOT-FOR-US: ForgeRock
+CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...)
+ NOT-FOR-US: Liferay
+CVE-2021-35462
+ RESERVED
+CVE-2021-35461
+ RESERVED
+CVE-2021-35460
+ RESERVED
+CVE-2021-35459
+ RESERVED
+CVE-2021-35458 (Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in pro ...)
+ NOT-FOR-US: Online Pet Shop We App
+CVE-2021-35457
+ RESERVED
+CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...)
+ NOT-FOR-US: Online Pet Shop We App
+CVE-2021-35455
+ RESERVED
+CVE-2021-35454
+ RESERVED
+CVE-2021-35453
+ RESERVED
+CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...)
+ - libde265 <unfixed>
+ NOTE: https://github.com/strukturag/libde265/issues/298
+CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...)
+ NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
+CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...)
+ NOT-FOR-US: Entando Admin Console
+CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...)
+ NOT-FOR-US: Emote Interactive Remote Mouse on Windows
+CVE-2021-35447
+ RESERVED
+CVE-2021-35446
+ RESERVED
+CVE-2021-35445
+ RESERVED
+CVE-2021-35444
+ RESERVED
+CVE-2021-35443
+ RESERVED
+CVE-2021-35442
+ RESERVED
+CVE-2021-35441
+ RESERVED
+CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...)
+ NOT-FOR-US: Smashing
+CVE-2021-35439
+ RESERVED
+CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...)
+ - phpipam <itp> (bug #731713)
+ NOTE: https://github.com/phpipam/phpipam/issues/3351
+CVE-2021-35437
+ RESERVED
+CVE-2021-35436
+ RESERVED
+CVE-2021-35435
+ RESERVED
+CVE-2021-35434
+ RESERVED
+CVE-2021-35433
+ RESERVED
+CVE-2021-35432
+ RESERVED
+CVE-2021-35431
+ RESERVED
+CVE-2021-35430
+ RESERVED
+CVE-2021-35429
+ RESERVED
+CVE-2021-35428
+ RESERVED
+CVE-2021-35427
+ RESERVED
+CVE-2021-35426
+ RESERVED
+CVE-2021-35425
+ RESERVED
+CVE-2021-35424
+ RESERVED
+CVE-2021-35423
+ RESERVED
+CVE-2021-35422
+ RESERVED
+CVE-2021-35421
+ RESERVED
+CVE-2021-35420
+ RESERVED
+CVE-2021-35419
+ RESERVED
+CVE-2021-35418
+ RESERVED
+CVE-2021-35417
+ RESERVED
+CVE-2021-35416
+ RESERVED
+CVE-2021-35415 (A stored cross-site scripting (XSS) vulnerability allows attackers to ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35414 (Chamilo LMS v1.11.x was discovered to contain a SQL injection via the ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35413 (A remote code execution (RCE) vulnerability in course_intro_pdf_import ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35412
+ RESERVED
+CVE-2021-35411
+ RESERVED
+CVE-2021-35410
+ RESERVED
+CVE-2021-35409
+ RESERVED
+CVE-2021-35408
+ RESERVED
+CVE-2021-35407
+ RESERVED
+CVE-2021-35406
+ RESERVED
+CVE-2021-35405
+ RESERVED
+CVE-2021-35404
+ RESERVED
+CVE-2021-35403
+ RESERVED
+CVE-2021-35402
+ RESERVED
+CVE-2021-35401
+ RESERVED
+CVE-2021-35400
+ RESERVED
+CVE-2021-35399
+ RESERVED
+CVE-2021-35398
+ RESERVED
+CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon from 1. ...)
+ NOT-FOR-US: Drogon
+CVE-2021-35396
+ RESERVED
+CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web se ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic t ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35391
+ RESERVED
+CVE-2021-35390
+ RESERVED
+CVE-2021-35389
+ RESERVED
+CVE-2021-35388
+ RESERVED
+CVE-2021-35387
+ RESERVED
+CVE-2021-35386
+ RESERVED
+CVE-2021-35385
+ RESERVED
+CVE-2021-35384
+ RESERVED
+CVE-2021-35383
+ RESERVED
+CVE-2021-35382
+ RESERVED
+CVE-2021-35381
+ RESERVED
+CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...)
+ NOT-FOR-US: Solari di Udine TermTalk Server (TTServer)
+CVE-2021-35379
+ RESERVED
+CVE-2021-35378
+ RESERVED
+CVE-2021-35377
+ RESERVED
+CVE-2021-35376
+ RESERVED
+CVE-2021-35375
+ RESERVED
+CVE-2021-35374
+ RESERVED
+CVE-2021-35373
+ RESERVED
+CVE-2021-35372
+ RESERVED
+CVE-2021-35371
+ RESERVED
+CVE-2021-35370
+ RESERVED
+CVE-2021-35369
+ RESERVED
+CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ...)
+ - modsecurity-crs 3.3.2-1 (bug #992000)
+ [bullseye] - modsecurity-crs 3.3.0-1+deb11u1
+ [buster] - modsecurity-crs 3.1.0-1+deb10u2
+ [stretch] - modsecurity-crs <no-dsa> (Minor issue)
+ NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
+ NOTE: https://github.com/coreruleset/coreruleset/pull/2143
+ NOTE: https://github.com/coreruleset/coreruleset/commit/132c19c8f21c8cd4d3cd484d4f34ef786ee39b05 (v3.4-dev)
+ NOTE: Introduced by https://github.com/coreruleset/coreruleset/commit/b3995e5d332be9f2445ee91b6e1366440bdbe109 (v3.0.0-rc2)
+CVE-2021-35367
+ RESERVED
+CVE-2021-35366
+ RESERVED
+CVE-2021-35365
+ RESERVED
+CVE-2021-35364
+ RESERVED
+CVE-2021-35363
+ RESERVED
+CVE-2021-35362
+ RESERVED
+CVE-2021-35361 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/l ...)
+ NOT-FOR-US: dotCMS
+CVE-2021-35360 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/c ...)
+ NOT-FOR-US: dotCMS
+CVE-2021-35359
+ RESERVED
+CVE-2021-35358 (A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Im ...)
+ NOT-FOR-US: dotCMS
+CVE-2021-35357
+ RESERVED
+CVE-2021-35356
+ RESERVED
+CVE-2021-35355
+ RESERVED
+CVE-2021-35354
+ RESERVED
+CVE-2021-35353
+ RESERVED
+CVE-2021-35352
+ RESERVED
+CVE-2021-35351
+ RESERVED
+CVE-2021-35350
+ RESERVED
+CVE-2021-35349
+ RESERVED
+CVE-2021-35348
+ RESERVED
+CVE-2021-35347
+ RESERVED
+CVE-2021-35346 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-35345
+ RESERVED
+CVE-2021-35344 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...)
+ NOT-FOR-US: Northern.tech
+CVE-2021-35341
+ RESERVED
+CVE-2021-35340
+ RESERVED
+CVE-2021-35339
+ RESERVED
+CVE-2021-35338
+ RESERVED
+CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...)
+ NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System
+CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...)
+ NOT-FOR-US: Tieline IP Audio Gateway
+CVE-2021-35335
+ RESERVED
+CVE-2021-35334
+ RESERVED
+CVE-2021-35333
+ RESERVED
+CVE-2021-35332
+ RESERVED
+CVE-2021-35331 (** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehl ...)
+ - tcl8.6 <unfixed> (unimportant)
+ NOTE: https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2
+ NOTE: https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
+ NOTE: https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222
+ NOTE: https://sqlite.org/forum/info/7dcd751996c93ec9
+ NOTE: Various other sources would embedd a copy as well, but the security impact of
+ NOTE: the issue tself for tcl is disputed in its significance.
+CVE-2021-35330
+ RESERVED
+CVE-2021-35329
+ RESERVED
+CVE-2021-35328
+ RESERVED
+CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...)
+ NOT-FOR-US: TOTOLINK A720R A720R_Firmware
+CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...)
+ NOT-FOR-US: TOTOLINK A720R router firmware
+CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...)
+ NOT-FOR-US: TOTOLINK A720R A720R_Firmware
+CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...)
+ NOT-FOR-US: TOTOLINK A720R A720R_Firmware
+CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via t ...)
+ NOT-FOR-US: bludit
+CVE-2021-35322
+ RESERVED
+CVE-2021-35321
+ RESERVED
+CVE-2021-35320
+ RESERVED
+CVE-2021-35319
+ RESERVED
+CVE-2021-35318
+ RESERVED
+CVE-2021-35317
+ RESERVED
+CVE-2021-35316
+ RESERVED
+CVE-2021-35315
+ RESERVED
+CVE-2021-35314
+ RESERVED
+CVE-2021-35313
+ REJECTED
+CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...)
+ NOT-FOR-US: Amica Prodigy
+CVE-2021-35311
+ RESERVED
+CVE-2021-35310
+ RESERVED
+CVE-2021-35309
+ RESERVED
+CVE-2021-35308
+ RESERVED
+CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
+ NOT-FOR-US: Bento4
+CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
+ NOT-FOR-US: Bento4
+CVE-2021-35305
+ RESERVED
+CVE-2021-35304
+ RESERVED
+CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...)
+ NOT-FOR-US: Scalabium dBase Viewer
+CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...)
+ NOT-FOR-US: PTCL HG150-Ub
+CVE-2021-35295
+ RESERVED
+CVE-2021-35294
+ RESERVED
+CVE-2021-35293
+ RESERVED
+CVE-2021-35292
+ RESERVED
+CVE-2021-35291
+ RESERVED
+CVE-2021-35290
+ RESERVED
+CVE-2021-35289
+ RESERVED
+CVE-2021-35288
+ RESERVED
+CVE-2021-35287
+ RESERVED
+CVE-2021-35286
+ RESERVED
+CVE-2021-35285
+ RESERVED
+CVE-2021-35284
+ RESERVED
+CVE-2021-35283
+ RESERVED
+CVE-2021-35282
+ RESERVED
+CVE-2021-35281
+ RESERVED
+CVE-2021-35280
+ RESERVED
+CVE-2021-35279
+ RESERVED
+CVE-2021-35278
+ RESERVED
+CVE-2021-35277
+ RESERVED
+CVE-2021-35276
+ RESERVED
+CVE-2021-35275
+ RESERVED
+CVE-2021-35274
+ RESERVED
+CVE-2021-35273
+ RESERVED
+CVE-2021-35272
+ RESERVED
+CVE-2021-35271
+ RESERVED
+CVE-2021-35270
+ RESERVED
+CVE-2021-35269 (NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS attribu ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35268 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS inod ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35267 (NTFS-3G versions &lt; 2021.8.22, a stack buffer overflow can occur whe ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35266 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS inod ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...)
+ NOT-FOR-US: MaxSite CMS
+CVE-2021-35264
+ RESERVED
+CVE-2021-35263
+ RESERVED
+CVE-2021-35262
+ RESERVED
+CVE-2021-35261
+ RESERVED
+CVE-2021-35260
+ RESERVED
+CVE-2021-35259
+ RESERVED
+CVE-2021-35258
+ RESERVED
+CVE-2021-35257
+ RESERVED
+CVE-2021-35256
+ RESERVED
+CVE-2021-35255
+ RESERVED
+CVE-2021-35254
+ RESERVED
+CVE-2021-35253
+ RESERVED
+CVE-2021-35252
+ RESERVED
+CVE-2021-35251
+ RESERVED
+CVE-2021-35250
+ RESERVED
+CVE-2021-35249
+ RESERVED
+CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35246
+ RESERVED
+CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35241
+ RESERVED
+CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35239 (A security researcher found a user with Orion map manage rights could ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...)
+ NOT-FOR-US: Kiwi Syslog Server
+CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...)
+ NOT-FOR-US: Kiwi Syslog Server
+CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35233 (The HTTP TRACK &amp; TRACE methods were enabled in Kiwi Syslog Server ...)
+ NOT-FOR-US: Kiwi Syslog Server
+CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk product. ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
+ NOT-FOR-US: Kiwi Syslog Server Installation Wizard
+CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
+ NOT-FOR-US: Kiwi CatTools Installation Wizard
+CVE-2021-35229
+ RESERVED
+CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35226
+ RESERVED
+CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35224
+ RESERVED
+CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35222 (This vulnerability allows attackers to impersonate users and perform a ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35221 (Improper Access Control Tampering Vulnerability using ImportAlert func ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can lead to ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerabilit ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) vulnerability in th ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitra ...)
+ NOT-FOR-US: OpenVPN Connect
+CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar Invite com ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.1 ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
+ NOT-FOR-US: Gitpod
+CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...)
+ {DSA-4979-1 DLA-2779-1}
+ - mediawiki 1:1.35.3-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
+ NOTE: https://phabricator.wikimedia.org/T280226
+CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to ex ...)
+ - manuskript <unfixed> (bug #990366)
+ [bullseye] - manuskript <no-dsa> (Minor issue)
+ [buster] - manuskript <no-dsa> (Minor issue)
+ NOTE: https://github.com/olivierkes/manuskript/issues/891
+CVE-2021-35195
+ RESERVED
+CVE-2021-35194
+ RESERVED
+CVE-2021-35193 (Patterson Application Service in Patterson Eaglesoft 18 through 21 acc ...)
+ NOT-FOR-US: Patterson Eaglesoft
+CVE-2021-35192
+ RESERVED
+CVE-2021-35191
+ RESERVED
+CVE-2021-35190
+ RESERVED
+CVE-2021-35189
+ RESERVED
+CVE-2021-35188
+ RESERVED
+CVE-2021-35187
+ RESERVED
+CVE-2021-35186
+ RESERVED
+CVE-2021-35185
+ RESERVED
+CVE-2021-35184
+ RESERVED
+CVE-2021-35183
+ RESERVED
+CVE-2021-35182
+ RESERVED
+CVE-2021-35181
+ RESERVED
+CVE-2021-35180
+ RESERVED
+CVE-2021-35179
+ RESERVED
+CVE-2021-35178
+ RESERVED
+CVE-2021-35177
+ RESERVED
+CVE-2021-35176
+ RESERVED
+CVE-2021-35175
+ RESERVED
+CVE-2021-35174
+ RESERVED
+CVE-2021-35173
+ RESERVED
+CVE-2021-35172
+ RESERVED
+CVE-2021-35171
+ RESERVED
+CVE-2021-35170
+ RESERVED
+CVE-2021-35169
+ RESERVED
+CVE-2021-35168
+ RESERVED
+CVE-2021-35167
+ RESERVED
+CVE-2021-35166
+ RESERVED
+CVE-2021-35165
+ RESERVED
+CVE-2021-35164
+ RESERVED
+CVE-2021-35163
+ RESERVED
+CVE-2021-35162
+ RESERVED
+CVE-2021-35161
+ RESERVED
+CVE-2021-35160
+ RESERVED
+CVE-2021-35159
+ RESERVED
+CVE-2021-35158
+ RESERVED
+CVE-2021-35157
+ RESERVED
+CVE-2021-35156
+ RESERVED
+CVE-2021-35155
+ RESERVED
+CVE-2021-35154
+ RESERVED
+CVE-2021-35153
+ RESERVED
+CVE-2021-35152
+ RESERVED
+CVE-2021-35151
+ RESERVED
+CVE-2021-35150
+ RESERVED
+CVE-2021-35149
+ RESERVED
+CVE-2021-35148
+ RESERVED
+CVE-2021-35147
+ RESERVED
+CVE-2021-35146
+ RESERVED
+CVE-2021-35145
+ RESERVED
+CVE-2021-35144
+ RESERVED
+CVE-2021-35143
+ RESERVED
+CVE-2021-35142
+ RESERVED
+CVE-2021-35141
+ RESERVED
+CVE-2021-35140
+ RESERVED
+CVE-2021-35139
+ RESERVED
+CVE-2021-35138
+ RESERVED
+CVE-2021-35137
+ RESERVED
+CVE-2021-35136
+ RESERVED
+CVE-2021-35135
+ RESERVED
+CVE-2021-35134
+ RESERVED
+CVE-2021-35133
+ RESERVED
+CVE-2021-35132
+ RESERVED
+CVE-2021-35131
+ RESERVED
+CVE-2021-35130
+ RESERVED
+CVE-2021-35129
+ RESERVED
+CVE-2021-35128
+ RESERVED
+CVE-2021-35127
+ RESERVED
+CVE-2021-35126
+ RESERVED
+CVE-2021-35125
+ RESERVED
+CVE-2021-35124
+ RESERVED
+CVE-2021-35123
+ RESERVED
+CVE-2021-35122
+ RESERVED
+CVE-2021-35121
+ RESERVED
+CVE-2021-35120
+ RESERVED
+CVE-2021-35119
+ RESERVED
+CVE-2021-35118
+ RESERVED
+CVE-2021-35117
+ RESERVED
+CVE-2021-35116
+ RESERVED
+CVE-2021-35115
+ RESERVED
+CVE-2021-35114
+ RESERVED
+CVE-2021-35113
+ RESERVED
+CVE-2021-35112
+ RESERVED
+CVE-2021-35111
+ RESERVED
+CVE-2021-35110
+ RESERVED
+CVE-2021-35109
+ RESERVED
+CVE-2021-35108
+ RESERVED
+CVE-2021-35107
+ RESERVED
+CVE-2021-35106
+ RESERVED
+CVE-2021-35105
+ RESERVED
+CVE-2021-35104
+ RESERVED
+CVE-2021-35103
+ RESERVED
+CVE-2021-35102
+ RESERVED
+CVE-2021-35101
+ RESERVED
+CVE-2021-35100
+ RESERVED
+CVE-2021-35099
+ RESERVED
+CVE-2021-35098
+ RESERVED
+CVE-2021-35097
+ RESERVED
+CVE-2021-35096
+ RESERVED
+CVE-2021-35095
+ RESERVED
+CVE-2021-35094
+ RESERVED
+CVE-2021-35093 (Possible memory corruption in BT controller when it receives an oversi ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35092
+ RESERVED
+CVE-2021-35091
+ RESERVED
+CVE-2021-35090
+ RESERVED
+CVE-2021-35089
+ RESERVED
+CVE-2021-35088
+ RESERVED
+CVE-2021-35087
+ RESERVED
+CVE-2021-35086
+ RESERVED
+CVE-2021-35085
+ RESERVED
+CVE-2021-35084
+ RESERVED
+CVE-2021-35083
+ RESERVED
+CVE-2021-35082
+ RESERVED
+CVE-2021-35081
+ RESERVED
+CVE-2021-35080
+ RESERVED
+CVE-2021-35079
+ RESERVED
+CVE-2021-35078
+ RESERVED
+CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35076
+ RESERVED
+CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35073
+ RESERVED
+CVE-2021-35072
+ RESERVED
+CVE-2021-35071
+ RESERVED
+CVE-2021-35070
+ RESERVED
+CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...)
+ NOT-FOR-US: Meross MSG100 devices
+CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-3
+ [buster] - linux 4.19.208-1
+ NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
+CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...)
+ NOT-FOR-US: ConnectWise Automate
+CVE-2021-35065
+ RESERVED
+CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...)
+ NOT-FOR-US: KramerAV VIAWare
+CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." ...)
+ [experimental] - suricata 1:6.0.3-1~exp1
+ - suricata 1:6.0.1-3 (bug #990835)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489
+CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...)
+ NOT-FOR-US: DRK Odenwaldkreis Testerfassung
+CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...)
+ NOT-FOR-US: DRK Odenwaldkreis Testerfassung
+CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...)
+ NOT-FOR-US: OpenWay WAY4 ACS
+CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...)
+ NOT-FOR-US: OpenWay WAY4 ACS
+CVE-2021-35058
+ RESERVED
+CVE-2021-35057
+ RESERVED
+CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...)
+ NOT-FOR-US: Unisys
+CVE-2021-35055 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...)
+ NOT-FOR-US: Minecraft
+CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
+ RESERVED
+ - qemu <unfixed> (bug #990562)
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1907497
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542
+ NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0)
+ NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-philmd@redhat.com/
+CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
+ RESERVED
+ - imagemagick <not-affected> (Specific to Imagemagick 7)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
+CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...)
+ NOT-FOR-US: Kaspersky
+CVE-2021-35052 (A component in Kaspersky Password Manager could allow an attacker to e ...)
+ NOT-FOR-US: Kaspersky
+CVE-2021-35051
+ RESERVED
+CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-35044
+ RESERVED
+CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...)
+ NOT-FOR-US: OWASP AntiSamy
+CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...)
+ - python-django <not-affected> (Vulnerable code introduced in 3.1)
+ NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
+ NOTE: Issue did affect only the experimental version and fixed in 2:3.2.5-1
+CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...)
+ NOT-FOR-US: FISCO-BCOS
+CVE-2021-3609
+ RESERVED
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
+ - linux 5.10.46-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1
+CVE-2021-35040
+ RESERVED
+CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...)
+ {DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3
+ NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75
+CVE-2021-35038
+ RESERVED
+CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-35036
+ RESERVED
+CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35028 (A command injection vulnerability in the CGI program of the Zyxel VPN2 ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35027 (A directory traversal vulnerability in the web server of the Zyxel VPN ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35026
+ RESERVED
+CVE-2021-35025
+ RESERVED
+CVE-2021-35024
+ RESERVED
+CVE-2021-35023
+ RESERVED
+CVE-2021-35022
+ RESERVED
+CVE-2021-35021
+ RESERVED
+CVE-2021-35020
+ RESERVED
+CVE-2021-35019
+ RESERVED
+CVE-2021-35018
+ RESERVED
+CVE-2021-35017
+ RESERVED
+CVE-2021-35016
+ RESERVED
+CVE-2021-35015
+ RESERVED
+CVE-2021-35014
+ RESERVED
+CVE-2021-35013
+ RESERVED
+CVE-2021-35012
+ RESERVED
+CVE-2021-35011
+ RESERVED
+CVE-2021-35010
+ RESERVED
+CVE-2021-35009
+ RESERVED
+CVE-2021-35008
+ RESERVED
+CVE-2021-35007
+ RESERVED
+CVE-2021-35006
+ RESERVED
+CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-35002
+ RESERVED
+CVE-2021-35001
+ RESERVED
+CVE-2021-35000
+ RESERVED
+CVE-2021-34999
+ RESERVED
+CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Panda Security Free Antivirus
+CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34996 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34995 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34994 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34993 (This vulnerability allows remote attackers to bypass authentication on ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Orckestra C1 CMS
+CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34990
+ RESERVED
+CVE-2021-34989
+ RESERVED
+CVE-2021-34988
+ RESERVED
+CVE-2021-34987
+ RESERVED
+CVE-2021-34986
+ RESERVED
+CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley ContextCapture
+CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley ContextCapture
+CVE-2021-34983
+ RESERVED
+CVE-2021-34982
+ RESERVED
+CVE-2021-34981 [Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability]
+ RESERVED
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
+ NOTE: https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1)
+CVE-2021-34980 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34979 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34976
+ RESERVED
+CVE-2021-34975
+ RESERVED
+CVE-2021-34974
+ RESERVED
+CVE-2021-34973
+ RESERVED
+CVE-2021-34972
+ RESERVED
+CVE-2021-34971
+ RESERVED
+CVE-2021-34970
+ RESERVED
+CVE-2021-34969
+ RESERVED
+CVE-2021-34968
+ RESERVED
+CVE-2021-34967
+ RESERVED
+CVE-2021-34966
+ RESERVED
+CVE-2021-34965
+ RESERVED
+CVE-2021-34964
+ RESERVED
+CVE-2021-34963
+ RESERVED
+CVE-2021-34962
+ RESERVED
+CVE-2021-34961
+ RESERVED
+CVE-2021-34960
+ RESERVED
+CVE-2021-34959
+ RESERVED
+CVE-2021-34958
+ RESERVED
+CVE-2021-34957
+ RESERVED
+CVE-2021-34956
+ RESERVED
+CVE-2021-34955
+ RESERVED
+CVE-2021-34954
+ RESERVED
+CVE-2021-34953
+ RESERVED
+CVE-2021-34952
+ RESERVED
+CVE-2021-34951
+ RESERVED
+CVE-2021-34950
+ RESERVED
+CVE-2021-34949
+ RESERVED
+CVE-2021-34948
+ RESERVED
+CVE-2021-34947
+ RESERVED
+CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34944 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34943 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34942 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34941 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34940 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34939 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34938 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34937 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34936 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34935 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34934 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34933 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34932 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34931 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34930 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34929 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34928 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34927 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34926 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34925 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34924 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34923 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34922 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34921 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34920 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34919 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34918 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34917 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34916 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34913 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34912 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34911 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34910 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34909 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34906 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34905 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34904 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34903 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34902 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34901 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34900 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34899 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34898 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34897 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34896 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34895 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34894 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34893 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34892 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34891 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34890 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34889 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34888 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34887 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34886 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34884 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34882 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34881 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34879 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34877 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34876 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34875 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34874 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34873 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
+CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
+ RESERVED
+ - qemu 1:5.2+dfsg-11 (bug #990563)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3
+CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()]
+ RESERVED
+ - qemu 1:5.2+dfsg-11 (bug #990564)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
+CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...)
+ - openvpn <not-affected> (Windows-specific)
+CVE-2021-34826
+ RESERVED
+CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...)
+ - quassel 1:0.14.0-1 (bug #990567)
+ [bullseye] - quassel <no-dsa> (Minor issue)
+ [buster] - quassel <no-dsa> (Minor issue)
+ [stretch] - quassel <no-dsa> (Minor issue)
+ NOTE: https://github.com/quassel/quassel/pull/581
+ NOTE: https://bugs.quassel-irc.org/issues/1728
+ NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43
+CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...)
+ NOT-FOR-US: Istio
+CVE-2021-34823 (The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 fo ...)
+ NOT-FOR-US: ON24 ScreenShare
+CVE-2021-34822
+ RESERVED
+CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...)
+ NOT-FOR-US: AAT Novus Management System
+CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...)
+ NOT-FOR-US: Novus HTTP Server
+CVE-2021-34819
+ RESERVED
+CVE-2021-34818
+ RESERVED
+CVE-2021-34817 (A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1 ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2021-34816 (An Argument Injection issue in the plugin management of Etherpad 1.8.1 ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...)
+ NOT-FOR-US: CheckSec Canopy
+CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
+ [experimental] - olm 3.2.3~dfsg-1
+ - olm 3.2.3~dfsg-3 (bug #989997)
+ [bullseye] - olm <no-dsa> (Minor issue)
+ [buster] - olm <no-dsa> (Minor issue)
+ NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b
+ NOTE: https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3
+ NOTE: https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm
+CVE-2021-34812 (Use of hard-coded credentials vulnerability in php component in Synolo ...)
+ NOT-FOR-US: Synology
+CVE-2021-34811 (Server-Side Request Forgery (SSRF) vulnerability in task management co ...)
+ NOT-FOR-US: Synology
+CVE-2021-34810 (Improper privilege management vulnerability in cgi component in Synolo ...)
+ NOT-FOR-US: Synology
+CVE-2021-34809 (Improper neutralization of special elements used in a command ('Comman ...)
+ NOT-FOR-US: Synology
+CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi component in S ...)
+ NOT-FOR-US: Synology
+CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-34806
+ RESERVED
+CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...)
+ NOT-FOR-US: FAUST iServer
+CVE-2021-34804
+ RESERVED
+CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-34802 (A failure in resetting the security context in some transaction action ...)
+ NOT-FOR-US: Neo4j
+CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...)
+ NOT-FOR-US: Valine
+CVE-2021-34800 (Sensitive information could be logged. The following products are affe ...)
+ NOT-FOR-US: Acronis
+CVE-2021-34799
+ RESERVED
+CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...)
+ {DSA-4982-1 DLA-2776-1}
+ - apache2 2.4.49-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798
+ NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1)
+CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
+ NOT-FOR-US: Secure 8 (Evalos)
+CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...)
+ NOT-FOR-US: Apache Geode
+CVE-2021-34796
+ RESERVED
+CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive Security Ap ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule processing ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34784 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34781 (A vulnerability in the processing of SSH connections for multi-instanc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34778 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34777 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34776 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34774 (A vulnerability in the web-based management interface of Cisco Common ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34773 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco Orbital ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On-Prem ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD) Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco TelePre ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence Collabo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34753
+ RESERVED
+CVE-2021-34752
+ RESERVED
+CVE-2021-34751
+ RESERVED
+CVE-2021-34750
+ RESERVED
+CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34747
+ RESERVED
+CVE-2021-34746 (A vulnerability in the TACACS+ authentication, authorization and accou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows could allow ...)
+ NOT-FOR-US: .NET Agent for Windows
+CVE-2021-34744 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34743 (A vulnerability in the application integration feature of Cisco Webex ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34741 (A vulnerability in the email scanning algorithm of Cisco AsyncOS softw ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34739 (A vulnerability in the web-based management interface of multiple Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34736 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34735 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco Prime C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34731 (A vulnerability in the web-based management interface of Cisco Prime A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco IOS XE ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34720 (A vulnerability in the IP Service Level Agreements (IP SLA) responder ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34719 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34718 (A vulnerability in the SSH Server process of Cisco IOS XR Software cou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34717
+ RESERVED
+CVE-2021-34716 (A vulnerability in the web-based management interface of Cisco Express ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34715 (A vulnerability in the image verification function of Cisco Expressway ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR Software runn ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34711 (A vulnerability in the debug shell of Cisco IP Phone software could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34710 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34709 (Multiple vulnerabilities in image verification checks of Cisco Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34708 (Multiple vulnerabilities in image verification checks of Cisco Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34701 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34698 (A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Se ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of Servic ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...)
+ {DLA-2732-1}
+ - openexr 2.5.7-1 (bug #990899)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283 (v2.5)
+ NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if'
+CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...)
+ - libphp-phpmailer <unfixed> (bug #991666)
+ [bullseye] - libphp-phpmailer <no-dsa> (Minor issue)
+ [buster] - libphp-phpmailer <no-dsa> (Minor issue)
+ [stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA)
+ NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
+ NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0)
+CVE-2021-3602 [Host environment variables leaked in build container when using chroot isolation]
+ RESERVED
+ - golang-github-containers-buildah <unfixed>
+ [bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue)
+ NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
+ NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main)
+ NOTE: https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21)
+ NOTE: https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19)
+CVE-2021-34695
+ RESERVED
+CVE-2021-34694
+ RESERVED
+CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...)
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
+ - linux 5.10.46-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1
+ NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
+ NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
+CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-3601
+ RESERVED
+ - openssl1.0 <removed>
+ [stretch] - openssl1.0 <ignored> (Minor issue, upstream does not want to change the behavior in this old version)
+ - openssl 1.1.0b-2
+ NOTE: Only affects 1.0.2
+ NOTE: https://github.com/openssl/openssl/issues/5236
+CVE-2021-34686
+ RESERVED
+CVE-2021-34685 (UploadService in Hitachi Vantara Pentaho Business Analytics through 9. ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-34684 (Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unaut ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...)
+ NOT-FOR-US: EXCELLENT INFOTEK CORPORATION
+CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...)
+ NOT-FOR-US: Receita Federal IRPF 2021 1.7
+CVE-2021-3600
+ RESERVED
+ {DLA-2785-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1
+CVE-2021-3599 (A potential vulnerability in the SMI callback function used to access ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-34681
+ RESERVED
+CVE-2021-34680
+ RESERVED
+CVE-2021-34679 (Thycotic Password Reset Server before 5.3.0 allows credential disclosu ...)
+ NOT-FOR-US: Thycotic Password Reset Server
+CVE-2021-34678
+ RESERVED
+CVE-2021-34677
+ RESERVED
+CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...)
+ NOT-FOR-US: Basix NEX-Forms
+CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...)
+ NOT-FOR-US: Basix NEX-Forms
+CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...)
+ {DLA-2701-1}
+ - openexr 2.5.7-1 (bug #990450)
+ [bullseye] - openexr <no-dsa> (Minor issue)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5)
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
+CVE-2021-3597
+ RESERVED
+ - undertow <unfixed> (bug #989861)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930
+CVE-2021-34674
+ RESERVED
+CVE-2021-34673
+ RESERVED
+CVE-2021-34672
+ RESERVED
+CVE-2021-34671
+ RESERVED
+CVE-2021-34670
+ RESERVED
+CVE-2021-34669
+ RESERVED
+CVE-2021-34668 (The WordPress Real Media Library WordPress plugin is vulnerable to Sto ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34662
+ RESERVED
+CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34655 (The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34650 (The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary email send ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive informatio ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34645 (The Shopping Cart &amp; eCommerce Store WordPress plugin is vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scrip ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager &lt;= 3.1.24 a ...)
+ NOT-FOR-US: WordPress Download Manager
+CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager &lt;= ...)
+ NOT-FOR-US: WordPress Download Manager
+CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate &lt; 2.8.65, the gtra ...)
+ NOT-FOR-US: GTranslate (Pro and Enterprise versions)
+CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34628 (The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Re ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP Upload Restri ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34624 (A vulnerability in the file uploader component found in the ~/src/Clas ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34623 (A vulnerability in the image uploader component found in the ~/src/Cla ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34622 (A vulnerability in the user profile update component found in the ~/sr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34621 (A vulnerability in the user registration component found in the ~/src/ ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34620 (The WP Fluent Forms plugin &lt; 3.6.67 for WordPress is vulnerable to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34616 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34615 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34613 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34612 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34608
+ RESERVED
+CVE-2021-34607
+ RESERVED
+CVE-2021-34606
+ RESERVED
+CVE-2021-34605
+ RESERVED
+CVE-2021-34604
+ RESERVED
+CVE-2021-34603
+ RESERVED
+CVE-2021-34602
+ RESERVED
+CVE-2021-34601
+ RESERVED
+CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
+ NOT-FOR-US: Telenot CompasX
+CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...)
+ NOT-FOR-US: Phoenix Contact
+CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before ...)
+ NOT-FOR-US: TwinCAT OPC UA Server in TF6100 and TS6100
+CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34592
+ RESERVED
+CVE-2021-34591
+ RESERVED
+CVE-2021-34590
+ RESERVED
+CVE-2021-34589
+ RESERVED
+CVE-2021-34588
+ RESERVED
+CVE-2021-34587
+ RESERVED
+CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34582 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: WAGO
+CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 &lt;= 2.9.0 an unauthenticated user can ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-34579
+ RESERVED
+CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...)
+ NOT-FOR-US: WAGO
+CVE-2021-34577
+ RESERVED
+CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...)
+ NOT-FOR-US: Kaden PICOFLUX Air
+CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions &lt;= 2.8.0 ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions &lt;= 2.8.0 ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...)
+ NOT-FOR-US: Enbra EWM
+CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sent by w ...)
+ NOT-FOR-US: Enbra EWM
+CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...)
+ NOT-FOR-US: Enbra
+CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to ...)
+ NOT-FOR-US: Phoenix Contact PLCnext control devices
+CVE-2021-34569
+ RESERVED
+CVE-2021-34568
+ RESERVED
+CVE-2021-34567
+ RESERVED
+CVE-2021-34566
+ RESERVED
+CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly att ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject a ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 serious issue exists ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.9 a form contains a pa ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 a vulnerability may ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c]
+ RESERVED
+ - imagemagick 8:6.9.11.57+dfsg-1
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b
+CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ {DLA-2753-1}
+ - libslirp 4.6.1-1 (bug #989996)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ {DLA-2753-1}
+ - libslirp 4.6.1-1 (bug #989995)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ - libslirp 4.6.1-1 (bug #989994)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ - libslirp 4.6.1-1 (bug #989993)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <ignored> (Introduces a regression. See Debian bug #994080)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+ NOTE: The patch introduced a regression, see Debian bug #994080 for more information.
+CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...)
+ - golang-1.16 1.16.6-1
+ - golang-1.15 1.15.9-6
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ NOTE: https://github.com/golang/go/issues/47143
+ NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x)
+ NOTE: key_agreement.go also bundled in various other packages
+CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+ {DLA-2785-1}
+ - linux 5.10.46-4
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
+CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...)
+ - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001)
+ [buster] - opendmarc <not-affected> (Vulnerable code not present)
+ [stretch] - opendmarc <not-affected> (Vulnerable code (multi-value-From:) introduced later)
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/179
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/178
+CVE-2021-34554
+ RESERVED
+CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...)
+ {DLA-2716-1}
+ - pillow 8.1.2+dfsg-0.3 (bug #991293)
+ [buster] - pillow <no-dsa> (Minor issue, mitigated by FORTIFY_SOURCE)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
+ NOTE: https://github.com/python-pillow/Pillow/pull/5567
+ NOTE: https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f (8.3.0)
+CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...)
+ - libphp-phpmailer <not-affected> (Windows-specific)
+CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...)
+ {DSA-4932-1}
+ - tor 0.4.5.9-1 (bug #990000)
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2041
+CVE-2021-34549 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Has ...)
+ {DSA-4932-1}
+ - tor 0.4.5.9-1 (bug #990000)
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2041
+CVE-2021-34548 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An ...)
+ {DSA-4932-1}
+ - tor 0.4.5.9-1 (bug #990000)
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2041
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40389
+CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...)
+ NOT-FOR-US: PRTG Network Monitor
+CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...)
+ NOT-FOR-US: NetSetMan Pro
+CVE-2021-34545
+ RESERVED
+CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...)
+ NOT-FOR-US: Solar-Log
+CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...)
+ NOT-FOR-US: Solar-Log
+CVE-2021-34542
+ RESERVED
+CVE-2021-34541
+ RESERVED
+CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...)
+ NOT-FOR-US: CubeCoders AMP
+CVE-2021-34538
+ RESERVED
+CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34531
+ RESERVED
+CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34527 (Windows Print Spooler Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34526
+ RESERVED
+CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34521 (Raw Image Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34520 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34519 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34518 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34517 (Microsoft SharePoint Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34516 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34515
+ RESERVED
+CVE-2021-34514 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34513 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34512 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34511 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34510 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34509 (Storage Spaces Controller Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34506
+ RESERVED
+CVE-2021-34505
+ RESERVED
+CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34503 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34502
+ RESERVED
+CVE-2021-34501 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34500 (Windows Kernel Memory Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34499 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34498 (Windows GDI Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34497 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34496 (Windows GDI Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34495
+ RESERVED
+CVE-2021-34494 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34493 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34492 (Windows Certificate Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34491 (Win32k Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34490 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34482
+ RESERVED
+CVE-2021-34481 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34475
+ RESERVED
+CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34472
+ RESERVED
+CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34468 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34467 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34466 (Windows Hello Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34465
+ RESERVED
+CVE-2021-34464 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34463
+ RESERVED
+CVE-2021-34462 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34461 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34460 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34459 (Windows AppContainer Elevation Of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34458 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34457 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34456 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34450 (Windows Hyper-V Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34448 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34447 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34446 (Windows HTML Platforms Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34445 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34444 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34443
+ RESERVED
+CVE-2021-34442 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34441 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34440 (GDI+ Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34439 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-3591
+ REJECTED
+CVE-2021-3590
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-3589
+ RESERVED
+ NOT-FOR-US: Foreman Ansible
+CVE-2021-34437
+ RESERVED
+CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
+ - mosquitto <unfixed> (bug #993400)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324
+CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...)
+ NOT-FOR-US: Eclipse Californium
+CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...)
+ - mosquitto 2.0.8-1
+ [buster] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x)
+ [stretch] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x)
+ NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
+CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...)
+ - mosquitto 2.0.11-1
+ [bullseye] - mosquitto <no-dsa> (Minor issue)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+ NOTE: https://mosquitto.org/blog/2021/06/version-2-0-11-released/
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191
+CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...)
+ NOT-FOR-US: Eclipse TinyDTLS
+CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 &amp; 11.0.1-1 ...)
+ - jetty9 9.4.39-3 (bug #991188)
+ [buster] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37)
+ [stretch] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
+ NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477
+CVE-2021-34428 (For Eclipse Jetty versions &lt;= 9.4.40, &lt;= 10.0.2, &lt;= 11.0.2, i ...)
+ {DSA-4949-1}
+ - jetty9 9.4.39-2 (bug #990578)
+ [stretch] - jetty9 <not-affected> (vulnerable code is not present)
+ - jetty8 <removed>
+ - jetty <removed>
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
+ NOTE: https://github.com/eclipse/jetty.project/issues/6277
+ NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x)
+CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...)
+ NOT-FOR-US: Eclipse BIRT
+CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for Windows befor ...)
+ NOT-FOR-US: Keybase Client for Windows
+CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, L ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...)
+ NOT-FOR-US: Keybase Client for Windows
+CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...)
+ NOT-FOR-US: Keybase Client for Android and iOS
+CVE-2021-34420 (The Zoom Client for Meetings for Windows installer before version 5.5. ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows installer
+CVE-2021-34419 (In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, ...)
+ NOT-FOR-US: Zoom Client for Meetings for Ubuntu Linux
+CVE-2021-34418 (The login routine of the web console in the Zoom On-Premise Meeting Co ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34417 (The network proxy page on the web portal for the Zoom On-Premise Meeti ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...)
+ NOT-FOR-US: Zoom on-premise Meeting Connector
+CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...)
+ NOT-FOR-US: Zoom On-Premise Meeting Connector Controller
+CVE-2021-34414 (The network proxy page on the web portal for the Zoom on-premise Meeti ...)
+ NOT-FOR-US: Zoom On-Premise Meeting Connector Controller
+CVE-2021-34413 (All versions of the Zoom Plugin for Microsoft Outlook for MacOS before ...)
+ NOT-FOR-US: Zoom Plugin for Microsoft Outlook for MacOS
+CVE-2021-34412 (During the installation process for all versions of the Zoom Client fo ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows
+CVE-2021-34411 (During the installation process forZoom Rooms for Conference Room for ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...)
+ NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
+CVE-2021-34409 (It was discovered that the installation packages of the Zoom Client fo ...)
+ NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
+CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows
+CVE-2021-34407
+ REJECTED
+CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone&#8217; ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34395 (Trusty TLK contains a vulnerability in its access permission settings ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34394 (Trusty contains a vulnerability in the NVIDIA OTE protocol that is pre ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34393 (Trusty contains a vulnerability in TSEC TA which deserializes the inco ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34392 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34391 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34390 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34389 (Trusty contains a vulnerability in NVIDIA OTE protocol message parsing ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34388 (Bootloader contains a vulnerability in NVIDIA TegraBoot where a potent ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34387 (The ARM TrustZone Technology on which Trusty is based on contains a vu ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34386 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34385 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...)
+ NOT-FOR-US: Trusty TLK (NVIDIA)
+CVE-2021-34384 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34383 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34382 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel&#8217;s t ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34381 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34380 (Bootloader contains a vulnerability in NVIDIA MB2 where potential heap ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34379 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34378 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34377 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34376 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34375 (Trusty contains a vulnerability in all trusted applications (TAs) wher ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34374 (Trusty contains a vulnerability in command handlers where the length o ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVID ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...)
+ NOT-FOR-US: Neo4j
+CVE-2021-34370 (** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/lo ...)
+ NOT-FOR-US: Accela Civic Platform
+CVE-2021-34369 (** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civi ...)
+ NOT-FOR-US: Accela Civic Platform
+CVE-2021-34368
+ REJECTED
+CVE-2021-34367
+ REJECTED
+CVE-2021-34366
+ REJECTED
+CVE-2021-34365
+ REJECTED
+CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...)
+ NOT-FOR-US: Refined GitHub browser extension
+CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...)
+ - thefuck 3.29-0.3 (bug #989989)
+ [buster] - thefuck <no-dsa> (Minor issue)
+ [stretch] - thefuck <no-dsa> (Minor issue)
+ NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31)
+ NOTE: https://github.com/nvbn/thefuck/pull/1206
+CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34361
+ RESERVED
+CVE-2021-34360
+ RESERVED
+CVE-2021-34359
+ RESERVED
+CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34353
+ RESERVED
+CVE-2021-34352 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34350
+ RESERVED
+CVE-2021-34349 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34348 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34347
+ RESERVED
+CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...)
+ - bluez 5.55-3.1 (bug #989700)
+ [buster] - bluez <not-affected> (Vulnerable code introduced later)
+ [stretch] - bluez <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/bluez/bluez/issues/70
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (5.56)
+CVE-2021-34342
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/205
+CVE-2021-34341
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/204
+CVE-2021-34340
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/203
+CVE-2021-34339
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/202
+CVE-2021-34338
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/201
+CVE-2021-34337 [password checking timing attack in administrative REST API]
+ RESERVED
+ - mailman3 <unfixed> (bug #1004934)
+ [bullseye] - mailman3 <no-dsa> (Minor issue)
+ [buster] - mailman3 <no-dsa> (Minor issue; will be fixed via point release)
+ NOTE: Fixed by: https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 (3.3.5b1)
+CVE-2021-34336
+ RESERVED
+CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #992707)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
+ NOTE: https://github.com/Exiv2/exiv2/pull/1750
+CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #992706)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
+ NOTE: https://github.com/Exiv2/exiv2/pull/1766
+CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-3586
+ RESERVED
+ NOT-FOR-US: Maistra
+CVE-2021-3585
+ RESERVED
+ - tripleo-heat-templates <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247
+CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...)
+ - ansible <unfixed>
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
+ NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch
+CVE-2021-34290
+ RESERVED
+CVE-2021-34289
+ RESERVED
+CVE-2021-34288
+ RESERVED
+CVE-2021-34287
+ RESERVED
+CVE-2021-34286
+ RESERVED
+CVE-2021-34285
+ RESERVED
+CVE-2021-34284
+ RESERVED
+CVE-2021-34283
+ RESERVED
+CVE-2021-34282
+ RESERVED
+CVE-2021-34281
+ RESERVED
+CVE-2021-34280 (Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer ...)
+ NOT-FOR-US: Polaris Office
+CVE-2021-34279
+ RESERVED
+CVE-2021-34278
+ RESERVED
+CVE-2021-34277
+ RESERVED
+CVE-2021-34276
+ RESERVED
+CVE-2021-34275
+ RESERVED
+CVE-2021-34274
+ RESERVED
+CVE-2021-34273 (A security flaw in the 'owned' function of a smart contract implementa ...)
+ NOT-FOR-US: BTC2X
+CVE-2021-34272 (A security flaw in the 'owned' function of a smart contract implementa ...)
+ NOT-FOR-US: RobotCoin
+CVE-2021-34271
+ RESERVED
+CVE-2021-34270 (An integer overflow in the mintToken function of a smart contract impl ...)
+ NOT-FOR-US: Doftcoin
+CVE-2021-34269
+ RESERVED
+CVE-2021-34268 (An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34267 (An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM3 ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34266
+ RESERVED
+CVE-2021-34265
+ RESERVED
+CVE-2021-34264
+ RESERVED
+CVE-2021-34263
+ RESERVED
+CVE-2021-34262 (A buffer overflow vulnerability in the USBH_ParseEPDesc() function of ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34261 (An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middle ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34260 (A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() funct ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34258
+ RESERVED
+CVE-2021-34257
+ RESERVED
+CVE-2021-34256
+ RESERVED
+CVE-2021-34255
+ RESERVED
+CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2021-34253
+ RESERVED
+CVE-2021-34252
+ RESERVED
+CVE-2021-34251
+ RESERVED
+CVE-2021-34250
+ RESERVED
+CVE-2021-34249
+ RESERVED
+CVE-2021-34248
+ RESERVED
+CVE-2021-34247
+ RESERVED
+CVE-2021-34246
+ RESERVED
+CVE-2021-34245
+ RESERVED
+CVE-2021-34244 (A cross site request forgery (CSRF) vulnerability was discovered in Ic ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-34243 (A stored cross site scripting (XSS) vulnerability was discovered in Ic ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-34242
+ RESERVED
+CVE-2021-34241
+ RESERVED
+CVE-2021-34240
+ RESERVED
+CVE-2021-34239
+ RESERVED
+CVE-2021-34238
+ RESERVED
+CVE-2021-34237
+ RESERVED
+CVE-2021-34236
+ RESERVED
+CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...)
+ NOT-FOR-US: Tokheim Profleet DiaLOG
+CVE-2021-34234
+ RESERVED
+CVE-2021-34233
+ RESERVED
+CVE-2021-34232
+ RESERVED
+CVE-2021-34231
+ RESERVED
+CVE-2021-34230
+ RESERVED
+CVE-2021-34229
+ RESERVED
+CVE-2021-34228 (Cross-site scripting in parent_control.htm in TOTOLINK A3002R version ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34227
+ RESERVED
+CVE-2021-34226
+ RESERVED
+CVE-2021-34225
+ RESERVED
+CVE-2021-34224
+ RESERVED
+CVE-2021-34223 (Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1. ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34222
+ RESERVED
+CVE-2021-34221
+ RESERVED
+CVE-2021-34220 (Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1. ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34219
+ RESERVED
+CVE-2021-34218 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34217
+ RESERVED
+CVE-2021-34216
+ RESERVED
+CVE-2021-34215 (Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34214
+ RESERVED
+CVE-2021-34213
+ RESERVED
+CVE-2021-34212
+ RESERVED
+CVE-2021-34211
+ RESERVED
+CVE-2021-34210
+ RESERVED
+CVE-2021-34209
+ RESERVED
+CVE-2021-34208
+ RESERVED
+CVE-2021-34207 (Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34206
+ RESERVED
+CVE-2021-34205
+ RESERVED
+CVE-2021-34204 (D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Cre ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34201 (D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34200
+ RESERVED
+CVE-2021-34199
+ RESERVED
+CVE-2021-34198
+ RESERVED
+CVE-2021-34197
+ RESERVED
+CVE-2021-34196
+ RESERVED
+CVE-2021-34195
+ RESERVED
+CVE-2021-34194
+ RESERVED
+CVE-2021-34193
+ RESERVED
+CVE-2021-34192
+ RESERVED
+CVE-2021-34191
+ RESERVED
+CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...)
+ NOT-FOR-US: Issabel PBX
+CVE-2021-34189
+ RESERVED
+CVE-2021-34188
+ RESERVED
+CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-34186
+ RESERVED
+CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...)
+ NOT-FOR-US: Miniaudio
+CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...)
+ NOT-FOR-US: Miniaudio
+CVE-2021-34183
+ REJECTED
+CVE-2021-34182
+ RESERVED
+CVE-2021-34181
+ RESERVED
+CVE-2021-34180
+ RESERVED
+CVE-2021-34179
+ RESERVED
+CVE-2021-34178
+ RESERVED
+CVE-2021-34177
+ RESERVED
+CVE-2021-34176
+ RESERVED
+CVE-2021-34175
+ RESERVED
+CVE-2021-34174 (A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wir ...)
+ NOT-FOR-US: Broadcom
+CVE-2021-34173 (An attacker can cause a Denial of Service and kernel panic in v4.2 and ...)
+ NOT-FOR-US: Espressif
+CVE-2021-34172
+ RESERVED
+CVE-2021-34171
+ RESERVED
+CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote attackers to ex ...)
+ NOT-FOR-US: Bandai
+CVE-2021-34169
+ RESERVED
+CVE-2021-34168
+ RESERVED
+CVE-2021-34167
+ RESERVED
+CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-34164
+ RESERVED
+CVE-2021-34163
+ RESERVED
+CVE-2021-34162
+ RESERVED
+CVE-2021-34161
+ RESERVED
+CVE-2021-34160
+ RESERVED
+CVE-2021-34159
+ RESERVED
+CVE-2021-34158
+ RESERVED
+CVE-2021-34157
+ RESERVED
+CVE-2021-34156
+ RESERVED
+CVE-2021-34155
+ RESERVED
+CVE-2021-34154
+ RESERVED
+CVE-2021-34153
+ RESERVED
+CVE-2021-34152
+ RESERVED
+CVE-2021-34151
+ RESERVED
+CVE-2021-34150 (The Bluetooth Classic implementation on Bluetrum AB5301A devices with ...)
+ NOT-FOR-US: Bluetrum
+CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC256XCQ ...)
+ NOT-FOR-US: Texas Instruments CC256XCQFN-EM
+CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_ ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-34142
+ RESERVED
+CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/18993
+ NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0)
+CVE-2021-34140
+ RESERVED
+CVE-2021-34139
+ RESERVED
+CVE-2021-34138
+ RESERVED
+CVE-2021-34137
+ RESERVED
+CVE-2021-34136
+ RESERVED
+CVE-2021-34135
+ RESERVED
+CVE-2021-34134
+ RESERVED
+CVE-2021-34133
+ RESERVED
+CVE-2021-34132
+ RESERVED
+CVE-2021-34131
+ RESERVED
+CVE-2021-34130
+ RESERVED
+CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary f ...)
+ NOT-FOR-US: LaikeTui
+CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary ...)
+ NOT-FOR-US: LaikeTui
+CVE-2021-34127
+ RESERVED
+CVE-2021-34126
+ RESERVED
+CVE-2021-34125
+ RESERVED
+CVE-2021-34124
+ RESERVED
+CVE-2021-34123
+ RESERVED
+CVE-2021-34122
+ RESERVED
+CVE-2021-34121
+ RESERVED
+CVE-2021-34120
+ RESERVED
+CVE-2021-34119
+ RESERVED
+CVE-2021-34118
+ RESERVED
+CVE-2021-34117
+ RESERVED
+CVE-2021-34116
+ RESERVED
+CVE-2021-34115
+ RESERVED
+CVE-2021-34114
+ RESERVED
+CVE-2021-34113
+ RESERVED
+CVE-2021-34112
+ RESERVED
+CVE-2021-34111
+ RESERVED
+CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...)
+ NOT-FOR-US: WinWaste.NET
+CVE-2021-34109
+ RESERVED
+CVE-2021-34108
+ RESERVED
+CVE-2021-34107
+ RESERVED
+CVE-2021-34106
+ RESERVED
+CVE-2021-34105
+ RESERVED
+CVE-2021-34104
+ RESERVED
+CVE-2021-34103
+ RESERVED
+CVE-2021-34102
+ RESERVED
+CVE-2021-34101
+ RESERVED
+CVE-2021-34100
+ RESERVED
+CVE-2021-34099
+ RESERVED
+CVE-2021-34098
+ RESERVED
+CVE-2021-34097
+ RESERVED
+CVE-2021-34096
+ RESERVED
+CVE-2021-34095
+ RESERVED
+CVE-2021-34094
+ RESERVED
+CVE-2021-34093
+ RESERVED
+CVE-2021-34092
+ RESERVED
+CVE-2021-34091
+ RESERVED
+CVE-2021-34090
+ RESERVED
+CVE-2021-34089
+ RESERVED
+CVE-2021-34088
+ RESERVED
+CVE-2021-34087 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...)
+ NOT-FOR-US: Ultimaker
+CVE-2021-34086 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...)
+ NOT-FOR-US: Ultimaker
+CVE-2021-34085
+ RESERVED
+CVE-2021-34084
+ RESERVED
+CVE-2021-34083
+ RESERVED
+CVE-2021-34082
+ RESERVED
+CVE-2021-34081
+ RESERVED
+CVE-2021-34080
+ RESERVED
+CVE-2021-34079
+ RESERVED
+CVE-2021-34078
+ RESERVED
+CVE-2021-34077
+ RESERVED
+CVE-2021-34076
+ RESERVED
+CVE-2021-34075 (In Artica Pandora FMS &lt;=754 in the File Manager component, there is ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-34074 (PandoraFMS &lt;=7.54 allows arbitrary file upload, it leading to remot ...)
+ NOT-FOR-US: PandoraFMS
+CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-34072
+ RESERVED
+CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34070 (Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denia ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34069 (Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denia ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...)
+ NOT-FOR-US: EdgeGallery/developer
+CVE-2021-34065
+ RESERVED
+CVE-2021-34064
+ RESERVED
+CVE-2021-34063
+ RESERVED
+CVE-2021-34062
+ RESERVED
+CVE-2021-34061
+ RESERVED
+CVE-2021-34060
+ RESERVED
+CVE-2021-34059
+ RESERVED
+CVE-2021-34058
+ RESERVED
+CVE-2021-34057
+ RESERVED
+CVE-2021-34056
+ RESERVED
+CVE-2021-34055
+ RESERVED
+CVE-2021-34054
+ RESERVED
+CVE-2021-34053
+ RESERVED
+CVE-2021-34052
+ RESERVED
+CVE-2021-34051
+ RESERVED
+CVE-2021-34050
+ RESERVED
+CVE-2021-34049
+ RESERVED
+CVE-2021-34048
+ RESERVED
+CVE-2021-34047
+ RESERVED
+CVE-2021-34046
+ RESERVED
+CVE-2021-34045
+ RESERVED
+CVE-2021-34044
+ RESERVED
+CVE-2021-34043
+ RESERVED
+CVE-2021-34042
+ RESERVED
+CVE-2021-34041
+ RESERVED
+CVE-2021-34040
+ RESERVED
+CVE-2021-34039
+ RESERVED
+CVE-2021-34038
+ RESERVED
+CVE-2021-34037
+ RESERVED
+CVE-2021-34036
+ RESERVED
+CVE-2021-34035
+ RESERVED
+CVE-2021-34034
+ RESERVED
+CVE-2021-34033
+ RESERVED
+CVE-2021-34032
+ RESERVED
+CVE-2021-34031
+ RESERVED
+CVE-2021-34030
+ RESERVED
+CVE-2021-34029
+ RESERVED
+CVE-2021-34028
+ RESERVED
+CVE-2021-34027
+ RESERVED
+CVE-2021-34026
+ RESERVED
+CVE-2021-34025
+ RESERVED
+CVE-2021-34024
+ RESERVED
+CVE-2021-34023
+ RESERVED
+CVE-2021-34022
+ RESERVED
+CVE-2021-34021
+ RESERVED
+CVE-2021-34020
+ RESERVED
+CVE-2021-34019
+ RESERVED
+CVE-2021-34018
+ RESERVED
+CVE-2021-34017
+ RESERVED
+CVE-2021-34016
+ RESERVED
+CVE-2021-34015
+ RESERVED
+CVE-2021-34014
+ RESERVED
+CVE-2021-34013
+ RESERVED
+CVE-2021-34012
+ RESERVED
+CVE-2021-34011
+ RESERVED
+CVE-2021-34010
+ RESERVED
+CVE-2021-34009
+ RESERVED
+CVE-2021-34008
+ RESERVED
+CVE-2021-34007
+ RESERVED
+CVE-2021-34006
+ RESERVED
+CVE-2021-34005
+ RESERVED
+CVE-2021-34004
+ RESERVED
+CVE-2021-34003
+ RESERVED
+CVE-2021-34002
+ RESERVED
+CVE-2021-34001
+ RESERVED
+CVE-2021-34000
+ RESERVED
+CVE-2021-33999
+ RESERVED
+CVE-2021-33998
+ RESERVED
+CVE-2021-33997
+ RESERVED
+CVE-2021-33996
+ RESERVED
+CVE-2021-33995
+ RESERVED
+CVE-2021-33994
+ RESERVED
+CVE-2021-33993
+ RESERVED
+CVE-2021-33992
+ RESERVED
+CVE-2021-33991
+ RESERVED
+CVE-2021-33990
+ RESERVED
+CVE-2021-33989
+ RESERVED
+CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2 ...)
+ NOT-FOR-US: Microweber CMS
+CVE-2021-33987
+ RESERVED
+CVE-2021-33986
+ RESERVED
+CVE-2021-33985
+ RESERVED
+CVE-2021-33984
+ RESERVED
+CVE-2021-33983
+ RESERVED
+CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...)
+ NOT-FOR-US: "Fish | Hunt FL" iOS app
+CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...)
+ NOT-FOR-US: "Fish | Hunt FL" iOS app
+CVE-2021-33980
+ RESERVED
+CVE-2021-33979
+ RESERVED
+CVE-2021-33978
+ RESERVED
+CVE-2021-33977
+ RESERVED
+CVE-2021-33976
+ RESERVED
+CVE-2021-33975
+ RESERVED
+CVE-2021-33974
+ RESERVED
+CVE-2021-33973
+ RESERVED
+CVE-2021-33972
+ RESERVED
+CVE-2021-33971
+ RESERVED
+CVE-2021-33970
+ RESERVED
+CVE-2021-33969
+ RESERVED
+CVE-2021-33968
+ RESERVED
+CVE-2021-33967
+ RESERVED
+CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...)
+ - spotweb <removed>
+ [buster] - spotweb <no-dsa> (Minor issue)
+ [stretch] - spotweb <postponed> (Minor issue; possible reflected XSS with unconclusive PoC "proof")
+ NOTE: https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html
+CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface
+CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33961
+ RESERVED
+CVE-2021-33960
+ RESERVED
+CVE-2021-33959
+ RESERVED
+CVE-2021-33958
+ RESERVED
+CVE-2021-33957
+ RESERVED
+CVE-2021-33956
+ RESERVED
+CVE-2021-33955
+ RESERVED
+CVE-2021-33954
+ RESERVED
+CVE-2021-33953
+ RESERVED
+CVE-2021-33952
+ RESERVED
+CVE-2021-33951
+ RESERVED
+CVE-2021-33950
+ RESERVED
+CVE-2021-33949
+ RESERVED
+CVE-2021-33948
+ RESERVED
+CVE-2021-33947
+ RESERVED
+CVE-2021-33946
+ RESERVED
+CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...)
+ NOT-FOR-US: RICOH
+CVE-2021-33944
+ RESERVED
+CVE-2021-33943
+ RESERVED
+CVE-2021-33942
+ RESERVED
+CVE-2021-33941
+ RESERVED
+CVE-2021-33940
+ RESERVED
+CVE-2021-33939
+ RESERVED
+CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/420
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33937
+ RESERVED
+CVE-2021-33936
+ RESERVED
+CVE-2021-33935
+ RESERVED
+CVE-2021-33934
+ RESERVED
+CVE-2021-33933
+ RESERVED
+CVE-2021-33932
+ RESERVED
+CVE-2021-33931
+ RESERVED
+CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/417
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/417
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/417
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33927
+ RESERVED
+CVE-2021-33926
+ RESERVED
+CVE-2021-33925
+ RESERVED
+CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...)
+ NOT-FOR-US: Confluent Ansible
+CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...)
+ NOT-FOR-US: Confluent Ansible
+CVE-2021-33922
+ RESERVED
+CVE-2021-33921
+ RESERVED
+CVE-2021-33920
+ RESERVED
+CVE-2021-33919
+ RESERVED
+CVE-2021-33918
+ RESERVED
+CVE-2021-33917
+ RESERVED
+CVE-2021-33916
+ RESERVED
+CVE-2021-33915
+ RESERVED
+CVE-2021-33914
+ RESERVED
+CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...)
+ {DLA-2890-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ [buster] - libspf2 1.2.10-7.1~deb10u1
+ NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+ NOTE: https://github.com/shevek/libspf2/pull/35
+ NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
+CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ...)
+ {DLA-2890-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ [buster] - libspf2 1.2.10-7.1~deb10u1
+ NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+ NOTE: https://github.com/shevek/libspf2/pull/35
+ NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d
+CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...)
+ NOT-FOR-US: Zoho
+CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 ...)
+ {DSA-4942-1 DLA-2715-1}
+ - systemd 247.3-6
+ NOTE: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt
+ NOTE: Introduced by: https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2 (v220)
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/4e2544c30bfb95e7cb4d1551ba066b1a56520ad6 (comment fix)
+ NOTE: https://github.com/systemd/systemd/pull/20256
+CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 do ...)
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
+ - linux 5.10.46-2
+ NOTE: https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
+ NOTE: https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
+CVE-2021-33908
+ RESERVED
+CVE-2021-3587
+ REJECTED
+CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
+ RESERVED
+ - qemu 1:5.2+dfsg-11 (bug #990565)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html
+CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows
+CVE-2021-33906
+ RESERVED
+CVE-2021-33905
+ RESERVED
+CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the security/hos ...)
+ NOT-FOR-US: Accela Civic Platform
+CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...)
+ NOT-FOR-US: LANCOM
+CVE-2021-33902
+ RESERVED
+CVE-2021-33901
+ RESERVED
+CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that configured Star ...)
+ - apache-directory-studio <itp> (bug #733044)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1
+CVE-2021-33899
+ RESERVED
+CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...)
+ NOT-FOR-US: Invoice Ninja
+CVE-2021-33897
+ RESERVED
+CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...)
+ - dino-im 0.2.0-3
+ [buster] - dino-im <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2
+ NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master)
+ NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1)
+CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...)
+ NOT-FOR-US: ETINET
+CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...)
+ NOT-FOR-US: Progress MOVEit
+CVE-2021-33893
+ RESERVED
+CVE-2021-33892
+ RESERVED
+CVE-2021-33891
+ RESERVED
+CVE-2021-33890
+ RESERVED
+CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overfl ...)
+ NOT-FOR-US: OpenThread wpantund
+CVE-2021-33888
+ RESERVED
+CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to ...)
+ NOT-FOR-US: Peloton TTR01
+CVE-2021-33886 (An improper sanitization of input vulnerability in B. Braun SpaceCom2 ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33885 (An Insufficient Verification of Data Authenticity vulnerability in B. ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33884 (An Unrestricted Upload of File with Dangerous Type vulnerability in B. ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33883 (A Cleartext Transmission of Sensitive Information vulnerability in B. ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33882 (A Missing Authentication for Critical Function vulnerability in B. Bra ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a w ...)
+ NOT-FOR-US: NXP
+CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...)
+ - python-websockets 9.1-1 (bug #989561)
+ [buster] - python-websockets <not-affected> (Vulnerable code introduced in 8.0)
+ [stretch] - python-websockets <not-affected> (Vulnerable code introduced in 8.0)
+ NOTE: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
+CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure ...)
+ NOT-FOR-US: Tencent
+CVE-2021-33878
+ RESERVED
+CVE-2021-33877
+ RESERVED
+CVE-2021-33876
+ RESERVED
+CVE-2021-33875
+ RESERVED
+CVE-2021-33874
+ RESERVED
+CVE-2021-33873
+ RESERVED
+CVE-2021-33872
+ RESERVED
+CVE-2021-33871
+ RESERVED
+CVE-2021-33870
+ RESERVED
+CVE-2021-33869
+ RESERVED
+CVE-2021-33868
+ RESERVED
+CVE-2021-33867
+ RESERVED
+CVE-2021-33866
+ RESERVED
+CVE-2021-33865
+ RESERVED
+CVE-2021-33864
+ RESERVED
+CVE-2021-33863
+ RESERVED
+CVE-2021-33862
+ RESERVED
+CVE-2021-33861
+ RESERVED
+CVE-2021-33860
+ RESERVED
+CVE-2021-33859
+ RESERVED
+CVE-2021-33858
+ RESERVED
+CVE-2021-33857
+ RESERVED
+CVE-2021-33856
+ RESERVED
+CVE-2021-33855
+ RESERVED
+CVE-2021-33854
+ RESERVED
+CVE-2021-33853
+ RESERVED
+CVE-2021-33852
+ RESERVED
+CVE-2021-33851
+ RESERVED
+CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
+ NOT-FOR-US: Zoho
+CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions & ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled ...)
+ {DSA-4933-1 DLA-2760-1}
+ - nettle 3.7.3-1 (bug #989631)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
+CVE-2021-33844
+ RESERVED
+CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...)
+ NOT-FOR-US: Circutor SGE-PLC1000 firmware
+CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...)
+ NOT-FOR-US: SGE-PLC1000 device
+CVE-2021-23210
+ RESERVED
+CVE-2021-23172
+ RESERVED
+CVE-2021-23159
+ RESERVED
+CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)
+ NOT-FOR-US: Luca
+CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+ NOT-FOR-US: Luca
+CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+ NOT-FOR-US: Luca
+CVE-2021-33837
+ RESERVED
+CVE-2021-33836
+ RESERVED
+CVE-2021-33835
+ RESERVED
+CVE-2021-33834
+ RESERVED
+CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
+ {DLA-2915-1}
+ - connman 1.36-2.2 (bug #989662)
+ [buster] - connman 1.36-2.1~deb10u2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
+CVE-2021-33832
+ RESERVED
+CVE-2021-33831 (api/account/register in the TH Wildau COVID-19 Contact Tracing applica ...)
+ NOT-FOR-US: TH Wildau COVID-19 Contact Tracing App (Germany)
+CVE-2021-33830
+ RESERVED
+CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...)
+ {DLA-2813-1}
+ - ckeditor 4.16.0+dfsg-2
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
+CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...)
+ - owncloud <removed>
+CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...)
+ - owncloud <removed>
+CVE-2021-33826
+ RESERVED
+CVE-2021-33825
+ RESERVED
+CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+ NOT-FOR-US: MOXA
+CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+ NOT-FOR-US: MOXA
+CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...)
+ NOT-FOR-US: 4GEE ROUTER HH70VB
+CVE-2021-33821
+ RESERVED
+CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+ NOT-FOR-US: UniFi Protect G3 FLEX Camera
+CVE-2021-33819
+ RESERVED
+CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+ NOT-FOR-US: UniFi Protect G3 FLEX Camera
+CVE-2021-33817
+ RESERVED
+CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...)
+ - dolibarr <removed>
+CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...)
+ [experimental] - ffmpeg <unfixed>
+ - ffmpeg <not-affected> (Vulnerable code not present, introduced in cc85ca1cb34)
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
+CVE-2021-33814
+ RESERVED
+CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...)
+ {DLA-2712-1 DLA-2696-1}
+ - libjdom2-intellij-java <unfixed> (bug #990673)
+ [bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
+ [buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
+ - libjdom2-java 2.0.6-2.1 (bug #990671)
+ [buster] - libjdom2-java <no-dsa> (Minor issue)
+ - libjdom1-java 1.1.3-2.1 (bug #990672)
+ [buster] - libjdom1-java <no-dsa> (Minor issue)
+ NOTE: https://github.com/hunterhacker/jdom/pull/188
+ NOTE: https://alephsecurity.com/vulns/aleph-2021003
+ NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e
+ NOTE: Possible regression impact: https://github.com/hunterhacker/jdom/pull/188#issuecomment-872685011
+ NOTE: Improved regression with: https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361
+ NOTE: https://github.com/hunterhacker/jdom/commit/07f316957b59d305f04c7bdb26292852bcbc2eb5
+CVE-2021-33812
+ RESERVED
+CVE-2021-33811
+ RESERVED
+CVE-2021-33810
+ RESERVED
+CVE-2021-33809
+ RESERVED
+CVE-2021-33808
+ RESERVED
+CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...)
+ NOT-FOR-US: Cartadis Gespage
+CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
+ - isync 1.3.0-2.2 (bug #989564)
+ [buster] - isync 1.3.0-2.2~deb10u1
+ [stretch] - isync <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1
+CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...)
+ NOT-FOR-US: BDew BdLib library
+CVE-2021-33805
+ REJECTED
+CVE-2021-3577 (An unauthenticated remote code execution vulnerability was reported in ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS]
+ RESERVED
+ - openjpeg2 <unfixed> (bug #989775)
+ [bullseye] - openjpeg2 <no-dsa> (Minor issue)
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
+ [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1347
+CVE-2021-3574
+ RESERVED
+CVE-2021-33804
+ RESERVED
+CVE-2021-33803
+ RESERVED
+CVE-2021-33802
+ RESERVED
+CVE-2021-33801
+ RESERVED
+CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain function ...)
+ NOT-FOR-US: Alibaba Druid
+CVE-2021-33799
+ RESERVED
+CVE-2021-33798
+ RESERVED
+CVE-2021-33797
+ RESERVED
+CVE-2021-33796
+ RESERVED
+CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
+CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...)
+ NOT-FOR-US: Foxit
+CVE-2021-33794 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow informat ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
+ NOT-FOR-US: Foxit
+CVE-2021-3572 (A flaw was found in python-pip in the way it handled Unicode separator ...)
+ - python-pip 20.3.4-2
+ [buster] - python-pip <no-dsa> (Minor issue)
+ [stretch] - python-pip <postponed> (Minor issue. Fix along with next DLA)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957
+ NOTE: https://github.com/pypa/pip/pull/9827
+ NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1)
+CVE-2021-33791
+ REJECTED
+CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...)
+ - linuxptp 3.1-2.1 (bug #990749)
+ [buster] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0)
+ [stretch] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15 (master)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
+CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...)
+ {DSA-4938-1 DLA-2723-1}
+ - linuxptp 3.1-2.1 (bug #990748)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/c15da0756d9b0ad9c0b9307c4a8685b490b76485 (v1.9.3)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/7795df89dd4f94e0f55959dc61a85535d0f01cae (v1.8.1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
+CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...)
+ NOT-FOR-US: RebornCore
+CVE-2021-33789
+ RESERVED
+CVE-2021-33788 (Windows LSA Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33787
+ RESERVED
+CVE-2021-33786 (Windows LSA Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33785 (Windows AF_UNIX Socket Provider Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33784 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33783 (Windows SMB Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33782 (Windows Authenticode Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33781 (Azure AD Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33780 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33779 (Windows ADFS Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33778 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33777 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33776 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33775 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33774 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33773 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33772 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33771 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33770
+ RESERVED
+CVE-2021-33769
+ RESERVED
+CVE-2021-33768 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33767 (Open Enclave SDK Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33766 (Microsoft Exchange Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33765 (Windows Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33759 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33758 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33757 (Windows Security Account Manager Remote Protocol Security Feature Bypa ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33756 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33755 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33754 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33753 (Microsoft Bing Search Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33752 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33751 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33750 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33749 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33748
+ RESERVED
+CVE-2021-33747
+ RESERVED
+CVE-2021-33746 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33745 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33744 (Windows Secure Kernel Mode Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33743 (Windows Projected File System Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33740 (Windows Media Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.7.2 a ...)
+ - libtpms 0.8.2-1
+ NOTE: https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b (v0.8.0)
+ NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2)
+CVE-2021-3568
+ RESERVED
+CVE-2021-3567
+ RESERVED
+ - caribou 0.4.21-7.1 (bug #980061)
+ [buster] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2)
+ [stretch] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060
+ NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3
+ NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6
+CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33719 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Mendix Applications
+CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-33716 (A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...)
+ NOT-FOR-US: Mendix SAML Module
+CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can ...)
+ NOT-FOR-US: Kyma
+CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...)
+ NOT-FOR-US: SAP
+CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...)
+ NOT-FOR-US: InfraBox
+CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...)
+ NOT-FOR-US: SAP
+CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...)
+ NOT-FOR-US: NetWeaver
+CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...)
+ NOT-FOR-US: NetWeaver
+CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access ...)
+ NOT-FOR-US: SAP
+CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...)
+ NOT-FOR-US: Android
+CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...)
+ NOT-FOR-US: SAP
+CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
+ NOT-FOR-US: SAP
+CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...)
+ NOT-FOR-US: SAP
+CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...)
+ NOT-FOR-US: SAP
+CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...)
+ NOT-FOR-US: SAP
+CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...)
+ NOT-FOR-US: SAP
+CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as ...)
+ NOT-FOR-US: SAP
+CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...)
+ NOT-FOR-US: SAP
+CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in ...)
+ NOT-FOR-US: SAP
+CVE-2021-33689 (When user with insufficient privileges tries to access any application ...)
+ NOT-FOR-US: SAP
+CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...)
+ NOT-FOR-US: SAP
+CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, allows an u ...)
+ NOT-FOR-US: SAP
+CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized attacker t ...)
+ NOT-FOR-US: SAP
+CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-33682 (SAP Lumira Server version 2.4 does not sufficiently encode user contro ...)
+ NOT-FOR-US: SAP
+CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an attacker, ...)
+ NOT-FOR-US: SAP
+CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), ...)
+ NOT-FOR-US: SAP
+CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, ...)
+ NOT-FOR-US: SAP
+CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, does not s ...)
+ NOT-FOR-US: SAP
+CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, does not s ...)
+ NOT-FOR-US: SAP
+CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 700,does not su ...)
+ NOT-FOR-US: SAP
+CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication Desktop ...)
+ NOT-FOR-US: SAP
+CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), versions - 7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - ...)
+ NOT-FOR-US: SAP
+CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider allows a ...)
+ NOT-FOR-US: SAP
+CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP queries can ...)
+ NOT-FOR-US: SAP
+CVE-2021-33667 (Under certain conditions, SAP Business Objects Web Intelligence (BI La ...)
+ NOT-FOR-US: SAP
+CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it ...)
+ NOT-FOR-US: SAP
+CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on SAP GUI f ...)
+ NOT-FOR-US: SAP
+CVE-2021-33664 (SAP NetWeaver Application Server ABAP (Applications based on Web Dynpr ...)
+ NOT-FOR-US: SAP
+CVE-2021-33663 (SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - ...)
+ NOT-FOR-US: SAP
+CVE-2021-33662 (Under certain conditions, the installation of SAP Business One, versio ...)
+ NOT-FOR-US: SAP
+CVE-2021-33661 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33658
+ RESERVED
+CVE-2021-33657
+ RESERVED
+CVE-2021-33656
+ RESERVED
+CVE-2021-33655
+ RESERVED
+CVE-2021-33654
+ RESERVED
+CVE-2021-33653
+ RESERVED
+CVE-2021-33652
+ RESERVED
+CVE-2021-33651
+ RESERVED
+CVE-2021-33650
+ RESERVED
+CVE-2021-33649
+ RESERVED
+CVE-2021-33648
+ RESERVED
+CVE-2021-33647
+ RESERVED
+CVE-2021-33646
+ RESERVED
+CVE-2021-33645
+ RESERVED
+CVE-2021-33644
+ RESERVED
+CVE-2021-33643
+ RESERVED
+CVE-2021-33642
+ RESERVED
+CVE-2021-33641
+ RESERVED
+CVE-2021-33640
+ RESERVED
+CVE-2021-33639
+ RESERVED
+CVE-2021-33638
+ RESERVED
+CVE-2021-33637
+ RESERVED
+CVE-2021-33636
+ RESERVED
+CVE-2021-33635
+ RESERVED
+CVE-2021-33634
+ RESERVED
+CVE-2021-33633
+ RESERVED
+CVE-2021-33632
+ RESERVED
+CVE-2021-33631
+ RESERVED
+CVE-2021-33630
+ RESERVED
+CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...)
+ NOT-FOR-US: isula-build
+CVE-2021-33628
+ RESERVED
+CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
+ {DLA-2785-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
+CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
+ - node-trim-newlines 3.0.0+~3.0.0-1
+ [bullseye] - node-trim-newlines <no-dsa> (Minor issue)
+ [buster] - node-trim-newlines <no-dsa> (Minor issue)
+ [stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v
+CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #990201)
+ NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
+CVE-2021-33621
+ RESERVED
+CVE-2021-33619
+ RESERVED
+CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstr ...)
+ - dolibarr <removed>
+CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-33616
+ RESERVED
+CVE-2021-33615
+ RESERVED
+CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch
+CVE-2021-33614
+ RESERVED
+CVE-2021-33613
+ RESERVED
+CVE-2021-33612
+ RESERVED
+CVE-2021-33611 (Missing output sanitization in test sources in org.webjars.bowergithub ...)
+ NOT-FOR-US: vaadin-menu-bar
+CVE-2021-33610
+ RESERVED
+CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-33608
+ RESERVED
+CVE-2021-33607
+ RESERVED
+CVE-2021-33606
+ RESERVED
+CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...)
+ NOT-FOR-US: com.vaadin:vaadin-checkbox-flow
+CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
+ NOT-FOR-US: com.vaadin:flow-server
+CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...)
+ NOT-FOR-US: F-Secure Antivirus
+CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Browser fo ...)
+ NOT-FOR-US: Safe Browser for iOS
+CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...)
+ NOT-FOR-US: Safe Browser for Android
+CVE-2021-33593 (Whale browser for iOS before 1.14.0 has an inconsistent user interface ...)
+ NOT-FOR-US: Whale browser for iOS
+CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...)
+ NOT-FOR-US: NAVER Toolbar
+CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...)
+ NOT-FOR-US: Naver Comic Viewer
+CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
+ NOT-FOR-US: GattLib
+CVE-2021-33589
+ RESERVED
+CVE-2021-33588
+ RESERVED
+CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...)
+ - node-css-what 5.0.1-1 (bug #989264)
+ [bullseye] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
+ [buster] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
+ [stretch] - node-css-what <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
+ NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1
+CVE-2021-33585
+ RESERVED
+CVE-2021-33584
+ RESERVED
+CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa pas ...)
+ NOT-FOR-US: REINER
+CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...)
+ - cyrus-imapd 3.4.2-1 (bug #993433)
+ [bullseye] - cyrus-imapd 3.2.6-2+deb11u1
+ [buster] - cyrus-imapd 3.0.8-6+deb10u6
+ [stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
+ - cyrus-imapd-2.4 <removed>
+ NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master)
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master)
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master)
+CVE-2021-33581
+ RESERVED
+CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...)
+ NOT-FOR-US: Apache Roller
+CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...)
+ - inspircd 3.8.1-2 (bug #989144)
+ [buster] - inspircd <not-affected> (Vulnerable code not present)
+ [stretch] - inspircd <not-affected> (Vulnerable code not present)
+ NOTE: https://docs.inspircd.org/security/2021-01/
+ NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d
+CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
+ {DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532
+CVE-2021-33579
+ RESERVED
+CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...)
+ NOT-FOR-US: Cleo LexiCom
+CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...)
+ NOT-FOR-US: Cleo LexiCom
+CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
+ NOT-FOR-US: ruby-jss gem
+CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...)
+ [experimental] - glibc 2.32-0experimental0
+ - glibc 2.32-1 (bug #989147)
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091
+ NOTE: When fixing this issue the fix needs to be applied such that CVE-2021-38604
+ NOTE: is not opened, CVE-2021-38604 information:
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
+CVE-2021-33573
+ RESERVED
+CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...)
+ {DLA-2676-1}
+ - python-django 2:2.2.24-1 (bug #989394)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
+ NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main)
+ NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24)
+CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...)
+ NOT-FOR-US: Postbird
+CVE-2021-33569
+ RESERVED
+CVE-2021-33568
+ RESERVED
+CVE-2021-33567
+ RESERVED
+CVE-2021-33566
+ RESERVED
+CVE-2021-33565
+ RESERVED
+CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3 ...)
+ - tpm2-tools 5.0-2 (bug #989148)
+ [buster] - tpm2-tools <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427
+ NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738
+ NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
+CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0 ...)
+ NOT-FOR-US: Dragonfly gem
+CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...)
+ NOT-FOR-US: Koel
+CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...)
+ NOT-FOR-US: Shopizer
+CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...)
+ NOT-FOR-US: Shopizer
+CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...)
+ {DLA-2691-1}
+ - libgcrypt20 1.8.7-6
+ [buster] - libgcrypt20 1.8.4-5+deb10u1
+ NOTE: https://dev.gnupg.org/T5328
+ NOTE: https://eprint.iacr.org/2021/923.pdf
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9.x)
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8.x)
+ NOTE: See notes on CVE-2021-40528 on the confusion about swapping of scope of
+ NOTE: CVE-2021-40528 and CVE-2021-33560.
+CVE-2021-33559
+ RESERVED
+CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...)
+ - boa <removed>
+CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...)
+ - mantis <removed>
+CVE-2021-33556
+ RESERVED
+CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.7 the filename paramet ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-33554 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33553 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33552 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33551 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33550 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33549 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33548 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33547 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33546 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33545 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33544 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33543 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33527 (In MB connect line mbDIALUP versions &lt;= 3.9R0.0 a low privileged lo ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-33526 (In MB connect line mbDIALUP versions &lt;= 3.9R0.0 a low privileged lo ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...)
+ NOT-FOR-US: EyesOfNetwork (EON) eonweb
+CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
+CVE-2021-33524
+ RESERVED
+CVE-2021-33523
+ RESERVED
+CVE-2021-33522
+ RESERVED
+CVE-2021-33521
+ RESERVED
+CVE-2021-33520
+ RESERVED
+CVE-2021-33519
+ RESERVED
+CVE-2021-33518
+ RESERVED
+CVE-2021-33517
+ RESERVED
+CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...)
+ [experimental] - gupnp 1.2.7-1
+ - gupnp <unfixed> (bug #989098)
+ [bullseye] - gupnp <no-dsa> (Minor issue)
+ [buster] - gupnp <no-dsa> (Minor issue)
+ [stretch] - gupnp <no-dsa> (Minor issue)
+ NOTE: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
+ NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
+ NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9 (gupnp-1.0)
+ NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master)
+CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...)
+ - dovecot 1:2.3.13+dfsg1-2 (bug #990566)
+ [bullseye] - dovecot <postponed> (Minor issue, fix along with next update)
+ [buster] - dovecot <postponed> (Minor issue, fix along with next update)
+ [stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later)
+ NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2
+CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in Products ...)
+ NOT-FOR-US: Plone
+CVE-2021-33512 (Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by up ...)
+ NOT-FOR-US: Plone
+CVE-2021-33511 (Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo ...)
+ NOT-FOR-US: Plone
+CVE-2021-33510 (Plone through 5.2.4 allows remote authenticated managers to conduct SS ...)
+ NOT-FOR-US: Plone
+CVE-2021-33509 (Plone through 5.2.4 allows remote authenticated managers to perform di ...)
+ NOT-FOR-US: Plone
+CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandled duri ...)
+ NOT-FOR-US: Plone
+CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...)
+ NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
+CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...)
+ NOT-FOR-US: jitsi-meet-prosody
+CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...)
+ - falco <itp> (bug #842306)
+CVE-2021-33504
+ RESERVED
+CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...)
+ - python-urllib3 1.26.5-1~exp1 (bug #989848)
+ [buster] - python-urllib3 <no-dsa> (Minor issue)
+ [stretch] - python-urllib3 <ignored> (Intrusive to backport)
+ NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
+ NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
+CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...)
+ - node-got 11.8.1+~cs53.13.17-3 (bug #989258)
+ [buster] - node-got <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
+ NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
+CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...)
+ NOT-FOR-US: Overwolf
+CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
+ - putty <not-affected> (Windows-specific)
+CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-3563
+ RESERVED
+ - keystone <unfixed> (bug #989998)
+ [bullseye] - keystone <no-dsa> (Minor issue)
+ [buster] - keystone <no-dsa> (Minor issue)
+ [stretch] - keystone <end-of-life> (Keystone is not supported in stretch)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908
+ NOTE: https://bugs.launchpad.net/keystone/+bug/1901891
+CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...)
+ NOT-FOR-US: Dutchcoders transfer.sh
+CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...)
+ NOT-FOR-US: Dutchcoders transfer.sh
+CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33487
+ RESERVED
+CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...)
+ NOT-FOR-US: CODESYS V3 Runtime Toolkit for VxWorks
+CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffe ...)
+ NOT-FOR-US: CODESYS Control Runtime
+CVE-2021-3562
+ RESERVED
+CVE-2021-33484 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...)
+ NOT-FOR-US: OnyakTech Comments Pro DNN Module
+CVE-2021-33483 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...)
+ NOT-FOR-US: OnyakTech Comments Pro DNN Module
+CVE-2021-33482
+ RESERVED
+CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...)
+ NOT-FOR-US: Broadcom
+CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.8-3
+ [buster] - fig2dev 1:3.2.7a-5+deb10u4
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/116/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
+ NOTE: Depends on CVE-2019-19797 fix
+CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...)
+ - policykit-1 0.105-31 (bug #989429)
+ [buster] - policykit-1 <not-affected> (Vulnerable code introduced later)
+ [stretch] - policykit-1 <not-affected> (Vulnerable code introduced later)
+ NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38
+ NOTE: Debian backported 0.113 commits in 0.105-26
+ NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (0.119)
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1961710
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/03/1
+ NOTE: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
+CVE-2021-33476
+ RESERVED
+CVE-2021-33475
+ RESERVED
+CVE-2021-33474
+ RESERVED
+CVE-2021-33473
+ RESERVED
+CVE-2021-33472
+ RESERVED
+CVE-2021-33471
+ RESERVED
+CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...)
+ NOT-FOR-US: COVID19 Testing Management System
+CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...)
+ NOT-FOR-US: COVID19 Testing Management System
+CVE-2021-33468
+ RESERVED
+CVE-2021-33467
+ RESERVED
+CVE-2021-33466
+ RESERVED
+CVE-2021-33465
+ RESERVED
+CVE-2021-33464
+ RESERVED
+CVE-2021-33463
+ RESERVED
+CVE-2021-33462
+ RESERVED
+CVE-2021-33461
+ RESERVED
+CVE-2021-33460
+ RESERVED
+CVE-2021-33459
+ RESERVED
+CVE-2021-33458
+ RESERVED
+CVE-2021-33457
+ RESERVED
+CVE-2021-33456
+ RESERVED
+CVE-2021-33455
+ RESERVED
+CVE-2021-33454
+ RESERVED
+CVE-2021-33453
+ RESERVED
+CVE-2021-33452
+ RESERVED
+CVE-2021-33451
+ RESERVED
+CVE-2021-33450
+ RESERVED
+CVE-2021-33449
+ RESERVED
+CVE-2021-33448
+ RESERVED
+CVE-2021-33447
+ RESERVED
+CVE-2021-33446
+ RESERVED
+CVE-2021-33445
+ RESERVED
+CVE-2021-33444
+ RESERVED
+CVE-2021-33443
+ RESERVED
+CVE-2021-33442
+ RESERVED
+CVE-2021-33441
+ RESERVED
+CVE-2021-33440
+ RESERVED
+CVE-2021-33439
+ RESERVED
+CVE-2021-33438
+ RESERVED
+CVE-2021-33437
+ RESERVED
+CVE-2021-33436
+ RESERVED
+CVE-2021-33435
+ RESERVED
+CVE-2021-33434
+ RESERVED
+CVE-2021-33433
+ RESERVED
+CVE-2021-33432
+ RESERVED
+CVE-2021-33431
+ RESERVED
+CVE-2021-33430 (** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x i ...)
+ - numpy 1:1.21.4-2
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/18939
+ NOTE: https://github.com/numpy/numpy/pull/18989
+ NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0)
+CVE-2021-33429
+ RESERVED
+CVE-2021-33428
+ RESERVED
+CVE-2021-33427
+ RESERVED
+CVE-2021-33426
+ RESERVED
+CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...)
+ NOT-FOR-US: OpenWRT LuCI
+CVE-2021-33424
+ RESERVED
+CVE-2021-33423
+ RESERVED
+CVE-2021-33422
+ RESERVED
+CVE-2021-33421
+ RESERVED
+CVE-2021-33420
+ RESERVED
+CVE-2021-33419
+ RESERVED
+CVE-2021-33418
+ RESERVED
+CVE-2021-33417
+ RESERVED
+CVE-2021-33416
+ RESERVED
+CVE-2021-33415
+ RESERVED
+CVE-2021-33414
+ RESERVED
+CVE-2021-33413
+ RESERVED
+CVE-2021-33412
+ RESERVED
+CVE-2021-33411
+ RESERVED
+CVE-2021-33410
+ RESERVED
+CVE-2021-33409
+ RESERVED
+CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio Control&gt;Center befo ...)
+ NOT-FOR-US: Ab Initio
+CVE-2021-33407
+ RESERVED
+CVE-2021-33406
+ RESERVED
+CVE-2021-33405
+ RESERVED
+CVE-2021-33404
+ RESERVED
+CVE-2021-33403 (An integer overflow in the transfer function of a smart contract imple ...)
+ NOT-FOR-US: Lancer
+CVE-2021-33402
+ RESERVED
+CVE-2021-33401
+ RESERVED
+CVE-2021-33400
+ RESERVED
+CVE-2021-33399
+ RESERVED
+CVE-2021-33398
+ RESERVED
+CVE-2021-33397
+ RESERVED
+CVE-2021-33396
+ RESERVED
+CVE-2021-33395
+ RESERVED
+CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...)
+ NOT-FOR-US: Cubecart
+CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/bac ...)
+ NOT-FOR-US: IPFire
+CVE-2021-33392
+ RESERVED
+CVE-2021-33391
+ RESERVED
+CVE-2021-33390
+ RESERVED
+CVE-2021-33389
+ RESERVED
+CVE-2021-33388
+ RESERVED
+CVE-2021-33387
+ RESERVED
+CVE-2021-33386
+ RESERVED
+CVE-2021-33385
+ RESERVED
+CVE-2021-33384
+ RESERVED
+CVE-2021-33383
+ RESERVED
+CVE-2021-33382
+ RESERVED
+CVE-2021-33381
+ RESERVED
+CVE-2021-33380
+ RESERVED
+CVE-2021-33379
+ RESERVED
+CVE-2021-33378
+ RESERVED
+CVE-2021-33377
+ RESERVED
+CVE-2021-33376
+ RESERVED
+CVE-2021-33375
+ RESERVED
+CVE-2021-33374
+ RESERVED
+CVE-2021-33373
+ RESERVED
+CVE-2021-33372
+ RESERVED
+CVE-2021-33371
+ RESERVED
+CVE-2021-33370
+ RESERVED
+CVE-2021-33369
+ RESERVED
+CVE-2021-33368
+ RESERVED
+CVE-2021-33367
+ RESERVED
+CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf
+ NOTE: https://github.com/gpac/gpac/issues/1785
+ NOTE: Negligible security impact
+CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...)
+ - gpac <unfixed> (unimportant)
+ NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5
+ NOTE: https://github.com/gpac/gpac/issues/1784
+ NOTE: Negligible security impact
+CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7
+ NOTE: https://github.com/gpac/gpac/issues/1783
+ NOTE: Negligible security impact
+CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9
+ NOTE: https://github.com/gpac/gpac/issues/1786
+ NOTE: Negligible security impact
+CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d
+ NOTE: https://github.com/gpac/gpac/issues/1780
+CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f
+ NOTE: https://github.com/gpac/gpac/issues/1782
+ NOTE: Negligible security impact
+CVE-2021-33360
+ RESERVED
+CVE-2021-33359 (A vulnerability exists in gowitness &lt; 2.3.6 that allows an unauthen ...)
+ NOT-FOR-US: gowitness
+CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-33357 (A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET param ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 c ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-33355
+ RESERVED
+CVE-2021-33354
+ RESERVED
+CVE-2021-33353
+ RESERVED
+CVE-2021-33352
+ RESERVED
+CVE-2021-33351
+ RESERVED
+CVE-2021-33350
+ RESERVED
+CVE-2021-33349
+ RESERVED
+CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...)
+ NOT-FOR-US: JFinal
+CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
+ NOT-FOR-US: JPress
+CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-33345
+ RESERVED
+CVE-2021-33344
+ RESERVED
+CVE-2021-33343
+ RESERVED
+CVE-2021-33342
+ RESERVED
+CVE-2021-33341
+ RESERVED
+CVE-2021-33340
+ RESERVED
+CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33333 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33332 (Cross-site scripting (XSS) vulnerability in the Portlet Configuration ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33331 (Open redirect vulnerability in the Notifications module in Liferay Por ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pac ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33329
+ RESERVED
+CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's edit vo ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS module in ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay D ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pa ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33319
+ RESERVED
+CVE-2021-33318
+ RESERVED
+CVE-2021-33317
+ RESERVED
+CVE-2021-33316
+ RESERVED
+CVE-2021-33315
+ RESERVED
+CVE-2021-33314
+ RESERVED
+CVE-2021-33313
+ RESERVED
+CVE-2021-33312
+ RESERVED
+CVE-2021-33311
+ RESERVED
+CVE-2021-33310
+ RESERVED
+CVE-2021-33309
+ RESERVED
+CVE-2021-33308
+ RESERVED
+CVE-2021-33307
+ RESERVED
+CVE-2021-33306
+ RESERVED
+CVE-2021-33305
+ RESERVED
+CVE-2021-33304
+ RESERVED
+CVE-2021-33303
+ RESERVED
+CVE-2021-33302
+ RESERVED
+CVE-2021-33301
+ RESERVED
+CVE-2021-33300
+ RESERVED
+CVE-2021-33299
+ RESERVED
+CVE-2021-33298
+ RESERVED
+CVE-2021-33297
+ RESERVED
+CVE-2021-33296
+ RESERVED
+CVE-2021-33295
+ RESERVED
+CVE-2021-33294
+ RESERVED
+CVE-2021-33293
+ RESERVED
+CVE-2021-33292
+ RESERVED
+CVE-2021-33291
+ RESERVED
+CVE-2021-33290
+ RESERVED
+CVE-2021-33289 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted MFT secti ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33288
+ RESERVED
+CVE-2021-33287 (In NTFS-3G versions &lt; 2021.8.22, when specially crafted NTFS attrib ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33286 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted unicode s ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33285 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS attr ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33284
+ RESERVED
+CVE-2021-33283
+ RESERVED
+CVE-2021-33282
+ RESERVED
+CVE-2021-33281
+ RESERVED
+CVE-2021-33280
+ RESERVED
+CVE-2021-33279
+ RESERVED
+CVE-2021-33278
+ RESERVED
+CVE-2021-33277
+ RESERVED
+CVE-2021-33276
+ RESERVED
+CVE-2021-33275
+ RESERVED
+CVE-2021-33274 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33273
+ RESERVED
+CVE-2021-33272
+ RESERVED
+CVE-2021-33271 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33270 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33269 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33268 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33267 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33266 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33265 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33264
+ RESERVED
+CVE-2021-33263
+ RESERVED
+CVE-2021-33262
+ RESERVED
+CVE-2021-33261
+ RESERVED
+CVE-2021-33260
+ RESERVED
+CVE-2021-33259 (Several web interfaces in D-Link DIR-868LW 1.12b have no authenticatio ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33258
+ RESERVED
+CVE-2021-33257
+ RESERVED
+CVE-2021-33256 (** DISPUTED ** A CSV injection vulnerability on the login panel of Man ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-33255
+ RESERVED
+CVE-2021-33254
+ RESERVED
+CVE-2021-33253
+ RESERVED
+CVE-2021-33252
+ RESERVED
+CVE-2021-33251
+ RESERVED
+CVE-2021-33250
+ RESERVED
+CVE-2021-33249
+ RESERVED
+CVE-2021-33248
+ RESERVED
+CVE-2021-33247
+ RESERVED
+CVE-2021-33246
+ RESERVED
+CVE-2021-33245
+ RESERVED
+CVE-2021-33244
+ RESERVED
+CVE-2021-33243
+ RESERVED
+CVE-2021-33242
+ RESERVED
+CVE-2021-33241
+ RESERVED
+CVE-2021-33240
+ RESERVED
+CVE-2021-33239
+ RESERVED
+CVE-2021-33238
+ RESERVED
+CVE-2021-33237
+ RESERVED
+CVE-2021-33236
+ RESERVED
+CVE-2021-33235
+ RESERVED
+CVE-2021-33234
+ RESERVED
+CVE-2021-33233
+ RESERVED
+CVE-2021-33232
+ RESERVED
+CVE-2021-33231
+ RESERVED
+CVE-2021-33230
+ RESERVED
+CVE-2021-33229
+ RESERVED
+CVE-2021-33228
+ RESERVED
+CVE-2021-33227
+ RESERVED
+CVE-2021-33226
+ RESERVED
+CVE-2021-33225
+ RESERVED
+CVE-2021-33224
+ RESERVED
+CVE-2021-33223
+ RESERVED
+CVE-2021-33222
+ RESERVED
+CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...)
+ NOT-FOR-US: HMS Ewon eCatcher
+CVE-2021-33213 (An SSRF vulnerability in the "Upload from URL" feature in Elements-IT ...)
+ NOT-FOR-US: Elements-IT HTTP Commander
+CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Browser" fe ...)
+ NOT-FOR-US: Elements-IT HTTP Commander
+CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...)
+ NOT-FOR-US: Elements-IT HTTP Commander
+CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. An atta ...)
+ NOT-FOR-US: Fimer Aurora
+CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...)
+ NOT-FOR-US: Fimer Aurora
+CVE-2021-33208
+ RESERVED
+CVE-2021-33207
+ RESERVED
+CVE-2021-33206
+ RESERVED
+CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...)
+ NOT-FOR-US: Western Digital
+CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...)
+ - libvirt <not-affected> (Vulnerable code never in a released version)
+ NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1)
+ NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1)
+CVE-2021-3558
+ RESERVED
+ - moodle <removed>
+CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-3556
+ REJECTED
+CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...)
+ - pg-partman 4.5.1-1 (bug #988917)
+ [buster] - pg-partman <no-dsa> (Minor issue)
+ [stretch] - pg-partman <no-dsa> (Minor issue)
+ NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3
+CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...)
+ {DLA-2676-1}
+ - python-django 2:2.2.24-1 (bug #989394)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
+ NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main)
+ NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24)
+CVE-2021-33202
+ RESERVED
+CVE-2021-33201
+ RESERVED
+CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...)
+ - linux 5.10.40-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/27/1
+ NOTE: Issue introduced due to fixes applied for CVE-2021-29155
+CVE-2021-33199 (In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.p ...)
+ NOT-FOR-US: Expression Engine
+CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...)
+ - golang-1.16 1.16.5-1
+ - golang-1.15 1.15.9-5
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <not-affected> (Vulnerable code introduced later)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/golang/go/issues/45910
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1)
+CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ...)
+ - golang-1.16 1.16.5-1
+ - golang-1.15 1.15.9-5
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies)
+ NOTE: https://github.com/golang/go/issues/46313
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)
+CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.16 1.16.5-1 (bug #989492)
+ - golang-1.15 1.15.9-4
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/46242
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10 (1.15)
+ NOTE: Incomplete fix, cf. CVE-2021-39293
+CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...)
+ - golang-1.16 1.16.5-1
+ - golang-1.15 1.15.9-5
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point release)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies)
+ NOTE: https://github.com/golang/go/issues/46241
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e (1.15)
+CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...)
+ - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4
+ - golang-golang-x-net-dev <removed>
+ [stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch)
+ NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
+ NOTE: https://github.com/golang/go/issues/46288
+ TODO: check completeness
+CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...)
+ - apache2 2.4.48-4
+ [bullseye] - apache2 2.4.48-3.1+deb11u1
+ [buster] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.38)
+ [stretch] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.25)
+ NOTE: https://portswigger.net/research/http2
+ NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193
+CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...)
+ NOT-FOR-US: Apache Jena Fuseki
+CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...)
+ NOT-FOR-US: Apache APISIX Dashboard
+CVE-2021-33481 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...)
+ - gocr <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/jocr/bugs/42/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-33480 (An use-after-free vulnerability was discovered in gocr through 0.53-20 ...)
+ - gocr <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/jocr/bugs/40/
+ NOTE: https://sourceforge.net/p/jocr/bugs/41/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-33479 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...)
+ - gocr <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/jocr/bugs/39/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...)
+ {DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1}
+ - rxvt <removed>
+ - rxvt-unicode 9.22-11 (bug #988763)
+ [buster] - rxvt-unicode 9.22-6+deb10u1
+ - mrxvt <removed>
+ - eterm 0.9.6-6.1 (bug #989041)
+ [buster] - eterm 0.9.6-5+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1
+ NOTE: Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20
+ NOTE: Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
+ NOTE: Disabled problematic code in: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585
+CVE-2021-33189
+ RESERVED
+CVE-2021-33188
+ RESERVED
+CVE-2021-33187
+ RESERVED
+CVE-2021-3555
+ RESERVED
+CVE-2021-33186 (SerenityOS in test-crypto.cpp contains a stack buffer overflow which c ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-33185 (SerenityOS contains a buffer overflow in the set_range test in TestBit ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-33184 (Server-Side request forgery (SSRF) vulnerability in task management co ...)
+ NOT-FOR-US: Synology
+CVE-2021-33183 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-33182 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi component i ...)
+ NOT-FOR-US: Synology
+CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...)
+ - nagvis 1:1.9.29-1
+ [bullseye] - nagvis <no-dsa> (Minor issue)
+ [buster] - nagvis <no-dsa> (Minor issue)
+ [stretch] - nagvis <no-dsa> (Minor issue)
+ TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
+CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...)
+ NOT-FOR-US: VerneMQ MQTT Broker
+CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...)
+ NOT-FOR-US: EMQ X Broker
+CVE-2021-33174
+ RESERVED
+CVE-2021-33173
+ RESERVED
+CVE-2021-33172
+ RESERVED
+CVE-2021-33171
+ RESERVED
+CVE-2021-33170
+ RESERVED
+CVE-2021-33169
+ RESERVED
+CVE-2021-33168
+ RESERVED
+CVE-2021-33167
+ RESERVED
+CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...)
+ NOT-FOR-US: Intel
+CVE-2021-33165
+ RESERVED
+CVE-2021-33164
+ RESERVED
+CVE-2021-33163
+ RESERVED
+CVE-2021-33162
+ RESERVED
+CVE-2021-33161
+ RESERVED
+CVE-2021-33160
+ RESERVED
+CVE-2021-33159
+ RESERVED
+CVE-2021-33158
+ RESERVED
+CVE-2021-33157
+ RESERVED
+CVE-2021-33156
+ RESERVED
+CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...)
+ - firmware-nonfree <undetermined>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html
+ TODO: check in which firmware versions fixed
+CVE-2021-33154
+ RESERVED
+CVE-2021-33153
+ RESERVED
+CVE-2021-33152
+ RESERVED
+CVE-2021-33151
+ RESERVED
+CVE-2021-33150
+ RESERVED
+CVE-2021-33149
+ RESERVED
+CVE-2021-33148
+ RESERVED
+CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
+ NOT-FOR-US: Intel
+CVE-2021-33146
+ RESERVED
+CVE-2021-33145
+ RESERVED
+CVE-2021-33144
+ RESERVED
+CVE-2021-33143
+ RESERVED
+CVE-2021-33142
+ RESERVED
+CVE-2021-33141
+ RESERVED
+CVE-2021-33140
+ RESERVED
+CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...)
+ - firmware-nonfree <undetermined>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html
+ TODO: check in which firmware versions fixed
+CVE-2021-33138
+ RESERVED
+CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...)
+ NOT-FOR-US: Intel
+CVE-2021-33136
+ RESERVED
+CVE-2021-33135
+ RESERVED
+CVE-2021-33134
+ RESERVED
+CVE-2021-33133
+ RESERVED
+CVE-2021-33132
+ RESERVED
+CVE-2021-33131
+ RESERVED
+CVE-2021-33130
+ RESERVED
+CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...)
+ NOT-FOR-US: Intel
+CVE-2021-33128
+ RESERVED
+CVE-2021-33127
+ RESERVED
+CVE-2021-33126
+ RESERVED
+CVE-2021-33125
+ RESERVED
+CVE-2021-33124
+ RESERVED
+CVE-2021-33123
+ RESERVED
+CVE-2021-33122
+ RESERVED
+CVE-2021-33121
+ RESERVED
+CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html
+CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...)
+ NOT-FOR-US: Intel
+CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...)
+ NOT-FOR-US: Intel
+CVE-2021-33117
+ RESERVED
+CVE-2021-33116
+ RESERVED
+CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...)
+ NOT-FOR-US: Intel
+CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ NOT-FOR-US: Intel
+CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ NOT-FOR-US: Intel
+CVE-2021-33112
+ RESERVED
+CVE-2021-33111
+ RESERVED
+CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
+ NOT-FOR-US: Intel
+CVE-2021-33109
+ RESERVED
+CVE-2021-33108
+ RESERVED
+CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...)
+ NOT-FOR-US: Intel
+CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...)
+ NOT-FOR-US: Intel
+CVE-2021-33104
+ RESERVED
+CVE-2021-33103
+ RESERVED
+CVE-2021-33102
+ RESERVED
+CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...)
+ NOT-FOR-US: Intel
+CVE-2021-33100
+ RESERVED
+CVE-2021-33099
+ RESERVED
+CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...)
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/63e39d29b3da02e901349f6cd71159818a4737a6 (5.13-rc4)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html
+CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...)
+ NOT-FOR-US: Intel
+CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...)
+ NOT-FOR-US: Intel
+CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...)
+ NOT-FOR-US: Intel
+CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
+ NOT-FOR-US: Intel
+CVE-2021-33093 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
+ NOT-FOR-US: Intel
+CVE-2021-33092 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...)
+ NOT-FOR-US: Intel
+CVE-2021-33091 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
+ NOT-FOR-US: Intel
+CVE-2021-33090 (Incorrect default permissionsin the software installer for the Intel(R ...)
+ NOT-FOR-US: Intel
+CVE-2021-33089 (Improper access control in the software installer for the Intel(R) NUC ...)
+ NOT-FOR-US: Intel
+CVE-2021-33088 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...)
+ NOT-FOR-US: Intel
+CVE-2021-33087 (Improper authentication in the installer for the Intel(R) NUC M15 Lapt ...)
+ NOT-FOR-US: Intel
+CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may allow an au ...)
+ NOT-FOR-US: Intel
+CVE-2021-33085
+ RESERVED
+CVE-2021-33084
+ RESERVED
+CVE-2021-33083
+ RESERVED
+CVE-2021-33082
+ RESERVED
+CVE-2021-33081
+ RESERVED
+CVE-2021-33080
+ RESERVED
+CVE-2021-33079
+ RESERVED
+CVE-2021-33078
+ RESERVED
+CVE-2021-33077
+ RESERVED
+CVE-2021-33076
+ RESERVED
+CVE-2021-33075
+ RESERVED
+CVE-2021-33074
+ RESERVED
+CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...)
+ NOT-FOR-US: Intel
+CVE-2021-33072
+ RESERVED
+CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R) oneAPI ...)
+ NOT-FOR-US: Intel
+CVE-2021-33070
+ RESERVED
+CVE-2021-33069
+ RESERVED
+CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...)
+ NOT-FOR-US: Intel
+CVE-2021-33067
+ RESERVED
+CVE-2021-33066
+ RESERVED
+CVE-2021-33065
+ RESERVED
+CVE-2021-33064
+ RESERVED
+CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP ...)
+ NOT-FOR-US: Intel
+CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...)
+ NOT-FOR-US: Intel
+CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html
+ TODO: check, might affect the src:linux ixgbe driver
+CVE-2021-33060
+ RESERVED
+CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...)
+ NOT-FOR-US: Intel
+CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools ...)
+ NOT-FOR-US: Intel
+CVE-2021-33057
+ RESERVED
+CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...)
+ NOT-FOR-US: Belledonne Belle-sip
+CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
+ {DSA-5029-1 DLA-2707-1}
+ - sogo 5.1.1-1 (bug #989479)
+ NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
+ NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
+ NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html
+ NOTE: https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html
+ NOTE: Introduced by: https://github.com/inverse-inc/sogo/commit/5487f34b9ee9b9639e3f1d4a7abf4fad2d240d66 (SOGo-2.0.5)
+ NOTE: Fixed by: https://github.com/inverse-inc/sogo/commit/e53636564680ac0df11ec898304bc442908ba746 (SOGo-5.1.1)
+ NOTE: CVE is assigned for the SOGo vulnerability regarding the lasso usage.
+CVE-2021-33053
+ RESERVED
+CVE-2021-33052
+ RESERVED
+CVE-2021-33051
+ RESERVED
+CVE-2021-33050
+ RESERVED
+CVE-2021-33049
+ RESERVED
+CVE-2021-33048
+ RESERVED
+CVE-2021-33047
+ RESERVED
+CVE-2021-33046 (Some Dahua products have access control vulnerability in the password ...)
+ NOT-FOR-US: Dahua
+CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...)
+ NOT-FOR-US: Dahua
+CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...)
+ NOT-FOR-US: Dahua
+CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API as impl ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-33043
+ RESERVED
+CVE-2021-33042
+ RESERVED
+CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
+ NOT-FOR-US: vmd
+CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...)
+ NOT-FOR-US: FuturePress EPub.js
+CVE-2021-33039
+ RESERVED
+CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
+ {DSA-4922-1}
+ - hyperkitty 1.3.4-4 (bug #989183)
+ NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
+ NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
+ NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
+CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...)
+ {DSA-4952-1 DLA-2733-1}
+ - tomcat9 9.0.43-2 (bug #991046)
+ [bullseye] - tomcat9 9.0.43-2~deb11u1
+ - tomcat8 <removed>
+ NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47)
+ NOTE: https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47)
+ NOTE: https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47)
+ NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67)
+ NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67)
+ NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67)
+CVE-2021-33036
+ RESERVED
+CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...)
+ - libreoffice 1:4.3.1-1
+ NOTE: OpenOffice fixed this in https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56
+ NOTE: Libreoffice fixed in this 2014 with https://github.com/LibreOffice/core/commit/d4e64d030092984077021a9af9d281cd64c476bf ...
+CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
+CVE-2021-33032 (A Remote Code Execution (RCE) vulnerability in the WebUI component of ...)
+ NOT-FOR-US: eQ-3 HomeMatic CCU2
+CVE-2021-33031 (In LabCup before &lt;v2_next_18022, it is possible to use the save API ...)
+ NOT-FOR-US: LabCup
+CVE-2021-33030
+ RESERVED
+CVE-2021-33029
+ RESERVED
+CVE-2021-33028
+ RESERVED
+CVE-2021-33027 (Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy i ...)
+ - singularity-container <not-affected> (Only affects Enterprise version)
+CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...)
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08
+CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on Pickle ...)
+ - flask-caching <unfixed> (unimportant; bug #988916)
+ NOTE: https://github.com/sh4nks/flask-caching/pull/209
+ NOTE: Negligible security impact
+CVE-2021-33025
+ RESERVED
+CVE-2021-33024
+ RESERVED
+CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-33022
+ RESERVED
+CVE-2021-33021
+ RESERVED
+CVE-2021-33020
+ RESERVED
+CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-33018
+ RESERVED
+CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...)
+ NOT-FOR-US: Philips
+CVE-2021-33016
+ RESERVED
+CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-33014
+ RESERVED
+CVE-2021-33013
+ RESERVED
+CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...)
+ NOT-FOR-US: Rockwell
+CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...)
+ NOT-FOR-US: JTEKT Corporation
+CVE-2021-33010
+ RESERVED
+CVE-2021-33009
+ RESERVED
+CVE-2021-33008
+ RESERVED
+CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-33006
+ RESERVED
+CVE-2021-33005
+ RESERVED
+CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...)
+ NOT-FOR-US: WebAccess HMI Designer
+CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...)
+ NOT-FOR-US: WebAccess HMI Designer
+CVE-2021-33001
+ RESERVED
+CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
+ NOT-FOR-US: WebAccess HMI Designer
+CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...)
+ NOT-FOR-US: FANUC
+CVE-2021-32997
+ RESERVED
+CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...)
+ NOT-FOR-US: FANUC
+CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-32994
+ RESERVED
+CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...)
+ NOT-FOR-US: Philips
+CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...)
+ NOT-FOR-US: FATEK Automation WinProladder
+CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
+ NOT-FOR-US: FATEK Automation WinProladder
+CVE-2021-32989
+ RESERVED
+CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
+ NOT-FOR-US: FATEK Automation WinProladder
+CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32986
+ RESERVED
+CVE-2021-32985
+ RESERVED
+CVE-2021-32984
+ RESERVED
+CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32982
+ RESERVED
+CVE-2021-32981
+ RESERVED
+CVE-2021-32980
+ RESERVED
+CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32978
+ RESERVED
+CVE-2021-32977
+ RESERVED
+CVE-2021-32976
+ RESERVED
+CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-32974
+ RESERVED
+CVE-2021-32973
+ RESERVED
+CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
+ NOT-FOR-US: Panasonic
+CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32970
+ RESERVED
+CVE-2021-32969
+ RESERVED
+CVE-2021-32968
+ RESERVED
+CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32966
+ RESERVED
+CVE-2021-32965
+ RESERVED
+CVE-2021-32964
+ RESERVED
+CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32962
+ RESERVED
+CVE-2021-32961
+ RESERVED
+CVE-2021-32960
+ RESERVED
+CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32958
+ RESERVED
+CVE-2021-32957
+ RESERVED
+CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2021-32953
+ RESERVED
+CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...)
+ NOT-FOR-US: WebAccess/NMS
+CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32949
+ RESERVED
+CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
+ NOT-FOR-US: FATEK Automation FvDesigner
+CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32945
+ RESERVED
+CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...)
+ NOT-FOR-US: AVEVA InTouch Runtime
+CVE-2021-32941
+ RESERVED
+CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
+ NOT-FOR-US: FATEK Automation FvDesigner
+CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32937
+ RESERVED
+CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32935
+ RESERVED
+CVE-2021-32934
+ RESERVED
+CVE-2021-32933
+ RESERVED
+CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
+ NOT-FOR-US: Advantech
+CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...)
+ NOT-FOR-US: FATEK Automation FvDesigner
+CVE-2021-32930 (The affected product&#8217;s configuration is vulnerable due to missin ...)
+ NOT-FOR-US: Advantech
+CVE-2021-32929
+ RESERVED
+CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...)
+ NOT-FOR-US: Sentinel LDK Run-Time Environment installer
+CVE-2021-32927
+ RESERVED
+CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...)
+ - dogtag-pki 10.10.6-1 (bug #991665)
+ [bullseye] - dogtag-pki <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971
+ NOTE: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548
+ NOTE: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6
+ NOTE: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5
+CVE-2021-3550 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.x reads XML data without disabli ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...)
+ NOT-FOR-US: Invision Community (aka IPS Community Suite)
+CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...)
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
+CVE-2021-32922
+ RESERVED
+CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...)
+ {DSA-4916-1 DLA-2687-1}
+ - prosody 0.11.9-1 (bug #988668)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9
+ NOTE: https://hg.prosody.im/trunk/rev/13b84682518e
+ NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986
+CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...)
+ {DSA-4916-1}
+ - prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <ignored> (Fix is consisting of many patches. Not appliable. Ingored)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65
+ NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7
+ NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d
+CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...)
+ {DSA-4916-1}
+ - prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <not-affected> (Vulnerable code (=dwd) introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e
+ NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9
+CVE-2021-32918 (An issue was discovered in Prosody before 0.11.9. Default settings are ...)
+ {DSA-4916-1}
+ - prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <ignored> (Fix is consisting of many patches. Not appliable. Ingored)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/db8e41eb6eff
+ NOTE: https://hg.prosody.im/trunk/rev/b0d8920ed5e5
+ NOTE: https://hg.prosody.im/trunk/rev/929de6ade6b6
+ NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb
+ NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5
+ NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db
+CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...)
+ {DSA-4916-1 DLA-2687-1}
+ - prosody 0.11.9-1 (bug #988668)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/65dcc175ef5b
+CVE-2021-32916
+ RESERVED
+CVE-2021-32915
+ RESERVED
+CVE-2021-32914
+ RESERVED
+CVE-2021-32913
+ RESERVED
+CVE-2021-32912
+ RESERVED
+CVE-2021-32911
+ RESERVED
+CVE-2021-32910
+ RESERVED
+CVE-2021-32909
+ RESERVED
+CVE-2021-32908
+ RESERVED
+CVE-2021-32907
+ RESERVED
+CVE-2021-32906
+ RESERVED
+CVE-2021-32905
+ RESERVED
+CVE-2021-32904
+ RESERVED
+CVE-2021-32903
+ RESERVED
+CVE-2021-32902
+ RESERVED
+CVE-2021-32901
+ RESERVED
+CVE-2021-32900
+ RESERVED
+CVE-2021-32899
+ RESERVED
+CVE-2021-32898
+ RESERVED
+CVE-2021-32897
+ RESERVED
+CVE-2021-32896
+ RESERVED
+CVE-2021-32895
+ RESERVED
+CVE-2021-32894
+ RESERVED
+CVE-2021-32893
+ RESERVED
+CVE-2021-32892
+ RESERVED
+CVE-2021-32891
+ RESERVED
+CVE-2021-32890
+ RESERVED
+CVE-2021-32889
+ RESERVED
+CVE-2021-32888
+ RESERVED
+CVE-2021-32887
+ RESERVED
+CVE-2021-32886
+ RESERVED
+CVE-2021-32885
+ RESERVED
+CVE-2021-32884
+ RESERVED
+CVE-2021-32883
+ RESERVED
+CVE-2021-32882
+ RESERVED
+CVE-2021-32881
+ RESERVED
+CVE-2021-32880
+ RESERVED
+CVE-2021-32879
+ RESERVED
+CVE-2021-32878
+ RESERVED
+CVE-2021-32877
+ RESERVED
+CVE-2021-32876
+ RESERVED
+CVE-2021-32875
+ RESERVED
+CVE-2021-32874
+ RESERVED
+CVE-2021-32873
+ RESERVED
+CVE-2021-32872
+ RESERVED
+CVE-2021-32871
+ RESERVED
+CVE-2021-32870
+ RESERVED
+CVE-2021-32869
+ RESERVED
+CVE-2021-32868
+ RESERVED
+CVE-2021-32867
+ RESERVED
+CVE-2021-32866
+ RESERVED
+CVE-2021-32865
+ RESERVED
+CVE-2021-32864
+ RESERVED
+CVE-2021-32863
+ RESERVED
+CVE-2021-32862
+ RESERVED
+CVE-2021-32861
+ RESERVED
+CVE-2021-32860
+ RESERVED
+CVE-2021-32859
+ RESERVED
+CVE-2021-32858
+ RESERVED
+CVE-2021-32857
+ RESERVED
+CVE-2021-32856
+ RESERVED
+CVE-2021-32855
+ RESERVED
+CVE-2021-32854
+ RESERVED
+CVE-2021-32853
+ RESERVED
+CVE-2021-32852
+ RESERVED
+CVE-2021-32851
+ RESERVED
+CVE-2021-32850
+ RESERVED
+CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
+ NOT-FOR-US: Gerapy
+CVE-2021-32848
+ RESERVED
+CVE-2021-32847
+ RESERVED
+CVE-2021-32846
+ RESERVED
+CVE-2021-32845
+ RESERVED
+CVE-2021-32844
+ RESERVED
+CVE-2021-32843
+ RESERVED
+CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: CVE refers to the commit for the test case:
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...)
+ - sqlparse 0.4.2-1 (bug #994841)
+ [bullseye] - sqlparse <no-dsa> (Minor issue)
+ [buster] - sqlparse <not-affected> (Vulnerable code introduced later)
+ [stretch] - sqlparse <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
+ NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/1499cffcd7c4d635b4297b44d48fb4fe94cf988e (0.4.0)
+ NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2)
+CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...)
+ NOT-FOR-US: Flask restx
+CVE-2021-32837
+ RESERVED
+CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...)
+ NOT-FOR-US: ZStack
+CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...)
+ NOT-FOR-US: Eclipse Keti
+CVE-2021-32834 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...)
+ NOT-FOR-US: Eclipse Keti
+CVE-2021-32833 (Emby Server is a personal media server with apps on many devices. In E ...)
+ NOT-FOR-US: Emby Server
+CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...)
+ NOT-FOR-US: Total.js
+CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...)
+ NOT-FOR-US: Node @diez/generation
+CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
+ NOT-FOR-US: ZStack
+CVE-2021-32828
+ RESERVED
+CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...)
+ NOT-FOR-US: MockServer
+CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...)
+ NOT-FOR-US: Proxyee-Down
+CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...)
+ NOT-FOR-US: bblfshd
+CVE-2021-32824
+ RESERVED
+CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...)
+ - ruby-bindata <unfixed> (bug #990577)
+ [bullseye] - ruby-bindata <no-dsa> (Minor issue)
+ [buster] - ruby-bindata <no-dsa> (Minor issue)
+ [stretch] - ruby-bindata <no-dsa> (Minor issue)
+ NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323
+ NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency
+ NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18-
+CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...)
+ NOT-FOR-US: Node hbs
+CVE-2021-32821
+ RESERVED
+CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
+ NOT-FOR-US: Express-handlebars
+CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...)
+ NOT-FOR-US: Squirrelly
+CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...)
+ NOT-FOR-US: haml-coffee
+CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...)
+ NOT-FOR-US: express-hbs
+CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
+ NOT-FOR-US: ProtonMail Web Client
+CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #992705)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
+ NOTE: https://github.com/Exiv2/exiv2/pull/1739
+CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...)
+ NOT-FOR-US: Skytable
+CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
+ NOT-FOR-US: Traefik
+CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...)
+ NOT-FOR-US: Monkshu
+CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to ...)
+ NOT-FOR-US: zope
+ NOTE: only affects specific versions using Python3 with options enabled.
+CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ - rust-crossbeam-deque 0.7.4-1 (bug #993146)
+ [bullseye] - rust-crossbeam-deque <no-dsa> (Minor issue)
+ [buster] - rust-crossbeam-deque <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-32810
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-32810
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-32810
+CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ - ckeditor 4.16.2+dfsg-1 (bug #992291)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/f6856decd5992b2b07945292416bb113d5f7ff82 (v4.16.2)
+ NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/ca0851c7a14f616a0c4cda905816aa87ca399efb (v4.5.2)
+CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ - ckeditor 4.16.2+dfsg-1 (bug #992292)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <not-affected> (Vulnerable code introduced later)
+ [stretch] - ckeditor <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a (v4.16.2)
+ NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/72428a762271d5e54a609a7913356a6d309c895d (v4.13.0)
+CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...)
+ NOT-FOR-US: Zope AccessControl
+CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...)
+ NOT-FOR-US: Plone
+CVE-2021-32805 (Flask-AppBuilder is an application development framework, built on top ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74 (v3.3.2)
+CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...)
+ - node-tar 6.1.7+~cs11.3.10-1 (bug #992111)
+ [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
+ [buster] - node-tar 4.4.6+ds1-3+deb10u1
+ [stretch] - node-tar <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
+ NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
+CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...)
+ - node-tar 6.1.7+~cs11.3.10-1 (bug #992110)
+ [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
+ [buster] - node-tar 4.4.6+ds1-3+deb10u1
+ [stretch] - node-tar <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
+ NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
+CVE-2021-32802 (Nextcloud server is an open source, self hosted personal cloud. Nextcl ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32801 (Nextcloud server is an open source, self hosted personal cloud. In aff ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32800 (Nextcloud server is an open source, self hosted personal cloud. In aff ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32799
+ RESERVED
+CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...)
+ - jupyter-notebook 6.4.3-1 (bug #992704)
+ [bullseye] - jupyter-notebook <no-dsa> (Minor issue)
+ [buster] - jupyter-notebook <no-dsa> (Minor issue)
+ [stretch] - jupyter-notebook <no-dsa> (Minor issue)
+ NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
+ NOTE: https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
+CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...)
+ - jupyterlab <itp> (bug #934258)
+CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...)
+ - node-xmldom 0.7.3-1 (bug #991612)
+ [bullseye] - node-xmldom <ignored> (Minor issue, too intrusive to backport)
+ [buster] - node-xmldom <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q
+ NOTE: https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
+CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
+ NOT-FOR-US: ArchiSteamFarm
+CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
+ NOT-FOR-US: ArchiSteamFarm
+CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9)
+CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9)
+CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An SQL i ...)
+ NOT-FOR-US: Woocommerce
+CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for WooCommer ...)
+ NOT-FOR-US: woocommerce-gutenberg-products-block
+CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...)
+ NOT-FOR-US: Discourse
+CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9)
+CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9)
+CVE-2021-32784
+ RESERVED
+CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...)
+ NOT-FOR-US: Countour
+CVE-2021-32782 (Nextcloud Circles is an open source social network built for the nextc ...)
+ NOT-FOR-US: Nextcloud Circles
+CVE-2021-32781 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32780 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32779 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32778 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32777 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32776 (Combodo iTop is a web based IT Service Management tool. In versions pr ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32775 (Combodo iTop is a web based IT Service Management tool. In versions pr ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior ...)
+ NOT-FOR-US: DataDump MediaWiki extension
+CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for ...)
+ [experimental] - racket 8.2+dfsg1-1
+ - racket 7.9+dfsg1-2 (bug #991327)
+ [buster] - racket <no-dsa> (Minor issue)
+ [stretch] - racket <no-dsa> (Minor issue)
+ NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
+CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...)
+ NOT-FOR-US: Poddycast
+CVE-2021-32771
+ RESERVED
+CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
+ NOT-FOR-US: Gatsby
+CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
+ NOT-FOR-US: Micronaut
+CVE-2021-32768 (TYPO3 is an open source PHP based web content management system releas ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...)
+ NOT-FOR-US: Nextcloud Text
+CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...)
+ {DLA-2783-1}
+ - hiredis 0.14.1-2 (unimportant)
+ NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
+ NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1)
+ NOTE: Only a hardening for insecure libcs:
+ NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e#commitcomment-57544143
+CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...)
+ NOT-FOR-US: OpenProject
+CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr
+CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...)
+ {DLA-2717-2 DLA-2717-1}
+ - redis 5:6.0.15-1 (bug #991375)
+ [buster] - redis 5:5.0.14-1+deb10u1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
+CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd versi ...)
+ - containerd 1.4.5~ds1-2
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
+CVE-2021-32759 (OpenMage magento-lts is an alternative to the Magento CE official rele ...)
+ NOT-FOR-US: Magento
+CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...)
+ NOT-FOR-US: Magento
+CVE-2021-32757
+ RESERVED
+CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...)
+ NOT-FOR-US: ManageIQ
+CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles authentic ...)
+ NOT-FOR-US: wire-ios (iOS version of Wire)
+CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2. ...)
+ NOT-FOR-US: FlowDroid
+CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...)
+ NOT-FOR-US: EdgeX Foundry
+CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...)
+ NOT-FOR-US: Ether Logs
+CVE-2021-32751 (Gradle is a build tool with a focus on build automation. In versions p ...)
+ - gradle <unfixed>
+ [bullseye] - gradle <ignored> (Minor issue)
+ [buster] - gradle <ignored> (Minor issue)
+ [stretch] - gradle <no-dsa> (Minor issue)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8
+CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...)
+ NOT-FOR-US: MuWire
+CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...)
+ - fail2ban 0.11.2-2
+ [buster] - fail2ban <no-dsa> (Minor issue, can be fixed in point release)
+ [stretch] - fail2ban <no-dsa> (Minor issue, can be fixed after fix of regression)
+ NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
+ NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9)
+ NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0)
+ NOTE: Fix introduces regression for installations with mail command from the bsd-mailx package:
+ NOTE: https://github.com/fail2ban/fail2ban/issues/3059
+CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online office. N ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...)
+ [experimental] - icingaweb2 2.8.3-1~exp1
+ - icingaweb2 2.8.4-1 (bug #991116)
+ [buster] - icingaweb2 <no-dsa> (Minor issue)
+ [stretch] - icingaweb2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx
+ NOTE: https://github.com/Icinga/icingaweb2/commit/ffe8741c66af6ea085514a35ec878093b991875c (v2.8.3)
+CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
+ [experimental] - icingaweb2 2.8.3-1~exp1
+ - icingaweb2 2.8.4-1 (bug #991116)
+ [buster] - icingaweb2 <no-dsa> (Minor issue)
+ [stretch] - icingaweb2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43
+ NOTE: https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 (v2.8.3)
+CVE-2021-32745 (Collabora Online is a collaborative online office suite. A reflected X ...)
+ NOT-FOR-US: Collabora Online
+CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...)
+ NOT-FOR-US: Collabora Online
+CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
+ [experimental] - icinga2 2.12.5-1~exp1
+ - icinga2 2.12.5-1 (bug #991494)
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
+ NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
+ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
+ NOTE: https://github.com/Icinga/icinga2/commit/843353ab69f79b3abfeb38ac249b05e1944369ab (v2.12.5)
+CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...)
+ NOT-FOR-US: Vapor
+CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...)
+ - ruby-addressable 2.7.0-2 (bug #990791)
+ [stretch] - ruby-addressable <no-dsa> (Minor issue)
+ NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
+ NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
+CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
+ [experimental] - icinga2 2.12.5-1~exp1
+ - icinga2 2.12.5-1 (bug #991494)
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
+ NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
+ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
+ NOTE: https://github.com/Icinga/icinga2/commit/b5b83fa51564662ff2e78d7529ff77e1085d4522 (v2.12.5)
+CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...)
+ NOT-FOR-US: js-stellar-sdk
+CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...)
+ NOT-FOR-US: think-helper
+CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions 3.5.5 and ...)
+ NOT-FOR-US: Kirby
+CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...)
+ NOT-FOR-US: Nextcloud Text
+CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ {DSA-4974-1}
+ - nextcloud-desktop 3.3.1-1
+ NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5
+ NOTE: https://github.com/nextcloud/desktop/pull/3338
+CVE-2021-32727 (Nextcloud Android Client is the Android client for Nextcloud. Clients ...)
+ NOT-FOR-US: Nextcloud Android Client
+CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...)
+ NOT-FOR-US: Github
+CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...)
+ NOT-FOR-US: Prism
+CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...)
+ NOT-FOR-US: GlobalNewFiles MediaWiki extension
+CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux ...)
+ NOT-FOR-US: PowerMux
+CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...)
+ NOT-FOR-US: Sylius
+CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
+ - rabbitmq-server 3.9.4-1 (bug #990524)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f01f0f2d840b98128cdb7ff966d8234b06ef7c75 (master)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/51df93b45fb05f935456f09b88e7554e0b36317f (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 (v3.8.18)
+CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
+ - rabbitmq-server 3.9.4-1 (bug #990524)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a8dffdf7de9793a76fc4685c89b968d8eddca4ca (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 (v3.8.17-rc.1)
+CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32715 (hyper is an HTTP library for rust. hyper's HTTP/1 server code had a fl ...)
+ - rust-hyper <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html
+ NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c
+CVE-2021-32714 (hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper ...)
+ - rust-hyper <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html
+ NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9
+CVE-2021-32713 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32712 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32711 (Shopware is an open source eCommerce platform. Versions prior to 6.3.5 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32710 (Shopware is an open source eCommerce platform. Potential session hijac ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...)
+ - php-league-flysystem 1.1.3-4 (bug #990288)
+ NOTE: https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm
+CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...)
+ NOT-FOR-US: Nextcloud Mail
+CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
+ NOT-FOR-US: DHIS 2
+CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ NOT-FOR-US: Auth0 Next.js SDK
+CVE-2021-32701 (ORY Oathkeeper is an Identity &amp; Access Proxy (IAP) and Access Cont ...)
+ NOT-FOR-US: ORY Oathkeeper
+CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...)
+ NOT-FOR-US: Ballerina
+CVE-2021-32699 (Wings is the control plane software for the open source Pterodactyl ga ...)
+ NOT-FOR-US: Wings
+CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research labs. T ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...)
+ NOT-FOR-US: neos/forms
+CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...)
+ NOT-FOR-US: Node striptags
+CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In versions ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-32693 (Symfony is a PHP framework for web and console applications and a set ...)
+ - symfony <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
+ NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2)
+ NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
+CVE-2021-32692
+ RESERVED
+CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...)
+ NOT-FOR-US: Apollo Apps
+CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
+ NOT-FOR-US: Nextcloud Talk
+CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
+CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DSA-4999-1}
+ - asterisk 1:16.16.1~dfsg-2 (bug #991931)
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
+ - pjproject <removed>
+ [stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch)
+ - ring <unfixed>
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
+ NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
+ NOTE: https://github.com/pjsip/pjproject/pull/2716
+CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
+ NOT-FOR-US: tEnvoy
+CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)
+ NOT-FOR-US: Create Magento app
+CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger. A cr ...)
+ NOT-FOR-US: wire-webapp
+CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...)
+ NOT-FOR-US: elFinder
+CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...)
+ NOT-FOR-US: Wagtail
+CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...)
+ - fastapi 0.70.0-1 (bug #990582)
+ [bullseye] - fastapi <no-dsa> (Minor issue)
+ NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7
+ NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2)
+CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
+ NOT-FOR-US: Nextcloud Talk
+CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p
+CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
+ NOT-FOR-US: Zope
+CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...)
+ NOT-FOR-US: reg-keygen-git-hash-plugin
+CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
+CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...)
+ NOT-FOR-US: Flarum
+CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...)
+ NOT-FOR-US: Datasette
+CVE-2021-32669 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32668 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32667 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+ NOT-FOR-US: wire-ios (iOS version of Wire)
+CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+ NOT-FOR-US: wire-ios (iOS version of Wire)
+CVE-2021-32664 (Combodo iTop is an open source web based IT Service Management tool. I ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32663 (iTop is an open source web based IT Service Management tool. In affect ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...)
+ NOT-FOR-US: Backstage
+CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...)
+ NOT-FOR-US: Backstage
+CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...)
+ NOT-FOR-US: Backstage
+CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...)
+ NOT-FOR-US: Matrix-appservice-bridge
+CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...)
+ NOT-FOR-US: Nextcloud client for Android
+CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missing per ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...)
+ NOT-FOR-US: OneDev
+CVE-2021-32650 (October CMS is a self-hosted content management system (CMS) platform ...)
+ NOT-FOR-US: October CMS
+CVE-2021-32649 (October CMS is a self-hosted content management system (CMS) platform ...)
+ NOT-FOR-US: October CMS
+CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
+ NOT-FOR-US: October CMS
+CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
+ NOT-FOR-US: Emissary
+CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...)
+ NOT-FOR-US: Roomer
+CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...)
+ NOT-FOR-US: Teancy multi-tenant
+CVE-2021-32644 (Ampache is an open source web based audio/video streaming application ...)
+ - ampache <removed>
+CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...)
+ NOT-FOR-US: Http4s
+CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...)
+ - radsecproxy 1.8.2-4 (unimportant)
+ NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
+ NOTE: Only affects example script
+CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before ...)
+ NOT-FOR-US: auth0-lock
+CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...)
+ - node-ws 7.4.2+~cs18.0.8-2
+ [buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1
+ [stretch] - node-ws <no-dsa> (Minor issue)
+ NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
+ NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
+CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary version ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...)
+ NOT-FOR-US: Github
+CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...)
+ NOT-FOR-US: Authelia
+CVE-2021-32636
+ RESERVED
+CVE-2021-32635 (Singularity is an open source container platform. In verions 3.7.2 and ...)
+ - singularity-container <not-affected> (Vulnerable code introduced in 3.7.2)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jq42-hfch-42f3
+ NOTE: https://github.com/hpcng/singularity/commit/cd298aaeb7698fb692689e2e1b49972c94bfa440
+CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior ...)
+ NOT-FOR-US: Zope
+CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
+ NOT-FOR-US: Pajbot
+CVE-2021-32631 (Common is a package of common modules that can be accessed by NIMBLE s ...)
+ NOT-FOR-US: NIMBLE
+CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...)
+ NOT-FOR-US: Admidio
+CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...)
+ NOT-FOR-US: Cranelift
+CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1}
+ - redis 5:6.0.16-1
+ [stretch] - redis <no-dsa> (Minor issue; invasive patch)
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr
+CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DSA-5001-1}
+ - redis 5:6.0.16-1
+ [stretch] - redis <no-dsa> (Minor issue; invasive patch)
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v
+CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c
+CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...)
+ - redis 5:6.0.14-1 (bug #989351)
+ [buster] - redis <not-affected> (Vulnerable code not present)
+ [stretch] - redis <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/redis/redis/pull/9011
+ NOTE: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af81964
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq
+ NOTE: CVE is result of incomplete fix by CVE-2021-29477.
+CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...)
+ NOT-FOR-US: Keystone CMS
+CVE-2021-32623 (Opencast is a free and open source solution for automated video captur ...)
+ NOT-FOR-US: Opencast
+CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...)
+ NOT-FOR-US: Matrix-React-SDK
+CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32620 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
+ NOT-FOR-US: Deno
+CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
+ NOT-FOR-US: Flask-Security-Too
+CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #988731)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
+ NOTE: https://github.com/Exiv2/exiv2/pull/1657
+CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...)
+ NOT-FOR-US: 1CDN
+CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...)
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7
+ NOTE: binutils not covered by security support
+CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...)
+ - piwigo <removed>
+CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...)
+ - dmg2img <unfixed> (unimportant; bug #989008)
+ NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...)
+ - radare2 5.5.0+dfsg-1 (bug #989067)
+ NOTE: https://github.com/radareorg/radare2/issues/18679
+ NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc
+CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...)
+ NOT-FOR-US: VeryFitPro
+CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...)
+ - libexosip2 <removed>
+ [buster] - libexosip2 <no-dsa> (Minor issue)
+ [stretch] - libexosip2 <no-dsa> (Minor issue)
+ NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054
+CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outside of ...)
+ {DLA-2721-1}
+ - drupal7 <removed>
+ - php-pear <unfixed> (bug #991541)
+ [bullseye] - php-pear <no-dsa> (Minor issue)
+ [buster] - php-pear <no-dsa> (Minor issue)
+ [stretch] - php-pear <no-dsa> (Minor issue)
+ NOTE: https://www.drupal.org/sa-core-2021-004
+ NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/
+ NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14)
+CVE-2021-32609 (Apache Superset up to and including 1.1 does not sanitize titles corre ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...)
+ NOT-FOR-US: Smartstore
+CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...)
+ NOT-FOR-US: Smartstore
+CVE-2021-3547 (OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middl ...)
+ - openvpn3 <itp> (bug #904044)
+CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...)
+ NOT-FOR-US: zzzcms
+CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32602 (An improper neutralization of input during web page generation vulnera ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32601
+ RESERVED
+CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32599
+ RESERVED
+CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32597 (Multiple improper neutralization of input during web page generation ( ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...)
+ NOT-FOR-US: FortiPortal
+CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in the web ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...)
+ NOT-FOR-US: FortiPortal
+CVE-2021-32593
+ RESERVED
+CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that encry ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
+ NOT-FOR-US: FortiPortal
+CVE-2021-32589
+ RESERVED
+CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32586
+ RESERVED
+CVE-2021-32585
+ RESERVED
+CVE-2021-32584
+ RESERVED
+CVE-2021-32583
+ RESERVED
+CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...)
+ NOT-FOR-US: ConnectWise Automate
+CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
+CVE-2021-3545 (An information disclosure vulnerability was found in the virtio vhost- ...)
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-1 (bug #989042)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
+ [stretch] - qemu <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/121841b2
+CVE-2021-3544 (Several memory leaks were found in the virtio vhost-user GPU device (v ...)
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-1 (bug #989042)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
+ [stretch] - qemu <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958935
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9f79858
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6091d86
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/63736af5
+CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...)
+ - dmg2img <unfixed> (unimportant)
+ NOTE: https://github.com/Lekensteyn/dmg2img/issues/9
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driver wa ...)
+ - linux 5.10.38-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99
+ NOTE: nitro_enclaves not enabled in Debian binary builds
+CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...)
+ - nomad 0.12.10+dfsg1-3 (bug #990581)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
+CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...)
+ - consul <unfixed> (bug #991719)
+ [bullseye] - consul <no-dsa> (Minor issue)
+ [buster] - consul <not-affected> (Only affects 1.3.0 and later)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
+ NOTE: https://github.com/hashicorp/consul/pull/10619
+CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...)
+ NOT-FOR-US: Node express-cart
+CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...)
+ NOT-FOR-US: Speco Web Viewer
+CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ NOT-FOR-US: OSS-RC
+CVE-2021-32570
+ RESERVED
+CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ NOT-FOR-US: OSS-RC
+CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
+ NOT-FOR-US: mrdoc
+CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache Traffic Ser ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-32564
+ RESERVED
+CVE-2021-32562
+ RESERVED
+CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...)
+ NOT-FOR-US: OctoPrint
+CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...)
+ NOT-FOR-US: OctoPrint
+CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...)
+ NOT-FOR-US: pywin32
+CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...)
+ {DSA-4999-1 DLA-2729-1}
+ - asterisk 1:16.16.1~dfsg-2 (bug #991710)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html
+CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...)
+ NOT-FOR-US: Apport
+CVE-2021-32556 (It was discovered that the get_modified_conffiles() function in backen ...)
+ NOT-FOR-US: Apport
+CVE-2021-32555 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32554 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32553 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32552 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32551 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32550 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32549 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32546
+ RESERVED
+CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...)
+ NOT-FOR-US: igt+
+CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...)
+ NOT-FOR-US: CTS Web transaction system
+CVE-2021-32542 (The parameters of the specific functions in the CTS Web trading system ...)
+ NOT-FOR-US: CTS Web trading system
+CVE-2021-32541 (The CTS Web transaction system related to authentication and session m ...)
+ NOT-FOR-US: CTS Web transaction system
+CVE-2021-32540 (Add announcement function in the 101EIP system does not filter special ...)
+ NOT-FOR-US: 101EIP system
+CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...)
+ NOT-FOR-US: 101EIP system
+CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...)
+ NOT-FOR-US: ARTWARE CMS
+CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...)
+ NOT-FOR-US: Realtek
+CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...)
+ NOT-FOR-US: MCUsystem
+CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...)
+ NOT-FOR-US: QSAN SANOS
+CVE-2021-32534 (QSAN SANOS factory reset function does not filter special parameters. ...)
+ NOT-FOR-US: QSAN SANOS
+CVE-2021-32533 (The QSAN SANOS setting page does not filter special parameters. Remote ...)
+ NOT-FOR-US: QSAN SANOS
+CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in QSAN XEV ...)
+ NOT-FOR-US: QSAN XEVO
+CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN XEVO allow ...)
+ NOT-FOR-US: QSAN XEVO
+CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN XEVO allo ...)
+ NOT-FOR-US: QSAN XEVO
+CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows remote unau ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN Storage Manage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows remote una ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32526 (Incorrect permission assignment for critical resource vulnerability in ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the firmware ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows remote ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager allows re ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32522 (Improper restriction of excessive authentication attempts vulnerabilit ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN Storage Manage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN Storage Mana ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32519 (Use of password hash with insufficient computational effort vulnerabil ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows remote at ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN Storage Ma ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage Manager all ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage Manager ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in QSAN Stora ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special parameters ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special parameter ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability in ViewBr ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability in antivi ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage M ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN Storage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32505
+ RESERVED
+CVE-2021-32504
+ RESERVED
+CVE-2021-32503
+ RESERVED
+CVE-2021-32502
+ RESERVED
+CVE-2021-32501
+ RESERVED
+CVE-2021-32500
+ RESERVED
+CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
+ NOT-FOR-US: SICK Visionary-S CX
+CVE-2021-32495
+ RESERVED
+CVE-2021-32494
+ RESERVED
+CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
+ NOT-FOR-US: Yubico yubihsm-shell
+CVE-2021-32488
+ RESERVED
+CVE-2021-32487 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32486 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32483 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-32482 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-32481 (Cloudera Hue 4.6.0 allows XSS via the type parameter. ...)
+ NOT-FOR-US: Cloudera Hue
+CVE-2021-32480
+ RESERVED
+CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...)
+ - thunar 4.16.8-1 (bug #988394)
+ [buster] - thunar <no-dsa> (Minor issue)
+ [stretch] - thunar <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2
+ NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
+ NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
+ NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575
+CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...)
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-1 (bug #989042)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
+ [stretch] - qemu <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9f22893a
+CVE-2021-3542
+ REJECTED
+CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12)
+CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10)
+CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9)
+CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8)
+CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack its p ...)
+ {DLA-2669-1}
+ - libxml2 2.9.10+dfsg-6.7 (bug #988603)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private)
+ NOTE: https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/
+CVE-2021-32479
+ RESERVED
+CVE-2021-32478
+ RESERVED
+CVE-2021-32477
+ RESERVED
+CVE-2021-32476
+ RESERVED
+CVE-2021-32475
+ RESERVED
+CVE-2021-32474
+ RESERVED
+CVE-2021-32473
+ RESERVED
+CVE-2021-32472
+ RESERVED
+CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implementation ...)
+ NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine
+CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-32469 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32468 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32467 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32466 (An uncontrolled search path element privilege escalation vulnerability ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32464 (An incorrect permission assignment privilege escalation vulnerability ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32463 (An incorrect permission assignment denial-of-service vulnerability in ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32458 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32457 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker can esca ...)
+ NOT-FOR-US: Ivanti MobileIron Core
+CVE-2021-32452
+ RESERVED
+CVE-2021-32451
+ RESERVED
+CVE-2021-32450
+ RESERVED
+CVE-2021-32449
+ RESERVED
+CVE-2021-32448
+ RESERVED
+CVE-2021-32447
+ RESERVED
+CVE-2021-32446
+ RESERVED
+CVE-2021-32445
+ RESERVED
+CVE-2021-32444
+ RESERVED
+CVE-2021-32443
+ RESERVED
+CVE-2021-32442
+ RESERVED
+CVE-2021-32441
+ RESERVED
+CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011
+ NOTE: https://github.com/gpac/gpac/issues/1772
+CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...)
+ - gpac <unfixed>
+ [stretch] - gpac <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae
+ NOTE: https://github.com/gpac/gpac/issues/1774
+CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868
+ NOTE: https://github.com/gpac/gpac/issues/1769
+CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e
+ NOTE: https://github.com/gpac/gpac/issues/1770
+CVE-2021-32436
+ RESERVED
+CVE-2021-32435
+ RESERVED
+CVE-2021-32434
+ RESERVED
+CVE-2021-32433
+ RESERVED
+CVE-2021-32432
+ RESERVED
+CVE-2021-32431
+ RESERVED
+CVE-2021-32430
+ RESERVED
+CVE-2021-32429
+ RESERVED
+CVE-2021-32428
+ RESERVED
+CVE-2021-32427
+ RESERVED
+CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...)
+ NOT-FOR-US: TrendNet TW100-S4W1CA
+CVE-2021-32425
+ RESERVED
+CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session contr ...)
+ NOT-FOR-US: TrendNet TW100-S4W1CA
+CVE-2021-32423
+ RESERVED
+CVE-2021-32422
+ RESERVED
+CVE-2021-32421
+ RESERVED
+CVE-2021-32420
+ RESERVED
+CVE-2021-32419
+ RESERVED
+CVE-2021-32418
+ RESERVED
+CVE-2021-32417
+ RESERVED
+CVE-2021-32416
+ RESERVED
+CVE-2021-32415
+ RESERVED
+CVE-2021-32414
+ RESERVED
+CVE-2021-32413
+ RESERVED
+CVE-2021-32412
+ RESERVED
+CVE-2021-32411
+ RESERVED
+CVE-2021-32410
+ RESERVED
+CVE-2021-32409
+ RESERVED
+CVE-2021-32408
+ RESERVED
+CVE-2021-32407
+ RESERVED
+CVE-2021-32406
+ RESERVED
+CVE-2021-32405
+ RESERVED
+CVE-2021-32404
+ RESERVED
+CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+ NOT-FOR-US: Intelbras Router RF 301K Firmware
+CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+ NOT-FOR-US: Intelbras Router RF 301K Firmware
+CVE-2021-32401
+ RESERVED
+CVE-2021-32400
+ RESERVED
+CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2
+CVE-2021-32398
+ RESERVED
+CVE-2021-32397
+ RESERVED
+CVE-2021-32396
+ RESERVED
+CVE-2021-32395
+ RESERVED
+CVE-2021-32394
+ RESERVED
+CVE-2021-32393
+ RESERVED
+CVE-2021-32392
+ RESERVED
+CVE-2021-32391
+ RESERVED
+CVE-2021-32390
+ RESERVED
+CVE-2021-32389
+ RESERVED
+CVE-2021-32388
+ RESERVED
+CVE-2021-32387
+ RESERVED
+CVE-2021-32386
+ RESERVED
+CVE-2021-32385
+ RESERVED
+CVE-2021-32384
+ RESERVED
+CVE-2021-32383
+ RESERVED
+CVE-2021-32382
+ RESERVED
+CVE-2021-32381
+ RESERVED
+CVE-2021-32380
+ RESERVED
+CVE-2021-32379
+ RESERVED
+CVE-2021-32378
+ RESERVED
+CVE-2021-32377
+ RESERVED
+CVE-2021-32376
+ RESERVED
+CVE-2021-32375
+ RESERVED
+CVE-2021-32374
+ RESERVED
+CVE-2021-32373
+ RESERVED
+CVE-2021-32372
+ RESERVED
+CVE-2021-32371
+ RESERVED
+CVE-2021-32370
+ RESERVED
+CVE-2021-32369
+ RESERVED
+CVE-2021-32368
+ RESERVED
+CVE-2021-32367
+ RESERVED
+CVE-2021-32366
+ RESERVED
+CVE-2021-32365
+ RESERVED
+CVE-2021-32364
+ RESERVED
+CVE-2021-32363
+ RESERVED
+CVE-2021-32362
+ RESERVED
+CVE-2021-32361
+ RESERVED
+CVE-2021-32360
+ RESERVED
+CVE-2021-32359
+ RESERVED
+CVE-2021-32358
+ RESERVED
+CVE-2021-32357
+ RESERVED
+CVE-2021-32356
+ RESERVED
+CVE-2021-32355
+ RESERVED
+CVE-2021-32354
+ RESERVED
+CVE-2021-32353
+ RESERVED
+CVE-2021-32352
+ RESERVED
+CVE-2021-32351
+ RESERVED
+CVE-2021-32350
+ RESERVED
+CVE-2021-32349
+ RESERVED
+CVE-2021-32348
+ RESERVED
+CVE-2021-32347
+ RESERVED
+CVE-2021-32346
+ RESERVED
+CVE-2021-32345
+ RESERVED
+CVE-2021-32344
+ RESERVED
+CVE-2021-32343
+ RESERVED
+CVE-2021-32342
+ RESERVED
+CVE-2021-32341
+ RESERVED
+CVE-2021-32340
+ RESERVED
+CVE-2021-32339
+ RESERVED
+CVE-2021-32338
+ RESERVED
+CVE-2021-32337
+ RESERVED
+CVE-2021-32336
+ RESERVED
+CVE-2021-32335
+ RESERVED
+CVE-2021-32334
+ RESERVED
+CVE-2021-32333
+ RESERVED
+CVE-2021-32332
+ RESERVED
+CVE-2021-32331
+ RESERVED
+CVE-2021-32330
+ RESERVED
+CVE-2021-32329
+ RESERVED
+CVE-2021-32328
+ RESERVED
+CVE-2021-32327
+ RESERVED
+CVE-2021-32326
+ RESERVED
+CVE-2021-32325
+ RESERVED
+CVE-2021-32324
+ RESERVED
+CVE-2021-32323
+ RESERVED
+CVE-2021-32322
+ RESERVED
+CVE-2021-32321
+ RESERVED
+CVE-2021-32320
+ RESERVED
+CVE-2021-32319
+ RESERVED
+CVE-2021-32318
+ RESERVED
+CVE-2021-32317
+ RESERVED
+CVE-2021-32316
+ RESERVED
+CVE-2021-32315
+ RESERVED
+CVE-2021-32314
+ RESERVED
+CVE-2021-32313
+ RESERVED
+CVE-2021-32312
+ RESERVED
+CVE-2021-32311
+ RESERVED
+CVE-2021-32310
+ RESERVED
+CVE-2021-32309
+ RESERVED
+CVE-2021-32308
+ RESERVED
+CVE-2021-32307
+ RESERVED
+CVE-2021-32306
+ RESERVED
+CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...)
+ - websvn <removed>
+CVE-2021-32304
+ RESERVED
+CVE-2021-32303
+ RESERVED
+CVE-2021-32302
+ RESERVED
+CVE-2021-32301
+ RESERVED
+CVE-2021-32300
+ RESERVED
+CVE-2021-32299 (An issue was discovered in pbrt through 20200627. A stack-buffer-overf ...)
+ NOT-FOR-US: pbrt
+CVE-2021-32298 (An issue was discovered in libiff through 20190123. A global-buffer-ov ...)
+ NOT-FOR-US: libiff
+CVE-2021-32297 (An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow ...)
+ NOT-FOR-US: LIEF
+CVE-2021-32296
+ RESERVED
+CVE-2021-32295
+ RESERVED
+CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffer-over ...)
+ - libgig <unfixed>
+ [bullseye] - libgig <ignored> (Minor issue)
+ [buster] - libgig <ignored> (Minor issue)
+ [stretch] - libgig <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://github.com/drbye78/libgig/issues/1
+CVE-2021-32293
+ RESERVED
+CVE-2021-32292
+ RESERVED
+CVE-2021-32291
+ RESERVED
+CVE-2021-32290
+ RESERVED
+CVE-2021-32289 (An issue was discovered in heif through through v3.6.2. A NULL pointer ...)
+ NOT-FOR-US: Nokia HEIF implementation (different from libheif)
+CVE-2021-32288 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...)
+ NOT-FOR-US: Nokia HEIF implementation (different from libheif)
+CVE-2021-32287 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...)
+ NOT-FOR-US: Nokia HEIF implementation (different from libheif)
+CVE-2021-32286 (An issue was discovered in hcxtools through 6.1.6. A global-buffer-ove ...)
+ - hcxtools 6.2.4-1 (bug #994790)
+ [bullseye] - hcxtools <no-dsa> (Minor issue)
+ NOTE: https://github.com/ZerBea/hcxtools/issues/155
+ NOTE: https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2 (6.1.2)
+CVE-2021-32285 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32284 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32283 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.7b-5 (bug #960736)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/107/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/
+CVE-2021-32279
+ RESERVED
+CVE-2021-32278 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/62
+ NOTE: https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e (2_10_0)
+CVE-2021-32277 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/59
+ NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0)
+CVE-2021-32276 (An issue was discovered in faad2 through 2.10.0. A NULL pointer derefe ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/58
+ NOTE: https://github.com/knik0/faad2/commit/b58840121d1827b4b6c7617e2431589af1776ddc (2_10_0)
+CVE-2021-32275 (An issue was discovered in faust through v2.30.5. A NULL pointer deref ...)
+ - faust <unfixed> (unimportant)
+ NOTE: https://github.com/grame-cncm/faust/issues/482
+ NOTE: Negligible security impact
+CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/60
+ NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0)
+CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...)
+ - faad2 2.10.0-1
+ [stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2)
+ NOTE: https://github.com/knik0/faad2/issues/56
+ NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0)
+CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...)
+ - faad2 2.10.0-1
+ [stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2)
+ NOTE: https://github.com/knik0/faad2/issues/57
+ NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0)
+CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1)
+ NOTE: https://github.com/gpac/gpac/issues/1575
+CVE-2021-32270 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1586
+ NOTE: https://github.com/gpac/gpac/commit/362fc486b5c0eea04f26793d5623f6a9272bd85a (v1.0.1)
+CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1574
+ NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1)
+CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/issues/1587
+ NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1)
+CVE-2021-32267
+ RESERVED
+CVE-2021-32266
+ RESERVED
+CVE-2021-32265 (An issue was discovered in Bento4 through v1.6.0-637. A global-buffer- ...)
+ NOT-FOR-US: Bento4
+CVE-2021-32264
+ RESERVED
+CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...)
+ NOT-FOR-US: ok-file-formats
+CVE-2021-32262
+ RESERVED
+CVE-2021-32261
+ RESERVED
+CVE-2021-32260
+ RESERVED
+CVE-2021-32259
+ REJECTED
+CVE-2021-32258
+ RESERVED
+CVE-2021-32257
+ RESERVED
+CVE-2021-32256
+ RESERVED
+CVE-2021-32255
+ RESERVED
+CVE-2021-32254
+ RESERVED
+CVE-2021-32253
+ RESERVED
+CVE-2021-32252
+ RESERVED
+CVE-2021-32251
+ RESERVED
+CVE-2021-32250
+ RESERVED
+CVE-2021-32249
+ RESERVED
+CVE-2021-32248
+ RESERVED
+CVE-2021-32247
+ RESERVED
+CVE-2021-32246
+ RESERVED
+CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file upload por ...)
+ NOT-FOR-US: PageKit CMS
+CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to ...)
+ - moodle <removed>
+CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). ...)
+ NOT-FOR-US: FOGProject
+CVE-2021-32242
+ RESERVED
+CVE-2021-32241
+ RESERVED
+CVE-2021-32240
+ RESERVED
+CVE-2021-32239
+ RESERVED
+CVE-2021-32238 (Epic Games / Psyonix Rocket League &lt;=1.95 is affected by Buffer Ove ...)
+ NOT-FOR-US: Epic Games / Psyonix Rocket League
+CVE-2021-32237
+ RESERVED
+CVE-2021-32236
+ RESERVED
+CVE-2021-32235
+ RESERVED
+CVE-2021-32234 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows r ...)
+ NOT-FOR-US: SmarterTools
+CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS. ...)
+ NOT-FOR-US: SmarterTools SmarterMail
+CVE-2021-32232
+ RESERVED
+CVE-2021-32231
+ RESERVED
+CVE-2021-32230
+ RESERVED
+CVE-2021-32229
+ RESERVED
+CVE-2021-32228
+ RESERVED
+CVE-2021-32227
+ RESERVED
+CVE-2021-32226
+ RESERVED
+CVE-2021-32225
+ RESERVED
+CVE-2021-32224
+ RESERVED
+CVE-2021-32223
+ RESERVED
+CVE-2021-32222
+ RESERVED
+CVE-2021-32221
+ RESERVED
+CVE-2021-32220
+ RESERVED
+CVE-2021-32219
+ RESERVED
+CVE-2021-32218
+ RESERVED
+CVE-2021-32217
+ RESERVED
+CVE-2021-32216
+ RESERVED
+CVE-2021-32215
+ RESERVED
+CVE-2021-32214
+ RESERVED
+CVE-2021-32213
+ RESERVED
+CVE-2021-32212
+ RESERVED
+CVE-2021-32211
+ RESERVED
+CVE-2021-32210
+ RESERVED
+CVE-2021-32209
+ RESERVED
+CVE-2021-32208
+ RESERVED
+CVE-2021-32207
+ RESERVED
+CVE-2021-32206
+ RESERVED
+CVE-2021-32205
+ RESERVED
+CVE-2021-32204
+ RESERVED
+CVE-2021-32203
+ RESERVED
+CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by ...)
+ NOT-FOR-US: CS-Cart
+CVE-2021-32201
+ RESERVED
+CVE-2021-32200
+ RESERVED
+CVE-2021-32199
+ RESERVED
+CVE-2021-32198 (EmTec ZOC through 8.02.4 allows remote servers to cause a denial of se ...)
+ NOT-FOR-US: EmTec ZOC
+CVE-2021-32197
+ RESERVED
+CVE-2021-32196
+ RESERVED
+CVE-2021-32195
+ RESERVED
+CVE-2021-32194
+ RESERVED
+CVE-2021-32193
+ RESERVED
+CVE-2021-32192
+ RESERVED
+CVE-2021-32191
+ RESERVED
+CVE-2021-32190
+ RESERVED
+CVE-2021-32189
+ RESERVED
+CVE-2021-32188
+ RESERVED
+CVE-2021-32187
+ RESERVED
+CVE-2021-32186
+ RESERVED
+CVE-2021-32185
+ RESERVED
+CVE-2021-32184
+ RESERVED
+CVE-2021-32183
+ RESERVED
+CVE-2021-32182
+ RESERVED
+CVE-2021-32181
+ RESERVED
+CVE-2021-32180
+ RESERVED
+CVE-2021-32179
+ RESERVED
+CVE-2021-32178
+ RESERVED
+CVE-2021-32177
+ RESERVED
+CVE-2021-32176
+ RESERVED
+CVE-2021-32175
+ RESERVED
+CVE-2021-32174
+ RESERVED
+CVE-2021-32173
+ RESERVED
+CVE-2021-32172 (Maian Cart v3.8 contains a preauthorization remote code execution (RCE ...)
+ NOT-FOR-US: Maian Cart
+CVE-2021-32171
+ RESERVED
+CVE-2021-32170
+ RESERVED
+CVE-2021-32169
+ RESERVED
+CVE-2021-32168
+ RESERVED
+CVE-2021-32167
+ RESERVED
+CVE-2021-32166
+ RESERVED
+CVE-2021-32165
+ RESERVED
+CVE-2021-32164
+ RESERVED
+CVE-2021-32163
+ RESERVED
+CVE-2021-32162
+ RESERVED
+CVE-2021-32161
+ RESERVED
+CVE-2021-32160
+ RESERVED
+CVE-2021-32159
+ RESERVED
+CVE-2021-32158
+ RESERVED
+CVE-2021-32157
+ RESERVED
+CVE-2021-32156
+ RESERVED
+CVE-2021-32155
+ RESERVED
+CVE-2021-32154
+ RESERVED
+CVE-2021-32153
+ RESERVED
+CVE-2021-32152
+ RESERVED
+CVE-2021-32151
+ RESERVED
+CVE-2021-32150
+ RESERVED
+CVE-2021-32149
+ RESERVED
+CVE-2021-32148
+ RESERVED
+CVE-2021-32147
+ RESERVED
+CVE-2021-32146
+ RESERVED
+CVE-2021-32145
+ RESERVED
+CVE-2021-32144
+ RESERVED
+CVE-2021-32143
+ RESERVED
+CVE-2021-32142
+ RESERVED
+CVE-2021-32141
+ RESERVED
+CVE-2021-32140
+ RESERVED
+CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e
+ NOTE: https://github.com/gpac/gpac/issues/1768
+CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b
+ NOTE: https://github.com/gpac/gpac/issues/1767
+CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca
+ NOTE: https://github.com/gpac/gpac/issues/1766
+CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed
+ NOTE: https://github.com/gpac/gpac/issues/1765
+CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8
+ NOTE: https://github.com/gpac/gpac/issues/1757
+CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01
+ NOTE: https://github.com/gpac/gpac/issues/1756
+CVE-2021-32133
+ RESERVED
+CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23
+ NOTE: https://github.com/gpac/gpac/issues/1753
+CVE-2021-32131
+ RESERVED
+CVE-2021-32130
+ RESERVED
+CVE-2021-32129
+ RESERVED
+CVE-2021-32128
+ RESERVED
+CVE-2021-32127
+ RESERVED
+CVE-2021-32126
+ RESERVED
+CVE-2021-32125
+ RESERVED
+CVE-2021-32124
+ RESERVED
+CVE-2021-32123
+ RESERVED
+CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32121
+ RESERVED
+CVE-2021-32120
+ RESERVED
+CVE-2021-32119
+ RESERVED
+CVE-2021-32118
+ RESERVED
+CVE-2021-32117
+ RESERVED
+CVE-2021-32116
+ RESERVED
+CVE-2021-32115
+ RESERVED
+CVE-2021-32114
+ RESERVED
+CVE-2021-32113
+ RESERVED
+CVE-2021-32112
+ RESERVED
+CVE-2021-32111
+ RESERVED
+CVE-2021-32110
+ RESERVED
+CVE-2021-32109
+ RESERVED
+CVE-2021-32108
+ RESERVED
+CVE-2021-32107
+ RESERVED
+CVE-2021-32106 (In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified i ...)
+ NOT-FOR-US: ICEcoder
+CVE-2021-32105
+ RESERVED
+CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32103 (A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in library ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect acces ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora FMS 742 ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component of Arti ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to perform Pha ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-32097
+ RESERVED
+CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency (NSA) Emi ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32095 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32094 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32093 (The ConfigFileAction component of U.S. National Security Agency (NSA) ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32092 (A Cross-site scripting (XSS) vulnerability in the DocumentAction compo ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift LocalSt ...)
+ NOT-FOR-US: StackList LocalStack
+CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...)
+ NOT-FOR-US: StackList LocalStack
+CVE-2021-32089 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (form ...)
+ NOT-FOR-US: Zebra
+CVE-2021-32088
+ RESERVED
+CVE-2021-32087
+ RESERVED
+CVE-2021-32086
+ RESERVED
+CVE-2021-32085
+ RESERVED
+CVE-2021-32084
+ RESERVED
+CVE-2021-32083
+ RESERVED
+CVE-2021-32082
+ RESERVED
+CVE-2021-32081
+ RESERVED
+CVE-2021-32080
+ RESERVED
+CVE-2021-32079
+ RESERVED
+CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...)
+ - linux 5.14.6-1 (unimportant)
+ NOTE: https://kirtikumarar.com/CVE-2021-32078.txt
+ NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)
+CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...)
+ NOT-FOR-US: EspoCRM
+CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...)
+ - golang-github-satori-go.uuid <not-affected> (Vulnerable code introduced later and not in any released version)
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
+ NOTE: Possibly introduced by: https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c
+ NOTE: Fixed by: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
+ NOTE: https://github.com/satori/go.uuid/issues/73
+CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...)
+ NOT-FOR-US: VerityStream MSOW Solutions
+CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. ...)
+ NOT-FOR-US: Re-Logic Terraria
+CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...)
+ NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action)
+CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...)
+ NOT-FOR-US: DedeCMS
+CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
+ {DSA-5066-1 DLA-2780-1}
+ - ruby2.7 2.7.4-1 (bug #990815)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ - jruby <unfixed>
+ [buster] - jruby <no-dsa> (Minor issue)
+ [stretch] - jruby <no-dsa> (Minor issue)
+ NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
+ NOTE: https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7)
+CVE-2021-32065
+ RESERVED
+CVE-2021-32064
+ RESERVED
+CVE-2021-32063
+ RESERVED
+CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...)
+ [experimental] - mapserver 7.6.3-1~exp1
+ - mapserver 7.6.2-2 (bug #988208)
+ [bullseye] - mapserver <ignored> (Minor issue; #988224)
+ [buster] - mapserver <no-dsa> (Minor issue; will be fixed via point release)
+ [stretch] - mapserver <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/mapserver/mapserver/issues/6313
+ NOTE: https://github.com/MapServer/MapServer/pull/6314
+ NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6)
+ NOTE: https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2)
+ NOTE: https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0)
+ NOTE: Fixed in 7.0.8, 7.2.3, 7.4.5, 7.6.3
+CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows that ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #988123)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
+CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...)
+ - wildfly <itp> (bug #752018)
+CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting ...)
+ NOT-FOR-US: Rapid7
+CVE-2021-32061 (S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket ...)
+ NOT-FOR-US: S3Scanner
+CVE-2021-32060
+ RESERVED
+CVE-2021-32059
+ RESERVED
+CVE-2021-32058
+ RESERVED
+CVE-2021-32057
+ RESERVED
+CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remo ...)
+ - cyrus-imapd 3.2.6-2
+ [buster] - cyrus-imapd <not-affected> (Vulnerable code introduced in the 3.2.x series)
+ [stretch] - cyrus-imapd <not-affected> (Vulnerable code introduced in the 3.2.x series)
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
+ NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
+CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers ...)
+ NOT-FOR-US: Firely/Incendi Spark
+CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...)
+ NOT-FOR-US: HAPI FHIR
+CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...)
+ - python-django 2:2.2.22-1 (bug #988136; unimportant)
+ NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/
+ NOTE: Only an issue in combination with python3.9 3.9.5+
+CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...)
+ NOT-FOR-US: Hexagon G!nius Auskunftsportal
+CVE-2021-32050
+ RESERVED
+CVE-2021-32049
+ RESERVED
+CVE-2021-32048
+ RESERVED
+CVE-2021-32047
+ RESERVED
+CVE-2021-32046
+ RESERVED
+CVE-2021-32045
+ RESERVED
+CVE-2021-32044
+ RESERVED
+CVE-2021-32043
+ RESERVED
+CVE-2021-32042
+ RESERVED
+CVE-2021-32041
+ RESERVED
+CVE-2021-32040
+ RESERVED
+CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...)
+ NOT-FOR-US: MongoDB VSCode Extension
+CVE-2021-32038
+ RESERVED
+CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-59071
+CVE-2021-32036 (An authenticated user without any specific authorizations may be able ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-59294
+CVE-2021-32035
+ RESERVED
+CVE-2021-32034
+ RESERVED
+CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...)
+ NOT-FOR-US: Protectimus SLIM NFC
+CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...)
+ NOT-FOR-US: Trusted Firmware-M
+CVE-2021-32031
+ RESERVED
+CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through ...)
+ - mutt 2.0.5-4.1 (bug #988106)
+ [buster] - mutt <not-affected> (Vulnerable code introduced later)
+ [stretch] - mutt <not-affected> (Vulnerable code introduced later)
+ - neomutt 20201127+dfsg.1-1.2 (bug #988107)
+ [buster] - neomutt <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
+ NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
+ NOTE: imap_qresync not enabled by default and considered an experimental feature
+CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...)
+ NOT-FOR-US: ASUS
+CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING command ...)
+ {DSA-4915-1}
+ - postgresql-13 13.3-1
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ [stretch] - postgresql-9.6 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3)
+CVE-2021-32028 (A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO ...)
+ {DSA-4915-1 DLA-2662-1}
+ - postgresql-13 13.3-1
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f (REL_13_3)
+CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 12.7, b ...)
+ {DSA-4915-1 DLA-2662-1}
+ - postgresql-13 13.3-1
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3)
+CVE-2021-3534
+ REJECTED
+CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR ...)
+ - ansible <unfixed>
+ [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477
+CVE-2021-32026
+ RESERVED
+CVE-2021-32025
+ RESERVED
+CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32021 (A denial of service vulnerability in the message broker of BlackBerry ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...)
+ NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
+CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...)
+ NOT-FOR-US: JUMP AMS
+CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
+ NOT-FOR-US: JUMP AMS
+CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
+ NOT-FOR-US: JUMP AMS
+CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
+ NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
+CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
+ NOT-FOR-US: SheetJS
+CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
+ NOT-FOR-US: SheetJS
+CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
+ NOT-FOR-US: SheetJS
+CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...)
+ - ansible <unfixed>
+ [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464
+CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...)
+ - ceph 14.2.21-1 (bug #988890)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5
+ NOTE: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e
+ NOTE: Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039
+ NOTE: Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7
+CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in rust- ...)
+ - binutils <unfixed> (unimportant)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348
+ NOTE: binutils not covered by security support
+CVE-2021-32011
+ RESERVED
+CVE-2021-32010
+ RESERVED
+CVE-2021-32009
+ RESERVED
+CVE-2021-32008
+ RESERVED
+CVE-2021-32007
+ RESERVED
+CVE-2021-32006
+ RESERVED
+CVE-2021-32005
+ RESERVED
+CVE-2021-32004 (This issue affects: Secomea GateManager All versions prior to 9.6. Imp ...)
+ NOT-FOR-US: Secomea GateManager
+CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...)
+ NOT-FOR-US: Secomea SiteManager
+CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
+ NOT-FOR-US: Secomea SiteManager
+CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...)
+ NOT-FOR-US: Rancher
+CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...)
+ NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server
+CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
+ NOT-FOR-US: Rancher
+CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
+ - inn2 <not-affected> (SuSE-specific packaging issue)
+CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
+ - postorius <not-affected> (SuSE-specific packaging issue)
+CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...)
+ NOT-FOR-US: Rust crate algorithmica
+CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...)
+ NOT-FOR-US: noobaa
+CVE-2021-31995
+ RESERVED
+CVE-2021-31994
+ RESERVED
+CVE-2021-31993
+ RESERVED
+CVE-2021-31992
+ RESERVED
+CVE-2021-31991
+ RESERVED
+CVE-2021-31990
+ RESERVED
+CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31982
+ RESERVED
+CVE-2021-31981
+ RESERVED
+CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31979 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31976 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31975 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31974 (Server for NFS Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31973 (Windows GPSVC Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31972 (Event Tracing for Windows Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31971 (Windows HTML Platform Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31970 (Windows TCP/IP Driver Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31969 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31968 (Windows Remote Desktop Services&#194; Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31967 (VP9 Video Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31966 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31965 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31964 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31963 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31961 (Windows InstallService Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31957 (ASP.NET Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31955 (Windows Kernel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31954 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31953 (Windows Filter Manager Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31952 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31951 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31950 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31949 (Microsoft Outlook Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31947 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31944 (3D Viewer Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31943 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31942 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31941 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31940 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31937
+ RESERVED
+CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-31932 (Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentic ...)
+ NOT-FOR-US: Nokia
+CVE-2021-31931
+ RESERVED
+CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
+ NOT-FOR-US: Concerto
+CVE-2021-31929 (Annex Cloud Loyalty Experience Platform &lt;2021.1.0.1 allows any auth ...)
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
+CVE-2021-31928 (Annex Cloud Loyalty Experience Platform &lt;2021.1.0.1 allows any auth ...)
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
+CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...)
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
+CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...)
+ NOT-FOR-US: CubeCoders AMP
+CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...)
+ NOT-FOR-US: Pexip
+CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...)
+ - pam-u2f 1.1.0-1.1 (bug #987545)
+ [buster] - pam-u2f <not-affected> (Vulnerable code not present)
+ [stretch] - pam-u2f <not-affected> (Vulnerable code not present)
+ NOTE: https://www.yubico.com/support/security-advisories/ysa-2021-03
+ NOTE: https://github.com/Yubico/pam-u2f/commit/6059b057dd9b6d0164fc16f9422c0d728f902bb5 (pam_u2f-1.1.1)
+ NOTE: https://github.com/Yubico/pam-u2f/issues/175
+ NOTE: Support for PIN verification introduced in 1.1.0.
+CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...)
+ NOT-FOR-US: Ping Identity PingAccess
+CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...)
+ NOT-FOR-US: Pulse Secure
+CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
+ NOT-FOR-US: noobaa
+CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...)
+ {DLA-2753-1}
+ - qemu 1:5.2+dfsg-11 (bug #988157)
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
+ NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
+CVE-2021-3526
+ REJECTED
+CVE-2021-3525
+ REJECTED
+CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
+ {DLA-2735-1}
+ - ceph 14.2.21-1 (bug #988889)
+ [buster] - ceph <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1
+CVE-2021-3523
+ RESERVED
+CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...)
+ NOT-FOR-US: Istio
+CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...)
+ NOT-FOR-US: Istio
+CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...)
+ NOT-FOR-US: Rust crate rkyv
+CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...)
+ NOT-FOR-US: tripleo-ansible
+CVE-2021-31917 (A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1. ...)
+ NOT-FOR-US: Infinispan
+CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1
+CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execu ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of the redi ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was potentiall ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on s ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection leading to r ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible on seve ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for changing ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information disclosure in an ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's title was s ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control during the ex ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE versions befor ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs before versio ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used instead o ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user confi ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31896
+ RESERVED
+CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31880
+ RESERVED
+CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...)
+ - wget <unfixed> (bug #988209)
+ [bullseye] - wget <no-dsa> (Minor issue)
+ [buster] - wget <no-dsa> (Minor issue)
+ [stretch] - wget <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
+CVE-2021-31878 (An issue was discovered in PJSIP in Asterisk before 16.19.1 and before ...)
+ - asterisk <not-affected> (Vulnerability introduced in 16.17.0)
+ NOTE: http://downloads.asterisk.org/pub/security/AST-2021-007.html
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29381
+CVE-2021-31877
+ REJECTED
+CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the rep ...)
+ - bitcoin <unfixed>
+ NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876
+ NOTE: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html
+CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...)
+ NOT-FOR-US: Cesanta MongooseOS mJS
+CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, ...)
+ NOT-FOR-US: Zoho
+CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-3521
+ RESERVED
+ - rpm <unfixed>
+ [bullseye] - rpm <no-dsa> (Minor issue)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://github.com/rpm-software-management/rpm/pull/1788
+CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to an ap ...)
+ {DSA-4919-1 DLA-2657-1}
+ - lz4 1.9.3-2 (bug #987856)
+ NOTE: https://github.com/lz4/lz4/pull/972
+ NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
+CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users o ...)
+ NOT-FOR-US: Rapid7 Nexpose
+CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-3519 (A vulnerability was reported in some Lenovo Desktop models that could ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20854
+CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20946
+CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20970
+CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962
+CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter withou ...)
+ NOT-FOR-US: SysAid
+CVE-2021-31861
+ RESERVED
+CVE-2021-31860
+ RESERVED
+CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...)
+ NOT-FOR-US: Ysoft SafeQ
+CVE-2021-31858
+ RESERVED
+CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...)
+ NOT-FOR-US: Zoho ManageEngine Password Manager Pro
+CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...)
+ NOT-FOR-US: Layer Meshery
+CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...)
+ - kf5-messagelib 4:20.08.3-5 (bug #989438)
+ [buster] - kf5-messagelib <no-dsa> (Minor issue)
+ [stretch] - kf5-messagelib <no-dsa> (Minor issue)
+ - kdepim4 <removed>
+ [stretch] - kdepim4 <no-dsa> (Minor issue)
+ NOTE: https://kde.org/info/security/advisory-20210429-1.txt
+ NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
+CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31850 (A denial-of-service vulnerability in Database Security (DBS) prior to ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31846
+ RESERVED
+CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5 ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4. ...)
+ NOT-FOR-US: MVISION EDR (MVEDR)
+CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ NOT-FOR-US: McAfee
+CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #987737)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
+CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #987738)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
+CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #987739)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
+CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before 2.3.4 ...)
+ - pglogical 2.3.3-3 (bug #988735)
+ [buster] - pglogical <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112
+ NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
+CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...)
+ - 389-ds-base 1.4.4.11-2 (bug #988727)
+ [stretch] - 389-ds-base <no-dsa> (Minor issue)
+ NOTE: https://github.com/389ds/389-ds-base/issues/4711
+CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...)
+ {DLA-2690-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
+CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...)
+ NOT-FOR-US: OpenDistro for Elasticsearch
+CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...)
+ NOT-FOR-US: Progress MOVEit Transfer
+CVE-2021-31825
+ RESERVED
+CVE-2021-31824
+ RESERVED
+CVE-2021-31823
+ RESERVED
+CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...)
+ NOT-FOR-US: Octopus Tentacle
+CVE-2021-31821 (When the Windows Tentacle docker image starts up it logs all the comma ...)
+ NOT-FOR-US: Octopus Tentacle
+CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...)
+ NOT-FOR-US: Octopus
+CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-3513
+ NOT-FOR-US: Keycloak
+CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...)
+ NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
+CVE-2021-31814 (In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a ...)
+ NOT-FOR-US: Stormshield
+CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...)
+ NOT-FOR-US: Zoho
+CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...)
+ - libpdfbox2-java 2.0.24-1 (bug #991526)
+ [bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <unfixed> (bug #991527)
+ [bullseye] - libpdfbox-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox-java <no-dsa> (Minor issue)
+ [stretch] - libpdfbox-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/1
+ NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
+CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMem ...)
+ - libpdfbox2-java 2.0.24-1 (bug #991526)
+ [bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <unfixed> (bug #991527)
+ [bullseye] - libpdfbox-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox-java <no-dsa> (Minor issue)
+ [stretch] - libpdfbox-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
+ NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
+CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
+ {DSA-5066-1 DLA-2780-1}
+ - ruby2.7 2.7.4-1 (bug #990815)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ - jruby <unfixed>
+ [buster] - jruby <no-dsa> (Minor issue)
+ [stretch] - jruby <no-dsa> (Minor issue)
+ NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
+ NOTE: https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7)
+CVE-2021-31809
+ RESERVED
+CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #989043)
+ - squid3 <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #989043)
+ - squid3 <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #989043)
+ - squid3 <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+CVE-2021-31805
+ RESERVED
+CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...)
+ {DSA-4905-1}
+ - shibboleth-sp 3.2.2+dfsg1-1 (bug #987608)
+ NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
+ NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
+ NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec
+CVE-2021-31804 (LeoCAD before 21.03 sometimes allows a use-after-free during the openi ...)
+ - leocad <unfixed> (unimportant)
+ NOTE: https://github.com/leozide/leocad/issues/645
+ NOTE: https://github.com/leozide/leocad/commit/233affe3fcdc851fa82cb058871bddd0046e1c87
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-31803 (cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SE ...)
+ NOT-FOR-US: cPanel
+CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow tha ...)
+ NOT-FOR-US: Netgear
+CVE-2021-31801
+ RESERVED
+CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...)
+ - impacket 0.9.22-2 (bug #988141)
+ [buster] - impacket <no-dsa> (Minor issue)
+ [stretch] - impacket <no-dsa> (Minor issue)
+ NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
+CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...)
+ {DSA-5066-1 DLA-2780-1}
+ - ruby2.7 2.7.4-1 (bug #990815)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11)
+ NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1)
+ NOTE: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
+ NOTE: https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master)
+ NOTE: https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7)
+CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk Credenti ...)
+ NOT-FOR-US: CyberArk
+CVE-2021-31797 (The user identification mechanism used by CyberArk Credential Provider ...)
+ NOT-FOR-US: CyberArk
+CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk Credenti ...)
+ NOT-FOR-US: CyberArk
+CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...)
+ NOT-FOR-US: PowerVR GPU kernel driver (OOT)
+CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...)
+ NOT-FOR-US: Directum
+CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that ...)
+ NOT-FOR-US: NightOwl WDB-20-V2 WDB-20-V2_20190314 devices
+CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...)
+ NOT-FOR-US: Sentry KM
+CVE-2021-31790
+ RESERVED
+CVE-2021-31789
+ RESERVED
+CVE-2021-31788
+ RESERVED
+CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...)
+ NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets
+CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...)
+ NOT-FOR-US: Actions ATS
+CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...)
+ NOT-FOR-US: Actions ATS
+CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...)
+ NOT-FOR-US: Piwigo extension
+CVE-2021-31782
+ RESERVED
+CVE-2021-31781
+ RESERVED
+CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...)
+ NOT-FOR-US: MISP
+CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search p ...)
+ NOT-FOR-US: Aviatrix VPN Client
+CVE-2021-31775
+ RESERVED
+CVE-2021-31774
+ RESERVED
+CVE-2021-31773
+ RESERVED
+CVE-2021-31772
+ RESERVED
+CVE-2021-31771
+ REJECTED
+CVE-2021-31770
+ RESERVED
+CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...)
+ NOT-FOR-US: MyQ
+CVE-2021-31768
+ RESERVED
+CVE-2021-31767
+ RESERVED
+CVE-2021-31766
+ RESERVED
+CVE-2021-31765
+ RESERVED
+CVE-2021-31764
+ RESERVED
+CVE-2021-31763
+ RESERVED
+CVE-2021-31762 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to creat ...)
+ - webmin <removed>
+CVE-2021-31761 (Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to ac ...)
+ - webmin <removed>
+CVE-2021-31760 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achie ...)
+ - webmin <removed>
+CVE-2021-31759
+ RESERVED
+CVE-2021-31758 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31757 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31756 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31755 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31754
+ RESERVED
+CVE-2021-31753
+ RESERVED
+CVE-2021-31752
+ RESERVED
+CVE-2021-31751
+ RESERVED
+CVE-2021-31750
+ RESERVED
+CVE-2021-31749
+ RESERVED
+CVE-2021-31748
+ RESERVED
+CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31744
+ RESERVED
+CVE-2021-31743
+ RESERVED
+CVE-2021-31742
+ RESERVED
+CVE-2021-31741
+ RESERVED
+CVE-2021-31740
+ RESERVED
+CVE-2021-31739
+ RESERVED
+CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)
+ NOT-FOR-US: Adiscon LogAnalyzer
+CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...)
+ NOT-FOR-US: emlog
+CVE-2021-31736
+ RESERVED
+CVE-2021-31735
+ RESERVED
+CVE-2021-31734
+ RESERVED
+CVE-2021-31733
+ RESERVED
+CVE-2021-31732
+ RESERVED
+CVE-2021-31731 (A directory traversal issue in KiteCMS 1.1.1 allows remote administrat ...)
+ NOT-FOR-US: KiteCMS
+CVE-2021-31730
+ RESERVED
+CVE-2021-31729
+ RESERVED
+CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+ NOT-FOR-US: MalwareFox AntiMalware
+CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+ NOT-FOR-US: MalwareFox AntiMalware
+CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...)
+ NOT-FOR-US: Akuvox
+CVE-2021-31725
+ RESERVED
+CVE-2021-31724
+ RESERVED
+CVE-2021-31723
+ RESERVED
+CVE-2021-31722
+ RESERVED
+CVE-2021-31721 (Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image ...)
+ NOT-FOR-US: Chevereto
+CVE-2021-31720
+ RESERVED
+CVE-2021-31719
+ RESERVED
+CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the ...)
+ NOT-FOR-US: npupnp
+CVE-2021-31717
+ RESERVED
+CVE-2021-31716
+ RESERVED
+CVE-2021-31715
+ RESERVED
+CVE-2021-31714
+ RESERVED
+CVE-2021-31713
+ RESERVED
+CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...)
+ NOT-FOR-US: react-draft-wysiwyg
+CVE-2021-31711
+ RESERVED
+CVE-2021-31710
+ RESERVED
+CVE-2021-31709
+ RESERVED
+CVE-2021-31708
+ RESERVED
+CVE-2021-31707
+ RESERVED
+CVE-2021-31706
+ RESERVED
+CVE-2021-31705
+ RESERVED
+CVE-2021-31704
+ RESERVED
+CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious executab ...)
+ NOT-FOR-US: Frontier ichris
+CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request for the h ...)
+ NOT-FOR-US: Frontier ichris
+CVE-2021-31701 (Mintty before 3.4.7 mishandles Bracketed Paste Mode. ...)
+ NOT-FOR-US: Mintty
+CVE-2021-31700
+ RESERVED
+CVE-2021-31699
+ RESERVED
+CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...)
+ NOT-FOR-US: Quectel EG25-G devices
+CVE-2021-31697
+ RESERVED
+CVE-2021-31696
+ RESERVED
+CVE-2021-31695
+ RESERVED
+CVE-2021-31694
+ RESERVED
+CVE-2021-31693
+ RESERVED
+CVE-2021-31692
+ RESERVED
+CVE-2021-31691
+ RESERVED
+CVE-2021-31690
+ RESERVED
+CVE-2021-31689
+ RESERVED
+CVE-2021-31688
+ RESERVED
+CVE-2021-31687
+ RESERVED
+CVE-2021-31686
+ RESERVED
+CVE-2021-31685
+ RESERVED
+CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...)
+ - json-smart <unfixed> (unimportant)
+ NOTE: https://github.com/netplex/json-smart-v2/issues/67
+ NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
+ NOTE: Security impact disputed by upstream
+CVE-2021-31683
+ RESERVED
+CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...)
+ NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
+CVE-2021-31681
+ RESERVED
+CVE-2021-31680
+ RESERVED
+CVE-2021-31679
+ RESERVED
+CVE-2021-31678
+ RESERVED
+CVE-2021-31677
+ RESERVED
+CVE-2021-31676
+ RESERVED
+CVE-2021-31675
+ RESERVED
+CVE-2021-31674
+ RESERVED
+CVE-2021-31673
+ RESERVED
+CVE-2021-31672
+ RESERVED
+CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...)
+ NOT-FOR-US: pgsync
+CVE-2021-31670
+ RESERVED
+CVE-2021-31669
+ RESERVED
+CVE-2021-31668
+ RESERVED
+CVE-2021-31667
+ RESERVED
+CVE-2021-31666
+ RESERVED
+CVE-2021-31665
+ RESERVED
+CVE-2021-31664 (RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31663 (RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31662 (RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31661 (RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31660 (RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-31657
+ RESERVED
+CVE-2021-31656
+ RESERVED
+CVE-2021-31655 (Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2 ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-31654
+ RESERVED
+CVE-2021-31653
+ RESERVED
+CVE-2021-31652
+ RESERVED
+CVE-2021-31651
+ RESERVED
+CVE-2021-31650
+ RESERVED
+CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...)
+ NOT-FOR-US: jfinal
+CVE-2021-31648
+ RESERVED
+CVE-2021-31647
+ RESERVED
+CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...)
+ NOT-FOR-US: Gestsup
+CVE-2021-31645
+ RESERVED
+CVE-2021-31644
+ RESERVED
+CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31642 (A denial of service condition exists after an integer overflow in seve ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31641 (An unauthenticated XSS vulnerability exists in several IoT devices fro ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31640
+ RESERVED
+CVE-2021-31639
+ RESERVED
+CVE-2021-31638
+ RESERVED
+CVE-2021-31637
+ RESERVED
+CVE-2021-31636
+ RESERVED
+CVE-2021-31635
+ RESERVED
+CVE-2021-31634
+ RESERVED
+CVE-2021-31633
+ RESERVED
+CVE-2021-31632 (b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulne ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2021-31631 (b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...)
+ NOT-FOR-US: Open PLC webserver
+CVE-2021-31629
+ RESERVED
+CVE-2021-31628
+ RESERVED
+CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
+ NOT-FOR-US: Tenda
+CVE-2021-31626
+ RESERVED
+CVE-2021-31625
+ RESERVED
+CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
+ NOT-FOR-US: Tenda
+CVE-2021-31623
+ RESERVED
+CVE-2021-31622
+ RESERVED
+CVE-2021-31621
+ RESERVED
+CVE-2021-31620
+ RESERVED
+CVE-2021-31619
+ RESERVED
+CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-5 (bug #989562)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
+ NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
+ NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
+CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
+ NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
+CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
+ NOTE: Bluetooth protocol issue
+CVE-2021-31614
+ RESERVED
+CVE-2021-31613 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-31612 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices do ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-31611 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not prope ...)
+ NOT-FOR-US: Bluetrum
+CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...)
+ NOT-FOR-US: Silicon Labs Bluetooth
+CVE-2021-31608
+ RESERVED
+CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...)
+ {DLA-2815-1}
+ - salt 3002.6+dfsg1-2 (bug #987496)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
+ NOTE: Introduced by: https://gitlab.com/saltstack/open/salt/-/commit/1343078d03613e33eec9e5ec5095d2e0b0aa2e59 (v2016.9)
+ NOTE: Combined fix and regression fix: https://salsa.debian.org/salt-team/salt/-/commit/71f7f30851f9609bfda5a1b0f5b115d2743372cd
+CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...)
+ NOT-FOR-US: openvpn-monitor
+CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...)
+ NOT-FOR-US: openvpn-monitor
+CVE-2021-31604 (furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an ar ...)
+ NOT-FOR-US: openvpn-monitor
+CVE-2021-31603
+ RESERVED
+CVE-2021-31602 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31601 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31600 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31599 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/28/
+CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...)
+ - node-xmlhttprequest-ssl <unfixed>
+ [buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should possibly be removed from stable as well)
+ [stretch] - node-xmlhttprequest-ssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2
+ NOTE: https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt
+CVE-2021-31596
+ RESERVED
+CVE-2021-31595
+ RESERVED
+CVE-2021-31594
+ RESERVED
+CVE-2021-31593
+ RESERVED
+CVE-2021-31592
+ RESERVED
+CVE-2021-31591
+ RESERVED
+CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...)
+ NOT-FOR-US: PwnDoc
+CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported and confi ...)
+ NOT-FOR-US: BeyondTrust
+CVE-2021-31588
+ RESERVED
+CVE-2021-31587
+ RESERVED
+CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user to perfo ...)
+ NOT-FOR-US: Accellion Kiteworks
+CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin privileges t ...)
+ NOT-FOR-US: Accellion Kiteworks
+CVE-2021-31584 (Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGC ...)
+ NOT-FOR-US: Sipwise
+CVE-2021-31583 (Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform v ...)
+ NOT-FOR-US: Sipwise
+CVE-2021-31582
+ RESERVED
+CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager Engine ...)
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
+CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager Engine ...)
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
+CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...)
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
+CVE-2021-31578
+ RESERVED
+CVE-2021-31577
+ RESERVED
+CVE-2021-31576
+ RESERVED
+CVE-2021-31575
+ RESERVED
+CVE-2021-31574
+ RESERVED
+CVE-2021-31573
+ RESERVED
+CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
+ NOT-FOR-US: Amazon Web Services FreeRTOS kernel
+CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
+ NOT-FOR-US: Amazon Web Services FreeRTOS kernel
+CVE-2021-31570
+ RESERVED
+CVE-2021-31569
+ RESERVED
+CVE-2021-31568
+ RESERVED
+CVE-2021-31557
+ RESERVED
+CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
+ NOT-FOR-US: MediaWiki extension OAuth
+CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
+ NOT-FOR-US: MediaWiki extension OAuth
+CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31553 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
+ NOT-FOR-US: MediaWiki extension CheckUser
+CVE-2021-31552 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31551 (An issue was discovered in the PageForms extension for MediaWiki throu ...)
+ NOT-FOR-US: MediaWiki extension PageForms
+CVE-2021-31550 (An issue was discovered in the CommentBox extension for MediaWiki thro ...)
+ NOT-FOR-US: MediaWiki extension CommentBox
+CVE-2021-31549 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31548 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31547 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31546 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31545 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31544
+ RESERVED
+CVE-2021-31543
+ RESERVED
+CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
+ {DLA-2651-1}
+ - python-django 2:2.2.21-1 (bug #988053)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
+ NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
+ NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21)
+CVE-2021-31541
+ RESERVED
+CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-31538 (LANCOM R&amp;S Unified Firewall (UF) devices running LCOS FX 10.5 allo ...)
+ NOT-FOR-US: LANCOM
+CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...)
+ NOT-FOR-US: SIS-REWE Go
+CVE-2021-31536
+ RESERVED
+CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...)
+ {DSA-4920-1 DLA-2666-1}
+ - libx11 2:1.7.1-1 (bug #988737)
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/3
+ NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
+ NOTE: https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/
+CVE-2021-31534
+ RESERVED
+CVE-2021-31533
+ RESERVED
+CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...)
+ NOT-FOR-US: NXP
+CVE-2021-31531 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to S ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31530 (Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to I ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31529
+ RESERVED
+CVE-2021-31528
+ RESERVED
+CVE-2021-31527
+ RESERVED
+CVE-2021-31526
+ RESERVED
+CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...)
+ - golang-1.16 1.16.4-1
+ - golang-1.15 1.15.9-2
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-3
+ - golang-golang-x-net-dev <removed>
+ [stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch)
+ NOTE: https://github.com/golang/go/issues/45710
+ NOTE: https://github.com/golang/go/issues/45711 (1.15 backport)
+ NOTE: https://github.com/golang/go/issues/45712 (1.16 backport)
+ NOTE: https://go-review.googlesource.com/c/net/+/313069
+ NOTE: golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1)
+ NOTE: golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b
+CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...)
+ - openexr <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05
+ NOTE: Only affects exrcheck, which isn't built into the binary packages
+CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...)
+ {DLA-2701-1}
+ - openexr 2.5.7-1 (bug #992703)
+ [bullseye] - openexr <no-dsa> (Minor issue)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5)
+CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...)
+ {DLA-2701-1}
+ - openexr 2.5.7-1
+ [bullseye] - openexr <ignored> (Minor issue, might change ABI)
+ [buster] - openexr <ignored> (Minor issue, might change ABI)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c (v3.0.0-beta)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (v2.5.5)
+ NOTE: Depends on https://github.com/AcademySoftwareFoundation/openexr/commit/de27156b77896aeef5b1c99edbca2bc4fa784b51 (v2.3.0)
+CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...)
+ - openexr 2.5.4-2 (bug #988240)
+ [buster] - openexr <not-affected> (Vulnerable code not present)
+ [stretch] - openexr <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e
+CVE-2021-31524
+ RESERVED
+CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...)
+ - ceph 14.2.21-1 (bug #988888)
+ [buster] - ceph <not-affected> (Vulnerable code introduced later)
+ [stretch] - ceph <not-affected> (Vulnerable code introduced later)
+ NOTE: Nautilus: https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca
+ NOTE: Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
+ NOTE: Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4
+ NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly
+ NOTE: cookie, introducing the specific CVE-2021-3509 issue.
+CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...)
+ - pdfresurrect <unfixed> (unimportant)
+ NOTE: https://github.com/enferex/pdfresurrect/issues/17
+ NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370
+ NOTE: Hang in CLI tool, no security impact
+CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...)
+ - qemu <unfixed> (bug #987410)
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...)
+ {DLA-2690-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <ignored> (f2fs is not supportable)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
+ NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/
+CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...)
+ - xscreensaver 5.45+dfsg1-2 (bug #989508)
+ [buster] - xscreensaver <no-dsa> (Minor issue)
+ [stretch] - xscreensaver <postponed> (Minor issue, fix along with next dla)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2
+ NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
+CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...)
+ - xscreensaver 5.45+dfsg1-2 (bug #987149)
+ [buster] - xscreensaver <not-affected> (Vulnerability introduced later)
+ [stretch] - xscreensaver <not-affected> (Vulnerability introduced later)
+ NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2174
+ NOTE: Only in 5.44+dfsg1-1 net_raw capability was added to sonar executable via postinst
+ NOTE: and so exposing the vulnerability.
+CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...)
+ - libtpms 0.8.0~dev1-1
+ NOTE: https://github.com/stefanberger/libtpms/issues/183
+ NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0)
+ NOTE: https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b (v0.8.0)
+CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20. It is ...)
+ {DSA-4913-1 DLA-2656-1}
+ - hivex 1.3.20-1 (bug #988024)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
+ NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
+CVE-2021-3503
+ RESERVED
+ - wildfly <itp> (bug #752018)
+CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Vector 35 Binary Ninja
+CVE-2021-31515 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Vector 35 Binary Ninja
+CVE-2021-31514 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31513 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31512 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31511 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31510 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31509 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31508 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31507 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...)
+ NOT-FOR-US: Arlo Q Plus
+CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31500 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31499 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31498 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31497 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31496 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31495 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31494 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31493 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31492 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31491 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31490 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31489 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31488 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31487 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31486 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31485 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31484 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31483 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31482 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31481 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31480 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31479 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31478 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31477 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: GE Reason RPV311 14A03
+CVE-2021-31476 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31471 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31470 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31469 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31468 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31467 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31466 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31465 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31464 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31463 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31462 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31461 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31460 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31459 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31458 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31457 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31456 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31455 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31454 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31453 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31452 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31451 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31450 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31449 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31448 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31447 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31446 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31445 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31444 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31443 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31442 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-503/
+CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Synology
+CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
+CVE-2021-31416
+ RESERVED
+CVE-2021-31415
+ RESERVED
+CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...)
+ NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code
+CVE-2021-31413
+ RESERVED
+CVE-2021-31412 (Improper sanitization of path in default RouteNotFoundError view in co ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present in a ...)
+ - avahi <unfixed> (bug #986018)
+ [bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <not-affected> (Vulnerable code introduced later)
+ [stretch] - avahi <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/lathiat/avahi/issues/338
+ NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c
+ NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
+CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2 (bug #988215)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
+ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently)
+CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...)
+ NOT-FOR-US: dio package for Dart
+CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterN ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embe ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...)
+ NOT-FOR-US: On 2N Access Unit devices
+CVE-2021-31398
+ RESERVED
+CVE-2021-31397
+ RESERVED
+CVE-2021-31396
+ RESERVED
+CVE-2021-31395
+ RESERVED
+CVE-2021-31394
+ RESERVED
+CVE-2021-31393
+ RESERVED
+CVE-2021-31392
+ RESERVED
+CVE-2021-31391
+ RESERVED
+CVE-2021-31390
+ RESERVED
+CVE-2021-31389
+ RESERVED
+CVE-2021-31388
+ RESERVED
+CVE-2021-31387
+ RESERVED
+CVE-2021-31386 (A Protection Mechanism Failure vulnerability in the J-Web HTTP service ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31385 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31384 (Due to a Missing Authorization weakness and Insufficient Granularity o ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31383 (In Point to MultiPoint (P2MP) scenarios within established sessions be ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31382 (On PTX1000 System, PTX10002-60C System, after upgrading to an affected ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31381 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31380 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31379 (An Incorrect Behavior Order vulnerability in the MAP-E automatic tunne ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31378 (In broadband environments, including but not limited to Enhanced Subsc ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31377 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31376 (An Improper Input Validation vulnerability in Packet Forwarding Engine ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31375 (An Improper Input Validation vulnerability in routing process daemon ( ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31374 (On Juniper Networks Junos OS and Junos OS Evolved devices processing a ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31373 (A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Netwo ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31372 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31371 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31370 (An Incomplete List of Disallowed Inputs vulnerability in Packet Forwar ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31369 (On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31368 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31367 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31366 (An Unchecked Return Value vulnerability in the authd (authentication d ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31365 (An Uncontrolled Resource Consumption vulnerability in Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31364 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31363 (In an MPLS P2MP environment a Loop with Unreachable Exit Condition vul ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31362 (A Protection Mechanism Failure vulnerability in RPD (routing protocol ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31361 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31360 (An improper privilege management vulnerability in the Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31359 (A local privilege escalation vulnerability in Juniper Networks Junos O ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31358 (A command injection vulnerability in sftp command processing on Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31357 (A command injection vulnerability in tcpdump command processing on Jun ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31356 (A command injection vulnerability in command processing on Juniper Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31355 (A persistent cross-site scripting (XSS) vulnerability in the captive p ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31354 (An Out Of Bounds (OOB) access vulnerability in the handling of respons ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31353 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31352 (An Information Exposure vulnerability in Juniper Networks SRC Series d ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31351 (An Improper Check for Unusual or Exceptional Conditions in packet proc ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31350 (An Improper Privilege Management vulnerability in the gRPC framework, ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31349 (The usage of an internal HTTP header created an authentication bypass ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/27/
+CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/27/
+CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...)
+ NOT-FOR-US: Solid Edge
+CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...)
+ NOT-FOR-US: Solid Edge
+CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...)
+ NOT-FOR-US: Mendix Database Replication
+CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions &g ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...)
+ NOT-FOR-US: Mendix Excel Importer Module
+CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ NOT-FOR-US: SINEMA Remote Connect Client
+CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31336
+ RESERVED
+CVE-2021-31335
+ RESERVED
+CVE-2021-31334
+ RESERVED
+CVE-2021-31333
+ RESERVED
+CVE-2021-31332
+ RESERVED
+CVE-2021-31331
+ RESERVED
+CVE-2021-31330
+ RESERVED
+CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-31328
+ RESERVED
+CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-31326
+ RESERVED
+CVE-2021-31325
+ RESERVED
+CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...)
+ NOT-FOR-US: CentOS Web Panel
+CVE-2021-31323 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/
+CVE-2021-31322 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/
+CVE-2021-31321 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie 0.1+dfsg-2 (bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/
+CVE-2021-31320 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/
+CVE-2021-31319 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/
+CVE-2021-31318 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/
+CVE-2021-31317 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie 0.1+dfsg-2 (bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/
+CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affected by a ...)
+ NOT-FOR-US: CentOS Web Panel
+CVE-2021-31315 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/
+CVE-2021-31314
+ RESERVED
+CVE-2021-31313
+ RESERVED
+CVE-2021-31312
+ RESERVED
+CVE-2021-31311
+ RESERVED
+CVE-2021-31310
+ RESERVED
+CVE-2021-31309
+ RESERVED
+CVE-2021-31308
+ RESERVED
+CVE-2021-31307
+ RESERVED
+CVE-2021-31306
+ RESERVED
+CVE-2021-31305
+ RESERVED
+CVE-2021-31304
+ RESERVED
+CVE-2021-31303
+ RESERVED
+CVE-2021-31302
+ RESERVED
+CVE-2021-31301
+ RESERVED
+CVE-2021-31300
+ RESERVED
+CVE-2021-31299
+ RESERVED
+CVE-2021-31298
+ RESERVED
+CVE-2021-31297
+ RESERVED
+CVE-2021-31296
+ RESERVED
+CVE-2021-31295
+ RESERVED
+CVE-2021-31294
+ RESERVED
+CVE-2021-31293
+ RESERVED
+CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.3-3.1 (bug #991706)
+ [bullseye] - exiv2 0.27.3-3+deb11u1
+ NOTE: https://github.com/Exiv2/exiv2/issues/1530
+ NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0
+ NOTE: In older releases affected code is in src/crwimage.cpp
+CVE-2021-31291
+ REJECTED
+CVE-2021-31290
+ RESERVED
+CVE-2021-31289
+ RESERVED
+CVE-2021-31288
+ RESERVED
+CVE-2021-31287
+ RESERVED
+CVE-2021-31286
+ RESERVED
+CVE-2021-31285
+ RESERVED
+CVE-2021-31284
+ RESERVED
+CVE-2021-31283
+ RESERVED
+CVE-2021-31282
+ RESERVED
+CVE-2021-31281
+ RESERVED
+CVE-2021-31280
+ RESERVED
+CVE-2021-31279
+ RESERVED
+CVE-2021-31278
+ RESERVED
+CVE-2021-31277
+ RESERVED
+CVE-2021-31276
+ RESERVED
+CVE-2021-31275
+ RESERVED
+CVE-2021-31274 (In LibreNMS &lt; 21.3.0, a stored XSS vulnerability was identified in ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-31273
+ RESERVED
+CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-31271
+ RESERVED
+CVE-2021-31270
+ RESERVED
+CVE-2021-31269
+ RESERVED
+CVE-2021-31268
+ RESERVED
+CVE-2021-31267
+ RESERVED
+CVE-2021-31266
+ RESERVED
+CVE-2021-31265
+ RESERVED
+CVE-2021-31264
+ RESERVED
+CVE-2021-31263
+ RESERVED
+CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50
+ NOTE: https://github.com/gpac/gpac/issues/1738
+CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...)
+ - gpac 1.0.1+dfsg1-4 (unimportant; bug #987280)
+ NOTE: https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65
+ NOTE: https://github.com/gpac/gpac/issues/1737
+ NOTE: Negligible security impact
+CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
+ NOTE: https://github.com/gpac/gpac/issues/1736
+CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...)
+ - gpac <not-affected> (Vulnerable code was introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8
+ NOTE: https://github.com/gpac/gpac/issues/1735
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1)
+CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
+ NOTE: https://github.com/gpac/gpac/issues/1706
+CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0
+ NOTE: https://github.com/gpac/gpac/issues/1734
+CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280; unimportant)
+ NOTE: https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e
+ NOTE: https://github.com/gpac/gpac/issues/1705
+ NOTE: Negligible security impact
+CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5
+ NOTE: https://github.com/gpac/gpac/issues/1733
+CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 ...)
+ - gpac <not-affected> (Vulnerable code was introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8
+ NOTE: https://github.com/gpac/gpac/issues/1703
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1)
+CVE-2021-31253
+ RESERVED
+CVE-2021-31252 (An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-4 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31251 (An authentication bypass in telnet server in BF-430 and BF431 232/422 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31250 (Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31249 (A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31248
+ RESERVED
+CVE-2021-31247
+ RESERVED
+CVE-2021-31246
+ RESERVED
+CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...)
+ NOT-FOR-US: openmptcprouter-vps-admin
+CVE-2021-31244
+ RESERVED
+CVE-2021-31243
+ RESERVED
+CVE-2021-31242
+ RESERVED
+CVE-2021-31241
+ RESERVED
+CVE-2021-31240
+ RESERVED
+CVE-2021-31239
+ RESERVED
+CVE-2021-31238
+ RESERVED
+CVE-2021-31237
+ RESERVED
+CVE-2021-31236
+ RESERVED
+CVE-2021-31235
+ RESERVED
+CVE-2021-31234
+ RESERVED
+CVE-2021-31233
+ RESERVED
+CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...)
+ NOT-FOR-US: CNCF Cortex
+CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...)
+ NOT-FOR-US: Grafana Enterprise Metrics and Metrics Enterprise
+CVE-2021-31230
+ RESERVED
+CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/26/
+CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31219
+ RESERVED
+CVE-2021-31218
+ RESERVED
+CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...)
+ NOT-FOR-US: Siren Investigate
+CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
+ {DLA-2886-1}
+ - slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
+ - slurm-llnl <removed>
+ [buster] - slurm-llnl <no-dsa> (Minor issue)
+ NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7)
+ NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing)
+ NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2
+ NOTE: for consistency with BTS.
+CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to and incl ...)
+ NOT-FOR-US: Openshift/ovn-kubernetes
+CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31212
+ RESERVED
+CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31210
+ RESERVED
+CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31206 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31203
+ RESERVED
+CVE-2021-31202
+ RESERVED
+CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31197
+ RESERVED
+CVE-2021-31196 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31189
+ RESERVED
+CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31183 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31172 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...)
+ NOT-FOR-US: Apache Unomi
+CVE-2021-31163
+ RESERVED
+CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free can occur ...)
+ - rustc 1.53.0+dfsg1-1
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/83618
+ NOTE: https://github.com/rust-lang/rust/pull/83629
+ NOTE: https://github.com/rust-lang/rust/commit/542f441d445026d0996eebee9ddddee98f5dc3e5
+CVE-2021-31161
+ RESERVED
+CVE-2021-31160 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-31157
+ RESERVED
+CVE-2021-31156
+ RESERVED
+CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...)
+ - rust-pleaser 0.4.1-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
+CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...)
+ - rust-pleaser 0.4.1-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
+CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...)
+ - rust-pleaser 0.4.1-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
+CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...)
+ NOT-FOR-US: Multilaser Router AC1200
+CVE-2021-31151
+ REJECTED
+CVE-2021-31150
+ REJECTED
+CVE-2021-31149
+ REJECTED
+CVE-2021-31148
+ REJECTED
+CVE-2021-31147
+ REJECTED
+CVE-2021-31146
+ REJECTED
+CVE-2021-31145
+ REJECTED
+CVE-2021-31144
+ REJECTED
+CVE-2021-31143
+ REJECTED
+CVE-2021-31142
+ REJECTED
+CVE-2021-31141
+ REJECTED
+CVE-2021-31140
+ REJECTED
+CVE-2021-31139
+ REJECTED
+CVE-2021-31138
+ REJECTED
+CVE-2021-31137
+ REJECTED
+CVE-2021-31136
+ REJECTED
+CVE-2021-31135
+ REJECTED
+CVE-2021-31134
+ REJECTED
+CVE-2021-31133
+ REJECTED
+CVE-2021-31132
+ REJECTED
+CVE-2021-31131
+ REJECTED
+CVE-2021-31130
+ REJECTED
+CVE-2021-31129
+ REJECTED
+CVE-2021-31128
+ REJECTED
+CVE-2021-31127
+ REJECTED
+CVE-2021-31126
+ REJECTED
+CVE-2021-31125
+ REJECTED
+CVE-2021-31124
+ REJECTED
+CVE-2021-31123
+ REJECTED
+CVE-2021-31122
+ REJECTED
+CVE-2021-31121
+ REJECTED
+CVE-2021-31120
+ REJECTED
+CVE-2021-31119
+ REJECTED
+CVE-2021-31118
+ REJECTED
+CVE-2021-31117
+ REJECTED
+CVE-2021-31116
+ REJECTED
+CVE-2021-31115
+ REJECTED
+CVE-2021-31114
+ REJECTED
+CVE-2021-31113
+ REJECTED
+CVE-2021-31112
+ REJECTED
+CVE-2021-31111
+ REJECTED
+CVE-2021-31110
+ REJECTED
+CVE-2021-31109
+ REJECTED
+CVE-2021-31108
+ REJECTED
+CVE-2021-31107
+ REJECTED
+CVE-2021-31106
+ REJECTED
+CVE-2021-31105
+ REJECTED
+CVE-2021-31104
+ REJECTED
+CVE-2021-31103
+ REJECTED
+CVE-2021-31102
+ REJECTED
+CVE-2021-31101
+ REJECTED
+CVE-2021-31100
+ REJECTED
+CVE-2021-31099
+ REJECTED
+CVE-2021-31098
+ REJECTED
+CVE-2021-31097
+ REJECTED
+CVE-2021-31096
+ REJECTED
+CVE-2021-31095
+ REJECTED
+CVE-2021-31094
+ REJECTED
+CVE-2021-31093
+ REJECTED
+CVE-2021-31092
+ REJECTED
+CVE-2021-31091
+ REJECTED
+CVE-2021-31090
+ REJECTED
+CVE-2021-31089
+ REJECTED
+CVE-2021-31088
+ REJECTED
+CVE-2021-31087
+ REJECTED
+CVE-2021-31086
+ REJECTED
+CVE-2021-31085
+ REJECTED
+CVE-2021-31084
+ REJECTED
+CVE-2021-31083
+ REJECTED
+CVE-2021-31082
+ REJECTED
+CVE-2021-31081
+ REJECTED
+CVE-2021-31080
+ REJECTED
+CVE-2021-31079
+ REJECTED
+CVE-2021-31078
+ REJECTED
+CVE-2021-31077
+ REJECTED
+CVE-2021-31076
+ REJECTED
+CVE-2021-31075
+ REJECTED
+CVE-2021-31074
+ REJECTED
+CVE-2021-31073
+ REJECTED
+CVE-2021-31072
+ REJECTED
+CVE-2021-31071
+ REJECTED
+CVE-2021-31070
+ REJECTED
+CVE-2021-31069
+ REJECTED
+CVE-2021-31068
+ REJECTED
+CVE-2021-31067
+ REJECTED
+CVE-2021-31066
+ REJECTED
+CVE-2021-31065
+ REJECTED
+CVE-2021-31064
+ REJECTED
+CVE-2021-31063
+ REJECTED
+CVE-2021-31062
+ REJECTED
+CVE-2021-31061
+ REJECTED
+CVE-2021-31060
+ REJECTED
+CVE-2021-31059
+ REJECTED
+CVE-2021-31058
+ REJECTED
+CVE-2021-31057
+ REJECTED
+CVE-2021-31056
+ REJECTED
+CVE-2021-31055
+ REJECTED
+CVE-2021-31054
+ REJECTED
+CVE-2021-31053
+ REJECTED
+CVE-2021-31052
+ REJECTED
+CVE-2021-31051
+ REJECTED
+CVE-2021-31050
+ REJECTED
+CVE-2021-31049
+ REJECTED
+CVE-2021-31048
+ REJECTED
+CVE-2021-31047
+ REJECTED
+CVE-2021-31046
+ REJECTED
+CVE-2021-31045
+ REJECTED
+CVE-2021-31044
+ REJECTED
+CVE-2021-31043
+ REJECTED
+CVE-2021-31042
+ REJECTED
+CVE-2021-31041
+ REJECTED
+CVE-2021-31040
+ REJECTED
+CVE-2021-31039
+ REJECTED
+CVE-2021-31038
+ REJECTED
+CVE-2021-31037
+ REJECTED
+CVE-2021-31036
+ REJECTED
+CVE-2021-31035
+ REJECTED
+CVE-2021-31034
+ REJECTED
+CVE-2021-31033
+ REJECTED
+CVE-2021-31032
+ REJECTED
+CVE-2021-31031
+ REJECTED
+CVE-2021-31030
+ REJECTED
+CVE-2021-31029
+ REJECTED
+CVE-2021-31028
+ REJECTED
+CVE-2021-31027
+ REJECTED
+CVE-2021-31026
+ REJECTED
+CVE-2021-31025
+ REJECTED
+CVE-2021-31024
+ REJECTED
+CVE-2021-31023
+ REJECTED
+CVE-2021-31022
+ REJECTED
+CVE-2021-31021
+ REJECTED
+CVE-2021-31020
+ REJECTED
+CVE-2021-31019
+ REJECTED
+CVE-2021-31018
+ REJECTED
+CVE-2021-31017
+ REJECTED
+CVE-2021-31016
+ REJECTED
+CVE-2021-31015
+ REJECTED
+CVE-2021-31014
+ REJECTED
+CVE-2021-31013
+ REJECTED
+CVE-2021-31012
+ REJECTED
+CVE-2021-31011
+ REJECTED
+CVE-2021-31010
+ REJECTED
+CVE-2021-31009
+ REJECTED
+CVE-2021-31008
+ REJECTED
+CVE-2021-31007
+ REJECTED
+CVE-2021-31006
+ REJECTED
+CVE-2021-31005
+ REJECTED
+CVE-2021-31004
+ REJECTED
+CVE-2021-31003
+ REJECTED
+CVE-2021-31002
+ REJECTED
+CVE-2021-31001
+ REJECTED
+CVE-2021-31000
+ REJECTED
+CVE-2021-30999
+ REJECTED
+CVE-2021-30998
+ REJECTED
+CVE-2021-30997
+ REJECTED
+CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30994
+ REJECTED
+CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30990 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30989
+ REJECTED
+CVE-2021-30988 (Description: A permissions issue was addressed with improved validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30987 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30986 (A device configuration issue was addressed with an updated configurati ...)
+ NOT-FOR-US: Apple
+CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30981 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30980 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30979 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30978
+ REJECTED
+CVE-2021-30977 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30976 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30975 (This issue was addressed by disabling execution of JavaScript when vie ...)
+ NOT-FOR-US: Apple
+CVE-2021-30974
+ REJECTED
+CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30972
+ REJECTED
+CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30969 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-30968 (A validation issue related to hard link behavior was addressed with im ...)
+ NOT-FOR-US: Apple
+CVE-2021-30967 (Description: A permissions issue was addressed with improved validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30966 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30965 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30964 (An inherited permissions issue was addressed with additional restricti ...)
+ NOT-FOR-US: Apple
+CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30962
+ REJECTED
+CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30959 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30958 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30956
+ REJECTED
+CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30948 (An inconsistent user interface issue was addressed with improved state ...)
+ NOT-FOR-US: Apple
+CVE-2021-30947 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30946 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30944
+ REJECTED
+CVE-2021-30943
+ REJECTED
+CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...)
+ NOT-FOR-US: Apple
+CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30933
+ REJECTED
+CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30928
+ REJECTED
+CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...)
+ NOT-FOR-US: Apple
+CVE-2021-30925
+ REJECTED
+CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30922
+ REJECTED
+CVE-2021-30921
+ REJECTED
+CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30918 (A Lock Screen issue was addressed with improved state management. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30917 (A memory corruption issue existed in the processing of ICC profiles. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30916 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30915 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30914 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30913 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30912 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30911 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30910 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30909 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30908 (An authentication issue was addressed with improved state management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30907 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30906 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved bound ...)
+ NOT-FOR-US: Apple
+CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30898
+ REJECTED
+CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...)
+ NOT-FOR-US: Apple
+CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30894 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30893
+ REJECTED
+CVE-2021-30892 (An inherited permissions issue was addressed with additional restricti ...)
+ NOT-FOR-US: Apple
+CVE-2021-30891
+ REJECTED
+CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-5031-1 DSA-5030-1}
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-5031-1 DSA-5030-1}
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30885
+ REJECTED
+CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30881 (An input validation issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30880 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30879 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30878
+ REJECTED
+CVE-2021-30877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30876 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30875 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30874 (An authorization issue was addressed with improved state management. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30873 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30872
+ REJECTED
+CVE-2021-30871 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ NOT-FOR-US: Apple
+CVE-2021-30870 (A logic issue existed in the handling of document loads. This issue wa ...)
+ NOT-FOR-US: Apple
+CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30868 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30867 (The issue was addressed with improved authentication. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30866 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
+ NOT-FOR-US: Apple
+CVE-2021-30865 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30864 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30863 (This issue was addressed by improving Face ID anti-spoofing models. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30862 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30861 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30860 (An integer overflow was addressed with improved input validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30859 (A type confusion issue was addressed with improved state handling. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30858 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0005.html
+CVE-2021-30857 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30856
+ REJECTED
+CVE-2021-30855 (A validation issue existed in the handling of symlinks. This issue was ...)
+ NOT-FOR-US: Apple
+CVE-2021-30854 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30853 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30852 (A type confusion issue was addressed with improved memory handling. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking. ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=227988
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/27/4
+CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30844 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30843 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30842 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30840 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30839
+ RESERVED
+CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
+CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30833 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30831 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30828 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30827 (A permissions issue existed. This issue was addressed with improved pe ...)
+ NOT-FOR-US: Apple
+CVE-2021-30826 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30822
+ RESERVED
+CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30820 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30814 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30813 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30812
+ RESERVED
+CVE-2021-30811 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30806
+ RESERVED
+CVE-2021-30805 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30804 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30803 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30802 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30801
+ RESERVED
+CVE-2021-30800 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30799 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30798 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30797 (This issue was addressed with improved checks. This issue is fixed in ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30796 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30795 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30794
+ RESERVED
+CVE-2021-30793 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30792 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30791 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30790 (An information disclosure issue was addressed by removing the vulnerab ...)
+ NOT-FOR-US: Apple
+CVE-2021-30789 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30788 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30787 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30786 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30785 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30784 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Apple
+CVE-2021-30783 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30782 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30781 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30780 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30779 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30778 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2021-30777 (An injection issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30776 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30775 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30774 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30773 (An issue in code signature validation was addressed with improved chec ...)
+ NOT-FOR-US: Apple
+CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30771
+ RESERVED
+CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30764 (Processing a maliciously crafted file may lead to arbitrary code execu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30763 (An input validation issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30762 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4681-1}
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30761 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4558-1}
+ - webkit2gtk 2.26.1-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.26.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30760 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30759 (A stack overflow was addressed with improved input validation. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30758 (A type confusion issue was addressed with improved state handling. Thi ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.2-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.2-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30757 (This issue was addressed by enabling hardened runtime. This issue is f ...)
+ NOT-FOR-US: Apple
+CVE-2021-30756 (A local attacker may be able to view Now Playing information from the ...)
+ NOT-FOR-US: Apple
+CVE-2021-30755 (Processing a maliciously crafted font may result in the disclosure of ...)
+ NOT-FOR-US: Apple
+CVE-2021-30754
+ RESERVED
+CVE-2021-30753 (Processing a maliciously crafted font may result in the disclosure of ...)
+ NOT-FOR-US: Apple
+CVE-2021-30752 (Processing a maliciously crafted image may lead to arbitrary code exec ...)
+ NOT-FOR-US: Apple
+CVE-2021-30751 (This issue was addressed with improved data protection. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30750 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30749 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30748 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30747
+ RESERVED
+CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30745
+ RESERVED
+CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30743 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30742 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
+CVE-2021-30741 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30740 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30739 (A local attacker may be able to elevate their privileges. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-30738 (A malicious application may be able to overwrite arbitrary files. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30737 (A memory corruption issue in the ASN.1 decoder was addressed by removi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30736 (A buffer overflow was addressed with improved size validation. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30735 (A malicious application may be able to execute arbitrary code with ker ...)
+ NOT-FOR-US: Apple
+CVE-2021-30734 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30733 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30732
+ RESERVED
+CVE-2021-30731 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30730
+ RESERVED
+CVE-2021-30729 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30728 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30727 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30726 (A malicious application may be able to execute arbitrary code with ker ...)
+ NOT-FOR-US: Apple
+CVE-2021-30725 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30724 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30723 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30722 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30721 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-30720 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30719 (A local user may be able to cause unexpected system termination or rea ...)
+ NOT-FOR-US: Apple
+CVE-2021-30718 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30717 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30716 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30715 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30714 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30713 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30712 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30711
+ RESERVED
+CVE-2021-30710 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30709 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30708 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30707 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30706 (Processing a maliciously crafted image may lead to disclosure of user ...)
+ NOT-FOR-US: Apple
+CVE-2021-30705 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30704 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30703 (A double free issue was addressed with improved memory management. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30702 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30701 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30700 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30699 (A window management issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30698 (A null pointer dereference was addressed with improved input validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30697 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30696 (An attacker in a privileged network position may be able to misreprese ...)
+ NOT-FOR-US: Apple
+CVE-2021-30695 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30694 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30693 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30692 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30691 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30690 (Multiple issues in apache were addressed by updating apache to version ...)
+ NOT-FOR-US: Apple
+CVE-2021-30689 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30688 (A malicious application may be able to break out of its sandbox. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30687 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30686 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30685 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30684 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30683 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30682 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30681 (A validation issue existed in the handling of symlinks. This issue was ...)
+ NOT-FOR-US: Apple
+CVE-2021-30680 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30679 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-30678 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30677 (This issue was addressed with improved environment sanitization. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30676 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30675 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30674 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30673 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30672 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30671 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30670
+ RESERVED
+CVE-2021-30669 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30668 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30667 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30666 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-4558-1}
+ - webkit2gtk 2.26.1-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.26.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30665 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30664 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30663 (An integer overflow was addressed with improved input validation. This ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30662 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30661 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30660 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30659 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30658 (This issue was addressed with improved handling of file metadata. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30657 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30656 (An access issue was addressed with improved memory management. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30655 (An application may be able to execute arbitrary code with system privi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30654 (This issue was addressed by removing additional entitlements. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-30653 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30651
+ RESERVED
+CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
+ NOT-FOR-US: Symantec
+CVE-2021-30649
+ RESERVED
+CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...)
+ NOT-FOR-US: Symantec
+CVE-2021-30647
+ RESERVED
+CVE-2021-30646
+ RESERVED
+CVE-2021-30645
+ RESERVED
+CVE-2021-30644
+ RESERVED
+CVE-2021-30643
+ RESERVED
+CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics web UI 7.2 ...)
+ NOT-FOR-US: Symantec
+CVE-2021-XXXX [out of bounds reads in ASF demuxer]
+ - gst-plugins-ugly1.0 1.18.4-2
+ [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1
+ [stretch] - gst-plugins-ugly1.0 1.10.4-1+deb9u1
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4)
+CVE-2021-3522 (GStreamer before 1.18.4 may perform an out-of-bounds read when handlin ...)
+ {DSA-4903-1 DLA-2641-1}
+ - gst-plugins-base1.0 1.18.4-2
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4)
+ NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0001.html
+CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations]
+ - gst-plugins-bad1.0 1.18.4-2
+ [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2
+ [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d (1.18-branch)
+CVE-2021-XXXX [stack corruption when handling files with more than 64 audio channels]
+ - gst-libav1.0 1.18.4-2
+ [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1
+ [stretch] - gst-libav1.0 1.10.4-1+deb9u1
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1 (master)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92
+CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...)
+ {DSA-4900-1}
+ [experimental] - gst-plugins-good1.0 1.18.4-1
+ - gst-plugins-good1.0 1.18.4-2 (bug #986911)
+ [stretch] - gst-plugins-good1.0 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0
+ NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366
+CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...)
+ {DSA-4900-1 DLA-2640-1}
+ [experimental] - gst-plugins-good1.0 1.18.4-1
+ - gst-plugins-good1.0 1.18.4-2 (bug #986910)
+ NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3
+CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 in Get ...)
+ - jhead 1:3.04-6 (bug #986923; unimportant)
+ NOTE: https://github.com/Matthias-Wandel/jhead/issues/33
+ NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1966743
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
+ NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
+CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...)
+ {DSA-4952-1 DLA-2733-1}
+ - tomcat9 9.0.43-2 (bug #991046)
+ [bullseye] - tomcat9 9.0.43-2~deb11u1
+ [buster] - tomcat9 9.0.31-1~deb10u6
+ - tomcat8 <removed>
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224
+ NOTE: https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66)
+ NOTE: Fix for CVE-2021-30640 introduced a regression:
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
+CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...)
+ - tomcat9 <not-affected> (Vulnerable code introduced later in 9.0.44)
+ - tomcat8 <removed>
+ [stretch] - tomcat8 <not-affected> (Vulnerable code was introduced later)
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65203
+ NOTE: https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45)
+ NOTE: https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65)
+CVE-2021-30638 (Information Exposure vulnerability in context asset handling of Apache ...)
+ NOT-FOR-US: Apache Tapestry
+CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
+ NOT-FOR-US: htmly
+CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...)
+ NOT-FOR-US: MediaTek LinkIt SDK
+CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2021-30634
+ RESERVED
+CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30631
+ REJECTED
+CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...)
+ NOT-FOR-US: ChromeOS Readiness Tool installer on Windows
+CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30595
+ RESERVED
+CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30570
+ RESERVED
+CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30558
+ RESERVED
+CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...)
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - firefox 90.0-1
+ - firefox-esr 78.12.0esr-1
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-30547
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547
+CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - icu 67.1-7
+ [buster] - icu <not-affected> (Vulnerable code introduced later)
+ [stretch] - icu <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1194899 (restricted)
+ NOTE: Bugfix: https://github.com/unicode-org/icu/pull/1698/commits/e450fa50fc242282551f56b941dc93b9a8a0bcbb
+ NOTE: Backports: https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2842864
+ NOTE: Introduced by: https://github.com/unicode-org/icu/commit/596647c0c34bf19d90d7c90d4f3827876fef688f (release-66-preview)
+ NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2dc5bea9061b4fb05cd03e21b775dd944a0eb81d
+CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30519 (Use after free in Payments in Google Chrome prior to 90.0.4430.212 all ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.443 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to 90.0.4430.21 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30515 (Use after free in File API in Google Chrome prior to 90.0.4430.212 all ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to 90.0.4430.212 all ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to 90.0.4430.21 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.2 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.2 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.443 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on Android pr ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on Android ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30505
+ RESERVED
+CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...)
+ NOT-FOR-US: GLSL Linting extension for Visual Studio Code
+CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...)
+ NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code
+CVE-2021-3495 (An incorrect access control flaw was found in the kiali-operator in ve ...)
+ NOT-FOR-US: kiali-operator
+CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems of th ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...)
+ - linux 5.10.38-1
+ [stretch] - linux <not-affected> (Unprivileged users cannot mount overlayfs)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
+CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...)
+ - upx-ucl <unfixed> (unimportant)
+ NOTE: https://github.com/upx/upx/issues/486
+ NOTE: https://github.com/upx/upx/pull/487
+ NOTE: https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
+CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...)
+ - upx-ucl <unfixed> (unimportant)
+ NOTE: https://github.com/upx/upx/issues/485
+ NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
+CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...)
+ - libcaca <unfixed> (bug #987278)
+ [bullseye] - libcaca <no-dsa> (Minor issue)
+ [buster] - libcaca <no-dsa> (Minor issue)
+ [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/cacalabs/libcaca/issues/54
+CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...)
+ - libcaca <unfixed> (bug #987278)
+ [bullseye] - libcaca <no-dsa> (Minor issue)
+ [buster] - libcaca <no-dsa> (Minor issue)
+ [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/cacalabs/libcaca/issues/53
+CVE-2021-30497
+ RESERVED
+CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...)
+ NOT-FOR-US: Telegram for iOS
+CVE-2021-30495
+ RESERVED
+CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
+ NOT-FOR-US: Razer Synapse 3 software suite
+CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
+ NOT-FOR-US: Razer Synapse 3 software suite
+CVE-2021-30492
+ RESERVED
+CVE-2021-30491
+ RESERVED
+CVE-2021-30490
+ RESERVED
+CVE-2021-30489
+ RESERVED
+CVE-2021-30488
+ RESERVED
+CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organization a ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via ...)
+ NOT-FOR-US: SysAid
+CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/25
+CVE-2021-30484
+ RESERVED
+CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...)
+ NOT-FOR-US: isomorphic-git
+CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...)
+ NOT-FOR-US: Valve Steam
+ NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
+ NOTE: is started, so nothing really to be updated there
+CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux ...)
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
+ NOTE: Debian does not include the (not yet upstream accepted) shiftfs
+CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13
+ NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db
+CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11
+CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/10
+CVE-2021-30480 (Zoom Chat through 2021-04-09 on Windows and macOS allows certain remot ...)
+ NOT-FOR-US: Zoom Chat
+CVE-2021-3488
+ RESERVED
+CVE-2021-30479 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30476 (HashiCorp Terraform&#8217;s Vault Provider (terraform-provider-vault) ...)
+ NOT-FOR-US: HashiCorp Terraform Vault Provider
+CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...)
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
+ NOTE: binutils not covered by security support
+CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...)
+ - glpi <removed>
+ NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
+CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...)
+ [experimental] - aom 3.2.0-1~exp1
+ - aom 3.2.0-1
+ NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999
+CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...)
+ [experimental] - aom 3.2.0-1~exp1
+ - aom 3.2.0-1
+ NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000
+CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...)
+ [experimental] - aom 3.2.0-1~exp1
+ - aom 3.2.0-1 (bug #988211)
+ NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
+CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...)
+ - libpodofo <unfixed> (bug #986794)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/132/
+CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...)
+ - libpodofo <unfixed> (bug #986793)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/131/
+CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
+ - libpodofo <unfixed> (bug #986792)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/130/
+CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
+ - libpodofo <unfixed> (bug #986791)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/129/
+CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...)
+ NOT-FOR-US: Apache CXF
+CVE-2021-30467
+ RESERVED
+CVE-2021-30466
+ RESERVED
+CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...)
+ - runc 1.0.0~rc93+ds1-5 (bug #988768)
+ [stretch] - runc <no-dsa> (Intrusive to backport fix)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2
+ NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
+ NOTE: Initial patch in -4, but revised patch was applied only in -5
+CVE-2021-30464 (OMICRON StationGuard before 1.10 allows remote attackers to cause a de ...)
+ NOT-FOR-US: OMICRON StationGuard
+CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...)
+ NOT-FOR-US: VestaCP
+CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...)
+ NOT-FOR-US: VestaCP
+CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...)
+ NOT-FOR-US: VoIPmonitor
+CVE-2021-30460
+ RESERVED
+CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...)
+ NOT-FOR-US: Jazzband Django Debug Toolbar
+CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...)
+ - mediawiki 1:1.35.2-1
+ [buster] - mediawiki <not-affected> (Only applies to 1.35 and later)
+ [stretch] - mediawiki <not-affected> (Only applies to 1.35 and later)
+ NOTE: https://phabricator.wikimedia.org/T279451
+CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
+ NOT-FOR-US: Rust crate id-map
+CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
+ NOT-FOR-US: Rust crate id-map
+CVE-2021-30455 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
+ NOT-FOR-US: Rust crate id-map
+CVE-2021-30454 (An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. ...)
+ NOT-FOR-US: Rust crate outer_cgi
+CVE-2021-30453
+ RESERVED
+CVE-2021-30452
+ RESERVED
+CVE-2021-30451
+ RESERVED
+CVE-2021-30450
+ RESERVED
+CVE-2021-30449
+ RESERVED
+CVE-2021-30448
+ RESERVED
+CVE-2021-30447
+ RESERVED
+CVE-2021-30446
+ RESERVED
+CVE-2021-30445
+ RESERVED
+CVE-2021-30444
+ RESERVED
+CVE-2021-30443
+ RESERVED
+CVE-2021-30442
+ RESERVED
+CVE-2021-30441
+ RESERVED
+CVE-2021-30440
+ RESERVED
+CVE-2021-30439
+ RESERVED
+CVE-2021-30438
+ RESERVED
+CVE-2021-30437
+ RESERVED
+CVE-2021-30436
+ RESERVED
+CVE-2021-30435
+ RESERVED
+CVE-2021-30434
+ RESERVED
+CVE-2021-30433
+ RESERVED
+CVE-2021-30432
+ RESERVED
+CVE-2021-30431
+ RESERVED
+CVE-2021-30430
+ RESERVED
+CVE-2021-30429
+ RESERVED
+CVE-2021-30428
+ RESERVED
+CVE-2021-30427
+ RESERVED
+CVE-2021-30426
+ RESERVED
+CVE-2021-30425
+ RESERVED
+CVE-2021-30424
+ RESERVED
+CVE-2021-30423
+ RESERVED
+CVE-2021-30422
+ RESERVED
+CVE-2021-30421
+ RESERVED
+CVE-2021-30420
+ RESERVED
+CVE-2021-30419
+ RESERVED
+CVE-2021-30418
+ RESERVED
+CVE-2021-30417
+ RESERVED
+CVE-2021-30416
+ RESERVED
+CVE-2021-30415
+ RESERVED
+CVE-2021-30414
+ RESERVED
+CVE-2021-30413
+ RESERVED
+CVE-2021-30412
+ RESERVED
+CVE-2021-30411
+ RESERVED
+CVE-2021-30410
+ RESERVED
+CVE-2021-30409
+ RESERVED
+CVE-2021-30408
+ RESERVED
+CVE-2021-30407
+ RESERVED
+CVE-2021-30406
+ RESERVED
+CVE-2021-30405
+ RESERVED
+CVE-2021-30404
+ RESERVED
+CVE-2021-30403
+ RESERVED
+CVE-2021-30402
+ RESERVED
+CVE-2021-30401
+ RESERVED
+CVE-2021-30400
+ RESERVED
+CVE-2021-30399
+ RESERVED
+CVE-2021-30398
+ RESERVED
+CVE-2021-30397
+ RESERVED
+CVE-2021-30396
+ RESERVED
+CVE-2021-30395
+ RESERVED
+CVE-2021-30394
+ RESERVED
+CVE-2021-30393
+ RESERVED
+CVE-2021-30392
+ RESERVED
+CVE-2021-30391
+ RESERVED
+CVE-2021-30390
+ RESERVED
+CVE-2021-30389
+ RESERVED
+CVE-2021-30388
+ RESERVED
+CVE-2021-30387
+ RESERVED
+CVE-2021-30386
+ RESERVED
+CVE-2021-30385
+ RESERVED
+CVE-2021-30384
+ RESERVED
+CVE-2021-30383
+ RESERVED
+CVE-2021-30382
+ RESERVED
+CVE-2021-30381
+ RESERVED
+CVE-2021-30380
+ RESERVED
+CVE-2021-30379
+ RESERVED
+CVE-2021-30378
+ RESERVED
+CVE-2021-30377
+ RESERVED
+CVE-2021-30376
+ RESERVED
+CVE-2021-30375
+ RESERVED
+CVE-2021-30374
+ RESERVED
+CVE-2021-30373
+ RESERVED
+CVE-2021-30372
+ RESERVED
+CVE-2021-30371
+ RESERVED
+CVE-2021-30370
+ RESERVED
+CVE-2021-30369
+ RESERVED
+CVE-2021-30368
+ RESERVED
+CVE-2021-30367
+ RESERVED
+CVE-2021-30366
+ RESERVED
+CVE-2021-30365
+ RESERVED
+CVE-2021-30364
+ RESERVED
+CVE-2021-30363
+ RESERVED
+CVE-2021-30362
+ RESERVED
+CVE-2021-30361
+ RESERVED
+CVE-2021-30360 (Users have access to the directory where the installation repair occur ...)
+ NOT-FOR-US: Check Point
+CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...)
+ NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers
+CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...)
+ NOT-FOR-US: Mobile Access Portal Native Applications
+CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...)
+ NOT-FOR-US: SSL Network Extender Client
+CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...)
+ NOT-FOR-US: Check Point Identity Agent
+CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 improperl ...)
+ NOT-FOR-US: Amazon Kindle e-reader
+CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...)
+ NOT-FOR-US: Amazon Kindle e-reader
+CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30352
+ RESERVED
+CVE-2021-30351 (An out of bound memory access can occur due to improper validation of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30350
+ RESERVED
+CVE-2021-30349
+ RESERVED
+CVE-2021-30348 (Improper validation of LLM utility timers availability can lead to den ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30347
+ RESERVED
+CVE-2021-30346
+ RESERVED
+CVE-2021-30345
+ RESERVED
+CVE-2021-30344
+ RESERVED
+CVE-2021-30343
+ RESERVED
+CVE-2021-30342
+ RESERVED
+CVE-2021-30341
+ RESERVED
+CVE-2021-30340
+ RESERVED
+CVE-2021-30339
+ RESERVED
+CVE-2021-30338
+ RESERVED
+CVE-2021-30337 (Possible use after free when process shell memory is freed using IOCTL ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30336 (Possible out of bound read due to lack of domain input validation whil ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30335 (Possible assertion in QOS request due to improper validation when mult ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30334
+ RESERVED
+CVE-2021-30333
+ RESERVED
+CVE-2021-30332
+ RESERVED
+CVE-2021-30331
+ RESERVED
+CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30329
+ RESERVED
+CVE-2021-30328
+ RESERVED
+CVE-2021-30327
+ RESERVED
+CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30320
+ RESERVED
+CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30314 (Lack of validation for third party application accessing the service c ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when segme ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30299
+ RESERVED
+CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30296
+ RESERVED
+CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30293 (Possible assertion due to lack of input validation in PUSCH configurat ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30292 (Possible memory corruption due to lack of validation of client data us ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30291 (Possible memory corruption due to lack of validation of client data us ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30289 (Possible buffer overflow due to lack of range check while processing a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30286
+ RESERVED
+CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30283 (Possible denial of service due to improper handling of debug register ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30281
+ RESERVED
+CVE-2021-30280
+ RESERVED
+CVE-2021-30279 (Possible access control violation while setting current permission for ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30278 (Improper input validation in TrustZone memory transfer interface can l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30277
+ RESERVED
+CVE-2021-30276 (Improper access control while doing XPU re-configuration dynamically c ...)
+ NOT-FOR-US: Android
+CVE-2021-30275 (Possible integer overflow in page alignment interface due to lack of a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30274 (Possible integer overflow in access control initialization interface d ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30273 (Possible assertion due to improper handling of IPV6 packet with invali ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30272 (Possible null pointer dereference in thread cache operation handler du ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30271 (Possible null pointer dereference in trap handler due to lack of threa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30270 (Possible null pointer dereference in thread profile trap handler due t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30269 (Possible null pointer dereference due to lack of TLB validation for us ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30268 (Possible heap Memory Corruption Issue due to lack of input validation ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30267 (Possible integer overflow to buffer overflow due to improper input val ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30264 (Possible use after free due improper validation of reference from call ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30263 (Possible race condition can occur due to lack of synchronization mecha ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30262 (Improper validation of a socket state when socket events are being sen ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30259 (Possible out of bound access due to improper validation of function ta ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30258 (Possible buffer overflow due to improper size calculation of payload r ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30257 (Possible out of bound read or write in VR service due to lack of valid ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30256 (Possible stack overflow due to improper validation of camera name leng ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30255 (Possible buffer overflow due to improper input validation in PDM DIAG ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30254 (Possible buffer overflow due to improper input validation in factory c ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30253
+ RESERVED
+CVE-2021-30252
+ RESERVED
+CVE-2021-30251
+ RESERVED
+CVE-2021-30250
+ RESERVED
+CVE-2021-30249
+ RESERVED
+CVE-2021-30248
+ RESERVED
+CVE-2021-30247
+ RESERVED
+CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA ...)
+ NOT-FOR-US: Node jsrasign
+CVE-2021-30245 (The project received a report that all versions of Apache OpenOffice t ...)
+ NOT-FOR-US: Apache OpenOffice, equivalent to CVE-2021-25631
+CVE-2021-3485 (An Improper Input Validation vulnerability in the Product Update featu ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-30244
+ RESERVED
+CVE-2021-30243
+ RESERVED
+CVE-2021-30242
+ RESERVED
+CVE-2021-30241
+ RESERVED
+CVE-2021-30240
+ RESERVED
+CVE-2021-30239
+ RESERVED
+CVE-2021-30238
+ RESERVED
+CVE-2021-30237
+ RESERVED
+CVE-2021-30236
+ RESERVED
+CVE-2021-30235
+ RESERVED
+CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...)
+ NOT-FOR-US: emlog
+CVE-2021-30226
+ RESERVED
+CVE-2021-30225
+ RESERVED
+CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2021-30223
+ RESERVED
+CVE-2021-30222
+ RESERVED
+CVE-2021-30221
+ RESERVED
+CVE-2021-30220
+ RESERVED
+CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...)
+ NOT-FOR-US: samurai
+CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...)
+ NOT-FOR-US: samurai
+CVE-2021-30217
+ RESERVED
+CVE-2021-30216
+ REJECTED
+CVE-2021-30215
+ RESERVED
+CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30213 (Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-sit ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30212 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30211 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30210
+ RESERVED
+CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2021-30208
+ RESERVED
+CVE-2021-30207
+ RESERVED
+CVE-2021-30206
+ RESERVED
+CVE-2021-30205
+ RESERVED
+CVE-2021-30204
+ RESERVED
+CVE-2021-30203
+ RESERVED
+CVE-2021-30202
+ RESERVED
+CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30200
+ RESERVED
+CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca
+ NOTE: https://github.com/gpac/gpac/issues/1728
+CVE-2021-30198
+ RESERVED
+CVE-2021-30197
+ RESERVED
+CVE-2021-30196
+ RESERVED
+CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...)
+ NOT-FOR-US: CERN Indico
+CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...)
+ - gnuchess <unfixed> (bug #986801)
+ [bullseye] - gnuchess <no-dsa> (Minor issue)
+ [buster] - gnuchess <no-dsa> (Minor issue)
+ [stretch] - gnuchess <postponed> (Minor issue in a game; can be fixed in next update)
+ NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
+ NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
+CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-30182
+ RESERVED
+CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-3484
+ RESERVED
+CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf
+CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918
+CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...)
+ NOT-FOR-US: PHP-Nuke
+CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...)
+ NOT-FOR-US: ZEROF Expert
+CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...)
+ NOT-FOR-US: ZEROF Web Server
+CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in specific f ...)
+ NOT-FOR-US: RiyaLab CloudISO
+CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...)
+ NOT-FOR-US: omni-directional communication system
+CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...)
+ NOT-FOR-US: Quan-Fang-Wei-Tong-Xun system
+CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users&#821 ...)
+ NOT-FOR-US: ERP POS
+CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...)
+ NOT-FOR-US: ERP POS
+CVE-2021-30169 (The sensitive information of webcam device is not properly protected. ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30168 (The sensitive information of webcam device is not properly protected. ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30167 (The manage users profile services of the network camera device allows ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30165 (The default administrator account &amp; password of the EDIMAX wireles ...)
+ NOT-FOR-US: EDIMAX
+CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #986800)
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/19975
+CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #986800)
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20819
+CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-26948
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/410
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-26259
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/417
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-26252
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/412
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23206
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/416
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23191
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/415
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23180
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23165
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/413
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
+CVE-2021-23158
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/414
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-30160
+ RESERVED
+CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T272386
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T277009
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546
+CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
+ - mediawiki 1:1.35.2-1
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T278058
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085
+CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ - mediawiki <not-affected> (Not a security issue on release branches, only affected master)
+ NOTE: https://phabricator.wikimedia.org/T276306
+ NOTE: CVE description is wrong
+CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270988
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
+ - mediawiki 1:1.35.2-1
+ [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://phabricator.wikimedia.org/T278014
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/
+CVE-2021-30153
+ RESERVED
+ - mediawiki 1:1.35.2-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T270453
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270713
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
+ - ruby-sidekiq <unfixed> (bug #987354)
+ [bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
+ [buster] - ruby-sidekiq <no-dsa> (Minor issue)
+ [stretch] - ruby-sidekiq <no-dsa> (Minor issue)
+ NOTE: https://github.com/mperham/sidekiq/issues/4852
+ NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
+CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
+ NOT-FOR-US: Composr
+CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
+ NOT-FOR-US: Composr
+CVE-2021-30148
+ RESERVED
+CVE-2021-30147 (DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as addi ...)
+ NOT-FOR-US: DMA Softlab Radius Manager
+CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...)
+ - seafile-client <unfixed> (bug #987282)
+ [bullseye] - seafile-client <no-dsa> (Minor issue)
+ [buster] - seafile-client <no-dsa> (Minor issue)
+ NOTE: https://github.com/Security-AVS/CVE-2021-30146
+CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...)
+ - mpv 0.32.0-3 (bug #986839)
+ [buster] - mpv <no-dsa> (Minor issue)
+ [stretch] - mpv <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b
+CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...)
+ NOT-FOR-US: GLPI plugin
+CVE-2021-30143
+ RESERVED
+CVE-2021-30142
+ RESERVED
+CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...)
+ NOT-FOR-US: Friendica
+CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...)
+ NOT-FOR-US: LiquidFiles
+CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a b ...)
+ NOT-FOR-US: Alpine Linux apk-tools
+CVE-2021-30138
+ REJECTED
+CVE-2021-30137 (Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarsha ...)
+ NOT-FOR-US: Axios Assyst
+CVE-2021-30136
+ RESERVED
+CVE-2021-30135
+ RESERVED
+CVE-2021-30134
+ RESERVED
+CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...)
+ NOT-FOR-US: CloverDX
+CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-30131
+ RESERVED
+CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...)
+ - phpseclib 1.0.19-3
+ [stretch] - phpseclib <not-affected> (Only affects 3.x branch)
+ - php-phpseclib 2.0.30-2
+ [stretch] - php-phpseclib <not-affected> (Only affects 3.x branch)
+ - php-phpseclib3 3.0.7-1
+ NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890
+ NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1)
+ NOTE: According to upstream, 1.x and 2.x are not vulnerable, the fix on these branches only backports more exhaustive PKCS#1 v1.5 support (functional change)
+ NOTE: According to upstream, 1.x and 2.x have the problem described as "incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5
+ NOTE: signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter." but
+ NOTE: this is not considered as a security problem.
+CVE-2021-30129 (A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...)
+ NOT-FOR-US: Apache Mina SSHD
+CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...)
+ NOT-FOR-US: Terramaster
+CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...)
+ NOT-FOR-US: Lightmeter ControlCenter
+CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...)
+ NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual Studio Code
+CVE-2021-30123 (FFmpeg &lt;=4.3 contains a buffer overflow vulnerability in libavcodec ...)
+ - ffmpeg <not-affected> (Only affects 4.4 development branches)
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+ NOTE: https://trac.ffmpeg.org/ticket/8845
+ NOTE: https://trac.ffmpeg.org/ticket/8863
+ NOTE: CVE description is wrong, this landed in 4.4 only
+ NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+CVE-2021-30122
+ RESERVED
+CVE-2021-30121 (Authenticated local file inclusion in Kaseya VSA &lt; v9.5.6 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30115
+ RESERVED
+CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II before 5 ...)
+ NOT-FOR-US: Greyware
+CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...)
+ NOT-FOR-US: Froala Editor
+CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vu ...)
+ NOT-FOR-US: Feehi CMS
+CVE-2021-30107
+ RESERVED
+CVE-2021-30106
+ RESERVED
+CVE-2021-30105
+ RESERVED
+CVE-2021-30104
+ RESERVED
+CVE-2021-30103
+ RESERVED
+CVE-2021-30102
+ RESERVED
+CVE-2021-30101
+ RESERVED
+CVE-2021-30100
+ RESERVED
+CVE-2021-30099
+ RESERVED
+CVE-2021-30098
+ RESERVED
+CVE-2021-30097
+ RESERVED
+CVE-2021-30096
+ RESERVED
+CVE-2021-30095
+ RESERVED
+CVE-2021-30094
+ RESERVED
+CVE-2021-30093
+ RESERVED
+CVE-2021-30092
+ RESERVED
+CVE-2021-30091
+ RESERVED
+CVE-2021-30090
+ RESERVED
+CVE-2021-30089
+ RESERVED
+CVE-2021-30088
+ RESERVED
+CVE-2021-30087
+ RESERVED
+CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-30085
+ RESERVED
+CVE-2021-30084
+ RESERVED
+CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vuln ...)
+ NOT-FOR-US: Mediat
+CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vu ...)
+ NOT-FOR-US: Gris CMS
+CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...)
+ NOT-FOR-US: emlog
+CVE-2021-30080
+ RESERVED
+CVE-2021-30079
+ RESERVED
+CVE-2021-30078
+ RESERVED
+CVE-2021-30077
+ RESERVED
+CVE-2021-30076
+ RESERVED
+CVE-2021-30075
+ RESERVED
+CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the s ...)
+ NOT-FOR-US: docsify
+CVE-2021-30073
+ RESERVED
+CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-30071
+ RESERVED
+CVE-2021-30070
+ RESERVED
+CVE-2021-30069
+ RESERVED
+CVE-2021-30068
+ RESERVED
+CVE-2021-30067
+ RESERVED
+CVE-2021-30066
+ RESERVED
+CVE-2021-30065
+ RESERVED
+CVE-2021-30064
+ RESERVED
+CVE-2021-30063
+ RESERVED
+CVE-2021-30062
+ RESERVED
+CVE-2021-30061
+ RESERVED
+CVE-2021-30060
+ RESERVED
+CVE-2021-30059
+ RESERVED
+CVE-2021-30058 (Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30057 (A stored HTML injection vulnerability exists in Knowage Suite version ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30056 (Knowage Suite before 7.4 is vulnerable to reflected cross-site scripti ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30055 (A SQL injection vulnerability in Knowage Suite version 7.1 exists in t ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30054
+ RESERVED
+CVE-2021-30053
+ RESERVED
+CVE-2021-30052
+ RESERVED
+CVE-2021-30051
+ RESERVED
+CVE-2021-30050
+ RESERVED
+CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /Ke ...)
+ NOT-FOR-US: SysAid
+CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...)
+ NOT-FOR-US: Novel-plus
+CVE-2021-30047
+ RESERVED
+CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...)
+ NOT-FOR-US: VIGRA Computer Vision Library
+CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30043
+ RESERVED
+CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name" ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30041
+ RESERVED
+CVE-2021-30040
+ RESERVED
+CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "B ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30038
+ RESERVED
+CVE-2021-30037
+ RESERVED
+CVE-2021-30036
+ RESERVED
+CVE-2021-30035
+ RESERVED
+CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons fiel ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30033
+ RESERVED
+CVE-2021-30032
+ RESERVED
+CVE-2021-30031
+ REJECTED
+CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30029
+ RESERVED
+CVE-2021-30028
+ RESERVED
+CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...)
+ - md4c 0.4.7-2 (bug #987799)
+ NOTE: https://github.com/mity/md4c/issues/155
+ NOTE: https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19
+CVE-2021-30026
+ RESERVED
+CVE-2021-30025
+ RESERVED
+CVE-2021-30024
+ RESERVED
+CVE-2021-30023
+ RESERVED
+CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
+ NOTE: https://github.com/gpac/gpac/issues/1720
+CVE-2021-30021
+ RESERVED
+CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
+ NOTE: https://github.com/gpac/gpac/issues/1722
+CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc
+ NOTE: https://github.com/gpac/gpac/issues/1723
+CVE-2021-30018
+ RESERVED
+CVE-2021-30017
+ RESERVED
+CVE-2021-30016
+ RESERVED
+CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec
+ NOTE: https://github.com/gpac/gpac/issues/1719
+CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
+ NOTE: https://github.com/gpac/gpac/issues/1721
+CVE-2021-30013
+ RESERVED
+CVE-2021-30012
+ RESERVED
+CVE-2021-30011
+ RESERVED
+CVE-2021-30010
+ RESERVED
+CVE-2021-30009
+ RESERVED
+CVE-2021-30008
+ RESERVED
+CVE-2021-30007
+ RESERVED
+CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to informa ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was possibl ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...)
+ - wpa <unfixed> (unimportant)
+ NOTE: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
+ NOTE: Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal)
+ NOTE: but Debian builds with CONFIG_TLS=openssl
+CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...)
+ NOT-FOR-US: Nokia G-120W-F 3FE46606AGAB91 devices
+CVE-2021-30001
+ RESERVED
+CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...)
+ NOT-FOR-US: LATRIX
+CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A specia ...)
+ NOT-FOR-US: Helix ALM
+CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...)
+ NOT-FOR-US: marktext
+CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...)
+ NOT-FOR-US: CloverDX
+CVE-2021-29994 (Cloudera Hue 4.6.0 allows XSS. ...)
+ NOT-FOR-US: Cloudera Hue
+CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...)
+ - firefox <not-affected> (Specific to Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993
+CVE-2021-29992
+ RESERVED
+CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...)
+ - firefox 91.0.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991
+CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...)
+ - firefox 91.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990
+CVE-2021-29989 (Mozilla developers reported memory safety bugs present in Firefox 90 a ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989
+CVE-2021-29988 (Firefox incorrectly treated an inline list-item element as a block ele ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29988
+CVE-2021-29987 (After requesting multiple permissions, and closing the first permissio ...)
+ - firefox 91.0-1
+ - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987
+CVE-2021-29986 (A suspected race condition when calling getaddrinfo led to memory corr ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986
+CVE-2021-29985 (A use-after-free vulnerability in media channels could have led to mem ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985
+CVE-2021-29984 (Instruction reordering resulted in a sequence of instructions that wou ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29984
+CVE-2021-29983 (Firefox for Android could get stuck in fullscreen mode and not exit it ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29983
+CVE-2021-29982 (Due to incorrect JIT optimization, we incorrectly interpreted data fro ...)
+ - firefox 91.0-1
+ - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29982
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29982
+CVE-2021-29981 (An issue present in lowering/register allocation could have led to obs ...)
+ - firefox 91.0-1
+ - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29981
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981
+CVE-2021-29980 (Uninitialized memory in a canvas object could have caused an incorrect ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29980
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29980
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29980
+CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...)
+ NOT-FOR-US: Hubs Cloud
+CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...)
+ NOT-FOR-US: Mozilla VPN
+CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
+CVE-2021-29976 (Mozilla developers reported memory safety bugs present in code shared ...)
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
+ - firefox 90.0-1
+ - firefox-esr 78.12.0esr-1
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976
+CVE-2021-29975 (Through a series of DOM manipulations, a message, over which the attac ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975
+CVE-2021-29974 (When network partitioning was enabled, e.g. as a result of Enhanced Tr ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974
+CVE-2021-29973 (Password autofill was enabled without user interaction on insecure web ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973
+CVE-2021-29972 (A use-after-free vulnerability was found via testing, and traced to an ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972
+CVE-2021-29971 (If a user had granted a permission to a webpage and saved that grant, ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971
+CVE-2021-29970 (A malicious webpage could have triggered a use-after-free, memory corr ...)
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
+ - firefox 90.0-1
+ - firefox-esr 78.12.0esr-1
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970
+CVE-2021-29969 (If Thunderbird was configured to use STARTTLS for an IMAP connection, ...)
+ {DSA-4940-1 DLA-2711-1}
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969
+CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...)
+ - firefox <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/#CVE-2021-29968
+CVE-2021-29967 (Mozilla developers reported memory safety bugs present in Firefox 88 a ...)
+ {DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1}
+ - firefox-esr 78.11.0esr-1
+ - firefox 89.0-1
+ - thunderbird 1:78.11.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29967
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967
+CVE-2021-29966 (Mozilla developers reported memory safety bugs present in Firefox 88. ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966
+CVE-2021-29965 (A malicious website that causes an HTTP Authentication dialog to be sp ...)
+ - firefox <not-affected> (Android-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965
+CVE-2021-29964 (A locally-installed hostile program could send `WM_COPYDATA` messages ...)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - firefox <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964
+CVE-2021-29963 (Address bar search suggestions in private browsing mode were re-using ...)
+ - firefox <not-affected> (Android-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963
+CVE-2021-29962 (Firefox for Android would become unstable and hard-to-recover when a w ...)
+ - firefox <not-affected> (Android-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962
+CVE-2021-29961 (When styling and rendering an oversized `&lt;select&gt;` element, Fire ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29961
+CVE-2021-29960 (Firefox used to cache the last filename used for printing a file. When ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29960
+CVE-2021-29959 (When a user has already allowed a website to access microphone and cam ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29959
+CVE-2021-29958 (When a download was initiated, the client did not check whether it was ...)
+ - firefox <not-affected> (Only affects Firefox for iOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29958
+CVE-2021-29957 (If a MIME encoded email contains an OpenPGP inline signed or encrypted ...)
+ {DSA-4927-1 DLA-2679-1}
+ - thunderbird 1:78.10.2-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957
+CVE-2021-29956 (OpenPGP secret keys that were imported using Thunderbird version 78.8. ...)
+ {DSA-4927-1 DLA-2679-1}
+ - thunderbird 1:78.10.2-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956
+CVE-2021-29955 (A transient execution vulnerability, named Floating Point Value Inject ...)
+ {DSA-4874-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-29955
+CVE-2021-29954 (Proxy functionality built into Hubs Cloud&#8217;s Reticulum software a ...)
+ NOT-FOR-US: Hubs Cloud
+CVE-2021-29953 (A malicious webpage could have forced a Firefox for Android user into ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29953
+CVE-2021-29952 (When Web Render components were destructed, a race condition could hav ...)
+ - firefox 88.0.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29952
+CVE-2021-29951 (The Mozilla Maintenance Service granted SERVICE_START access to BUILTI ...)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-18/#CVE-2021-29951
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-19/#CVE-2021-29951
+CVE-2021-29950 (Thunderbird unprotects a secret OpenPGP key prior to using it for a de ...)
+ {DSA-4876-1 DLA-2609-1}
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
+CVE-2021-29949 (When loading the shared library that provides the OTR protocol impleme ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-29949
+CVE-2021-29948 (Signatures are written to disk before and read during verification, wh ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29948
+CVE-2021-29947 (Mozilla developers and community members reported memory safety bugs p ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947
+CVE-2021-29946 (Ports that were written as an integer overflow above the bounds of a 1 ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29946
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946
+CVE-2021-29945 (The WebAssembly JIT could miscalculate the size of a return type, whic ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29945
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29945
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29945
+CVE-2021-29944 (Lack of escaping allowed HTML injection when a webpage was viewed in R ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29944
+CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a webca ...)
+ {DLA-2689-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
+CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.5-1 (bug #986888)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/issues/1522
+ NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
+ NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
+CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
+ RESERVED
+ {DLA-2895-1 DLA-2885-1}
+ - qtsvg-opensource-src 5.15.2-3 (bug #986798)
+ [buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ - qt4-x11 <removed>
+ [buster] - qt4-x11 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931444
+ NOTE: https://bugreports.qt.io/browse/QTBUG-91507
+ NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f (qt/qtsvg/dev)
+ NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=0fa522904d65b73d48d5fadf690131e9ebb58d2a (qt/qtsvg/6.0)
+ NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=9f7ccbfc68d20d0dc2ddc1e7dee5572dcf7dcd48 (qt/qtsvg/6.1)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
+ NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/337587
+CVE-2021-29943 (When using ConfigurableInternodeAuthHadoopPlugin for authentication, A ...)
+ - lucene-solr <not-affected> (Vulnerable functionality not yet present)
+CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
+ NOT-FOR-US: reorder crate
+CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
+ NOT-FOR-US: reorder crate
+CVE-2021-29940 (An issue was discovered in the through crate through 2021-02-18 for Ru ...)
+ NOT-FOR-US: Rust crate through
+CVE-2021-29939 (An issue was discovered in the stackvector crate through 2021-02-19 fo ...)
+ - rust-stackvector 1.0.6-3 (bug #986808)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html
+CVE-2021-29938 (An issue was discovered in the slice-deque crate through 2021-02-19 fo ...)
+ NOT-FOR-US: Rust crate slice-deque
+CVE-2021-29937 (An issue was discovered in the telemetry crate through 2021-02-17 for ...)
+ NOT-FOR-US: Rust crate telemetry
+CVE-2021-29936 (An issue was discovered in the adtensor crate through 2021-01-11 for R ...)
+ NOT-FOR-US: Rust crate adtensor
+CVE-2021-29935 (An issue was discovered in the rocket crate before 0.4.7 for Rust. uri ...)
+ NOT-FOR-US: Rust crate rocket
+CVE-2021-29934 (An issue was discovered in PartialReader in the uu_od crate before 0.0 ...)
+ NOT-FOR-US: Rust crate uu_od
+CVE-2021-29933 (An issue was discovered in the insert_many crate through 2021-01-26 fo ...)
+ NOT-FOR-US: Rust crate insert_many
+CVE-2021-29932 (An issue was discovered in the parse_duration crate through 2021-03-18 ...)
+ NOT-FOR-US: Rust crate parse_duration
+CVE-2021-29931 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...)
+ NOT-FOR-US: Rust crate arenavec
+CVE-2021-29930 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...)
+ NOT-FOR-US: Rust crate arenavec
+CVE-2021-29929 (An issue was discovered in the endian_trait crate through 2021-01-04 f ...)
+ NOT-FOR-US: Rust crate endian_trait
+CVE-2021-29928
+ RESERVED
+CVE-2021-29927
+ RESERVED
+CVE-2021-29926
+ RESERVED
+CVE-2021-29925
+ RESERVED
+CVE-2021-29924
+ RESERVED
+CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero characters a ...)
+ - golang-1.16 <unfixed>
+ - golang-1.15 <unfixed>
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility)
+ NOTE: https://github.com/golang/go/issues/30999
+ NOTE: https://github.com/golang/go/issues/43389
+ NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md
+ NOTE: https://go-review.googlesource.com/c/go/+/325829/
+CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not properly ...)
+ - rustc 1.53.0+dfsg1-1
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <ignored> (Minor issue. Patch can be backported, but risky.)
+ NOTE: https://github.com/rust-lang/rust/issues/83648
+ NOTE: https://github.com/rust-lang/rust/pull/83652
+ NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
+ NOTE: https://github.com/rust-lang/rust/commit/974192cd98b3efca8e5cd293f641f561e7487b30
+CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading zero ...)
+ [experimental] - python3.9 3.9.5-1
+ - python3.9 3.9.7-1 (bug #989195)
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue36384#msg392423
+ NOTE: https://github.com/python/cpython/commit/60ce8f0be6354ad565393ab449d8de5d713f35bc (v3.10.0b1)
+ NOTE: https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04 (v3.9.5)
+ NOTE: Introduced by: https://github.com/python/cpython/commit/e653d4d8e820a7a004ad399530af0135b45db27a (v3.8.0a4)
+CVE-2021-29920
+ RESERVED
+CVE-2021-29919
+ RESERVED
+CVE-2021-29918
+ RESERVED
+CVE-2021-29917
+ RESERVED
+CVE-2021-29916
+ RESERVED
+CVE-2021-29915
+ RESERVED
+CVE-2021-29914
+ RESERVED
+CVE-2021-29913
+ RESERVED
+CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2021-29911
+ RESERVED
+CVE-2021-29910
+ RESERVED
+CVE-2021-29909
+ RESERVED
+CVE-2021-29908 (The IBM TS7700 Management Interface is vulnerable to unauthenticated a ...)
+ NOT-FOR-US: IBM
+CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated use ...)
+ NOT-FOR-US: IBM
+CVE-2021-29906 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29903 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29902
+ RESERVED
+CVE-2021-29901
+ RESERVED
+CVE-2021-29900
+ RESERVED
+CVE-2021-29899
+ RESERVED
+CVE-2021-29898
+ RESERVED
+CVE-2021-29897
+ RESERVED
+CVE-2021-29896
+ RESERVED
+CVE-2021-29895
+ RESERVED
+CVE-2021-29894 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29893
+ RESERVED
+CVE-2021-29892
+ RESERVED
+CVE-2021-29891
+ RESERVED
+CVE-2021-29890
+ RESERVED
+CVE-2021-29889
+ RESERVED
+CVE-2021-29888 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
+ NOT-FOR-US: IBM
+CVE-2021-29887
+ RESERVED
+CVE-2021-29886
+ RESERVED
+CVE-2021-29885
+ RESERVED
+CVE-2021-29884
+ RESERVED
+CVE-2021-29883 (IBM Standards Processing Engine (IBM Transformation Extender Advanced ...)
+ NOT-FOR-US: IBM
+CVE-2021-29882
+ RESERVED
+CVE-2021-29881
+ RESERVED
+CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or mult ...)
+ NOT-FOR-US: IBM
+CVE-2021-29879
+ RESERVED
+CVE-2021-29878 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...)
+ NOT-FOR-US: IBM
+CVE-2021-29877
+ RESERVED
+CVE-2021-29876
+ RESERVED
+CVE-2021-29875 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29874
+ RESERVED
+CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...)
+ NOT-FOR-US: IBM
+CVE-2021-29871
+ RESERVED
+CVE-2021-29870
+ RESERVED
+CVE-2021-29869
+ RESERVED
+CVE-2021-29868 (IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29866
+ RESERVED
+CVE-2021-29865
+ RESERVED
+CVE-2021-29864
+ RESERVED
+CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...)
+ NOT-FOR-US: IBM
+CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29859
+ RESERVED
+CVE-2021-29858
+ RESERVED
+CVE-2021-29857
+ RESERVED
+CVE-2021-29856 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre ...)
+ NOT-FOR-US: IBM
+CVE-2021-29855 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29854
+ RESERVED
+CVE-2021-29853 (IBM Planning Analytics 2.0 could expose information that could be used ...)
+ NOT-FOR-US: IBM
+CVE-2021-29852 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-29850
+ RESERVED
+CVE-2021-29849 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2021-29848
+ RESERVED
+CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...)
+ NOT-FOR-US: IBM
+CVE-2021-29846 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29845 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...)
+ NOT-FOR-US: IBM
+CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
+ NOT-FOR-US: IBM
+CVE-2021-29840
+ RESERVED
+CVE-2021-29839
+ RESERVED
+CVE-2021-29838 (IBM Security Guardium Insights 3.0 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29835 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...)
+ NOT-FOR-US: IBM
+CVE-2021-29834 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29830
+ RESERVED
+CVE-2021-29829
+ RESERVED
+CVE-2021-29828
+ RESERVED
+CVE-2021-29827
+ RESERVED
+CVE-2021-29826
+ RESERVED
+CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...)
+ NOT-FOR-US: IBM
+CVE-2021-29824
+ RESERVED
+CVE-2021-29823
+ RESERVED
+CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
+ NOT-FOR-US: IBM
+CVE-2021-29821 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29820 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29819 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29818 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29807 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29806 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29805 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29804 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29803 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level that is h ...)
+ NOT-FOR-US: IBM
+CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29799
+ RESERVED
+CVE-2021-29798 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29797
+ RESERVED
+CVE-2021-29796
+ RESERVED
+CVE-2021-29795 (IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a lo ...)
+ NOT-FOR-US: IBM
+CVE-2021-29794 (IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29793
+ RESERVED
+CVE-2021-29792 (IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA ...)
+ NOT-FOR-US: IBM
+CVE-2021-29791
+ RESERVED
+CVE-2021-29790
+ RESERVED
+CVE-2021-29789
+ RESERVED
+CVE-2021-29788
+ RESERVED
+CVE-2021-29787
+ RESERVED
+CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear text wh ...)
+ NOT-FOR-US: IBM
+CVE-2021-29785 (IBM Security SOAR V42 and V43could allow a remote attacker to obtain s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29783
+ RESERVED
+CVE-2021-29782
+ RESERVED
+CVE-2021-29781 (IBM Partner Engagement Manager 2.0 could allow a remote attacker to ex ...)
+ NOT-FOR-US: IBM
+CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...)
+ NOT-FOR-US: IBM
+CVE-2021-29779 (IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitiv ...)
+ NOT-FOR-US: IBM
+CVE-2021-29778
+ RESERVED
+CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29776
+ RESERVED
+CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak fo ...)
+ NOT-FOR-US: IBM
+CVE-2021-29774 (IBM Jazz Team Server products could allow an authenticated user to obt ...)
+ NOT-FOR-US: IBM
+CVE-2021-29773 (IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated ...)
+ NOT-FOR-US: IBM
+CVE-2021-29772 (IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-29771 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29768
+ RESERVED
+CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29764 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29762
+ RESERVED
+CVE-2021-29761 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29760 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29759 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29758 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site r ...)
+ NOT-FOR-US: IBM
+CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site req ...)
+ NOT-FOR-US: IBM
+CVE-2021-29755
+ RESERVED
+CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-29753 (IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Proc ...)
+ NOT-FOR-US: IBM
+CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability ...)
+ NOT-FOR-US: IBM
+CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ NOT-FOR-US: IBM
+CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
+ NOT-FOR-US: IBM
+CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29748
+ RESERVED
+CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29746
+ RESERVED
+CVE-2021-29745 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge esc ...)
+ NOT-FOR-US: IBM
+CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
+ NOT-FOR-US: IBM
+CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...)
+ NOT-FOR-US: IBM
+CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...)
+ NOT-FOR-US: IBM
+CVE-2021-29739 (IBM Planning Analytics Local 2.0 could allow a remote attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29738 (IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29737 (IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information S ...)
+ NOT-FOR-US: IBM
+CVE-2021-29736 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2021-29735 (IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulner ...)
+ NOT-FOR-US: IBM
+CVE-2021-29734
+ RESERVED
+CVE-2021-29733
+ RESERVED
+CVE-2021-29732
+ RESERVED
+CVE-2021-29731
+ RESERVED
+CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29729
+ RESERVED
+CVE-2021-29728 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains ...)
+ NOT-FOR-US: IBM
+CVE-2021-29727 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29726
+ RESERVED
+CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IB ...)
+ NOT-FOR-US: IBM
+CVE-2021-29724
+ RESERVED
+CVE-2021-29723 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...)
+ NOT-FOR-US: IBM
+CVE-2021-29722 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...)
+ NOT-FOR-US: IBM
+CVE-2021-29721
+ RESERVED
+CVE-2021-29720
+ RESERVED
+CVE-2021-29719 (IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29718
+ RESERVED
+CVE-2021-29717
+ RESERVED
+CVE-2021-29716 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...)
+ NOT-FOR-US: IBM
+CVE-2021-29713 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29710
+ RESERVED
+CVE-2021-29709
+ RESERVED
+CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI ...)
+ NOT-FOR-US: IBM
+CVE-2021-29707 (IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could ...)
+ NOT-FOR-US: IBM
+CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a vulne ...)
+ NOT-FOR-US: IBM
+CVE-2021-29705
+ RESERVED
+CVE-2021-29704 (IBM Security SOAR uses weaker than expected cryptographic algorithms t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulne ...)
+ NOT-FOR-US: IBM
+CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
+ NOT-FOR-US: IBM
+CVE-2021-29701 (IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as I ...)
+ NOT-FOR-US: IBM
+CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...)
+ NOT-FOR-US: IBM
+CVE-2021-29698
+ RESERVED
+CVE-2021-29697 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29696 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...)
+ NOT-FOR-US: IBM
+CVE-2021-29693 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the ...)
+ NOT-FOR-US: IBM
+CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29690
+ RESERVED
+CVE-2021-29689
+ RESERVED
+CVE-2021-29688 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29687 (IBM Security Identity Manager 7.0.2 could allow a remote user to enume ...)
+ NOT-FOR-US: IBM
+CVE-2021-29686 (IBM Security Identity Manager 7.0.2 could allow an authenticated user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29685
+ RESERVED
+CVE-2021-29684
+ RESERVED
+CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in plain c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29680
+ RESERVED
+CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...)
+ NOT-FOR-US: IBM
+CVE-2021-29678 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29675
+ RESERVED
+CVE-2021-29674
+ RESERVED
+CVE-2021-29673 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29672 (IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...)
+ NOT-FOR-US: IBM
+CVE-2021-29670 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-29669
+ RESERVED
+CVE-2021-29668 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...)
+ NOT-FOR-US: IBM
+CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...)
+ NOT-FOR-US: IBM
+CVE-2021-29665 (IBM Security Verify Access 20.07 is vulnerable to a stack based buffer ...)
+ NOT-FOR-US: IBM
+CVE-2021-29664
+ RESERVED
+CVE-2021-29663 (CourseMS (aka Course Registration Management System) 2.1 is affected b ...)
+ NOT-FOR-US: CourseMS (aka Course Registration Management System)
+CVE-2021-29661 (Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.htm ...)
+ NOT-FOR-US: Softing AG OPC Toolbox
+CVE-2021-29660 (A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.htm ...)
+ NOT-FOR-US: Softing AG OPC Toolbox
+CVE-2021-29659 (ownCloud 10.7 has an incorrect access control vulnerability, leading t ...)
+ - owncloud <removed>
+CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Co ...)
+ NOT-FOR-US: vscode-rufo extension for Visual Studio Code
+CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use ...)
+ - linux 5.10.28-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134
+ NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
+CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validat ...)
+ NOT-FOR-US: Pexip Infinity Connect
+CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning authent ...)
+ NOT-FOR-US: Pexip Infinity Connect
+CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
+ NOT-FOR-US: AjaxSearchPro
+CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...)
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
+CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1
+CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...)
+ - linux 5.10.28-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
+CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The BPF su ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
+CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160
+CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...)
+ - linux 5.10.28-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb
+CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointe ...)
+ - slapi-nis 0.56.5-2 (bug #988736)
+ [bullseye] - slapi-nis <no-dsa> (Minor issue)
+ [buster] - slapi-nis <no-dsa> (Minor issue)
+ [stretch] - slapi-nis <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640
+ NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
+CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
+CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a (master)
+ NOTE: Depends on prior v3 checks https://github.com/AcademySoftwareFoundation/openexr/commit/0963ff1c4fcb3e748a9386685622747bfef00eb1
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5)
+CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
+CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendM ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remo ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...)
+ NOT-FOR-US: PRTG Network Monitor
+CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
+ NOT-FOR-US: GistPad
+CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to execute a ...)
+ NOT-FOR-US: Directus
+CVE-2021-29640
+ RESERVED
+CVE-2021-29639
+ RESERVED
+CVE-2021-29638
+ RESERVED
+CVE-2021-29637
+ RESERVED
+CVE-2021-29636
+ RESERVED
+CVE-2021-29635
+ RESERVED
+CVE-2021-29634
+ RESERVED
+CVE-2021-29633
+ RESERVED
+CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc
+CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...)
+ - dacs <removed> (bug #989288; unimportant)
+ [stretch] - dacs <not-affected> (Vulnerable module first bundled in 1.4.40)
+ NOTE: RADIUS authentication not enabled in Debian packaging.
+CVE-2021-29628 (In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2021-29625 (Adminer is open-source database management software. A cross-site scri ...)
+ - adminer 4.7.9-2 (bug #988886)
+ [buster] - adminer <no-dsa> (Minor issue)
+ [stretch] - adminer <no-dsa> (Minor issue)
+ NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc
+ NOTE: https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
+CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect their F ...)
+ NOT-FOR-US: fastify-csrf
+CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ - exiv2 0.27.5-1 (bug #988481)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
+ NOTE: https://github.com/Exiv2/exiv2/pull/1627
+CVE-2021-29622 (Prometheus is an open-source monitoring system and time series databas ...)
+ - prometheus <not-affected> (Vulnerable code disabled in Debian packaging)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/1
+ NOTE: https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7
+ NOTE: "Fixed" because the 2.15.2+ds-1 upload disabled codewise the functionality
+ NOTE: (due to lack of React support in Debian) in 01-Do_not_embed_blobs.patch.
+ NOTE: The vulnerability itself is introduced with 2.23.0 upstream.
+ NOTE: See https://bugs.debian.org/988804 for details.
+CVE-2021-29621 (Flask-AppBuilder is a development framework, built on top of Flask. Us ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580 (v3.3.0)
+CVE-2021-29620 (Report portal is an open source reporting and analysis framework. Star ...)
+ NOT-FOR-US: Report portal
+CVE-2021-29619 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29618 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29617 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29616 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29615 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29614 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29613 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29612 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29611 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29610 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29609 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29608 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29607 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29606 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29605 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29604 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29603 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29602 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29601 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29600 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29599 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29598 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29597 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29596 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29595 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29594 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29593 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29592 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29591 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29590 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29589 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29588 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29587 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29586 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29585 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29584 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29583 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29582 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29581 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29580 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29579 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29578 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29577 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29576 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29575 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29574 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29573 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29572 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29571 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29570 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29569 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29568 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29567 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29566 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29565 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29564 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29563 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29562 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29561 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29560 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29559 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29558 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29557 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29556 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29555 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29554 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29553 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29552 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29551 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29550 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29549 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29548 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29547 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29546 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29545 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29544 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29543 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29542 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29541 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29540 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29539 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29538 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29537 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29536 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29535 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29534 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29533 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29532 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29531 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29530 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29529 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29528 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29527 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29526 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29525 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29524 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29523 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29522 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29521 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29520 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29519 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29518 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29517 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29516 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29515 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29514 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29513 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...)
+ NOT-FOR-US: Rust crate evm
+CVE-2021-29510 (Pydantic is a data validation and settings management using Python typ ...)
+ - pydantic 1.7.4-1 (bug #988480)
+ NOTE: https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh
+ NOTE: https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468
+CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...)
+ - puma 4.3.8-1 (bug #989054)
+ [stretch] - puma <not-affected> (Incomplete fix for CVE-2019-16770 not applied)
+ NOTE: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
+ NOTE: https://github.com/puma/puma/commit/df72887170c7ef3614c941c9bdefb4a1f3546ebf
+ NOTE: CVE is related to an incomplete fix for CVE-2019-16770
+CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...)
+ NOT-FOR-US: Wire
+CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ...)
+ - dlt-daemon <unfixed> (unimportant)
+ NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only)
+ NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4
+ NOTE: No security impact, config files need to be trusted
+CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
+ NOT-FOR-US: GraphHopper
+CVE-2021-29505 (XStream is software for serializing Java objects to XML and back again ...)
+ {DLA-2704-1}
+ - libxstream-java 1.4.15-3 (bug #989491)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
+ NOTE: https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227 (v1.4.17)
+CVE-2021-29504 (WP-CLI is the command-line interface for WordPress. An improper error ...)
+ NOT-FOR-US: WP-CLI
+CVE-2021-29503 (HedgeDoc is a platform to write and share markdown. HedgeDoc before ve ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability ...)
+ NOT-FOR-US: Red discord bot addon
+CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the red dis ...)
+ NOT-FOR-US: Red discord bot addon
+CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...)
+ NOT-FOR-US: bubble fireworks
+CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...)
+ [experimental] - golang-github-sylabs-sif 2.3.1-1
+ - golang-github-sylabs-sif <unfixed> (bug #991664)
+ [bullseye] - golang-github-sylabs-sif <no-dsa> (Minor issue)
+ NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
+CVE-2021-29498
+ RESERVED
+CVE-2021-29497
+ RESERVED
+CVE-2021-29496
+ RESERVED
+CVE-2021-29495 (Nim is a statically typed compiled systems programming language. In Ni ...)
+ - nim 1.4.2-1
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr
+CVE-2021-29494
+ RESERVED
+CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has ...)
+ NOT-FOR-US: Kennnyshiwa-cogs
+CVE-2021-29492 (Envoy is a cloud-native edge/middle/service proxy. Envoy does not deco ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...)
+ NOT-FOR-US: mixme nodejs module
+CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...)
+ NOT-FOR-US: Jellyfin
+CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
+ NOT-FOR-US: Highcharts JS
+CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...)
+ - sabnzbdplus 3.2.1+dfsg-1
+ [bullseye] - sabnzbdplus 3.1.1+dfsg-2+deb11u1
+ [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2
+ [stretch] - sabnzbdplus <no-dsa> (Minor issue; contrib not supported)
+ NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp
+ NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b
+CVE-2021-29487 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
+ NOT-FOR-US: October CMS
+CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
+ NOT-FOR-US: Node cumulative-distribution-function
+CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...)
+ NOT-FOR-US: Ghost CMS
+CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' ...)
+ NOT-FOR-US: ManageWiki MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...)
+ - golang-github-ulikunitz-xz 0.5.6-2 (bug #988243)
+ NOTE: https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
+ NOTE: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
+CVE-2021-29481 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29480 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29479 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29478 (Redis is an open source (BSD licensed), in-memory data structure store ...)
+ - redis 5:6.0.13-1 (bug #988045)
+ [buster] - redis <not-affected> (Vulnerable code not present)
+ [stretch] - redis <not-affected> (Vulnerable code not present)
+ NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
+ NOTE: https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3
+CVE-2021-29477 (Redis is an open source (BSD licensed), in-memory data structure store ...)
+ - redis 5:6.0.13-1 (bug #988045)
+ [buster] - redis <not-affected> (Vulnerable code not present)
+ [stretch] - redis <not-affected> (Vulnerable code not present)
+ NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
+ NOTE: https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g
+CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles deseria ...)
+ - wordpress 5.5.3+dfsg1-1
+ [buster] - wordpress 5.0.11+dfsg1-0+deb10u1
+ [stretch] - wordpress 4.7.19+dfsg-1+deb9u1
+ NOTE: https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54
+ NOTE: https://github.com/rmccue/Requests/pull/421
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
+ NOTE: The CVE directly correspond to CVE-2020-28032 for wordpress and we can track
+ NOTE: same versions as fixed. Strictly speaking CVE-2021-29476 is for the PHP Requests
+ NOTE: library directly.
+CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.5-1 (bug #987736)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
+ NOTE: https://github.com/Exiv2/exiv2/pull/1587
+ NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
+ NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1
+CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...)
+ {DSA-4907-1 DLA-2654-1}
+ - composer 2.0.9-2
+ NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
+ NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf
+CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.33.2-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
+ NOTE: https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2)
+CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #987450)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
+ NOTE: https://github.com/Exiv2/exiv2/pull/1581
+ NOTE: https://github.com/Exiv2/exiv2/commit/b3de96f4b4408347bed57e625963720e8d0dd2ea
+ NOTE: https://github.com/Exiv2/exiv2/commit/c372f2677d6f7cf88a8f26ef6bc175561e406ee2
+CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...)
+ - node-redis 3.0.2+~cs5.18.1-3
+ [buster] - node-redis 2.8.0-1+deb10u1
+ NOTE: https://github.com/NodeRedis/node-redis/issues/1569
+ NOTE: https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3
+ NOTE: https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e
+CVE-2021-29468 (Cygwin Git is a patch set for the git command line tool for the cygwin ...)
+ NOT-FOR-US: Cygwin Git
+CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...)
+ NOT-FOR-US: Wrongthink
+CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions of Di ...)
+ NOT-FOR-US: Discord-Recon
+CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...)
+ NOT-FOR-US: Discord-Recon
+CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #988242)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+ [stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
+ NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54
+CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #988241)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <not-affected> (webp support introduced in 0.27)
+ [stretch] - exiv2 <not-affected> (webp support introduced in 0.27)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
+ NOTE: https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b
+CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...)
+ - pupnp-1.8 <unfixed> (bug #987326)
+ [bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
+ [buster] - pupnp-1.8 <no-dsa> (Minor issue)
+ - libupnp <removed>
+ [stretch] - libupnp <no-dsa> (Minor issue)
+ NOTE: https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
+ NOTE: https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
+CVE-2021-29461 (Discord Recon Server is a bot that allows one to do one's reconnaissan ...)
+ NOT-FOR-US: Discord-Recon
+CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the Kirby ...)
+ NOT-FOR-US: Kirby CMS
+CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #987277)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
+ NOTE: https://github.com/Exiv2/exiv2/issues/1530
+ NOTE: https://github.com/Exiv2/exiv2/pull/1536
+ NOTE: https://github.com/Exiv2/exiv2/commit/0a91b56616404f7b29ca28deb01ce18b767d1871
+ NOTE: https://github.com/Exiv2/exiv2/commit/c92ac88cb0ebe72a5a17654fe6cecf411ab1e572
+ NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0
+ NOTE: https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730
+ NOTE: https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d
+CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.3-3.1 (bug #991705)
+ [bullseye] - exiv2 0.27.3-3+deb11u1
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
+ NOTE: https://github.com/Exiv2/exiv2/issues/1529
+ NOTE: https://github.com/Exiv2/exiv2/pull/1534
+ NOTE: https://github.com/Exiv2/exiv2/commit/13e5a3e02339b746abcaee6408893ca2fd8e289d
+ NOTE: buster-security and bullseye-security updates refer to CVE-2021-31291, which
+ NOTE: was an addditional (and then rejected) CVE ID for the same issue as CVE-2021-29457
+CVE-2021-29456 (Authelia is an open-source authentication and authorization server pro ...)
+ NOT-FOR-US: Authelia
+CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)
+ NOT-FOR-US: Grassroot Platform
+CVE-2021-29454 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ - smarty3 <unfixed>
+ NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m
+ NOTE: https://github.com/smarty-php/smarty/commit/7ad97ad030b4289711e30819c928b8bc33c62b23 (3.1.42)
+CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media repository for ...)
+ NOT-FOR-US: matrix-media-repo
+CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...)
+ NOT-FOR-US: Node a12n-server
+CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...)
+ NOT-FOR-US: Portofino
+CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...)
+ {DSA-4896-1 DLA-2630-1}
+ - wordpress 5.7.1+dfsg1-1 (bug #987065)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
+CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...)
+ {DSA-4896-1 DLA-2630-1}
+ - wordpress 5.7.1+dfsg1-1 (unimportant)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
+ NOTE: Only an issue when installation runs under PHP8.
+CVE-2021-29446 (jose-node-cjs-runtime is an npm package which provides a number of cry ...)
+ NOT-FOR-US: Node jose-node-cjs-runtime
+CVE-2021-29445 (jose-node-esm-runtime is an npm package which provides a number of cry ...)
+ NOT-FOR-US: Node jose-esm-runtime
+CVE-2021-29444 (jose-browser-runtime is an npm package which provides a number of cryp ...)
+ NOT-FOR-US: Node jose-browser-runtime
+CVE-2021-29443 (jose is an npm library providing a number of cryptographic operations. ...)
+ NOT-FOR-US: Node jose
+CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and configu ...)
+ NOT-FOR-US: Nacos
+CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and configu ...)
+ NOT-FOR-US: Nacos
+CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static pages can ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not correctly veri ...)
+ NOT-FOR-US: Grav admin plugin
+CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) before ...)
+ NOT-FOR-US: Node @nextcloud/dialogs
+CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...)
+ NOT-FOR-US: trestle-auth
+CVE-2021-29434 (Wagtail is a Django content management system. In affected versions of ...)
+ NOT-FOR-US: wagtail
+CVE-2021-29433 (Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be induced to ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not limit th ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...)
+ - gradle <unfixed> (bug #987284)
+ [bullseye] - gradle <no-dsa> (Minor issue)
+ [buster] - gradle <no-dsa> (Minor issue)
+ [stretch] - gradle <no-dsa> (Minor issue)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8
+CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system tempora ...)
+ - gradle <unfixed> (bug #987284)
+ [bullseye] - gradle <no-dsa> (Minor issue)
+ [buster] - gradle <no-dsa> (Minor issue)
+ [stretch] - gradle <no-dsa> (Minor issue; sticky bit on /tmp is set by default)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336
+CVE-2021-29427 (In Gradle from version 5.1 and before version 7.0 there is a vulnerabi ...)
+ - gradle <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395
+CVE-2021-29426
+ RESERVED
+CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...)
+ {DLA-2741-1}
+ - commons-io 2.8.0-1
+ [buster] - commons-io 2.6-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
+ NOTE: https://issues.apache.org/jira/browse/IO-556
+CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
+CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
+CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0)
+CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not properly ...)
+ - libdata-validate-ip-perl 0.30-1 (unimportant)
+ NOTE: Documentation update: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
+ NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
+ NOTE: Upstream only clarifies how to properly use the module with a documentation update
+CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...)
+ - libnet-netmask-perl 1.9104-2 (bug #986135)
+ [buster] - libnet-netmask-perl <no-dsa> (Minor issue)
+ [stretch] - libnet-netmask-perl <no-dsa> (Minor issue)
+ NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
+ NOTE: https://metacpan.org/changes/distribution/Net-Netmask#L11-22
+ NOTE: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163
+ NOTE: Fixed by: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163
+ NOTE: Improvements and add safe_new() method:
+ NOTE: https://github.com/jmaslak/Net-Netmask/commit/6b60b4eb3e98ee7548c13ecb7cb02c626f948a40
+ NOTE: Remove warnings introduced in tests:
+ NOTE: https://github.com/jmaslak/Net-Netmask/commit/30d82695e32bc3b1615c7cd08d34528252363436
+CVE-2021-29423
+ RESERVED
+CVE-2021-3473 (An internal product security audit of Lenovo XClarity Controller (XCC) ...)
+ NOT-FOR-US: Lenovo XClarity Controller (XCC)
+CVE-2021-3472 (A flaw was found in xorg-x11-server in versions before 1.20.11. An int ...)
+ {DSA-4893-1 DLA-2627-1}
+ - xorg-server 2:1.20.11-1
+ NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-April/003080.html
+CVE-2021-29422
+ RESERVED
+CVE-2021-29421 (models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Pyth ...)
+ - pikepdf 1.17.3+dfsg-5 (bug #986274)
+ [buster] - pikepdf <no-dsa> (Minor issue)
+ NOTE: https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a (v2.10.0)
+CVE-2021-29420
+ RESERVED
+CVE-2021-29419
+ RESERVED
+CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...)
+ NOT-FOR-US: Node netmask
+CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
+ NOT-FOR-US: gitjacker
+CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
+ NOT-FOR-US: Burp Suite (different from src:burp)
+CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator, part of th ...)
+ NOT-FOR-US: NordicSemiconductor nRF52840
+CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect p ...)
+ NOT-FOR-US: STMicroelectronics STM32L4 devices
+CVE-2021-29413
+ RESERVED
+CVE-2021-29412
+ RESERVED
+CVE-2021-29411
+ RESERVED
+CVE-2021-29410
+ RESERVED
+CVE-2021-29409
+ RESERVED
+CVE-2021-29408
+ RESERVED
+CVE-2021-29407
+ RESERVED
+CVE-2021-29406
+ RESERVED
+CVE-2021-29405
+ RESERVED
+CVE-2021-29404
+ RESERVED
+CVE-2021-29403
+ RESERVED
+CVE-2021-29402
+ RESERVED
+CVE-2021-29401
+ RESERVED
+CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP Conta ...)
+ NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS
+CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
+ NOT-FOR-US: XMB
+CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29392
+ RESERVED
+CVE-2021-29391
+ RESERVED
+CVE-2021-29390
+ RESERVED
+CVE-2021-29389
+ RESERVED
+CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in SourceCodester Bu ...)
+ NOT-FOR-US: SourceCodester Budget Management System
+CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sourceco ...)
+ NOT-FOR-US: Sourcecodester Equipment Inventory System
+CVE-2021-29386
+ RESERVED
+CVE-2021-29385
+ RESERVED
+CVE-2021-29384
+ RESERVED
+CVE-2021-29383
+ RESERVED
+CVE-2021-29382
+ RESERVED
+CVE-2021-29381
+ RESERVED
+CVE-2021-29380
+ RESERVED
+CVE-2021-29379 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR- ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29378
+ RESERVED
+CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerabil ...)
+ NOT-FOR-US: Pear Admin Think
+CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
+ {DLA-2747-1 DLA-2746-1}
+ - ircii-pana <removed>
+ - ircii 20210314-1 (bug #986214)
+ [buster] - ircii 20190117-1+deb10u1
+ - scrollz 2.2.3-2 (bug #986215)
+ [buster] - scrollz 2.2.3-1+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
+ NOTE: https://github.com/ScrollZ/ScrollZ/issues/25
+CVE-2021-29375
+ RESERVED
+CVE-2021-29374
+ RESERVED
+CVE-2021-29373
+ RESERVED
+CVE-2021-29372
+ RESERVED
+CVE-2021-29371
+ RESERVED
+CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1. ...)
+ NOT-FOR-US: Thanos-Soft Cheetah Browser in Android
+CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...)
+ NOT-FOR-US: Node gnuplot
+CVE-2021-29368
+ RESERVED
+CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing a craft ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanvi ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanvie ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanvie ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfa ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfa ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29359
+ RESERVED
+CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...)
+ NOT-FOR-US: OutSystems Platform Server
+CVE-2021-29356
+ RESERVED
+CVE-2021-29355
+ RESERVED
+CVE-2021-29354
+ RESERVED
+CVE-2021-29353
+ RESERVED
+CVE-2021-29352
+ RESERVED
+CVE-2021-29351
+ RESERVED
+CVE-2021-29350 (SQL injection in the getip function in conn/function.php in &#21457;&# ...)
+ NOT-FOR-US: Online video course
+CVE-2021-29349 (Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that all ...)
+ - mahara <removed>
+CVE-2021-29348
+ RESERVED
+CVE-2021-29347
+ RESERVED
+CVE-2021-29346
+ RESERVED
+CVE-2021-29345
+ RESERVED
+CVE-2021-29344
+ RESERVED
+CVE-2021-29343 (Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" p ...)
+ NOT-FOR-US: Ovidentia CMS
+CVE-2021-29342
+ RESERVED
+CVE-2021-29341
+ RESERVED
+CVE-2021-29340
+ RESERVED
+CVE-2021-29339
+ RESERVED
+CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
+ - openjpeg2 2.4.0-4 (bug #987276)
+ [bullseye] - openjpeg2 <no-dsa> (Minor issue)
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
+ [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1338
+CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users ...)
+ NOT-FOR-US: MSI
+CVE-2021-29336
+ RESERVED
+CVE-2021-29335
+ RESERVED
+CVE-2021-29334
+ RESERVED
+CVE-2021-29333
+ RESERVED
+CVE-2021-29332
+ RESERVED
+CVE-2021-29331
+ RESERVED
+CVE-2021-29330
+ RESERVED
+CVE-2021-29329 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29328 (OpenSource Moddable v10.5.0 was discovered to contain buffer over-read ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29327 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29326 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29325 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29324 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29323 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29322
+ RESERVED
+CVE-2021-29321
+ RESERVED
+CVE-2021-29320
+ RESERVED
+CVE-2021-29319
+ RESERVED
+CVE-2021-29318
+ RESERVED
+CVE-2021-29317
+ RESERVED
+CVE-2021-29316
+ RESERVED
+CVE-2021-29315
+ RESERVED
+CVE-2021-29314
+ RESERVED
+CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...)
+ NOT-FOR-US: SeaCMS
+CVE-2021-29312
+ RESERVED
+CVE-2021-29311
+ RESERVED
+CVE-2021-29310
+ RESERVED
+CVE-2021-29309
+ RESERVED
+CVE-2021-29308
+ RESERVED
+CVE-2021-29307
+ RESERVED
+CVE-2021-29306
+ RESERVED
+CVE-2021-29305
+ RESERVED
+CVE-2021-29304
+ RESERVED
+CVE-2021-29303
+ RESERVED
+CVE-2021-29302 (TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 &lt;= 2020.06 contains a ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-29301
+ RESERVED
+CVE-2021-29300 (The @ronomon/opened library before 1.5.2 is vulnerable to a command in ...)
+ NOT-FOR-US: @ronomon/opened
+CVE-2021-29299
+ RESERVED
+CVE-2021-29298 (Improper Input Validation in Emerson GE Automation Proficy Machine Edi ...)
+ NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
+CVE-2021-29297 (Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 ...)
+ NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
+CVE-2021-29296 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29295 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29294 (** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29293
+ RESERVED
+CVE-2021-29292
+ RESERVED
+CVE-2021-29291
+ RESERVED
+CVE-2021-29290
+ RESERVED
+CVE-2021-29289
+ RESERVED
+CVE-2021-29288
+ RESERVED
+CVE-2021-29287
+ RESERVED
+CVE-2021-29286
+ RESERVED
+CVE-2021-29285
+ RESERVED
+CVE-2021-29284
+ RESERVED
+CVE-2021-29283
+ RESERVED
+CVE-2021-29282
+ RESERVED
+CVE-2021-29281
+ RESERVED
+CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b
+ NOTE: https://github.com/gpac/gpac/issues/1718
+CVE-2021-29278
+ RESERVED
+CVE-2021-29277
+ RESERVED
+CVE-2021-29276
+ RESERVED
+CVE-2021-29275
+ RESERVED
+CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mi ...)
+ - redmine <not-affected> (Vulnerable code introduced in 4.1.0)
+ NOTE: https://www.redmine.org/issues/33846
+CVE-2021-XXXX [first_boot: Use session to verify first boot welcome step]
+ - freedombox 21.4.2
+ - plinth <removed>
+ [buster] - plinth 19.1+deb10u2
+ [stretch] - plinth <no-dsa> (Minor issue)
+ NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2074 (not yet public)
+ NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/f2005f56aa44d15c0fb82c5211c548a575961b03
+CVE-2021-29273
+ RESERVED
+CVE-2021-29272 (bluemonday before 1.0.5 allows XSS because certain Go lowercasing conv ...)
+ NOT-FOR-US: bluemonday
+CVE-2021-29271 (remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator ...)
+ NOT-FOR-US: remark42
+CVE-2021-29270
+ RESERVED
+CVE-2021-29269
+ RESERVED
+CVE-2021-29268
+ RESERVED
+CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...)
+ NOT-FOR-US: SherlockIM
+CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
+ - linux 5.10.26-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9
+CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip_sockf ...)
+ {DLA-2689-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22
+CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...)
+ {DLA-2690-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
+CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-3471
+ REJECTED
+CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.10, be ...)
+ - redis 5:6.0.9-1 (unimportant)
+ NOTE: https://github.com/redis/redis/pull/7963
+ NOTE: https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
+ NOTE: Only an issue if not using a heap allocator other than jemalloc or glibc's malloc
+CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...)
+ - avahi <unfixed> (bug #984938)
+ [bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <no-dsa> (Minor issue)
+ [stretch] - avahi <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/lathiat/avahi/pull/330
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
+CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured with the ...)
+ - lucene-solr <not-affected> (Vulnerable code not yet present)
+CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code ...)
+ NOT-FOR-US: vscode extension Svelte
+CVE-2021-29260
+ RESERVED
+CVE-2021-29259
+ RESERVED
+CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exploitab ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-29257
+ RESERVED
+CVE-2021-29256 (. The Arm Mali GPU kernel driver allows an unprivileged user to achiev ...)
+ NOT-FOR-US: Arm Mali GPU kernel driver
+CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...)
+ NOT-FOR-US: MicroSeven
+CVE-2021-29254
+ RESERVED
+CVE-2021-29253 (The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 ...)
+ NOT-FOR-US: RSA
+CVE-2021-29252 (RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerabi ...)
+ NOT-FOR-US: RSA
+CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripti ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, has a p ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29248 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29247 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29246 (BTCPay Server through 1.0.7.0 suffers from directory traversal, which ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseud ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29244
+ RESERVED
+CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...)
+ NOT-FOR-US: CODESYS Control Runtime
+CVE-2021-29241 (CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that ...)
+ NOT-FOR-US: CODESYS Gateway 3
+CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...)
+ NOT-FOR-US: Package Manager of CODESYS Development System 3
+CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...)
+ NOT-FOR-US: CODESYS Development System 3
+CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...)
+ NOT-FOR-US: CODESYS Automation Server
+CVE-2021-29237
+ RESERVED
+CVE-2021-29236
+ RESERVED
+CVE-2021-29235
+ RESERVED
+CVE-2021-29234
+ RESERVED
+CVE-2021-29233
+ RESERVED
+CVE-2021-29232
+ RESERVED
+CVE-2021-29231
+ RESERVED
+CVE-2021-29230
+ RESERVED
+CVE-2021-29229
+ RESERVED
+CVE-2021-29228
+ RESERVED
+CVE-2021-29227
+ RESERVED
+CVE-2021-29226
+ RESERVED
+CVE-2021-29225
+ RESERVED
+CVE-2021-29224
+ RESERVED
+CVE-2021-29223
+ RESERVED
+CVE-2021-29222
+ RESERVED
+CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erlang/OT ...)
+ - erlang <not-affected> (Windows-specific)
+CVE-2021-29220
+ RESERVED
+CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
+ NOT-FOR-US: HPE
+CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
+ NOT-FOR-US: HPE
+CVE-2021-29217
+ RESERVED
+CVE-2021-29216
+ RESERVED
+CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
+ NOT-FOR-US: HPE
+CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
+ NOT-FOR-US: HPE
+CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
+ NOT-FOR-US: HPE
+CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
+ NOT-FOR-US: HPE
+CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ NOT-FOR-US: HPE
+CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ NOT-FOR-US: HPE
+CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ NOT-FOR-US: HPE
+CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
+ NOT-FOR-US: HPE
+CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE Integrated ...)
+ NOT-FOR-US: HPE
+CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-29199
+ RESERVED
+CVE-2021-29198
+ RESERVED
+CVE-2021-29197
+ RESERVED
+CVE-2021-29196
+ RESERVED
+CVE-2021-29195
+ RESERVED
+CVE-2021-29194
+ RESERVED
+CVE-2021-29193
+ RESERVED
+CVE-2021-29192
+ RESERVED
+CVE-2021-29191
+ RESERVED
+CVE-2021-29190
+ RESERVED
+CVE-2021-29189
+ RESERVED
+CVE-2021-29188
+ RESERVED
+CVE-2021-29187
+ RESERVED
+CVE-2021-29186
+ RESERVED
+CVE-2021-29185
+ RESERVED
+CVE-2021-29184
+ RESERVED
+CVE-2021-29183
+ RESERVED
+CVE-2021-29182
+ RESERVED
+CVE-2021-29181
+ RESERVED
+CVE-2021-29180
+ RESERVED
+CVE-2021-29179
+ RESERVED
+CVE-2021-29178
+ RESERVED
+CVE-2021-29177
+ RESERVED
+CVE-2021-29176
+ RESERVED
+CVE-2021-29175
+ RESERVED
+CVE-2021-29174
+ RESERVED
+CVE-2021-29173
+ RESERVED
+CVE-2021-29172
+ RESERVED
+CVE-2021-29171
+ RESERVED
+CVE-2021-29170
+ RESERVED
+CVE-2021-29169
+ RESERVED
+CVE-2021-29168
+ RESERVED
+CVE-2021-29167
+ RESERVED
+CVE-2021-29166
+ RESERVED
+CVE-2021-29165
+ RESERVED
+CVE-2021-29164
+ RESERVED
+CVE-2021-29163
+ RESERVED
+CVE-2021-29162
+ RESERVED
+CVE-2021-29161
+ RESERVED
+CVE-2021-29160
+ RESERVED
+CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered in Nexu ...)
+ NOT-FOR-US: Nexus Repository Manager
+CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2021-29157 (Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ...)
+ - dovecot 1:2.3.13+dfsg1-2 (bug #990566)
+ [buster] - dovecot <not-affected> (Vulnerable code introduced later)
+ [stretch] - dovecot <not-affected> (Vulnerable code introduced later)
+ NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/1
+CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger ...)
+ NOT-FOR-US: ForgeRock OpenAM
+CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf ...)
+ {DLA-2690-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4
+ NOTE: Fixes need to be made complete for older series to not open CVE-2021-33200,
+ NOTE: cf. https://lore.kernel.org/stable/215e98bf-21c7-0074-129d-49a51526418b@iogearbox.net/
+CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1
+CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/268
+ NOTE: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b
+CVE-2021-3466 (A flaw was found in libmicrohttpd. A missing bounds check in the post_ ...)
+ - libmicrohttpd 0.9.71-1
+ [buster] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
+ [stretch] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
+ NOTE: Patch: https://git.gnunet.org/libmicrohttpd.git/commit/?id=a110ae6276660bee3caab30e9ff3f12f85cf3241
+ NOTE: Introduced in https://git.gnunet.org/libmicrohttpd.git/commit/?id=55f715e15e3ce66babc939b5a670bee02d4d9571
+CVE-2021-3465
+ REJECTED
+CVE-2021-29153
+ RESERVED
+CVE-2021-29152 (A remote denial of service (DoS) vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29149 (A local bypass security restrictions vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29148 (A local cross-site scripting (XSS) vulnerability was discovered in Aru ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29145 (A remote server side request forgery (SSRF) remote code execution vuln ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29143 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was discovered in Aru ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29138 (A remote disclosure of privileged information vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba AirWave ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...)
+ - umoci 0.4.7+ds-1
+ [buster] - umoci <no-dsa> (Minor issue)
+ NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v
+ NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7)
+CVE-2021-29135
+ RESERVED
+CVE-2021-3464 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power Management Dr ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management Driver ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-29134
+ RESERVED
+CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux Configurat ...)
+ NOT-FOR-US: haserl (Alpine), different from src:haserl
+CVE-2021-29132
+ RESERVED
+CVE-2021-29131
+ RESERVED
+CVE-2021-29130
+ RESERVED
+CVE-2021-29129
+ RESERVED
+CVE-2021-29128
+ RESERVED
+CVE-2021-29127
+ RESERVED
+CVE-2021-29126
+ RESERVED
+CVE-2021-29125
+ RESERVED
+CVE-2021-29124
+ RESERVED
+CVE-2021-29123
+ RESERVED
+CVE-2021-29122
+ RESERVED
+CVE-2021-29121
+ RESERVED
+CVE-2021-29120
+ RESERVED
+CVE-2021-29119
+ RESERVED
+CVE-2021-29118
+ RESERVED
+CVE-2021-29117
+ RESERVED
+CVE-2021-29116 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
+ NOT-FOR-US: Esri ArcGIS Server
+CVE-2021-29115 (An information disclosure vulnerability in the ArcGIS Service Director ...)
+ NOT-FOR-US: Esri ArcGIS
+CVE-2021-29114 (A SQL injection vulnerability in feature services provided by Esri Arc ...)
+ NOT-FOR-US: Esri ArcGIS
+CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server help docume ...)
+ NOT-FOR-US: ArcGIS Server
+CVE-2021-29112
+ RESERVED
+CVE-2021-29111
+ RESERVED
+CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may ...)
+ NOT-FOR-US: Esri
+CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 a ...)
+ NOT-FOR-US: Esri
+CVE-2021-29108 (There is an privilege escalation vulnerability in organization-specifi ...)
+ NOT-FOR-US: Esri
+CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
+ NOT-FOR-US: ArcGIS Server Manager
+CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...)
+ NOT-FOR-US: ArcGIS Server
+CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
+ NOT-FOR-US: ArcGIS Server Services Directory
+CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
+ NOT-FOR-US: ArcGIS Server Manager
+CVE-2021-29103 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server ...)
+ NOT-FOR-US: ArcGIS Server
+CVE-2021-29102 (A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Ma ...)
+ NOT-FOR-US: ArcGIS Server Manager
+CVE-2021-29101 (ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only direc ...)
+ NOT-FOR-US: ArcGIS GeoEvent Server
+CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...)
+ NOT-FOR-US: Esri
+CVE-2021-29099 (A SQL injection vulnerability exists in some configurations of ArcGIS ...)
+ NOT-FOR-US: Esri
+CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29097 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29095 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29093 (A use-after-free vulnerability when parsing a specially crafted file i ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-3461
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability in file ...)
+ NOT-FOR-US: Synology
+CVE-2021-29091 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-29090 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-29089 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-29088 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-29087 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-29086 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: Synology
+CVE-2021-29085 (Improper neutralization of special elements in output used by a downst ...)
+ NOT-FOR-US: Synology
+CVE-2021-29084 (Improper neutralization of special elements in output used by a downst ...)
+ NOT-FOR-US: Synology
+CVE-2021-29083 (Improper neutralization of special elements used in an OS command in S ...)
+ NOT-FOR-US: Synology
+CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...)
+ NOT-FOR-US: Motorola MH702x devices
+CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...)
+ NOT-FOR-US: MM1000 device
+CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...)
+ NOT-FOR-US: Motorola MM1000 device configuration portal
+CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29080 (Certain NETGEAR devices are affected by password reset by an unauthent ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29079 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29078 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29077 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29076 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29075 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29074 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29073 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29072 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29071 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29070 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29069 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29068 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29067 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29066 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29065 (NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29064
+ RESERVED
+CVE-2021-29063 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ - mpmath 1.2.1-2 (bug #990576)
+ [bullseye] - mpmath <no-dsa> (Minor issue)
+ [buster] - mpmath <no-dsa> (Minor issue)
+ [stretch] - mpmath <no-dsa> (Minor issue)
+ NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md
+ NOTE: https://github.com/fredrik-johansson/mpmath/issues/548
+ NOTE: https://github.com/fredrik-johansson/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833
+ NOTE: https://github.com/fredrik-johansson/mpmath/commit/2865c7d12b2a077d420427ad187eca831a48bff4
+CVE-2021-29062
+ RESERVED
+CVE-2021-29061 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ NOT-FOR-US: Vfsjfilechooser2
+CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ - node-color-string 1.5.4-2
+ [buster] - node-color-string <no-dsa> (Minor issue)
+ NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
+ NOTE: https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
+CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and be ...)
+ NOT-FOR-US: Node is-svg
+CVE-2021-29058
+ RESERVED
+CVE-2021-29057
+ RESERVED
+CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via ...)
+ NOT-FOR-US: Pixelimity
+CVE-2021-29055
+ RESERVED
+CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...)
+ NOT-FOR-US: Papoo
+CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29050
+ RESERVED
+CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal Workflow module ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29042
+ RESERVED
+CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29040 (The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29039 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29038
+ RESERVED
+CVE-2021-29037
+ RESERVED
+CVE-2021-29036
+ RESERVED
+CVE-2021-29035
+ RESERVED
+CVE-2021-29034
+ RESERVED
+CVE-2021-29033 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29032 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29031 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29030 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29029 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29028 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29027 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...)
+ NOT-FOR-US: InvoicePlane
+CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset ...)
+ NOT-FOR-US: InvoicePlane
+CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of ...)
+ NOT-FOR-US: InvoicePlane
+CVE-2021-29021
+ RESERVED
+CVE-2021-29020
+ RESERVED
+CVE-2021-29019
+ RESERVED
+CVE-2021-29018
+ RESERVED
+CVE-2021-29017
+ RESERVED
+CVE-2021-29016
+ RESERVED
+CVE-2021-29015
+ RESERVED
+CVE-2021-29014
+ RESERVED
+CVE-2021-29013
+ RESERVED
+CVE-2021-29012 (DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to ev ...)
+ NOT-FOR-US: DMA Softlab Radius Manager
+CVE-2021-29011 (DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting ( ...)
+ NOT-FOR-US: DMA Softlab Radius Manager
+CVE-2021-29010 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-29009 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-29007
+ RESERVED
+CVE-2021-29006 (rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An ...)
+ NOT-FOR-US: rConfig
+CVE-2021-29005 (Insecure permission of chmod command on rConfig server 3.9.6 exists. A ...)
+ NOT-FOR-US: rConfig
+CVE-2021-29004 (rConfig 3.9.6 is affected by SQL Injection. A user must be authenticat ...)
+ NOT-FOR-US: rConfig
+CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers ...)
+ NOT-FOR-US: Genexis devices
+CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...)
+ NOT-FOR-US: Plone
+CVE-2021-29001
+ RESERVED
+CVE-2021-29000
+ RESERVED
+CVE-2021-28999
+ RESERVED
+CVE-2021-28998
+ RESERVED
+CVE-2021-28997
+ RESERVED
+CVE-2021-28996
+ RESERVED
+CVE-2021-28995
+ RESERVED
+CVE-2021-28994 (kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8. ...)
+ - kopanocore <unfixed> (bug #986272)
+ [buster] - kopanocore <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/6
+CVE-2021-28993 (Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is ...)
+ NOT-FOR-US: Plixer Scrutinizer
+CVE-2021-28992
+ RESERVED
+CVE-2021-28991
+ RESERVED
+CVE-2021-28990
+ RESERVED
+CVE-2021-28989
+ RESERVED
+CVE-2021-28988
+ RESERVED
+CVE-2021-28987
+ RESERVED
+CVE-2021-28986
+ RESERVED
+CVE-2021-28985
+ RESERVED
+CVE-2021-28984
+ RESERVED
+CVE-2021-28983
+ RESERVED
+CVE-2021-28982
+ RESERVED
+CVE-2021-28981
+ RESERVED
+CVE-2021-28980
+ RESERVED
+CVE-2021-28979 (SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP resp ...)
+ NOT-FOR-US: SafeNet KeySecure Management Console
+CVE-2021-28978
+ RESERVED
+CVE-2021-28977 (Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upl ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in a ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The Shel ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3456
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-28975 (WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's de ...)
+ NOT-FOR-US: WP Mailster
+CVE-2021-28974
+ RESERVED
+CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...)
+ NOT-FOR-US: Helix ALM
+CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...)
+ NOT-FOR-US: Central Management of FireEye EX 3500 devices
+CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...)
+ NOT-FOR-US: Central Management of FireEye EX 3500 devices
+CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...)
+ NOT-FOR-US: PunBB
+CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...)
+ NOT-FOR-US: MATLAB extenstion for vscode
+CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a crafted ...)
+ - ruby2.7 <not-affected> (Windows-specific)
+ NOTE: https://hackerone.com/reports/1131465
+CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...)
+ {DSA-5066-1}
+ - ruby2.7 2.7.3-1 (bug #986807)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ [stretch] - ruby2.3 <postponed> (Minor issue; can be fixed in next update)
+ [experimental] - ruby-rexml 3.2.5-1
+ - ruby-rexml <removed> (bug #986806)
+ NOTE: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
+CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...)
+ {DLA-2690-1}
+ - linux 5.10.26-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <ignored> (Driver is specific to IBM Power systems)
+ NOTE: https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678
+CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.26-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea
+CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctree.c in ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.26-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
+CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a read-only adm ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
+ NOT-FOR-US: DDNS package for OpenWrt
+CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthe ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...)
+ NOT-FOR-US: vscode-sass-lint
+CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...)
+ NOT-FOR-US: git-bug
+CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...)
+ NOT-FOR-US: Chris Walz bit
+CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
+ NOT-FOR-US: unofficial C/C++ Advanced Lint extension for Visual Studio Code
+CVE-2021-3455 (Disconnecting L2CAP channel right after invalid ATT request leads free ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3454 (Truncated L2CAP K-frame causes assertion failure. Zephyr versions &gt; ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3453 (Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS m ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3452 (A potential vulnerability in the system shutdown SMI callback function ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3451 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...)
+ - openssl 1.1.1k-1
+ [buster] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
+ [stretch] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
+ - openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h)
+ NOTE: https://www.openssl.org/news/secadv/20210325.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
+CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...)
+ {DSA-4880-1 DLA-2606-1}
+ - lxml 4.6.3-1 (bug #985643)
+ NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
+ NOTE: https://github.com/lxml/lxml/pull/316
+ NOTE: https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
+CVE-2021-28952 (An issue was discovered in the Linux kernel through 5.11.8. The sound/ ...)
+ - linux 5.10.26-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/1c668e1c0a0f74472469cd514f40c9012b324c31
+CVE-2021-28951 (An issue was discovered in fs/io_uring.c in the Linux kernel through 5 ...)
+ - linux 5.10.26-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49
+CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before ...)
+ {DLA-2689-1}
+ - linux 5.10.24-1
+ NOTE: https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed
+CVE-2021-28949
+ RESERVED
+CVE-2021-28948
+ RESERVED
+CVE-2021-28947
+ RESERVED
+CVE-2021-28946
+ RESERVED
+CVE-2021-28945
+ RESERVED
+CVE-2021-28944
+ RESERVED
+CVE-2021-28943
+ RESERVED
+CVE-2021-28942
+ RESERVED
+CVE-2021-28941 (Because of no validation on a curl command in MagpieRSS 0.72 in the /e ...)
+ NOT-FOR-US: MagpieRSS
+CVE-2021-28940 (Because of a incorrect escaped exec command in MagpieRSS in 0.72 in th ...)
+ NOT-FOR-US: MagpieRSS
+CVE-2021-28939
+ RESERVED
+CVE-2021-28938 (Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2- ...)
+ NOT-FOR-US: Siren Federate
+CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...)
+ NOT-FOR-US: Acexy Wireless-N WiFi Repeater
+CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...)
+ NOT-FOR-US: Acexy Wireless-N WiFi Repeater
+CVE-2021-28935 (CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin ...)
+ NOT-FOR-US: CMS Made Simple (CMSMS)
+CVE-2021-28934
+ RESERVED
+CVE-2021-28933
+ RESERVED
+CVE-2021-28932
+ RESERVED
+CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers ...)
+ NOT-FOR-US: Fork CMS
+CVE-2021-28930
+ RESERVED
+CVE-2021-28929
+ RESERVED
+CVE-2021-28928
+ RESERVED
+CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 1.9.0 pass ...)
+ - retroarch <not-affected> (Windows-specific)
+CVE-2021-28926
+ RESERVED
+CVE-2021-28925 (SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 vi ...)
+ NOT-FOR-US: Nagios Network Analyzer
+CVE-2021-28924 (Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the ...)
+ NOT-FOR-US: Nagios Network Analyzer
+CVE-2021-28923
+ RESERVED
+CVE-2021-28922
+ RESERVED
+CVE-2021-28921
+ RESERVED
+CVE-2021-28920
+ RESERVED
+CVE-2021-28919
+ RESERVED
+CVE-2021-28918 (Improper input validation of octal strings in netmask npm package v1.0 ...)
+ NOT-FOR-US: netmask nodejs module
+ NOTE: https://sick.codes/sick-2021-011
+ NOTE: https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
+CVE-2021-28917
+ RESERVED
+CVE-2021-28916
+ RESERVED
+CVE-2021-28915
+ RESERVED
+CVE-2021-28914 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28913 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28912 (BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard c ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28911 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28910 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSR ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28909 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28908
+ RESERVED
+CVE-2021-28907
+ RESERVED
+CVE-2021-28906 (In function read_yin_leaf() in libyang &lt;= v1.0.225, it doesn't chec ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1455
+CVE-2021-28905 (In function lys_node_free() in libyang &lt;= v1.0.225, it asserts that ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1452
+CVE-2021-28904 (In function ext_get_plugin() in libyang &lt;= v1.0.225, it doesn't che ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1451
+CVE-2021-28903 (A stack overflow in libyang &lt;= v1.0.225 can cause a denial of servi ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1453
+CVE-2021-28902 (In function read_yin_container() in libyang &lt;= v1.0.225, it doesn't ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1454
+CVE-2021-28901 (Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Soft ...)
+ NOT-FOR-US: Sita Software Azur CMS.
+CVE-2021-28900
+ RESERVED
+CVE-2021-28899 (Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileS ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <no-dsa> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-March/021891.html
+CVE-2021-28898
+ RESERVED
+CVE-2021-28897
+ RESERVED
+CVE-2021-28896
+ RESERVED
+CVE-2021-28895
+ RESERVED
+CVE-2021-28894
+ RESERVED
+CVE-2021-28893
+ RESERVED
+CVE-2021-28892
+ RESERVED
+CVE-2021-28891
+ RESERVED
+CVE-2021-28890 (J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via th ...)
+ NOT-FOR-US: J2eeFAST
+CVE-2021-28889
+ RESERVED
+CVE-2021-28888
+ RESERVED
+CVE-2021-28887
+ RESERVED
+CVE-2021-28886
+ RESERVED
+CVE-2021-28885
+ RESERVED
+CVE-2021-28884
+ RESERVED
+CVE-2021-28883
+ RESERVED
+CVE-2021-28882
+ RESERVED
+CVE-2021-28881
+ RESERVED
+CVE-2021-28880
+ RESERVED
+CVE-2021-28879 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/82282
+ NOTE: https://github.com/rust-lang/rust/pull/82289
+CVE-2021-28878 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/82291
+ NOTE: https://github.com/rust-lang/rust/pull/82292
+CVE-2021-28877 (In the standard library in Rust before 1.51.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/pull/80670
+CVE-2021-28876 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/81740
+ NOTE: https://github.com/rust-lang/rust/pull/81741
+CVE-2021-28875 (In the standard library in Rust before 1.50.0, read_to_end() does not ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/80894
+ NOTE: https://github.com/rust-lang/rust/pull/80895
+CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-28873
+ RESERVED
+CVE-2021-28872
+ RESERVED
+CVE-2021-28871
+ RESERVED
+CVE-2021-28870
+ RESERVED
+CVE-2021-28869
+ RESERVED
+CVE-2021-28868
+ RESERVED
+CVE-2021-28867
+ RESERVED
+CVE-2021-28866
+ RESERVED
+CVE-2021-28865
+ RESERVED
+CVE-2021-28864
+ RESERVED
+CVE-2021-28863
+ RESERVED
+CVE-2021-28862
+ RESERVED
+CVE-2021-28861
+ RESERVED
+CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...)
+ NOT-FOR-US: Node mixme
+CVE-2021-28859
+ RESERVED
+CVE-2021-28858 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL b ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-28857 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and passw ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...)
+ NOT-FOR-US: Deark
+CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...)
+ NOT-FOR-US: Deark
+CVE-2021-28854
+ RESERVED
+CVE-2021-28853
+ RESERVED
+CVE-2021-28852
+ RESERVED
+CVE-2021-28851
+ RESERVED
+CVE-2021-28850
+ RESERVED
+CVE-2021-28849
+ RESERVED
+CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of service ...)
+ NOT-FOR-US: Mintty
+CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...)
+ NOT-FOR-US: MobaXterm
+CVE-2021-28846 (A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28845 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28844 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28843 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28842 (Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11 ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28841 (Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28840 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28839 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28838 (Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, D ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28837
+ RESERVED
+CVE-2021-28836
+ RESERVED
+CVE-2021-28835
+ RESERVED
+CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge: ...)
+ {DSA-4890-1}
+ - ruby-kramdown 2.3.0-5 (bug #985569)
+ [stretch] - ruby-kramdown <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gettalong/kramdown/pull/708
+ NOTE: Fixed by: https://github.com/gettalong/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b2422760
+ NOTE: Introduced by https://github.com/gettalong/kramdown/commit/ff0218aefcf00cd5a389e17e075d36cd46d011e2 (v1.16)
+CVE-2021-28833 (Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist ...)
+ NOT-FOR-US: Increments Qiita::Markdown
+CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via ...)
+ NOT-FOR-US: VSCodeVim
+CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...)
+ {DLA-2614-1}
+ - busybox <unfixed> (bug #985674)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
+CVE-2021-27851 (A security vulnerability that can lead to local privilege escalation h ...)
+ - guix 1.2.0-4 (bug #985467; unimportant)
+ NOTE: https://issues.guix.gnu.org/47229
+ NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
+ NOTE: https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/
+ NOTE: Neutralised by kernel hardening (fs.protected_hardlinks = 1)
+CVE-2021-28830 (The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R component ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28829 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28828 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28827 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28826 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28825 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Acti ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise Message Se ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28810 (If exploited, this vulnerability allows an attacker to access resource ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28809 (An improper access control vulnerability has been reported to affect c ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28808
+ RESERVED
+CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been reported to ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28804 (A command injection vulnerabilities have been reported to affect QTS a ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28803 (This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11. ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28802 (A command injection vulnerabilities have been reported to affect QTS a ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28800 (A command injection vulnerability has been reported to affect QNAP NAS ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28798 (A relative path traversal vulnerability has been reported to affect QN ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...)
+ NOT-FOR-US: QNAP NAS devices
+CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
+ NOT-FOR-US: Increments Qiita::Markdown
+CVE-2021-28795
+ RESERVED
+CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...)
+ NOT-FOR-US: ShellCheck extension for Visual Studio Code
+CVE-2021-28793 (vscode-restructuredtext before 146.0.0 contains an incorrect access co ...)
+ NOT-FOR-US: vscode-restructuredtext
+CVE-2021-28792 (The unofficial Swift Development Environment extension before 2.12.1 f ...)
+ NOT-FOR-US: Swift Development Environment extension for Visual Studio Code
+CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Co ...)
+ NOT-FOR-US: SwiftFormat extension for Visual Studio Code
+CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code ...)
+ NOT-FOR-US: SwiftLint extension for Visual Studio Code
+CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for Visual St ...)
+ NOT-FOR-US: apple/swift-format extension for Visual Studio Code
+CVE-2021-28788
+ RESERVED
+CVE-2021-28787
+ RESERVED
+CVE-2021-28786
+ RESERVED
+CVE-2021-28785
+ RESERVED
+CVE-2021-28784
+ RESERVED
+CVE-2021-28783
+ RESERVED
+CVE-2021-28782
+ RESERVED
+CVE-2021-28781
+ RESERVED
+CVE-2021-28780
+ RESERVED
+CVE-2021-28779
+ RESERVED
+CVE-2021-28778
+ RESERVED
+CVE-2021-28777
+ RESERVED
+CVE-2021-28776
+ RESERVED
+CVE-2021-28775
+ RESERVED
+CVE-2021-28774
+ RESERVED
+CVE-2021-28773
+ RESERVED
+CVE-2021-28772
+ RESERVED
+CVE-2021-28771
+ RESERVED
+CVE-2021-28770
+ RESERVED
+CVE-2021-28769
+ RESERVED
+CVE-2021-28768
+ RESERVED
+CVE-2021-28767
+ RESERVED
+CVE-2021-28766
+ RESERVED
+CVE-2021-28765
+ RESERVED
+CVE-2021-28764
+ RESERVED
+CVE-2021-28763
+ RESERVED
+CVE-2021-28762
+ RESERVED
+CVE-2021-28761
+ RESERVED
+CVE-2021-28760
+ RESERVED
+CVE-2021-28759
+ RESERVED
+CVE-2021-28758
+ RESERVED
+CVE-2021-28757
+ RESERVED
+CVE-2021-28756
+ RESERVED
+CVE-2021-28755
+ RESERVED
+CVE-2021-28754
+ RESERVED
+CVE-2021-28753
+ RESERVED
+CVE-2021-28752
+ RESERVED
+CVE-2021-28751
+ RESERVED
+CVE-2021-28750
+ RESERVED
+CVE-2021-28749
+ RESERVED
+CVE-2021-28748
+ RESERVED
+CVE-2021-28747
+ RESERVED
+CVE-2021-28746
+ RESERVED
+CVE-2021-28745
+ RESERVED
+CVE-2021-28744
+ RESERVED
+CVE-2021-28743
+ RESERVED
+CVE-2021-28742
+ RESERVED
+CVE-2021-28741
+ RESERVED
+CVE-2021-28740
+ RESERVED
+CVE-2021-28739
+ RESERVED
+CVE-2021-28738
+ RESERVED
+CVE-2021-28737
+ RESERVED
+CVE-2021-28736
+ RESERVED
+CVE-2021-28735
+ RESERVED
+CVE-2021-28734
+ RESERVED
+CVE-2021-28733
+ RESERVED
+CVE-2021-28732
+ REJECTED
+CVE-2021-28731
+ RESERVED
+CVE-2021-28730
+ RESERVED
+CVE-2021-28729
+ RESERVED
+CVE-2021-28728
+ RESERVED
+CVE-2021-28727
+ RESERVED
+CVE-2021-28726
+ RESERVED
+CVE-2021-28725
+ RESERVED
+CVE-2021-28724
+ RESERVED
+CVE-2021-28723
+ RESERVED
+CVE-2021-28722
+ RESERVED
+CVE-2021-28721
+ RESERVED
+CVE-2021-28720
+ RESERVED
+CVE-2021-28719
+ RESERVED
+CVE-2021-28718
+ RESERVED
+CVE-2021-28717
+ RESERVED
+CVE-2021-28716
+ RESERVED
+CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-392.html
+CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-392.html
+CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
+ - xen <not-affected> (Only affects 4.15 series)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/9
+ NOTE: https://xenbits.xen.org/xsa/advisory-390.html
+CVE-2021-28709 (issues with partially successful P2M updates on x86 T[his CNA informat ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-389.html
+CVE-2021-28708 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-388.html
+CVE-2021-28707 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-388.html
+CVE-2021-28706 (guests may exceed their designated memory limit When a guest is permit ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-385.html
+CVE-2021-28705 (issues with partially successful P2M updates on x86 T[his CNA informat ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-389.html
+CVE-2021-28704 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-388.html
+CVE-2021-28703 (grant table v2 status pages may remain accessible after de-allocation ...)
+ - xen 4.14.0+80-gd101b417b7-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-387.html
+ NOTE: Fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches
+ NOTE: as a prerequisite of the fix for XSA-378. 4.14.0-1~exp1 was the first version in
+ NOTE: Debian including the fix.
+ NOTE: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e (4.14.0-rc1)
+CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-386.html
+CVE-2021-28701 (Another race in XENMAPSPACE_grant_table handling Guests are permitted ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-384.html
+CVE-2021-28700 (xen/arm: No memory limit for dom0less domUs The dom0less feature allow ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <not-affected> (Only affects 4.12 and later)
+ [stretch] - xen <not-affected> (Only affects 4.12 and later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-383.html
+CVE-2021-28699 (inadequate grant-v2 status frames array bounds check The v2 grant tabl ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <not-affected> (Only affects 4.10 and later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-382.html
+CVE-2021-28698 (long running loops in grant table handling In order to properly monito ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-380.html
+CVE-2021-28697 (grant table v2 status pages may remain accessible after de-allocation ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-379.html
+CVE-2021-28696 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-378.html
+CVE-2021-28695 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-378.html
+CVE-2021-28694 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-378.html
+CVE-2021-28693 (xen/arm: Boot modules are not scrubbed The bootloader will load boot m ...)
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [buster] - xen <not-affected> (Only affects 4.12 and later)
+ [stretch] - xen <not-affected> (Only affects 4.12 and later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-372.html
+CVE-2021-28692 (inappropriate x86 IOMMU timeout detection / handling IOMMUs process co ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-373.html
+CVE-2021-28691 (Guest triggered use-after-free in Linux xen-netback A malicious or bug ...)
+ - linux 5.10.46-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-374.html
+CVE-2021-28690 (x86: TSX Async Abort protections not restored after S3 This issue rela ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-377.html
+CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ...)
+ - xen <unfixed> (unimportant)
+ NOTE: https://xenbits.xen.org/xsa/advisory-370.html
+ NOTE: Unfixable design/architecture limitation, no fix planned
+CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-371.html
+ NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
+CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28684 (The XML parser used in ConeXware PowerArchiver before 20.10.02 allows ...)
+ NOT-FOR-US: ConeXware PowerArchiver
+CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
+ NOT-FOR-US: Pion WebRTC
+CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...)
+ NOT-FOR-US: devise_masquerade
+CVE-2021-28679
+ RESERVED
+CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
+ NOTE: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1
+CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...)
+ {DLA-2716-1}
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <no-dsa> (Minor issue)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
+ NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
+CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...)
+ {DLA-2716-1}
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <ignored> (Minor issue)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
+ NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
+CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
+ NOTE: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497
+CVE-2021-28674 (The node management page in SolarWinds Orion Platform before 2020.2.5 ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28672 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28671 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28669 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28668 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loop that ...)
+ NOT-FOR-US: StackStorm
+CVE-2021-28666
+ RESERVED
+CVE-2021-28665 (Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a me ...)
+ NOT-FOR-US: Stormshield SNS
+CVE-2021-28664 (The Arm Mali GPU kernel driver allows privilege escalation or a denial ...)
+ NOT-FOR-US: ARM components for Android
+CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or informat ...)
+ NOT-FOR-US: ARM components for Android
+CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...)
+ {DSA-4924-1}
+ - squid 4.13-10 (bug #988891)
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
+CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...)
+ NOT-FOR-US: ilverStripe GraphQL Server
+CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...)
+ {DSA-4875-1}
+ - openssl 1.1.1k-1
+ [stretch] - openssl <not-affected> (Vulnerable code introduced later)
+ - openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
+ NOTE: https://www.openssl.org/news/secadv/20210325.txt
+ NOTE: Introduced by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319 (OpenSSL_1_1_1-pre1)
+ NOTE: Prerequisite: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7
+ NOTE: Prerequisite (test): https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
+ NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148 (OpenSSL_1_1_1k)
+ NOTE: Followup: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
+CVE-2021-28687 (HVM soft-reset crashes toolstack libxl requires all data structures pa ...)
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-368.html
+CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
+ {DLA-2689-1 DLA-2610-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
+CVE-2021-28659
+ RESERVED
+CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...)
+ {DLA-2622-1}
+ - python-django 2:2.2.20-1 (bug #986447)
+ [buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
+ NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)
+ NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20)
+CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...)
+ - tika <unfixed> (bug #986805)
+ [bullseye] - tika <no-dsa> (Minor issue)
+ [buster] - tika <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3
+CVE-2021-28656
+ RESERVED
+CVE-2021-28655
+ RESERVED
+CVE-2021-28654
+ RESERVED
+CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital G-Technolo ...)
+ NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology ArmorLock NVMe SSD
+CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #988892)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch
+CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #988893)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-a975fd5aedc866629214aaaccb38376855351899.patch
+CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injection beca ...)
+ {DSA-4872-1 DLA-2599-1}
+ - shibboleth-sp 3.2.1+dfsg1-1 (bug #985405)
+ - shibboleth-sp2 <removed>
+ NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt
+ NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-922
+ NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379
+CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configured t ...)
+ - dnsmasq 2.85-1
+ [buster] - dnsmasq <postponed> (Revisit once upstream has backported to 2.80)
+ [stretch] - dnsmasq <postponed> (Probably easier to base the patch on a backported version)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939368
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
+CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...)
+ - ansible <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
+ NOTE: check, details on upstream status not yet clear
+CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonly use ...)
+ - libtpms 0.8.2-1 (bug #986799)
+ NOTE: https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e
+CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
+ [experimental] - gnome-autoar 0.3.1-1
+ - gnome-autoar 0.4.0-1 (bug #985391)
+ [bullseye] - gnome-autoar <no-dsa> (Minor issue)
+ [buster] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+ [stretch] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+ NOTE: Issue exists because of an incomplete fix for CVE-2020-36241.
+ NOTE: Two followup/regression patches:
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/135053d5d3a0320891cf2e2ad4684b648bb46fc8
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/b9590ab77b70e74e9deffd2af6c32908dc3c5aaf
+CVE-2021-28649 (An incorrect permission vulnerability in the product installer for Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28648 (Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vu ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28646 (An insecure file permissions vulnerability in Trend Micro Apex One, Ap ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28645 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality in v ...)
+ - libdnf 0.55.2-6 (bug #986802)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
+ NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
+CVE-2021-28644
+ RESERVED
+CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28641 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28640 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28639 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28638 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28637 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28636 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28635 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28634 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28633 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28632 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28631 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28630 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28629 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28628 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28627 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28626 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28625 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28624 (Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28622 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28621 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28620 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28619 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28618 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28617 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28616 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28615 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28614 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28613 (Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28612 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28611 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28610 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28609 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28608 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28607 (Adobe After Effects version 18.2 (and earlier) is affected by a heap c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28606 (Adobe After Effects version 18.2 (and earlier) is affected by a Stack- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28605 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28604 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28603 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28602 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28601 (Adobe After Effects version 18.2 (and earlier) is affected by a Null p ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28600 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28599
+ RESERVED
+CVE-2021-28598
+ RESERVED
+CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected by an i ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28596 (Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earl ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28595 (Adobe Dimension version 3.4 (and earlier) is affected by an Uncontroll ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28594 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28593 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use Af ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28592 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28591 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28590 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28589 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28582
+ RESERVED
+CVE-2021-28581 (Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncon ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28580 (Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffe ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28579 (Adobe Connect version 11.2.1 (and earlier) is affected by an Improper ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28578
+ RESERVED
+CVE-2021-28577
+ RESERVED
+CVE-2021-28576 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28575 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28574 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28573 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28572
+ RESERVED
+CVE-2021-28571 (Adobe After Effects version 18.1 (and earlier) is affected by a potent ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28570 (Adobe After Effects version 18.1 (and earlier) is affected by an Uncon ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28569 (Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28568 (Adobe Genuine Services version 7.1 (and earlier) is affected by an Ins ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28567 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28566 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28565 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28564 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28561 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28560 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28559 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28558 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28557 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28555 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28554 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28553 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28552 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28551 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28550 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28548 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28547 (Adobe Creative Cloud Desktop Application for macOS version 5.3 (and ea ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28544
+ RESERVED
+CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)
+ - varnish-modules <not-affected> (Vulnerable code ot present; bug #985947)
+ NOTE: https://varnish-cache.org/security/VSV00006.html
+ NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/2c120e576ebb73bc247790184702ba58dc0afc39 (0.18.0)
+ NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/71a1f1383158cc1c1cb3ab2b4d3ff93b044902f5 (0.17.1)
+ NOTE: Introduced by: https://github.com/varnish/varnish-modules/commit/b4d5927a2fbba31b1213225138f8432572414a24 (0.17.0)
+CVE-2021-28542
+ RESERVED
+CVE-2021-28541
+ RESERVED
+CVE-2021-28540
+ RESERVED
+CVE-2021-28539
+ RESERVED
+CVE-2021-28538
+ RESERVED
+CVE-2021-28537
+ RESERVED
+CVE-2021-28536
+ RESERVED
+CVE-2021-28535
+ RESERVED
+CVE-2021-28534
+ RESERVED
+CVE-2021-28533
+ RESERVED
+CVE-2021-28532
+ RESERVED
+CVE-2021-28531
+ RESERVED
+CVE-2021-28530
+ RESERVED
+CVE-2021-28529
+ RESERVED
+CVE-2021-28528
+ RESERVED
+CVE-2021-28527
+ RESERVED
+CVE-2021-28526
+ RESERVED
+CVE-2021-28525
+ RESERVED
+CVE-2021-28524
+ RESERVED
+CVE-2021-28523
+ RESERVED
+CVE-2021-28522
+ RESERVED
+CVE-2021-28521
+ RESERVED
+CVE-2021-28520
+ RESERVED
+CVE-2021-28519
+ RESERVED
+CVE-2021-28518
+ RESERVED
+CVE-2021-28517
+ RESERVED
+CVE-2021-28516
+ RESERVED
+CVE-2021-28515
+ RESERVED
+CVE-2021-28514
+ RESERVED
+CVE-2021-28513
+ RESERVED
+CVE-2021-28512
+ RESERVED
+CVE-2021-28511
+ RESERVED
+CVE-2021-28510
+ RESERVED
+CVE-2021-28509
+ RESERVED
+CVE-2021-28508
+ RESERVED
+CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under certa ...)
+ NOT-FOR-US: Arista
+CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...)
+ NOT-FOR-US: Arista
+CVE-2021-28505
+ RESERVED
+CVE-2021-28504
+ RESERVED
+CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
+ NOT-FOR-US: Arista
+CVE-2021-28502
+ RESERVED
+CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
+ NOT-FOR-US: Arista
+CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the incorrec ...)
+ NOT-FOR-US: Arista
+CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28496 (On systems running Arista EOS and CloudEOS with the affected release v ...)
+ NOT-FOR-US: Arista
+CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...)
+ {DLA-2785-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2
+CVE-2021-28492 (Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, an ...)
+ NOT-FOR-US: Unisys Stealth
+CVE-2021-28491
+ RESERVED
+CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cook ...)
+ NOT-FOR-US: OWASP CSRFGuard
+CVE-2021-28489
+ RESERVED
+CVE-2021-28488
+ RESERVED
+CVE-2021-28487
+ RESERVED
+CVE-2021-28486
+ RESERVED
+CVE-2021-28485
+ RESERVED
+CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...)
+ NOT-FOR-US: yubihsm-connector
+CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/269
+ NOTE: https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
+CVE-2021-3442
+ RESERVED
+ NOT-FOR-US: Red Hat OpenShift API Management
+CVE-2021-28483 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28482 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28481 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28480 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28479 (Windows CSC Service Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28478 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28477 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28476 (Hyper-V Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28475 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28474 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28473 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28472 (Visual Studio Code Maven for Java Extension Remote Code Execution Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28471 (Remote Development Extension for Visual Studio Code Remote Code Execut ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28470 (Visual Studio Code GitHub Pull Requests and Issues Extension Remote Co ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28469 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28468 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28467
+ RESERVED
+CVE-2021-28466 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28465 (Web Media Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28464 (VP9 Video Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28463
+ RESERVED
+CVE-2021-28462
+ RESERVED
+CVE-2021-28461 (Dynamics Finance and Operations Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28460 (Azure Sphere Unsigned Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28459 (Azure DevOps Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28458 (Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28457 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28456 (Microsoft Excel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28455 (Microsoft Jet Red Database Engine and Access Connectivity Engine Remot ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28454 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28453 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28452 (Microsoft Outlook Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28451 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28450 (Microsoft SharePoint Denial of Service Update ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28449 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28448 (Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28447 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28446 (Windows Portmapping Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28445 (Windows Network File System Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28444 (Windows Hyper-V Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28443 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28442 (Windows TCP/IP Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28441 (Windows Hyper-V Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28440 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28439 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28438 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28437 (Windows Installer Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28436 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28435 (Windows Event Tracing Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28434 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28433
+ RESERVED
+CVE-2021-28432
+ RESERVED
+CVE-2021-28431
+ RESERVED
+CVE-2021-28430
+ RESERVED
+CVE-2021-28429
+ RESERVED
+CVE-2021-28428
+ RESERVED
+CVE-2021-28427
+ RESERVED
+CVE-2021-28426
+ RESERVED
+CVE-2021-28425
+ RESERVED
+CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers Record M ...)
+ NOT-FOR-US: Teachers Record Management
+CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record Management S ...)
+ NOT-FOR-US: Teachers Record Management
+CVE-2021-28422
+ RESERVED
+CVE-2021-28421
+ REJECTED
+CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28416
+ RESERVED
+CVE-2021-28415
+ RESERVED
+CVE-2021-28414
+ RESERVED
+CVE-2021-28413
+ RESERVED
+CVE-2021-28412
+ RESERVED
+CVE-2021-28411
+ RESERVED
+CVE-2021-28410
+ RESERVED
+CVE-2021-28409
+ RESERVED
+CVE-2021-28408
+ RESERVED
+CVE-2021-28407
+ RESERVED
+CVE-2021-28406
+ RESERVED
+CVE-2021-28405
+ RESERVED
+CVE-2021-28404
+ RESERVED
+CVE-2021-28403
+ RESERVED
+CVE-2021-28402
+ RESERVED
+CVE-2021-28401
+ RESERVED
+CVE-2021-28400
+ RESERVED
+CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...)
+ NOT-FOR-US: OrangeHRM
+CVE-2021-28398
+ RESERVED
+CVE-2021-28397
+ RESERVED
+CVE-2021-28396
+ RESERVED
+CVE-2021-28395
+ RESERVED
+CVE-2021-28394
+ RESERVED
+CVE-2021-28393
+ RESERVED
+CVE-2021-28392
+ RESERVED
+CVE-2021-28391
+ RESERVED
+CVE-2021-28390
+ RESERVED
+CVE-2021-28389
+ RESERVED
+CVE-2021-28388
+ RESERVED
+CVE-2021-28387
+ RESERVED
+CVE-2021-28386
+ RESERVED
+CVE-2021-28385
+ RESERVED
+CVE-2021-28384
+ RESERVED
+CVE-2021-28383
+ RESERVED
+CVE-2021-28382 (Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on th ...)
+ NOT-FOR-US: Zoho
+CVE-2021-28381 (The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 ...)
+ NOT-FOR-US: vhs (aka VHS: Fluid ViewHelpers) extension for TYPO3
+CVE-2021-28380 (The aimeos (aka Aimeos shop and e-commerce framework) extension before ...)
+ NOT-FOR-US: aimeos (aka Aimeos shop and e-commerce framework) extension for TYPO3
+CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) thro ...)
+ NOT-FOR-US: Vesta Control Panel
+CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...)
+ - gitea <removed>
+CVE-2021-28377 (ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary fi ...)
+ NOT-FOR-US: ChronoForums
+CVE-2021-28376 (ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary f ...)
+ NOT-FOR-US: ChronoForums
+CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03- ...)
+ - tt-rss <not-affected> (Vulnerable code introduced later)
+ NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502
+ NOTE: Introduced by: https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32
+ NOTE: Fixed by: https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2
+CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to imperson ...)
+ NOT-FOR-US: ThroughTek
+CVE-2021-28371
+ RESERVED
+CVE-2021-28370
+ RESERVED
+CVE-2021-28369
+ RESERVED
+CVE-2021-28368
+ RESERVED
+CVE-2021-28367
+ RESERVED
+CVE-2021-28366
+ RESERVED
+CVE-2021-28365
+ RESERVED
+CVE-2021-28364
+ RESERVED
+CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...)
+ - python-urllib3 1.26.4-1
+ [buster] - python-urllib3 <not-affected> (Vulnerable code introduced later)
+ [stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
+ NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 (1.26.4)
+ NOTE: Support for HTTPS request via HTTPS proxies only introduced in 1.26.0.
+ NOTE: In Debian urllib3 does require SSL certificate validation by default (since 1.3-3)
+ NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872).
+CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending an ICMPv6 ...)
+ NOT-FOR-US: Contiki
+CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK) ...)
+ NOT-FOR-US: Storage Performance Development Kit
+CVE-2021-28360
+ RESERVED
+CVE-2021-28359 (The "origin" parameter passed to some of the endpoints like '/trigger' ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-28358 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28357 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28356 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28355 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28354 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28353 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28352 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28351 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28350 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28349 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28348 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28347 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28346 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28345 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28344 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28343 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28342 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28341 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28340 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28339 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28338 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28337 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28336 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28335 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28334 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28333 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28332 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28331 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28330 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28329 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28328 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28327 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28326 (Windows AppX Deployment Server Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28325 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28324 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28323 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28322 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28321 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28320 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28319 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28318 (Windows GDI+ Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28317 (Microsoft Windows Codecs Library Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28316 (Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28315 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28314 (Windows Hyper-V Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28313 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28312 (Windows NTFS Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28311 (Windows Application Compatibility Cache Denial of Service Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28310 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28309 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ NOT-FOR-US: Rust craste fltk
+CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ NOT-FOR-US: Rust craste fltk
+CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ NOT-FOR-US: Rust craste fltk
+CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...)
+ - rust-diesel <unfixed> (bug #987275)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html
+CVE-2021-28304
+ RESERVED
+CVE-2021-28303
+ RESERVED
+CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the denial o ...)
+ - pupnp-1.8 <unfixed> (bug #986833)
+ [bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
+ [buster] - pupnp-1.8 <no-dsa> (Minor issue)
+ - libupnp <removed>
+ [stretch] - libupnp <no-dsa> (Minor issue)
+ NOTE: https://github.com/pupnp/pupnp/issues/249
+CVE-2021-28301
+ RESERVED
+CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrac ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987020)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <postponed> (Minor issue; can be fixed in next update)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1702
+ NOTE: https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca
+CVE-2021-28299
+ RESERVED
+CVE-2021-28298
+ RESERVED
+CVE-2021-28297
+ RESERVED
+CVE-2021-28296
+ RESERVED
+CVE-2021-28295 (Online Ordering System 1.0 is vulnerable to unauthenticated SQL inject ...)
+ NOT-FOR-US: Online Ordering System
+CVE-2021-28294 (Online Ordering System 1.0 is vulnerable to arbitrary file upload thro ...)
+ NOT-FOR-US: Online Ordering System
+CVE-2021-28293 (Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated ...)
+ NOT-FOR-US: Seceon aiSIEM
+CVE-2021-28292
+ RESERVED
+CVE-2021-28291
+ RESERVED
+CVE-2021-28290
+ RESERVED
+CVE-2021-28289
+ RESERVED
+CVE-2021-28288
+ RESERVED
+CVE-2021-28287
+ RESERVED
+CVE-2021-28286
+ RESERVED
+CVE-2021-28285
+ RESERVED
+CVE-2021-28284
+ RESERVED
+CVE-2021-28283
+ RESERVED
+CVE-2021-28282
+ RESERVED
+CVE-2021-28281
+ RESERVED
+CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFu ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-28279
+ RESERVED
+CVE-2021-28278
+ RESERVED
+CVE-2021-28277
+ RESERVED
+CVE-2021-28276
+ RESERVED
+CVE-2021-28275
+ RESERVED
+CVE-2021-28274
+ RESERVED
+CVE-2021-28273
+ RESERVED
+CVE-2021-28272
+ RESERVED
+CVE-2021-28271 (Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of ...)
+ NOT-FOR-US: Soyal Technologies SOYAL 701Server
+CVE-2021-28270
+ RESERVED
+CVE-2021-28269 (Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions ...)
+ NOT-FOR-US: Soyal Technology 701Client
+CVE-2021-28268
+ RESERVED
+CVE-2021-28267
+ RESERVED
+CVE-2021-28266
+ RESERVED
+CVE-2021-28265
+ RESERVED
+CVE-2021-28264
+ RESERVED
+CVE-2021-28263
+ RESERVED
+CVE-2021-28262
+ RESERVED
+CVE-2021-28261
+ RESERVED
+CVE-2021-28260
+ RESERVED
+CVE-2021-28259
+ RESERVED
+CVE-2021-28258
+ RESERVED
+CVE-2021-28257
+ RESERVED
+CVE-2021-28256
+ RESERVED
+CVE-2021-28255
+ RESERVED
+CVE-2021-28254
+ RESERVED
+CVE-2021-28253
+ RESERVED
+CVE-2021-28252
+ RESERVED
+CVE-2021-28251
+ RESERVED
+CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28245 (PbootCMS 3.0.4 contains a SQL injection vulnerability through index.ph ...)
+ NOT-FOR-US: PbootCMS
+CVE-2021-28244
+ RESERVED
+CVE-2021-28243
+ RESERVED
+CVE-2021-28242 (SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stab ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2021-28241
+ RESERVED
+CVE-2021-28240
+ RESERVED
+CVE-2021-28239
+ RESERVED
+CVE-2021-28238
+ RESERVED
+CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-28235
+ RESERVED
+CVE-2021-28234
+ RESERVED
+CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 v ...)
+ NOT-FOR-US: ok-file-formats
+CVE-2021-28232
+ RESERVED
+CVE-2021-28231
+ RESERVED
+CVE-2021-28230
+ RESERVED
+CVE-2021-28229
+ RESERVED
+CVE-2021-28228
+ RESERVED
+CVE-2021-28227
+ RESERVED
+CVE-2021-28226
+ RESERVED
+CVE-2021-28225
+ RESERVED
+CVE-2021-28224
+ RESERVED
+CVE-2021-28223
+ RESERVED
+CVE-2021-28222
+ RESERVED
+CVE-2021-28221
+ RESERVED
+CVE-2021-28220
+ RESERVED
+CVE-2021-28219
+ RESERVED
+CVE-2021-28218
+ RESERVED
+CVE-2021-28217
+ RESERVED
+CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...)
+ NOT-FOR-US: HP
+CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...)
+ NOT-FOR-US: HP
+CVE-2021-3439
+ RESERVED
+CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
+ NOT-FOR-US: HP LaserJet products and Samsung product printers
+CVE-2021-3437
+ RESERVED
+CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distribution ph ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
+ - edk2 <unfixed>
+ [bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957
+CVE-2021-28215
+ RESERVED
+CVE-2021-28214
+ RESERVED
+CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...)
+ - edk2 0~20190606.20d2e5a1-2 (bug #989988; unimportant)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866
+ NOTE: IpSecDxe code not built.
+CVE-2021-28212
+ RESERVED
+CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...)
+ {DLA-2645-1}
+ - edk2 2020.11-1
+ [buster] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816
+ NOTE: https://github.com/tianocore/edk2/pull/1138
+ NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0
+CVE-2021-28210 (An unlimited recursion in DxeCore in EDK II. ...)
+ {DLA-2645-1}
+ - edk2 2020.11-1
+ [buster] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
+ NOTE: https://github.com/tianocore/edk2/pull/1137
+ NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919
+CVE-2021-28209 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28208 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28207 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28206 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28205 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28204 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28203 (The Web Set Media Image function in ASUS BMC&#8217;s firmware Web mana ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28202 (The Service configuration-2 function in ASUS BMC&#8217;s firmware Web ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28201 (The Service configuration-1 function in ASUS BMC&#8217;s firmware Web ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28200 (The CD media configuration function in ASUS BMC&#8217;s firmware Web m ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28199 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28198 (The Firmware protocol configuration function in ASUS BMC&#8217;s firmw ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28197 (The Active Directory configuration function in ASUS BMC&#8217;s firmwa ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28196 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28195 (The Radius configuration function in ASUS BMC&#8217;s firmware Web man ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28194 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28193 (The SMTP configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28192 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28191 (The Firmware update function in ASUS BMC&#8217;s firmware Web manageme ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28190 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28189 (The SMTP configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28188 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28187 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28186 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28185 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28184 (The Active Directory configuration function in ASUS BMC&#8217;s firmwa ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28183 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28182 (The Web Service configuration function in ASUS BMC&#8217;s firmware We ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28181 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28180 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28179 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28178 (The UEFI configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28177 (The LDAP configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28176 (The DNS configuration function in ASUS BMC&#8217;s firmware Web manage ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28175 (The Radius configuration function in ASUS BMC&#8217;s firmware Web man ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28174 (Mitake smart stock selection system contains a broken authentication v ...)
+ NOT-FOR-US: Mitake smart stock selection system
+CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...)
+ NOT-FOR-US: Vangene deltaFlow E-platform
+CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...)
+ NOT-FOR-US: Vangene deltaFlow E-platform
+CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...)
+ NOT-FOR-US: Vangene deltaFlow E-platform
+CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...)
+ - jakarta-el-api <unfixed> (unimportant; bug #989259)
+ NOTE: https://github.com/eclipse-ee4j/el-ri/issues/155
+ NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
+ NOTE: Only affects the EL reference implementation which isn't built into the binary packages
+CVE-2021-28169 (For Eclipse Jetty versions &lt;= 9.4.40, &lt;= 10.0.2, &lt;= 11.0.2, i ...)
+ {DSA-4949-1 DLA-2688-1}
+ - jetty9 9.4.39-2 (bug #989999)
+ - jetty8 <removed>
+ - jetty <removed>
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq
+ NOTE: https://github.com/eclipse/jetty.project/issues/6263
+ NOTE: https://github.com/eclipse/jetty.project/commit/1c05b0bcb181c759e98b060bded0b9376976b055 (v9.4.41)
+CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...)
+ NOT-FOR-US: Eclipse Jersey
+CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...)
+ NOT-FOR-US: Eclipse OpenJ9
+CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...)
+ - mosquitto 2.0.10-1 (bug #986701)
+ [bullseye] - mosquitto <no-dsa> (Minor issue)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
+CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...)
+ {DSA-4949-1}
+ - jetty9 9.4.39-1
+ [stretch] - jetty9 <ignored> (Minor issue, cpu-spin DoS w/o service outage, no patch for 9.2 while 9.4 refactoring in core SSL code)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
+ NOTE: https://github.com/eclipse/jetty.project/issues/6072
+ NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/af289dcaedcddcc6b23bc73ddc20363c34338412 (jetty-9.4.x)
+ NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/705e5e9a6a00fd3a533695bae8915b0295a4f879 (jetty-9.4.x)
+CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...)
+ - jetty9 9.4.39-1
+ [buster] - jetty9 <not-affected> (Vulnerable code introduced later)
+ [stretch] - jetty9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
+ NOTE: https://github.com/eclipse/jetty.project/commit/e412c8a15b3334b30193f40412c0fbc47e478e83
+ NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/20ef71fe5d709a90c2a5698834fff07b9b4e7ad7 (jetty-9.4.37.v20210219)
+CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...)
+ - jetty9 9.4.39-1
+ [buster] - jetty9 <not-affected> (Vulnerable code was introduced later)
+ [stretch] - jetty9 <not-affected> (Vulnerable code introduced in 9.4.32 according to upstream advisory, reproducer no-op)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
+ NOTE: https://github.com/eclipse/jetty.project/commit/37fffb1722604da1763d8a096ec5c5fb41ea0633
+CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-28160 (Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected ...)
+ NOT-FOR-US: Acexy (BoyaMicro) Wireless-N WiFi Repeater
+CVE-2021-28159
+ RESERVED
+CVE-2021-28158
+ RESERVED
+CVE-2021-28157 (An SQL Injection issue in Devolutions Server before 2021.1 and Devolut ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-28156 (HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be ...)
+ - consul <not-affected> (Only affects Enterprise version)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950492
+ NOTE: https://github.com/hashicorp/consul/pull/10030
+CVE-2021-28155 (The Bluetooth Classic implementation on JBL TUNE500BT devices does not ...)
+ NOT-FOR-US: JBL TUNE500BT
+CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...)
+ NOT-FOR-US: Camunda Modeler
+CVE-2021-28152 (Hongdian H8922 3.0.5 devices have an undocumented feature that allows ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28151 (Hongdian H8922 3.0.5 devices allow OS command injection via shell meta ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28150 (Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28149 (Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_downl ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28148 (One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...)
+ - grafana <removed>
+CVE-2021-28147 (The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x bef ...)
+ - grafana <removed>
+CVE-2021-28146 (The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ...)
+ - grafana <removed>
+CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...)
+ - glib2.0 2.66.7-2 (bug #984969)
+ [buster] - glib2.0 2.58.3-2+deb10u3
+ [stretch] - glib2.0 <postponed> (Minor issue, directory traversal exploitable in file-roller)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
+CVE-2021-3435
+ RESERVED
+CVE-2021-3434
+ RESERVED
+CVE-2021-3433
+ RESERVED
+CVE-2021-3432
+ RESERVED
+CVE-2021-3431
+ RESERVED
+CVE-2021-3430
+ RESERVED
+CVE-2021-3429
+ RESERVED
+ {DLA-2601-1}
+ - cloud-init 20.4.1-2 (bug #985540)
+ [buster] - cloud-init 20.2-2~deb10u2
+ NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
+CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
+ RESERVED
+ {DLA-2689-1 DLA-2610-1}
+ - linux 5.8.7-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
+CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote authentic ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...)
+ NOT-FOR-US: CITSmart
+CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...)
+ NOT-FOR-US: Telerik
+CVE-2021-28140
+ RESERVED
+CVE-2021-28139 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...)
+ NOT-FOR-US: Espressif
+CVE-2021-28138
+ RESERVED
+CVE-2021-28137
+ RESERVED
+CVE-2021-28136 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...)
+ NOT-FOR-US: Espressif
+CVE-2021-28135 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...)
+ NOT-FOR-US: Espressif
+CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...)
+ NOT-FOR-US: Clipper
+CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...)
+ NOT-FOR-US: Zoom
+CVE-2021-3427
+ RESERVED
+CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated ...)
+ NOT-FOR-US: LUCY Security Awareness Software
+CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session is not ...)
+ NOT-FOR-US: Apache Impala
+CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applicati ...)
+ NOT-FOR-US: Dr.Web Firewall
+CVE-2021-28129 (While working on Apache OpenOffice 4.1.8 a developer discovered that t ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...)
+ NOT-FOR-US: Strapi
+CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...)
+ NOT-FOR-US: Stormshield SNS
+CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...)
+ NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
+CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-28124 (A man-in-the-middle vulnerability in Cohesity DataPlatform support cha ...)
+ NOT-FOR-US: Cohesity DataPlatform support channel
+CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in Cohesity DataP ...)
+ NOT-FOR-US: Cohesity DataPlatform
+CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-28121 (Virtual Robots.txt before 1.10 does not block HTML tags in the robots. ...)
+ NOT-FOR-US: Virtual Robots.txt
+CVE-2021-28120
+ RESERVED
+CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...)
+ NOT-FOR-US: Twinkle Tray
+CVE-2021-28118
+ RESERVED
+CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before ...)
+ - plasma-discover 5.20.5-3
+ [buster] - plasma-discover <not-affected> (Vulnerable code introduced later)
+ [stretch] - plasma-discover <not-affected> (Vulnerable code introduced later)
+ NOTE: https://kde.org/info/security/advisory-20210310-1.txt
+ NOTE: Introduced in: https://invent.kde.org/plasma/discover/8bea95730eabb439b0528da01fb1e0cc6fe179b7
+ NOTE: Plasma 5.21: https://commits.kde.org/plasma/discover/94478827aab63d2e2321f0ca9ec5553718798e60
+ NOTE: Plasma 5.18: https://commits.kde.org/plasma/discover/fcd3b30552bf03a384b1a16f9bb8db029c111356
+CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...)
+ - squid 5.2-1 (bug #986804)
+ [bullseye] - squid <postponed> (Minor issue)
+ [buster] - squid <postponed> (Minor issue)
+ - squid3 <removed>
+ [stretch] - squid3 <postponed> (Check later when information is public)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-11610/
+ NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=5131
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/04/1
+ NOTE: Squid4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_12.patch
+ NOTE: Squid5: http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a73a54cefff6bb83c03de219a73276e42d183d0.patch
+CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...)
+ NOT-FOR-US: MyBB addon
+CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...)
+ NOT-FOR-US: Froala WYSIWYG Editor
+CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain ...)
+ NOT-FOR-US: Okta Access Gateway
+CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...)
+ NOT-FOR-US: Draeger X-Dock Firmware
+CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, le ...)
+ NOT-FOR-US: Draeger X-Dock Firmware
+CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...)
+ NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
+CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...)
+ NOT-FOR-US: TranzWare (POI) FIMI
+CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier Authent ...)
+ {DLA-2625-1}
+ - courier-authlib 0.71.1-2 (bug #984810)
+ [buster] - courier-authlib <no-dsa> (Minor issue)
+ NOTE: Re-introduction of #378571 while migrating from debian/permissions to
+ NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
+CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...)
+ {DLA-2619-1}
+ [experimental] - python3.9 3.9.3-1
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python2.7 <not-affected> (Vulnerable code not present)
+ - pypy3 7.3.3+dfsg-4
+ [buster] - pypy3 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue42988
+ NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048
+ NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html
+ NOTE: https://github.com/python/cpython/pull/24337
+ NOTE: https://github.com/python/cpython/pull/24285
+CVE-2021-3425 (A flaw was found in the AMQ Broker that discloses JDBC encrypted usern ...)
+ NOT-FOR-US: Red Hat AMQ Broker
+CVE-2021-28108
+ RESERVED
+CVE-2021-28107
+ RESERVED
+CVE-2021-28106
+ RESERVED
+CVE-2021-28105
+ RESERVED
+CVE-2021-28104
+ RESERVED
+CVE-2021-28103
+ RESERVED
+CVE-2021-28102
+ RESERVED
+CVE-2021-28101
+ RESERVED
+CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on that fi ...)
+ NOT-FOR-US: Priam
+CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run before cr ...)
+ NOT-FOR-US: Hollow
+CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...)
+ NOT-FOR-US: Forescout CounterACT
+CVE-2021-28097
+ RESERVED
+CVE-2021-28096 (An issue was discovered in Stormshield SNS before 4.2.3 (when the prox ...)
+ NOT-FOR-US: Stormshield SNS
+CVE-2021-28095 (OX Documents before 7.10.5-rev5 has Incorrect Access Control for docum ...)
+ NOT-FOR-US: OX Documents
+CVE-2021-28094 (OX Documents before 7.10.5-rev7 has Incorrect Access Control for conve ...)
+ NOT-FOR-US: OX Documents
+CVE-2021-28093 (OX Documents before 7.10.5-rev5 has Incorrect Access Control of conver ...)
+ NOT-FOR-US: OX Documents
+CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expr ...)
+ NOT-FOR-US: Node is-svg
+CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of a crypt ...)
+ {DSA-4926-1 DLA-2684-1}
+ - lasso 2.6.1-3
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
+ NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
+ NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html
+ NOTE: https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a
+CVE-2021-28090 (Tor before 0.4.5.7 allows a remote attacker to cause Tor directory aut ...)
+ {DSA-4871-1}
+ - tor 0.4.5.7-1
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2009
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40316
+CVE-2021-28089 (Tor before 0.4.5.7 allows a remote participant in the Tor directory pr ...)
+ {DSA-4871-1}
+ - tor 0.4.5.7-1
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2009
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40286
+CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4868-1}
+ - flatpak 1.10.1-4 (bug #984859)
+ [stretch] - flatpak <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/flatpak/flatpak/issues/4146
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
+CVE-2021-28088 (Cross-site scripting (XSS) in modules/content/admin/content.php in Imp ...)
+ NOT-FOR-US: ImpressCMS
+CVE-2021-28087
+ RESERVED
+CVE-2021-28086
+ RESERVED
+CVE-2021-28085
+ RESERVED
+CVE-2021-28084
+ RESERVED
+CVE-2021-28083
+ RESERVED
+CVE-2021-28082
+ RESERVED
+CVE-2021-28081
+ RESERVED
+CVE-2021-28080
+ RESERVED
+CVE-2021-28079 (Jamovi &lt;=1.6.18 is affected by a cross-site scripting (XSS) vulnera ...)
+ NOT-FOR-US: Jamovi
+CVE-2021-28078
+ RESERVED
+CVE-2021-28077
+ RESERVED
+CVE-2021-28076
+ RESERVED
+CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...)
+ NOT-FOR-US: iKuaiOS
+CVE-2021-28074
+ RESERVED
+CVE-2021-28073
+ RESERVED
+CVE-2021-28072
+ RESERVED
+CVE-2021-28071
+ RESERVED
+CVE-2021-28070 (Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0 ...)
+ NOT-FOR-US: PopojiCMS
+CVE-2021-28069
+ RESERVED
+CVE-2021-28068
+ RESERVED
+CVE-2021-28067
+ RESERVED
+CVE-2021-28066
+ RESERVED
+CVE-2021-28065
+ RESERVED
+CVE-2021-28064
+ RESERVED
+CVE-2021-28063
+ RESERVED
+CVE-2021-28062
+ RESERVED
+CVE-2021-28061
+ RESERVED
+CVE-2021-28060 (A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4 ...)
+ NOT-FOR-US: Group Office
+CVE-2021-28059
+ RESERVED
+CVE-2021-28058
+ RESERVED
+CVE-2021-28057
+ RESERVED
+CVE-2021-28056
+ RESERVED
+CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-28052
+ RESERVED
+CVE-2021-28051
+ RESERVED
+CVE-2021-28050
+ RESERVED
+CVE-2021-28049
+ RESERVED
+CVE-2021-28048 (An overly permissive CORS policy in Devolutions Server before 2021.1 a ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-28047 (Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Re ...)
+ NOT-FOR-US: Devolutions Remote Desktop Manager
+CVE-2021-28046
+ RESERVED
+CVE-2021-28045
+ RESERVED
+CVE-2021-28044
+ RESERVED
+CVE-2021-28043
+ RESERVED
+CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
+ NOT-FOR-US: Deutsche Post Mailoptimizer
+CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
+ - openssh 1:8.4p1-5 (bug #984940)
+ [buster] - openssh <not-affected> (Vulnerable code introduced later)
+ [stretch] - openssh <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/03/1
+ NOTE: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
+ NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig
+CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...)
+ - ossec-hids <itp> (bug #361954)
+CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...)
+ NOT-FOR-US: Rust crate internment
+CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...)
+ NOT-FOR-US: Rust crate quinn
+CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...)
+ NOT-FOR-US: Rust crate stack_dst
+CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...)
+ NOT-FOR-US: Rust crate stack_dst
+CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...)
+ NOT-FOR-US: Rust crate byte_struct
+CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...)
+ NOT-FOR-US: Rust crate nano_arena
+CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...)
+ NOT-FOR-US: Rust crate scratchpad
+CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust. ...)
+ NOT-FOR-US: Rust crate truetype
+CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...)
+ NOT-FOR-US: Rust crate toodee
+CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...)
+ NOT-FOR-US: Rust crate toodee
+CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There ...)
+ NOT-FOR-US: Rust crate bam
+CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...)
+ - jpeg-xl <itp> (bug #948862)
+CVE-2021-28025
+ RESERVED
+CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk ...)
+ NOT-FOR-US: ServiceTonic
+CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...)
+ NOT-FOR-US: ServiceTonic
+CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk softwar ...)
+ NOT-FOR-US: ServiceTonic
+CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...)
+ - libstb <undetermined>
+ NOTE: https://github.com/nothings/stb/issues/1108
+ NOTE: https://github.com/nothings/stb/commit/86b7570cfba845e8209c6aec2d15e487bb1d8bb4
+ TODO: check libstb itself, and various packages embedd a copy
+CVE-2021-28020
+ RESERVED
+CVE-2021-28019
+ RESERVED
+CVE-2021-28018
+ RESERVED
+CVE-2021-28017
+ RESERVED
+CVE-2021-28016
+ RESERVED
+CVE-2021-28015
+ RESERVED
+CVE-2021-28014
+ RESERVED
+CVE-2021-28013
+ RESERVED
+CVE-2021-28012
+ RESERVED
+CVE-2021-28011
+ RESERVED
+CVE-2021-28010
+ RESERVED
+CVE-2021-28009
+ RESERVED
+CVE-2021-28008
+ RESERVED
+CVE-2021-28007 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
+ NOT-FOR-US: Web Based Quiz System
+CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
+ NOT-FOR-US: Web Based Quiz System
+CVE-2021-28005
+ RESERVED
+CVE-2021-28004
+ RESERVED
+CVE-2021-28003
+ RESERVED
+CVE-2021-28002 (A persistent cross-site scripting vulnerability was discovered in the ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2021-28001 (A cross-site scripting vulnerability was discovered in the Comments pa ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2021-28000 (A persistent cross-site scripting vulnerability was discovered in Loca ...)
+ NOT-FOR-US: Local Services Search Engine Management System Project
+CVE-2021-27999 (A SQL injection vulnerability was discovered in the editid parameter i ...)
+ NOT-FOR-US: Local Services Search Engine Management System Project
+CVE-2021-27998
+ RESERVED
+CVE-2021-27997
+ RESERVED
+CVE-2021-27996
+ RESERVED
+CVE-2021-27995
+ RESERVED
+CVE-2021-27994
+ RESERVED
+CVE-2021-27993
+ RESERVED
+CVE-2021-27992
+ RESERVED
+CVE-2021-27991
+ RESERVED
+CVE-2021-27990 (Appspace 6.2.4 is vulnerable to a broken authentication mechanism wher ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27989 (Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in m ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27988
+ RESERVED
+CVE-2021-27987
+ RESERVED
+CVE-2021-27986
+ RESERVED
+CVE-2021-27985
+ RESERVED
+CVE-2021-27984 (In Pluck-4.7.15 admin background a remote command execution vulnerabil ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-27983 (Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 ...)
+ NOT-FOR-US: MaxSite CMS
+CVE-2021-27982
+ RESERVED
+CVE-2021-27981
+ RESERVED
+CVE-2021-27980
+ RESERVED
+CVE-2021-27979
+ RESERVED
+CVE-2021-27978
+ RESERVED
+CVE-2021-27977
+ RESERVED
+CVE-2021-27976
+ RESERVED
+CVE-2021-27975
+ RESERVED
+CVE-2021-27974
+ RESERVED
+CVE-2021-27973 (SQL injection exists in Piwigo before 11.4.0 via the language paramete ...)
+ - piwigo <removed>
+CVE-2021-27972
+ RESERVED
+CVE-2021-27971 (Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injec ...)
+ NOT-FOR-US: Alps Alpine Touchpad Driver
+CVE-2021-27970
+ RESERVED
+CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...)
+ NOT-FOR-US: Dolphin CMS
+CVE-2021-27968
+ RESERVED
+CVE-2021-27967
+ RESERVED
+CVE-2021-27966
+ RESERVED
+CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...)
+ NOT-FOR-US: MSI Dragon Center
+CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...)
+ NOT-FOR-US: SonLogger
+CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...)
+ NOT-FOR-US: SonLogger
+CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...)
+ - grafana <removed>
+CVE-2021-27961
+ RESERVED
+CVE-2021-27960
+ RESERVED
+CVE-2021-27959
+ RESERVED
+CVE-2021-27958
+ RESERVED
+CVE-2021-27957
+ RESERVED
+CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-27955
+ RESERVED
+CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the ecobee3 lite ...)
+ NOT-FOR-US: ecobee3
+CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3 lite 4. ...)
+ NOT-FOR-US: ecobee3
+CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.20 ...)
+ NOT-FOR-US: ecobee3
+CVE-2021-27951
+ RESERVED
+CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through ...)
+ NOT-FOR-US: Sita AzurCMS
+CVE-2021-27949 (Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom mo ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27948 (SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (is ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27947 (SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum f ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27945 (The Squirro Insights Engine was affected by a Reflected Cross-Site Scr ...)
+ NOT-FOR-US: Squirro Insights Engine
+CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...)
+ - linux 5.10.24-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-369.html
+CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-367.html
+CVE-2021-3422
+ RESERVED
+CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...)
+ - rpm 4.16.1.2+dfsg1-1 (bug #985308)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747
+CVE-2021-27944 (Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E ...)
+ NOT-FOR-US: Vizio
+CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 ...)
+ NOT-FOR-US: Vizio
+CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...)
+ NOT-FOR-US: Vizio
+CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...)
+ NOT-FOR-US: eWeLink mobile application
+CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...)
+ NOT-FOR-US: openark
+CVE-2021-27939
+ RESERVED
+CVE-2021-27938 (A vulnerability has been identified in the Silverstripe CMS 3 and 4 ve ...)
+ NOT-FOR-US: Silverstripe CMS
+CVE-2021-27937
+ RESERVED
+CVE-2021-27936
+ RESERVED
+CVE-2021-27935 (An issue was discovered in AdGuard before 0.105.2. An attacker able to ...)
+ NOT-FOR-US: AdGuard
+CVE-2021-27934
+ RESERVED
+CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...)
+ NOT-FOR-US: pfSense
+CVE-2021-27932
+ RESERVED
+CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...)
+ NOT-FOR-US: LumisXP (aka Lumis Experience Platform)
+CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which ...)
+ NOT-FOR-US: IrisNext
+CVE-2021-27929
+ RESERVED
+CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10 ...)
+ {DLA-2605-1}
+ - mariadb-10.5 1:10.5.9-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.29-0+deb10u1
+ - mariadb-10.1 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25179
+ NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
+CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...)
+ - zabbix 1:5.0.8+dfsg-1
+ [buster] - zabbix <no-dsa> (Minor issue)
+ [stretch] - zabbix <not-affected> (Vulnerable code introduced later)
+ NOTE: https://support.zabbix.com/browse/ZBX-18942
+ NOTE: CControllerAuthenticationUpdate introduced by authentication revamp in https://support.zabbix.com/browse/ZBXNEXT-4573 (4.0)
+CVE-2021-27926
+ RESERVED
+CVE-2021-27925 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6. ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-27924 (An issue was discovered in Couchbase Server 6.x through 6.6.1. The Cou ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ - pillow 8.1.2-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <ignored> (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
+CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ - pillow 8.1.2-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <ignored> (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
+CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ - pillow 8.1.2-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
+ NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/adaa70357662a11cd4b7c0beddaad4e92164c5d9 (5.1.0)
+CVE-2021-27920
+ RESERVED
+CVE-2021-27919 (archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a den ...)
+ - golang-1.16 1.16.3-1
+ - golang-1.15 <not-affected> (Only affects 1.16)
+ NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
+ NOTE: https://github.com/golang/go/issues/44916
+CVE-2021-27918 (encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infin ...)
+ - golang-1.16 1.16.3-1
+ - golang-1.15 1.15.9-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS)
+ NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
+ NOTE: https://github.com/golang/go/issues/44913
+CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
+ - newlib <unfixed> (bug #984446)
+ [bullseye] - newlib <no-dsa> (Minor issue)
+ [buster] - newlib <no-dsa> (Minor issue)
+ [stretch] - newlib <no-dsa> (Minor issue)
+ - picolibc 1.5-1
+ - libnewlib-nano <removed> (bug #984424)
+ [buster] - libnewlib-nano <no-dsa> (Minor issue)
+ NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
+ NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
+CVE-2021-27917
+ RESERVED
+CVE-2021-27916
+ RESERVED
+CVE-2021-27915
+ RESERVED
+CVE-2021-27914
+ RESERVED
+CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27911 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27910 (Insufficient sanitization / filtering allows for arbitrary JavaScript ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27909 (For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerabilit ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exception whil ...)
+ - libpdfbox2-java 2.0.23-1 (bug #986008)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <not-affected> (Only affects 2.x)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10
+ NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112
+ NOTE: https://github.com/apache/pdfbox/commit/8c47be1011c11dc47300faecffd8ab32fba3646f
+CVE-2021-27905 (The ReplicationHandler (normally registered at "/replication" under a ...)
+ - lucene-solr 3.6.2+dfsg-23
+ [buster] - lucene-solr <ignored> (Minor issue)
+ [stretch] - lucene-solr <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E
+ NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version
+CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in MISP 2. ...)
+ NOT-FOR-US: MISP
+CVE-2021-27903 (An issue was discovered in Craft CMS before 3.6.7. In some circumstanc ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-27902 (An issue was discovered in Craft CMS before 3.6.0. In some circumstanc ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-27901 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-27900 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2021-27899 (The Proofpoint Insider Threat Management Agents (formerly ObserveIT Ag ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Agents
+CVE-2021-27898
+ RESERVED
+CVE-2021-27897
+ RESERVED
+CVE-2021-27896
+ RESERVED
+CVE-2021-27895
+ RESERVED
+CVE-2021-27894
+ RESERVED
+CVE-2021-27893 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...)
+ NOT-FOR-US: SSH Tectia Client and Server
+CVE-2021-27892 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...)
+ NOT-FOR-US: SSH Tectia Client and Server
+CVE-2021-27891 (SSH Tectia Client and Server before 6.4.19 on Windows have weak key ge ...)
+ NOT-FOR-US: SSH Tectia Client and Server
+CVE-2021-27890 (SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nes ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...)
+ NOT-FOR-US: ZendTo
+CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...)
+ NOT-FOR-US: Ellipse APM
+CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...)
+ NOT-FOR-US: rakibtg Docker Dashboard
+CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...)
+ NOT-FOR-US: e107
+CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...)
+ NOT-FOR-US: YMFE YApi
+CVE-2021-27883
+ RESERVED
+CVE-2021-27882
+ RESERVED
+CVE-2021-27881
+ RESERVED
+CVE-2021-27880
+ RESERVED
+CVE-2021-27879
+ RESERVED
+CVE-2021-27878 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...)
+ NOT-FOR-US: Veritas
+CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It support ...)
+ NOT-FOR-US: Veritas
+CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...)
+ NOT-FOR-US: Veritas
+CVE-2021-3419
+ REJECTED
+CVE-2021-3418 (If certificates that signed grub are installed into db, grub can be bo ...)
+ - grub2 <not-affected> (Vulnerability specific to distributions using shim_lock)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933757
+CVE-2021-27875
+ RESERVED
+CVE-2021-27874
+ RESERVED
+CVE-2021-27873
+ RESERVED
+CVE-2021-27872
+ RESERVED
+CVE-2021-27871
+ RESERVED
+CVE-2021-27870
+ RESERVED
+CVE-2021-27869
+ RESERVED
+CVE-2021-27868
+ RESERVED
+CVE-2021-27867
+ RESERVED
+CVE-2021-27866
+ RESERVED
+CVE-2021-27865
+ RESERVED
+CVE-2021-27864
+ RESERVED
+CVE-2021-27863
+ RESERVED
+CVE-2021-27862
+ RESERVED
+CVE-2021-27861
+ RESERVED
+CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27859 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27858 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27857 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27854
+ RESERVED
+CVE-2021-27853
+ RESERVED
+CVE-2021-27852 (Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of ...)
+ NOT-FOR-US: Checkbox Survey
+CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability was fou ...)
+ NOT-FOR-US: Apache Tapestry
+CVE-2021-27849
+ RESERVED
+CVE-2021-27848
+ RESERVED
+CVE-2021-27847 (Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_ ...)
+ - vips 8.8.3-1
+ [buster] - vips <no-dsa> (Minor issue)
+ [stretch] - vips <no-dsa> (Minor issue)
+ NOTE: https://github.com/libvips/libvips/issues/1236
+ NOTE: https://github.com/libvips/libvips/commit/2fb81b8ed6a4a6b2385f3efbb0412f24f80163c4 (v8.8.0-rc1)
+ NOTE: https://github.com/libvips/libvips/commit/65a259a0258b2036b168cdeff6e9db434471225a (v8.8.0-rc1)
+CVE-2021-27846
+ RESERVED
+CVE-2021-27845 (A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2 ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/194
+CVE-2021-27844
+ RESERVED
+CVE-2021-27843
+ RESERVED
+CVE-2021-27842
+ RESERVED
+CVE-2021-27841
+ RESERVED
+CVE-2021-27840
+ RESERVED
+CVE-2021-27839 (A CSV injection vulnerability found in Online Invoicing System (OIS) 4 ...)
+ NOT-FOR-US: Online Invoicing System (OIS)
+CVE-2021-27838
+ RESERVED
+CVE-2021-27837
+ RESERVED
+CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in ...)
+ - r-cran-readxl <unfixed> (unimportant)
+ NOTE: https://github.com/libxls/libxls/issues/94
+ NOTE: Negligible security impact
+CVE-2021-27835
+ RESERVED
+CVE-2021-27834
+ RESERVED
+CVE-2021-27833
+ RESERVED
+CVE-2021-27832
+ RESERVED
+CVE-2021-27831
+ RESERVED
+CVE-2021-27830
+ RESERVED
+CVE-2021-27829
+ RESERVED
+CVE-2021-27828 (SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify o ...)
+ NOT-FOR-US: In4Suite ERP
+CVE-2021-27827
+ RESERVED
+CVE-2021-27826
+ RESERVED
+CVE-2021-27825
+ RESERVED
+CVE-2021-27824
+ RESERVED
+CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...)
+ NOT-FOR-US: NetWave
+CVE-2021-27822 (A persistent cross site scripting (XSS) vulnerability in the Add Categ ...)
+ NOT-FOR-US: Vehicle Parking Management System
+CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...)
+ NOT-FOR-US: OpenWRT LuCI
+CVE-2021-27820
+ RESERVED
+CVE-2021-27819
+ RESERVED
+CVE-2021-27818
+ RESERVED
+CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows an att ...)
+ NOT-FOR-US: shopxo
+CVE-2021-27816
+ RESERVED
+CVE-2021-27815 (NULL Pointer Deference in the exif command line tool, when printing ou ...)
+ - exif <unfixed> (unimportant)
+ NOTE: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
+ NOTE: https://github.com/libexif/exif/issues/4
+CVE-2021-27814
+ RESERVED
+CVE-2021-27813
+ RESERVED
+CVE-2021-27812
+ RESERVED
+CVE-2021-27811 (A code injection vulnerability has been discovered in the Upgrade func ...)
+ NOT-FOR-US: QibosoftX1
+CVE-2021-27810
+ RESERVED
+CVE-2021-27809
+ RESERVED
+CVE-2021-27808
+ RESERVED
+CVE-2021-27807 (A carefully crafted PDF file can trigger an infinite loop while loadin ...)
+ - libpdfbox2-java 2.0.23-1 (bug #986006)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <not-affected> (Only affects 2.x)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/9
+CVE-2021-27806
+ RESERVED
+CVE-2021-27805
+ RESERVED
+CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...)
+ - jpeg-xl <itp> (bug #948862)
+CVE-2021-27802
+ REJECTED
+CVE-2021-27801
+ RESERVED
+CVE-2021-27800
+ RESERVED
+CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 ...)
+ - zint 2.9.1-1.1 (bug #983610)
+ NOTE: https://sourceforge.net/p/zint/tickets/218/
+ NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
+CVE-2021-27798
+ RESERVED
+CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...)
+ NOT-FOR-US: Brocade
+CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...)
+ NOT-FOR-US: Brocade
+CVE-2021-27795
+ RESERVED
+CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade Fabric O ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27792 (The request handling functions in web management interface of Brocade ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27791 (The function that is used to parse the Authentication header in Brocad ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9 ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27789
+ RESERVED
+CVE-2021-27788
+ RESERVED
+CVE-2021-27787
+ RESERVED
+CVE-2021-27786
+ RESERVED
+CVE-2021-27785
+ RESERVED
+CVE-2021-27784
+ RESERVED
+CVE-2021-27783
+ RESERVED
+CVE-2021-27782
+ RESERVED
+CVE-2021-27781
+ RESERVED
+CVE-2021-27780
+ RESERVED
+CVE-2021-27779
+ RESERVED
+CVE-2021-27778
+ RESERVED
+CVE-2021-27777
+ RESERVED
+CVE-2021-27776
+ RESERVED
+CVE-2021-27775
+ RESERVED
+CVE-2021-27774
+ RESERVED
+CVE-2021-27773
+ RESERVED
+CVE-2021-27772
+ RESERVED
+CVE-2021-27771
+ RESERVED
+CVE-2021-27770
+ RESERVED
+CVE-2021-27769
+ RESERVED
+CVE-2021-27768
+ RESERVED
+CVE-2021-27767
+ RESERVED
+CVE-2021-27766
+ RESERVED
+CVE-2021-27765
+ RESERVED
+CVE-2021-27764
+ RESERVED
+CVE-2021-27763
+ RESERVED
+CVE-2021-27762
+ RESERVED
+CVE-2021-27761
+ RESERVED
+CVE-2021-27760
+ RESERVED
+CVE-2021-27759
+ RESERVED
+CVE-2021-27758
+ RESERVED
+CVE-2021-27757
+ RESERVED
+CVE-2021-27756
+ RESERVED
+CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...)
+ NOT-FOR-US: HCL
+CVE-2021-27754
+ RESERVED
+CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...)
+ NOT-FOR-US: HCL
+CVE-2021-27752
+ RESERVED
+CVE-2021-27751
+ RESERVED
+CVE-2021-27750
+ RESERVED
+CVE-2021-27749
+ RESERVED
+CVE-2021-27748
+ RESERVED
+CVE-2021-27747
+ RESERVED
+CVE-2021-27746 ("HCL Connections Security Update for Reflected Cross-Site Scripting (X ...)
+ NOT-FOR-US: HCL
+CVE-2021-27745
+ RESERVED
+CVE-2021-27744
+ RESERVED
+CVE-2021-27743
+ RESERVED
+CVE-2021-27742
+ RESERVED
+CVE-2021-27741 (" Security vulnerability in HCL Commerce Management Center allowing XM ...)
+ NOT-FOR-US: HCL
+CVE-2021-27740
+ RESERVED
+CVE-2021-27739
+ RESERVED
+CVE-2021-27738 (All request mappings in `StreamingCoordinatorController.java` handling ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...)
+ - trafficserver <not-affected> (Only affects 9.x)
+CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...)
+ {DSA-4898-1 DLA-2581-1}
+ - wpa 2:2.9.0-21
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
+ NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
+ NOTE: https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
+CVE-2021-3417 (An internal product security audit of LXCO, prior to version 1.2.2, di ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in variou ...)
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-9 (bug #984448)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=331d2ac9ea307c990dc86e6493e8f0c48d14bb33
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1caff0340f49c93d535c6558a5138d20d475315c
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=705df5466c98f3efdd2b68d3b31dad86858acad7
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=37cee01784ff0df13e5209517e1b3594a5e792d1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=26194a58f4eb83c5bdf4061a1628508084450ba1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73
+CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a for ...)
+ NOT-FOR-US: fusionauth-samlv2
+CVE-2021-27735
+ RESERVED
+CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...)
+ NOT-FOR-US: Hirschmann HiOS
+CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-27732
+ RESERVED
+CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS via a cra ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27730 (Accellion FTA 9_12_432 and earlier is affected by argument injection v ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27729
+ RESERVED
+CVE-2021-27728
+ RESERVED
+CVE-2021-27727
+ RESERVED
+CVE-2021-27726
+ RESERVED
+CVE-2021-27725
+ RESERVED
+CVE-2021-27724
+ RESERVED
+CVE-2021-27723
+ REJECTED
+CVE-2021-27722 (An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The progr ...)
+ NOT-FOR-US: Nsasoft US LLC SpotAuditor
+CVE-2021-27721
+ RESERVED
+CVE-2021-27720
+ RESERVED
+CVE-2021-27719
+ RESERVED
+CVE-2021-27718
+ RESERVED
+CVE-2021-27717
+ RESERVED
+CVE-2021-27716
+ RESERVED
+CVE-2021-27715
+ RESERVED
+CVE-2021-27714
+ RESERVED
+CVE-2021-27713
+ RESERVED
+CVE-2021-27712
+ RESERVED
+CVE-2021-27711
+ RESERVED
+CVE-2021-27710 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
+ NOT-FOR-US: TOTOLINK X5000R router
+CVE-2021-27709
+ RESERVED
+CVE-2021-27708 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
+ NOT-FOR-US: TOTOLINK X5000R router
+CVE-2021-27707 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.1 ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-27704
+ RESERVED
+CVE-2021-27703
+ RESERVED
+CVE-2021-27702
+ RESERVED
+CVE-2021-27701
+ RESERVED
+CVE-2021-27700
+ RESERVED
+CVE-2021-27699
+ RESERVED
+CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-27696
+ RESERVED
+CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...)
+ NOT-FOR-US: openMAINT
+CVE-2021-27694
+ RESERVED
+CVE-2021-27693
+ RESERVED
+CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware versions v1 ...)
+ NOT-FOR-US: Tenda
+CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions v15.11.0. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-27690
+ RESERVED
+CVE-2021-27689
+ RESERVED
+CVE-2021-27688
+ RESERVED
+CVE-2021-27687
+ RESERVED
+CVE-2021-27686
+ RESERVED
+CVE-2021-27685
+ RESERVED
+CVE-2021-27684
+ RESERVED
+CVE-2021-27683
+ RESERVED
+CVE-2021-27682
+ RESERVED
+CVE-2021-27681
+ RESERVED
+CVE-2021-27680
+ RESERVED
+CVE-2021-27679 (Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS ...)
+ NOT-FOR-US: Batflat CMS
+CVE-2021-27678 (Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1. ...)
+ NOT-FOR-US: Batflat CMS
+CVE-2021-27677 (Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1 ...)
+ NOT-FOR-US: Batflat CMS
+CVE-2021-27676 (Centreon version 20.10.2 is affected by a cross-site scripting (XSS) v ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-27675
+ RESERVED
+CVE-2021-27674
+ RESERVED
+CVE-2021-27673 (Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of ...)
+ NOT-FOR-US: Tribal Systems Zenario CMS
+CVE-2021-27672 (SQL Injection in the "admin_boxes.ajax.php" component of Tribal System ...)
+ NOT-FOR-US: Tribal Systems Zenario CMS
+CVE-2021-27671 (An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS ...)
+ NOT-FOR-US: comrak rust crate
+CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27669
+ RESERVED
+CVE-2021-27668 (HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of lic ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-27667
+ RESERVED
+CVE-2021-27666
+ RESERVED
+ NOT-FOR-US: Android
+CVE-2021-27665 (An unauthenticated remote user could exploit a potential integer overf ...)
+ NOT-FOR-US: Johnson Controls
+CVE-2021-27664 (Under certain configurations an unauthenticated remote user could be g ...)
+ NOT-FOR-US: exacqVision
+CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...)
+ NOT-FOR-US: Johnson Controls
+CVE-2021-27662 (The KT-1 door controller is susceptible to replay or man-in-the-middle ...)
+ NOT-FOR-US: KT-1 door controller
+CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
+ NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller
+CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...)
+ NOT-FOR-US: C-CURE 9000
+CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter, ...)
+ NOT-FOR-US: exacqVision Web Service
+CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...)
+ NOT-FOR-US: exacqVision Enterprise Manager
+CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...)
+ NOT-FOR-US: Johnson Controls Metasys
+CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
+ NOT-FOR-US: exacqVision Web Service
+CVE-2021-27655
+ RESERVED
+CVE-2021-27654 (Forgotten password reset functionality for local accounts can be used ...)
+ NOT-FOR-US: Pega
+CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...)
+ NOT-FOR-US: Pega
+CVE-2021-27652
+ RESERVED
+CVE-2021-27651 (In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset f ...)
+ NOT-FOR-US: Pega
+CVE-2021-3415
+ RESERVED
+CVE-2021-27650
+ RESERVED
+CVE-2021-27649 (Use after free vulnerability in file transfer protocol component in Sy ...)
+ NOT-FOR-US: Synology
+CVE-2021-27648 (Externally controlled reference to a resource in another sphere in qua ...)
+ NOT-FOR-US: Synology
+CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...)
+ NOT-FOR-US: Synology
+CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...)
+ NOT-FOR-US: Synology
+CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...)
+ - glibc 2.31-10 (bug #983479)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27462
+ NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1 (glibc-2.29)
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673
+ NOTE: Introducing commit present in Debian since 2.28-1 with addition of
+ NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
+CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...)
+ NOT-FOR-US: Apache DolphinScheduler
+CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27641 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27640 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27639 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27638 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27637 (Under certain conditions SAP Enable Now (SAP Workforce Performance Bui ...)
+ NOT-FOR-US: SAP
+CVE-2021-27636
+ RESERVED
+CVE-2021-27635 (SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, al ...)
+ NOT-FOR-US: SAP
+CVE-2021-27634 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27633 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27632 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27631 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27630 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27629 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27628 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...)
+ NOT-FOR-US: SAP
+CVE-2021-27627 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27626 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27625 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27624 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27623 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27622 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27621 (Information Disclosure vulnerability in UserAdmin application in SAP N ...)
+ NOT-FOR-US: SAP
+CVE-2021-27620 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27619 (SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27618 (The Integration Builder Framework of SAP Process Integration versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27617 (The Integration Builder Framework of SAP Process Integration versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27616 (Under certain conditions, SAP Business One Hana Chef Cookbook, version ...)
+ NOT-FOR-US: SAP
+CVE-2021-27615 (SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does n ...)
+ NOT-FOR-US: SAP
+CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...)
+ NOT-FOR-US: SAP
+CVE-2021-27612 (In specific situations SAP GUI for Windows until and including 7.60 PL ...)
+ NOT-FOR-US: SAP
+CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...)
+ NOT-FOR-US: SAP
+CVE-2021-27610 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, ...)
+ NOT-FOR-US: SAP
+CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
+ NOT-FOR-US: SAP
+CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...)
+ NOT-FOR-US: SAPSetup
+CVE-2021-27607 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...)
+ NOT-FOR-US: SAP
+CVE-2021-27606 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...)
+ NOT-FOR-US: SAP
+CVE-2021-27604 (In order to prevent XML External Entity vulnerability in SAP NetWeaver ...)
+ NOT-FOR-US: SAP
+CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...)
+ NOT-FOR-US: SAP
+CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...)
+ NOT-FOR-US: SAP
+CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a ...)
+ NOT-FOR-US: SAP
+CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...)
+ NOT-FOR-US: SAP
+CVE-2021-27599 (SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Int ...)
+ NOT-FOR-US: SAP
+CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27597 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...)
+ NOT-FOR-US: SAP
+CVE-2021-27595 (When a user opens manipulated Portable Document Format (.PDF) files re ...)
+ NOT-FOR-US: SAP
+CVE-2021-27594 (When a user opens manipulated Windows Bitmap (.BMP) files received fro ...)
+ NOT-FOR-US: SAP
+CVE-2021-27593 (When a user opens manipulated Graphics Interchange Format (.GIF) files ...)
+ NOT-FOR-US: SAP
+CVE-2021-27592 (When a user opens manipulated Universal 3D (.U3D) files received from ...)
+ NOT-FOR-US: SAP
+CVE-2021-27591 (When a user opens manipulated Portable Document Format (.PDF) format f ...)
+ NOT-FOR-US: SAP
+CVE-2021-27590 (When a user opens manipulated Tag Image File Format (.TIFF) format fil ...)
+ NOT-FOR-US: SAP
+CVE-2021-27589 (When a user opens manipulated Scalable Vector Graphics (.SVG) format f ...)
+ NOT-FOR-US: SAP
+CVE-2021-27588 (When a user opens manipulated HPGL format files received from untruste ...)
+ NOT-FOR-US: SAP
+CVE-2021-27587 (When a user opens manipulated Jupiter Tessellation (.JT) format files ...)
+ NOT-FOR-US: SAP
+CVE-2021-27586 (When a user opens manipulated Interchange File Format (.IFF) format fi ...)
+ NOT-FOR-US: SAP
+CVE-2021-27585 (When a user opens manipulated Computer Graphics Metafile (.CGM) format ...)
+ NOT-FOR-US: SAP
+CVE-2021-27584 (When a user opens manipulated PhotoShop Document (.PSD) format files r ...)
+ NOT-FOR-US: SAP
+CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...)
+ NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
+CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...)
+ NOT-FOR-US: Kentico CMS
+CVE-2021-27580
+ RESERVED
+CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on ...)
+ NOT-FOR-US: Snow Inventory Agent
+CVE-2021-27578 (Cross Site Scripting vulnerability in markdown interpreter of Apache Z ...)
+ NOT-FOR-US: Apache Zeppelin
+CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache Traffic Ser ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/2b13eb33794574e62249997b4ba654d943a10f2d (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-27576 (If was found that the NetTest web service can be used to overload the ...)
+ NOT-FOR-US: Apache OpenMeetings
+CVE-2021-27575
+ RESERVED
+CVE-2021-27574 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27573 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27572 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authent ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27571 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27570 (An issue was discovered in Emote Remote Mouse through 3.015. Attackers ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27569 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...)
+ NOT-FOR-US: netplex
+CVE-2021-27567
+ RESERVED
+CVE-2021-27566
+ RESERVED
+CVE-2021-3414
+ RESERVED
+ NOT-FOR-US: Red Hat Satellite
+CVE-2021-27565 (The web server in InterNiche NicheStack through 4.0.1 allows remote at ...)
+ NOT-FOR-US: InterNiche NicheStack
+CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is authentic ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27563
+ RESERVED
+CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...)
+ NOT-FOR-US: Arm Trusted Firmware M
+CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command injection as ro ...)
+ NOT-FOR-US: Yealink Device Management
+CVE-2021-27560
+ RESERVED
+CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
+ NOT-FOR-US: Monica
+CVE-2021-27558 (A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows re ...)
+ NOT-FOR-US: EasyCorp ZenTao
+CVE-2021-27557 (A cross-site request forgery (CSRF) vulnerability in the Cron job tab ...)
+ NOT-FOR-US: EasyCorp ZenTao
+CVE-2021-27556 (The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (wh ...)
+ NOT-FOR-US: EasyCorp ZenTao
+CVE-2021-27555
+ RESERVED
+CVE-2021-27554
+ RESERVED
+CVE-2021-27553
+ RESERVED
+CVE-2021-27552
+ RESERVED
+CVE-2021-27551
+ RESERVED
+CVE-2021-27550 (Polaris Office v9.102.66 is affected by a divide-by-zero error in Pola ...)
+ NOT-FOR-US: Polaris Office
+CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...)
+ NOT-FOR-US: Genymotion Desktop
+CVE-2021-27548
+ RESERVED
+CVE-2021-27547
+ RESERVED
+CVE-2021-27546
+ RESERVED
+CVE-2021-27545 (SQL Injection in the "add-services.php" component of PHPGurukul Beauty ...)
+ NOT-FOR-US: PHPGurukul Beauty Parlour Management System
+CVE-2021-27544 (Cross Site Scripting (XSS) in the "add-services.php" component of PHPG ...)
+ NOT-FOR-US: PHPGurukul Beauty Parlour Management System
+CVE-2021-27543
+ RESERVED
+CVE-2021-27542
+ RESERVED
+CVE-2021-27541
+ RESERVED
+CVE-2021-27540
+ RESERVED
+CVE-2021-27539
+ RESERVED
+CVE-2021-27538
+ RESERVED
+CVE-2021-27537
+ RESERVED
+CVE-2021-27536
+ RESERVED
+CVE-2021-27535
+ RESERVED
+CVE-2021-27534
+ RESERVED
+CVE-2021-27533
+ RESERVED
+CVE-2021-27532
+ RESERVED
+CVE-2021-27531 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27530 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27529 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27528 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27527 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27526 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27525
+ RESERVED
+CVE-2021-27524
+ RESERVED
+CVE-2021-27523
+ RESERVED
+CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability ...)
+ NOT-FOR-US: Learnsite
+CVE-2021-27521
+ RESERVED
+CVE-2021-27520 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...)
+ NOT-FOR-US: FUDForum
+CVE-2021-27519 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...)
+ NOT-FOR-US: FUDForum
+CVE-2021-27518
+ RESERVED
+CVE-2021-27517 (Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary Jav ...)
+ NOT-FOR-US: Foxit
+CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash ...)
+ NOT-FOR-US: urijs
+CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...)
+ - node-url-parse 1.5.1-1 (bug #985110)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ [stretch] - node-url-parse <no-dsa> (Minor issue)
+ NOTE: https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 (1.5.0)
+ NOTE: https://github.com/unshiftio/url-parse/pull/197
+CVE-2021-27514 (EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for th ...)
+ NOT-FOR-US: EyesOfNetwork (EON)
+CVE-2021-27513 (The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authentica ...)
+ NOT-FOR-US: EyesOfNetwork (EON)
+CVE-2021-27512
+ RESERVED
+CVE-2021-27511
+ RESERVED
+CVE-2021-27510
+ RESERVED
+CVE-2021-27509 (In Visualware MyConnection Server before 11.0b build 5382, each publis ...)
+ NOT-FOR-US: Visualware MyConnection Server
+CVE-2021-27508
+ RESERVED
+CVE-2021-27507
+ RESERVED
+CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded in St ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-27505
+ RESERVED
+CVE-2021-27504
+ RESERVED
+CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27502
+ RESERVED
+CVE-2021-27501
+ RESERVED
+CVE-2021-27500
+ RESERVED
+CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27498
+ RESERVED
+CVE-2021-27497
+ RESERVED
+CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27493
+ RESERVED
+CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27489 (ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allo ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27487 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products co ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...)
+ NOT-FOR-US: Fatek Automation WinProladder
+CVE-2021-27485 (ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows us ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27484
+ RESERVED
+CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27482
+ RESERVED
+CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...)
+ NOT-FOR-US: Delta Industrial Automation COMMGR
+CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product&#821 ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27478
+ RESERVED
+CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...)
+ NOT-FOR-US: JTEKT
+CVE-2021-27476
+ RESERVED
+CVE-2021-27475
+ RESERVED
+CVE-2021-27474
+ RESERVED
+CVE-2021-27473
+ RESERVED
+CVE-2021-27472
+ RESERVED
+CVE-2021-27471
+ RESERVED
+CVE-2021-27470
+ RESERVED
+CVE-2021-27469
+ RESERVED
+CVE-2021-27468
+ RESERVED
+CVE-2021-27467 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27466
+ RESERVED
+CVE-2021-27465 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27464
+ RESERVED
+CVE-2021-27463 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27462
+ RESERVED
+CVE-2021-27461 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27460
+ RESERVED
+CVE-2021-27459 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...)
+ NOT-FOR-US: JTEKT Corporation TOYOPUC
+CVE-2021-27457 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27456
+ RESERVED
+CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...)
+ NOT-FOR-US: GE
+CVE-2021-27453 (Mesa Labs AmegaView Versions 3.0 uses default cookies that could be se ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...)
+ NOT-FOR-US: GE
+CVE-2021-27451 (Mesa Labs AmegaView Versions 3.0 and prior&#8217;s passcode is generat ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...)
+ NOT-FOR-US: GE
+CVE-2021-27449 (Mesa Labs AmegaView Versions 3.0 and prior has a command injection vul ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...)
+ NOT-FOR-US: GE
+CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27446
+ RESERVED
+CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27444
+ RESERVED
+CVE-2021-27443
+ RESERVED
+CVE-2021-27442
+ RESERVED
+CVE-2021-27441
+ RESERVED
+CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...)
+ NOT-FOR-US: GE
+CVE-2021-27439
+ RESERVED
+CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...)
+ NOT-FOR-US: GE
+CVE-2021-27437 (The affected product allows attackers to obtain sensitive information ...)
+ NOT-FOR-US: WISE-PaaS
+CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-27435
+ RESERVED
+CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...)
+ NOT-FOR-US: Unified Automation .NET
+CVE-2021-27433
+ RESERVED
+CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...)
+ NOT-FOR-US: OPC Foundation UA .NET
+CVE-2021-27431
+ RESERVED
+CVE-2021-27430
+ RESERVED
+CVE-2021-27429
+ RESERVED
+CVE-2021-27428
+ RESERVED
+CVE-2021-27427
+ RESERVED
+CVE-2021-27426
+ RESERVED
+CVE-2021-27425
+ RESERVED
+CVE-2021-27424
+ RESERVED
+CVE-2021-27423
+ RESERVED
+CVE-2021-27422
+ RESERVED
+CVE-2021-27421
+ RESERVED
+CVE-2021-27420
+ RESERVED
+CVE-2021-27419
+ RESERVED
+CVE-2021-27418
+ RESERVED
+CVE-2021-27417
+ RESERVED
+CVE-2021-27416
+ RESERVED
+CVE-2021-27415
+ RESERVED
+CVE-2021-27414
+ RESERVED
+CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...)
+ NOT-FOR-US: Omron CX-One
+CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-27411
+ RESERVED
+CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
+ NOT-FOR-US: Welch Allyn
+CVE-2021-27409
+ RESERVED
+CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...)
+ NOT-FOR-US: Welch Allyn
+CVE-2021-27407
+ RESERVED
+CVE-2021-27406
+ RESERVED
+CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
+ NOT-FOR-US: Node scrapbox-parser
+CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
+ NOT-FOR-US: Askey devices
+CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
+ NOT-FOR-US: Askey devices
+CVE-2021-27402 (The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an u ...)
+ NOT-FOR-US: Mitel
+CVE-2021-27401 (The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 coul ...)
+ NOT-FOR-US: Mitel
+CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...)
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
+CVE-2021-3413 (A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm ...)
+ NOT-FOR-US: Red Hat Satellite
+CVE-2021-3412 (It was found that all versions of 3Scale developer portal lacked brute ...)
+ NOT-FOR-US: Red Hat 3scale API Management
+CVE-2021-27399 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
+ NOT-FOR-US: Simcenter (Siemens)
+CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ NOT-FOR-US: Tecnomatix Plant Simulation
+CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ NOT-FOR-US: Tecnomatix Plant Simulation
+CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ NOT-FOR-US: Tecnomatix Plant Simulation
+CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian 2013 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Mendix Applications (Siemens)
+CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network ...)
+ NOT-FOR-US: Siveillance
+CVE-2021-27391 (A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27390 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All versions ...)
+ NOT-FOR-US: Opcenter Quality
+CVE-2021-27388 (SINAMICS medium voltage routable products are affected by a vulnerabil ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
+ NOT-FOR-US: Simcenter (Siemens)
+CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Solid Edge (Siemens)
+CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ NOT-FOR-US: Solid Edge SE2020
+CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Solid Edge SE2020
+CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...)
+ {DSA-4888-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not applied)
+ NOTE: https://xenbits.xen.org/xsa/advisory-366.html
+ NOTE: Mark first version in 4.14.x which landed in unstable as fixed, though
+ NOTE: the issue more precisely only affects Xen versions up to 4.11 with version
+ NOTE: containing broken backport for XSA-321 / CVE-2020-15565
+CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...)
+ - rust-rand-core <not-affected> (0.5.1 not affected, see #985087)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html
+CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...)
+ NOT-FOR-US: Rust crate yottadb
+CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...)
+ NOT-FOR-US: Rust crate nb-connect
+CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other ...)
+ NOT-FOR-US: Traefik
+CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...)
+ NOT-FOR-US: VertiGIS WebOffice
+CVE-2021-27373
+ RESERVED
+CVE-2021-27372 (Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may ...)
+ NOT-FOR-US: Realtek xPON RTL9601D SDK
+CVE-2021-27371 (The Contact page in Monica 2.19.1 allows stored XSS via the Descriptio ...)
+ NOT-FOR-US: Monica
+CVE-2021-27370 (The Contact page in Monica 2.19.1 allows stored XSS via the Last Name ...)
+ NOT-FOR-US: Monica
+CVE-2021-27369 (The Contact page in Monica 2.19.1 allows stored XSS via the Middle Nam ...)
+ NOT-FOR-US: Monica
+CVE-2021-27368 (The Contact page in Monica 2.19.1 allows stored XSS via the First Name ...)
+ NOT-FOR-US: Monica
+CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend/Filem ...)
+ NOT-FOR-US: Bolt CMS
+CVE-2021-27366
+ RESERVED
+CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee
+ NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
+CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
+CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
+CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...)
+ NOT-FOR-US: WPG plugin for IrfanView
+CVE-2021-27361
+ RESERVED
+CVE-2021-27360
+ RESERVED
+CVE-2021-27359
+ RESERVED
+CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...)
+ - grafana <removed>
+CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-27356
+ RESERVED
+CVE-2021-27355
+ RESERVED
+CVE-2021-27354
+ RESERVED
+CVE-2021-27353
+ RESERVED
+CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...)
+ NOT-FOR-US: Ilch CMS
+CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...)
+ - telegram-desktop 2.6.1-1
+ [buster] - telegram-desktop <not-affected> (Vulnerable code not present)
+ NOTE: https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html
+ NOTE: Probably fixed earlier than 2.6.1, but marking that fixed in absence of further details
+ NOTE: (maintainer reached out to upstream for confirmation that 2.6.1 is fixed and buster
+ NOTE: not affected)
+CVE-2021-27350
+ RESERVED
+CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a diffe ...)
+ NOT-FOR-US: WooCommerce
+CVE-2021-27348
+ RESERVED
+CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...)
+ - lrzip <unfixed> (unimportant; bug #990583)
+ NOTE: https://github.com/ckolivas/lrzip/issues/165
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-27346
+ RESERVED
+CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...)
+ - lrzip <unfixed> (unimportant)
+ NOTE: https://github.com/ckolivas/lrzip/issues/164
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-27344
+ RESERVED
+CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27341 (OpenSIS Community Edition version &lt;= 7.6 is affected by a local fil ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-27340 (OpenSIS Community Edition version &lt;= 7.6 is affected by a reflected ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-27339
+ RESERVED
+CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ page and it ...)
+ NOT-FOR-US: Faraday Edge
+CVE-2021-27337
+ RESERVED
+CVE-2021-27336
+ RESERVED
+CVE-2021-27335 (KollectApps before 4.8.16c is affected by insecure Java deserializatio ...)
+ NOT-FOR-US: KollectApps
+CVE-2021-27334
+ RESERVED
+CVE-2021-27333
+ RESERVED
+CVE-2021-27332 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
+ NOT-FOR-US: CASAP Automated Enrollment System
+CVE-2021-27331
+ RESERVED
+CVE-2021-27330 (Triconsole Datepicker Calendar &lt;3.77 is affected by cross-site scri ...)
+ NOT-FOR-US: Triconsole Datepicker Calendar
+CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...)
+ NOT-FOR-US: Friendica
+CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...)
+ NOT-FOR-US: Yeastar NeoGate TG400 91.3.0.3 devices
+CVE-2021-27327
+ RESERVED
+CVE-2021-27326
+ RESERVED
+CVE-2021-27325
+ RESERVED
+CVE-2021-27324
+ RESERVED
+CVE-2021-27323
+ RESERVED
+CVE-2021-27322
+ RESERVED
+CVE-2021-27321
+ RESERVED
+CVE-2021-27320 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27319 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27316 (Blind SQL injection in contactus.php in doctor appointment system 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27315 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...)
+ NOT-FOR-US: doctor appointment system
+CVE-2021-27313
+ RESERVED
+CVE-2021-27312
+ RESERVED
+CVE-2021-27311
+ RESERVED
+CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...)
+ NOT-FOR-US: Clansphere CMS
+CVE-2021-27309 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module ...)
+ NOT-FOR-US: Clansphere CMS
+CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login panel in ...)
+ NOT-FOR-US: 4images
+CVE-2021-27307
+ RESERVED
+CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in Kong Gat ...)
+ NOT-FOR-US: Kong Gateway
+CVE-2021-27305
+ RESERVED
+CVE-2021-27304
+ RESERVED
+CVE-2021-27303
+ RESERVED
+CVE-2021-27302
+ RESERVED
+CVE-2021-27301
+ RESERVED
+CVE-2021-27300
+ RESERVED
+CVE-2021-27299
+ RESERVED
+CVE-2021-27298
+ RESERVED
+CVE-2021-27297
+ RESERVED
+CVE-2021-27296
+ RESERVED
+CVE-2021-27295
+ RESERVED
+CVE-2021-27294
+ RESERVED
+CVE-2021-27293 (RestSharp &lt; 106.11.8-alpha.0.13 uses a regular expression which is ...)
+ NOT-FOR-US: RestSharp
+CVE-2021-27292 (ua-parser-js &gt;= 0.7.14, fixed in 0.7.24, uses a regular expression ...)
+ - node-ua-parser-js 0.7.24+ds-1 (bug #985568)
+ [buster] - node-ua-parser-js <no-dsa> (Minor issue)
+ NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
+ NOTE: https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
+CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...)
+ {DSA-4889-1 DSA-4878-1 DLA-2648-1 DLA-2600-1}
+ - pygments 2.7.1+dfsg-2.1 (bug #985574)
+ - mediawiki 1:1.35.2-1
+ NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
+ NOTE: https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
+CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...)
+ - node-ssri 8.0.1-1 (bug #985841)
+ [buster] - node-ssri <no-dsa> (Minor issue)
+ NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf
+ NOTE: https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 (v8.0.1)
+CVE-2021-27289
+ RESERVED
+CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...)
+ NOT-FOR-US: X2Engine X2CRM
+CVE-2021-27287
+ RESERVED
+CVE-2021-27286
+ RESERVED
+CVE-2021-27285
+ RESERVED
+CVE-2021-27284
+ RESERVED
+CVE-2021-27283
+ RESERVED
+CVE-2021-27282
+ RESERVED
+CVE-2021-27281
+ RESERVED
+CVE-2021-27280
+ RESERVED
+CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCo ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27278 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-27277 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27274 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27273 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27272 (This vulnerability allows remote attackers to delete arbitrary files o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27271 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27270 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27269 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27268 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27267 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27266 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27265 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27264 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27263 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27262 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27261 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27253 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27252 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27251 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27250 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27249 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27248 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27247 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: WeChat
+CVE-2021-27246 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels
+CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels
+CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels
+CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...)
+ NOT-FOR-US: Avast
+CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27238
+ RESERVED
+CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...)
+ NOT-FOR-US: BlackCat CMS
+CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfil ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The we ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...)
+ NOT-FOR-US: Pelco Digital Sentry Server
+CVE-2021-27231 (Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, ...)
+ NOT-FOR-US: Hestia Control Panel
+CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...)
+ NOT-FOR-US: ExpressionEngine
+CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...)
+ {DLA-2562-1}
+ - mumble 1.3.4-1 (bug #982904)
+ [buster] - mumble 1.3.0~git20190125.440b173+dfsg-2+deb10u1
+ NOTE: https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
+ NOTE: https://github.com/mumble-voip/mumble/pull/4733
+CVE-2021-27228 (An issue was discovered in Shinobi through ocean version 1. lib/auth.j ...)
+ NOT-FOR-US: Shinobi
+CVE-2021-27227
+ RESERVED
+CVE-2021-27226
+ RESERVED
+CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in the Jupyte ...)
+ NOT-FOR-US: Dataiku DSS
+CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...)
+ NOT-FOR-US: WPG plugin for IrfanView
+CVE-2021-27223
+ RESERVED
+CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...)
+ NOT-FOR-US: "Time in Status" app
+CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...)
+ NOT-FOR-US: MikroTik RouterOS
+CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1623. B ...)
+ NOT-FOR-US: PRTG Network Monitor
+CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
+ NOT-FOR-US: YubiHSM 2 SDK
+CVE-2021-27216 (Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By lev ...)
+ - exim4 4.94.2-1
+ [buster] - exim4 <not-affected> (Vulnerable code introduced later)
+ [stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/01446a56c76aa5ac3213a86f8992a2371a8301f3 (exim-4_94_RC0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
+ NOT-FOR-US: genua genugate
+CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...)
+ NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
+CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...)
+ NOT-FOR-US: pystemon
+CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion ...)
+ {DSA-4860-1 DLA-2574-1}
+ - openldap 2.4.57+dfsg-2
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454
+ NOTE: trunk: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
+ NOTE: REL_ENG 2.4.x: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
+CVE-2021-27211 (steghide 0.5.1 relies on a certain 32-bit seed value, which makes it e ...)
+ - steghide <unfixed> (bug #983267)
+ [bullseye] - steghide <no-dsa> (Minor issue)
+ [buster] - steghide <no-dsa> (Minor issue)
+ [stretch] - steghide <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/b4shfire/stegcrack
+CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221 devices, ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27208 (When booting a Zync-7000 SOC device from nand flash memory, the nand d ...)
+ NOT-FOR-US: Zync-7000 SOC device
+CVE-2021-27207
+ RESERVED
+CVE-2021-27206
+ RESERVED
+CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10. A viol ...)
+ - linux 5.9.15-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+CVE-2021-3410 (A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in c ...)
+ {DLA-2584-1}
+ - libcaca 0.99.beta19-2.2 (bug #983686)
+ [buster] - libcaca <no-dsa> (Minor issue)
+ NOTE: https://github.com/cacalabs/libcaca/issues/52
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928437
+ NOTE: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd
+ NOTE: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015
+CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local copy of ...)
+ NOT-FOR-US: Telegram for MacOS
+CVE-2021-27204 (Telegram before 7.4 (212543) Stable on macOS stores the local passcode ...)
+ NOT-FOR-US: Telegram for MacOS
+CVE-2021-27203 (In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for ...)
+ NOT-FOR-US: Dekart Private Disk
+CVE-2021-27202
+ RESERVED
+CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file]
+ - spip 3.2.9-1
+ [buster] - spip 3.2.4-1+deb10u4
+ [stretch] - spip 3.1.4-4~deb9u4+deb9u1
+CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...)
+ NOT-FOR-US: Endian Firewall Community (aka EFW)
+CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...)
+ NOT-FOR-US: WoWonder
+CVE-2021-27199
+ RESERVED
+CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server before v11.1 ...)
+ NOT-FOR-US: Visualware MyConnection Server
+CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
+ NOT-FOR-US: Pelco Digital Sentry Server
+CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27193 (Incorrect default permissions vulnerability in the API of Netop Vision ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of Netop V ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...)
+ NOT-FOR-US: Node get-ip-range
+CVE-2021-3408
+ RESERVED
+ NOTE: Red Hat duplicate for CVE-2021-20233
+CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...)
+ NOT-FOR-US: PEEL Shopping cart
+CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...)
+ NOT-FOR-US: CIRA Canadian Shield app
+CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...)
+ NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
+CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...)
+ NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
+CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...)
+ NOT-FOR-US: Fluent Bit
+CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...)
+ NOT-FOR-US: Node samba-client
+CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...)
+ NOT-FOR-US: Pelco Digital Sentry Server
+CVE-2021-27183 (An issue was discovered in MDaemon before 20.0.4. Administrators can u ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27182 (An issue was discovered in MDaemon before 20.0.4. There is an IFRAME i ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27181 (An issue was discovered in MDaemon before 20.0.4. Remote Administratio ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27180 (An issue was discovered in MDaemon before 20.0.4. There is Reflected X ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27179 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27178 (An issue was discovered on FiberHome HG6245D devices through RP2613. S ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27177 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27176 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27175 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27174 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27173 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27172 (An issue was discovered on FiberHome HG6245D devices through RP2613. A ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27171 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27170 (An issue was discovered on FiberHome HG6245D devices through RP2613. B ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27169 (An issue was discovered on FiberHome AN5506-04-FA devices with firmwar ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27168 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27167 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27166 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27165 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27164 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27163 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27162 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27161 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27160 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27159 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27158 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27157 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27156 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27155 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27154 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27153 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27152 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27151 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27150 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27149 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27148 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27147 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27146 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27145 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27144 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27143 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27142 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27141 (An issue was discovered on FiberHome HG6245D devices through RP2613. C ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...)
+ [experimental] - u-boot 2021.04~rc3+dfsg-1
+ - u-boot 2021.07+dfsg-2 (bug #983269)
+ [bullseye] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <no-dsa> (Minor issue)
+ [stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
+ NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
+ NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
+CVE-2021-27137
+ RESERVED
+CVE-2021-27136
+ RESERVED
+CVE-2021-27134
+ RESERVED
+CVE-2021-27133
+ RESERVED
+CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...)
+ NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices
+CVE-2021-27131
+ RESERVED
+CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...)
+ NOT-FOR-US: Online Reviewer System
+CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a cross-site sc ...)
+ NOT-FOR-US: CASAP Automated Enrollment System
+CVE-2021-27128
+ RESERVED
+CVE-2021-27127
+ RESERVED
+CVE-2021-27126
+ RESERVED
+CVE-2021-27125
+ RESERVED
+CVE-2021-27124 (SQL injection in the expertise parameter in search_result.php in Docto ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27123
+ RESERVED
+CVE-2021-27122
+ RESERVED
+CVE-2021-27121
+ RESERVED
+CVE-2021-27120
+ RESERVED
+CVE-2021-27119
+ RESERVED
+CVE-2021-27118
+ RESERVED
+CVE-2021-27117
+ RESERVED
+CVE-2021-27116
+ RESERVED
+CVE-2021-27115
+ RESERVED
+CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27112 (LightCMS v1.3.5 contains a remote code execution vulnerability in /app ...)
+ NOT-FOR-US: LightCMS
+CVE-2021-27111
+ RESERVED
+CVE-2021-27110
+ RESERVED
+CVE-2021-27109
+ RESERVED
+CVE-2021-27108
+ RESERVED
+CVE-2021-27107
+ RESERVED
+CVE-2021-27106
+ RESERVED
+CVE-2021-27105
+ RESERVED
+CVE-2021-3407 (A flaw was found in mupdf 1.18.0. Double free of object during lineari ...)
+ {DLA-2589-1}
+ - mupdf 1.17.0+ds1-1.3 (bug #983684)
+ [buster] - mupdf 1.14.0+ds1-4+deb10u3
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703366 (not public yet)
+CVE-2021-3406 (A flaw was found in keylime 5.8.1 and older. The issue in the Keylime ...)
+ NOT-FOR-US: Keylime
+ NOTE: https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
+CVE-2021-3405 (A flaw was found in libebml before 1.4.2. A heap overflow bug exists i ...)
+ {DLA-2629-1}
+ - libebml 1.4.2-1 (bug #982597)
+ [buster] - libebml <no-dsa> (Minor issue)
+ NOTE: https://github.com/Matroska-Org/libebml/issues/74
+CVE-2021-27104 (Accellion FTA 9_12_370 and earlier is affected by OS command execution ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27103 (Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted P ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27102 (Accellion FTA 9_12_411 and earlier is affected by OS command execution ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection via a ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27100
+ RESERVED
+CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the ...)
+ NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
+CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 ...)
+ NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
+CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
+ [experimental] - u-boot 2021.04~rc3+dfsg-1
+ - u-boot 2021.07+dfsg-2 (bug #983270)
+ [bullseye] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <no-dsa> (Minor issue)
+ [stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
+ NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
+ NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
+CVE-2021-27096 (NTFS Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27095 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27094 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27093 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27092 (Azure AD Web Sign-in Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27091 (RPC Endpoint Mapper Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27090 (Windows Secure Kernel Mode Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27089 (Microsoft Internet Messaging API Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27088 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27087
+ RESERVED
+CVE-2021-27086 (Windows Services and Controller App Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27085 (Internet Explorer Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27084 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27083 (Remote Development Extension for Visual Studio Code Remote Code Execut ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27082 (Quantum Development Kit for Visual Studio Code Remote Code Execution V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27081 (Visual Studio Code ESLint Extension Remote Code Execution Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27080 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27079 (Windows Media Photo Codec Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27078 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27077 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27076 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27075 (Azure Virtual Machine Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27074 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27073
+ RESERVED
+CVE-2021-27072 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27071
+ RESERVED
+CVE-2021-27070 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27069
+ RESERVED
+CVE-2021-27068 (Visual Studio Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27067 (Azure DevOps Server and Team Foundation Server Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27066 (Windows Admin Center Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27065 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27064 (Visual Studio Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27063 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27062 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27061 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27060 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27059 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27058 (Microsoft Office ClickToRun Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27057 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27056 (Microsoft PowerPoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27055 (Microsoft Visio Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27054 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27053 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27052 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27051 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27050 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27049 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27048 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27047 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27046 (A Memory Corruption vulnerability for PDF files in Autodesk Navisworks ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27045 (A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27044 (A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review versio ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27043 (An Arbitrary Address Write issue in the Autodesk DWG application can a ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27042 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27038 (A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27035 (A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT, PCX, RCL ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to privilege e ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27030 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27029 (The user may be tricked into opening a malicious FBX file which may ex ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27027 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27026 (A flaw was divered in Puppet Enterprise and other Puppet products wher ...)
+ NOT-FOR-US: Puppet Enterprise
+CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silently ign ...)
+ - puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [buster] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [stretch] - puppet <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://puppet.com/security/cve/cve-2021-27025
+ NOTE: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1)
+ NOTE: Limited impact, needs a malformed custom type provider
+CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD ...)
+ NOT-FOR-US: Continuous Delivery for Puppet Enterprise
+CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may resul ...)
+ - puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue)
+ [buster] - puppet <ignored> (Minor issue)
+ [stretch] - puppet <ignored> (Minor issue)
+ NOTE: https://puppet.com/security/cve/cve-2021-27023
+ NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
+ NOTE: Marginal/unclear security implications, the redirects are fully under control of
+ NOTE: the puppet masters and the advisory states this CVE would be similar to CVE-2018-1000007,
+ NOTE: but CVE is for curl, which obviously has different scope being a library. Plus, all
+ NOTE: reasonably secure installations use client auth on the agents
+ NOTE: Previous client code in lib/puppet/network/http/connection.rb also vulnerable
+CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...)
+ - puppet <not-affected> (Only affects Puppet Enterprise)
+ NOTE: https://puppet.com/security/cve/CVE-2021-27022/
+CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...)
+ - puppetdb <unfixed> (bug #990419)
+ [buster] - puppetdb <no-dsa> (Minor issue)
+ NOTE: https://puppet.com/security/cve/cve-2021-27021/
+ NOTE: https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
+ NOTE: https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266
+ NOTE: https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb
+ NOTE: https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170
+CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing user inp ...)
+ - puppet <not-affected> (Only affects Puppet Enterprise)
+CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...)
+ - puppetdb <unfixed>
+ [buster] - puppetdb <no-dsa> (Minor issue)
+ NOTE: https://puppet.com/security/cve/CVE-2021-27019/
+CVE-2021-27018 (The mechanism which performs certificate validation was discovered to ...)
+ NOT-FOR-US: Puppet Remediate
+CVE-2021-27017
+ RESERVED
+ - puppet <not-affected> (Specific to the Puppet 7.x stack)
+ NOTE: https://puppet.com/security/cve/CVE-2021-27017/
+CVE-2021-27016
+ RESERVED
+CVE-2021-27015
+ RESERVED
+CVE-2021-27014
+ RESERVED
+CVE-2021-27013
+ RESERVED
+CVE-2021-27012
+ RESERVED
+CVE-2021-27011
+ RESERVED
+CVE-2021-27010
+ RESERVED
+CVE-2021-27009
+ RESERVED
+CVE-2021-27008
+ RESERVED
+CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway i ...)
+ NOT-FOR-US: NetApp Virtual Desktop Service
+CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11. ...)
+ NOT-FOR-US: StorageGRID
+CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...)
+ NOT-FOR-US: NetAPP
+CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
+ NOT-FOR-US: Clustered Data ONTAP (NetApp)
+CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
+ NOT-FOR-US: NetApp Cloud Manager
+CVE-2021-27001 (Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8 ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-27000
+ RESERVED
+CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...)
+ NOT-FOR-US: NetApp Cloud Manager
+CVE-2021-26998 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...)
+ NOT-FOR-US: NetApp Cloud Manager
+CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...)
+ NOT-FOR-US: Clustered Data ONTAP (NetApp)
+CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
+ NOT-FOR-US: Cloud Manager (NetApp)
+CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...)
+ NOT-FOR-US: Cloud Manager (NetApp)
+CVE-2021-26990 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
+ NOT-FOR-US: Cloud Manager (NetApp)
+CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot Framework. ...)
+ NOT-FOR-US: Element Plug-in for vCenter Server
+CVE-2021-26986
+ RESERVED
+CVE-2021-26985
+ RESERVED
+CVE-2021-26984
+ RESERVED
+CVE-2021-26983
+ RESERVED
+CVE-2021-26982
+ RESERVED
+CVE-2021-26981
+ RESERVED
+CVE-2021-26980
+ RESERVED
+CVE-2021-26979
+ RESERVED
+CVE-2021-26978
+ RESERVED
+CVE-2021-26977
+ RESERVED
+CVE-2021-26976
+ RESERVED
+CVE-2021-26975
+ RESERVED
+CVE-2021-26974
+ RESERVED
+CVE-2021-26973
+ RESERVED
+CVE-2021-26972
+ RESERVED
+CVE-2021-26971 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26970 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) vulnera ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) vulnerability ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26966 (A remote authenticated sql injection vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26965 (A remote authenticated sql injection vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26964 (A remote authentication restriction bypass vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26963 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26962 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26959
+ REJECTED
+CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...)
+ NOT-FOR-US: Rust crate qwutils
+CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...)
+ NOT-FOR-US: Rust crate postscript
+CVE-2021-26952 (An issue was discovered in the ms3d crate before 0.1.3 for Rust. It mi ...)
+ NOT-FOR-US: Rust crate ms3d
+CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for Rust. ...)
+ NOT-FOR-US: Rust crate calamine
+CVE-2021-26944
+ RESERVED
+CVE-2021-26943 (The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with t ...)
+ NOT-FOR-US: UX360CA BIOS
+CVE-2021-26942
+ RESERVED
+CVE-2021-26941
+ RESERVED
+CVE-2021-26940
+ REJECTED
+CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...)
+ NOT-FOR-US: henriquedornas
+CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via ...)
+ NOT-FOR-US: henriquedornas
+CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...)
+ {DLA-2558-1}
+ - xterm 366-1 (bug #982439)
+ [buster] - xterm 344-1+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7
+ NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
+ NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
+CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...)
+ {DSA-4861-1 DLA-2570-1}
+ - screen 4.8.0-5 (bug #982435)
+ NOTE: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3
+ NOTE: https://savannah.gnu.org/bugs/?60030
+ NOTE: First patch applied in -4, but revised patch applied in -5 which fixed regressions
+CVE-2021-23219 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-23217 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-23201 (NVIDIA GPU and Tegra hardware contain a vulnerability in an internal m ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...)
+ - libytnef 1.9.3-3 (bug #982596)
+ [buster] - libytnef <no-dsa> (Minor issue)
+ [stretch] - libytnef <no-dsa> (Minor issue)
+ NOTE: https://github.com/Yeraze/ytnef/issues/86
+ NOTE: https://github.com/Yeraze/ytnef/pull/88
+ NOTE: https://github.com/Yeraze/ytnef/commit/f9ff4a203b8c155d51a208cadadb62f224fba715
+CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows ...)
+ - libytnef 1.9.3-3 (bug #982594)
+ [buster] - libytnef <no-dsa> (Minor issue)
+ [stretch] - libytnef <no-dsa> (Minor issue)
+ NOTE: https://github.com/Yeraze/ytnef/issues/85
+ NOTE: https://github.com/Yeraze/ytnef/pull/87
+ NOTE: https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7
+CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...)
+ NOT-FOR-US: ReplaySorcery
+CVE-2021-26935 (In WoWonder &lt; 3.1, remote attackers can gain access to the database ...)
+ NOT-FOR-US: WoWonder
+CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...)
+ - linux <unfixed> (unimportant)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://xenbits.xen.org/xsa/advisory-363.html
+ NOTE: Driver never was meant to be supported and the patch in src:xen will only
+ NOTE: update SUPPORT.md to explicitly document the fact.
+CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is ...)
+ {DSA-4888-1}
+ - xen 4.14.1+11-gb0b734a8b3-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-364.html
+CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-361.html
+CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-362.html
+CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-365.html
+CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...)
+ {DLA-2564-1}
+ - php-horde-text-filter 2.3.7-1 (bug #982769)
+ [buster] - php-horde-text-filter 2.3.5-3+deb10u2
+ NOTE: https://lists.horde.org/archives/announce/2021/001298.html
+ NOTE: https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master)
+ NOTE: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7)
+ NOTE: https://www.alexbirnberg.com/horde-xss.html
+CVE-2021-26928 (** DISPUTED ** BIRD through 2.0.7 does not provide functionality for p ...)
+ NOT-FOR-US: Disputed BIRD issue
+CVE-2021-26927 (A flaw was found in jasper before 2.0.25. A null pointer dereference i ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/265
+ NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
+CVE-2021-26926 (A flaw was found in jasper before 2.0.25. An out of bounds read issue ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/264
+ NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
+CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...)
+ - roundcube 1.4.11+dfsg.1-1
+ [buster] - roundcube <not-affected> (Vulnerable code introduced later)
+ [stretch] - roundcube <not-affected> (Vulnerable code introduced later)
+ NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11
+ NOTE: https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
+CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS protectio ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the endpoin ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-26922
+ RESERVED
+CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-26920 (In the Druid ingestion system, the InputSource is used for reading dat ...)
+ - druid <itp> (bug #825797)
+CVE-2021-26919 (Apache Druid allows users to read data from other database systems usi ...)
+ - druid <itp> (bug #825797)
+CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might all ...)
+ NOT-FOR-US: ProBot bot
+CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write ...)
+ NOT-FOR-US: PyBitmessage
+CVE-2021-26916 (In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon comp ...)
+ NOT-FOR-US: nopCommerce
+CVE-2021-26915 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26914 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26913 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...)
+ NOT-FOR-US: Canary Mail
+CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently protected S3 ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive informati ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-26907
+ RESERVED
+CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
+ - asterisk 1:16.16.1~dfsg-1 (bug #983159)
+ [buster] - asterisk <postponed> (Minor issue)
+ [stretch] - asterisk <no-dsa> (Minor issue)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29196
+CVE-2021-3402 (An integer overflow and several buffer overflow reads in libyara/modul ...)
+ - yara 4.0.4-1
+ [buster] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <postponed> (Minor issue; can be fixed with next DLA)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/2
+ NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
+CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
+ NOT-FOR-US: 1Password SCIM Bridge
+CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...)
+ NOT-FOR-US: LMA ISIDA Retriever
+CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...)
+ NOT-FOR-US: LMA ISIDA Retriever
+CVE-2021-26902 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26901 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26900 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26899 (Windows UPnP Device Host Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26898 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26897 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26896 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26895 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26894 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26893 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26892 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26891 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26890 (Application Virtualization Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26889 (Windows Update Stack Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26888
+ RESERVED
+CVE-2021-26887 (Microsoft Windows Folder Redirection Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26886 (User Profile Service Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26885 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26884 (Windows Media Photo Codec Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26883
+ RESERVED
+CVE-2021-26882 (Remote Access API Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26881 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26880 (Storage Spaces Controller Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26879 (Windows NAT Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26878 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26877 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26876 (OpenType Font Parsing Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26875 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26874 (Windows Overlay Filter Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26873 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26872 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26871 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26870 (Windows Projected File System Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26869 (Windows ActiveX Installer Service Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26868 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26867 (Windows Hyper-V Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26866 (Windows Update Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26865 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26864 (Windows Virtual Registry Provider Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26863 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26862 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26861 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26860 (Windows App-V Overlay Filter Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26859 (Microsoft Power BI Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26858 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26857 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26856
+ RESERVED
+CVE-2021-26855 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26854 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26853
+ RESERVED
+CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...)
+ {DSA-4849-1 DLA-2554-1}
+ - firejail 0.9.64.4-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5
+ NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
+ NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
+ NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
+CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...)
+ {DSA-4859-1}
+ - libzstd 1.4.8+dfsg-2 (bug #982519)
+ [stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied)
+ NOTE: https://github.com/facebook/zstd/issues/2491
+CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...)
+ {DSA-4850-1 DLA-2573-1}
+ - libzstd 1.4.8+dfsg-1 (bug #981404)
+ NOTE: https://github.com/facebook/zstd/issues/1630
+CVE-2021-26852
+ RESERVED
+CVE-2021-26851
+ RESERVED
+CVE-2021-26850
+ RESERVED
+CVE-2021-26849
+ RESERVED
+CVE-2021-26848
+ RESERVED
+CVE-2021-26847
+ RESERVED
+CVE-2021-26846
+ RESERVED
+CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-26844 (A cross-site scripting (XSS) vulnerability in Power Admin PA Server Mo ...)
+ NOT-FOR-US: Power Admin PA Server Monitor
+CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...)
+ - thttpd <removed>
+CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...)
+ - rust-hyper <unfixed> (bug #988729)
+ NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html
+CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before ...)
+ - glib2.0 2.66.7-1 (bug #982779)
+ [buster] - glib2.0 2.58.3-2+deb10u3
+ [stretch] - glib2.0 <postponed> (fix along with CVE-2021-27219)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
+ NOTE: Test case depends on CVE-2021-27219 fix
+CVE-2021-27219 (An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before ...)
+ - glib2.0 2.66.6-1 (bug #982778)
+ [buster] - glib2.0 2.58.3-2+deb10u3
+ [stretch] - glib2.0 <postponed> (requires fixing vulnerable rdeps, follow buster strategy)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319
+ NOTE: Fix introduces new API 'g_memdup2'
+ NOTE: Fix backport in 2.66.7 adds 'g_memdup2' for internal use but does not allow fixing reverse-dependencies using vulnerable 'g_memdup'
+CVE-2021-26842
+ RESERVED
+CVE-2021-26841
+ RESERVED
+CVE-2021-26840
+ RESERVED
+CVE-2021-26839
+ RESERVED
+CVE-2021-26838
+ RESERVED
+CVE-2021-26837
+ RESERVED
+CVE-2021-26836
+ RESERVED
+CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...)
+ NOT-FOR-US: Zettlr
+CVE-2021-26834 (A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An a ...)
+ NOT-FOR-US: Znote
+CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...)
+ NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills
+CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...)
+ NOT-FOR-US: Priority Enterprise Management System
+CVE-2021-26831
+ RESERVED
+CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...)
+ NOT-FOR-US: Tribalsystems Zenario CMS
+CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
+ NOT-FOR-US: OpenPLC ScadaBR
+CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
+ NOT-FOR-US: OpenPLC ScadaBR
+CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
+ - godot <unfixed> (bug #982593)
+ [bullseye] - godot <no-dsa> (Minor issue)
+ [buster] - godot <no-dsa> (Minor issue)
+ NOTE: https://github.com/godotengine/godot/pull/45701
+ NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
+ NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
+CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...)
+ - godot <unfixed> (bug #982593)
+ [bullseye] - godot <no-dsa> (Minor issue)
+ [buster] - godot <no-dsa> (Minor issue)
+ NOTE: https://github.com/godotengine/godot/pull/45701
+ NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
+ NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
+CVE-2021-26824 (DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to impro ...)
+ NOT-FOR-US: DM FingerTool
+CVE-2021-26823
+ RESERVED
+CVE-2021-26822 (Teachers Record Management System 1.0 is affected by a SQL injection v ...)
+ NOT-FOR-US: Teachers Record Management System
+CVE-2021-26821
+ RESERVED
+CVE-2021-26820
+ RESERVED
+CVE-2021-26819
+ RESERVED
+CVE-2021-26818
+ RESERVED
+CVE-2021-26817
+ RESERVED
+CVE-2021-26816
+ RESERVED
+CVE-2021-26815
+ RESERVED
+CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...)
+ NOT-FOR-US: Wazuh
+CVE-2021-26813 (markdown2 &gt;=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
+ - python-markdown2 2.3.10-1.1 (bug #984668)
+ [buster] - python-markdown2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/trentm/python-markdown2/pull/387
+ NOTE: https://github.com/trentm/python-markdown2/commit/96dff22341489459c8cb832fdfd066a588ec23bf
+ NOTE: https://github.com/trentm/python-markdown2/commit/e1954d3a345fc7a4ccc113bd58f7df81ad63b6ec
+ NOTE: https://github.com/trentm/python-markdown2/commit/c4b4ccb3f9da33f29b013d6d765fd223a8277cfe
+CVE-2021-26812 (Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin ...)
+ NOT-FOR-US: Moodle plugin
+CVE-2021-26811
+ RESERVED
+CVE-2021-26810 (D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnera ...)
+ NOT-FOR-US: D-link
+CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote shell ...)
+ NOT-FOR-US: PHPGurukul Car Rental Project
+CVE-2021-26808
+ RESERVED
+CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, l ...)
+ NOT-FOR-US: GOG Galaxy client
+CVE-2021-26806
+ RESERVED
+CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-26804 (Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 2 ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-26803
+ RESERVED
+CVE-2021-26802
+ RESERVED
+CVE-2021-26801
+ RESERVED
+CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in Change-password.php ...)
+ NOT-FOR-US: phpgurukul
+CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka ...)
+ NOT-FOR-US: Omeka
+CVE-2021-26798
+ RESERVED
+CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware &lt;=V.2014 ...)
+ NOT-FOR-US: Hame SD1 Wi-Fi firmware
+CVE-2021-26796
+ RESERVED
+CVE-2021-26795 (A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX s ...)
+ NOT-FOR-US: TalariaX sendQuick Alert Plus Server Admin
+CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows ...)
+ NOT-FOR-US: FrogCMS SentCMS
+CVE-2021-26793
+ RESERVED
+CVE-2021-26792
+ RESERVED
+CVE-2021-26791
+ RESERVED
+CVE-2021-26790
+ RESERVED
+CVE-2021-26789
+ RESERVED
+CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...)
+ NOT-FOR-US: Oryx Embedded CycloneTCP
+CVE-2021-26787 (A cross site scripting (XSS) vulnerability in Genesys Workforce Manage ...)
+ NOT-FOR-US: Genesys Workforce Management
+CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland PlayTub ...)
+ NOT-FOR-US: PlayTube
+CVE-2021-26785
+ RESERVED
+CVE-2021-26784
+ RESERVED
+CVE-2021-26783
+ RESERVED
+CVE-2021-26782
+ RESERVED
+CVE-2021-26781
+ RESERVED
+CVE-2021-26780
+ RESERVED
+CVE-2021-26779
+ RESERVED
+CVE-2021-26778
+ RESERVED
+CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in index.cgi in ...)
+ NOT-FOR-US: CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare
+CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: CSZ CMS
+CVE-2021-26775
+ RESERVED
+CVE-2021-26774
+ RESERVED
+CVE-2021-26773
+ RESERVED
+CVE-2021-26772
+ RESERVED
+CVE-2021-26771
+ RESERVED
+CVE-2021-26770
+ RESERVED
+CVE-2021-26769
+ RESERVED
+CVE-2021-26768
+ RESERVED
+CVE-2021-26767
+ RESERVED
+CVE-2021-26766
+ RESERVED
+CVE-2021-26765 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...)
+ NOT-FOR-US: PHPGurukul Student Record System
+CVE-2021-26764 (SQL injection vulnerability in PHPGurukul Student Record System v 4.0 ...)
+ NOT-FOR-US: PHPGurukul Student Record System
+CVE-2021-26763
+ RESERVED
+CVE-2021-26762 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...)
+ NOT-FOR-US: PHPGurukul Student Record System
+CVE-2021-26761
+ RESERVED
+CVE-2021-26760
+ RESERVED
+CVE-2021-26759
+ RESERVED
+CVE-2021-26758 (Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web serve ...)
+ NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed
+CVE-2021-26757
+ RESERVED
+CVE-2021-26756
+ RESERVED
+CVE-2021-26755
+ RESERVED
+CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for server-side t ...)
+ NOT-FOR-US: wpDataTables WordPress plugin
+CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in the Syste ...)
+ NOT-FOR-US: NeDi
+CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating system com ...)
+ NOT-FOR-US: NeDi
+CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...)
+ NOT-FOR-US: NeDi
+CVE-2021-26750 (DLL hijacking in Panda Agent &lt;=1.16.11 in Panda Security, S.L.U. Pa ...)
+ NOT-FOR-US: Panda Agent
+CVE-2021-26749
+ RESERVED
+CVE-2021-26748
+ RESERVED
+CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...)
+ NOT-FOR-US: Netis devices
+CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-26745
+ RESERVED
+CVE-2021-26744
+ RESERVED
+CVE-2021-26743
+ RESERVED
+CVE-2021-26742
+ RESERVED
+CVE-2021-26741
+ RESERVED
+CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...)
+ NOT-FOR-US: doyocms
+CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows ...)
+ NOT-FOR-US: doyocms
+CVE-2021-26738
+ RESERVED
+CVE-2021-26737
+ RESERVED
+CVE-2021-26736
+ RESERVED
+CVE-2021-26735
+ RESERVED
+CVE-2021-26734
+ RESERVED
+CVE-2021-26733
+ RESERVED
+CVE-2021-26732
+ RESERVED
+CVE-2021-26731
+ RESERVED
+CVE-2021-26730
+ RESERVED
+CVE-2021-26729
+ RESERVED
+CVE-2021-26728
+ RESERVED
+CVE-2021-26727
+ RESERVED
+CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
+ NOT-FOR-US: Valmet
+CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
+ NOT-FOR-US: Nozomi Networks Guardian
+CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
+ NOT-FOR-US: Nozomi Networks Guardian
+CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&amp;query= XSS. ...)
+ NOT-FOR-US: Jenzabar
+CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...)
+ NOT-FOR-US: LinkedIn Oncall
+CVE-2021-26721
+ RESERVED
+CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...)
+ - avahi 0.8-4
+ [buster] - avahi 0.7-4+deb10u1
+ [stretch] - avahi <postponed> (fix in next DLA - removal of .sh script)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2
+ NOTE: Fixed by removing the avahi-daemon-check-dns.sh script.
+CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...)
+ NOT-FOR-US: gradle-enterprise-test-distribution-agent
+CVE-2021-26718 (KIS for macOS in some use cases was vulnerable to AV bypass that poten ...)
+ NOT-FOR-US: KIS for macOS
+CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...)
+ - asterisk 1:16.16.1~dfsg-1 (bug #983157)
+ [buster] - asterisk <not-affected> (Introduced in 16.15.0)
+ [stretch] - asterisk <not-affected> (Introduced in 16.15.0)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
+CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS ...)
+ NOT-FOR-US: Emoncms
+CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...)
+ NOT-FOR-US: MITREid Connect
+CVE-2021-26714 (The Enterprise License Manager portal in Mitel MiContact Center Enterp ...)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3
+CVE-2021-26713 (A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...)
+ - asterisk <not-affected> (Only affects 16.16.0 onwards)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-004.html
+CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...)
+ - asterisk <not-affected> (Only affects 16.16)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-003.html
+CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...)
+ NOT-FOR-US: Redwood Report2Web
+CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...)
+ NOT-FOR-US: Redwood Report2Web
+CVE-2021-26709 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_ ...)
+ NOT-FOR-US: D-Link
+CVE-2021-26707 (The merge-deep library before 3.0.3 for Node.js can be tricked into ov ...)
+ NOT-FOR-US: Node deep-merge
+CVE-2021-26706 (An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x an ...)
+ NOT-FOR-US: Micrium
+CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...)
+ NOT-FOR-US: SquareBox CatDV Server
+CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26702 (EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset param ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26699 (OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows S ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-26698 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel before ...)
+ - linux 5.10.13-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5
+ NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446
+CVE-2021-26697 (The lineage endpoint of the deprecated Experimental API was not protec ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-26696
+ RESERVED
+CVE-2021-26695
+ RESERVED
+CVE-2021-26694
+ RESERVED
+CVE-2021-26693
+ RESERVED
+CVE-2021-26692
+ RESERVED
+CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
+ NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
+CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
+ NOTE: https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8
+CVE-2021-26249
+ RESERVED
+CVE-2021-23202
+ RESERVED
+CVE-2021-23141
+ RESERVED
+CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execute arb ...)
+ - bitcoin 0.20.1~dfsg-1
+CVE-2021-3400
+ RESERVED
+CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-26688 (An issue was discovered on LG Wing mobile devices with Android OS 10 s ...)
+ NOT-FOR-US: LG Wing mobile devices
+CVE-2021-26687 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-26686 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26685 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26684 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26683 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26682 (A remote reflected cross-site scripting (XSS) vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26681 (A remote authenticated command Injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26680 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26679 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26678 (A remote unauthenticated stored cross-site scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26677 (A local authenticated escalation of privilege vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-3399
+ RESERVED
+CVE-2021-3398 (Stormshield Network Security (SNS) 3.x has an Integer Overflow in the ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-3397
+ RESERVED
+CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
+ {DSA-4847-1 DLA-2552-1}
+ - connman 1.36-2.1
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
+CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...)
+ {DSA-4847-1 DLA-2552-1}
+ - connman 1.36-2.1
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
+CVE-2021-26674
+ RESERVED
+CVE-2021-26673
+ RESERVED
+CVE-2021-26672
+ RESERVED
+CVE-2021-26671
+ RESERVED
+CVE-2021-26670
+ RESERVED
+CVE-2021-26669
+ RESERVED
+CVE-2021-26668
+ RESERVED
+CVE-2021-26667
+ RESERVED
+CVE-2021-26666
+ RESERVED
+CVE-2021-26665
+ RESERVED
+CVE-2021-26664
+ RESERVED
+CVE-2021-26663
+ RESERVED
+CVE-2021-26662
+ RESERVED
+CVE-2021-26661
+ RESERVED
+CVE-2021-26660
+ RESERVED
+CVE-2021-26659
+ RESERVED
+CVE-2021-26658
+ RESERVED
+CVE-2021-26657
+ RESERVED
+CVE-2021-26656
+ RESERVED
+CVE-2021-26655
+ RESERVED
+CVE-2021-26654
+ RESERVED
+CVE-2021-26653
+ RESERVED
+CVE-2021-26652
+ RESERVED
+CVE-2021-26651
+ RESERVED
+CVE-2021-26650
+ RESERVED
+CVE-2021-26649
+ RESERVED
+CVE-2021-26648
+ RESERVED
+CVE-2021-26647
+ RESERVED
+CVE-2021-26646
+ RESERVED
+CVE-2021-26645
+ RESERVED
+CVE-2021-26644
+ RESERVED
+CVE-2021-26643
+ RESERVED
+CVE-2021-26642
+ RESERVED
+CVE-2021-26641
+ RESERVED
+CVE-2021-26640
+ RESERVED
+CVE-2021-26639
+ RESERVED
+CVE-2021-26638
+ RESERVED
+CVE-2021-26637
+ RESERVED
+CVE-2021-26636
+ RESERVED
+CVE-2021-26635
+ RESERVED
+CVE-2021-26634
+ RESERVED
+CVE-2021-26633
+ RESERVED
+CVE-2021-26632
+ RESERVED
+CVE-2021-26631
+ RESERVED
+CVE-2021-26630
+ RESERVED
+CVE-2021-26629
+ RESERVED
+CVE-2021-26628
+ RESERVED
+CVE-2021-26627
+ RESERVED
+CVE-2021-26626
+ RESERVED
+CVE-2021-26625
+ RESERVED
+CVE-2021-26624
+ RESERVED
+CVE-2021-26623
+ RESERVED
+CVE-2021-26622
+ RESERVED
+CVE-2021-26621
+ RESERVED
+CVE-2021-26620
+ RESERVED
+CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...)
+ NOT-FOR-US: BigFileAgent
+CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
+ NOT-FOR-US: ToWord of ToOffice
+CVE-2021-26617
+ RESERVED
+CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
+ NOT-FOR-US: SecuwaySSL client for MacOS
+CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
+ NOT-FOR-US: ARK library
+CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
+ NOT-FOR-US: IpTime C200 camera
+CVE-2021-26613 (improper input validation vulnerability in nexacro permits copying fil ...)
+ NOT-FOR-US: Tobesoft Nexacro
+CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...)
+ NOT-FOR-US: Tobesoft Nexacro
+CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
+ NOT-FOR-US: HejHome GKW-IC052 IP Camera
+CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
+ NOT-FOR-US: godomall5
+CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...)
+ NOT-FOR-US: handysoft
+CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of NEXACRO17 ...)
+ NOT-FOR-US: NEXACRO17
+CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...)
+ NOT-FOR-US: Dream Security
+CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...)
+ NOT-FOR-US: ezPDFReader
+CVE-2021-26604
+ RESERVED
+CVE-2021-26603 (A heap overflow issue was found in ARK library of bandisoft Co., Ltd w ...)
+ NOT-FOR-US: bandisoft
+CVE-2021-26602
+ RESERVED
+CVE-2021-26601
+ RESERVED
+CVE-2021-26600
+ RESERVED
+CVE-2021-26599
+ RESERVED
+CVE-2021-26598
+ RESERVED
+CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
+ NOT-FOR-US: Pryaniki
+CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...)
+ NOT-FOR-US: Millennium Millewin
+CVE-2021-3393 (An information leak was discovered in postgresql in versions before 13 ...)
+ - postgresql-13 13.2-1
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.11-0+deb10u1
+ NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
+CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...)
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-10 (bug #984449)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d
+CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, authentica ...)
+ NOT-FOR-US: Nokia NetAct 18A
+CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user can chan ...)
+ NOT-FOR-US: Nokia NetAct 18A
+CVE-2021-26595 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-26594 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-26593 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-26592
+ RESERVED
+CVE-2021-26591
+ RESERVED
+CVE-2021-26590
+ RESERVED
+CVE-2021-26589 (A potential security vulnerability has been identified in HPE Superdom ...)
+ NOT-FOR-US: HPE
+CVE-2021-26588 (A potential security vulnerability has been identified in HPE 3PAR Sto ...)
+ NOT-FOR-US: HPE
+CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...)
+ NOT-FOR-US: HPE StoreOnce
+CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...)
+ NOT-FOR-US: HPE
+CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
+ NOT-FOR-US: HPE
+CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
+ NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC)
+CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...)
+ NOT-FOR-US: HPE
+CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...)
+ NOT-FOR-US: HPE
+CVE-2021-26581 (A potential security vulnerability has been identified in HPE Superdom ...)
+ NOT-FOR-US: HPE
+CVE-2021-26580 (A potential security vulnerability has been identified in HPE iLO Ampl ...)
+ NOT-FOR-US: HPE
+CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...)
+ NOT-FOR-US: HPE
+CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network ...)
+ NOT-FOR-US: HPE Network Orchestrator (NetO)
+CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26576 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26575 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26574 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26573 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26572 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26571 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26569 (Race Condition within a Thread vulnerability in iscsi_snapshot_comm_co ...)
+ NOT-FOR-US: Synology
+CVE-2021-26568
+ RESERVED
+CVE-2021-26567 (Stack-based buffer overflow vulnerability in frontend/main.c in faad2 ...)
+ NOT-FOR-US: Synology
+CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...)
+ NOT-FOR-US: Synology
+CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in synor ...)
+ NOT-FOR-US: Synology
+CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...)
+ NOT-FOR-US: Synology
+CVE-2021-26563 (Incorrect authorization vulnerability in synoagentregisterd in Synolog ...)
+ NOT-FOR-US: Synology
+CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...)
+ NOT-FOR-US: Synology
+CVE-2021-26561 (Stack-based buffer overflow vulnerability in synoagentregisterd in Syn ...)
+ NOT-FOR-US: Synology
+CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability in synoa ...)
+ NOT-FOR-US: Synology
+CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-26558 (Deserialization of Untrusted Data vulnerability of Apache ShardingSphe ...)
+ NOT-FOR-US: Apache ShardingSphere-UI
+CVE-2021-3391 (MobileIron Mobile@Work through 2021-03-22 allows attackers to distingu ...)
+ NOT-FOR-US: MobileIron Mobile@Work
+CVE-2021-3390
+ RESERVED
+CVE-2021-3389
+ RESERVED
+CVE-2021-3388
+ RESERVED
+CVE-2021-3387
+ RESERVED
+CVE-2021-26557 (When Octopus Tentacle is installed using a custom folder location, fol ...)
+ NOT-FOR-US: Octopus Tentacle
+CVE-2021-26556 (When Octopus Server is installed using a custom folder location, folde ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-26555
+ RESERVED
+CVE-2021-26554
+ RESERVED
+CVE-2021-26553
+ RESERVED
+CVE-2021-26552
+ RESERVED
+CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...)
+ NOT-FOR-US: SmartFoxServer
+CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...)
+ NOT-FOR-US: SmartFoxServer
+CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to ...)
+ NOT-FOR-US: SmartFoxServer
+CVE-2021-3386
+ RESERVED
+CVE-2021-3385
+ RESERVED
+CVE-2021-3384 (A vulnerability in Stormshield Network Security could allow an attacke ...)
+ NOT-FOR-US: Stormshield Network Security
+CVE-2021-3383
+ RESERVED
+CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allo ...)
+ - gitea <removed>
+CVE-2021-3381
+ RESERVED
+CVE-2021-3380 (Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRM ...)
+ NOT-FOR-US: ICREM H8 SSRMS
+CVE-2021-26548
+ RESERVED
+CVE-2021-26547
+ RESERVED
+CVE-2021-26546
+ RESERVED
+CVE-2021-26545
+ RESERVED
+CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...)
+ NOT-FOR-US: Apache Livy
+CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse &lt;=1.0.4 has a command i ...)
+ NOT-FOR-US: git-parse nodejs module
+CVE-2021-26542
+ RESERVED
+CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...)
+ NOT-FOR-US: Node gitlog
+CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...)
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
+CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...)
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
+CVE-2021-3379
+ RESERVED
+CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...)
+ NOT-FOR-US: FortiLogger
+CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...)
+ - node-ansi-up 5.0.0+dfsg-1 (bug #984667)
+CVE-2021-3376 (An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allow ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...)
+ NOT-FOR-US: ActivePresenter
+CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 allows attac ...)
+ NOT-FOR-US: RStudio Shiny Server
+CVE-2021-3373
+ RESERVED
+CVE-2021-3372
+ RESERVED
+CVE-2021-3371
+ RESERVED
+CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...)
+ NOT-FOR-US: DouPHP
+CVE-2021-3369
+ RESERVED
+CVE-2021-3368
+ RESERVED
+CVE-2021-3367
+ RESERVED
+CVE-2021-3366
+ RESERVED
+CVE-2021-3365
+ RESERVED
+CVE-2021-3364
+ RESERVED
+CVE-2021-3363
+ RESERVED
+CVE-2021-3362
+ RESERVED
+CVE-2021-3361
+ RESERVED
+CVE-2021-3360
+ RESERVED
+CVE-2021-3359
+ RESERVED
+CVE-2021-3358
+ RESERVED
+CVE-2021-3357
+ RESERVED
+CVE-2021-3356
+ RESERVED
+CVE-2021-3355 (A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to e ...)
+ NOT-FOR-US: LightCMS
+CVE-2021-3354
+ RESERVED
+CVE-2021-3353
+ RESERVED
+CVE-2021-3352 (The Software Development Kit in Mitel MiContact Center Business from 8 ...)
+ NOT-FOR-US: Mitel
+CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...)
+ NOT-FOR-US: OpenPLC
+CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
+ NOT-FOR-US: Delete Account plugin for MyBB
+CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...)
+ - evolution <unfixed> (unimportant)
+ NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely
+ NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is
+ NOTE: needed to adress it on evolution's side.
+ NOTE: https://dev.gnupg.org/T4735
+ NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299
+ NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
+CVE-2021-26538
+ RESERVED
+CVE-2021-26537
+ RESERVED
+CVE-2021-26536
+ RESERVED
+CVE-2021-26535
+ RESERVED
+CVE-2021-26534
+ RESERVED
+CVE-2021-26533
+ RESERVED
+CVE-2021-26532
+ RESERVED
+CVE-2021-26531
+ RESERVED
+CVE-2021-26530 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compile ...)
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
+CVE-2021-26529 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7- ...)
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
+CVE-2021-26528 (The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is ...)
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
+CVE-2021-26527
+ RESERVED
+CVE-2021-26526
+ RESERVED
+CVE-2021-26525
+ RESERVED
+CVE-2021-26524
+ RESERVED
+CVE-2021-26523
+ RESERVED
+CVE-2021-26522
+ RESERVED
+CVE-2021-26521
+ RESERVED
+CVE-2021-26520
+ RESERVED
+CVE-2021-26519
+ RESERVED
+CVE-2021-26518
+ RESERVED
+CVE-2021-26517
+ RESERVED
+CVE-2021-26516
+ RESERVED
+CVE-2021-26515
+ RESERVED
+CVE-2021-26514
+ RESERVED
+CVE-2021-26513
+ RESERVED
+CVE-2021-26512
+ RESERVED
+CVE-2021-26511
+ RESERVED
+CVE-2021-26510
+ RESERVED
+CVE-2021-26509
+ RESERVED
+CVE-2021-26508
+ RESERVED
+CVE-2021-26507
+ RESERVED
+CVE-2021-26506
+ RESERVED
+CVE-2021-26505
+ RESERVED
+CVE-2021-26504
+ RESERVED
+CVE-2021-26503
+ RESERVED
+CVE-2021-26502
+ RESERVED
+CVE-2021-26501
+ RESERVED
+CVE-2021-26500
+ RESERVED
+CVE-2021-26499
+ RESERVED
+CVE-2021-26498
+ RESERVED
+CVE-2021-26497
+ RESERVED
+CVE-2021-26496
+ RESERVED
+CVE-2021-26495
+ RESERVED
+CVE-2021-26494
+ RESERVED
+CVE-2021-26493
+ RESERVED
+CVE-2021-26492
+ RESERVED
+CVE-2021-26491
+ RESERVED
+CVE-2021-26490
+ RESERVED
+CVE-2021-26489
+ RESERVED
+CVE-2021-26488
+ RESERVED
+CVE-2021-26487
+ RESERVED
+CVE-2021-26486
+ RESERVED
+CVE-2021-26485
+ RESERVED
+CVE-2021-26484
+ RESERVED
+CVE-2021-26483
+ RESERVED
+CVE-2021-26482
+ RESERVED
+CVE-2021-26481
+ RESERVED
+CVE-2021-26480
+ RESERVED
+CVE-2021-26479
+ RESERVED
+CVE-2021-26478
+ RESERVED
+CVE-2021-26477
+ RESERVED
+CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via craft ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26474 (Various Vembu products allow an attacker to execute a (non-blind) http ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26473 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26472 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26471 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26470
+ RESERVED
+CVE-2021-26469
+ RESERVED
+CVE-2021-26468
+ RESERVED
+CVE-2021-26467
+ RESERVED
+CVE-2021-26466
+ RESERVED
+CVE-2021-26465
+ RESERVED
+CVE-2021-26464
+ RESERVED
+CVE-2021-26463
+ RESERVED
+CVE-2021-26462
+ RESERVED
+CVE-2021-26461 (Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-a ...)
+ NOT-FOR-US: Apache NuttX
+CVE-2021-26460
+ RESERVED
+CVE-2021-26459
+ RESERVED
+CVE-2021-26458
+ RESERVED
+CVE-2021-26457
+ RESERVED
+CVE-2021-26456
+ RESERVED
+CVE-2021-26455
+ RESERVED
+CVE-2021-26454
+ RESERVED
+CVE-2021-26453
+ RESERVED
+CVE-2021-26452
+ RESERVED
+CVE-2021-26451
+ RESERVED
+CVE-2021-26450
+ RESERVED
+CVE-2021-26449
+ RESERVED
+CVE-2021-26448
+ RESERVED
+CVE-2021-26447
+ RESERVED
+CVE-2021-26446
+ RESERVED
+CVE-2021-26445
+ RESERVED
+CVE-2021-26444 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26443 (Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26442 (Windows HTTP.sys Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Siemens
+CVE-2021-26441 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Siemens
+CVE-2021-26440
+ RESERVED
+CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26438
+ RESERVED
+CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26434 (Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26431 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26430 (Azure Sphere Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Siemens
+CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26420 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26417 (Windows Overlay Filter Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26415 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26414 (Windows DCOM Server Security Feature Bypass ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26413 (Windows Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26410
+ RESERVED
+CVE-2021-26409
+ RESERVED
+CVE-2021-26408
+ RESERVED
+CVE-2021-26407
+ RESERVED
+CVE-2021-26406
+ RESERVED
+CVE-2021-26405
+ RESERVED
+CVE-2021-26404
+ RESERVED
+CVE-2021-26403
+ RESERVED
+CVE-2021-26402
+ RESERVED
+CVE-2021-26401
+ RESERVED
+CVE-2021-26400
+ RESERVED
+CVE-2021-26399
+ RESERVED
+CVE-2021-26398
+ RESERVED
+CVE-2021-26397
+ RESERVED
+CVE-2021-26396
+ RESERVED
+CVE-2021-26395
+ RESERVED
+CVE-2021-26394
+ RESERVED
+CVE-2021-26393
+ RESERVED
+CVE-2021-26392
+ RESERVED
+CVE-2021-26391
+ RESERVED
+CVE-2021-26390
+ RESERVED
+CVE-2021-26389
+ RESERVED
+CVE-2021-26388
+ RESERVED
+CVE-2021-26387
+ RESERVED
+CVE-2021-26386
+ RESERVED
+CVE-2021-26385
+ RESERVED
+CVE-2021-26384
+ RESERVED
+CVE-2021-26383
+ RESERVED
+CVE-2021-26382
+ RESERVED
+CVE-2021-26381
+ RESERVED
+CVE-2021-26380
+ RESERVED
+CVE-2021-26379
+ RESERVED
+CVE-2021-26378
+ RESERVED
+CVE-2021-26377
+ RESERVED
+CVE-2021-26376
+ RESERVED
+CVE-2021-26375
+ RESERVED
+CVE-2021-26374
+ RESERVED
+CVE-2021-26373
+ RESERVED
+CVE-2021-26372
+ RESERVED
+CVE-2021-26371
+ RESERVED
+CVE-2021-26370
+ RESERVED
+CVE-2021-26369
+ RESERVED
+CVE-2021-26368
+ RESERVED
+CVE-2021-26367
+ RESERVED
+CVE-2021-26366
+ RESERVED
+CVE-2021-26365
+ RESERVED
+CVE-2021-26364
+ RESERVED
+CVE-2021-26363
+ RESERVED
+CVE-2021-26362
+ RESERVED
+CVE-2021-26361
+ RESERVED
+CVE-2021-26360
+ RESERVED
+CVE-2021-26359
+ RESERVED
+CVE-2021-26358
+ RESERVED
+CVE-2021-26357
+ RESERVED
+CVE-2021-26356
+ RESERVED
+CVE-2021-26355
+ RESERVED
+CVE-2021-26354
+ RESERVED
+CVE-2021-26353
+ RESERVED
+CVE-2021-26352
+ RESERVED
+CVE-2021-26351
+ RESERVED
+CVE-2021-26350
+ RESERVED
+CVE-2021-26349
+ RESERVED
+CVE-2021-26348
+ RESERVED
+CVE-2021-26347
+ RESERVED
+CVE-2021-26346
+ RESERVED
+CVE-2021-26345
+ RESERVED
+CVE-2021-26344
+ RESERVED
+CVE-2021-26343
+ RESERVED
+CVE-2021-26342
+ RESERVED
+CVE-2021-26341
+ RESERVED
+CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged attacker pr ...)
+ NOT-FOR-US: AMD
+CVE-2021-26339
+ RESERVED
+CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...)
+ NOT-FOR-US: AMD
+CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
+ NOT-FOR-US: AMD
+CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...)
+ NOT-FOR-US: AMD
+CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
+ NOT-FOR-US: AMD
+CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD &#956;Prof tool may allow lower ...)
+ NOT-FOR-US: AMD
+CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
+ NOT-FOR-US: AMD
+CVE-2021-26332
+ RESERVED
+CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...)
+ NOT-FOR-US: AMD
+CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...)
+ NOT-FOR-US: AMD
+CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...)
+ NOT-FOR-US: AMD
+CVE-2021-26328
+ RESERVED
+CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...)
+ NOT-FOR-US: AMD
+CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...)
+ NOT-FOR-US: AMD
+CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...)
+ NOT-FOR-US: AMD
+CVE-2021-26324
+ RESERVED
+CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...)
+ NOT-FOR-US: AMD
+CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...)
+ NOT-FOR-US: AMD
+CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...)
+ NOT-FOR-US: AMD
+CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...)
+ NOT-FOR-US: AMD
+CVE-2021-26319
+ RESERVED
+CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
+ NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
+ TODO: check details and if mitigation in microcode/kernel exists
+CVE-2021-26317
+ RESERVED
+CVE-2021-26316
+ RESERVED
+CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
+ NOT-FOR-US: AMD
+CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)
+ NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
+ NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
+ NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
+CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-375.html
+ NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
+CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...)
+ NOT-FOR-US: AMD
+CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
+ NOT-FOR-US: AMD
+CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
+ NOT-FOR-US: Foris
+CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-26310 (In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possibl ...)
+ NOT-FOR-US: TeamCity IntelliJ plugin
+CVE-2021-26309 (Information disclosure in the TeamCity plugin for IntelliJ before 2020 ...)
+ NOT-FOR-US: TeamCity IntelliJ plugin
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...)
+ [experimental] - libgcrypt20 1.9.1-1 (bug #981370)
+ - libgcrypt20 <not-affected> (Only affected 1.9)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2145
+ NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
+ NOTE: https://dev.gnupg.org/T5275
+ NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13
+ NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
+CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...)
+ {DLA-2610-1}
+ - linux 5.10.13-1
+ [buster] - linux 4.19.177-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6)
+CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.10.12-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
+CVE-2021-3343
+ RESERVED
+CVE-2021-3342 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...)
+ NOT-FOR-US: EPrints
+CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...)
+ NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
+CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...)
+ NOT-FOR-US: Wikindx
+CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...)
+ NOT-FOR-US: ModernFlow
+CVE-2021-3338
+ RESERVED
+CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
+ NOT-FOR-US: MyBB
+CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...)
+ - wolfssl 4.6.0-3
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/3676
+CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...)
+ NOT-FOR-US: Rust marc
+CVE-2021-26307 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...)
+ NOT-FOR-US: Rust raw-cpuid
+CVE-2021-26306 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...)
+ NOT-FOR-US: Rust raw-cpuid
+CVE-2021-26305 (An issue was discovered in Deserializer::read_vec in the cdr crate bef ...)
+ NOT-FOR-US: Rust Deserializer::read_vec
+CVE-2021-26304 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
+CVE-2021-26303 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
+CVE-2021-26302
+ RESERVED
+CVE-2021-26301
+ RESERVED
+CVE-2021-26300
+ RESERVED
+CVE-2021-26299
+ RESERVED
+CVE-2021-3335
+ RESERVED
+CVE-2021-3334
+ RESERVED
+CVE-2021-26298
+ RESERVED
+CVE-2021-26297
+ RESERVED
+CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...)
+ NOT-FOR-US: Apache MyFaces
+CVE-2021-26295 (Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthen ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protection me ...)
+ NOT-FOR-US: WPS Hide Logi
+CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
+ NOT-FOR-US: WinSCP
+CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3329
+ RESERVED
+CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
+ NOT-FOR-US: Aprelium Abyss Web Server
+CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...)
+ NOT-FOR-US: Ovation Dynamic Content
+CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...)
+ NOT-FOR-US: AfterLogic Aurora
+CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...)
+ NOT-FOR-US: AfterLogic Aurora
+CVE-2021-26292
+ RESERVED
+CVE-2021-26291 (Apache Maven will follow repositories that are defined in a dependency ...)
+ - maven <unfixed> (bug #988155)
+ [bullseye] - maven <no-dsa> (Minor issue)
+ [buster] - maven <no-dsa> (Minor issue)
+ [stretch] - maven <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/23/5
+ NOTE: https://issues.apache.org/jira/browse/MNG-7118
+ NOTE: https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f (3.8.x)
+ NOTE: https://github.com/apache/maven/commit/67125676eef313e592da6424a9be0c90c5e6bca5 (master)
+CVE-2021-26290
+ RESERVED
+CVE-2021-26289
+ RESERVED
+CVE-2021-26288
+ RESERVED
+CVE-2021-26287
+ RESERVED
+CVE-2021-26286
+ RESERVED
+CVE-2021-26285
+ RESERVED
+CVE-2021-26284
+ RESERVED
+CVE-2021-26283
+ RESERVED
+CVE-2021-26282
+ RESERVED
+CVE-2021-26281
+ RESERVED
+CVE-2021-26280
+ RESERVED
+CVE-2021-26279
+ RESERVED
+CVE-2021-26278
+ RESERVED
+CVE-2021-26277
+ RESERVED
+CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...)
+ NOT-FOR-US: GoDaddy node-config-shield
+CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...)
+ NOT-FOR-US: eslint-fixer
+CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
+ NOT-FOR-US: Monitorix
+CVE-2021-3324
+ RESERVED
+CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions &gt;= v2 ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
+ NOT-FOR-US: DzzOffice
+CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
+ NOT-FOR-US: NinjaRMM
+CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...)
+ NOT-FOR-US: NinjaRMM
+CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
+ - glibc 2.31-10 (bug #981198)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2146
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27256
+ NOTE: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
+ NOTE: When fixing the issue for older suites make sure to not open up CVE-2021-43396
+ NOTE: and make a complete fix.
+CVE-2021-3317 (KLog Server through 2.4.1 allows authenticated command injection. asyn ...)
+ NOT-FOR-US: KLog Server
+CVE-2021-3316
+ RESERVED
+CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and b ...)
+ NOT-FOR-US: Oracle
+CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...)
+ NOT-FOR-US: Plone
+CVE-2021-3312 (An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11 ...)
+ NOT-FOR-US: Alkacon OpenCms
+CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
+ NOT-FOR-US: October CMS
+CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...)
+ NOT-FOR-US: Western Digital
+CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...)
+ NOT-FOR-US: Wekan
+CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
+ - ckeditor 4.16.0+dfsg-1 (bug #982587)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <postponed> (Fix along next DLA)
+ NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
+CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
+ - ckeditor 4.16.0+dfsg-1 (bug #982587)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <postponed> (Fix along next DLA)
+ NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
+CVE-2021-26270
+ RESERVED
+CVE-2021-3307
+ RESERVED
+CVE-2021-3306
+ RESERVED
+CVE-2021-3305
+ RESERVED
+CVE-2021-3304 (Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long ...)
+ NOT-FOR-US: Sagemcom
+CVE-2021-3303
+ RESERVED
+CVE-2021-3302
+ RESERVED
+CVE-2021-3301
+ RESERVED
+CVE-2021-3300
+ RESERVED
+CVE-2021-3299
+ RESERVED
+CVE-2021-3298 (Collabtive 3.1 allows XSS when an authenticated user enters an XSS pay ...)
+ - collabtive <removed>
+CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-3296
+ RESERVED
+CVE-2021-3295
+ RESERVED
+CVE-2021-3294 (CASAP Automated Enrollment System 1.0 is affected by cross-site script ...)
+ NOT-FOR-US: CASAP Automated Enrollment System
+CVE-2021-3293 (emlog v5.3.1 has full path disclosure vulnerability in t/index.php, wh ...)
+ NOT-FOR-US: emlog
+CVE-2021-3292
+ RESERVED
+CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...)
+ NOT-FOR-US: Zen Cart
+CVE-2021-3290
+ RESERVED
+CVE-2021-3289
+ RESERVED
+CVE-2021-3288
+ RESERVED
+CVE-2021-26269
+ RESERVED
+CVE-2021-26268
+ RESERVED
+CVE-2021-26267 (cPanel before 92.0.9 allows a MySQL user (who has an old-style passwor ...)
+ NOT-FOR-US: cPanel
+CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension lock ( ...)
+ NOT-FOR-US: cPanel
+CVE-2021-26246
+ RESERVED
+CVE-2021-26245
+ RESERVED
+CVE-2021-26244
+ RESERVED
+CVE-2021-26243
+ RESERVED
+CVE-2021-26242
+ RESERVED
+CVE-2021-26241
+ RESERVED
+CVE-2021-26240
+ RESERVED
+CVE-2021-26239
+ RESERVED
+CVE-2021-26238
+ RESERVED
+CVE-2021-26237 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26236 (FastStone Image Viewer v.&lt;= 7.5 is affected by a Stack-based Buffer ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26235 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26234 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26233 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26232 (SQL injection vulnerability in SourceCodester Simple College Website v ...)
+ NOT-FOR-US: SourceCodester Simple College Website
+CVE-2021-26231 (SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 ...)
+ NOT-FOR-US: SourceCodester Fantastic Blog CMS
+CVE-2021-26230 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26229 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26228 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26227 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26226 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26225
+ RESERVED
+CVE-2021-26224 (Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-B ...)
+ NOT-FOR-US: SourceCodester Fantastic-Blog-CMS
+CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/22/
+CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/21/
+CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...)
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/223/
+CVE-2021-26219
+ RESERVED
+CVE-2021-26218
+ RESERVED
+CVE-2021-26217
+ RESERVED
+CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-26214
+ RESERVED
+CVE-2021-26213
+ RESERVED
+CVE-2021-26212
+ RESERVED
+CVE-2021-26211
+ RESERVED
+CVE-2021-26210
+ RESERVED
+CVE-2021-26209
+ RESERVED
+CVE-2021-26208
+ RESERVED
+CVE-2021-26207
+ RESERVED
+CVE-2021-26206
+ RESERVED
+CVE-2021-26205
+ RESERVED
+CVE-2021-26204
+ RESERVED
+CVE-2021-26203
+ RESERVED
+CVE-2021-26202
+ RESERVED
+CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable ...)
+ NOT-FOR-US: Login Panel of CASAP Automated Enrollment System
+CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...)
+ NOT-FOR-US: Library System
+CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056
+CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402
+CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403
+CVE-2021-26196
+ RESERVED
+CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442
+CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445
+CVE-2021-26193
+ RESERVED
+CVE-2021-26192
+ RESERVED
+CVE-2021-26191
+ RESERVED
+CVE-2021-26190
+ RESERVED
+CVE-2021-26189
+ RESERVED
+CVE-2021-26188
+ RESERVED
+CVE-2021-26187
+ RESERVED
+CVE-2021-26186
+ RESERVED
+CVE-2021-26185
+ RESERVED
+CVE-2021-26184
+ RESERVED
+CVE-2021-26183
+ RESERVED
+CVE-2021-26182
+ RESERVED
+CVE-2021-26181
+ RESERVED
+CVE-2021-26180
+ RESERVED
+CVE-2021-26179
+ RESERVED
+CVE-2021-26178
+ RESERVED
+CVE-2021-26177
+ RESERVED
+CVE-2021-26176
+ RESERVED
+CVE-2021-26175
+ RESERVED
+CVE-2021-26174
+ RESERVED
+CVE-2021-26173
+ RESERVED
+CVE-2021-26172
+ RESERVED
+CVE-2021-26171
+ RESERVED
+CVE-2021-26170
+ RESERVED
+CVE-2021-26169
+ RESERVED
+CVE-2021-26168
+ RESERVED
+CVE-2021-26167
+ RESERVED
+CVE-2021-26166
+ RESERVED
+CVE-2021-26165
+ RESERVED
+CVE-2021-26164
+ RESERVED
+CVE-2021-26163
+ RESERVED
+CVE-2021-26162
+ RESERVED
+CVE-2021-26161
+ RESERVED
+CVE-2021-26160
+ RESERVED
+CVE-2021-26159
+ RESERVED
+CVE-2021-26158
+ RESERVED
+CVE-2021-26157
+ RESERVED
+CVE-2021-26156
+ RESERVED
+CVE-2021-26155
+ RESERVED
+CVE-2021-26154
+ RESERVED
+CVE-2021-26153
+ RESERVED
+CVE-2021-26152
+ RESERVED
+CVE-2021-26151
+ RESERVED
+CVE-2021-26150
+ RESERVED
+CVE-2021-26149
+ RESERVED
+CVE-2021-26148
+ RESERVED
+CVE-2021-26147
+ RESERVED
+CVE-2021-26146
+ RESERVED
+CVE-2021-26145
+ RESERVED
+CVE-2021-26144
+ RESERVED
+CVE-2021-26143
+ RESERVED
+CVE-2021-26142
+ RESERVED
+CVE-2021-26141
+ RESERVED
+CVE-2021-26140
+ RESERVED
+CVE-2021-26139
+ RESERVED
+CVE-2021-26138
+ RESERVED
+CVE-2021-26137
+ RESERVED
+CVE-2021-26136
+ RESERVED
+CVE-2021-26135
+ RESERVED
+CVE-2021-26134
+ RESERVED
+CVE-2021-26133
+ RESERVED
+CVE-2021-26132
+ RESERVED
+CVE-2021-26131
+ RESERVED
+CVE-2021-26130
+ RESERVED
+CVE-2021-26129
+ RESERVED
+CVE-2021-26128
+ RESERVED
+CVE-2021-26127
+ RESERVED
+CVE-2021-26126
+ RESERVED
+CVE-2021-26125
+ RESERVED
+CVE-2021-26124
+ RESERVED
+CVE-2021-23232
+ RESERVED
+CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23224
+ RESERVED
+CVE-2021-23220
+ RESERVED
+CVE-2021-23212
+ RESERVED
+CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23199
+ RESERVED
+CVE-2021-23197 (Unquoted service path vulnerability in the Gallagher Controller Servic ...)
+ NOT-FOR-US: Gallagher Controller Service
+CVE-2021-23193 (Improper privilege validation vulnerability in COM Interface of Gallag ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23185
+ RESERVED
+CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23167 (Improper certificate validation vulnerability in SMTP Client allows ma ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23162 (Improper validation of the cloud certificate chain in Mobile Connect a ...)
+ NOT-FOR-US: Gallagher
+CVE-2021-23155 (Improper validation of the cloud certificate chain in Mobile Client al ...)
+ NOT-FOR-US: Gallagher
+CVE-2021-23146 (An Incomplete Comparison with Missing Factors vulnerability in the Gal ...)
+ NOT-FOR-US: Gallagher
+CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...)
+ NOT-FOR-US: LivingLogic XIST4C
+CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...)
+ NOT-FOR-US: LivingLogic XIST4C
+CVE-2021-26121
+ RESERVED
+CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function ...)
+ {DLA-2618-1}
+ - smarty3 3.1.39-1
+ [buster] - smarty3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8
+CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ...)
+ {DLA-2618-1}
+ - smarty3 3.1.39-1
+ [buster] - smarty3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad
+CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
+ NOT-FOR-US: Apache ActiveMQ Artemis
+CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...)
+ {DLA-2583-1}
+ - activemq 5.16.1-1 (bug #982590)
+ [buster] - activemq <no-dsa> (Minor issue)
+ NOTE: https://issues.apache.org/jira/browse/AMQ-8035
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6
+ NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b
+CVE-2021-26116
+ RESERVED
+CVE-2021-26115
+ RESERVED
+CVE-2021-26114
+ RESERVED
+CVE-2021-26113
+ RESERVED
+CVE-2021-26112
+ RESERVED
+CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26110 (An improper access control vulnerability [CWE-284] in FortiOS autod da ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26109 (An integer overflow or wraparound vulnerability in the memory allocato ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26108 (A use of hard-coded cryptographic key vulnerability in the SSLVPN of F ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26107 (An improper access control vulnerability [CWE-284] in FortiManager ver ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26105
+ RESERVED
+CVE-2021-26104
+ RESERVED
+CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26102
+ RESERVED
+CVE-2021-26101
+ RESERVED
+CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...)
+ NOT-FOR-US: FortiMail
+CVE-2021-26098 (An instance of small space of random values in the RPC API of FortiSan ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-26097 (An improper neutralization of special elements used in an OS Command v ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-26096 (Multiple instances of heap-based buffer overflow in the command shell ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-26095 (The combination of various cryptographic issues in the session managem ...)
+ NOT-FOR-US: FortiMail
+CVE-2021-26094
+ RESERVED
+CVE-2021-26093
+ RESERVED
+CVE-2021-26092
+ RESERVED
+CVE-2021-26091
+ RESERVED
+CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...)
+ NOT-FOR-US: FortiMail
+CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
+ NOT-FOR-US: FortiClient
+CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-26087
+ RESERVED
+CVE-2021-26086 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26085 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
+ NOT-FOR-US: Atlassian Confluence
+CVE-2021-26084 (In affected versions of Confluence Server and Data Center, an OGNL inj ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data Center befor ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26082 (The XML Export in Atlassian Jira Server and Jira Data Center before ve ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26081 (REST API in Atlassian Jira Server and Jira Data Center before version ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26080 (EditworkflowScheme.jspa in Jira Server and Jira Data Center before ver ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26079 (The CardLayoutConfigTable component in Jira Server and Jira Data Cente ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26078 (The number range searcher component in Jira Server and Jira Data Cente ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26077 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) in versi ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26076 (The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26075 (The Jira importers plugin AttachTemporaryFile rest resource in Jira Se ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26074 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) from ver ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26073 (Broken Authentication in Atlassian Connect Express (ACE) from version ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence Data Ce ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26066
+ REJECTED
+CVE-2021-26065
+ REJECTED
+CVE-2021-26064
+ REJECTED
+CVE-2021-26063
+ REJECTED
+CVE-2021-26062
+ REJECTED
+CVE-2021-26061
+ REJECTED
+CVE-2021-26060
+ REJECTED
+CVE-2021-26059
+ REJECTED
+CVE-2021-26058
+ REJECTED
+CVE-2021-26057
+ REJECTED
+CVE-2021-26056
+ REJECTED
+CVE-2021-26055
+ REJECTED
+CVE-2021-26054
+ REJECTED
+CVE-2021-26053
+ REJECTED
+CVE-2021-26052
+ REJECTED
+CVE-2021-26051
+ REJECTED
+CVE-2021-26050
+ REJECTED
+CVE-2021-26049
+ REJECTED
+CVE-2021-26048
+ REJECTED
+CVE-2021-26047
+ REJECTED
+CVE-2021-26046
+ REJECTED
+CVE-2021-26045
+ REJECTED
+CVE-2021-26044
+ REJECTED
+CVE-2021-26043
+ REJECTED
+CVE-2021-26042
+ REJECTED
+CVE-2021-26041
+ REJECTED
+CVE-2021-26040 (An issue was discovered in Joomla! 4.0.0. The media manager does not c ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install actio ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing valid ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26032 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was miss ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-3287 (Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Rem ...)
+ NOT-FOR-US: Zoho ManageEngine OpManager
+CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
+ NOT-FOR-US: ACDSee Professional 2021
+CVE-2021-26025 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
+ NOT-FOR-US: ACDSee Professional 2021
+CVE-2021-3286 (SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands p ...)
+ - spotweb <not-affected> (Incomplete fix for CVE-2020-35545 not applied)
+ NOTE: https://github.com/spotweb/spotweb/issues/653
+CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1. ...)
+ NOT-FOR-US: TI Code Composer Studio IDE
+CVE-2021-3284
+ RESERVED
+CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task d ...)
+ - nomad 0.12.10+dfsg1-1 (bug #981889)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332
+CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 &amp; 1.6.1 allowed the `remove-peer` ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-3281 (In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ...)
+ {DLA-2540-1}
+ - python-django 2:2.2.18-1 (bug #981562)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
+ NOTE: https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23 (master)
+ NOTE: https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37 (2.2.18)
+CVE-2021-26024 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-26023 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-26022
+ RESERVED
+CVE-2021-26021
+ RESERVED
+CVE-2021-26020
+ RESERVED
+CVE-2021-26019
+ RESERVED
+CVE-2021-26018
+ RESERVED
+CVE-2021-26017
+ RESERVED
+CVE-2021-26016
+ RESERVED
+CVE-2021-26015
+ RESERVED
+CVE-2021-26014
+ RESERVED
+CVE-2021-26013
+ RESERVED
+CVE-2021-26012
+ RESERVED
+CVE-2021-26011
+ RESERVED
+CVE-2021-26010
+ RESERVED
+CVE-2021-26009
+ RESERVED
+CVE-2021-26008
+ RESERVED
+CVE-2021-26007
+ RESERVED
+CVE-2021-26006
+ RESERVED
+CVE-2021-26005
+ RESERVED
+CVE-2021-26004
+ RESERVED
+CVE-2021-26003
+ RESERVED
+CVE-2021-26002
+ RESERVED
+CVE-2021-26001
+ RESERVED
+CVE-2021-26000
+ RESERVED
+CVE-2021-25999
+ RESERVED
+CVE-2021-25998
+ RESERVED
+CVE-2021-25997
+ RESERVED
+CVE-2021-25996
+ RESERVED
+CVE-2021-25995
+ RESERVED
+CVE-2021-25994 (In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Head ...)
+ NOT-FOR-US: Userfrosting
+CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...)
+ NOT-FOR-US: Requarks wiki.js
+CVE-2021-25992 (In Ifme, versions 1.0.0 to v.7.33.2 don&#8217;t properly invalidate a ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25991 (In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper a ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25990 (In &#8220;ifme&#8221;, versions v7.22.0 to v7.31.4 are vulnerable agai ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25989 (In &#8220;ifme&#8221;, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25988 (In &#8220;ifme&#8221;, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The po ...)
+ NOT-FOR-US: hexo blog framework
+CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...)
+ NOT-FOR-US: Django-wiki
+CVE-2021-25985 (In Factor (App Framework &amp; Headless CMS) v1.0.4 to v1.8.30, improp ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25984 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions v1 ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25983 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions v1 ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25982 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions 1. ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25981 (In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev ve ...)
+ NOT-FOR-US: Talkyard
+CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...)
+ NOT-FOR-US: Talkyard
+CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...)
+ NOT-FOR-US: Apostrophe CMS
+CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stor ...)
+ NOT-FOR-US: Apostrophe CMS
+CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
+ NOT-FOR-US: PiranhaCMS
+CVE-2021-25976 (In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross- ...)
+ NOT-FOR-US: PiranhaCMS
+CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a ...)
+ NOT-FOR-US: Publify
+CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...)
+ NOT-FOR-US: Publify
+CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...)
+ NOT-FOR-US: Publify
+CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25970 (Camaleon CMS 0.1.7 to 2.6.0 doesn&#8217;t terminate the active session ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25968 (In &#8220;OpenCMS&#8221;, versions 10.5.0 to 11.0.2 are affected by a ...)
+ NOT-FOR-US: OpenCMS
+CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...)
+ NOT-FOR-US: CKAN
+CVE-2021-25966 (In &#8220;Orchard core CMS&#8221; application, versions 1.0.0-beta1-33 ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...)
+ NOT-FOR-US: Calibre web
+CVE-2021-25964 (In &#8220;Calibre-web&#8221; application, v0.6.0 to v0.6.12, are vulne ...)
+ NOT-FOR-US: Calibre web
+CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...)
+ NOT-FOR-US: Shuup
+CVE-2021-25962 (&#8220;Shuup&#8221; application in versions 0.4.2 to 2.10.8 is affecte ...)
+ NOT-FOR-US: Shuup
+CVE-2021-25961 (In &#8220;SuiteCRM&#8221; application, v7.1.7 through v7.10.31 and v7. ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-25960 (In &#8220;SuiteCRM&#8221; application, v7.11.18 through v7.11.19 and v ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-25959 (In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected ...)
+ NOT-FOR-US: OpenCRX
+CVE-2021-25958 (In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch ...)
+ NOT-FOR-US: Apache Ofbiz
+CVE-2021-25957 (In &#8220;Dolibarr&#8221; application, v2.8.1 to v13.0.2 are vulnerabl ...)
+ - dolibarr <removed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377
+CVE-2021-25956 (In &#8220;Dolibarr&#8221; application, v3.3.beta1_20121221 to v13.0.2 ...)
+ - dolibarr <removed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee
+CVE-2021-25955 (In &#8220;Dolibarr ERP CRM&#8221;, WYSIWYG Editor module, v2.8.1 to v1 ...)
+ - dolibarr <removed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e
+CVE-2021-25954 (In &#8220;Dolibarr&#8221; application, 2.8.1 to 13.0.4 don&#8217;t res ...)
+ - dolibarr <removed>
+CVE-2021-25953 (Prototype pollution vulnerability in 'putil-merge' versions1.0.0 throu ...)
+ NOT-FOR-US: Node putil-merge
+CVE-2021-25952 (Prototype pollution vulnerability in &#8216;just-safe-set&#8217; versi ...)
+ NOT-FOR-US: AngusC just-safe-set
+CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to ca ...)
+ NOT-FOR-US: XML2Dict
+CVE-2021-25950
+ REJECTED
+CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows ...)
+ NOT-FOR-US: Node set-getter
+CVE-2021-25948 (Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 thro ...)
+ NOT-FOR-US: Node expand-hash
+CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
+ NOT-FOR-US: Node nestie
+CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
+ NOT-FOR-US: Node nconf-toml
+CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...)
+ NOT-FOR-US: Node js-extend
+CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 th ...)
+ NOT-FOR-US: Node deep-defaults
+CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...)
+ NOT-FOR-US: Node 101
+CVE-2021-25942
+ RESERVED
+CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...)
+ NOT-FOR-US: Node deep-override
+CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
+ - arangodb <itp> (bug #761817)
+CVE-2021-25939 (In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...)
+ - arangodb <itp> (bug #761817)
+CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
+ - arangodb <itp> (bug #761817)
+CVE-2021-25937
+ RESERVED
+CVE-2021-25936
+ RESERVED
+CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
+ NOT-FOR-US: Node safe-obj
+CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
+ NOT-FOR-US: Node safe-flat
+CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...)
+ NOT-FOR-US: SiCKRAGE
+CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...)
+ NOT-FOR-US: SiCKRAGE
+CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
+ NOT-FOR-US: GoCD
+CVE-2021-25923 (In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25920 (In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Ac ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25919 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25918 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25917 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...)
+ NOT-FOR-US: Node patchmerge
+CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...)
+ NOT-FOR-US: changeset
+CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...)
+ NOT-FOR-US: object-collider
+CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...)
+ NOT-FOR-US: Node set-or-get
+CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...)
+ NOT-FOR-US: Node dotty
+CVE-2021-25911
+ RESERVED
+CVE-2021-25910 (Improper Authentication vulnerability in the cookie parameter of ZIV A ...)
+ NOT-FOR-US: ZIV AUTOMATION 4CCT-EA6-334126BF
+CVE-2021-25909 (ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, al ...)
+ NOT-FOR-US: ZIV Automation 4CCT-EA6-334126BF
+CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...)
+ NOT-FOR-US: Rust crate fil-ocl
+CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...)
+ NOT-FOR-US: Rust crate containers
+CVE-2021-25906 (An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for ...)
+ NOT-FOR-US: Rust crate basic_dsp_matrix
+CVE-2021-25905 (An issue was discovered in the bra crate before 0.1.1 for Rust. It lac ...)
+ NOT-FOR-US: Rust crate bra
+CVE-2021-25904 (An issue was discovered in the av-data crate before 0.3.0 for Rust. A ...)
+ NOT-FOR-US: Rust crate av-data
+CVE-2021-25903 (An issue was discovered in the cache crate through 2021-01-01 for Rust ...)
+ NOT-FOR-US: Rust crate cache
+CVE-2021-25902 (An issue was discovered in the glsl-layout crate before 0.4.0 for Rust ...)
+ NOT-FOR-US: Rust crate glsl-layout
+CVE-2021-25901 (An issue was discovered in the lazy-init crate through 2021-01-17 for ...)
+ NOT-FOR-US: Rust crate lazy-init
+CVE-2021-3280
+ RESERVED
+CVE-2021-3279 (sz.chat version 4 allows injection of web scripts and HTML in the mess ...)
+ NOT-FOR-US: sz.chat
+CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a vulnerability ...)
+ NOT-FOR-US: Local Service Search Engine Management System
+CVE-2021-3277 (Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbi ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-3276
+ RESERVED
+CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-3274
+ RESERVED
+CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/259
+CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...)
+ NOT-FOR-US: PressBooks
+CVE-2021-3270
+ RESERVED
+CVE-2021-3269
+ RESERVED
+CVE-2021-3268
+ RESERVED
+CVE-2021-3267
+ RESERVED
+CVE-2021-3266
+ RESERVED
+CVE-2021-3265
+ RESERVED
+CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in p ...)
+ NOT-FOR-US: cxuucms
+CVE-2021-3263
+ RESERVED
+CVE-2021-3262
+ RESERVED
+CVE-2021-3261
+ RESERVED
+CVE-2021-3260
+ RESERVED
+CVE-2021-3259
+ RESERVED
+CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site ...)
+ NOT-FOR-US: Question2Answer Q2A Ultimate SEO
+CVE-2021-3257
+ RESERVED
+CVE-2021-3256 (KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the h ...)
+ NOT-FOR-US: KuaiFanCMS
+CVE-2021-3255
+ RESERVED
+CVE-2021-3254
+ RESERVED
+CVE-2021-3253
+ RESERVED
+CVE-2021-3252 (KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect acce ...)
+ NOT-FOR-US: KACO New Energy XP100U Up to XP-JAVA
+CVE-2021-3251
+ RESERVED
+CVE-2021-3250
+ RESERVED
+CVE-2021-3249
+ RESERVED
+CVE-2021-3248
+ RESERVED
+CVE-2021-3247
+ RESERVED
+CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...)
+ {DSA-4947-1 DLA-2722-1}
+ - libsndfile 1.0.31-2 (bug #991496)
+ NOTE: https://github.com/libsndfile/libsndfile/issues/687
+ NOTE: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32
+CVE-2021-3245
+ RESERVED
+CVE-2021-3244
+ RESERVED
+CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: Wfilter ICF
+CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: DuxCMS
+CVE-2021-3241
+ RESERVED
+CVE-2021-3240
+ RESERVED
+CVE-2021-3239 (E-Learning System 1.0 suffers from an unauthenticated SQL injection vu ...)
+ NOT-FOR-US: E-Learning System
+CVE-2021-3238
+ RESERVED
+CVE-2021-3237
+ RESERVED
+CVE-2021-3236
+ RESERVED
+CVE-2021-3235
+ RESERVED
+CVE-2021-3234
+ RESERVED
+CVE-2021-3233
+ RESERVED
+CVE-2021-3232
+ RESERVED
+CVE-2021-3231
+ RESERVED
+CVE-2021-3230
+ RESERVED
+CVE-2021-3229 (Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4. ...)
+ NOT-FOR-US: ASUSWRT ASUS RT-AX3000 firmware
+CVE-2021-3228
+ RESERVED
+CVE-2021-3227
+ RESERVED
+CVE-2021-3226
+ RESERVED
+CVE-2021-3225
+ RESERVED
+CVE-2021-3224 (A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exis ...)
+ NOT-FOR-US: cszcms
+CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...)
+ NOT-FOR-US: Node-RED-Dashboard
+CVE-2021-3222
+ RESERVED
+CVE-2021-3221
+ RESERVED
+CVE-2021-3220
+ RESERVED
+CVE-2021-3219
+ RESERVED
+CVE-2021-3218
+ RESERVED
+CVE-2021-3217
+ RESERVED
+CVE-2021-3216
+ RESERVED
+CVE-2021-3215
+ RESERVED
+CVE-2021-3214
+ RESERVED
+CVE-2021-3213
+ RESERVED
+CVE-2021-3212
+ RESERVED
+CVE-2021-3211
+ RESERVED
+CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &l ...)
+ NOT-FOR-US: Bloodhound
+CVE-2021-3209
+ RESERVED
+CVE-2021-3208
+ RESERVED
+CVE-2021-3207
+ RESERVED
+CVE-2021-3206
+ RESERVED
+CVE-2021-3205
+ RESERVED
+CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop 5.1.15 ...)
+ NOT-FOR-US: Webware Webdesktop
+CVE-2021-3203
+ RESERVED
+CVE-2021-3202
+ RESERVED
+CVE-2021-3201
+ RESERVED
+CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/416
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...)
+ NOT-FOR-US: ONLYOFFICE Document Server
+CVE-2021-3198 (By abusing the 'install rpm url' command, an attacker can escape the r ...)
+ NOT-FOR-US: Ivanti MobileIron Core
+CVE-2021-25899 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...)
+ NOT-FOR-US: Void Aural Rec Monitor
+CVE-2021-25898 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...)
+ NOT-FOR-US: Void Aural Rec Monitor
+CVE-2021-25897
+ RESERVED
+CVE-2021-25896
+ RESERVED
+CVE-2021-25895
+ RESERVED
+CVE-2021-25894 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-25893 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-25892
+ RESERVED
+CVE-2021-25891
+ RESERVED
+CVE-2021-25890
+ RESERVED
+CVE-2021-25889
+ RESERVED
+CVE-2021-25888
+ RESERVED
+CVE-2021-25887
+ RESERVED
+CVE-2021-25886
+ RESERVED
+CVE-2021-25885
+ RESERVED
+CVE-2021-25884
+ RESERVED
+CVE-2021-25883
+ RESERVED
+CVE-2021-25882
+ RESERVED
+CVE-2021-25881
+ RESERVED
+CVE-2021-25880
+ RESERVED
+CVE-2021-25879
+ RESERVED
+CVE-2021-25878 (AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cro ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25877 (AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. A ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25876 (AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script S ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25875 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflec ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25874 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQ ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25873
+ RESERVED
+CVE-2021-25872
+ RESERVED
+CVE-2021-25871
+ RESERVED
+CVE-2021-25870
+ RESERVED
+CVE-2021-25869
+ RESERVED
+CVE-2021-25868
+ RESERVED
+CVE-2021-25867
+ RESERVED
+CVE-2021-25866
+ RESERVED
+CVE-2021-25865
+ RESERVED
+CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Direct ...)
+ NOT-FOR-US: node-red-contrib-huemagic
+CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-25862
+ RESERVED
+CVE-2021-25861
+ RESERVED
+CVE-2021-25860
+ RESERVED
+CVE-2021-25859
+ RESERVED
+CVE-2021-25858
+ RESERVED
+CVE-2021-25857
+ RESERVED
+CVE-2021-25856
+ RESERVED
+CVE-2021-25855
+ RESERVED
+CVE-2021-25854
+ RESERVED
+CVE-2021-25853
+ RESERVED
+CVE-2021-25852
+ RESERVED
+CVE-2021-25851
+ RESERVED
+CVE-2021-25850
+ RESERVED
+CVE-2021-25849 (An integer underflow was discovered in userdisk/vport_lldpd in Moxa Ca ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25848 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25847 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25846 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25845 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25844
+ RESERVED
+CVE-2021-25843
+ RESERVED
+CVE-2021-25842
+ RESERVED
+CVE-2021-25841
+ RESERVED
+CVE-2021-25840
+ RESERVED
+CVE-2021-25839 (A weak password requirement vulnerability exists in the Create New Use ...)
+ NOT-FOR-US: MintHCM
+CVE-2021-25838 (The Import function in MintHCM RELEASE 3.0.8 allows an attacker to exe ...)
+ NOT-FOR-US: MintHCM
+CVE-2021-25837 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by cache lifecycle i ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25836 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by cache lifecycle i ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25835 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by a cross-chain tra ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25834 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by a transaction rep ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25833 (A file extension handling issue was found in [server] module of ONLYOF ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image processing wa ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25831 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25830 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25829 (An improper binary stream data handling issue was found in the [core] ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25828
+ RESERVED
+CVE-2021-25827
+ RESERVED
+CVE-2021-25826
+ RESERVED
+CVE-2021-25825
+ RESERVED
+CVE-2021-25824
+ RESERVED
+CVE-2021-25823
+ RESERVED
+CVE-2021-25822
+ RESERVED
+CVE-2021-25821
+ RESERVED
+CVE-2021-25820
+ RESERVED
+CVE-2021-25819
+ RESERVED
+CVE-2021-25818
+ RESERVED
+CVE-2021-25817
+ RESERVED
+CVE-2021-25816
+ RESERVED
+CVE-2021-25815
+ RESERVED
+CVE-2021-25814
+ RESERVED
+CVE-2021-25813
+ RESERVED
+CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 v ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1
+CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a craf ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
+CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
+CVE-2021-25809 (UCMS 1.5.0 was discovered to contain a physical path leakage via an er ...)
+ NOT-FOR-US: UCMS
+CVE-2021-25808 (A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 a ...)
+ NOT-FOR-US: Bludit
+CVE-2021-25807
+ RESERVED
+CVE-2021-25806
+ RESERVED
+CVE-2021-25805
+ RESERVED
+CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c (v3.0.12)
+CVE-2021-25803 (A buffer overflow vulnerability in the vlc_input_attachment_New compon ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12)
+CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 (v3.0.12)
+CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component of Video ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12)
+CVE-2021-25800
+ RESERVED
+CVE-2021-25799
+ RESERVED
+CVE-2021-25798
+ RESERVED
+CVE-2021-25797
+ RESERVED
+CVE-2021-25796
+ RESERVED
+CVE-2021-25795
+ RESERVED
+CVE-2021-25794
+ RESERVED
+CVE-2021-25793
+ RESERVED
+CVE-2021-25792
+ RESERVED
+CVE-2021-25791 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Upd ...)
+ NOT-FOR-US: Online Doctor Appointment System
+CVE-2021-25790 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Reg ...)
+ NOT-FOR-US: House Rental and Property Listing
+CVE-2021-25789
+ RESERVED
+CVE-2021-25788
+ RESERVED
+CVE-2021-25787
+ RESERVED
+CVE-2021-25786
+ RESERVED
+CVE-2021-25785 (Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS ...)
+ NOT-FOR-US: taocms
+CVE-2021-25784 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...)
+ NOT-FOR-US: taocms
+CVE-2021-25783 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...)
+ NOT-FOR-US: taocms
+CVE-2021-25782
+ RESERVED
+CVE-2021-25781
+ RESERVED
+CVE-2021-25780 (An arbitrary file upload vulnerability has been identified in posts.ph ...)
+ NOT-FOR-US: Baby Care System
+CVE-2021-25779 (Baby Care System v1.0 is vulnerable to SQL injection via the 'id' para ...)
+ NOT-FOR-US: Baby Care System
+CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be exposed in ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could create a ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access to the ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on se ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possibl ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information could be ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template injecti ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator w ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for attachments ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence could b ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource access che ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload w ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25764 (In JetBrains PhpStorm before 2020.3, source code could be added to deb ...)
+ NOT-FOR-US: JetBrains PhpStorm
+CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by def ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage ke ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure via the p ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user can delete ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deseria ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was possible. ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for sev ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the local netw ...)
+ NOT-FOR-US: JetBrains Code With Me
+CVE-2021-25754
+ RESERVED
+CVE-2021-25753
+ RESERVED
+CVE-2021-25752
+ RESERVED
+CVE-2021-25751
+ RESERVED
+CVE-2021-25750
+ RESERVED
+CVE-2021-25749
+ RESERVED
+CVE-2021-25748
+ RESERVED
+CVE-2021-25747
+ RESERVED
+CVE-2021-25746
+ RESERVED
+CVE-2021-25745
+ RESERVED
+CVE-2021-25744
+ RESERVED
+CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <no-dsa> (Minor issue)
+ NOTE: https://github.com/kubernetes/kubernetes/issues/101695
+CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...)
+ NOT-FOR-US: Kubernetes ingress-nginx component
+CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may be able ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+ NOTE: https://github.com/kubernetes/kubernetes/issues/104980
+CVE-2021-25740 (A security issue was discovered with Kubernetes that could enable user ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1
+CVE-2021-25739
+ RESERVED
+CVE-2021-25738 (Loading specially-crafted yaml with the Kubernetes Java Client library ...)
+ NOT-FOR-US: Kubernetes Java client
+CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may be able ...)
+ - kubernetes <unfixed> (bug #990793)
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+CVE-2021-25736
+ RESERVED
+ - kubernetes <not-affected> (Windows-specific)
+CVE-2021-25735 (A security issue was discovered in kube-apiserver that could allow nod ...)
+ - kubernetes <unfixed> (bug #990793)
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1
+ NOTE: https://github.com/kubernetes/kubernetes/issues/100096
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+CVE-2021-25734
+ RESERVED
+CVE-2021-25733
+ RESERVED
+CVE-2021-25732
+ RESERVED
+CVE-2021-25731
+ RESERVED
+CVE-2021-25730
+ RESERVED
+CVE-2021-25729
+ RESERVED
+CVE-2021-25728
+ RESERVED
+CVE-2021-25727
+ RESERVED
+CVE-2021-25726
+ RESERVED
+CVE-2021-25725
+ RESERVED
+CVE-2021-25724
+ RESERVED
+CVE-2021-25723
+ RESERVED
+CVE-2021-25722
+ RESERVED
+CVE-2021-25721
+ RESERVED
+CVE-2021-25720
+ RESERVED
+CVE-2021-25719
+ RESERVED
+CVE-2021-25718
+ RESERVED
+CVE-2021-25717
+ RESERVED
+CVE-2021-25716
+ RESERVED
+CVE-2021-25715
+ RESERVED
+CVE-2021-25714
+ RESERVED
+CVE-2021-25713
+ RESERVED
+CVE-2021-25712
+ RESERVED
+CVE-2021-25711
+ RESERVED
+CVE-2021-25710
+ RESERVED
+CVE-2021-25709
+ RESERVED
+CVE-2021-25708
+ RESERVED
+CVE-2021-25707
+ RESERVED
+CVE-2021-25706
+ RESERVED
+CVE-2021-25705
+ RESERVED
+CVE-2021-25704
+ RESERVED
+CVE-2021-25703
+ RESERVED
+CVE-2021-25702
+ RESERVED
+CVE-2021-25701 (The fUSBHub driver in the PCoIP Software Client prior to version 21.07 ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25700
+ RESERVED
+CVE-2021-25699 (The OpenSSL component of the Teradici PCoIP Software Client prior to v ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25698 (The OpenSSL component of the Teradici PCoIP Standard Agent prior to ve ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25697
+ RESERVED
+CVE-2021-25696
+ RESERVED
+CVE-2021-25695 (The USB vHub in the Teradici PCOIP Software Agent prior to version 21. ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25694 (Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not vali ...)
+ NOT-FOR-US: Teradici PCoIP Graphics Agent for Windows
+CVE-2021-25693 (An attacker may cause a Denial of Service (DoS) in multiple versions o ...)
+ NOT-FOR-US: Teradici PCoIP Agent
+CVE-2021-25692 (Sensitive smart card data is logged in default INFO logs by Teradici's ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25691
+ RESERVED
+CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...)
+ NOT-FOR-US: Teradici PCoIP Soft Client
+CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...)
+ NOT-FOR-US: Teradici PCoIP Soft Client
+CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...)
+ NOT-FOR-US: Teradici PCoIP Agents
+CVE-2021-25687
+ RESERVED
+CVE-2021-25686
+ RESERVED
+CVE-2021-25685
+ RESERVED
+CVE-2021-25684 (It was discovered that apport in data/apport did not properly open a r ...)
+ NOT-FOR-US: Apport
+CVE-2021-25683 (It was discovered that the get_starttime() function in data/apport did ...)
+ NOT-FOR-US: Apport
+CVE-2021-25682 (It was discovered that the get_pid_info() function in data/apport did ...)
+ NOT-FOR-US: Apport
+CVE-2021-25681 (** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 s ...)
+ NOT-FOR-US: AdTran Personal Phone Manager
+CVE-2021-25680 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...)
+ NOT-FOR-US: AdTran Personal Phone Manager
+CVE-2021-25679 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...)
+ NOT-FOR-US: AdTran Personal Phone Manager
+CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/5273722c2180c394bc426f731450b95809ca952e (v3002.3)
+ NOTE: https://github.com/saltstack/salt/commit/039b7f3f5713170799363d96e6263c2809e4245c (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186
+ NOTE: Regression follow-up: https://github.com/saltstack/salt/pull/59748
+ NOTE: Regression follow-up fix: https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d
+CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
+ NOT-FOR-US: Hitachi ID Bravura Security Fabric
+CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
+ NOTE: Disputed Bitcoin issue
+ NOTE: https://github.com/bitcoin/bitcoin/issues/20866
+CVE-2021-3194
+ RESERVED
+CVE-2021-3193 (Improper access and command validation in the Nagios Docker Config Wiz ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-3192
+ RESERVED
+CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
+ NOT-FOR-US: Idelji Web ViewPoint
+CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...)
+ NOT-FOR-US: Node async-git
+CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Solid Edge (Siemens)
+CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...)
+ NOT-FOR-US: Mendix Forgot Password Appstore module
+CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions &lt; V1. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...)
+ NOT-FOR-US: Tecnomatix RobotExpert (Siemens)
+CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25668 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25664 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-25663 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25659 (A vulnerability has been identified in Automation License Manager 5 (A ...)
+ NOT-FOR-US: Automation License Manager
+CVE-2021-25658
+ RESERVED
+CVE-2021-25657
+ RESERVED
+CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25654 (An arbitrary code execution vulnerability was discovered in Avaya Aura ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25653 (A privilege escalation vulnerability was discovered in Avaya Aura Appl ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25652 (An information disclosure vulnerability was discovered in the director ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25651 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25650 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25649 (** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerabilit ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...)
+ NOT-FOR-US: Mobile application "Testes de Codigo"
+CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
+ NOT-FOR-US: Mobile application "Testes de Codigo"
+CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...)
+ - druid <itp> (bug #825797)
+CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...)
+ - xen 4.14.1+11-gb0b734a8b3-1 (bug #981052)
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-360.html
+ NOTE: Introduced by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5b58dad089880127674d460494d1a9d68109b3d7 (4.14.0-rc1)
+ NOTE: Issue backported to 4.12.3 and 4.13.1
+ NOTE: Fixed by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=58427889f5a420cc5226f88524b3228f90b72a58
+CVE-2021-3189 (The slashify package 1.0.0 for Node.js allows open-redirect attacks, a ...)
+ NOT-FOR-US: Node slashify
+CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email parameter, an ...)
+ - phplist <itp> (bug #612288)
+CVE-2021-3187
+ RESERVED
+CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi S ...)
+ NOT-FOR-US: Tenda AC5
+CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x throug ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-25643 (An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 a ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-25642
+ RESERVED
+CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell the clien ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-25640 (In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-25639
+ RESERVED
+CVE-2021-25638
+ RESERVED
+CVE-2021-25637
+ RESERVED
+CVE-2021-25636
+ RESERVED
+CVE-2021-25635
+ RESERVED
+ - libreoffice <not-affected> (Only affects Microsoft Crypto API back-end)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1)
+CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
+ {DSA-4988-1}
+ - libreoffice 1:7.2.0-2
+ [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport)
+ [stretch] - libreoffice <not-affected> (XAdES / xades:SigningTime support introduced in 5.3)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/2
+ NOTE: XAdES/xades:SigningTime support introduced in 5.3, but pre-requisite for CVE-2021-25633/25634 also introduces it
+ NOTE: Pre-requisites (replacement for XSecParser):
+ NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0)
+ NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02 (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242 (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/89befefb98487a27bff1003084e1200320828b3f (7-1)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/b776cf1281660cf495e12824872576bb8e99d569 (7-1)
+CVE-2021-25633 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
+ {DSA-4988-1}
+ - libreoffice 1:7.2.0-2
+ [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport)
+ [stretch] - libreoffice <ignored> (Risk doesn't warrant complex backport)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/1
+ NOTE: Pre-requisites (replacement for XSecParser):
+ NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0)
+ NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/be773bc5960def8c51de0e0e41db837e001aa8fd (7-1)
+CVE-2021-25632
+ RESERVED
+CVE-2021-25631 (In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7 ...)
+ - libreoffice <not-affected> (Libreoffice on Windows)
+ NOTE: https://positive.security/blog/url-open-rce#open-libreoffice
+CVE-2021-25630 ("loolforkit" is a privileged program that is supposed to be run by a s ...)
+ NOT-FOR-US: libreoffice online
+CVE-2021-25629
+ RESERVED
+CVE-2021-25628
+ RESERVED
+CVE-2021-25627
+ RESERVED
+CVE-2021-25626
+ RESERVED
+CVE-2021-25625
+ RESERVED
+CVE-2021-25624
+ RESERVED
+CVE-2021-25623
+ RESERVED
+CVE-2021-25622
+ RESERVED
+CVE-2021-25621
+ RESERVED
+CVE-2021-25620
+ RESERVED
+CVE-2021-25619
+ RESERVED
+CVE-2021-25618
+ RESERVED
+CVE-2021-25617
+ RESERVED
+CVE-2021-25616
+ RESERVED
+CVE-2021-25615
+ RESERVED
+CVE-2021-25614
+ RESERVED
+CVE-2021-25613
+ RESERVED
+CVE-2021-25612
+ RESERVED
+CVE-2021-25611
+ RESERVED
+CVE-2021-25610
+ RESERVED
+CVE-2021-25609
+ RESERVED
+CVE-2021-25608
+ RESERVED
+CVE-2021-25607
+ RESERVED
+CVE-2021-25606
+ RESERVED
+CVE-2021-25605
+ RESERVED
+CVE-2021-25604
+ RESERVED
+CVE-2021-25603
+ RESERVED
+CVE-2021-25602
+ RESERVED
+CVE-2021-25601
+ RESERVED
+CVE-2021-25600
+ RESERVED
+CVE-2021-25599
+ RESERVED
+CVE-2021-25598
+ RESERVED
+CVE-2021-25597
+ RESERVED
+CVE-2021-25596
+ RESERVED
+CVE-2021-25595
+ RESERVED
+CVE-2021-25594
+ RESERVED
+CVE-2021-25593
+ RESERVED
+CVE-2021-25592
+ RESERVED
+CVE-2021-25591
+ RESERVED
+CVE-2021-25590
+ RESERVED
+CVE-2021-25589
+ RESERVED
+CVE-2021-25588
+ RESERVED
+CVE-2021-25587
+ RESERVED
+CVE-2021-25586
+ RESERVED
+CVE-2021-25585
+ RESERVED
+CVE-2021-25584
+ RESERVED
+CVE-2021-25583
+ RESERVED
+CVE-2021-25582
+ RESERVED
+CVE-2021-25581
+ RESERVED
+CVE-2021-25580
+ RESERVED
+CVE-2021-25579
+ RESERVED
+CVE-2021-25578
+ RESERVED
+CVE-2021-25577
+ RESERVED
+CVE-2021-25576
+ RESERVED
+CVE-2021-25575
+ RESERVED
+CVE-2021-25574
+ RESERVED
+CVE-2021-25573
+ RESERVED
+CVE-2021-25572
+ RESERVED
+CVE-2021-25571
+ RESERVED
+CVE-2021-25570
+ RESERVED
+CVE-2021-25569
+ RESERVED
+CVE-2021-25568
+ RESERVED
+CVE-2021-25567
+ RESERVED
+CVE-2021-25566
+ RESERVED
+CVE-2021-25565
+ RESERVED
+CVE-2021-25564
+ RESERVED
+CVE-2021-25563
+ RESERVED
+CVE-2021-25562
+ RESERVED
+CVE-2021-25561
+ RESERVED
+CVE-2021-25560
+ RESERVED
+CVE-2021-25559
+ RESERVED
+CVE-2021-25558
+ RESERVED
+CVE-2021-25557
+ RESERVED
+CVE-2021-25556
+ RESERVED
+CVE-2021-25555
+ RESERVED
+CVE-2021-25554
+ RESERVED
+CVE-2021-25553
+ RESERVED
+CVE-2021-25552
+ RESERVED
+CVE-2021-25551
+ RESERVED
+CVE-2021-25550
+ RESERVED
+CVE-2021-25549
+ RESERVED
+CVE-2021-25548
+ RESERVED
+CVE-2021-25547
+ RESERVED
+CVE-2021-25546
+ RESERVED
+CVE-2021-25545
+ RESERVED
+CVE-2021-25544
+ RESERVED
+CVE-2021-25543
+ RESERVED
+CVE-2021-25542
+ RESERVED
+CVE-2021-25541
+ RESERVED
+CVE-2021-25540
+ RESERVED
+CVE-2021-25539
+ RESERVED
+CVE-2021-25538
+ RESERVED
+CVE-2021-25537
+ RESERVED
+CVE-2021-25536
+ RESERVED
+CVE-2021-25535
+ RESERVED
+CVE-2021-25534
+ RESERVED
+CVE-2021-25533
+ RESERVED
+CVE-2021-25532
+ RESERVED
+CVE-2021-25531
+ RESERVED
+CVE-2021-25530
+ RESERVED
+CVE-2021-25529
+ RESERVED
+CVE-2021-25528
+ RESERVED
+CVE-2021-25527 (Improper export of Android application components vulnerability in Sam ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25526 (Intent redirection vulnerability in Samsung Blockchain Wallet prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25525 (Improper check or handling of exception conditions vulnerability in Sa ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25524 (Insecure storage of device information in Contacts prior to version 12 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25523 (Insecure storage of device information in Samsung Dialer prior to vers ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25522 (Insecure storage of sensitive information vulnerability in Smart Captu ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25521 (Insecure caller check in sharevia deeplink logic prior to Samsung Inte ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25520 (Insecure caller check and input validation vulnerabilities in SearchKe ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25519 (An improper access control vulnerability in CPLC prior to SMR Dec-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25518 (An improper boundary check in secure_log of LDFW and BL31 prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25517 (An improper input validation vulnerability in LDFW prior to SMR Dec-20 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25516 (An improper check or handling of exceptional conditions in Exynos base ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25515 (An improper usage of implicit intent in SemRewardManager prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25514 (An improper intent redirection handling in Tags prior to SMR Dec-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25513 (An improper privilege management vulnerability in Apps Edge applicatio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25512 (An improper validation vulnerability in telephony prior to SMR Dec-202 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25511 (An improper validation vulnerability in FilterProvider prior to SMR De ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25510 (An improper validation vulnerability in FilterProvider prior to SMR De ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25509 (A missing input validation in Samsung Flow Windows application prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25508 (Improper privilege management vulnerability in API Key used in SmartTh ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25507 (Improper authorization vulnerability in Samsung Flow mobile applicatio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25506 (Non-existent provider in Samsung Health prior to 6.19.1.0001 allows at ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25505 (Improper authentication in Samsung Pass prior to 3.0.02.4 allows to us ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25504 (Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 a ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25503 (Improper input validation vulnerability in HDCP prior to SMR Nov-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25502 (A vulnerability of storing sensitive information insecurely in Propert ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25501 (An improper access control vulnerability in SCloudBnRReceiver in SecTe ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25500 (A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25499 (Intent redirection vulnerability in SamsungAccountSDKSigninActivity of ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25498 (A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSP ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25497 (A possible buffer overflow vulnerability in maetd_cpy_slice of libSPen ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25496 (A possible buffer overflow vulnerability in maetd_dec_slice of libSPen ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25495 (A possible heap buffer overflow vulnerability in libSPenBase library o ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25494 (A possible buffer overflow vulnerability in libSPenBase library of Sam ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25493 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25492 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25491 (A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows m ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25490 (A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25489 (Assuming radio permission is gained, missing input validation in modem ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25488 (Lack of boundary checking of a buffer in recv_data() of modem interfac ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25487 (Lack of boundary checking of a buffer in set_skb_priv() of modem inter ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25486 (Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25485 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR O ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25484 (Improper authentication in InputManagerService prior to SMR Oct-2021 R ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25483 (Lack of boundary checking of a buffer in livfivextractor library prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25482 (SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25481 (An improper error handling in Exynos CP booting driver prior to SMR Oc ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25480 (A lack of replay attack protection in GUTI REALLOCATION COMMAND messag ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25479 (A possible heap-based buffer overflow vulnerability in Exynos CP Chips ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25478 (A possible stack-based buffer overflow vulnerability in Exynos CP Chip ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25477 (An improper error handling in Mediatek RRC Protocol stack prior to SMR ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-25476 (An information disclosure vulnerability in Widevine TA log prior to SM ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25475 (A possible heap-based buffer overflow vulnerability in DSP kernel driv ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25474 (Assuming a shell privilege is gained, an improper exception handling f ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25473 (Assuming a shell privilege is gained, an improper exception handling f ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25472 (An improper access control vulnerability in BluetoothSettingsProvider ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25471 (A lack of replay attack protection in Security Mode Command process pr ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25470 (An improper caller check logic of SMC call in TEEGRIS secure OS prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25469 (A possible stack-based buffer overflow vulnerability in Widevine trust ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25468 (A possible guessing and confirming a byte memory vulnerability in Wide ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25467 (Assuming system privilege is gained, possible buffer overflow vulnerab ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25466 (Improper scheme check vulnerability in Samsung Internet prior to versi ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25465 (An improper scheme check vulnerability in Samsung Themes prior to vers ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25464 (An improper file management vulnerability in SamsungCapture prior to v ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25463 (Improper access control vulnerability in PENUP prior to version 3.8.00 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25462 (NULL pointer dereference vulnerability in NPU driver prior to SMR Sep- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25461 (An improper length check in APAService prior to SMR Sep-2021 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25460 (An improper access control vulnerability in sspExit() in BlockchainTZS ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25459 (An improper access control vulnerability in sspInit() in BlockchainTZS ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25458 (NULL pointer dereference vulnerability in ION driver prior to SMR Sep- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25457 (An improper input validation vulnerability in DSP driver prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25456 (OOB read vulnerability in libswmfextractor.so library prior to SMR Sep ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25455 (OOB read vulnerability in libsaviextractor.so library prior to SMR Sep ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25454 (OOB read vulnerability in libsaacextractor.so library prior to SMR Sep ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25453 (Some improper access control in Bluetooth APIs prior to SMR Sep-2021 R ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25452 (An improper input validation vulnerability in loading graph file in DS ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25451 (A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25450 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR S ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25449 (An improper input validation vulnerability in libsapeextractor library ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior to versi ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to SMR AUG- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...)
+ NOT-FOR-US: Samsung (KME module)
+CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...)
+ NOT-FOR-US: AR Emoji Editor
+CVE-2021-25440 (Improper access control vulnerability in FactoryCameraFB prior to vers ...)
+ NOT-FOR-US: FactoryCameraFB
+CVE-2021-25439 (Improper access control vulnerability in Samsung Members prior to vers ...)
+ NOT-FOR-US: Samsung Members
+CVE-2021-25438 (Improper access control vulnerability in Samsung Members prior to vers ...)
+ NOT-FOR-US: Samsung Members
+CVE-2021-25437 (Improper access control vulnerability in Tizen FOTA service prior to F ...)
+ NOT-FOR-US: Tizen FOTA service
+CVE-2021-25436 (Improper input validation vulnerability in Tizen FOTA service prior to ...)
+ NOT-FOR-US: Tizen FOTA service
+CVE-2021-25435 (Improper input validation vulnerability in Tizen bootloader prior to F ...)
+ NOT-FOR-US: Tizen bootloader
+CVE-2021-25434 (Improper input validation vulnerability in Tizen bootloader prior to F ...)
+ NOT-FOR-US: Tizen bootloader
+CVE-2021-25433 (Improper authorization vulnerability in Tizen factory reset policy pri ...)
+ NOT-FOR-US: Tizen factory reset policy
+CVE-2021-25432 (Information exposure vulnerability in Samsung Members prior to version ...)
+ NOT-FOR-US: Samsung Members
+CVE-2021-25431 (Improper access control vulnerability in Cameralyzer prior to versions ...)
+ NOT-FOR-US: Cameralyzer
+CVE-2021-25430 (Improper access control vulnerability in Bluetooth application prior t ...)
+ NOT-FOR-US: Bluetooth application (Samsung)
+CVE-2021-25429 (Improper privilege management vulnerability in Bluetooth application p ...)
+ NOT-FOR-US: Bluetooth application (Samsung)
+CVE-2021-25428 (Improper validation check vulnerability in PackageManager prior to SMR ...)
+ NOT-FOR-US: PackageManager (Samsung)
+CVE-2021-25427 (SQL injection vulnerability in Bluetooth prior to SMR July-2021 Releas ...)
+ NOT-FOR-US: Bluetooth (Samsung)
+CVE-2021-25426 (Improper component protection vulnerability in SmsViewerActivity of Sa ...)
+ NOT-FOR-US: Samsung Message
+CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...)
+ NOT-FOR-US: Watch Active2 PlugIn
+CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to ...)
+ NOT-FOR-US: Watch Active2 PlugIn
+CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...)
+ NOT-FOR-US: Galaxy Watch3 PlugIn
+CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to ...)
+ NOT-FOR-US: Galaxy Watch PlugIn
+CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25380 (Improper handling of exceptional conditions in Bixby prior to version ...)
+ NOT-FOR-US: Bixby
+CVE-2021-25379 (Intent redirection vulnerability in Gallery prior to version 5.4.16.1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25378 (Improper access control of certain port in SmartThings prior to versio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25377 (Intent redirection in Samsung Experience Service versions 10.8.0.4 in ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25376 (An improper synchronization logic in Samsung Email prior to version 6. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25375 (Using predictable index for attachments in Samsung Email prior to vers ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25374 (An improper authorization vulnerability in Samsung Members "samsungrew ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25373 (Using unsafe PendingIntent in Customization Service prior to version 2 ...)
+ NOT-FOR-US: PendingIntent in Customization Service (Samsung)
+CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25365 (An improper exception control in softsimd prior to SMR APR-2021 Releas ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25364 (A pendingIntent hijacking vulnerability in Secure Folder prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25363 (An improper access control in ActivityManagerService prior to SMR APR- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25362 (An improper permission management in CertInstaller prior to SMR APR-20 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25361 (An improper access control vulnerability in stickerCenter prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25360 (An improper input validation vulnerability in libswmfextractor library ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25359 (An improper SELinux policy prior to SMR APR-2021 Release 1 allows loca ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25358 (A vulnerability that stores IMSI values in an improper path prior to S ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25357 (A pendingIntent hijacking vulnerability in Create Movie prior to SMR A ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25356 (An improper caller check vulnerability in Managed Provisioning prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.121 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior to versi ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung Account prio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
+ NOT-FOR-US: Samsung Internet
+CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...)
+ NOT-FOR-US: Samsung Email application
+CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+ NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+ NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+ NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...)
+ NOT-FOR-US: MobileWips application
+CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
+ NOT-FOR-US: MISP
+CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...)
+ NOT-FOR-US: Files.com Fat Client
+CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...)
+ NOT-FOR-US: D-Link
+CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...)
+ {DSA-4838-1 DLA-2529-1}
+ - mutt 2.0.5-1 (bug #980326)
+ NOTE: https://gitlab.com/muttmua/mutt/-/issues/323
+ NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
+CVE-2021-3180
+ RESERVED
+CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...)
+ {DSA-4891-1 DLA-2594-1}
+ - tomcat9 9.0.43-1
+ - tomcat8 <removed>
+ - tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/2
+ NOTE: https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453 (9.0.43)
+ NOTE: https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35 (8.5.63)
+ NOTE: https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5 (7.0.108)
+ NOTE: CVE is for incomplete fix for CVE-2020-9484.
+CVE-2021-25328 (Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a ...)
+ NOT-FOR-US: Skyworth Digital Technology RN510
+CVE-2021-25327 (Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site requ ...)
+ NOT-FOR-US: Skyworth Digital Technology RN510
+CVE-2021-25326 (Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrec ...)
+ NOT-FOR-US: Skyworth Digital Technology RN510
+CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...)
+ NOT-FOR-US: MISP
+CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...)
+ NOT-FOR-US: MISP
+CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...)
+ NOT-FOR-US: MISP
+CVE-2021-25322 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-Hyper ...)
+ - hyperkitty <not-affected> (SuSE-specific packaging issue)
+CVE-2021-25321 (A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of ...)
+ - arpwatch <not-affected> (SuSE specific packaging issue)
+ NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does apply permissions
+ NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time
+CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows users in th ...)
+ NOT-FOR-US: Rancher
+CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...)
+ - virtualbox <not-affected> (openSUSE specific security issue in the openSUSE packaging)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
+CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ NOT-FOR-US: Rancher
+CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...)
+ - cups <not-affected> (In Debian /var/log/cups is owned by root:root)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
+CVE-2021-25316 (A Insecure Temporary File vulnerability in s390-tools of SUSE Linux En ...)
+ NOT-FOR-US: SuSE (different from src:s390-tools in Debian)
+CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...)
+ - salt <not-affected> (SuSE specific issue, cf #985085)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382
+CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerability i ...)
+ NOT-FOR-US: hawk2 as packaged by SuSE
+CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ NOT-FOR-US: Rancher
+CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of the pas ...)
+ NOT-FOR-US: GGLocker iOS application
+CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
+ {DLA-2586-1}
+ - linux 5.10.12-1 (unimportant)
+ [buster] - linux 4.19.171-1
+ NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
+ NOTE: Disputed/mild security relevance/impact
+CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...)
+ {DLA-2919-1 DLA-2619-1}
+ - python3.9 3.9.1-3
+ - python3.8 <removed>
+ - python3.7 <removed>
+ [buster] - python3.7 3.7.3-2+deb10u3
+ [stretch] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python2.7 2.7.18-2
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue42938
+ NOTE: https://github.com/python/cpython/pull/24239
+ NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
+ NOTE: https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7 (master)
+ NOTE: https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 (3.9)
+ NOTE: https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8)
+ NOTE: https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7)
+ NOTE: https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6)
+CVE-2021-3176 (The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for ...)
+ NOT-FOR-US: Mitel
+CVE-2021-3175
+ RESERVED
+CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...)
+ - condor <not-affected> (Only affects versions 8.9.2 through 8.9.10 inclusive)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html
+CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversal outs ...)
+ - condor <not-affected> (Only affects versions 8.9.7 through 8.9.10 inclusive)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html
+CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Be ...)
+ NOT-FOR-US: Belkin Linksys WRT160NL devices
+CVE-2021-25309 (The telnet administrator service running on port 650 on Gigaset DX600A ...)
+ NOT-FOR-US: Gigaset devices
+CVE-2021-25308
+ RESERVED
+CVE-2021-25307
+ RESERVED
+CVE-2021-25306 (A buffer overflow vulnerability in the AT command interface of Gigaset ...)
+ NOT-FOR-US: Gigaset devices
+CVE-2021-3174
+ RESERVED
+CVE-2021-25305
+ RESERVED
+CVE-2021-25304
+ RESERVED
+CVE-2021-25303
+ RESERVED
+CVE-2021-25302
+ RESERVED
+CVE-2021-3173
+ RESERVED
+CVE-2021-3172
+ RESERVED
+CVE-2021-3171
+ RESERVED
+CVE-2021-3170
+ RESERVED
+CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to create a co ...)
+ NOT-FOR-US: Jumpserver
+CVE-2021-3168
+ RESERVED
+CVE-2021-3167 (In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens ar ...)
+ NOT-FOR-US: Cloudera Data Engineering (CDE)
+CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An at ...)
+ NOT-FOR-US: ASUS devices
+CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser acco ...)
+ NOT-FOR-US: SmartAgent
+CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...)
+ NOT-FOR-US: ChurchRota
+CVE-2021-3163 (** DISPUTED ** A vulnerability in the HTML editor of Slab Quill 4.8.0 ...)
+ NOT-FOR-US: Slab Quill
+CVE-2021-25301
+ RESERVED
+CVE-2021-25300
+ RESERVED
+CVE-2021-25299 (Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25298 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25297 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25296 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25295 (OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issue ...)
+ NOT-FOR-US: OpenCATS
+CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity re ...)
+ NOT-FOR-US: OpenCATS
+CVE-2021-25293 (An issue was discovered in Pillow before 8.1.1. There is an out-of-bou ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
+ NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (v4.3.0)
+CVE-2021-25292 (An issue was discovered in Pillow before 8.1.1. The PDF parser allows ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
+ NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4 (5.1.0)
+CVE-2021-25291 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
+ NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)
+CVE-2021-25290 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...)
+ {DLA-2716-1}
+ - pillow 8.1.1-1
+ [buster] - pillow <no-dsa> (Minor issue)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
+CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <not-affected> (Vulnerable code not present)
+ [stretch] - pillow <not-affected> (Vulnerable code not present)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
+CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
+ NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
+ NOTE: Debian packages are built without JPEG2000 support
+CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
+ NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
+ NOTE: Debian packages are built without JPEG2000 support
+CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...)
+ {DSA-4833-1 DLA-2528-1}
+ - gst-plugins-bad1.0 1.18.1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1917192
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/20/1
+CVE-2021-25286
+ RESERVED
+CVE-2021-25285
+ RESERVED
+CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/ac2ce3a3a000e428122bc120179e083de95c1de7 (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59793
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
+CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/3fbf9a35bc4f7a43f628631f89ebb31f907859e3 (v3002.5)
+CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/aafc5ed6de60403c90201d85963299df351147ec (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59935
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/da381954425e1e1d5b807ff1156090847c5d16aa
+CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/01/28
+ NOTE: https://github.com/saltstack/salt/commit/905efea17d9740a081509780d7c44e742b99ce60 (v3000.7)
+ NOTE: Regression: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/02/05
+ NOTE: Regression: https://github.com/saltstack/salt/commit/8f8994ba42e618a9b07fac417d931bdb7b7005d1
+ NOTE: Regression: https://github.com/saltstack/salt/commit/41a24843d8b22c6a340338ac86a628323fbfc181
+ NOTE: Regression: https://github.com/saltstack/salt/commit/7b3591d9cd427d46e410bc2d510e2ccfa6a23884
+CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection]
+ - php-laravel-framework 6.20.14+dfsg-2 (bug #987831)
+ - php-illuminate-database <removed> (bug #987848)
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j
+ NOTE: https://blog.laravel.com/security-sql-injection-in-sql-server-limit-offset
+CVE-2021-XXXX [Unexpected database bindings via requests (follow-up)]
+ - php-laravel-framework 6.20.14+dfsg-1
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg
+ TODO: check php-illuminate-database and CVE assignment
+CVE-2021-21263 (Laravel is a web application framework. Versions of Laravel before 6.2 ...)
+ - php-laravel-framework 6.20.11+dfsg-1 (bug #980095)
+ - php-illuminate-database <removed> (bug #980899)
+ NOTE: https://blog.laravel.com/security-laravel-62011-7302-8221-released
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
+ NOTE: https://github.com/laravel/framework/pull/35865
+CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certificat ...)
+ NOT-FOR-US: Docker Desktop on MacOS
+CVE-2021-3161
+ RESERVED
+CVE-2021-3160 (Deserialization of untrusted data in the login page of ASSUWEB 359.3 b ...)
+ NOT-FOR-US: ACA
+CVE-2021-25280
+ RESERVED
+CVE-2021-25279
+ RESERVED
+CVE-2021-25278 (FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Backgroun ...)
+ NOT-FOR-US: FTAPI
+CVE-2021-25277 (FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative ...)
+ NOT-FOR-US: FTAPI
+CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory cont ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various SolarWin ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the /sys/attachme ...)
+ NOT-FOR-US: Landray EKP
+CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email detail vi ...)
+ NOT-FOR-US: Sophos
+CVE-2021-25272
+ RESERVED
+CVE-2021-25271 (A local attacker could read or write arbitrary files with administrato ...)
+ NOT-FOR-US: HitmanPro
+CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...)
+ NOT-FOR-US: HitmanPro
+CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...)
+ NOT-FOR-US: Sophos
+CVE-2021-25268
+ RESERVED
+CVE-2021-25267
+ RESERVED
+CVE-2021-25266
+ RESERVED
+CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
+ NOT-FOR-US: Sophos Connect Client
+CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
+ NOT-FOR-US: Sophos
+CVE-2021-25263 (Clickhouse prior to versions v20.8.18.32-lts, v21.1.9.41-stable, v21.2 ...)
+ - clickhouse <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ClickHouse/ClickHouse/pull/22822
+ NOTE: Vulnerable code introduced at https://github.com/ClickHouse/ClickHouse/commit/ea8994b9e4fd4434b296ffccbfbf60c3c65a50d1
+CVE-2021-25262
+ RESERVED
+CVE-2021-25261
+ RESERVED
+CVE-2021-25260
+ RESERVED
+CVE-2021-25259
+ RESERVED
+CVE-2021-25258
+ RESERVED
+CVE-2021-25257
+ RESERVED
+CVE-2021-25256
+ RESERVED
+CVE-2021-25255
+ RESERVED
+CVE-2021-25254
+ RESERVED
+CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25250 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25248 (An out-of-bounds read information disclosure vulnerability in Trend Mi ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25247 (A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25246 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25245 (An improper access control vulnerability in Worry-Free Business Securi ...)
+ NOT-FOR-US: Worry-Free Business Security
+CVE-2021-25244 (An improper access control vulnerability in Worry-Free Business Securi ...)
+ NOT-FOR-US: Worry-Free Business Security
+CVE-2021-25243 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25242 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25241 (A server-side request forgery (SSRF) information disclosure vulnerabil ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25240 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25239 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25238 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25237 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25236 (A server-side request forgery (SSRF) information disclosure vulnerabil ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25235 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25234 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25233 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25232 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25231 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25230 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25229 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25228 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25227 (Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memor ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25226 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25225 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25224 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25223
+ RESERVED
+CVE-2021-25222
+ RESERVED
+CVE-2021-25221
+ RESERVED
+CVE-2021-25220
+ RESERVED
+CVE-2021-25219 (In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3- ...)
+ {DSA-4994-1 DLA-2807-1}
+ - bind9 1:9.17.19-1
+ NOTE: https://kb.isc.org/docs/cve-2021-25219
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662 (v9_16_22)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4931584a34bdd0a0d18e4d918fb853bf5296787 (v9_16_22)
+CVE-2021-25218 (In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ...)
+ - bind9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://kb.isc.org/docs/cve-2021-25218
+CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -&gt; 4.1-ESV-R16, ISC DHCP 4.4.0 -&gt; 4.4.2 ( ...)
+ {DLA-2674-1}
+ - isc-dhcp 4.4.1-2.3 (bug #989157)
+ [buster] - isc-dhcp 4.4.1-2+deb10u1
+ NOTE: https://kb.isc.org/docs/cve-2021-25217
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6
+ NOTE: https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches/4.4.2.CVE-2021-25217.patch
+CVE-2021-25216 (In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...)
+ {DSA-4909-1 DLA-2647-1}
+ - bind9 1:9.16.15-1 (bug #987743)
+ NOTE: https://kb.isc.org/docs/cve-2021-25216
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/216a97188d86cb3edb307a40ff5ee61b030eb033 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/a875dcc66969ea3995eb6fc1545d39dafcb56b26 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6b0b0c6aba2488f8db5d6cdbc44162b98ffa5ed4 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3fd30e16340afd95ee8c7dca8a5ff7cc35d069bc (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/565a6a56791b01b86e2fd1eaa1907bf985f2e997 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/99132eda0e006932fa5927d4ad81bced0d3b3042 (v9_16_15)
+ NOTE: Issue can be mitigated configuring with --disable-isc-spnego and using the system library.
+CVE-2021-25215 (In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...)
+ {DSA-4909-1 DLA-2647-1}
+ - bind9 1:9.16.15-1 (bug #987742)
+ NOTE: https://kb.isc.org/docs/cve-2021-25215
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/dde958717c9bfdc8679764c045c226e3a1468334 (v9_16_15)
+CVE-2021-25214 (In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...)
+ {DSA-4909-1 DLA-2647-1}
+ - bind9 1:9.16.15-1 (bug #987741)
+ NOTE: https://kb.isc.org/docs/cve-2021-25214
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f68d4cba3321ed375bbc334e2333250893c4f587 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f092fcee10a7e8b391747dbdd7e58243bff4f75c (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/01a916abac22f87a248a7525d3e7408acac0804b (v9_16_15)
+CVE-2021-25213 (SQL injection vulnerability in SourceCodester Travel Management System ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25212 (SQL injection vulnerability in SourceCodester Alumni Management System ...)
+ NOT-FOR-US: SourceCodester Alumni Management System
+CVE-2021-25211 (Arbitrary file upload vulnerability in SourceCodester Ordering System ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni Managemen ...)
+ NOT-FOR-US: SourceCodester Alumni Management System
+CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park Ticketing Sys ...)
+ NOT-FOR-US: SourceCodester Theme Park Ticketing System
+CVE-2021-25208 (Arbitrary file upload vulnerability in SourceCodester Travel Managemen ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25207 (Arbitrary file upload vulnerability in SourceCodester E-Commerce Websi ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25206 (Arbitrary file upload vulnerability in SourceCodester Responsive Order ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25205 (SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25204 (Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25203 (Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attacke ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventory Syst ...)
+ NOT-FOR-US: SourceCodester Sales and Inventory System
+CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 1.0 allows ...)
+ NOT-FOR-US: Learning Management System
+CVE-2021-25200 (Arbitrary file upload vulnerability in SourceCodester Learning Managem ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25199
+ RESERVED
+CVE-2021-25198
+ RESERVED
+CVE-2021-25197 (Cross-site scripting (XSS) vulnerability in SourceCodester Content Man ...)
+ NOT-FOR-US: SourceCodester Content Management System
+CVE-2021-3158
+ RESERVED
+CVE-2021-3157
+ RESERVED
+CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result in a ...)
+ {DSA-4839-1 DLA-2534-1}
+ - sudo 1.9.5p1-1.1
+ NOTE: https://www.sudo.ws/alerts/unescape_overflow.html
+ NOTE: https://www.sudo.ws/repos/sudo/rev/9b97f1787804
+ NOTE: https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b
+ NOTE: https://www.sudo.ws/repos/sudo/rev/049ad90590be
+ NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89
+ NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3
+CVE-2021-3155 (snapd 2.54.2 and earlier created ~/snap directories in user home direc ...)
+ - snapd 2.54-1
+ NOTE: https://github.com/snapcore/snapd/pull/9841
+ NOTE: https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 (2.52)
+ NOTE: https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca (2.54)
+CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
+ NOT-FOR-US: HashiCorp Terraform Enterprise
+CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
+ NOT-FOR-US: Home Assistant
+CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...)
+ NOT-FOR-US: i-doit
+CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal Data ...)
+ NOT-FOR-US: Cryptshare Server
+CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...)
+ NOT-FOR-US: Netshield NANO devices
+CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/fc9267afa3a7ecaae3ef446575072e0e5d51d8b7 (v2016.3)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/6ae64c6b15cb7f43b57f564a0cb8a0e426cc183a (v3000.7 backport)
+CVE-2021-3147
+ RESERVED
+CVE-2021-25196
+ RESERVED
+CVE-2021-25195 (Windows PKU2U Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-25194
+ RESERVED
+CVE-2021-25193
+ RESERVED
+CVE-2021-25192
+ RESERVED
+CVE-2021-25191
+ RESERVED
+CVE-2021-25190
+ RESERVED
+CVE-2021-25189
+ RESERVED
+CVE-2021-25188
+ RESERVED
+CVE-2021-25187
+ RESERVED
+CVE-2021-25186
+ RESERVED
+CVE-2021-25185
+ RESERVED
+CVE-2021-25184
+ RESERVED
+CVE-2021-25183
+ RESERVED
+CVE-2021-25182
+ RESERVED
+CVE-2021-25181
+ RESERVED
+CVE-2021-25180
+ RESERVED
+CVE-2021-25179 (SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-25178 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25177 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25176 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25175 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25174 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25173 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25172 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25171 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25170 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25163 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25160 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25159 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25158 (A remote arbitrary file read vulnerability was discovered in some Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25157 (A remote arbitrary file read vulnerability was discovered in some Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered in so ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba AirWave M ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25152 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25147 (A remote authentication restriction bypass vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...)
+ NOT-FOR-US: HPE
+CVE-2021-25140 (A potential security vulnerability has been identified in the HPE Moon ...)
+ NOT-FOR-US: HPE
+CVE-2021-25139 (A potential security vulnerability has been identified in the HPE Moon ...)
+ NOT-FOR-US: HPE
+CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25136 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25135 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25134 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25133 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25132 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25131 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25130 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25129 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25128 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25127 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25126 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25125 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...)
+ {DSA-4891-1 DLA-2594-1}
+ - tomcat9 9.0.43-1
+ - tomcat8 <removed>
+ - tomcat7 <removed>
+ [stretch] - tomcat7 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1
+ NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43)
+ NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63)
+CVE-2021-25121
+ RESERVED
+CVE-2021-25120
+ RESERVED
+CVE-2021-25119
+ RESERVED
+CVE-2021-25118
+ RESERVED
+CVE-2021-25117
+ RESERVED
+CVE-2021-25116
+ RESERVED
+CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25113
+ RESERVED
+CVE-2021-25112
+ RESERVED
+CVE-2021-25111
+ RESERVED
+CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25106 (The Privacy Policy Generator, Terms &amp; Conditions Generator WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25104
+ RESERVED
+CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25102
+ RESERVED
+CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25098
+ RESERVED
+CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25094
+ RESERVED
+CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25090
+ RESERVED
+CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25088
+ RESERVED
+CVE-2021-25087
+ RESERVED
+CVE-2021-25086
+ RESERVED
+CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25081
+ RESERVED
+CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25075 (The Duplicate Page or Post WordPress plugin before 1.5.1 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 contains a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25071
+ RESERVED
+CVE-2021-25070
+ RESERVED
+CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25068
+ RESERVED
+CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25066
+ RESERVED
+CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25064
+ RESERVED
+CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25059
+ RESERVED
+CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25056
+ RESERVED
+CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25053 (The WP Coder WordPress plugin before 2.5.2 within the wow-company admi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25052 (The Button Generator WordPress plugin before 2.3.3 within the wow-comp ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-company ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25048
+ RESERVED
+CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not validate or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25044
+ RESERVED
+CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25042
+ RESERVED
+CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25039
+ RESERVED
+CVE-2021-25038
+ RESERVED
+CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by an a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25034
+ RESERVED
+CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25026
+ RESERVED
+CVE-2021-25025 (The EventCalendar WordPress plugin before 1.1.51 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25024 (The EventCalendar WordPress plugin before 1.1.51 does not escape some ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25023 (The Speed Booster Pack &#9889; PageSpeed Optimization Suite WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25022 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25021 (The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25019
+ RESERVED
+CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25012
+ RESERVED
+CVE-2021-25011
+ RESERVED
+CVE-2021-25010
+ RESERVED
+CVE-2021-25009
+ RESERVED
+CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25007
+ RESERVED
+CVE-2021-25006
+ RESERVED
+CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25003
+ RESERVED
+CVE-2021-25002
+ RESERVED
+CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24999 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used to crea ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any authorisati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24996
+ RESERVED
+CVE-2021-24995
+ RESERVED
+CVE-2021-24994
+ RESERVED
+CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24991 (The WooCommerce PDF Invoices &amp; Packing Slips WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24990
+ RESERVED
+CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24987
+ RESERVED
+CVE-2021-24986
+ RESERVED
+CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24982
+ RESERVED
+CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24978
+ RESERVED
+CVE-2021-24977
+ RESERVED
+CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24971
+ RESERVED
+CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24968 (The Ultimate FAQ WordPress plugin before 2.1.2 does not have capabilit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24967 (The Contact Form &amp; Lead Form Elementor Builder WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24966
+ RESERVED
+CVE-2021-24965 (The Five Star Restaurant Reservations WordPress plugin before 2.4.8 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly ve ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24962
+ RESERVED
+CVE-2021-24961
+ RESERVED
+CVE-2021-24960
+ RESERVED
+CVE-2021-24959
+ RESERVED
+CVE-2021-24958
+ RESERVED
+CVE-2021-24957
+ RESERVED
+CVE-2021-24956 (The Blog2Social: Social Media Auto Post &amp; Scheduler WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24955 (The User Registration, Login Form, User Profile &amp; Membership WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24954 (The User Registration, Login Form, User Profile &amp; Membership WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24953
+ RESERVED
+CVE-2021-24952
+ RESERVED
+CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not sanitise, valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24950
+ RESERVED
+CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor - Pro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24945 (The Like Button Rating &#9829; LikeBtn WordPress plugin before 2.6.38 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24944 (The Custom Dashboard &amp; Login Page WordPress plugin before 7.0 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24942
+ RESERVED
+CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24940
+ RESERVED
+CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24937 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not have CS ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24933
+ RESERVED
+CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24929
+ RESERVED
+CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24920
+ RESERVED
+CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24916
+ RESERVED
+CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24913
+ RESERVED
+CVE-2021-24912
+ RESERVED
+CVE-2021-24911
+ RESERVED
+CVE-2021-24910
+ RESERVED
+CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24908 (The Check &amp; Log Email WordPress plugin before 1.0.4 does not escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not check for ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24905
+ RESERVED
+CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24903
+ RESERVED
+CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24901
+ RESERVED
+CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24898
+ RESERVED
+CVE-2021-24897
+ RESERVED
+CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24895
+ RESERVED
+CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24893 (The Stars Rating WordPress plugin before 3.5.1 does not validate the s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24890
+ RESERVED
+CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24887
+ RESERVED
+CVE-2021-24886
+ RESERVED
+CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24881
+ RESERVED
+CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24870
+ RESERVED
+CVE-2021-24869
+ RESERVED
+CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...)
+ TODO: check
+CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24864
+ RESERVED
+CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24861 (The Quotes Collection WordPress plugin through 2.5.2 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5 registers a shor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24858 (The Cookie Notification Plugin for WordPress plugin before 1.0.9 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded us ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24855 (The Display Post Metadata WordPress plugin before 1.5.0 adds a shortco ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have capability ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24852 (The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with a rol ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24849 (The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24846 (The get_query() function of the Ni WooCommerce Custom Order Status Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24837
+ RESERVED
+CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24835 (The WCFM &#8211; Frontend Manager for WooCommerce along with Bookings ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24833 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24831 (All AJAX actions of the Tab WordPress plugin before 1.3.2 are availabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24828 (The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24826
+ RESERVED
+CVE-2021-24825
+ RESERVED
+CVE-2021-24824
+ RESERVED
+CVE-2021-24823
+ RESERVED
+CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24821
+ RESERVED
+CVE-2021-24820
+ RESERVED
+CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24817 (The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24814 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24810
+ RESERVED
+CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24807 (The Support Board WordPress plugin before 3.3.5 allows Authenticated ( ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when ad ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24805
+ RESERVED
+CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24803
+ RESERVED
+CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24800
+ RESERVED
+CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24797 (The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24792 (The Shiny Buttons WordPress plugin through 1.1.0 does not have any aut ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24790 (The Contact Form Advanced Database WordPress plugin through 1.0.8 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24787 (The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24786 (The Download Monitor WordPress plugin before 4.4.5 does not properly v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24784 (The WP Admin Logo Changer WordPress plugin through 1.0 does not have C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24782 (The Flex Local Fonts WordPress plugin through 1.0.0 does not escape th ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24780 (The Single Post Exporter WordPress plugin through 1.1.1 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24778
+ RESERVED
+CVE-2021-24777
+ RESERVED
+CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a REST en ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24774 (The Check &amp; Log Email WordPress plugin before 1.0.3 does not valid ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and validat ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24771 (The Inspirational Quote Rotator WordPress plugin through 1.0.0 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24766 (The 404 to 301 &#8211; Redirect, Log and Notify 404 Errors WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24765 (The Perfect Survey WordPress plugin through 1.5.2 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24764 (The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some o ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24756 (The WP System Log WordPress plugin before 1.0.21 does not sanitise, va ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24753 (The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not pr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...)
+ NOT-FOR-US: WordPress plugins
+CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24750 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for authenticated S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24746
+ RESERVED
+CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24742 (The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Edi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24739 (The Logo Carousel WordPress plugin before 3.4.2 allows users with a ro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24738 (The Logo Carousel WordPress plugin before 3.4.2 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24737 (The Comments &#8211; wpDiscuz WordPress plugin through 7.3.0 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not imp ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24733 (The WP Post Page Clone WordPress plugin before 1.2 allows users with a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress &#8211; DearFlip WordPress plu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24731 (The Registration Forms &#8211; User profile, Content Restriction, Spam ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24730
+ RESERVED
+CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24728 (The Membership &amp; Content Restriction &#8211; Paid Member Subscript ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate or escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24726 (The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24721 (The Loco Translate WordPress plugin before 2.5.4 mishandles data input ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24718 (The Contact Form, Survey &amp; Popup Form Plugin for WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24714 (The Import any XML or CSV File to WordPress plugin before 3.6.3 does n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and Video Less ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24710 (The Print-O-Matic WordPress plugin before 2.0.3 does not escape some o ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24706 (The Qwizcards &#8211; online quizzes and flashcards WordPress plugin b ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24704
+ RESERVED
+CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize m ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24700 (The Forminator WordPress plugin before 1.15.4 does not sanitize and es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows users ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24696 (The Simple Download Monitor WordPress plugin before 3.9.9 does not enf ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6 saves logs i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24694 (The Simple Download Monitor WordPress plugin before 3.9.11 could allow ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24692
+ RESERVED
+CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24689
+ RESERVED
+CVE-2021-24688
+ RESERVED
+CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape the st ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24680 (The WP Travel Engine WordPress plugin before 5.3.1 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24677 (The Find My Blocks WordPress plugin before 3.4.0 does not have authori ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not check for C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24674 (The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24669 (The MAZ Loader &#8211; Preloader Builder for WordPress plugin before 1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24668 (The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce ch ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24664 (The School Management System &#8211; WPSchoolPress WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24661 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24660 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24659 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 3.2.4 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24655
+ RESERVED
+CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24652 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24650
+ RESERVED
+CVE-2021-24649
+ RESERVED
+CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24647 (The Registration Forms &#8211; User profile, Content Restriction, Spam ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24645 (The Booking.com Product Helper WordPress plugin before 1.0.2 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not validate or sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24641 (The Images to WebP WordPress plugin before 1.9 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path validatio ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24638 (The OMGF WordPress plugin before 4.5.4 does not escape or validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24637 (The Google Fonts Typography WordPress plugin before 3.0.3 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24636 (The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24635 (The Visual Link Preview WordPress plugin before 2.2.3 does not enforce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24634 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24633 (The Countdown Block WordPress plugin before 1.1.2 does not have author ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24632 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24631 (The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24630 (The Schreikasten WordPress plugin through 0.14.18 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24629 (The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24628 (The Wow Forms WordPress plugin through 3.1.3 does not sanitise or esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24627 (The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24626 (The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24625 (The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24624 (The MP3 Audio Player for Music, Radio &amp; Podcast by Sonaar WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24622 (The Customer Service Software &amp; Support Ticket System WordPress pl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products thr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not prope ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape the op_ed ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24616 (The AddToAny Share Buttons WordPress plugin before 1.7.48 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not sanitise or es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24612 (The Sociable WordPress plugin through 4.3.4.1 does not sanitise or esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implement a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24608 (The Formidable Form Builder &#8211; Contact Form, Survey &amp; Quiz Fo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24607 (The Storefront Footer Text WordPress plugin through 1.0.1 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24604 (The Availability Calendar WordPress plugin before 1.2.2 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24603 (The Site Reviews WordPress plugin before 5.13.1 does not sanitise some ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not have any ac ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24601 (The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24600 (The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24599 (The Email Encoder &#8211; Protect Email Addresses WordPress plugin bef ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24598 (The Testimonial WordPress plugin before 1.6.0 does not escape some tes ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its qrcod ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSR ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24594 (The Translate WordPress &#8211; Google Language Translator WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24591 (The Highlight WordPress plugin before 0.9.3 does not sanitise its Cust ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24590 (The Cookie Notice &amp; Consent Banner for GDPR &amp; CCPA Compliance ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24589
+ RESERVED
+CVE-2021-24588 (The SMS Alert Order Notifications WordPress plugin before 3.4.7 is aff ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24587 (The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24586 (The Per page add to head WordPress plugin before 1.4.4 is lacking any ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24585 (The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24584 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24583 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24582 (The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise use ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24578 (The SportsPress WordPress plugin before 2.7.9 does not sanitise and es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24575 (The School Management System &#8211; WPSchoolPress WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24573
+ RESERVED
+CVE-2021-24572 (The Accept Donations with PayPal WordPress plugin before 1.3.1 provide ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24570 (The Accept Donations with PayPal WordPress plugin before 1.3.1 offers ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24569 (The Cookie Notice &amp; Compliance for GDPR / CCPA WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24567
+ RESERVED
+CVE-2021-24566
+ RESERVED
+CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24563 (The Frontend Uploader WordPress plugin through 1.3.2 does not prevent ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24562 (The LMS by LifterLMS &#8211; Online Course, Membership &amp; Learning ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24559
+ RESERVED
+CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24556 (The kento_email_subscriber_ajax AJAX action of the Email Subscriber Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24555 (The daac_delete_booking_callback function, hooked to the daac_delete_b ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24554 (The Paytm &#8211; Donation Plugin WordPress plugin through 1.3.2 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24553 (The Timeline Calendar WordPress plugin through 1.2 does not sanitise, ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24552 (The Simple Events Calendar WordPress plugin through 1.4.0 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24551 (The Edit Comments WordPress plugin through 0.3 does not sanitise, vali ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24550 (The Broken Link Manager WordPress plugin through 0.6.5 does not saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24549 (The AceIDE WordPress plugin through 2.6.2 does not sanitise or validat ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Au ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24546 (The Gutenberg Block Editor Toolkit &#8211; EditorsKit WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24542
+ RESERVED
+CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24539 (The Coming Soon, Under Construction &amp; Maintenance Mode By Dazzler ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24537 (The Similar Posts WordPress plugin through 3.1.5 allow high privilege ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24533 (The Maintenance WordPress plugin before 4.03 does not sanitise or esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24532
+ RESERVED
+CVE-2021-24531 (The Charitable &#8211; Donation Plugin WordPress plugin before 1.6.51 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24530 (The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24529 (The Grid Gallery &#8211; Photo Image Grid Gallery WordPress plugin bef ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize paramet ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24527 (The User Registration &amp; User Profile &#8211; Profile Builder WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24526 (The Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contac ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24525 (The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users wi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24524 (The GiveWP &#8211; Donation Plugin and Fundraising Platform WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24523 (The Daily Prayer Time WordPress plugin before 2021.08.10 does not sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24522 (The User Registration, User Profile, Login &amp; Membership &#8211; Pr ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24521 (The Side Menu Lite &#8211; add sticky fixed buttons WordPress plugin b ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24520 (The Stock in &amp; out WordPress plugin through 1.0.4 lacks proper san ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24515 (The Video Gallery WordPress plugin before 1.1.5 does not escape the Ti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24511 (The fetch_product_ajax functionality in the Product Feed on WooCommerc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24508 (The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24506 (The Slider Hero with Animation, Video Background &amp; Intro Maker Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24504 (The WP LMS &#8211; Best WordPress LMS Plugin WordPress plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24503 (The Popular Brand Icons &#8211; Simple Icons WordPress plugin before 2 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not sanitise or es ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX actions mis ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme before ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_ ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24497 (The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL In ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24493 (The shopp_upload_file AJAX action of the Shopp WordPress plugin throug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome Testimon ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF checks ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24486 (The Simple Social Media Share Buttons &#8211; Social Sharing for Every ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24481 (The Any Hostname WordPress plugin through 1.0.6 does not sanitise or e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24480 (The Event Geek WordPress plugin through 2.5.2 does not sanitise or esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24479 (The DrawBlog WordPress plugin through 0.90 does not sanitise or valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24478 (The Bookshelf WordPress plugin through 2.0.4 does not sanitise or esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24477 (The Migrate Users WordPress plugin through 1.0.1 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24476 (The Steam Group Viewer WordPress plugin through 2.1 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24475
+ RESERVED
+CVE-2021-24474 (The Awesome Weather Widget WordPress plugin through 3.0.2 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was affected by ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24471 (The YouTube Embed WordPress plugin before 5.2.2 does not validate, esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24469
+ RESERVED
+CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24465 (The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, vali ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays- Responsive Slid ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24462 (The get_gallery_categories() and get_galleries() functions in the Phot ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24461 (The get_faqs() function in the FAQ Builder AYS WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24460 (The get_fb_likeboxes() function in the Popup Like box &#8211; Page Plu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24459 (The get_results() and get_items() functions in the Survey Maker WordPr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24458 (The get_ays_popupboxes() and get_popup_categories() functions of the P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24457 (The get_portfolios() and get_portfolio_attributes() functions in the c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24456 (The Quiz Maker WordPress plugin before 6.2.0.9 did not properly saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24455 (The Tutor LMS &#8211; eLearning and online course solution WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by a ref ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24450 (The User Registration, User Profiles, Login &amp; Membership &#8211; P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24449
+ RESERVED
+CVE-2021-24448 (The User Registration &amp; User Profile &#8211; Profile Builder WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does not have C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24444 (The TaxoPress &#8211; Create and Manage Taxonomies, Tags, Categories W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24443 (The About Me widget of the Youzify &#8211; BuddyPress Community, User ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress plugin bef ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitis ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin before 2 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does not prope ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24433
+ RESERVED
+CVE-2021-24432
+ RESERVED
+CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24430 (The Speed Booster Pack &#9889; PageSpeed Optimization Suite WordPress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24428 (The RSS for Yandex Turbo WordPress plugin through 1.30 does not saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or e ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24426 (The Backup by 10Web &#8211; Backup and Restore Plugin WordPress plugin ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Heade ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24424 (The WP Reset &#8211; Most Advanced WordPress Reset Tool WordPress plug ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24423 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24422
+ RESERVED
+CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24420 (The Request a Quote WordPress plugin before 2.3.4 did not sanitise and ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24419 (The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 do ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24417
+ RESERVED
+CVE-2021-24416 (The StreamCast &#8211; Radio Player for WordPress plugin before 2.1.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24415 (The Polo Video Gallery &#8211; Best wordpress video gallery plugin Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24412 (The Html5 Audio Player &#8211; Audio Player for WordPress plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24410 (The &#3108;&#3142;&#3122;&#3137;&#3095;&#3137; &#3116;&#3144;&#3116;&# ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24404 (The options.php file of the WP-Board WordPress plugin through 1.1 beta ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24403 (The Orders functionality in the WordPress Page Contact plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24402 (The Orders functionality in the WP iCommerce WordPress plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24401 (The Edit domain functionality in the WP Domain Redirect WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24400 (The Edit Role functionality in the Display Users WordPress plugin thro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24399 (The check_order function of The Sorter WordPress plugin through 1.0 us ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24398 (The Add new scene functionality in the Responsive 3D Slider WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24397 (The edit functionality in the MicroCopy WordPress plugin through 1.1.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24396 (A pageid GET parameter of the GSEOR &#8211; WordPress SEO Plugin WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24395 (The editid GET parameter of the Embed Youtube Video WordPress plugin t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24394 (An id GET parameter of the Easy Testimonial Manager WordPress plugin t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24393 (A c GET parameter of the Comment Highlighter WordPress plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24392 (An id GET parameter of the WordPress Membership SwiftCloud.io WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24391 (An editid GET parameter of the Cashtomer WordPress plugin through 1.0. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24390 (A proid GET parameter of the WordPress&#25903;&#20184;&#23453;Alipay|& ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress plugin before ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24385 (The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check for malic ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24377 (The Autoptimize WordPress plugin before 2.7.8 attempts to remove poten ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24376 (The Autoptimize WordPress plugin before 2.7.8 attempts to delete malic ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24375 (Lack of authentication or validation in motor_load_more, motor_gallery ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24374 (The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24373 (The WP Hardening &#8211; Fix Your WordPress Security WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24372 (The WP Hardening &#8211; Fix Your WordPress Security WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24371 (The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9 allows unauth ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the contribut ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24368 (The Quiz And Survey Master &#8211; Best Quiz, Exam and Survey Plugin W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24367 (The WP Config File Editor WordPress plugin through 1.7.1 was affected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin Columns P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly sanitize the ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24363 (The Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24362 (The Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the AJAX act ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24359 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24358 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24357 (In the Best Image Gallery &amp; Responsive Photo Gallery &#8211; FooGa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24356 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24355 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24354 (A lack of capability checks and insufficient nonce check on the AJAX a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24353 (The import_data function of the Simple 301 Redirects by BetterLinks Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24352 (The export_data function of the Simple 301 Redirects by BetterLinks Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24351 (The theplus_more_post AJAX action of The Plus Addons for Elementor Pag ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24350 (The Visitors WordPress plugin through 0.3 is affected by an Unauthenti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24349 (This Gallery from files WordPress plugin through 1.6.0 gives the funct ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24348 (The menu delete functionality of the Side Menu &#8211; add fixed side ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24347 (The SP Project &amp; Document Manager WordPress plugin before 4.22 all ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24346 (The Stock in &amp; out WordPress plugin through 1.0.4 has a search fun ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24343 (The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP I ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24341 (When deleting a date in the Xllentech English Islamic Calendar WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24340 (The WP Statistics WordPress plugin before 13.0.8 relied on using the W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24339 (The Pods &#8211; Custom Content Types and Fields WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24338 (The Pods &#8211; Custom Content Types and Fields WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24337 (The id GET parameter of one of the Video Embed WordPress plugin throug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24336 (The FlightLog WordPress plugin through 3.0.2 does not sanitise, valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24335 (The Car Repair Services &amp; Auto Mechanic WordPress theme before 4.0 ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24334 (The Instant Images &#8211; One Click Unsplash Uploads WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24333 (The Content Copy Protection &amp; Prevent Image Save WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24332 (The Autoptimize WordPress plugin before 2.8.4 was missing proper escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24331 (The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24330 (The Funnel Builder by CartFlows &#8211; Create High Converting Sales F ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24329 (The WP Super Cache WordPress plugin before 1.7.3 did not properly sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24328 (The WP Login Security and History WordPress plugin through 1.0 did not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24327 (The SEO Redirection Plugin &#8211; 301 Redirect Manager WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24322 (The Database Backup for WordPress plugin before 2.4 did not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24321 (The Bello - Directory &amp; Listing WordPress theme before 1.6.0 did n ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24320 (The Bello - Directory &amp; Listing WordPress theme before 1.6.0 did n ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24319 (The Bello - Directory &amp; Listing WordPress theme before 1.6.0 did n ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24318 (The Listeo WordPress theme before 1.6.11 did not ensure that the Post/ ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24317 (The Listeo WordPress theme before 1.6.11 did not properly sanitise som ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24316 (The search feature of the Mediumish WordPress theme through 1.0.47 doe ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24315 (The GiveWP &#8211; Donation Plugin and Fundraising Platform WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24313 (The WP Prayer WordPress plugin before 1.6.2 provides the functionality ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24312 (The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_ ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24311 (The wp_ajax_upload-remote-file AJAX action of the External Media WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24310 (The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24309 (The "Schedule Name" input in the Weekly Schedule WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24308 (The 'State' field of the Edit profile page of the LMS by LifterLMS &#8 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24307 (The All in One SEO &#8211; Best WordPress SEO Plugin &#8211; Easily Im ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24306 (The Ultimate Member &#8211; User Profile, User Registration, Login &am ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known as Watch ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the td_block_ ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24303 (The JiangQie Official Website Mini Program WordPress plugin before 1.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24301 (The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24300 (The slider import search feature of the PickPlugins Product Slider for ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...)
+ NOT-FOR-US: Goto WordPress theme
+CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24294 (The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP Word ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
+ NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
+CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24291 (The Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery WordP ...)
+ NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin
+CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto Classified ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows una ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or escaped ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, l ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, u ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...)
+ NOT-FOR-US: Supsystic WordPress plugin
+CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...)
+ NOT-FOR-US: Supsystic WordPress plugin
+CVE-2021-24274 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not s ...)
+ NOT-FOR-US: Supsystic WordPress plugin
+CVE-2021-24273 (The &#8220;Clever Addons for Elementor&#8221; WordPress Plugin before ...)
+ NOT-FOR-US: WordPress Plugin
+CVE-2021-24272 (The fitness calculators WordPress plugin before 1.9.6 add calculators ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24271 (The &#8220;Ultimate Addons for Elementor&#8221; WordPress Plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24270 (The &#8220;DeTheme Kit for Elementor&#8221; WordPress Plugin before 1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24269 (The &#8220;Sina Extension for Elementor&#8221; WordPress Plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24268 (The &#8220;JetWidgets For Elementor&#8221; WordPress Plugin before 1.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24267 (The &#8220;All-in-One Addons for Elementor &#8211; WidgetKit&#8221; Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24266 (The &#8220;The Plus Addons for Elementor Page Builder Lite&#8221; Word ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24265 (The &#8220;Rife Elementor Extensions &amp; Templates&#8221; WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24264 (The &#8220;Image Hover Effects &#8211; Elementor Addon&#8221; WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24263 (The &#8220;Elementor Addons &#8211; PowerPack Addons for Elementor&#82 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24262 (The &#8220;WooLentor &#8211; WooCommerce Elementor Addons + Builder&#8 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24261 (The &#8220;HT Mega &#8211; Absolute Addons for Elementor Page Builder& ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24260 (The &#8220;Livemesh Addons for Elementor&#8221; WordPress Plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24259 (The &#8220;Elementor Addon Elements&#8221; WordPress Plugin before 1.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24258 (The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24257 (The &#8220;Premium Addons for Elementor&#8221; WordPress Plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24256 (The &#8220;Elementor &#8211; Header, Footer &amp; Blocks Template&#822 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24255 (The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24254 (The College publisher Import WordPress plugin through 0.1 does not che ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24253 (The Classyfrieds WordPress plugin through 3.8 does not properly check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24252 (The Event Banner WordPress plugin through 1.3 does not verify the uplo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24251 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24250 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24249 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24248 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24247 (The Contact Form Check Tester WordPress plugin through 1.0.2 settings ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24246 (The Workscout Core WordPress plugin before 1.3.4, used by the WorkScou ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24245 (The Stop Spammers WordPress plugin before 2021.9 did not escape user i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24244 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24243 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24242 (The Tutor LMS &#8211; eLearning and online course solution WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24241 (The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24240 (The Business Hours Pro WordPress plugin through 5.5.0 allows a remote ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24239 (The Pie Register &#8211; User Registration Forms. Invitation based reg ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24238 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24237 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24236 (The Imagements WordPress plugin through 1.2.5 allows images to be uplo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24235 (The Goto WordPress theme before 2.0 does not sanitise the keywords and ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24234 (The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24233 (The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24232 (The Advanced Booking Calendar WordPress plugin before 1.6.8 does not s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24231 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...)
+ NOT-FOR-US: Jetpack
+CVE-2021-24230 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24229 (The Jetpack Scan team identified a Reflected Cross-Site Scripting via ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24228 (The Jetpack Scan team identified a Reflected Cross-Site Scripting in t ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24227 (The Jetpack Scan team identified a Local File Disclosure vulnerability ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24226 (In the AccessAlly WordPress plugin before 3.5.7, the file "resource/fr ...)
+ NOT-FOR-US: AccessAlly WordPress plugin
+CVE-2021-24225 (The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sa ...)
+ NOT-FOR-US: Advanced Booking Calendar WordPress plugin
+CVE-2021-24224 (The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordP ...)
+ NOT-FOR-US: Easy Form Builder WordPress plugin
+CVE-2021-24223 (The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitr ...)
+ NOT-FOR-US: N5 Upload Form WordPress plugin
+CVE-2021-24222 (The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from ...)
+ NOT-FOR-US: WP-Curriculo Vitae Free WordPress plugin
+CVE-2021-24221 (The Quiz And Survey Master &#8211; Best Quiz, Exam and Survey Plugin f ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24220 (Thrive &#8220;Legacy&#8221; Rise by Thrive Themes WordPress theme befo ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24219 (The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24218 (The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX act ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24217 (The run_action function of the Facebook for WordPress plugin before 3. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24216
+ RESERVED
+CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24213 (The GiveWP &#8211; Donation Plugin and Fundraising Platform WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24211 (The WordPress Related Posts plugin through 3.6.4 contains an authentic ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24210 (There is an open redirect in the PhastPress WordPress plugin before 1. ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24209 (The WP Super Cache WordPress plugin before 1.7.2 was affected by an au ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24208 (The editor of the WP Page Builder WordPress plugin before 1.2.4 allows ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24207 (By default, the WP Page Builder WordPress plugin before 1.2.4 allows s ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24206 (In the Elementor Website Builder WordPress plugin before 3.1.4, the im ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24205 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ic ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24204 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ac ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24203 (In the Elementor Website Builder WordPress plugin before 3.1.4, the di ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24202 (In the Elementor Website Builder WordPress plugin before 3.1.4, the he ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24201 (In the Elementor Website Builder WordPress plugin before 3.1.4, the co ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24200 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24199 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24198 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24197 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24195 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24194 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24193 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24192 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24191 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24190 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24189 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24188 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect Manager ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24185 (The tutor_place_rating AJAX action from the Tutor LMS &#8211; eLearnin ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24184 (Several AJAX endpoints in the Tutor LMS &#8211; eLearning and online c ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24183 (The tutor_quiz_builder_get_question_form AJAX action from the Tutor LM ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24182 (The tutor_quiz_builder_get_answers_by_question AJAX action from the Tu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS &#8211 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24179 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24178 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24175 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24174 (The Database Backups WordPress plugin through 1.2.2.6 does not have CS ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24173 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24172 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24171 (The WooCommerce Upload Files WordPress plugin before 59.4 ran a single ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24170 (The REST API endpoint get_users in the User Profile Picture WordPress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24169 (This Advanced Order Export For WooCommerce WordPress plugin before 3.1 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24168 (The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not prop ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24167 (When visiting a site running Web-Stat &lt; 1.4.0, the "wts_web_stat_lo ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24166 (The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form &#82 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24165 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24164 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low- ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24163 (The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, di ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24162 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24161 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24160 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, s ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24159 (Due to the lack of sanitization and lack of nonce protection on the cu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24158 (Orbit Fox by ThemeIsle has a feature to add a registration form to bot ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24157 (Orbit Fox by ThemeIsle has a feature to add custom scripts to the head ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24156 (Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24155 (The WordPress Backup and Migrate Plugin &#8211; Backup Guard WordPress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24154 (The Theme Editor WordPress plugin before 2.6 did not validate the GET ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in the Yoas ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24151
+ RESERVED
+CVE-2021-24150 (The LikeBtn WordPress Like Button Rating &#9829; LikeBtn WordPress plu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...)
+ NOT-FOR-US: MStore API WordPress plugin
+CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern Events Cal ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar Lite WordPr ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite WordPress plu ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin, version ...)
+ NOT-FOR-US: Contact Form 7 Database Addon plugin,
+CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin, versions bef ...)
+ NOT-FOR-US: AccessPress Social Icons plugin
+CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPre ...)
+ NOT-FOR-US: 301 Redirects - Easy Redirect Manager WordPress plugin
+CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin, versions be ...)
+ NOT-FOR-US: Advanced Database Cleaner plugin
+CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin, versions bef ...)
+ NOT-FOR-US: Ajax Load More WordPress plugin
+CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress ...)
+ NOT-FOR-US: Photo Gallery (10Web Photo Gallery) WordPress plugin
+CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions before 5. ...)
+ NOT-FOR-US: AdRotate WordPress plugin
+CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin, versions before ...)
+ NOT-FOR-US: Blog2Social WordPress plugin
+CVE-2021-24136 (Unvalidated input and lack of output encoding in the Testimonials Widg ...)
+ NOT-FOR-US: Testimonials Widget WordPress plugin
+CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP Customer Revie ...)
+ NOT-FOR-US: WP Customer Reviews WordPress plugin
+CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant Contact ...)
+ NOT-FOR-US: Constant Contact Forms WordPress plugin
+CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions b ...)
+ NOT-FOR-US: ActiveCampaign WordPress plugin
+CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36, in the b ...)
+ NOT-FOR-US: 10Web WordPress plugin
+CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, vers ...)
+ NOT-FOR-US: Anti-Spam by CleanTalk WordPress plugin
+CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress plugin, versio ...)
+ NOT-FOR-US: WP Google Map Plugin WordPress plugin
+CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify Portfolio ...)
+ NOT-FOR-US: Themify Portfolio Post WordPress plugin
+CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team Members Word ...)
+ NOT-FOR-US: Team Members WordPress plugin
+CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffiliates ...)
+ NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin
+CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...)
+ NOT-FOR-US: Envira Gallery Lite WordPress plugin
+CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin bef ...)
+ NOT-FOR-US: Contact Form Submissions WordPress plugin
+CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP Shieldon WordP ...)
+ NOT-FOR-US: WP Shieldon WordPress plugin
+CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin, versions bef ...)
+ NOT-FOR-US: PowerPress WordPress plugin
+CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...)
+ {DLA-2594-1}
+ - tomcat9 9.0.40-1 (unimportant)
+ - tomcat8 <removed> (unimportant)
+ - tomcat7 <removed> (unimportant)
+ NOTE: https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533 (9.0.40)
+ NOTE: https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9 (8.5.60)
+ NOTE: https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177 (7.0.107)
+ NOTE: Issue when erving resources from a network location using the NTFS file system.
+CVE-2021-21261 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4830-1}
+ - flatpak 1.8.5-1
+ [stretch] - flatpak <not-affected> (app portal introduced in 0.11.4)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
+ NOTE: Fixed by:
+ NOTE: https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486
+ NOTE: https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b
+ NOTE: https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4
+ NOTE: https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba
+ NOTE: Automated tests:
+ NOTE: https://github.com/flatpak/flatpak/commit/821249844bbb7e52cbf4508b4de18c05e8592220
+ NOTE: https://github.com/flatpak/flatpak/commit/39a5621e6941b9d27bf89b63e8fb6cad6e279e53
+ NOTE: https://github.com/flatpak/flatpak/commit/d19f6c330aa42e17df6dc36d12b6f4dfa507dbb3
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/21/4
+CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allow ...)
+ NOT-FOR-US: Dolby Audio X2 (DAX2) API service
+CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android ...)
+ NOT-FOR-US: Ionic Identity Vault
+CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/b8e34e1f6f785bf00634ee561c89c30c45f4c689 (v2018.2)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/7c1d565465f78a7937f089857f3980045f27fd6e (v3002.3)
+CVE-2021-3143
+ RESERVED
+CVE-2021-3142
+ REJECTED
+CVE-2021-3141 (In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is st ...)
+ NOT-FOR-US: Unisys
+CVE-2021-24121
+ RESERVED
+CVE-2021-24120
+ RESERVED
+CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in b ...)
+ {DLA-2826-1}
+ - mbedtls 2.16.11-0.1
+ [bullseye] - mbedtls <no-dsa> (Minor issue)
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ NOTE: Fixed in 2.26.0: https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
+CVE-2021-24118
+ RESERVED
+CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...)
+ NOT-FOR-US: Rust SGX
+CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...)
+ - wolfssl 5.0.0-1 (bug #991663)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
+CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used for ce ...)
+ - botan 2.17.3+dfsg-1
+ [buster] - botan <no-dsa> (Minor issue)
+ - botan1.10 <removed>
+ [stretch] - botan1.10 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/randombit/botan/pull/2549
+CVE-2021-24114 (Microsoft Teams iOS Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24113 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24112 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24111 (.NET Framework Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24110 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24108 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24107 (Windows Event Tracing Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24104 (Microsoft SharePoint Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24101 (Microsoft Dataverse Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24100 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24099 (Skype for Business and Lync Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24097
+ RESERVED
+CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24095 (DirectX Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24090 (Windows Error Reporting Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24089 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24087 (Azure IoT CLI extension Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24086 (Windows TCP/IP Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24085 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24084 (Windows Mobile Device Management Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24083 (Windows Address Book Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24082 (Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24081 (Microsoft Windows Codecs Library Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24080 (Windows Trust Verification API Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24079 (Windows Backup Engine Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24078 (Windows DNS Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24077 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24076 (Microsoft Windows VMSwitch Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24075 (Windows Network File System Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24074 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24073 (Skype for Business and Lync Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24072 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24071 (Microsoft SharePoint Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24070 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24069 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24068 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24067 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24066 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24065
+ RESERVED
+CVE-2021-24064
+ RESERVED
+CVE-2021-24063
+ RESERVED
+CVE-2021-24062
+ RESERVED
+CVE-2021-24061
+ RESERVED
+CVE-2021-24060
+ RESERVED
+CVE-2021-24059
+ RESERVED
+CVE-2021-24058
+ RESERVED
+CVE-2021-24057
+ RESERVED
+CVE-2021-24056
+ RESERVED
+CVE-2021-24055
+ RESERVED
+CVE-2021-24054
+ RESERVED
+CVE-2021-24053
+ RESERVED
+CVE-2021-24052
+ RESERVED
+CVE-2021-24051
+ RESERVED
+CVE-2021-24050
+ RESERVED
+CVE-2021-24049
+ RESERVED
+CVE-2021-24048
+ RESERVED
+CVE-2021-24047
+ RESERVED
+CVE-2021-24046 (A logic flaw in Ray-Ban&#174; Stories device software allowed some par ...)
+ NOT-FOR-US: Facebook View
+CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24043 (A missing bound check in RTCP flag parsing code prior to WhatsApp for ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...)
+ NOT-FOR-US: Facebook ParlAI
+CVE-2021-24039
+ RESERVED
+CVE-2021-24038 (Due to a bug with management of handles in OVRServiceLauncher.exe, an ...)
+ NOT-FOR-US: Oculus Desktop
+CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf could cause ...)
+ - hhvm <removed>
+CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...)
+ NOT-FOR-US: WhatsApp
+CVE-2021-24034
+ RESERVED
+CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
+ NOT-FOR-US: react-dev-utils
+CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...)
+ NOT-FOR-US: Facebook Gameroom
+CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially crafte ...)
+ NOT-FOR-US: mvfst
+CVE-2021-24028 (An invalid free in Thrift's table-based serialization can cause the ap ...)
+ NOT-FOR-US: Facebook Thrift (Debian packages Apache Thrift)
+CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android v2.21.4.18 a ...)
+ NOT-FOR-US: WhatsApp
+CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for WhatsApp ...)
+ NOT-FOR-US: WhatsApp
+CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
+ - hhvm <removed>
+CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...)
+ NOT-FOR-US: FortiADCManager
+CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may allow a ...)
+ NOT-FOR-US: FortiAI (FortiGuard)
+CVE-2021-24022 (A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24021 (An improper neutralization of input vulnerability [CWE-79] in FortiAna ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24020 (A missing cryptographic step in the implementation of the hash digest ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24019 (An insufficient session expiration vulnerability [CWE- 613] in FortiCl ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24018 (A buffer underwrite vulnerability in the firmware verification routine ...)
+ NOT-FOR-US: FortiOS
+CVE-2021-24017 (An improper authentication in Fortinet FortiManager version 6.4.3 and ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24016 (An improper neutralization of formula elements in a csv file in Fortin ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-24014 (Multiple instances of improper neutralization of input during web page ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...)
+ NOT-FOR-US: FortiGate
+CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-24009
+ RESERVED
+CVE-2021-24008
+ RESERVED
+CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24006 (An improper access control vulnerability in FortiManager versions 6.4. ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-24004
+ RESERVED
+CVE-2021-24003
+ RESERVED
+CVE-2021-3140
+ RESERVED
+CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy ...)
+ - tcmu 1.5.2-6 (bug #980007)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/13/5
+ NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645
+ NOTE: https://github.com/open-iscsi/tcmu-runner/pull/644
+ NOTE: Fixed by: https://github.com/open-iscsi/tcmu-runner/commit/2b16e96e6b63d0419d857f53e4cc67f0adb383fd
+ NOTE: Some followup fixes: https://github.com/open-iscsi/tcmu-runner/pull/646
+ NOTE: https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663
+ NOTE: https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a
+ NOTE: https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
+CVE-2021-24002 (When a user clicked on an FTP URL containing encoded newline character ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-24002
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-24002
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24002
+CVE-2021-24001 (A compromised content process could have performed session history man ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24001
+CVE-2021-24000 (A race condition with requestPointerLock() and setTimeout() could have ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000
+CVE-2021-23999 (If a Blob URL was loaded through some unusual user interaction, it cou ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
+CVE-2021-23998 (Through complicated navigations with new windows, an HTTP page could h ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998
+CVE-2021-23997 (Due to unexpected data type conversions, a use-after-free could have o ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23997
+CVE-2021-23996 (By utilizing 3D CSS in conjunction with Javascript, content could have ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996
+CVE-2021-23995 (When Responsive Design Mode was enabled, it used references to objects ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995
+CVE-2021-23994 (A WebGL framebuffer was not initialized early enough, resulting in mem ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994
+CVE-2021-23993 (An attacker may perform a DoS attack to prevent a user from sending en ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993
+CVE-2021-23992 (Thunderbird did not check if the user ID associated with an OpenPGP ke ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992
+CVE-2021-23991 (If a Thunderbird user has previously imported Alice's OpenPGP key, and ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991
+CVE-2021-23990
+ RESERVED
+CVE-2021-23989
+ RESERVED
+CVE-2021-23988 (Mozilla developers reported memory safety bugs present in Firefox 86. ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
+CVE-2021-23987 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23987
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23987
+CVE-2021-23986 (A malicious extension with the 'search' permission could have installe ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23986
+CVE-2021-23985 (If an attacker is able to alter specific about:config values (for exam ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
+CVE-2021-23984 (A malicious extension could have opened a popup window lacking an addr ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984
+CVE-2021-23983 (By causing a transition on a parent node by removing a CSS rule, an in ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
+CVE-2021-23982 (Using techniques that built on the slipstream research, a malicious we ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23982
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
+CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused the WebG ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981
+CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False]
+ RESERVED
+ {DSA-4892-1 DLA-2620-1}
+ - python-bleach 3.2.1-2.1 (bug #986251)
+ NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
+ NOTE: https://github.com/mozilla/bleach/commit/1334134d34397966a7f7cfebd38639e9ba2c680e
+ NOTE: https://github.com/mozilla/bleach/commit/d398c89e54ced6b1039d3677689707456ba42dec
+CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85. ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
+CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23978
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23978
+CVE-2021-23977 (Firefox for Android suffered from a time-of-check-time-of-use vulnerab ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23977
+CVE-2021-23976 (When accepting a malicious intent from other installed apps, Firefox f ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23976
+CVE-2021-23975 (The developer page about:memory has a Measure function for exploring w ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23975
+CVE-2021-23974 (The DOMParser API did not properly process '&lt;noscript&gt;' elements ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
+CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video context ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23973
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23973
+CVE-2021-23972 (One phishing tactic on the web is to provide a link with HTTP Auth. Fo ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23972
+CVE-2021-23971 (When processing a redirect with a conflicting Referrer-Policy, Firefox ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23971
+CVE-2021-23970 (Context-specific code was included in a shared jump table; resulting i ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
+CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when creating a ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
+CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full destinat ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23968
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23968
+CVE-2021-23967
+ RESERVED
+CVE-2021-23966
+ RESERVED
+CVE-2021-23965 (Mozilla developers reported memory safety bugs present in Firefox 84. ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
+CVE-2021-23964 (Mozilla developers reported memory safety bugs present in Firefox 84 a ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23964
+CVE-2021-23963 (When sharing geolocation during an active WebRTC share, Firefox could ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23963
+CVE-2021-23962 (Incorrect use of the '&lt;RowCountChanged&gt;' method could have led t ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962
+CVE-2021-23961 (Further techniques that built on the slipstream research combined with ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 85.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23961
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23961
+CVE-2021-23960 (Performing garbage collection on re-declared JavaScript variables resu ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23960
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23960
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23960
+CVE-2021-23959 (An XSS bug in internal error pages could have led to various spoofing ...)
+ - firefox <not-affected> (Only affects Firefox for Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23959
+CVE-2021-23958 (The browser could have been confused into transferring a screen sharin ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23958
+CVE-2021-23957 (Navigations through the Android-specific `intent` URL scheme could hav ...)
+ - firefox <not-affected> (Only affects Firefox for Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23957
+CVE-2021-23956 (An ambiguous file picker design could have confused users who intended ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23956
+CVE-2021-23955 (The browser could have been confused into transferring a pointer lock ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
+CVE-2021-23954 (Using the new logical assignment operators in a JavaScript switch stat ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23954
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23954
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
+CVE-2021-23953 (If a user clicked into a specifically crafted PDF, the PDF reader coul ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23953
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23953
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23953
+CVE-2021-23952
+ RESERVED
+CVE-2021-23951
+ RESERVED
+CVE-2021-23950
+ RESERVED
+CVE-2021-23949
+ RESERVED
+CVE-2021-23948
+ RESERVED
+CVE-2021-23947
+ RESERVED
+CVE-2021-23946
+ RESERVED
+CVE-2021-23945
+ RESERVED
+CVE-2021-23944
+ RESERVED
+CVE-2021-23943
+ RESERVED
+CVE-2021-23942
+ RESERVED
+CVE-2021-23941
+ RESERVED
+CVE-2021-23940
+ RESERVED
+CVE-2021-23939
+ RESERVED
+CVE-2021-23938
+ RESERVED
+CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in WebClie ...)
+ NOT-FOR-US: Apache Wicket
+CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...)
+ NOT-FOR-US: Discourse
+CVE-2021-3137 (XWiki 12.10.2 allows XSS via an SVG document to the upload feature of ...)
+ NOT-FOR-US: XWiki
+CVE-2021-3136
+ RESERVED
+CVE-2021-3135 (An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for Wor ...)
+ NOT-FOR-US: tagDiv Newspaper theme for WordPress
+CVE-2021-23936 (OX App Suite through 7.10.4 allows XSS via the subject of a task. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23935 (OX App Suite through 7.10.4 allows XSS via an appointment in which the ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23934 (OX App Suite through 7.10.4 allows XSS via a contact whose name contai ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23933 (OX App Suite through 7.10.4 allows XSS via JavaScript in a Note refere ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23932 (OX App Suite through 7.10.4 allows XSS via an inline image with a craf ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23931 (OX App Suite through 7.10.4 allows XSS via an inline binary file. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23930 (OX App Suite through 7.10.4 allows XSS via use of the conversion API f ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23929 (OX App Suite through 7.10.4 allows XSS via a crafted Content-Dispositi ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests que ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ character ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...)
+ {DLA-2693-1}
+ - xmlbeans 3.0.2-1
+ NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517
+CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-23924 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-23923 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager before 2 ...)
+ NOT-FOR-US: Devolutions Remote Desktop Manager
+CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute commands, ...)
+ NOT-FOR-US: Mubu
+CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress allows C ...)
+ NOT-FOR-US: Elementor Contact Form DB plugin for WordPress
+CVE-2021-3132
+ RESERVED
+CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 enco ...)
+ NOT-FOR-US: 1C:Enterprise
+CVE-2021-3130 (Within the Open-AudIT up to version 3.5.3 application, the web interfa ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, allows u ...)
+ NOT-FOR-US: Ignition
+CVE-2021-3128 (In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers ...)
+ NOT-FOR-US: ASUS
+CVE-2021-23920
+ RESERVED
+CVE-2021-23919
+ RESERVED
+CVE-2021-23918
+ RESERVED
+CVE-2021-23917
+ RESERVED
+CVE-2021-23916
+ RESERVED
+CVE-2021-23915
+ RESERVED
+CVE-2021-23914
+ RESERVED
+CVE-2021-23913
+ RESERVED
+CVE-2021-23912
+ RESERVED
+CVE-2021-23911
+ RESERVED
+CVE-2021-23910 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2021-23909 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2021-23908 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles
+CVE-2021-23907 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles
+CVE-2021-23906 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles
+CVE-2021-23905
+ RESERVED
+CVE-2021-23904
+ RESERVED
+CVE-2021-23903
+ RESERVED
+CVE-2021-23902
+ RESERVED
+CVE-2021-23901 (An XML external entity (XXE) injection vulnerability was discovered in ...)
+ NOT-FOR-US: Apache Nutch
+CVE-2021-23900 (OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an ...)
+ NOT-FOR-US: OWASP json-sanitizer
+CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDA ...)
+ NOT-FOR-US: OWASP json-sanitizer
+CVE-2021-23898
+ RESERVED
+CVE-2021-23897
+ REJECTED
+CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...)
+ - rust-smallvec 1.4.2-2 (bug #984665)
+ [buster] - rust-smallvec <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html
+ NOTE: https://github.com/servo/rust-smallvec/issues/252
+CVE-2021-3127 (NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorre ...)
+ NOT-FOR-US: nats-server
+CVE-2021-3126
+ RESERVED
+CVE-2021-23896 (Cleartext Transmission of Sensitive Information vulnerability in the a ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23895 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver of McAfe ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23887 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23886 (Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) E ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23884 (Cleartext Transmission of Sensitive Information vulnerability in the e ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23881 (A stored cross site scripting vulnerability in ePO extension of McAfee ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint Security (ENS) ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product Removal ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial installer of M ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23875
+ RESERVED
+CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protection ( ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23872 (Privilege Escalation vulnerability in the File Lock component of McAfe ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23871
+ RESERVED
+CVE-2021-23870
+ RESERVED
+CVE-2021-23869
+ RESERVED
+CVE-2021-23868
+ RESERVED
+CVE-2021-23867
+ RESERVED
+CVE-2021-23866
+ RESERVED
+CVE-2021-23865
+ RESERVED
+CVE-2021-23864
+ RESERVED
+CVE-2021-23863 (HTML code injection vulnerability in Android Application, Bosch Video ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23861 (By executing a special command, an user with administrative rights can ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23860 (An error in a page handler of the VRM may lead to a reflected cross si ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23859 (An unauthenticated attacker is able to send a special HTTP request, th ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23856 (The web server is vulnerable to reflected XSS and therefore an attacke ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23855 (The user and password data base is exposed by an unprotected web serve ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP cameras c ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23851
+ RESERVED
+CVE-2021-23850
+ RESERVED
+CVE-2021-23849 (A vulnerability in the web-based interface allows an unauthenticated r ...)
+ NOT-FOR-US: Bosch IP cameras
+CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23844
+ RESERVED
+CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
+ {DSA-4855-1 DLA-2565-1 DLA-2563-1}
+ - openssl 1.1.1j-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20210216.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j)
+CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
+ {DSA-4855-1 DLA-2565-1 DLA-2563-1}
+ - openssl 1.1.1j-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20210216.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (OpenSSL_1_1_1j)
+CVE-2021-23839 (OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 ...)
+ - openssl 1.0.0d-1
+ - openssl1.0 <not-affected> (SSL2 disabled before openssl1.0 was uploaded)
+ NOTE: https://www.openssl.org/news/secadv/20210216.txt
+ NOTE: SSL2 disabled since 1.0.0d-1 (1.0.0c-2 in experimental)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=901f1ef7dacb6b3bde63233a1f623e1fa2f0f058 (OpenSSL_1_1_1j)
+CVE-2021-23838 (An issue was discovered in flatCore before 2.0.0 build 139. A reflecte ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-23837 (An issue was discovered in flatCore before 2.0.0 build 139. A time-bas ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-23836 (An issue was discovered in flatCore before 2.0.0 build 139. A stored X ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A local fi ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-3125 (In TP-Link TL-XDR3230 &lt; 1.0.12, TL-XDR1850 &lt; 1.0.9, TL-XDR1860 & ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...)
+ NOT-FOR-US: WordPress Plugin Custom Global Variables
+CVE-2021-3123
+ RESERVED
+CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...)
+ NOT-FOR-US: CMCAgent in NCR Command Center Agent
+CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...)
+ - golang-gogoprotobuf 1.3.2-1
+ [buster] - golang-gogoprotobuf <no-dsa> (Minor issue)
+ [stretch] - golang-gogoprotobuf <no-dsa> (Minor issue)
+ NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
+CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...)
+ NOT-FOR-US: YITH WooCommerce Gift Cards Premium plugin for WordPress
+CVE-2021-3119 (Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing is ...)
+ - sqlcipher <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4
+CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
+ NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
+CVE-2021-3117
+ RESERVED
+CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py in prox ...)
+ NOT-FOR-US: proxy.py
+CVE-2021-3115 (Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to ...)
+ - golang-1.15 1.15.7-1
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <ignored> (Minor issue, only applies to inherently insecure setups)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue, requires unsecure PATH and compiling a malicious dependency)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue, requires unsecure PATH and compiling a malicious dependency)
+ NOTE: https://github.com/golang/go/issues/43783
+ NOTE: https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0 (master)
+ NOTE: https://github.com/golang/go/commit/e8e7facfaa47bf21007c0a1c679debba52ec3ea0 (1.15.7)
+ NOTE: Mainly an issue on Windows but as well for Unix users who have '.' listed
+ NOTE: explicitly in PATH and running 'go get' outside of a module or with module
+ NOTE: mode disabled.
+CVE-2021-3114 (In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go ...)
+ {DSA-4848-1 DLA-2592-1 DLA-2591-1}
+ - golang-1.15 1.15.7-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/43786
+ NOTE: https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871 (master)
+ NOTE: https://github.com/golang/go/commit/5c8fd727c41e31273923c32b33d4f25855f4e123 (1.15.7)
+CVE-2021-23834
+ RESERVED
+CVE-2021-23833
+ RESERVED
+CVE-2021-23832
+ RESERVED
+CVE-2021-23831
+ RESERVED
+CVE-2021-23830
+ RESERVED
+CVE-2021-23829
+ RESERVED
+CVE-2021-23828
+ RESERVED
+CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...)
+ NOT-FOR-US: Keybase Desktop Client
+CVE-2021-23826
+ RESERVED
+CVE-2021-23825
+ RESERVED
+CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...)
+ NOT-FOR-US: CrowCpp
+CVE-2021-23823
+ RESERVED
+CVE-2021-23822
+ RESERVED
+CVE-2021-23821
+ RESERVED
+CVE-2021-23820 (This affects all versions of package json-pointer. A type confusion vu ...)
+ NOT-FOR-US: Node json-pointer
+CVE-2021-23819
+ RESERVED
+CVE-2021-23818
+ RESERVED
+CVE-2021-23817
+ RESERVED
+CVE-2021-23816
+ RESERVED
+CVE-2021-23815
+ RESERVED
+CVE-2021-23814 (This affects the package unisharp/laravel-filemanager from 0.0.0. The ...)
+ NOT-FOR-US: Laravel Filemanager
+CVE-2021-23813
+ RESERVED
+CVE-2021-23812
+ RESERVED
+CVE-2021-23811
+ RESERVED
+CVE-2021-23810
+ RESERVED
+CVE-2021-23809
+ RESERVED
+CVE-2021-23808
+ RESERVED
+CVE-2021-23807 (This affects the package jsonpointer before 5.0.0. A type confusion vu ...)
+ NOT-FOR-US: Node json-pointer
+CVE-2021-23806
+ RESERVED
+CVE-2021-23805
+ RESERVED
+CVE-2021-23804
+ RESERVED
+CVE-2021-23803 (This affects the package latte/latte before 2.10.6. There is a way to ...)
+ - php-nette <removed>
+ [stretch] - php-nette <not-affected> (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.)
+ NOTE: https://github.com/nette/latte/commit/227c86eda9a8a6d060ea8501923e768b6d992210
+ NOTE: https://github.com/nette/latte/issues/279
+CVE-2021-23802
+ RESERVED
+CVE-2021-23801
+ RESERVED
+CVE-2021-23800
+ RESERVED
+CVE-2021-23799
+ RESERVED
+CVE-2021-23798
+ RESERVED
+CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...)
+ NOT-FOR-US: Node http-server
+CVE-2021-23796
+ RESERVED
+CVE-2021-23795
+ RESERVED
+CVE-2021-23794
+ RESERVED
+CVE-2021-23793
+ RESERVED
+CVE-2021-23792
+ RESERVED
+CVE-2021-23791
+ RESERVED
+CVE-2021-23790
+ RESERVED
+CVE-2021-23789
+ RESERVED
+CVE-2021-23788
+ RESERVED
+CVE-2021-23787
+ RESERVED
+CVE-2021-23786
+ RESERVED
+CVE-2021-23785
+ RESERVED
+CVE-2021-23784 (This affects the package tempura before 0.4.0. If the input to the esc ...)
+ NOT-FOR-US: tempura
+CVE-2021-23783
+ RESERVED
+CVE-2021-23782
+ RESERVED
+CVE-2021-23781
+ RESERVED
+CVE-2021-23780
+ RESERVED
+CVE-2021-23779
+ RESERVED
+CVE-2021-23778
+ RESERVED
+CVE-2021-23777
+ RESERVED
+CVE-2021-23776
+ RESERVED
+CVE-2021-23775
+ RESERVED
+CVE-2021-23774
+ RESERVED
+CVE-2021-23773
+ RESERVED
+CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...)
+ NOT-FOR-US: iris Go web framework
+CVE-2021-23771
+ RESERVED
+CVE-2021-23770
+ RESERVED
+CVE-2021-23769
+ RESERVED
+CVE-2021-23768
+ RESERVED
+CVE-2021-23767
+ RESERVED
+CVE-2021-23766
+ RESERVED
+CVE-2021-23765
+ RESERVED
+CVE-2021-23764
+ RESERVED
+CVE-2021-23763
+ RESERVED
+CVE-2021-23762
+ RESERVED
+CVE-2021-23761
+ RESERVED
+CVE-2021-23760 (The package keyget from 0.0.0 are vulnerable to Prototype Pollution vi ...)
+ NOT-FOR-US: Node keyget
+CVE-2021-23759
+ RESERVED
+CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...)
+ NOT-FOR-US: ajaxpro
+CVE-2021-23757
+ RESERVED
+CVE-2021-23756
+ RESERVED
+CVE-2021-23755
+ RESERVED
+CVE-2021-23754
+ RESERVED
+CVE-2021-23753
+ RESERVED
+CVE-2021-23752
+ RESERVED
+CVE-2021-23751
+ RESERVED
+CVE-2021-23750
+ RESERVED
+CVE-2021-23749
+ RESERVED
+CVE-2021-23748
+ RESERVED
+CVE-2021-23747
+ RESERVED
+CVE-2021-23746
+ RESERVED
+CVE-2021-23745
+ RESERVED
+CVE-2021-23744
+ RESERVED
+CVE-2021-23743
+ RESERVED
+CVE-2021-23742
+ RESERVED
+CVE-2021-23741
+ RESERVED
+CVE-2021-23740
+ RESERVED
+CVE-2021-23739
+ RESERVED
+CVE-2021-23738
+ RESERVED
+CVE-2021-23737
+ RESERVED
+CVE-2021-23736
+ RESERVED
+CVE-2021-23735
+ RESERVED
+CVE-2021-23734
+ RESERVED
+CVE-2021-23733
+ RESERVED
+CVE-2021-23732 (This affects all versions of package docker-cli-js. If the command par ...)
+ NOT-FOR-US: Node docker-cli-js
+CVE-2021-23731
+ RESERVED
+CVE-2021-23730
+ RESERVED
+CVE-2021-23729
+ RESERVED
+CVE-2021-23728
+ RESERVED
+CVE-2021-23727 (This affects the package celery before 5.2.2. It by default trusts the ...)
+ - celery 5.2.3-1
+ [bullseye] - celery <no-dsa> (Minor issue)
+ [buster] - celery <not-affected> (Vulnerable code not present)
+ [stretch] - celery <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/celery/celery/commit/5c3f1559df16c32fb8d82918b4497f688d42ad0a (v5.2.3)
+ NOTE: Introduced by: https://github.com/celery/celery/commit/d20b8a5d469c80f48468e251cbe6451c798d1c29 (4.4.0rc1)
+CVE-2021-23726
+ RESERVED
+CVE-2021-23725
+ RESERVED
+CVE-2021-23724
+ RESERVED
+CVE-2021-23723
+ RESERVED
+CVE-2021-23722
+ RESERVED
+CVE-2021-23721
+ RESERVED
+CVE-2021-23720
+ RESERVED
+CVE-2021-23719
+ RESERVED
+CVE-2021-23718 (The package ssrf-agent before 1.0.5 are vulnerable to Server-side Requ ...)
+ NOT-FOR-US: ssrf-agent
+CVE-2021-23717
+ RESERVED
+CVE-2021-23716
+ RESERVED
+CVE-2021-23715
+ RESERVED
+CVE-2021-23714
+ RESERVED
+CVE-2021-23713
+ RESERVED
+CVE-2021-23712
+ RESERVED
+CVE-2021-23711
+ RESERVED
+CVE-2021-23710
+ RESERVED
+CVE-2021-23709
+ RESERVED
+CVE-2021-23708
+ RESERVED
+CVE-2021-23707
+ RESERVED
+CVE-2021-23706
+ RESERVED
+CVE-2021-23705
+ RESERVED
+CVE-2021-23704
+ RESERVED
+CVE-2021-23703
+ RESERVED
+CVE-2021-23702 (The package object-extend from 0.0.0 are vulnerable to Prototype Pollu ...)
+ TODO: check
+CVE-2021-23701
+ RESERVED
+CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: merge-deep2 (fork of unaffected merge-deep).
+CVE-2021-23699
+ RESERVED
+CVE-2021-23698
+ RESERVED
+CVE-2021-23697
+ RESERVED
+CVE-2021-23696
+ RESERVED
+CVE-2021-23695
+ RESERVED
+CVE-2021-23694
+ RESERVED
+CVE-2021-23693
+ RESERVED
+CVE-2021-23692
+ RESERVED
+CVE-2021-23691
+ RESERVED
+CVE-2021-23690
+ RESERVED
+CVE-2021-23689
+ RESERVED
+CVE-2021-23688
+ RESERVED
+CVE-2021-23687
+ RESERVED
+CVE-2021-23686
+ RESERVED
+CVE-2021-23685
+ RESERVED
+CVE-2021-23684
+ RESERVED
+CVE-2021-23683
+ RESERVED
+CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...)
+ NOT-FOR-US: litespeed.js
+CVE-2021-23681
+ RESERVED
+CVE-2021-23680
+ RESERVED
+CVE-2021-23679
+ RESERVED
+CVE-2021-23678
+ RESERVED
+CVE-2021-23677
+ RESERVED
+CVE-2021-23676
+ RESERVED
+CVE-2021-23675
+ RESERVED
+CVE-2021-23674
+ RESERVED
+CVE-2021-23673 (This affects all versions of package pekeupload. If an attacker induce ...)
+ NOT-FOR-US: Node pekeupload
+CVE-2021-23672
+ RESERVED
+CVE-2021-23671
+ RESERVED
+CVE-2021-23670
+ RESERVED
+CVE-2021-23669
+ RESERVED
+CVE-2021-23668
+ RESERVED
+CVE-2021-23667
+ RESERVED
+CVE-2021-23666
+ RESERVED
+CVE-2021-23665
+ RESERVED
+CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ...)
+ NOT-FOR-US: cors-proxy
+CVE-2021-23663 (All versions of package sey are vulnerable to Prototype Pollution via ...)
+ NOT-FOR-US: sey - Deprecated Simple JavaScript build tool
+CVE-2021-23662
+ RESERVED
+CVE-2021-23661
+ RESERVED
+CVE-2021-23660
+ RESERVED
+CVE-2021-23659
+ RESERVED
+CVE-2021-23658
+ RESERVED
+CVE-2021-23657
+ RESERVED
+CVE-2021-23656
+ RESERVED
+CVE-2021-23655
+ RESERVED
+CVE-2021-23654 (This affects all versions of package html-to-csv. When there is a form ...)
+ NOT-FOR-US: html-to-csv
+CVE-2021-23653
+ RESERVED
+CVE-2021-23652
+ RESERVED
+CVE-2021-23651
+ RESERVED
+CVE-2021-23650
+ RESERVED
+CVE-2021-23649
+ RESERVED
+CVE-2021-23648
+ RESERVED
+CVE-2021-23647
+ RESERVED
+CVE-2021-23646
+ RESERVED
+CVE-2021-23645
+ RESERVED
+CVE-2021-23644
+ RESERVED
+CVE-2021-23643
+ RESERVED
+CVE-2021-23642
+ RESERVED
+CVE-2021-23641
+ RESERVED
+CVE-2021-23640
+ RESERVED
+CVE-2021-23639 (The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ...)
+ NOT-FOR-US: Node md-to-pdf
+CVE-2021-23638
+ RESERVED
+CVE-2021-23637
+ RESERVED
+CVE-2021-23636
+ RESERVED
+CVE-2021-23635
+ RESERVED
+CVE-2021-23634
+ RESERVED
+CVE-2021-23633
+ RESERVED
+CVE-2021-23632
+ RESERVED
+CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...)
+ NOT-FOR-US: Node convert-svg
+CVE-2021-23630
+ RESERVED
+CVE-2021-23629
+ RESERVED
+CVE-2021-23628
+ RESERVED
+CVE-2021-23627
+ RESERVED
+CVE-2021-23626
+ RESERVED
+CVE-2021-23625
+ RESERVED
+CVE-2021-23624 (This affects the package dotty before 0.1.2. A type confusion vulnerab ...)
+ NOT-FOR-US: Node dotty
+CVE-2021-23623
+ RESERVED
+CVE-2021-23622
+ RESERVED
+CVE-2021-23621
+ RESERVED
+CVE-2021-23620
+ RESERVED
+CVE-2021-23619
+ RESERVED
+CVE-2021-23618
+ RESERVED
+CVE-2021-23617
+ RESERVED
+CVE-2021-23616
+ RESERVED
+CVE-2021-23615
+ RESERVED
+CVE-2021-23614
+ RESERVED
+CVE-2021-23613
+ RESERVED
+CVE-2021-23612
+ RESERVED
+CVE-2021-23611
+ RESERVED
+CVE-2021-23610
+ RESERVED
+CVE-2021-23609
+ RESERVED
+CVE-2021-23608
+ RESERVED
+CVE-2021-23607
+ RESERVED
+CVE-2021-23606
+ RESERVED
+CVE-2021-23605
+ RESERVED
+CVE-2021-23604
+ RESERVED
+CVE-2021-23603
+ RESERVED
+CVE-2021-23602
+ RESERVED
+CVE-2021-23601
+ RESERVED
+CVE-2021-23600
+ RESERVED
+CVE-2021-23599
+ RESERVED
+CVE-2021-23598
+ RESERVED
+CVE-2021-23597 (This affects the package fastify-multipart before 5.3.1. By providing ...)
+ NOT-FOR-US: Node fastify
+CVE-2021-23596
+ RESERVED
+CVE-2021-23595
+ RESERVED
+CVE-2021-23594 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ NOT-FOR-US: realms-shim
+CVE-2021-23593
+ RESERVED
+CVE-2021-23592
+ RESERVED
+CVE-2021-23591
+ RESERVED
+CVE-2021-23590
+ RESERVED
+CVE-2021-23589
+ RESERVED
+CVE-2021-23588
+ RESERVED
+CVE-2021-23587
+ RESERVED
+CVE-2021-23586
+ RESERVED
+CVE-2021-23585
+ RESERVED
+CVE-2021-23584
+ RESERVED
+CVE-2021-23583
+ RESERVED
+CVE-2021-23582
+ RESERVED
+CVE-2021-23581
+ RESERVED
+CVE-2021-23580
+ RESERVED
+CVE-2021-23579
+ RESERVED
+CVE-2021-23578
+ RESERVED
+CVE-2021-23577
+ RESERVED
+CVE-2021-23576
+ RESERVED
+CVE-2021-23575
+ RESERVED
+CVE-2021-23574 (All versions of package js-data are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node js-data
+CVE-2021-23573
+ RESERVED
+CVE-2021-23572
+ RESERVED
+CVE-2021-23571
+ RESERVED
+CVE-2021-23570
+ RESERVED
+CVE-2021-23569
+ RESERVED
+CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: extend2 (fork of node-extend which is not affected)
+CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...)
+ - colors.js <not-affected> (Vulnerable code never in a released Debian version)
+ NOTE: https://github.com/Marak/colors.js/issues/285
+ NOTE: Introduced with: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
+CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...)
+ NOT-FOR-US: Node nanoid (NaN0-1D)
+CVE-2021-23565
+ RESERVED
+CVE-2021-23564
+ RESERVED
+CVE-2021-23563
+ RESERVED
+CVE-2021-23562 (This affects the package plupload before 2.3.9. A file name containing ...)
+ NOT-FOR-US: Node plupload
+CVE-2021-23561 (All versions of package comb are vulnerable to Prototype Pollution via ...)
+ NOT-FOR-US: Node comb
+CVE-2021-23560
+ RESERVED
+CVE-2021-23559
+ RESERVED
+CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node bmoor
+CVE-2021-23557
+ RESERVED
+CVE-2021-23556
+ RESERVED
+CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...)
+ NOT-FOR-US: Node vm2
+CVE-2021-23554
+ RESERVED
+CVE-2021-23553
+ RESERVED
+CVE-2021-23552
+ RESERVED
+CVE-2021-23551
+ RESERVED
+CVE-2021-23550
+ RESERVED
+CVE-2021-23549
+ RESERVED
+CVE-2021-23548
+ RESERVED
+CVE-2021-23547
+ RESERVED
+CVE-2021-23546
+ RESERVED
+CVE-2021-23545
+ RESERVED
+CVE-2021-23544
+ RESERVED
+CVE-2021-23543 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ NOT-FOR-US: realms-shim
+CVE-2021-23542
+ RESERVED
+CVE-2021-23541
+ RESERVED
+CVE-2021-23540
+ RESERVED
+CVE-2021-23539
+ RESERVED
+CVE-2021-23538
+ RESERVED
+CVE-2021-23537
+ RESERVED
+CVE-2021-23536
+ RESERVED
+CVE-2021-23535
+ RESERVED
+CVE-2021-23534
+ RESERVED
+CVE-2021-23533
+ RESERVED
+CVE-2021-23532
+ RESERVED
+CVE-2021-23531
+ RESERVED
+CVE-2021-23530
+ RESERVED
+CVE-2021-23529
+ RESERVED
+CVE-2021-23528
+ RESERVED
+CVE-2021-23527
+ RESERVED
+CVE-2021-23526
+ RESERVED
+CVE-2021-23525
+ RESERVED
+CVE-2021-23524
+ RESERVED
+CVE-2021-23523
+ RESERVED
+CVE-2021-23522
+ RESERVED
+CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This vulner ...)
+ - juce 6.1.5~ds0-1
+ [bullseye] - juce <no-dsa> (Minor issue)
+ [buster] - juce <no-dsa> (Minor issue)
+ [stretch] - juce <no-dsa> (Minor issue)
+ NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
+ NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608
+CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...)
+ - juce 6.1.5~ds0-1
+ [bullseye] - juce <no-dsa> (Minor issue)
+ [buster] - juce <no-dsa> (Minor issue)
+ [stretch] - juce <no-dsa> (Minor issue)
+ NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
+ NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388607
+ NOTE: https://snyk.io/research/zip-slip-vulnerability
+CVE-2021-23519
+ RESERVED
+CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
+ - node-cached-path-relative 1.1.0+~1.0.0-1 (bug #1004338)
+ [bullseye] - node-cached-path-relative <no-dsa> (Minor issue)
+ [buster] - node-cached-path-relative <no-dsa> (Minor issue)
+ NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
+ NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
+ NOTE: which was CVE-2018-16472.
+CVE-2021-23517
+ RESERVED
+CVE-2021-23516
+ RESERVED
+CVE-2021-23515
+ RESERVED
+CVE-2021-23514 (This affects the package Crow before 0.3+4. It is possible to traverse ...)
+ NOT-FOR-US: CrowCpp
+CVE-2021-23513
+ RESERVED
+CVE-2021-23512
+ RESERVED
+CVE-2021-23511
+ RESERVED
+CVE-2021-23510
+ RESERVED
+CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion vulne ...)
+ NOT-FOR-US: Node json-ptr
+CVE-2021-23508
+ RESERVED
+CVE-2021-23507 (The package object-path-set before 1.0.2 are vulnerable to Prototype P ...)
+ NOT-FOR-US: Node object-path-set
+CVE-2021-23506
+ RESERVED
+CVE-2021-23505
+ RESERVED
+CVE-2021-23504
+ RESERVED
+CVE-2021-23503
+ RESERVED
+CVE-2021-23502
+ RESERVED
+CVE-2021-23501
+ RESERVED
+CVE-2021-23500
+ RESERVED
+CVE-2021-23499
+ RESERVED
+CVE-2021-23498
+ RESERVED
+CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allows an a ...)
+ NOT-FOR-US: Node strikeentco/set
+CVE-2021-23496
+ RESERVED
+CVE-2021-23495
+ RESERVED
+CVE-2021-23494
+ RESERVED
+CVE-2021-23493
+ RESERVED
+CVE-2021-23492
+ RESERVED
+CVE-2021-23491
+ RESERVED
+CVE-2021-23490 (The package parse-link-header before 2.0.0 are vulnerable to Regular E ...)
+ NOT-FOR-US: parse-link-header
+CVE-2021-23489
+ RESERVED
+CVE-2021-23488
+ RESERVED
+CVE-2021-23487
+ RESERVED
+CVE-2021-23486
+ RESERVED
+CVE-2021-23485
+ RESERVED
+CVE-2021-23484 (The package zip-local before 0.3.5 are vulnerable to Arbitrary File Wr ...)
+ NOT-FOR-US: zip-local
+CVE-2021-23483
+ RESERVED
+CVE-2021-23482
+ RESERVED
+CVE-2021-23481
+ RESERVED
+CVE-2021-23480
+ RESERVED
+CVE-2021-23479
+ RESERVED
+CVE-2021-23478
+ RESERVED
+CVE-2021-23477
+ RESERVED
+CVE-2021-23476
+ RESERVED
+CVE-2021-23475
+ RESERVED
+CVE-2021-23474
+ RESERVED
+CVE-2021-23473
+ RESERVED
+CVE-2021-23472 (This affects versions before 1.19.1 of package bootstrap-table. A type ...)
+ NOT-FOR-US: bootstrap-table
+ NOTE: URL in CVE has moved. https://github.com/wenzhixin/bootstrap-table/pull/5941
+CVE-2021-23471
+ RESERVED
+CVE-2021-23470 (This affects the package putil-merge before 3.8.0. The merge() functio ...)
+ NOT-FOR-US: Node putil-merge
+CVE-2021-23469
+ RESERVED
+CVE-2021-23468
+ RESERVED
+CVE-2021-23467
+ RESERVED
+CVE-2021-23466
+ RESERVED
+CVE-2021-23465
+ RESERVED
+CVE-2021-23464
+ RESERVED
+CVE-2021-23463 (The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...)
+ - h2database <not-affected> (vulnerable method is not supported; vulnerable code introduced in 1.4.198)
+ NOTE: https://github.com/h2database/h2database/issues/3195
+ NOTE: https://github.com/h2database/h2database/pull/3199
+ NOTE: Introduced in: https://github.com/h2database/h2database/commit/1cfd2ffad975b31de3f20711bab19a121bfad20c (version-1.4.198)
+ NOTE: Fixed by: https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8 (version-2.0.202)
+CVE-2021-23462
+ RESERVED
+CVE-2021-23461
+ RESERVED
+CVE-2021-23460 (The package min-dash before 3.8.1 are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: bpmn.io min-dash
+CVE-2021-23459
+ RESERVED
+CVE-2021-23458
+ RESERVED
+CVE-2021-23457
+ RESERVED
+CVE-2021-23456
+ RESERVED
+CVE-2021-23455
+ RESERVED
+CVE-2021-23454
+ RESERVED
+CVE-2021-23453
+ RESERVED
+CVE-2021-23452 (This affects all versions of package x-assign. The global proto object ...)
+ NOT-FOR-US: x-assign JS
+CVE-2021-23451
+ RESERVED
+CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
+ - dojo <unfixed>
+ NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
+ NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9
+CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
+ NOT-FOR-US: vm2 JS
+ NOTE: https://github.com/patriksimek/vm2
+CVE-2021-23448 (All versions of package config-handler are vulnerable to Prototype Pol ...)
+ NOT-FOR-US: config-handler JS
+CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vulnerab ...)
+ NOT-FOR-US: teddy templating engine
+CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from ...)
+ NOT-FOR-US: Node handsontable
+CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
+ - datatables.js 1.10.21+dfsg-3 (bug #995229)
+ [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
+ [buster] - datatables.js <no-dsa> (Minor issue)
+ [stretch] - datatables.js <no-dsa> (Minor issue)
+ NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3)
+CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...)
+ NOT-FOR-US: Node jointjs
+CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion vulner ...)
+ NOT-FOR-US: Node edge.js
+CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
+ NOT-FOR-US: Node @cookiex/deep
+CVE-2021-23441
+ REJECTED
+CVE-2021-23440 (This affects the package set-value before &lt;2.0.1, &gt;=3.0.0 &lt;4. ...)
+ - node-set-value 3.0.1-3 (bug #994448)
+ [bullseye] - node-set-value 3.0.1-2+deb11u1
+ [buster] - node-set-value <no-dsa> (Minor issue)
+ [stretch] - node-set-value <no-dsa> (Minor issue)
+ NOTE: https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 (v4.0.1)
+ NOTE: https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a
+ NOTE: https://github.com/jonschlinkert/set-value/pull/33
+CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0. A file ...)
+ NOT-FOR-US: Node file-upload-with-preview
+CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...)
+ NOT-FOR-US: Node mpath
+CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...)
+ - pillow 8.3.2-1
+ [bullseye] - pillow <no-dsa> (Minor issue)
+ [buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA)
+ NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
+CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion vulnerab ...)
+ NOT-FOR-US: Node immer
+CVE-2021-23435 (This affects the package clearance before 2.5.0. The vulnerability can ...)
+ NOT-FOR-US: Rails clearance gem
+CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...)
+ - node-object-path 0.11.7-1
+ [bullseye] - node-object-path 0.11.5-3+deb11u1
+ [buster] - node-object-path <no-dsa> (Minor issue)
+ [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
+ NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
+CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable to Protot ...)
+ NOT-FOR-US: Node algoliasearch-helper
+CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...)
+ NOT-FOR-US: Node mootools
+CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...)
+ NOT-FOR-US: Node joplin
+CVE-2021-23430 (All versions of package startserver are vulnerable to Directory Traver ...)
+ NOT-FOR-US: Node startserver
+CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of Service ...)
+ NOT-FOR-US: Node transpile
+CVE-2021-23428 (This affects all versions of package elFinder.NetCore. The Path.Combin ...)
+ NOT-FOR-US: elFinder.NetCore
+CVE-2021-23427 (This affects all versions of package elFinder.NetCore. The ExtractAsyn ...)
+ NOT-FOR-US: elFinder.NetCore
+CVE-2021-23426 (This affects all versions of package Proto. It is possible to inject p ...)
+ NOT-FOR-US: Node proto
+CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to Regular Ex ...)
+ NOT-FOR-US: Node trim-off-newlines
+CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker provide ...)
+ NOT-FOR-US: Node ansi-html
+CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
+ NOT-FOR-US: Bikeshed
+CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
+ NOT-FOR-US: Bikeshed
+CVE-2021-23421 (All versions of package merge-change are vulnerable to Prototype Pollu ...)
+ NOT-FOR-US: Node merge-change
+CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0 and before ...)
+ NOT-FOR-US: codeception
+CVE-2021-23419 (This affects the package open-graph before 0.2.6. The function parse c ...)
+ NOT-FOR-US: Node open-graph
+CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML External Entity ...)
+ - glances <unfixed>
+ [bullseye] - glances <no-dsa> (Minor issue)
+ [buster] - glances <no-dsa> (Minor issue)
+ [stretch] - glances <no-dsa> (Minor issue)
+ NOTE: https://github.com/nicolargo/glances/issues/1025
+ NOTE: https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
+ NOTE: https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
+ NOTE: https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
+CVE-2021-23417 (All versions of package deepmergefn are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: Node deepmergefn
+CVE-2021-23416 (This affects all versions of package curly-bracket-parser. When used a ...)
+ NOT-FOR-US: curly-bracket-parser
+CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The user-contro ...)
+ NOT-FOR-US: elFinder.AspNet
+CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribute of ...)
+ NOT-FOR-US: video.js
+CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...)
+ - node-jszip 3.5.0+dfsg-2
+ [buster] - node-jszip 3.1.4+dfsg-1+deb10u1
+ NOTE: https://github.com/Stuk/jszip/pull/766
+ NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
+CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...)
+ NOT-FOR-US: Node gitlogplus
+CVE-2021-23411 (Affected versions of this package are vulnerable to Cross-site Scripti ...)
+ NOT-FOR-US: Node anchorme
+CVE-2021-23410
+ REJECTED
+CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ...)
+ - golang-github-pires-go-proxyproto <unfixed> (bug #991498)
+ [bullseye] - golang-github-pires-go-proxyproto <no-dsa> (Minor issue)
+ NOTE: https://github.com/pires/go-proxyproto/issues/65
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
+ NOTE: https://github.com/pires/go-proxyproto/pull/74
+CVE-2021-23408 (This affects the package com.graphhopper:graphhopper-web-bundle before ...)
+ NOT-FOR-US: com.graphhopper:graphhopper-web-bundle
+CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before 1.2.4. Th ...)
+ NOT-FOR-US: elFinder.Net.Core
+CVE-2021-23406 (This affects the package pac-resolver before 5.0.0. This can occur whe ...)
+ NOT-FOR-US: Node pac-resolver
+CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This issue exi ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-23404 (This affects all versions of package sqlite-web. The SQL dashboard are ...)
+ NOT-FOR-US: sqlite-web
+CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: Node ts-nodash
+CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable to Prot ...)
+ NOT-FOR-US: Node record-like-deep-assign
+CVE-2021-23401 (This affects all versions of package Flask-User. When using the make_s ...)
+ NOT-FOR-US: Flask-User
+CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...)
+ - node-nodemailer 6.4.17-3 (bug #990485)
+ NOTE: https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
+ NOTE: https://github.com/nodemailer/nodemailer/issues/1289
+ NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415
+CVE-2021-23399 (This affects all versions of package wincred. If attacker-controlled u ...)
+ NOT-FOR-US: wincred
+CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...)
+ NOT-FOR-US: react-bootstrap-table
+CVE-2021-23397
+ RESERVED
+CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...)
+ NOT-FOR-US: Node lutils
+CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...)
+ NOT-FOR-US: Node nedb
+CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote ...)
+ NOT-FOR-US: studio-42/elfinder
+CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the ...)
+ NOT-FOR-US: Flask-unchained
+CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...)
+ NOT-FOR-US: Node locutus
+CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...)
+ NOT-FOR-US: Node calipso
+CVE-2021-23390 (The package total4 before 0.0.43 are vulnerable to Arbitrary Code Exec ...)
+ NOT-FOR-US: Node total4
+CVE-2021-23389 (The package total.js before 3.4.9 are vulnerable to Arbitrary Code Exe ...)
+ NOT-FOR-US: Node total4
+CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...)
+ NOT-FOR-US: Node forms
+CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
+ NOT-FOR-US: Node trailing-slash
+CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
+ NOT-FOR-US: Node dns-packet
+CVE-2021-23385
+ RESERVED
+CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
+ NOT-FOR-US: Node koa-remove-trailing-slashes before
+CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
+ - node-handlebars 3:4.7.6+~4.1.0-2
+ [buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release)
+ - libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
+CVE-2021-23382 (The package postcss before 8.2.13 are vulnerable to Regular Expression ...)
+ - node-postcss 8.2.1+~cs5.3.23-7
+ [buster] - node-postcss <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
+ NOTE: https://github.com/postcss/postcss/commit/2ad1ca9b965dde32223bee28dc259c339cbaaa05 (8.2.13)
+CVE-2021-23381 (This affects all versions of package killing. If attacker-controlled u ...)
+ NOT-FOR-US: Node killing
+CVE-2021-23380 (This affects all versions of package roar-pidusage. If attacker-contro ...)
+ NOT-FOR-US: Node roar-pidusage
+CVE-2021-23379 (This affects all versions of package portkiller. If (attacker-controll ...)
+ NOT-FOR-US: Node portkiller
+CVE-2021-23378 (This affects all versions of package picotts. If attacker-controlled u ...)
+ NOT-FOR-US: Node picotts
+CVE-2021-23377 (This affects all versions of package onion-oled-js. If attacker-contro ...)
+ NOT-FOR-US: Node onion-oled-js
+CVE-2021-23376 (This affects all versions of package ffmpegdotjs. If attacker-controll ...)
+ NOT-FOR-US: Node ffmpegdotjs
+CVE-2021-23375 (This affects all versions of package psnode. If attacker-controlled us ...)
+ NOT-FOR-US: Node psnode
+CVE-2021-23374 (This affects all versions of package ps-visitor. If attacker-controlle ...)
+ NOT-FOR-US: Node ps-visitor
+CVE-2021-23373
+ RESERVED
+CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...)
+ NOT-FOR-US: mongo-express
+CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...)
+ NOT-FOR-US: Node chrono-node
+CVE-2021-23370 (This affects the package swiper before 6.5.1. ...)
+ NOT-FOR-US: swiper
+CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ...)
+ - node-handlebars 3:4.7.6+~4.1.0-2
+ [buster] - node-handlebars 3:4.1.0-1+deb10u3
+ - libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <ignored> (Minor issue and too intrusive to backport)
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
+CVE-2021-23368 (The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Reg ...)
+ - node-postcss 8.2.1+~cs5.3.23-6
+ [buster] - node-postcss <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
+ NOTE: https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
+ NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
+CVE-2021-23367
+ RESERVED
+CVE-2021-23366
+ RESERVED
+CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker before 1.1. ...)
+ NOT-FOR-US: tyk-identity-broker
+CVE-2021-23364 (The package browserslist from 4.0.0 and before 4.16.5 are vulnerable t ...)
+ - node-browserslist 4.16.3+~cs5.4.72-2 (bug #987792)
+ [buster] - node-browserslist <ignored> (Minor issue; risky backport with regression potential)
+ NOTE: https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
+ NOTE: https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
+ NOTE: https://github.com/browserslist/browserslist/pull/593
+CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker-contr ...)
+ NOT-FOR-US: Node kill-by-port
+CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
+ - node-hosted-git-info 3.0.8-1
+ [buster] - node-hosted-git-info 2.7.1-1+deb10u1
+ [stretch] - node-hosted-git-info <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
+ NOTE: https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
+CVE-2021-23361
+ REJECTED
+CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...)
+ NOT-FOR-US: Node killport
+CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
+ NOT-FOR-US: Node port-killer
+CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...)
+ {DSA-4883-1 DLA-2613-1}
+ - underscore 1.9.1~dfsg-2 (bug #986171)
+ NOTE: https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
+CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...)
+ NOT-FOR-US: tyk/gateway
+CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...)
+ NOT-FOR-US: Node kill-process-by-name
+CVE-2021-23355 (This affects all versions of package ps-kill. If (attacker-controlled) ...)
+ NOT-FOR-US: Node ps-kill
+CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular Expression D ...)
+ NOT-FOR-US: Node printf
+CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...)
+ NOT-FOR-US: Node jspdf
+CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to specify ...)
+ NOT-FOR-US: Node madge
+CVE-2021-23351 (The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable ...)
+ - golang-github-pires-go-proxyproto 0.4.2-1 (bug #985025)
+ NOTE: https://github.com/pires/go-proxyproto/issues/69
+ NOTE: https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577
+CVE-2021-23350
+ RESERVED
+CVE-2021-23349
+ RESERVED
+CVE-2021-23348 (This affects the package portprocesses before 1.0.5. If (attacker-cont ...)
+ NOT-FOR-US: Node portprocesses
+CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 ...)
+ NOT-FOR-US: argo-cd
+CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
+ NOT-FOR-US: html-parse-stringify
+CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
+ NOT-FOR-US: gotenberg
+CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
+ NOT-FOR-US: total.js
+CVE-2021-23343 (All versions of package path-parse are vulnerable to Regular Expressio ...)
+ NOT-FOR-US: Node path-parse
+CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
+ NOT-FOR-US: docsify
+CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...)
+ - node-prismjs 1.23.0+dfsg-1 (bug #985109)
+ NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 (v1.23.0)
+ NOTE: https://github.com/PrismJS/prism/pull/2584
+ NOTE: https://github.com/PrismJS/prism/issues/2583
+CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of ...)
+ NOT-FOR-US: com.typesafe.akka:akka-http-core
+CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...)
+ NOT-FOR-US: qlib
+CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ...)
+ - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
+ [buster] - node-lodash <no-dsa> (Minor issue)
+ [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
+CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...)
+ {DLA-2628-1 DLA-2619-1 DLA-2569-1}
+ - python-django 2:2.2.19-1 (bug #983090)
+ [buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
+ - python3.9 3.9.2-1
+ - python3.8 <removed>
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python2.7 <unfixed>
+ [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ - pypy3 7.3.3+dfsg-3
+ [buster] - pypy3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/python/cpython/pull/24297
+ NOTE: https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
+ NOTE: https://github.com/python/cpython/commit/c9f07813ab8e664d8c34413c4fc2d4f86c061a92 (3.9)
+ NOTE: https://github.com/python/cpython/commit/d0d4d30882fe3ab9b1badbecf5d15d94326fd13e (3.7)
+ NOTE: https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
+CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...)
+ NOT-FOR-US: Node is-user-valid
+CVE-2021-23334
+ REJECTED
+CVE-2021-23333
+ RESERVED
+CVE-2021-23332
+ RESERVED
+CVE-2021-23331 (This affects all versions of package com.squareup:connect. The method ...)
+ NOT-FOR-US: com.squareup:connect
+CVE-2021-23330 (All versions of package launchpad are vulnerable to Command Injection ...)
+ NOT-FOR-US: Node launchpad
+CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to Protot ...)
+ NOT-FOR-US: Node nested-object-assign
+CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...)
+ NOT-FOR-US: Node iniparserjs
+CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...)
+ NOT-FOR-US: apexcharts
+CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...)
+ NOT-FOR-US: graphql-tools/git-loader
+CVE-2021-23325
+ RESERVED
+CVE-2021-23324
+ RESERVED
+CVE-2021-23323
+ RESERVED
+CVE-2021-23322
+ RESERVED
+CVE-2021-23321
+ RESERVED
+CVE-2021-23320
+ RESERVED
+CVE-2021-23319
+ RESERVED
+CVE-2021-23318
+ RESERVED
+CVE-2021-23317
+ RESERVED
+CVE-2021-23316
+ RESERVED
+CVE-2021-23315
+ RESERVED
+CVE-2021-23314
+ RESERVED
+CVE-2021-23313
+ RESERVED
+CVE-2021-23312
+ RESERVED
+CVE-2021-23311
+ RESERVED
+CVE-2021-23310
+ RESERVED
+CVE-2021-23309
+ RESERVED
+CVE-2021-23308
+ RESERVED
+CVE-2021-23307
+ RESERVED
+CVE-2021-23306
+ RESERVED
+CVE-2021-23305
+ RESERVED
+CVE-2021-23304
+ RESERVED
+CVE-2021-23303
+ RESERVED
+CVE-2021-23302
+ RESERVED
+CVE-2021-23301
+ RESERVED
+CVE-2021-23300
+ RESERVED
+CVE-2021-23299
+ RESERVED
+CVE-2021-23298
+ RESERVED
+CVE-2021-23297
+ RESERVED
+CVE-2021-23296
+ RESERVED
+CVE-2021-23295
+ RESERVED
+CVE-2021-23294
+ RESERVED
+CVE-2021-23293
+ RESERVED
+CVE-2021-23292
+ RESERVED
+CVE-2021-23291
+ RESERVED
+CVE-2021-23290
+ RESERVED
+CVE-2021-23289
+ RESERVED
+CVE-2021-23288
+ RESERVED
+CVE-2021-23287
+ RESERVED
+CVE-2021-23286
+ RESERVED
+CVE-2021-23285
+ RESERVED
+CVE-2021-23284
+ RESERVED
+CVE-2021-23283
+ RESERVED
+CVE-2021-23282
+ RESERVED
+CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23275 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers ...)
+ NOT-FOR-US: Netsia SEBA+
+CVE-2021-23270 (In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur tha ...)
+ NOT-FOR-US: Gargoyle OS
+CVE-2021-23269
+ RESERVED
+CVE-2021-23268
+ RESERVED
+CVE-2021-23267
+ RESERVED
+CVE-2021-23266
+ RESERVED
+CVE-2021-23265
+ RESERVED
+CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23257
+ RESERVED
+CVE-2021-23256
+ RESERVED
+CVE-2021-23255
+ RESERVED
+CVE-2021-23254
+ RESERVED
+CVE-2021-23253 (Opera Mini for Android below 53.1 displays URL left-aligned in the add ...)
+ NOT-FOR-US: Opera Mini for Android
+CVE-2021-23252
+ RESERVED
+CVE-2021-23251
+ RESERVED
+CVE-2021-23250
+ RESERVED
+CVE-2021-23249
+ RESERVED
+CVE-2021-23248
+ RESERVED
+CVE-2021-23247
+ RESERVED
+CVE-2021-23246
+ RESERVED
+CVE-2021-23245
+ RESERVED
+CVE-2021-23244 (ColorOS pregrant dangerous permissions to apps which are listed in a w ...)
+ NOT-FOR-US: OPPO Android Phone
+CVE-2021-23243 (In Oppo's battery application, the third-party SDK provides the functi ...)
+ NOT-FOR-US: OPPO Android Phone
+CVE-2021-3112
+ RESERVED
+CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via ...)
+ NOT-FOR-US: Concrete5
+CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G devices
+CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G devices
+CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a loc ...)
+ - sudo 1.9.5-1 (unimportant)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
+ NOTE: https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a
+ NOTE: https://www.sudo.ws/alerts/sudoedit_selinux.html
+ NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
+CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ...)
+ - sudo 1.9.5-1
+ [buster] - sudo <no-dsa> (Minor issue)
+ [stretch] - sudo <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
+ NOTE: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
+CVE-2021-3108
+ RESERVED
+CVE-2021-3107
+ RESERVED
+CVE-2021-3106
+ RESERVED
+CVE-2021-23238
+ RESERVED
+CVE-2021-23237
+ RESERVED
+CVE-2021-3105
+ RESERVED
+CVE-2021-3104
+ RESERVED
+CVE-2021-3103
+ RESERVED
+CVE-2021-3102
+ RESERVED
+CVE-2021-3101
+ RESERVED
+CVE-2021-3100
+ RESERVED
+CVE-2021-3099
+ RESERVED
+CVE-2021-3098
+ RESERVED
+CVE-2021-3097
+ RESERVED
+CVE-2021-3096
+ RESERVED
+CVE-2021-3095
+ REJECTED
+CVE-2021-3094
+ RESERVED
+CVE-2021-3093
+ RESERVED
+CVE-2021-3092
+ RESERVED
+CVE-2021-3091
+ RESERVED
+CVE-2021-3090
+ REJECTED
+CVE-2021-3089
+ RESERVED
+CVE-2021-3088
+ RESERVED
+CVE-2021-3087
+ RESERVED
+CVE-2021-3086
+ RESERVED
+CVE-2021-3085
+ RESERVED
+CVE-2021-3084
+ RESERVED
+CVE-2021-3083
+ RESERVED
+CVE-2021-3082
+ RESERVED
+CVE-2021-3081
+ RESERVED
+CVE-2021-3080
+ RESERVED
+CVE-2021-3079
+ RESERVED
+CVE-2021-3078
+ RESERVED
+CVE-2021-3077
+ RESERVED
+CVE-2021-3076
+ RESERVED
+CVE-2021-3075
+ RESERVED
+CVE-2021-3074
+ RESERVED
+CVE-2021-3073
+ RESERVED
+CVE-2021-3072
+ RESERVED
+CVE-2021-3071
+ RESERVED
+CVE-2021-3070
+ RESERVED
+CVE-2021-3069
+ RESERVED
+CVE-2021-3068
+ RESERVED
+CVE-2021-3067
+ RESERVED
+CVE-2021-3066
+ RESERVED
+CVE-2021-3065
+ RESERVED
+CVE-2021-3064 (A memory corruption vulnerability exists in Palo Alto Networks GlobalP ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3063 (An improper handling of exceptional conditions vulnerability exists in ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3062 (An improper access control vulnerability in PAN-OS software enables an ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3061 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3060 (An OS command injection vulnerability in the Simple Certificate Enroll ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3059 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3058 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3056 (A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalP ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3053 (An improper handling of exceptional conditions vulnerability exists in ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3052 (A reflected cross-site scripting (XSS) vulnerability in the Palo Alto ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3051 (An improper verification of cryptographic signature vulnerability exis ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3050 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2021-3049 (An improper authorization vulnerability in the Palo Alto Networks Cort ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3048 (Certain invalid URL entries contained in an External Dynamic List (EDL ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3047 (A cryptographically weak pseudo-random number generator (PRNG) is used ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3046 (An improper authentication vulnerability exists in Palo Alto Networks ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3045 (An OS command argument injection vulnerability in the Palo Alto Networ ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...)
+ NOT-FOR-US: Prisma Cloud Compute web console (Palo Alto Networks)
+CVE-2021-3042 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3039 (An information exposure through log file vulnerability exists in the P ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3036 (An information exposure through log file vulnerability exists in Palo ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3035 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...)
+ NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks)
+CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3030
+ RESERVED
+CVE-2021-23234
+ RESERVED
+CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere vulnerabilit ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux Kernel before ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4
+CVE-2021-23133 (A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) befo ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2
+CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23123 (An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of A ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23122
+ RESERVED
+CVE-2021-23121
+ RESERVED
+CVE-2021-23120
+ RESERVED
+CVE-2021-23119
+ RESERVED
+CVE-2021-23118
+ RESERVED
+CVE-2021-23117
+ RESERVED
+CVE-2021-23116
+ RESERVED
+CVE-2021-23115
+ RESERVED
+CVE-2021-23114
+ RESERVED
+CVE-2021-23113
+ RESERVED
+CVE-2021-23112
+ RESERVED
+CVE-2021-23111
+ RESERVED
+CVE-2021-23110
+ RESERVED
+CVE-2021-23109
+ RESERVED
+CVE-2021-23108
+ RESERVED
+CVE-2021-23107
+ RESERVED
+CVE-2021-23106
+ RESERVED
+CVE-2021-23105
+ RESERVED
+CVE-2021-23104
+ RESERVED
+CVE-2021-23103
+ RESERVED
+CVE-2021-23102
+ RESERVED
+CVE-2021-23101
+ RESERVED
+CVE-2021-23100
+ RESERVED
+CVE-2021-23099
+ RESERVED
+CVE-2021-23098
+ RESERVED
+CVE-2021-23097
+ RESERVED
+CVE-2021-23096
+ RESERVED
+CVE-2021-23095
+ RESERVED
+CVE-2021-23094
+ RESERVED
+CVE-2021-23093
+ RESERVED
+CVE-2021-23092
+ RESERVED
+CVE-2021-23091
+ RESERVED
+CVE-2021-23090
+ RESERVED
+CVE-2021-23089
+ RESERVED
+CVE-2021-23088
+ RESERVED
+CVE-2021-23087
+ RESERVED
+CVE-2021-23086
+ RESERVED
+CVE-2021-23085
+ RESERVED
+CVE-2021-23084
+ RESERVED
+CVE-2021-23083
+ RESERVED
+CVE-2021-23082
+ RESERVED
+CVE-2021-23081
+ RESERVED
+CVE-2021-23080
+ RESERVED
+CVE-2021-23079
+ RESERVED
+CVE-2021-23078
+ RESERVED
+CVE-2021-23077
+ RESERVED
+CVE-2021-23076
+ RESERVED
+CVE-2021-23075
+ RESERVED
+CVE-2021-23074
+ RESERVED
+CVE-2021-23073
+ RESERVED
+CVE-2021-23072
+ RESERVED
+CVE-2021-23071
+ RESERVED
+CVE-2021-23070
+ RESERVED
+CVE-2021-23069
+ RESERVED
+CVE-2021-23068
+ RESERVED
+CVE-2021-23067
+ RESERVED
+CVE-2021-23066
+ RESERVED
+CVE-2021-23065
+ RESERVED
+CVE-2021-23064
+ RESERVED
+CVE-2021-23063
+ RESERVED
+CVE-2021-23062
+ RESERVED
+CVE-2021-23061
+ RESERVED
+CVE-2021-23060
+ RESERVED
+CVE-2021-23059
+ RESERVED
+CVE-2021-23058
+ RESERVED
+CVE-2021-23057
+ RESERVED
+CVE-2021-23056
+ RESERVED
+CVE-2021-23055
+ RESERVED
+CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23052 (On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23051 (On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Develo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23050 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23049 (On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, whe ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23048 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23047 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23046 (On all versions of Guided Configuration before 8.0.0, when a configura ...)
+ NOT-FOR-US: F5
+CVE-2021-23045 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23044 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23043 (On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23042 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23041 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23040 (On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23039 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23038 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23037 (On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23036 (On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe prof ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23035 (On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured o ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23034 (On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23033 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23032 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23031 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23030 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23029 (On version 16.0.x before 16.0.1.2, insufficient permission checks may ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23028 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23027 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23026 (BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x be ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23025 (On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x befo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23024 (On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG ...)
+ NOT-FOR-US: F5
+CVE-2021-23023 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23022 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, t ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/co ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an insecure p ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23019 (The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administra ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23018 (Intra-cluster communication does not use TLS. The services within the ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23017 (A security issue in nginx resolver was identified, which might allow a ...)
+ {DSA-4921-1 DLA-2670-1}
+ - nginx 1.18.0-6.1 (bug #989095)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/5
+ NOTE: Patch: http://nginx.org/download/patch.2021.resolver.txt
+ NOTE: Fixed by: https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf (1.20.1)
+CVE-2021-23016 (On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23015 (On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 throu ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23014 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23013 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23012 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23011 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x befor ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23010 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x befor ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23009 (On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, mal ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23008 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23007 (On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Mi ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23006 (On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23005 (On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum devi ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23004 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23003 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23002 (When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23001 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x bef ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23000 (On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22999 (On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22998 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22997 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22996 (On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22995 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22994 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22993 (On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22992 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22991 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22990 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22989 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22988 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22987 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22986 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22981 (On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22978 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22977 (On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation betwe ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22974 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22973 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22972
+ RESERVED
+CVE-2021-22971
+ RESERVED
+CVE-2021-22970 (Concrete CMS (formerly concrete5) versions 8.5.6 and below and version ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22969 (Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF miti ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22968 (A bypass of adding remote files in Concrete CMS (previously concrete5) ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22967 (In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthe ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22966 (Privilege escalation from Editor to Admin using Groups in Concrete CMS ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22965 (A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version &gt;= ...)
+ NOT-FOR-US: fastify-static
+CVE-2021-22963 (A redirect vulnerability in the fastify-static module version &lt; 4.2 ...)
+ NOT-FOR-US: fastify-static
+CVE-2021-22962
+ RESERVED
+CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...)
+ NOT-FOR-US: GlassWire
+CVE-2021-22960 (The parse function in llhttp &lt; 2.1.4 and &lt; 6.0.6. ignores chunk ...)
+ - nodejs 12.22.7~dfsg-1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
+CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the heade ...)
+ - nodejs 12.22.7~dfsg-1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959
+CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concrete5 &lt ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Pr ...)
+ NOT-FOR-US: UniFi Protect
+CVE-2021-22956 (An uncontrolled resource consumption vulnerability exists in Citrix AD ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22955 (A unauthenticated denial of service vulnerability exists in Citrix ADC ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22954 (A cross-site request forgery vulnerability exists in Concrete CMS &lt; ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
+ NOT-FOR-US: UniFI Talk
+CVE-2021-22951 (Unauthorized individuals could view password protected files using vie ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver &lt; ...)
+ NOT-FOR-US: revive-adserver
+CVE-2021-22947 (When curl &gt;= 7.20.0 and &lt;= 7.78.0 connects to an IMAP or POP3 se ...)
+ {DLA-2773-1}
+ - curl 7.79.1-1
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22947.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0)
+CVE-2021-22946 (A user can tell curl &gt;= 7.20.0 and &lt;= 7.78.0 to require a succes ...)
+ {DLA-2773-1}
+ - curl 7.79.1-1
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22946.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)
+CVE-2021-22945 (When sending data to an MQTT server, libcurl &lt;= 7.73.0 and 7.78.0 c ...)
+ - curl 7.79.1-1
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <not-affected> (Vulnerable code introduced later)
+ [stretch] - curl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://curl.se/docs/CVE-2021-22945.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49 (curl-7_79_0)
+CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...)
+ NOT-FOR-US: UniFi Protect application
+CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...)
+ NOT-FOR-US: UniFi Protect application
+CVE-2021-22942 (A possible open redirect vulnerability in the Host Authorization middl ...)
+ [experimental] - rails 2:6.1.4.1+dfsg-1
+ - rails <unfixed> (bug #992586)
+ [bullseye] - rails <no-dsa> (Minor issue)
+ [buster] - rails <not-affected> (Vulnerable code not present)
+ [stretch] - rails <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1
+CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones controller b ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...)
+ - nodejs 12.22.5~dfsg-1
+ [bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ [buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ [stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940
+CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" was in p ...)
+ - nodejs 12.22.5~dfsg-1
+ [bullseye] - nodejs 12.22.5~dfsg-2~11u1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
+CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22937 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22936 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow a th ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22935 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22934 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool for Citr ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...)
+ - nodejs <not-affected> (Debian builds nodejs against src:c-ares)
+ NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
+CVE-2021-22930 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use aft ...)
+ - nodejs 12.22.4~dfsg-1
+ [bullseye] - nodejs 12.22.5~dfsg-2~11u1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/nodejs/node/commit/b263f2585ab53f56e0e22b46cf1f8519a8af8a05
+ NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930
+ NOTE: Possible incomplete fix (at least for v12): https://github.com/nodejs/node/issues/38964#issuecomment-889936936
+ NOTE: CVE for the incomplete fix tracked as CVE-2021-22940
+CVE-2021-22929 (An information disclosure exists in Brave Browser Desktop prior to ver ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and Desktop ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...)
+ NOT-FOR-US: curl builds on MacOS
+CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...)
+ - curl <not-affected> (Incomplete fix for CVE-2021-22898 not applied)
+ NOTE: https://curl.se/docs/CVE-2021-22925.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/4
+ NOTE: CVE is assigned because previous attempt to address CVE-2021-22898 resulted to be
+ NOTE: insufficient and the security vulnerability remained.
+CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...)
+ {DLA-2734-1}
+ - curl 7.79.1-1 (bug #991492)
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22924.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 (curl-7_78_0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/3
+CVE-2021-22923 (When curl is instructed to get content using the metalink feature, and ...)
+ - curl <unfixed> (unimportant)
+ NOTE: https://curl.se/docs/CVE-2021-22923.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/2
+ NOTE: The fix for earlier versions is to rebuild curl with the metalink support
+ NOTE: switched off.
+ NOTE: Metalink support not enabled in Debian builds.
+CVE-2021-22922 (When curl is instructed to download content using the metalink feature ...)
+ - curl <unfixed> (unimportant)
+ NOTE: https://curl.se/docs/CVE-2021-22922.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/1
+ NOTE: The fix for earlier versions is to rebuild curl with the metalink support
+ NOTE: switched off.
+ NOTE: Metalink support not enabled in Debian builds.
+CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...)
+ - nodejs <not-affected> (Only affects Windows installer)
+CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...)
+ {DSA-4936-1}
+ - libuv1 1.40.0-2 (bug #990561)
+ [stretch] - libuv1 <not-affected> (Vulnerable code added later)
+ NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
+ NOTE: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829
+CVE-2021-22917 (Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-22916 (In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22914 (Citrix Cloud Connector before 6.31.0.62192 suffers from insecure stora ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...)
+ NOT-FOR-US: Nextcloud iOS
+CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22910 (A sanitization vulnerability exists in Rocket.Chat server versions &lt ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...)
+ NOT-FOR-US: EdgeMAX EdgeRouter
+CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...)
+ NOT-FOR-US: Windows File Resource Profiles
+CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...)
+ NOT-FOR-US: Nextcloud Android App (com.nextcloud.client)
+CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...)
+ {DSA-4929-1 DLA-2655-1}
+ - rails 2:6.0.3.7+dfsg-1 (bug #988214)
+ NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main)
+ NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7)
+ NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6)
+CVE-2021-22903 (The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...)
+ - rails <not-affected> (Vulnerable code introduced in 6.1.0.rc2)
+ NOTE: Introduced by: https://github.com/rails/rails/commit/9bc7ea5dab34c8657c91d0258bb5afd8bfcd3a8f (main)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main)
+CVE-2021-22902 (The actionpack ruby gem (a framework for handling and responding to we ...)
+ - rails 2:6.0.3.7+dfsg-1 (bug #988214)
+ [buster] - rails <not-affected> (Vulnerable code introduced later)
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a (v6.0.3.7)
+CVE-2021-22901 (curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability ...)
+ - curl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://curl.se/docs/CVE-2021-22901.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (7.77.0)
+CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse Connect ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...)
+ {DLA-2734-1}
+ - curl 7.79.1-1 (bug #989228)
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22898.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0)
+ NOTE: Followup to not make curl vulnerable to CVE-2021-22925:
+ NOTE: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0)
+CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element to wr ...)
+ - curl <not-affected> (Windows only)
+ NOTE: https://curl.se/docs/CVE-2021-22897.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28 (7.61.0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 (7.77.0)
+ NOTE: Only affect builds with schannel support (which is Windows only)
+CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...)
+ NOT-FOR-US: Nextcloud Mail
+CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...)
+ {DSA-4974-1}
+ - nextcloud-desktop 3.3.1-1 (bug #989846)
+ NOTE: https://github.com/nextcloud/desktop/pull/2926
+ NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1)
+ NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5
+CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22892 (An information disclosure vulnerability exists in the Rocket.Chat serv ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22891 (A missing authorization vulnerability exists in Citrix ShareFile Stora ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...)
+ {DSA-4881-1}
+ - curl 7.74.0-1.2 (bug #986270)
+ [stretch] - curl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://curl.se/docs/CVE-2021-22890.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
+CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...)
+ NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
+CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22885 (A possible information disclosure / unintended method execution vulner ...)
+ {DSA-4929-1 DLA-2655-1}
+ - rails 2:6.0.3.7+dfsg-1 (bug #988214)
+ NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
+ NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
+ NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)
+CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
+ {DSA-4863-1}
+ - nodejs 12.21.0~dfsg-1
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
+CVE-2021-22883 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
+ {DSA-4863-1}
+ - nodejs 12.21.0~dfsg-1
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
+CVE-2021-22882 (UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras ...)
+ NOT-FOR-US: UniFi Protect
+CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...)
+ - rails 2:6.0.3.5+dfsg-1
+ [buster] - rails <not-affected> (Vulnerable code not present)
+ [stretch] - rails <not-affected> (host_authorization.rb added later)
+ NOTE: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
+ NOTE: https://hackerone.com/reports/1047447
+ NOTE: https://github.com/rails/rails/commit/83a6ac3fee8fd538ce7e0088913ff54f0f9bcb6f (main)
+ NOTE: https://github.com/rails/rails/commit/e33092740b3cc05f5abee197a5982eac31947e92 (v6.0.3.5)
+CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...)
+ {DSA-4929-1}
+ - rails 2:6.0.3.5+dfsg-1
+ [stretch] - rails <not-affected> (Vulnerable asterisk in regex added later)
+ NOTE: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
+ NOTE: https://hackerone.com/reports/1023899
+ NOTE: https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main)
+ NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5)
+ NOTE: https://github.com/rails/rails/commit/bf0ef9df1793046241c26b3fb92fac551d1628b4 (5.2-stable)
+CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...)
+ - nextcloud-desktop 3.1.1-2 (bug #987274)
+ [buster] - nextcloud-desktop <no-dsa> (Minor issue)
+ NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
+ NOTE: https://github.com/nextcloud/desktop/pull/2906
+CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...)
+ {DSA-4881-1 DLA-2664-1}
+ - curl 7.74.0-1.2 (bug #986269)
+ NOTE: https://curl.se/docs/CVE-2021-22876.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
+CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager account t ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22870 (A path traversal vulnerability was identified in GitHub Pages builds o ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22869 (An improper access control vulnerability in GitHub Enterprise Server a ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22868 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22867 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22865 (An improper access control vulnerability was identified in GitHub Ente ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22860 (EIC e-document system does not perform completed identity verification ...)
+ NOT-FOR-US: EIC e-document system
+CVE-2021-22859 (The users&#8217; data querying function of EIC e-document system does ...)
+ NOT-FOR-US: EIC e-document system
+CVE-2021-22858 (Attackers can access the CGE account management function without privi ...)
+ NOT-FOR-US: CGE
+CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...)
+ NOT-FOR-US: CGE
+CVE-2021-22856 (The CGE property management system contains SQL Injection vulnerabilit ...)
+ NOT-FOR-US: CGE
+CVE-2021-22855 (The specific function of HR Portal of Soar Cloud System accepts any ty ...)
+ NOT-FOR-US: HR Portal of Soar Cloud System
+CVE-2021-22854 (The HR Portal of Soar Cloud System fails to filter specific parameters ...)
+ NOT-FOR-US: HR Portal of Soar Cloud System
+CVE-2021-22853 (The HR Portal of Soar Cloud System fails to manage access control. Whi ...)
+ NOT-FOR-US: HR Portal of Soar Cloud System
+CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
+ NOT-FOR-US: HGiga EIP
+CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
+ NOT-FOR-US: HGiga EIP
+CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...)
+ NOT-FOR-US: HGiga EIP
+CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...)
+ NOT-FOR-US: Hyweb HyCMS-J1
+CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers can inje ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...)
+ NOT-FOR-US: Hyweb HyCMS-J1
+CVE-2021-22846
+ RESERVED
+CVE-2021-22845
+ RESERVED
+CVE-2021-22844
+ RESERVED
+CVE-2021-22843
+ RESERVED
+CVE-2021-22842
+ RESERVED
+CVE-2021-22841
+ RESERVED
+CVE-2021-22840
+ RESERVED
+CVE-2021-22839
+ RESERVED
+CVE-2021-22838
+ RESERVED
+CVE-2021-22837
+ RESERVED
+CVE-2021-22836
+ RESERVED
+CVE-2021-22835
+ RESERVED
+CVE-2021-22834
+ RESERVED
+CVE-2021-22833
+ RESERVED
+CVE-2021-22832
+ RESERVED
+CVE-2021-22831
+ RESERVED
+CVE-2021-22830
+ RESERVED
+CVE-2021-22829
+ RESERVED
+CVE-2021-22828
+ RESERVED
+CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22824 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22823 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists that co ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22817 (A CWE-276: Incorrect Default Permissions vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could cause uni ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause arbitr ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22806 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22805 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22804 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22803 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22802 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22801 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22800 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22797
+ RESERVED
+CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22795
+ RESERVED
+CVE-2021-22794
+ RESERVED
+CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause d ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22786
+ RESERVED
+CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22783
+ RESERVED
+CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22781 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22780 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22779 (Authentication Bypass by Spoofing vulnerability exists in EcoStruxure ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22778 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22776
+ RESERVED
+CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists i ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in EVlink C ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22772 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22771 (A CWE-1236: Improper Neutralization of Formula Elements in a CSV File ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22770 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 w ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22769 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic EGX300
+CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic EGX300
+CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic EGX300
+CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22748 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22745 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22744 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22743 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22742 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22741 (Use of Password Hash with Insufficient Computational Effort vulnerabil ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22740 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22739 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22738 (Use of a Broken or Risky Cryptographic Algorithm vulnerability exists ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22737 (Insufficiently Protected Credentials vulnerability exists in homeLYnk ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22736 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22735 (Improper Verification of Cryptographic Signature vulnerability exists ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22734 (Improper Verification of Cryptographic Signature vulnerability exists ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22733 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...)
+ NOT-FOR-US: Modicon
+CVE-2021-22730 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22729 (A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink C ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22728 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (E ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22721 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22718 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22717 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22716 (A CWE-269: Improper Privilege Management vulnerability exists in C-Bus ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22715
+ RESERVED
+CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22713 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22712 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22711 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22708 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22707 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLog ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22700
+ RESERVED
+CVE-2021-22699 (Improper Input Validation vulnerability exists in Modicon M241/M251 lo ...)
+ NOT-FOR-US: Modicon
+CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ NOT-FOR-US: EcoStruxure Power Build
+CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ NOT-FOR-US: EcoStruxure Power Build
+CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
+ NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
+CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a branch name, ...)
+ - git-big-picture 1.0.0-1
+ [buster] - git-big-picture <no-dsa> (Minor issue)
+ [stretch] - git-big-picture <no-dsa> (Minor issue)
+ NOTE: https://github.com/git-big-picture/git-big-picture/pull/62
+CVE-2021-22696 (CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via ...)
+ NOT-FOR-US: Apache CXF
+CVE-2021-3027 (app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected ...)
+ NOT-FOR-US: LibrIT PaSSHport
+CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
+ NOT-FOR-US: Invision Community IPS Community Suite
+CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...)
+ NOT-FOR-US: Invision Community IPS Community
+CVE-2021-22695
+ RESERVED
+CVE-2021-22694
+ RESERVED
+CVE-2021-22693
+ RESERVED
+CVE-2021-22692
+ RESERVED
+CVE-2021-22691
+ RESERVED
+CVE-2021-22690
+ RESERVED
+CVE-2021-22689
+ RESERVED
+CVE-2021-22688
+ RESERVED
+CVE-2021-22687
+ RESERVED
+CVE-2021-22686
+ RESERVED
+CVE-2021-3024 (HashiCorp Vault and Vault Enterprise disclosed the internal IP address ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-3023
+ RESERVED
+CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...)
+ NOT-FOR-US: ISPConfig
+CVE-2021-3020
+ RESERVED
+CVE-2021-22685
+ RESERVED
+CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in ...)
+ NOT-FOR-US: Tizen RT RTOS
+CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...)
+ NOT-FOR-US: Cscape
+CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-22680
+ RESERVED
+CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22676 (UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site sc ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22674 (The affected product is vulnerable to a relative path traversal condit ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-22671 (Multiple integer overflow issues exist while processing long domain na ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22669 (Incorrect permissions are set to default on the &#8216;Project Managem ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-22668 (Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (wit ...)
+ NOT-FOR-US: Delta Industrial Automation
+CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
+ NOT-FOR-US: BB-ESWGP506-2SFP-T
+CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-22664 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...)
+ NOT-FOR-US: CNCSoft-B
+CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
+ NOT-FOR-US: Cscape
+CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22661 (Changing the password on the module webpage does not require the user ...)
+ NOT-FOR-US: ProSoft Technology
+CVE-2021-22660 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...)
+ NOT-FOR-US: CNCSoft-B
+CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22657 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API p ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22651 (When loading a specially crafted file, Luxion KeyShot versions prior t ...)
+ NOT-FOR-US: Luxion
+CVE-2021-22650
+ RESERVED
+CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22648
+ RESERVED
+CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22646
+ RESERVED
+CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22644
+ RESERVED
+CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22642
+ RESERVED
+CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22640
+ RESERVED
+CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22636
+ RESERVED
+CVE-2021-22635
+ RESERVED
+CVE-2021-22634
+ RESERVED
+CVE-2021-22633
+ RESERVED
+CVE-2021-22632
+ RESERVED
+CVE-2021-22631
+ RESERVED
+CVE-2021-22630
+ RESERVED
+CVE-2021-22629
+ RESERVED
+CVE-2021-22628
+ RESERVED
+CVE-2021-22627
+ RESERVED
+CVE-2021-22626
+ RESERVED
+CVE-2021-22625
+ RESERVED
+CVE-2021-22624
+ RESERVED
+CVE-2021-22623
+ RESERVED
+CVE-2021-22622
+ RESERVED
+CVE-2021-22621
+ RESERVED
+CVE-2021-22620
+ RESERVED
+CVE-2021-22619
+ RESERVED
+CVE-2021-22618
+ RESERVED
+CVE-2021-22617
+ RESERVED
+CVE-2021-22616
+ RESERVED
+CVE-2021-22615
+ RESERVED
+CVE-2021-22614
+ RESERVED
+CVE-2021-22613
+ RESERVED
+CVE-2021-22612
+ RESERVED
+CVE-2021-22611
+ RESERVED
+CVE-2021-22610
+ RESERVED
+CVE-2021-22609
+ RESERVED
+CVE-2021-22608
+ RESERVED
+CVE-2021-22607
+ RESERVED
+CVE-2021-22606
+ RESERVED
+CVE-2021-22605
+ RESERVED
+CVE-2021-22604
+ RESERVED
+CVE-2021-22603
+ RESERVED
+CVE-2021-22602
+ RESERVED
+CVE-2021-22601
+ RESERVED
+CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (5.16-rc6)
+CVE-2021-22599
+ RESERVED
+CVE-2021-22598
+ RESERVED
+CVE-2021-22597
+ RESERVED
+CVE-2021-22596
+ RESERVED
+CVE-2021-22595
+ RESERVED
+CVE-2021-22594
+ RESERVED
+CVE-2021-22593
+ RESERVED
+CVE-2021-22592
+ RESERVED
+CVE-2021-22591
+ RESERVED
+CVE-2021-22589
+ RESERVED
+CVE-2021-22588
+ RESERVED
+CVE-2021-22587
+ RESERVED
+CVE-2021-22586
+ RESERVED
+CVE-2021-22585
+ RESERVED
+CVE-2021-22584
+ RESERVED
+CVE-2021-22583
+ RESERVED
+CVE-2021-22582
+ RESERVED
+CVE-2021-22581
+ RESERVED
+CVE-2021-22580
+ RESERVED
+CVE-2021-22579
+ RESERVED
+CVE-2021-22578
+ RESERVED
+CVE-2021-22577
+ RESERVED
+CVE-2021-22576
+ RESERVED
+CVE-2021-22575
+ RESERVED
+CVE-2021-22574
+ RESERVED
+CVE-2021-22573
+ RESERVED
+CVE-2021-22572
+ RESERVED
+CVE-2021-22571
+ RESERVED
+CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
+ [experimental] - protobuf 3.17.1-1
+ - protobuf <unfixed>
+ [bullseye] - protobuf <no-dsa> (Minor issue)
+ [buster] - protobuf <no-dsa> (Minor issue)
+ [stretch] - protobuf <postponed> (Minor issue; clean crash / Dos; patch needs to be isolated)
+ NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
+CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
+ [experimental] - protobuf 3.19.3-1
+ - protobuf <unfixed>
+ [bullseye] - protobuf <no-dsa> (Minor issue)
+ [buster] - protobuf <no-dsa> (Minor issue)
+ [stretch] - protobuf <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/12/4
+ NOTE: https://cloud.google.com/support/bulletins#gcp-2022-001
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330 (unclear, might be bogus)
+ NOTE: https://github.com/protocolbuffers/protobuf/pull/9371/commits/5ea2bdf6d7483d64a6b02fcf00ee51fbfb80e847
+CVE-2021-22568 (When using the dart pub publish command to publish a package to a thir ...)
+ NOT-FOR-US: Dart language
+CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...)
+ NOT-FOR-US: Dart language (different from src:dart)
+ NOTE: https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41
+CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...)
+ NOT-FOR-US: Google fuchsia
+CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...)
+ NOT-FOR-US: Google reference COVID19 exposure verification component
+ NOTE: https://github.com/google/exposure-notifications-verification-server
+CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
+ - jpeg-xl <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/708
+ NOTE: https://github.com/libjxl/libjxl/pull/775
+ NOTE: https://github.com/libjxl/libjxl/commit/9d4a2de2f7a853f072c2a1bd6719e815a09075e9 (v0.6.1)
+CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access ...)
+ - jpeg-xl <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/735
+ NOTE: https://github.com/libjxl/libjxl/pull/757
+ NOTE: https://github.com/libjxl/libjxl/commit/b0b39694d8ba6eb031eae217fcae488ce7403ae7 (v0.6.1)
+CVE-2021-22562
+ RESERVED
+CVE-2021-22561
+ RESERVED
+CVE-2021-22560
+ RESERVED
+CVE-2021-22559
+ RESERVED
+CVE-2021-22558
+ RESERVED
+CVE-2021-22557 (SLO generator allows for loading of YAML files that if crafted in a sp ...)
+ NOT-FOR-US: SLO generator
+CVE-2021-22556
+ RESERVED
+CVE-2021-22555 (A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was disco ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
+ NOTE: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
+CVE-2021-22554
+ RESERVED
+CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...)
+ - gerrit <itp> (bug #589436)
+CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to 0.6.1 a ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22551
+ RESERVED
+CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22549 (An attacker can modify the address to point to trusted memory to overw ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22548 (An attacker can change the pointer to untrusted memory to point to tru ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...)
+ NOT-FOR-US: Google Cloud IoT Device SDK
+CVE-2021-22546
+ RESERVED
+CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cause the ...)
+ NOT-FOR-US: IDA Pro
+CVE-2021-22544
+ RESERVED
+CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-2
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
+ NOTE: https://git.kernel.org/linus/f8be156be163a052a067306417cd0ff679068c97
+CVE-2021-22542
+ RESERVED
+CVE-2021-22541
+ RESERVED
+CVE-2021-22540 (Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an ...)
+ NOT-FOR-US: Dart SDK
+CVE-2021-22539 (An attacker can place a crafted JSON config file into the project fold ...)
+ NOT-FOR-US: VScode-bazel
+CVE-2021-22538 (A privilege escalation vulnerability impacting the Google Exposure Not ...)
+ NOT-FOR-US: Google Exposure Notification Verification Server
+CVE-2021-22537
+ RESERVED
+CVE-2021-22536
+ RESERVED
+CVE-2021-22535 (Unauthorized information security disclosure vulnerability on Micro Fo ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22534
+ RESERVED
+CVE-2021-22533
+ RESERVED
+CVE-2021-22532
+ RESERVED
+CVE-2021-22531
+ RESERVED
+CVE-2021-22530
+ RESERVED
+CVE-2021-22529
+ RESERVED
+CVE-2021-22528 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22527 (Information leakage vulnerability in NetIQ Access Manager prior to 5.0 ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22526 (Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22525 (This release addresses a potential information leakage vulnerability i ...)
+ NOT-FOR-US: Microfocus
+CVE-2021-22524 (Injection attack caused the denial of service vulnerability in NetIQ A ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22521 (A privileged escalation vulnerability has been identified in Micro Foc ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22520
+ RESERVED
+CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope product, ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22518
+ RESERVED
+CVE-2021-22517 (A potential unauthorized privilege escalation vulnerability has been i ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
+ NOT-FOR-US: Micro Focus Secure API Manager
+CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...)
+ NOT-FOR-US: NetIQ
+CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22512 (Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Applica ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22511 (Improper Certificate Validation vulnerability in Micro Focus Applicati ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22510 (Reflected XSS vulnerability in Micro Focus Application Automation Tool ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22509
+ RESERVED
+CVE-2021-22508
+ RESERVED
+CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Bridge M ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations Agent ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22503
+ RESERVED
+CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22501
+ RESERVED
+CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22497 (Advanced Authentication versions prior to 6.3 SP4 have a potential bro ...)
+ NOT-FOR-US: NetIQ
+CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access Manager Prod ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...)
+ NOT-FOR-US: Samsung Note20 mobile devices
+CVE-2021-22493
+ REJECTED
+CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-22491 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22490 (There is a Permission verification vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22489
+ RESERVED
+CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei Smartphone. Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22486 (There is a issue of Unstandardized field names in Huawei Smartphone. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22484
+ RESERVED
+CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22481 (There is a Verification errors vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22480
+ RESERVED
+CVE-2021-22479
+ RESERVED
+CVE-2021-22478
+ RESERVED
+CVE-2021-22477
+ RESERVED
+CVE-2021-22476
+ RESERVED
+CVE-2021-22475 (There is an Improper permission management vulnerability in Huawei Sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22474 (There is an Out-of-bounds memory access in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22473 (There is an Authentication vulnerability in Huawei Smartphone.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22472 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22471 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22470 (A component of the HarmonyOS has a Privileges Controls vulnerability. ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22469 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22468 (A component of the HarmonyOS has a Exposure of Sensitive Information t ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22467 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22466 (A component of the HarmonyOS has a Use After Free vulnerability. Local ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22465 (A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerab ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22464 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22463 (A component of the HarmonyOS has a Use After Free vulnerability . Loca ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22462 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22461 (A component of the HarmonyOS has a Allocation of Resources Without Lim ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22460 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22459 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22458 (A component of the HarmonyOS has a Improper Restriction of Operations ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22457 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22456 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22455 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22454 (A component of the HarmonyOS has a External Control of System or Confi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22453 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22452 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22451 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22450 (A component of the HarmonyOS has a Incomplete Cleanup vulnerability. L ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...)
+ NOT-FOR-US: Elf-G10HN (Huawei)
+CVE-2021-22448
+ RESERVED
+CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional Conditions Vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22445 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22444 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22443 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22442 (There is an Improper Validation of Integrity Check Value Vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22441
+ RESERVED
+CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22437
+ RESERVED
+CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22434
+ RESERVED
+CVE-2021-22433
+ RESERVED
+CVE-2021-22432
+ RESERVED
+CVE-2021-22431
+ RESERVED
+CVE-2021-22430
+ RESERVED
+CVE-2021-22429
+ RESERVED
+CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22426
+ RESERVED
+CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege Management vulne ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22420 (A component of the HarmonyOS has a External Control of System or Confi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability in Huaw ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22413 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22410 (There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22408
+ RESERVED
+CVE-2021-22407 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22406 (There is an Uncaught Exception vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22405 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22404 (There is a Directory traversal vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22403 (There is a vulnerability of hijacking unverified providers in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22402 (There is a DoS vulnerability in Huawei Smartphone.Successful exploitat ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22401 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22398 (There is a logic error vulnerability in several smartphones. The softw ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22397 (There is a privilege escalation vulnerability in Huawei ManageOne 8.0. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22395
+ RESERVED
+CVE-2021-22394
+ RESERVED
+CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...)
+ NOT-FOR-US: CloudEngine (Huawei)
+CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22391 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22390 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22389 (There is a Permission Control Vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22388 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code Resources Vu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22386 (A component of the Huawei smartphone has a Double Free vulnerability. ...)
+ NOT-FOR-US: Huawei / HarmonyOS
+CVE-2021-22385 (A component of the Huawei smartphone has a External Control of System ...)
+ NOT-FOR-US: Huawei / HarmonyOS
+CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22382 (Huawei LTE USB Dongle products have an improper permission assignment ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22381 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22380 (There is a Cleartext Transmission of Sensitive Information Vulnerabili ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22379 (There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Hu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22378 (There is a race condition vulnerability in eCNS280_TD V100R005C00 and ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22377 (There is a command injection vulnerability in S12700 V200R019C00SPC500 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22376 (A component of the HarmonyOS has a Improper Privilege Management vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22375 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22374 (There is an Improper Validation of Array Index Vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22373 (There is a Defects Introduced in the Design Process Vulnerability in H ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22372 (There is a Security Features Vulnerability in Huawei Smartphone. Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22371 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22370 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22369 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22368 (There is a Permission Control Vulnerability in Huawei Smartphone. Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22367 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22366 (There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22365 (There is an out of bounds read vulnerability in eSE620X vESS V100R001C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22364 (There is a denial of service vulnerability in the versions 10.1.0.126( ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22363 (There is a resource management error vulnerability in eCNS280_TD V100R ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22361 (There is an improper authorization vulnerability in eCNS280 V100R005C0 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22360 (There is a resource management error vulnerability in the verisions V5 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22359 (There is a denial of service vulnerability in the verisions V200R005C0 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22358 (There is an insufficient input validation vulnerability in FusionCompu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22357 (There is a denial of service vulnerability in Huawei products. A modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22356 (There is a weak secure algorithm vulnerability in Huawei products. A w ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22355
+ RESERVED
+CVE-2021-22354 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22353 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22352 (There is a Configuration Defect Vulnerability in Huawei Smartphone. Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22351 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22350 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei Smartphone. Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A resource ma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22340 (There is a multiple threads race condition vulnerability in Huawei pro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22339 (There is a denial of service vulnerability in some versions of ManageO ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22338 (There is an XXE injection vulnerability in eCNS280 V100R005C00 and V10 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...)
+ NOT-FOR-US: CloudEngine (Huawei)
+CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei Smartphone HUA ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22329 (There has a license management vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22328 (There is a denial of service vulnerability in some huawei products. In ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22326 (A component of the HarmonyOS has a Privilege Dropping / Lowering Error ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22324 (There is a Credentials Management Errors vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22323 (There is an Integer Overflow Vulnerability in Huawei Smartphone. Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22322 (There is a Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22319
+ RESERVED
+CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulner ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22316 (There is a Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22315
+ RESERVED
+CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22313 (There is a Security Function vulnerability in Huawei Smartphone. Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22310 (There is an information leakage vulnerability in some huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. A module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22308 (There is a Business Logic Errors vulnerability in Huawei Smartphone. T ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22305 (There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22304 (There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22303 (There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1( ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22302 (There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22301 (Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22300 (There is an information leak vulnerability in eCNS280_TD versions V100 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22299 (There is a local privilege escalation vulnerability in some Huawei pro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. An att ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22297
+ RESERVED
+CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22295 (A component of the HarmonyOS has a permission bypass vulnerability. Lo ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 versions V ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22291
+ RESERVED
+CVE-2021-22290
+ RESERVED
+CVE-2021-22289
+ RESERVED
+CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+ NOT-FOR-US: ABB
+CVE-2021-22287
+ RESERVED
+CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+ NOT-FOR-US: ABB
+CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for Unusua ...)
+ NOT-FOR-US: ABB
+CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ NOT-FOR-US: ABB
+CVE-2021-22283
+ RESERVED
+CVE-2021-22282
+ RESERVED
+CVE-2021-22281
+ RESERVED
+CVE-2021-22280
+ RESERVED
+CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...)
+ NOT-FOR-US: ABB / OmniCore robot controller
+CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
+ NOT-FOR-US: PCM600 Update Manager
+CVE-2021-22277
+ RESERVED
+CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
+ NOT-FOR-US: ABB
+CVE-2021-22275
+ RESERVED
+CVE-2021-22274
+ RESERVED
+CVE-2021-22273
+ RESERVED
+CVE-2021-22272 (The vulnerability origins in the commissioning process where an attack ...)
+ NOT-FOR-US: ABB
+CVE-2021-22271
+ RESERVED
+CVE-2021-22270
+ RESERVED
+CVE-2021-22269
+ RESERVED
+CVE-2021-22268
+ RESERVED
+CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
+ NOT-FOR-US: Idelji Web ViewPoint Suite
+CVE-2021-22266
+ RESERVED
+CVE-2021-22265
+ RESERVED
+CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...)
+ - gitlab <unfixed>
+CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
+ - gitlab <unfixed>
+CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog integration ...)
+ - gitlab <unfixed>
+CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...)
+ - gitlab <unfixed>
+CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...)
+ - gitlab <unfixed>
+CVE-2021-22255 (SSRF in URL file upload in Baserow &lt;1.1.0 allows remote authenticat ...)
+ NOT-FOR-US: Baserow
+CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...)
+ - gitlab <unfixed>
+CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since 13.4 ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...)
+ - gitlab <not-affected> (Vulnerable code introduced later)
+CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
+ - gitlab <unfixed>
+CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...)
+ - gitlab <not-affected> (Vulnerable code intrododuced later)
+CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
+ - gitlab <unfixed>
+CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...)
+ - gitlab <unfixed>
+CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...)
+ - gitlab <unfixed>
+CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may ...)
+ - gitlab <unfixed>
+CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...)
+ - gitlab <unfixed>
+CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22239 (An unauthorized user was able to insert metadata when creating new iss ...)
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
+CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an imperson ...)
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
+CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions genera ...)
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
+CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
+ {DSA-5019-1 DLA-2849-1}
+ [experimental] - wireshark 3.4.7-1~exp1
+ - wireshark 3.4.7-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
+ NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616
+CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...)
+ - gitlab <unfixed>
+CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...)
+ - gitlab <unfixed>
+CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...)
+ - gitlab <unfixed>
+CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions. Imprope ...)
+ - gitlab <unfixed>
+CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...)
+ - gitlab <unfixed>
+CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...)
+ - gitlab <unfixed>
+CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...)
+ - gitlab <unfixed>
+CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...)
+ - gitlab <unfixed>
+CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...)
+ - gitlab <unfixed>
+CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
+ {DSA-5019-1}
+ [experimental] - wireshark 3.4.6-1~exp1
+ - wireshark 3.4.7-1
+ [buster] - wireshark <not-affected> (Vulnerability introduced in 3.4)
+ [stretch] - wireshark <not-affected> (Vulnerability introduced in 3.4)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html
+ NOTE: Caused by https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c
+CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain ...)
+ - gitlab <unfixed>
+CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...)
+ - gitlab <unfixed>
+CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
+ - gitlab <unfixed>
+CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
+ - gitlab <unfixed>
+CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...)
+ - gitlab <unfixed>
+CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
+ - gitlab <unfixed>
+CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
+ - ntpsec 1.2.0+dfsg1-4 (bug #989847)
+ [buster] - ntpsec <not-affected> (Only affects 1.2.0)
+ NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699
+ NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8
+CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
+ - gitlab <unfixed>
+CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
+ {DSA-5019-1 DLA-2849-1}
+ [experimental] - wireshark 3.4.6-1~exp1
+ - wireshark 3.4.7-1 (bug #987853)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
+CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...)
+ {DSA-4910-1 DLA-2663-1}
+ - libimage-exiftool-perl 12.16+dfsg-2 (bug #987505)
+ NOTE: https://bugs.launchpad.net/bugs/1925985
+ NOTE: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
+ NOTE: https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
+CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...)
+ - gitlab <unfixed>
+CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22199 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ - gitlab <unfixed>
+CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
+ NOT-FOR-US: gitlab-vscode-extension
+CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...)
+ - gitlab <unfixed>
+CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...)
+ - wireshark 3.4.4-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <postponed> (Minor issue, can be fixed along in future update)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
+CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...)
+ - gitlab <unfixed>
+CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...)
+ [experimental] - gitlab 13.6.7-1
+ - gitlab <unfixed>
+CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.6.7-1
+ - gitlab <unfixed>
+CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
+ - gitlab 13.2.3-2
+CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...)
+ [experimental] - gitlab 13.7.8+ds1-1
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
+CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...)
+ - gitlab <not-affected> (Only affects 13.8)
+ NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
+CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...)
+ - gitlab <unfixed>
+CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.7.7-1
+ - gitlab <not-affected> (Affected version never uploaded to unstable)
+CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
+ - gitlab <unfixed>
+CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...)
+ - gitlab <unfixed>
+CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...)
+ - gitlab <unfixed>
+CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...)
+ - gitlab <unfixed>
+CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
+ - wireshark 3.4.3-1 (bug #981791)
+ [buster] - wireshark <not-affected> (Affected code not present)
+ [stretch] - wireshark <not-affected> (Affected code not present)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-02.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17165
+CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows de ...)
+ - wireshark 3.4.3-1 (bug #981791)
+ [buster] - wireshark <not-affected> (Affected code not present)
+ [stretch] - wireshark <not-affected> (Affected code not present)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-01.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124
+CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
+CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...)
+ - gitlab <unfixed>
+CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...)
+ - gitlab <not-affected> (Specific to EE)
+ NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
+CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...)
+ - gitlab <not-affected> (Only affects Gitlab 13.7.x)
+ NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
+CVE-2021-22165
+ RESERVED
+CVE-2021-22164
+ RESERVED
+CVE-2021-22163
+ RESERVED
+CVE-2021-22162
+ RESERVED
+CVE-2021-22161 (In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop c ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-22160 (If Apache Pulsar is configured to authenticate clients using tokens ba ...)
+ NOT-FOR-US: Apache Pulsar
+CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...)
+ NOT-FOR-US: ffay lanproxy
+CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...)
+ NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS)
+CVE-2021-3017 (The web interface on Intelbras WIN 300 and WRN 342 devices through 202 ...)
+ NOT-FOR-US: Intelbras
+CVE-2021-3016
+ RESERVED
+CVE-2021-3015
+ RESERVED
+CVE-2021-22159 (Insider Threat Management Windows Agent Local Privilege Escalation Vul ...)
+ NOT-FOR-US: The Proofpoint Insider Threat Management
+CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2021-22156 (An integer overflow vulnerability in the calloc() function of the C ru ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...)
+ NOT-FOR-US: BlackBerry Workspaces Server
+CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...)
+ NOT-FOR-US: BlackBerry UEM
+CVE-2021-22153 (A Remote Code Execution vulnerability in the Management Console compon ...)
+ NOT-FOR-US: BlackBerry UEM
+CVE-2021-22152 (A Denial of Service due to Improper Input Validation vulnerability in ...)
+ NOT-FOR-US: BlackBerry UEM
+CVE-2021-22151
+ RESERVED
+CVE-2021-22150
+ RESERVED
+CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0 are vulner ...)
+ NOT-FOR-US: Elastic Enterprise Search
+CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0 was vulner ...)
+ NOT-FOR-US: Elastic Enterprise Search
+CVE-2021-22147 (Elasticsearch before 7.14.0 did not apply document and field level sec ...)
+ - elasticsearch <removed>
+CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch &#8220; ...)
+ NOT-FOR-US: Elastic Cloud
+CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...)
+ - elasticsearch <removed>
+CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...)
+ - elasticsearch <removed>
+CVE-2021-22143
+ RESERVED
+CVE-2021-22142
+ RESERVED
+ - kibana <itp> (bug #700337)
+CVE-2021-22141
+ RESERVED
+ - kibana <itp> (bug #700337)
+CVE-2021-22140 (Elastic App Search versions after 7.11.0 and before 7.12.0 contain an ...)
+ NOT-FOR-US: Elastic App Search web crawler
+CVE-2021-22139 (Kibana versions before 7.12.1 contain a denial of service vulnerabilit ...)
+ - kibana <itp> (bug #700337)
+CVE-2021-22138 (In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS ce ...)
+ - logstash <itp> (bug #664841)
+CVE-2021-22137 (In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosu ...)
+ - elasticsearch <removed>
+CVE-2021-22136 (In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session time ...)
+ - kibana <itp> (bug #700337)
+CVE-2021-22135 (Elasticsearch versions before 7.11.2 and 6.8.15 contain a document dis ...)
+ - elasticsearch <removed>
+CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...)
+ - elasticsearch <removed>
+CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...)
+ NOT-FOR-US: Elastic APM agent
+CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...)
+ - elasticsearch <removed>
+CVE-2021-22131
+ RESERVED
+CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...)
+ NOT-FOR-US: FortiProxy (FortiGuard)
+CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in the Webm ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...)
+ NOT-FOR-US: FortiProxy SSL VPN portal
+CVE-2021-22127
+ RESERVED
+CVE-2021-22126
+ RESERVED
+CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-22124 (An uncontrolled resource consumption (denial of service) vulnerability ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-22121
+ RESERVED
+CVE-2021-22120
+ RESERVED
+CVE-2021-22119 (Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5 ...)
+ - libspring-security-2.0-java <removed>
+CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ...)
+ - libspring-java <not-affected> (Introduced in v5.0.0.RC1)
+ NOTE: https://tanzu.vmware.com/security/cve-2021-22118
+ NOTE: https://github.com/spring-projects/spring-framework/issues/26931
+ NOTE: https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1
+CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...)
+ - rabbitmq-server <not-affected> (Windows-specific)
+CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...)
+ {DLA-2710-1}
+ - rabbitmq-server 3.9.4-1 (bug #989056)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ NOTE: https://tanzu.vmware.com/security/cve-2021-22116
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/2953
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f37a31de55229e6c763215500e376fa16803390b (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/626d5219115d087a2695c0eb243c7ddb7e154563 (v3.8.15-rc.2)
+CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...)
+ NOT-FOR-US: Cloud Controller API
+CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...)
+ NOT-FOR-US: Spring-integration-zip
+CVE-2021-22113 (Applications using the &#8220;Sensitive Headers&#8221; functionality i ...)
+ NOT-FOR-US: Spring Cloud Netflix Zuul
+CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...)
+ - jenkins <removed>
+CVE-2021-22111
+ RESERVED
+CVE-2021-22110
+ RESERVED
+CVE-2021-22109
+ RESERVED
+CVE-2021-22108
+ RESERVED
+CVE-2021-22107
+ RESERVED
+CVE-2021-22106
+ RESERVED
+CVE-2021-22105
+ RESERVED
+CVE-2021-22104
+ RESERVED
+CVE-2021-22103
+ RESERVED
+CVE-2021-22102
+ RESERVED
+CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...)
+ NOT-FOR-US: Cloud Foundry Cloud Controller
+CVE-2021-22100
+ RESERVED
+CVE-2021-22099
+ RESERVED
+CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...)
+ NOT-FOR-US: UAA server
+CVE-2021-22097 (In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring ...)
+ NOT-FOR-US: Spring AMQP
+CVE-2021-22096 (In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ...)
+ - libspring-java <unfixed>
+ [bullseye] - libspring-java <no-dsa> (Minor issue)
+ [buster] - libspring-java <no-dsa> (Minor issue)
+ [stretch] - libspring-java <ignored> (Minor issue, no known patch)
+ NOTE: https://github.com/spring-projects/spring-framework/issues/27647 (patch unidentifiable)
+CVE-2021-22095 (In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring ...)
+ NOT-FOR-US: Spring AMQP
+CVE-2021-22094
+ RESERVED
+CVE-2021-22093
+ RESERVED
+CVE-2021-22092
+ RESERVED
+CVE-2021-22091
+ RESERVED
+CVE-2021-22090
+ RESERVED
+CVE-2021-22089
+ RESERVED
+CVE-2021-22088
+ RESERVED
+CVE-2021-22087
+ RESERVED
+CVE-2021-22086
+ RESERVED
+CVE-2021-22085
+ RESERVED
+CVE-2021-22084
+ RESERVED
+CVE-2021-22083
+ RESERVED
+CVE-2021-22082
+ RESERVED
+CVE-2021-22081
+ RESERVED
+CVE-2021-22080
+ RESERVED
+CVE-2021-22079
+ RESERVED
+CVE-2021-22078
+ RESERVED
+CVE-2021-22077
+ RESERVED
+CVE-2021-22076
+ RESERVED
+CVE-2021-22075
+ RESERVED
+CVE-2021-22074
+ RESERVED
+CVE-2021-22073
+ RESERVED
+CVE-2021-22072
+ RESERVED
+CVE-2021-22071
+ RESERVED
+CVE-2021-22070
+ RESERVED
+CVE-2021-22069
+ RESERVED
+CVE-2021-22068
+ RESERVED
+CVE-2021-22067
+ RESERVED
+CVE-2021-22066
+ RESERVED
+CVE-2021-22065
+ RESERVED
+CVE-2021-22064
+ RESERVED
+CVE-2021-22063
+ RESERVED
+CVE-2021-22062
+ RESERVED
+CVE-2021-22061
+ RESERVED
+CVE-2021-22060 (In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...)
+ - libspring-java <unfixed>
+ [stretch] - libspring-java <end-of-life> (EOL'd for stretch)
+ NOTE: follow-up to CVE-2021-22096
+ NOTE: https://tanzu.vmware.com/security/cve-2021-22060
+CVE-2021-22059
+ RESERVED
+CVE-2021-22058
+ RESERVED
+CVE-2021-22057 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an aut ...)
+ NOT-FOR-US: VMware
+CVE-2021-22056 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity M ...)
+ NOT-FOR-US: VMware
+CVE-2021-22055
+ RESERVED
+CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
+ NOT-FOR-US: VMware
+CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
+ NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
+CVE-2021-22052
+ RESERVED
+CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
+ NOT-FOR-US: Spring Cloud Gateway
+CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...)
+ NOT-FOR-US: VMware
+CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
+ NOT-FOR-US: VMware
+CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
+ NOT-FOR-US: VMware
+CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older ...)
+ NOT-FOR-US: Spring Data REST
+CVE-2021-22046
+ RESERVED
+CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi6 ...)
+ NOT-FOR-US: VMware
+CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
+ NOT-FOR-US: Spring Cloud OpenFeign
+CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...)
+ NOT-FOR-US: VMware
+CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...)
+ NOT-FOR-US: VMware
+CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+ NOT-FOR-US: VMware
+CVE-2021-22039
+ RESERVED
+CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...)
+ NOT-FOR-US: InstallBuilder
+CVE-2021-22037 (Under certain circumstances, when manipulating the Windows registry, I ...)
+ NOT-FOR-US: InstallBuilder
+CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...)
+ NOT-FOR-US: VMware
+CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
+ NOT-FOR-US: VMware
+CVE-2021-22034 (Releases prior to VMware vRealize Operations Tenant App 8.6 contain an ...)
+ NOT-FOR-US: VMware
+CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...)
+ NOT-FOR-US: VMware
+CVE-2021-22032
+ RESERVED
+CVE-2021-22031
+ RESERVED
+CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...)
+ NOT-FOR-US: Greenplum
+CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...)
+ NOT-FOR-US: VMware
+CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...)
+ NOT-FOR-US: Greenplum
+CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
+ NOT-FOR-US: VMware
+CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
+ NOT-FOR-US: VMware
+CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) contains a brok ...)
+ NOT-FOR-US: VMware
+CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
+ NOT-FOR-US: VMware
+CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has insecure ob ...)
+ NOT-FOR-US: VMware
+CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
+ NOT-FOR-US: VMware
+CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...)
+ NOT-FOR-US: VMware
+CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...)
+ NOT-FOR-US: VMware
+CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...)
+ NOT-FOR-US: VMware
+CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...)
+ NOT-FOR-US: VMware
+CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...)
+ NOT-FOR-US: VMware
+CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...)
+ NOT-FOR-US: VMware
+CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...)
+ NOT-FOR-US: VMware
+CVE-2021-22014 (The vCenter Server contains an authenticated code execution vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-22013 (The vCenter Server contains a file path traversal vulnerability leadin ...)
+ NOT-FOR-US: VMware
+CVE-2021-22012 (The vCenter Server contains an information disclosure vulnerability du ...)
+ NOT-FOR-US: VMware
+CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint vulnerability ...)
+ NOT-FOR-US: VMware
+CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability in VPXD ...)
+ NOT-FOR-US: VMware
+CVE-2021-22009 (The vCenter Server contains multiple denial-of-service vulnerabilities ...)
+ NOT-FOR-US: VMware
+CVE-2021-22008 (The vCenter Server contains an information disclosure vulnerability in ...)
+ NOT-FOR-US: VMware
+CVE-2021-22007 (The vCenter Server contains a local information disclosure vulnerabili ...)
+ NOT-FOR-US: VMware
+CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass vulnerability due t ...)
+ NOT-FOR-US: VMware
+CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerability in ...)
+ NOT-FOR-US: VMware
+CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...)
+ - salt 3002.7+dfsg1-1 (unimportant; bug #994016)
+ NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
+ NOTE: Windows-specific
+CVE-2021-22003 (VMware Workspace ONE Access and Identity Manager, unintentionally prov ...)
+ NOT-FOR-US: VMware
+CVE-2021-22002 (VMware Workspace ONE Access and Identity Manager, allow the /cfg web a ...)
+ NOT-FOR-US: VMware
+CVE-2021-22001 (In UAA versions prior to 75.3.0, sensitive information like relaying s ...)
+ NOT-FOR-US: CloudFoundry
+CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vul ...)
+ NOT-FOR-US: VMware
+CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...)
+ NOT-FOR-US: VMware
+CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 ...)
+ NOT-FOR-US: VMware
+CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...)
+ NOT-FOR-US: VMware
+CVE-2021-21996 (An issue was discovered in SaltStack Salt before 3003.3. A user who ha ...)
+ {DSA-5011-1 DLA-2823-1}
+ - salt 3002.7+dfsg1-1 (bug #994016)
+ NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
+ NOTE: Fixed by https://github.com/saltstack/salt/commit/0b75ba190fda9c04cc026ad1aa4a6d572f40349b
+ NOTE: https://github.com/openSUSE/salt/commit/57ed9c41a177f57e3d56465662750617ac36cc95
+CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability due a he ...)
+ NOT-FOR-US: VMware
+CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...)
+ NOT-FOR-US: VMware
+CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request Forgery) vuln ...)
+ NOT-FOR-US: VMware
+CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...)
+ NOT-FOR-US: VMware
+CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...)
+ NOT-FOR-US: VMware
+CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior t ...)
+ NOT-FOR-US: VMware
+CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2021-21986 (The vSphere Client (HTML5) contains a vulnerability in a vSphere authe ...)
+ NOT-FOR-US: VMware
+CVE-2021-21985 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...)
+ NOT-FOR-US: VMware
+CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API ...)
+ NOT-FOR-US: vRealize Operations Manager API (Vmware)
+CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...)
+ NOT-FOR-US: VMware Carbon Black Cloud Workload appliance
+CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due to an i ...)
+ NOT-FOR-US: VMware
+CVE-2021-21980 (The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary ...)
+ NOT-FOR-US: VMware
+CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...)
+ NOT-FOR-US: Bitnami Containers
+CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...)
+ NOT-FOR-US: VMware View Planner
+CVE-2021-21977
+ RESERVED
+CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...)
+ NOT-FOR-US: vSphere Replication
+CVE-2021-21975 (Server Side Request Forgery in vRealize Operations Manager API (CVE-20 ...)
+ NOT-FOR-US: vRealize Operations Manager API (Vmware)
+CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...)
+ NOT-FOR-US: VMware
+ NOTE: Might affect src:openslp-dfsg, but removed years ago
+CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side Request Forge ...)
+ NOT-FOR-US: VMware
+CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...)
+ NOT-FOR-US: MikroTik RouterOS
+CVE-2021-3013 (ripgrep before 13 on Windows allows attackers to trigger execution of ...)
+ - rust-ripgrep <not-affected> (Only affects ripgrep on Windows)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0071.html
+CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...)
+ NOT-FOR-US: ESRI ArcGIS Online
+CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)
+ NOT-FOR-US: NXP
+CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...)
+ NOT-FOR-US: OpenText Content Server
+CVE-2021-3009
+ RESERVED
+CVE-2021-3008
+ RESERVED
+CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode function ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21970 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21967
+ RESERVED
+CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
+ NOT-FOR-US: Texas Instruments
+CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21963 (An information disclosure vulnerability exists in the Web Server funct ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA Update u- ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS functio ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the LLMNR f ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...)
+ NOT-FOR-US: Hancom Office 2020
+CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
+ NOT-FOR-US: Dream Report ODS Remote Connector
+CVE-2021-21956
+ RESERVED
+CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21953 (An authentication bypass vulnerability exists in the process_msg() fun ...)
+ NOT-FOR-US: Anker Eufy Homebase 2
+CVE-2021-21952 (An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RS ...)
+ NOT-FOR-US: Anker Eufy Homebase 2
+CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21949
+ RESERVED
+CVE-2021-21948
+ RESERVED
+CVE-2021-21947
+ RESERVED
+CVE-2021-21946
+ RESERVED
+CVE-2021-21945
+ RESERVED
+CVE-2021-21944
+ RESERVED
+CVE-2021-21943
+ RESERVED
+CVE-2021-21942
+ RESERVED
+CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21939
+ RESERVED
+CVE-2021-21938
+ RESERVED
+CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21935 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21934 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21933 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21932 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21931 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21930 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21929 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21928 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21927 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21926 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21925 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21924 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21923 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21922 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21921 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21920 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21919 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21918 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21917 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21914
+ RESERVED
+CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI getenv comma ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI setenv comma ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_server_68 ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
+ NOTE: librecad bundles libdxfrw
+ NOTE: https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
+CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...)
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
+ NOTE: librecad bundles libdxfrw
+ NOTE: https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
+CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...)
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349
+ NOTE: librecad bundles libdxfrw
+ NOTE: https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0
+CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...)
+ - dxflib 3.26.4-1
+ [bullseye] - dxflib <no-dsa> (Minor issue)
+ [buster] - dxflib <no-dsa> (Minor issue)
+ [stretch] - dxflib <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
+ NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
+ TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
+CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21888 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager FSBrowse ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager FsMove f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21884 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21883 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21882 (An OS command injection vulnerability exists in the Web Manager FsUnmo ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21881 (An OS command injection vulnerability exists in the Web Manager Wirele ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager FsCopyFi ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager File Upl ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager Applica ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21875 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21874 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21873 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21872 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
+ NOT-FOR-US: PowerISO
+CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21869 (An unsafe deserialization vulnerability exists in the Engine.plugin Pr ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21868 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21867 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21862 (Multiple exploitable integer truncation vulnerabilities exist within t ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/69ae9059fc
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21861 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21860 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21859 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21858 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21857 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21856 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/35c4644cb5
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21855 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21854 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21851 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21850 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21849 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21848 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21847 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21846 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21845 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21844 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21842 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21841 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21840 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21839 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21838 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21836 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21835 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21834 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21832 (A memory corruption vulnerability exists in the ISO Parsing functional ...)
+ NOT-FOR-US: Disc Soft Ltd Deamon Tools Pro
+CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21828 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21827 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21826 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21823 (An information disclosure vulnerability exists in the Friend finder fu ...)
+ NOT-FOR-US: GmbH Komoot
+CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF process_ ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21820 (A hard-coded password vulnerability exists in the Libcli Test Environm ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21819 (A code execution vulnerability exists in the Libcli Test Environment f ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21818 (A hard-coded password vulnerability exists in the Zebra IP Routing Man ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP Routing ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21811 (A memory corruption vulnerability exists in the XML-parsing CreateLabe ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...)
+ NOT-FOR-US: Moodle plugin
+CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
+CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php script fu ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21802 (This vulnerability is present in device_graph_page.php script, which i ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21801 (This vulnerability is present in device_graph_page.php script, which i ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php script ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.php scri ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...)
+ NOT-FOR-US: Nitro Pro PDF
+CVE-2021-21797 (An exploitable double-free vulnerability exists in the JavaScript impl ...)
+ NOT-FOR-US: Nitro Pro PDF
+CVE-2021-21796 (An exploitable use-after-free vulnerability exists in the JavaScript i ...)
+ NOT-FOR-US: Nitro Pro PDF
+CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_sample ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21793 (An out-of-bounds write vulnerability exists in the JPG sof_nb_comp hea ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21792 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21791 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21790 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 0x9c406144 ha ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21785 (An information disclosure vulnerability exists in the IOCTL 0x9c40a148 ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
+ - gsoap <unfixed> (unimportant)
+ NOTE: Mis-assignment/report, see #987273. Should be rejected
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
+CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...)
+ NOT-FOR-US: ImageGear
+CVE-2021-21781 (An information disclosure vulnerability exists in the ARM SIGPAGE func ...)
+ {DLA-2713-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243
+ NOTE: https://git.kernel.org/linus/9c698bff66ab4914bb3d71da7dc6112519bde23e
+CVE-2021-21780
+ RESERVED
+CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit&#8217;s Graphi ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [bullseye] - webkit2gtk <postponed> (Fix along with next update round)
+ [buster] - webkit2gtk <postponed> (Fix along with next update round)
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238
+CVE-2021-21778 (A denial of service vulnerability exists in the ASDU message processin ...)
+ NOT-FOR-US: MZ Automation GmbH lib60870.NET
+CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...)
+ NOT-FOR-US: EIP Stack Group OpENer
+CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
+ NOT-FOR-US: ImageGear
+CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events are pr ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [bullseye] - webkit2gtk <postponed> (Fix along with next update round)
+ [buster] - webkit2gtk <postponed> (Fix along with next update round)
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229
+CVE-2021-21774
+ REJECTED
+CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...)
+ NOT-FOR-US: ImageGear
+CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...)
+ {DSA-4887-1}
+ - lib3mf 1.8.1+ds-4 (bug #985092)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226
+CVE-2021-21771
+ RESERVED
+CVE-2021-21770
+ RESERVED
+CVE-2021-21769
+ RESERVED
+CVE-2021-21768
+ RESERVED
+CVE-2021-21767
+ RESERVED
+CVE-2021-21766
+ RESERVED
+CVE-2021-21765
+ RESERVED
+CVE-2021-21764
+ RESERVED
+CVE-2021-21763
+ RESERVED
+CVE-2021-21762
+ RESERVED
+CVE-2021-21761
+ RESERVED
+CVE-2021-21760
+ RESERVED
+CVE-2021-21759
+ RESERVED
+CVE-2021-21758
+ RESERVED
+CVE-2021-21757
+ RESERVED
+CVE-2021-21756
+ RESERVED
+CVE-2021-21755
+ RESERVED
+CVE-2021-21754
+ RESERVED
+CVE-2021-21753
+ RESERVED
+CVE-2021-21752
+ RESERVED
+CVE-2021-21751 (ZTE BigVideo analysis product has an input verification vulnerability. ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21750 (ZTE BigVideo Analysis product has a privilege escalation vulnerability ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21749 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21748 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21747 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21746 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21745 (ZTE MF971R product has a Referer authentication bypass vulnerability. ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21744 (ZTE MF971R product has a configuration file control vulnerability. An ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21743 (ZTE MF971R product has a CRLF injection vulnerability. An attacker cou ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21742 (There is an information leak vulnerability in the message service app ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...)
+ NOT-FOR-US: ZXCDN
+CVE-2021-21732 (A mobile phone of ZTE is impacted by improper access control vulnerabi ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages lack CSR ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21721
+ RESERVED
+CVE-2021-21720
+ RESERVED
+CVE-2021-21719
+ RESERVED
+CVE-2021-21718
+ RESERVED
+CVE-2021-21717
+ RESERVED
+CVE-2021-21716
+ RESERVED
+CVE-2021-21715
+ RESERVED
+CVE-2021-21714
+ RESERVED
+CVE-2021-21713
+ RESERVED
+CVE-2021-21712
+ RESERVED
+CVE-2021-21711
+ RESERVED
+CVE-2021-21710
+ RESERVED
+CVE-2021-21709
+ RESERVED
+CVE-2021-21708
+ RESERVED
+ {DSA-5082-1}
+ - php8.1 <unfixed>
+ - php7.4 <removed>
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.1.3, 7.4.28
+ NOTE: PHP Bug: https://bugs.php.net/81708
+CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...)
+ {DSA-5082-1}
+ - php8.1 8.1.0-1
+ - php8.0 <removed>
+ - php7.4 7.4.26-1
+ - php7.3 <removed>
+ [buster] - php7.3 <no-dsa> (Minor issue, fix along with next DSA)
+ - php7.0 <removed>
+ [stretch] - php7.0 <no-dsa> (Minor issue, fix along with next DLA)
+ NOTE: Fixed in 8.1.0, 8.0.13, 7.4.26, 7.3.33
+ NOTE: PHP Bug: https://bugs.php.net/79971
+ NOTE: https://github.com/php/php-src/commit/f15f8fc573eb38c3c73e23e0930063a6f6409ed4
+CVE-2021-21706 (In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ...)
+ - php8.0 <not-affected> (Windows specific issue)
+ - php7.4 <not-affected> (Windows specific issue)
+ - php7.3 <not-affected> (Windows specific issue)
+ - php7.0 <not-affected> (Windows specific issue)
+ NOTE: Fixed in 8.0.11, 7.4.24, 7.3.31
+ NOTE: PHP Bug: https://bugs.php.net/81420
+CVE-2021-21705 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...)
+ {DSA-4935-1 DLA-2708-1}
+ - php8.0 8.0.8-1 (bug #990575)
+ - php7.4 7.4.21-1+deb11u1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29
+ NOTE: PHP Bug: https://bugs.php.net/81122
+CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...)
+ {DSA-4935-1 DLA-2708-1}
+ - php8.0 8.0.8-1 (bug #990575)
+ - php7.4 7.4.21-1+deb11u1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29
+ NOTE: PHP Bug: https://bugs.php.net/76448
+ NOTE: PHP Bug: https://bugs.php.net/76449
+ NOTE: PHP Bug: https://bugs.php.net/76450
+ NOTE: PHP Bug: https://bugs.php.net/76452
+CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...)
+ {DSA-4993-1 DSA-4992-1 DLA-2794-1}
+ - php8.0 <removed>
+ - php7.4 7.4.26-1 (bug #997003)
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.0.12, 7.4.25
+ NOTE: PHP Bug: http://bugs.php.net/81026
+ NOTE: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
+ NOTE: https://www.ambionics.io/blog/php-fpm-local-root
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/7
+CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...)
+ {DSA-4856-1 DLA-2708-1}
+ - php8.0 8.0.2-1
+ - php7.4 7.4.15-1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27
+ NOTE: PHP Bug: https://bugs.php.net/80672
+CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure its XML ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of s ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the pa ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21697 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to ...)
+ - jenkins <removed>
+CVE-2021-21696 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agen ...)
+ - jenkins <removed>
+CVE-2021-21695 (FilePath#listFiles lists files outside directories that agents are all ...)
+ - jenkins <removed>
+CVE-2021-21694 (FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isD ...)
+ - jenkins <removed>
+CVE-2021-21693 (When creating temporary files, agent-to-controller access to create th ...)
+ - jenkins <removed>
+CVE-2021-21692 (FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and ...)
+ - jenkins <removed>
+CVE-2021-21691 (Creating symbolic links is possible without the 'symlink' agent-to-con ...)
+ - jenkins <removed>
+CVE-2021-21690 (Agent processes are able to completely bypass file path filtering by w ...)
+ - jenkins <removed>
+CVE-2021-21689 (FilePath#unzip and FilePath#untar were not subject to any agent-to-con ...)
+ - jenkins <removed>
+CVE-2021-21688 (The agent-to-controller security check FilePath#reading(FileVisitor) i ...)
+ - jenkins <removed>
+CVE-2021-21687 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...)
+ - jenkins <removed>
+CVE-2021-21686 (File path filters in the agent-to-controller security subsystem of Jen ...)
+ - jenkins <removed>
+CVE-2021-21685 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...)
+ - jenkins <removed>
+CVE-2021-21684 (Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 che ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21683 (The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier ...)
+ - jenkins <removed>
+CVE-2021-21682 (Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jo ...)
+ - jenkins <removed>
+CVE-2021-21681 (Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencry ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21680 (Jenkins Nested View Plugin 1.20 and earlier does not configure its XML ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21679 (Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21678 (Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs t ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21677 (Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenk ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21676 (Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a pe ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21675 (A cross-site request forgery (CSRF) vulnerability in Jenkins requests- ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21674 (A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21673 (Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21672 (Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21671 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate ...)
+ - jenkins <removed>
+CVE-2021-21670 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to can ...)
+ - jenkins <removed>
+CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...)
+ NOT-FOR-US: Jenkins Generic Webhook Trigger Plugin
+CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21666 (Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query paramete ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21665 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21664 (An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21663 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21662 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21661 (Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform perm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21654 (Jenkins P4 Plugin 1.11.4 and earlier does not perform permission check ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21653 (Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21652 (A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Te ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21651 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a perm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21650 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Ar ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21649 (Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs re ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21648 (Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-con ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21647 (Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a perm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21646 (Jenkins Templating Engine Plugin 2.1 and earlier does not protect its ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21645 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21644 (A cross-site request forgery (CSRF) vulnerability in Jenkins Config Fi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21643 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not correct ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21642 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not configu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins promoted ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21640 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly c ...)
+ - jenkins <removed>
+CVE-2021-21639 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate t ...)
+ - jenkins <removed>
+CVE-2021-21638 (A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foun ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21637 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21636 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21635 (Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21634 (Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier sto ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21633 (A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dep ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21632 (A missing permission check in Jenkins OWASP Dependency-Track Plugin 3. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21631 (Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a pe ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21630 (Jenkins Extra Columns Plugin 1.22 and earlier does not escape paramete ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21629 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Wit ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21628 (Jenkins Build With Parameters Plugin 1.5 and earlier does not escape p ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21627 (A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt A ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21626 (Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not per ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21625 (Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not per ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21624 (An incorrect permission check in Jenkins Role-based Authorization Stra ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21623 (An incorrect permission check in Jenkins Matrix Authorization Strategy ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21622 (Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does no ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21621 (Jenkins Support Core Plugin 2.72 and earlier provides the serialized u ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21620 (A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21619 (Jenkins Claim Plugin 2.18.1 and earlier does not escape the user displ ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21618 (Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21617 (A cross-site request forgery (CSRF) vulnerability in Jenkins Configura ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21616 (Jenkins Active Choices Plugin 2.5.2 and earlier does not escape refere ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...)
+ - jenkins <removed>
+CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials u ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS servic ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21612 (Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credenti ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21611 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape dis ...)
+ - jenkins <removed>
+CVE-2021-21610 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement ...)
+ - jenkins <removed>
+CVE-2021-21609 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly ...)
+ - jenkins <removed>
+CVE-2021-21608 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape but ...)
+ - jenkins <removed>
+CVE-2021-21607 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit size ...)
+ - jenkins <removed>
+CVE-2021-21606 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validate ...)
+ - jenkins <removed>
+CVE-2021-21605 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with A ...)
+ - jenkins <removed>
+CVE-2021-21604 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers wi ...)
+ - jenkins <removed>
+CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape not ...)
+ - jenkins <removed>
+CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...)
+ - jenkins <removed>
+CVE-2021-21601 (Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and p ...)
+ NOT-FOR-US: EMC
+CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource co ...)
+ NOT-FOR-US: EMC
+CVE-2021-21599 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS comma ...)
+ NOT-FOR-US: EMC
+CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2021-21597 (Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclo ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenMan ...)
+ NOT-FOR-US: Dell OpenManage Enterprise
+CVE-2021-21595 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper ...)
+ NOT-FOR-US: EMC
+CVE-2021-21594 (Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get re ...)
+ NOT-FOR-US: Dell
+CVE-2021-21593
+ RESERVED
+CVE-2021-21592 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an ...)
+ NOT-FOR-US: EMC
+CVE-2021-21591 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21590 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...)
+ NOT-FOR-US: EMC
+CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a full pat ...)
+ NOT-FOR-US: Dell
+CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...)
+ NOT-FOR-US: Dell
+CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS comma ...)
+ NOT-FOR-US: Dell OpenManage Enterprise
+CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modul ...)
+ NOT-FOR-US: Dell OpenManage Enterprise
+CVE-2021-21583
+ RESERVED
+CVE-2021-21582
+ RESERVED
+CVE-2021-21581 (Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scri ...)
+ NOT-FOR-US: EMC
+CVE-2021-21580 (Dell EMC iDRAC8 versions prior to 2.80.80.80 &amp; Dell EMC iDRAC9 ver ...)
+ NOT-FOR-US: EMC
+CVE-2021-21579 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...)
+ NOT-FOR-US: EMC
+CVE-2021-21578 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...)
+ NOT-FOR-US: EMC
+CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21575
+ RESERVED
+CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ NOT-FOR-US: Dell
+CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ NOT-FOR-US: Dell
+CVE-2021-21572 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ NOT-FOR-US: Dell
+CVE-2021-21571 (Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature a ...)
+ NOT-FOR-US: Dell
+CVE-2021-21570 (Dell NetWorker, versions 18.x and 19.x contain an Information disclosu ...)
+ NOT-FOR-US: Dell
+CVE-2021-21569 (Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulner ...)
+ NOT-FOR-US: Dell
+CVE-2021-21568 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficie ...)
+ NOT-FOR-US: EMC
+CVE-2021-21567 (Dell PowerScale OneFS 9.1.0.x contains an improper privilege managemen ...)
+ NOT-FOR-US: Dell
+CVE-2021-21566
+ RESERVED
+CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...)
+ NOT-FOR-US: Dell
+CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper ...)
+ NOT-FOR-US: Dell
+CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...)
+ NOT-FOR-US: EMC
+CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...)
+ NOT-FOR-US: EMC
+CVE-2021-21561 (Dell PowerScale OneFS version 8.1.2 contains a sensitive information e ...)
+ NOT-FOR-US: Dell
+CVE-2021-21560
+ RESERVED
+CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...)
+ NOT-FOR-US: EMC
+CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...)
+ NOT-FOR-US: Dell
+CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
+ NOT-FOR-US: Dell
+CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
+ NOT-FOR-US: Dell
+CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
+ NOT-FOR-US: Dell
+CVE-2021-21553 (Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User M ...)
+ NOT-FOR-US: Dell
+CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...)
+ NOT-FOR-US: Dell
+CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
+ NOT-FOR-US: Dell
+CVE-2021-21550 (Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralizati ...)
+ NOT-FOR-US: EMC
+CVE-2021-21549 (Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Reque ...)
+ NOT-FOR-US: EMC
+CVE-2021-21548
+ RESERVED
+CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 c ...)
+ NOT-FOR-US: EMC
+CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation for a lo ...)
+ NOT-FOR-US: Dell
+CVE-2021-21544 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authe ...)
+ NOT-FOR-US: EMC
+CVE-2021-21543 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored c ...)
+ NOT-FOR-US: EMC
+CVE-2021-21542 (Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored c ...)
+ NOT-FOR-US: EMC
+CVE-2021-21541 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21540 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based ove ...)
+ NOT-FOR-US: EMC
+CVE-2021-21539 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check T ...)
+ NOT-FOR-US: EMC
+CVE-2021-21538 (Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21535 (Dell Hybrid Client versions prior to 1.5 contain a missing authenticat ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21534 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21533 (Wyse Management Suite versions up to 3.2 contains a vulnerability wher ...)
+ NOT-FOR-US: Wyse Management Suite
+CVE-2021-21532 (Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper manageme ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2021-21531 (Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Autho ...)
+ NOT-FOR-US: Dell
+CVE-2021-21530 (Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 c ...)
+ NOT-FOR-US: Dell
+CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a denial of ...)
+ NOT-FOR-US: Dell System Update (DSU)
+CVE-2021-21528 (Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an ...)
+ NOT-FOR-US: EMC
+CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization o ...)
+ NOT-FOR-US: Dell
+CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in ...)
+ NOT-FOR-US: Dell PowerScale OneFS
+CVE-2021-21525
+ RESERVED
+CVE-2021-21524 (Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5. ...)
+ NOT-FOR-US: Dell
+CVE-2021-21523
+ RESERVED
+CVE-2021-21522 (Dell BIOS contains a Credentials Management issue. A local authenticat ...)
+ NOT-FOR-US: Dell
+CVE-2021-21521
+ RESERVED
+CVE-2021-21520
+ RESERVED
+CVE-2021-21519
+ RESERVED
+CVE-2021-21518 (Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4. ...)
+ NOT-FOR-US: Dell SupportAssist Client for Consumer PCs
+CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity Injection ...)
+ NOT-FOR-US: SRS Policy Manager
+CVE-2021-21516
+ RESERVED
+CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21514 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior ...)
+ NOT-FOR-US: EMC
+CVE-2021-21513 (Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft ...)
+ NOT-FOR-US: EMC
+CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...)
+ NOT-FOR-US: EMC
+CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...)
+ NOT-FOR-US: EMC Avamar Server
+CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host header inject ...)
+ NOT-FOR-US: Dell iDRAC8
+CVE-2021-21509
+ RESERVED
+CVE-2021-21508
+ RESERVED
+CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and De ...)
+ NOT-FOR-US: EMC
+CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
+ NOT-FOR-US: PowerScale OneFS
+CVE-2021-21505 (Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 190 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21504
+ RESERVED
+CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
+ NOT-FOR-US: PowerScale OneFS
+CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 &#8211; 9.1.0 contain a "use of S ...)
+ NOT-FOR-US: Dell
+CVE-2021-21501 (Improper configuration will cause ServiceComb ServiceCenter Directory ...)
+ NOT-FOR-US: Apache ServiceComb
+CVE-2021-21500
+ RESERVED
+CVE-2021-21499
+ RESERVED
+CVE-2021-21498
+ RESERVED
+CVE-2021-21497
+ RESERVED
+CVE-2021-21496
+ RESERVED
+CVE-2021-3007 (** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Fr ...)
+ NOT-FOR-US: laminas-http
+CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the ce ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2021-3006 (The breed function in the smart contract implementation for Farm in Se ...)
+ NOT-FOR-US: Farm in Seal Finance (Seal) Ethereum token
+CVE-2021-3005 (MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2021-3004 (The _deposit function in the smart contract implementation for Stable ...)
+ NOT-FOR-US: Stable Yield Credit (yCREDIT) Ethereum token
+CVE-2021-3003 (Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenzi ...)
+ NOT-FOR-US: Agenzia delle Entrate Desktop Telematico
+CVE-2021-3002 (Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?se ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-3001
+ RESERVED
+CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, ...)
+ NOT-FOR-US: SAP
+CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...)
+ NOT-FOR-US: SAP
+CVE-2021-21490 (SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, ...)
+ NOT-FOR-US: SAP
+CVE-2021-21489 (SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.3 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allow ...)
+ NOT-FOR-US: Knowledge Management
+CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary authorizati ...)
+ NOT-FOR-US: SAP
+CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator to inv ...)
+ NOT-FOR-US: SAP
+CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...)
+ NOT-FOR-US: SAP
+CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...)
+ NOT-FOR-US: SAP
+CVE-2021-21482 (SAP NetWeaver Master Data Management, versions - 710, 710.750, allows ...)
+ NOT-FOR-US: SAP
+CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...)
+ NOT-FOR-US: SAP
+CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...)
+ NOT-FOR-US: SAP
+CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...)
+ NOT-FOR-US: SAP
+CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...)
+ NOT-FOR-US: SAP
+CVE-2021-21476 (SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...)
+ NOT-FOR-US: SAP
+CVE-2021-21473 (SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...)
+ NOT-FOR-US: SAP
+CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...)
+ NOT-FOR-US: CLA-Assistant
+CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in ...)
+ NOT-FOR-US: SAP
+CVE-2021-21469 (When security guidelines for SAP NetWeaver Master Data Management runn ...)
+ NOT-FOR-US: SAP
+CVE-2021-21468 (The BW Database Interface does not perform necessary authorization che ...)
+ NOT-FOR-US: SAP
+CVE-2021-21467 (SAP Banking Services (Generic Market Data) does not perform necessary ...)
+ NOT-FOR-US: SAP
+CVE-2021-21466 (SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 75 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21465 (The BW Database Interface allows an attacker with low privileges to ex ...)
+ NOT-FOR-US: SAP
+CVE-2021-21464 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21463 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21462 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21461 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21460 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21459 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21458 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21457 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21456 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21455 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21454 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21453 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21452 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21451 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21450 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21449 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21448 (SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon ...)
+ NOT-FOR-US: SAP
+CVE-2021-21447 (SAP BusinessObjects Business Intelligence platform, versions 410, 420, ...)
+ NOT-FOR-US: SAP
+CVE-2021-21446 (SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, all ...)
+ NOT-FOR-US: SAP
+CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an ...)
+ NOT-FOR-US: SAP
+CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...)
+ NOT-FOR-US: SAP
+CVE-2021-21443 (Agents are able to list customer user emails without required permissi ...)
+ - otrs2 6.0.32-6 (bug #991593)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/
+ NOTE: https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...)
+ NOT-FOR-US: OTRS TimeAccounting module
+CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...)
+ - otrs2 6.0.32-5 (bug #989992)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
+ NOTE: src:otrs2 is the znuny fork)
+CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...)
+ - otrs2 6.0.32-6 (bug #991593)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
+ NOTE: https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...)
+ - otrs2 6.0.32-5 (bug #989992)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
+ NOTE: src:otrs2 is the znuny fork)
+CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...)
+ NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary)
+CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which ...)
+ NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
+CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...)
+ NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
+CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
+ - otrs2 <not-affected> (Doesn't affect OTRS as packaged in Debian, see bug #982586)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/
+CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...)
+ NOT-FOR-US: OTRS Survey addon
+CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your reconnaissanc ...)
+ NOT-FOR-US: Discord Recon Server
+CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
+ NOT-FOR-US: Vela
+CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior ...)
+ NOT-FOR-US: sopel-channelmgnt
+CVE-2021-21430 (OpenAPI Generator allows generation of API client libraries (SDK gener ...)
+ NOT-FOR-US: OpenAPI Generator
+CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries, server st ...)
+ NOT-FOR-US: OpenAPI Generator
+CVE-2021-21428 (Openapi generator is a java tool which allows generation of API client ...)
+ NOT-FOR-US: OpenAPI Generator
+CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
+ NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
+CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
+ NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
+CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...)
+ NOT-FOR-US: Grav Admin Plugin
+CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...)
+ - symfony 4.4.19+dfsg-2
+ [buster] - symfony <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - symfony <postponed> (Minor issue)
+ NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms
+ NOTE: https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f
+CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...)
+ NOT-FOR-US: projen
+CVE-2021-21422 (mongo-express is a web-based MongoDB admin interface, written with Nod ...)
+ NOT-FOR-US: mongo-express
+CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...)
+ NOT-FOR-US: node-etsy-client
+CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...)
+ NOT-FOR-US: vscode-stripe Visual Studio Code extension
+CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websocket pe ...)
+ - python-eventlet 0.26.1-7 (bug #988342)
+ [buster] - python-eventlet <no-dsa> (Minor issue)
+ [stretch] - python-eventlet <no-dsa> (Minor issue)
+ NOTE: https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2
+ NOTE: Fixed by: https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07
+ NOTE: Issue present as well in versions before introduction of per-message-defalte extension
+ NOTE: or compression extension support.
+ NOTE: Patch for 0.20 by SuSE: https://bugzilla.suse.com/attachment.cgi?id=849402&action=diff
+CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...)
+ {DLA-2697-1}
+ - fluidsynth 2.1.7-1.1
+ [buster] - fluidsynth 1.1.11-1+deb10u1
+ NOTE: https://github.com/FluidSynth/fluidsynth/issues/808
+ NOTE: https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
+CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...)
+ - python-django-registration <unfixed> (bug #987366)
+ [stretch] - python-django-registration <no-dsa> (Minor issue)
+ NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh
+ NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
+CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files. This is a R ...)
+ NOT-FOR-US: Prisma VS Code a VSCode extension
+CVE-2021-21414 (Prisma is an open source ORM for Node.js &amp; TypeScript. As of today ...)
+ NOT-FOR-US: Prisma
+CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
+ NOT-FOR-US: Node isolated-vm
+CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
+ NOT-FOR-US: Node @thi.ng/egf
+CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
+ - oauth2-proxy <itp> (bug #982891)
+CVE-2021-21410 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...)
+ {DSA-4885-1}
+ - netty 1:4.1.48-4 (bug #986217)
+ [stretch] - netty <ignored> (Minor issue, fix requires major changes of HTTP2 module)
+ NOTE: Fixed by: https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
+ NOTE: Is a followup to: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
+CVE-2021-21408 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ - smarty3 <unfixed>
+ NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m
+ NOTE: https://github.com/smarty-php/smarty/commit/28519ca00fe6890ef2d464f8400a16188c4b6f36 (3.1.43)
+CVE-2021-21407 (Combodo iTop is an open source, web based IT Service Management tool. ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-21406 (Combodo iTop is an open source, web based IT Service Management tool. ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in Go. BLS ...)
+ NOT-FOR-US: Lotus
+CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Syncthing b ...)
+ - syncthing 1.12.1~ds1-3 (bug #986593)
+ [buster] - syncthing <no-dsa> (Minor issue)
+ [stretch] - syncthing <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h
+ NOTE: https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97
+CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...)
+ NOT-FOR-US: kongchuanhujiao
+CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...)
+ NOT-FOR-US: Jellyfin
+CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
+ - nanopb 0.4.4-2 (bug #985844)
+ NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88
+ NOTE: https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261
+CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure collaborati ...)
+ NOT-FOR-US: wire-webapp
+CVE-2021-21399 (Ampache is a web based audio/video streaming application and file mana ...)
+ - ampache <removed>
+CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21397
+ RESERVED
+CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
+ NOT-FOR-US: wire-server
+CVE-2021-21395
+ RESERVED
+CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.28.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
+CVE-2021-21393 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.28.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
+CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.28.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
+CVE-2021-21391 (CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the f ...)
+ - ckeditor <unfixed>
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <not-affected> (Introduced in ckeditor5 rewrite)
+ NOTE: https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj
+CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...)
+ NOT-FOR-US: MinIO
+CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
+ NOT-FOR-US: BuddyPress WordPress plugin
+CVE-2021-21388 (systeminformation is an open source system and OS information library ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
+ NOT-FOR-US: Wrongthink
+CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...)
+ NOT-FOR-US: APKLeaks
+CVE-2021-21385 (Mifos-Mobile Android Application for MifosX is an Android Application ...)
+ NOT-FOR-US: Mifos-Mobile Android Application
+CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In shescape ...)
+ NOT-FOR-US: shescape
+CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-21382 (Restund is an open source NAT traversal server. The restund TURN serve ...)
+ - restund <itp> (bug #804846)
+CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...)
+ NOT-FOR-US: OMERO.web
+CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...)
+ NOT-FOR-US: OMERO.web
+CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2665-1 DLA-2636-1}
+ - pjproject <removed>
+ - ring 20210112.2.b757bac~ds1-1 (bug #986815)
+ [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
+ NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
+CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+ - nim 1.4.6+really1.4.2-1 (bug #987272)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
+ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze
+CVE-2021-21373 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+ - nim 1.4.6+really1.4.2-1 (bug #987272)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
+ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze
+CVE-2021-21372 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+ - nim 1.4.6+really1.4.2-1 (bug #987272)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
+ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze
+CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...)
+ NOT-FOR-US: Tenable for Jira Cloud
+CVE-2021-21370 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...)
+ NOT-FOR-US: Hyperledger Besu
+CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...)
+ NOT-FOR-US: Node msgpack5
+CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and be ...)
+ NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS
+CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
+ - node-xmldom 0.5.0-1
+ [buster] - node-xmldom <no-dsa> (Minor issue)
+ NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
+ NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
+CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered that re ...)
+ NOT-FOR-US: Typo3 theme
+CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...)
+ - swagger-codegen <itp> (bug #950318)
+CVE-2021-21363 (swagger-codegen is an open-source project which contains a template-dr ...)
+ - swagger-codegen <itp> (bug #950318)
+CVE-2021-21362 (MinIO is an open-source high performance object storage service and it ...)
+ NOT-FOR-US: MinIO
+CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an inf ...)
+ NOT-FOR-US: gradle-vagrant-plugin
+CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...)
+ NOT-FOR-US: Products.GenericSetup
+CVE-2021-21359 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21358 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21357 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21356
+ RESERVED
+CVE-2021-21355 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21354 (Pollbot is open source software which "frees its human masters from th ...)
+ NOT-FOR-US: Pollbot
+CVE-2021-21353 (Pug is an npm package which is a high-performance template engine. In ...)
+ NOT-FOR-US: Node pug
+CVE-2021-21352 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-21351 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c
+CVE-2021-21350 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq
+CVE-2021-21349 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv
+CVE-2021-21348 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq
+CVE-2021-21347 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f
+CVE-2021-21346 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr
+CVE-2021-21345 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4
+CVE-2021-21344 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3
+CVE-2021-21343 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-74cv-f58x-f9wf
+CVE-2021-21342 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m
+CVE-2021-21341 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh
+CVE-2021-21340 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21339 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21338 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
+ NOT-FOR-US: Products.PluggableAuthService
+CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
+ NOT-FOR-US: Products.PluggableAuthService
+CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-n ...)
+ NOT-FOR-US: Nginx addon for SPNEGO auth
+CVE-2021-21334 (In containerd (an industry-standard container runtime) before versions ...)
+ - containerd 1.4.4~ds1-1
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
+CVE-2021-21333 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.27.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm
+CVE-2021-21332 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.27.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899
+CVE-2021-21331 (The Java client for the Datadog API before version 1.0.0-beta.9 has a ...)
+ NOT-FOR-US: Java client for Datadog API
+CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-4864-1}
+ - python-aiohttp 3.7.4-1
+ [stretch] - python-aiohttp <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/aio-libs/aiohttp/issues/5497
+ NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
+ NOTE: https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25
+ NOTE: https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b
+CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security Capture t ...)
+ NOT-FOR-US: RATCF
+CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version 4.40.1, th ...)
+ NOT-FOR-US: Vapor
+CVE-2021-21327 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw7-w2m4-rjwp
+CVE-2021-21326 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh
+CVE-2021-21325 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-m574-f3jw-pwrf
+CVE-2021-21324 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-jvwm-gq36-3v7v
+CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin for pro ...)
+ NOT-FOR-US: fastify-http-proxy
+CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin to forw ...)
+ NOT-FOR-US: Node fastify-reply-from
+CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...)
+ NOT-FOR-US: Node matrix-react-sdk
+CVE-2021-21319 (Galette is a membership management web application geared towards non ...)
+ - galette <removed>
+CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...)
+ NOT-FOR-US: Opencast
+CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...)
+ NOT-FOR-US: Node uap-core
+CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...)
+ NOT-FOR-US: less-openui5 npm package
+CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg
+CVE-2021-21313 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-h4hj-mrpg-xfgx
+CVE-2021-21312 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2
+CVE-2021-21311 (Adminer is an open-source database management in a single PHP file. In ...)
+ {DLA-2580-1}
+ - adminer 4.7.9-1
+ [buster] - adminer <no-dsa> (Minor issue)
+ NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
+ NOTE: https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 (v4.7.9)
+CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solution for ...)
+ NOT-FOR-US: NextAuth.js
+CVE-2021-21309 (Redis is an open-source, in-memory database that persists on disk. In ...)
+ {DLA-2576-1}
+ - redis 5:6.0.11-1 (bug #983446)
+ [buster] - redis 5:5.0.3-4+deb10u3
+ NOTE: https://github.com/redis/redis/pull/8522
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf
+CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...)
+ NOT-FOR-US: Lucee Server
+CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...)
+ - node-marked <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
+ NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
+CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
+ - ruby-carrierwave <unfixed> (bug #982551)
+ [buster] - ruby-carrierwave <no-dsa> (Minor issue)
+ [stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7
+CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...)
+ NOT-FOR-US: Dynamoose
+CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...)
+ NOT-FOR-US: Wire
+CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...)
+ - git 1:2.30.2-1 (bug #985120)
+ [buster] - git <no-dsa> (Minor issue)
+ [stretch] - git <no-dsa> (Minor issue)
+ NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?h=v2.30.2&id=684dd4c2b414bcf648505e74498a608f28de4592
+CVE-2021-21298 (Node-Red is a low-code programming for event-driven applications built ...)
+ NOT-FOR-US: Node-Red
+CVE-2021-21297 (Node-Red is a low-code programming for event-driven applications built ...)
+ NOT-FOR-US: Node-Red
+CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...)
+ NOT-FOR-US: Fleet
+CVE-2021-21295 (Netty is an open-source, asynchronous event-driven network application ...)
+ {DSA-4885-1}
+ - netty 1:4.1.48-3 (bug #984948)
+ [stretch] - netty <ignored> (Minor issue, fix requires major changes of HTTP2 module)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
+ NOTE: https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4
+CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...)
+ NOT-FOR-US: Http4s
+CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...)
+ NOT-FOR-US: blaez
+CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...)
+ NOT-FOR-US: Traccar
+CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...)
+ - oauth2-proxy <itp> (bug #982891)
+CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...)
+ {DSA-4885-1 DLA-2555-1}
+ - netty 1:4.1.48-2 (bug #982580)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
+ NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
+CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...)
+ {DLA-2561-1}
+ - ruby-mechanize 2.7.7-1
+ [buster] - ruby-mechanize 2.7.6-1+deb10u1
+ NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
+ NOTE: https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/2ac906b26f4a565a0af92df5fb9c8a36c2b75375 (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/f43a3952ab39341136656b0a8b2c8597ba1b4adc (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/b48b12f5db33c5a94a14dfcab8adf3e73cfa0388 (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7)
+ NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7)
+CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
+ - ruby-carrierwave 1.3.2-1 (bug #982552)
+ [buster] - ruby-carrierwave <no-dsa> (Minor issue)
+ [stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0
+CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...)
+ - minio <itp> (bug #859207)
+CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...)
+ NOT-FOR-US: AVideo Platform
+CVE-2021-21285 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...)
+ {DSA-4865-1}
+ - docker.io 20.10.3+dfsg1-1
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
+ NOTE: https://github.com/moby/moby/commit/420b1d36250f9cfdc561f086f25a213ecb669b6f (v19.03)
+CVE-2021-21284 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...)
+ {DSA-4865-1}
+ - docker.io 20.10.3+dfsg1-1
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
+ NOTE: https://github.com/moby/moby/commit/1342c51d5e809d2994e6f7e490c8d2b3b12c28ae (v19.03)
+ NOTE: https://github.com/moby/moby/commit/5eff67a2c294b7e72607e0949ebc0de21710e4d3 (v19.03)
+ NOTE: https://github.com/moby/moby/commit/67de83e70bca92ae6a08e28a03b3fc8fcca9f3f1 (v19.03)
+CVE-2021-21283 (Flarum is an open source discussion platform for websites. The "Flarum ...)
+ NOT-FOR-US: Flarum
+CVE-2021-21282 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21281 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21280 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21279 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed generat ...)
+ NOT-FOR-US: RSSHub
+CVE-2021-21277 (angular-expressions is "angular's nicest part extracted as a standalon ...)
+ NOT-FOR-US: angular-expressions
+CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3.0, a ...)
+ NOT-FOR-US: Polr
+CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...)
+ NOT-FOR-US: MediaWiki Report extention
+CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.25.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
+ NOTE: https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
+CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.25.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p
+ NOTE: https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746
+CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...)
+ NOT-FOR-US: ORAS
+CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...)
+ NOT-FOR-US: Tendermint
+CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...)
+ NOT-FOR-US: OctopusDSC
+CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...)
+ NOT-FOR-US: Keymaker
+CVE-2021-21268
+ RESERVED
+CVE-2021-21267 (Schema-Inspector is an open-source tool to sanitize and validate JS ob ...)
+ NOT-FOR-US: Node schema-inspector
+CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automation sof ...)
+ NOT-FOR-US: openHAB
+CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2021-21264 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2021-21262
+ RESERVED
+CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean ...)
+ NOT-FOR-US: Online Invoicing System (OIS)
+CVE-2021-21259 (HedgeDoc is open source software which lets you create real-time colla ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-21258 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx
+ NOTE: https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15
+CVE-2021-21257 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21256
+ RESERVED
+CVE-2021-21255 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j
+ NOTE: https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc
+CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a modular ...)
+ NOT-FOR-US: CKEditor 5 Markdown plugin
+CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...)
+ NOT-FOR-US: OnlineVotingSystem
+CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
+ - civicrm <unfixed> (bug #980892)
+ [bullseye] - civicrm <no-dsa> (Minor issue)
+ - otrs2 6.0.32-4 (bug #980891)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
+ - phpmyadmin 4:5.0.4+dfsg2-2
+ [stretch] - phpmyadmin <no-dsa> (Minor issue; barely an issue in the phpmyadmin package)
+ NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
+ NOTE: not packaged, but civicrm, otrs2, and phpmyadmin embed a copy
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171
+CVE-2021-21251 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21250 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21249 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21248 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21247 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21246 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21245 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21244 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21243 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21242 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding security fe ...)
+ - flask-security 4.0.0-1 (bug #980189)
+ [buster] - flask-security <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv
+ NOTE: https://github.com/Flask-Middleware/flask-security/issues/421
+ NOTE: https://github.com/Flask-Middleware/flask-security/pull/422
+ NOTE: https://github.com/Flask-Middleware/flask-security/commit/c05afe837e83f20f59c0fb409ce1240341d1ec41 (master)
+ NOTE: https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f (3.4.5)
+CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In httplib ...)
+ - python-httplib2 0.20.2-1 (bug #982738)
+ [bullseye] - python-httplib2 <no-dsa> (Minor issue)
+ [buster] - python-httplib2 <no-dsa> (Minor issue)
+ [stretch] - python-httplib2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
+ NOTE: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc (v0.19.0)
+ NOTE: https://github.com/httplib2/httplib2/pull/182
+CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
+ {DLA-2577-1}
+ - python-pysaml2 6.5.1-1 (bug #980772)
+ NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62
+ NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737
+CVE-2021-21238 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
+ - python-pysaml2 6.5.1-1 (bug #980773)
+ [stretch] - python-pysaml2 <ignored> (python3-xmlschema not available in stretch for fix)
+ NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9
+ NOTE: https://github.com/IdentityPython/pysaml2/commit/3b707723dcf1bf60677b424aac398c0c3557641d
+CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...)
+ - git-lfs <not-affected> (Windows-specific)
+ NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5
+CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...)
+ - cairosvg 2.5.0-1.1 (bug #979597)
+ [buster] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
+ [stretch] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
+ NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf
+ NOTE: Introduced by: https://github.com/Kozea/CairoSVG/commit/4f14d2e8f2d7f9b534c5342e26519b7c27386a81
+ NOTE: Fixed by: https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1)
+CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...)
+ - rust-kamadak-exif <unfixed> (bug #985309)
+ NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2
+CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple logfile v ...)
+ NOT-FOR-US: Spring actuator logview
+CVE-2021-21233 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90. ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21232 (Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 all ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21231 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21230 (Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21229 (Incorrect security UI in downloads in Google Chrome on Android prior t ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21228 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21227 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21226 (Use after free in navigation in Google Chrome prior to 90.0.4430.85 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21225 (Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430. ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21224 (Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21223 (Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowe ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21222 (Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allo ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21221 (Insufficient validation of untrusted input in Mojo in Google Chrome pr ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21220 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21219 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21218 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21217 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21216 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21215 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21214 (Use after free in Network API in Google Chrome prior to 90.0.4430.72 a ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21213 (Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allow ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21212 (Incorrect security UI in Network Config UI in Google Chrome on ChromeO ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21211 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21210 (Inappropriate implementation in Network in Google Chrome prior to 90.0 ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21209 (Inappropriate implementation in storage in Google Chrome prior to 90.0 ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21208 (Insufficient data validation in QR scanner in Google Chrome on iOS pri ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21207 (Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 all ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21206 (Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowe ...)
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21205 (Insufficient policy enforcement in navigation in Google Chrome on iOS ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21204 (Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21203 (Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21202 (Use after free in extensions in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21201 (Use after free in permissions in Google Chrome prior to 90.0.4430.72 a ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21200
+ RESERVED
+CVE-2021-21199 (Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.11 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21198 (Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allo ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21197 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.1 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21196 (Heap buffer overflow in TabStrip in Google Chrome on Windows prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21195 (Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21194 (Use after free in screen sharing in Google Chrome prior to 89.0.4389.1 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21193 (Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.90-1 (bug #985142)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21192 (Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.90-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21191 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowe ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.90-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21187 (Insufficient data validation in URL formatting in Google Chrome prior ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google Chrome on iOS ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21184 (Inappropriate implementation in performance APIs in Google Chrome prio ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21183 (Inappropriate implementation in performance APIs in Google Chrome prio ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21182 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21180 (Use after free in tab search in Google Chrome prior to 89.0.4389.72 al ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome on Linux ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21176 (Inappropriate implementation in full screen mode in Google Chrome prio ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21175 (Inappropriate implementation in Site isolation in Google Chrome prior ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome prior to 89. ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21173 (Side-channel information leakage in Network Internals in Google Chrome ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21172 (Insufficient policy enforcement in File System API in Google Chrome on ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google Chrome on A ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389. ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 all ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome on iOS ...)
+ - chromium <not-affected> (MacOS specific)
+CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome on iOS pr ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowe ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21158
+ RESERVED
+ - chromium <not-affected> (MacOS specific)
+CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior to 88.0. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 all ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux prior t ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21151 (Use after free in Payments in Google Chrome prior to 88.0.4324.182 all ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior to 88.0. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on Linux prior ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 all ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.150-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to 88.0.43 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21146 (Use after free in Navigation in Google Chrome prior to 88.0.4324.146 a ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21145 (Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowe ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21144 (Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21143 (Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21142 (Use after free in Payments in Google Chrome on Mac prior to 88.0.4324. ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21141 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21140 (Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowe ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21139 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21138 (Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allo ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21137 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21136 (Insufficient policy enforcement in WebView in Google Chrome on Android ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21135 (Inappropriate implementation in Performance API in Google Chrome prior ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21134 (Incorrect security UI in Page Info in Google Chrome on iOS prior to 88 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21133 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21132 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21131 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21130 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21129 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21128 (Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 a ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21127 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21126 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21125 (Insufficient policy enforcement in File System API in Google Chrome on ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21124 (Potential user after free in Speech Recognizer in Google Chrome on And ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21123 (Insufficient data validation in File System API in Google Chrome prior ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21122 (Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21121 (Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21120 (Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowe ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21119 (Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21118 (Insufficient data validation in V8 in Google Chrome prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21117 (Insufficient policy enforcement in Cryptohome in Google Chrome prior t ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21116 (Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21115 (User after free in safe browsing in Google Chrome prior to 87.0.4280.1 ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21114 (Use after free in audio in Google Chrome prior to 87.0.4280.141 allowe ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21113 (Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 a ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21112 (Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowe ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21111 (Insufficient policy enforcement in WebUI in Google Chrome prior to 87. ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21110 (Use after free in safe browsing in Google Chrome prior to 87.0.4280.14 ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21109 (Use after free in payments in Google Chrome prior to 87.0.4280.141 all ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21108 (Use after free in media in Google Chrome prior to 87.0.4280.141 allowe ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21107 (Use after free in drag and drop in Google Chrome on Linux prior to 87. ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21106 (Use after free in autofill in Google Chrome prior to 87.0.4280.141 all ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21105 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21104 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21103 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a Path Tra ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21099 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21098 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21097
+ RESERVED
+CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21095 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21094 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21093 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path travers ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Acrobat
+CVE-2021-21088
+ RESERVED
+CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21083 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21081
+ RESERVED
+CVE-2021-21080 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21079 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21078 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21077 (Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21076 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21075 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21074 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21073 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21072 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21071 (Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21070 (Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncont ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21069 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21068 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21067 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path t ...)
+ NOT-FOR-US: Magento
+CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21061 (Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.00 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21060 (Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.3 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21059 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21058 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21057 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21056 (Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21055 (Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) i ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21054 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21053 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21052 (Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21051 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21050 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21049 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21048 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21047 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21046 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21045 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21040 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21039 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21038 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21037 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21036 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21035 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21034 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21033 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21032 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21031 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21030 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21029 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21028 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21027 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21026 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21025 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21024 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21023 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21022 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21021 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21020 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21019 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21018 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21017 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21016 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21015 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21014 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21013 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21012 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21011 (Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21010 (InCopy version 15.1.1 (and earlier) for Windows is affected by an unco ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21009 (Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and ear ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21008 (Adobe Animate version 21.0 (and earlier) is affected by an uncontrolle ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21007 (Adobe Illustrator version 25.0 (and earlier) is affected by an uncontr ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21006 (Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffe ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21005 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products
+CVE-2021-21004 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products
+CVE-2021-21003 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products
+CVE-2021-21002 (In Phoenix Contact FL COMSERVER UNI in versions &lt; 2.40 a invalid Mo ...)
+ NOT-FOR-US: Phoenix Contact FL COMSERVER UNI
+CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with special cra ...)
+ NOT-FOR-US: WAGO
+CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with special cra ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20999 (In Weidm&#252;ller u-controls and IoT-Gateways in versions up to 1.12. ...)
+ NOT-FOR-US: Weidmueller u-controls and IoT Gateways
+CVE-2021-20998 (In multiple managed switches by WAGO in different versions without aut ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20997 (In multiple managed switches by WAGO in different versions it is possi ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20996 (In multiple managed switches by WAGO in different versions special cra ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20995 (In multiple managed switches by WAGO in different versions the webserv ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20994 (In multiple managed switches by WAGO in different versions an attacker ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20993 (In multiple managed switches by WAGO in different versions the activat ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20992 (In Fibaro Home Center 2 and Lite devices in all versions provide a web ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20991 (In Fibaro Home Center 2 and Lite devices with firmware version 4.540 a ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20990 (In Fibaro Home Center 2 and Lite devices with firmware version 4.600 a ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20989 (Fibaro Home Center 2 and Lite devices with firmware version 4.600 and ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20988 (In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet ...)
+ NOT-FOR-US: Hilscher rcX RTOS
+CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...)
+ NOT-FOR-US: Hilscher EtherNet/IP Core
+CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...)
+ NOT-FOR-US: Hilscher
+CVE-2021-20985
+ RESERVED
+CVE-2021-20984
+ RESERVED
+CVE-2021-20983
+ RESERVED
+CVE-2021-20982
+ RESERVED
+CVE-2021-20981
+ RESERVED
+CVE-2021-20980
+ RESERVED
+CVE-2021-20979
+ RESERVED
+CVE-2021-20978
+ RESERVED
+CVE-2021-20977
+ RESERVED
+CVE-2021-20976
+ RESERVED
+CVE-2021-20975
+ RESERVED
+CVE-2021-20974
+ RESERVED
+CVE-2021-20973
+ RESERVED
+CVE-2021-20972
+ RESERVED
+CVE-2021-20971
+ RESERVED
+CVE-2021-20970
+ RESERVED
+CVE-2021-20969
+ RESERVED
+CVE-2021-20968
+ RESERVED
+CVE-2021-20967
+ RESERVED
+CVE-2021-20966
+ RESERVED
+CVE-2021-20965
+ RESERVED
+CVE-2021-20964
+ RESERVED
+CVE-2021-20963
+ RESERVED
+CVE-2021-20962
+ RESERVED
+CVE-2021-20961
+ RESERVED
+CVE-2021-20960
+ RESERVED
+CVE-2021-20959
+ RESERVED
+CVE-2021-20958
+ RESERVED
+CVE-2021-20957
+ RESERVED
+CVE-2021-20956
+ RESERVED
+CVE-2021-20955
+ RESERVED
+CVE-2021-20954
+ RESERVED
+CVE-2021-20953
+ RESERVED
+CVE-2021-20952
+ RESERVED
+CVE-2021-20951
+ RESERVED
+CVE-2021-20950
+ RESERVED
+CVE-2021-20949
+ RESERVED
+CVE-2021-20948
+ RESERVED
+CVE-2021-20947
+ RESERVED
+CVE-2021-20946
+ RESERVED
+CVE-2021-20945
+ RESERVED
+CVE-2021-20944
+ RESERVED
+CVE-2021-20943
+ RESERVED
+CVE-2021-20942
+ RESERVED
+CVE-2021-20941
+ RESERVED
+CVE-2021-20940
+ RESERVED
+CVE-2021-20939
+ RESERVED
+CVE-2021-20938
+ RESERVED
+CVE-2021-20937
+ RESERVED
+CVE-2021-20936
+ RESERVED
+CVE-2021-20935
+ RESERVED
+CVE-2021-20934
+ RESERVED
+CVE-2021-20933
+ RESERVED
+CVE-2021-20932
+ RESERVED
+CVE-2021-20931
+ RESERVED
+CVE-2021-20930
+ RESERVED
+CVE-2021-20929
+ RESERVED
+CVE-2021-20928
+ RESERVED
+CVE-2021-20927
+ RESERVED
+CVE-2021-20926
+ RESERVED
+CVE-2021-20925
+ RESERVED
+CVE-2021-20924
+ RESERVED
+CVE-2021-20923
+ RESERVED
+CVE-2021-20922
+ RESERVED
+CVE-2021-20921
+ RESERVED
+CVE-2021-20920
+ RESERVED
+CVE-2021-20919
+ RESERVED
+CVE-2021-20918
+ RESERVED
+CVE-2021-20917
+ RESERVED
+CVE-2021-20916
+ RESERVED
+CVE-2021-20915
+ RESERVED
+CVE-2021-20914
+ RESERVED
+CVE-2021-20913
+ RESERVED
+CVE-2021-20912
+ RESERVED
+CVE-2021-20911
+ RESERVED
+CVE-2021-20910
+ RESERVED
+CVE-2021-20909
+ RESERVED
+CVE-2021-20908
+ RESERVED
+CVE-2021-20907
+ RESERVED
+CVE-2021-20906
+ RESERVED
+CVE-2021-20905
+ RESERVED
+CVE-2021-20904
+ RESERVED
+CVE-2021-20903
+ RESERVED
+CVE-2021-20902
+ RESERVED
+CVE-2021-20901
+ RESERVED
+CVE-2021-20900
+ RESERVED
+CVE-2021-20899
+ RESERVED
+CVE-2021-20898
+ RESERVED
+CVE-2021-20897
+ RESERVED
+CVE-2021-20896
+ RESERVED
+CVE-2021-20895
+ RESERVED
+CVE-2021-20894
+ RESERVED
+CVE-2021-20893
+ RESERVED
+CVE-2021-20892
+ RESERVED
+CVE-2021-20891
+ RESERVED
+CVE-2021-20890
+ RESERVED
+CVE-2021-20889
+ RESERVED
+CVE-2021-20888
+ RESERVED
+CVE-2021-20887
+ RESERVED
+CVE-2021-20886
+ RESERVED
+CVE-2021-20885
+ RESERVED
+CVE-2021-20884
+ RESERVED
+CVE-2021-20883
+ RESERVED
+CVE-2021-20882
+ RESERVED
+CVE-2021-20881
+ RESERVED
+CVE-2021-20880
+ RESERVED
+CVE-2021-20879
+ RESERVED
+CVE-2021-20878
+ RESERVED
+CVE-2021-20877 (Cross-site scripting vulnerability in Canon laser printers and small o ...)
+ NOT-FOR-US: Canon printer firmware
+CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20873 (Yappli is an application development platform which provides the funct ...)
+ NOT-FOR-US: Yappli
+CVE-2021-20872 (Protection mechanism failure vulnerability in KONICA MINOLTA bizhub se ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20871 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20870 (Improper handling of exceptional conditions vulnerability in KONICA MI ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20869 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20868 (Incorrect authorization vulnerability in KONICA MINOLTA bizhub series ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20865 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20862 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmwa ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and Operati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...)
+ NOT-FOR-US: PowerCMS
+CVE-2021-20849
+ RESERVED
+CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...)
+ NOT-FOR-US: rwtxt
+CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G ...)
+ NOT-FOR-US: Wi-Fi STATION SH-52A
+CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...)
+ NOT-FOR-US: Unlimited Sitemap Generator
+CVE-2021-20844 (Improper neutralization of HTTP request headers for scripting syntax v ...)
+ NOT-FOR-US: RTX830
+CVE-2021-20843 (Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev ...)
+ NOT-FOR-US: RTX830
+CVE-2021-20842 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2. ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20841 (Improper access control in Management screen of EC-CUBE 2 series 2.11. ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20840 (Cross-site scripting vulnerability in Booking Package - Appointment Bo ...)
+ NOT-FOR-US: Booking Package - Appointment Booking Calendar System
+CVE-2021-20839 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...)
+ NOT-FOR-US: Office Server Document Converter
+CVE-2021-20838 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...)
+ NOT-FOR-US: Office Server Document Converter
+CVE-2021-20837 (Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Typ ...)
+ - movabletype-opensource <removed>
+CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...)
+ NOT-FOR-US: CX-Supervisor
+CVE-2021-20835 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App'
+CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Nike App
+CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...)
+ NOT-FOR-US: SNKRDUNK Market Place App
+CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...)
+ NOT-FOR-US: InBody App
+CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...)
+ NOT-FOR-US: OG Tags (WordPress plugin)
+CVE-2021-20830
+ RESERVED
+CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
+ NOT-FOR-US: EC-CUBE plugin
+CVE-2021-20827 (Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Serie ...)
+ NOT-FOR-US: IDEC
+CVE-2021-20826 (Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A ...)
+ NOT-FOR-US: IDEC
+CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...)
+ NOT-FOR-US: EC-CUBE plugin
+CVE-2021-20824
+ RESERVED
+CVE-2021-20823
+ RESERVED
+CVE-2021-20822
+ RESERVED
+CVE-2021-20821
+ RESERVED
+CVE-2021-20820
+ RESERVED
+CVE-2021-20819
+ RESERVED
+CVE-2021-20818
+ RESERVED
+CVE-2021-20817
+ RESERVED
+CVE-2021-20816
+ RESERVED
+CVE-2021-20815 (Cross-site scripting vulnerability in Edit Boilerplate screen of Movab ...)
+ - movabletype-opensource <removed>
+CVE-2021-20814 (Cross-site scripting vulnerability in Setting screen of ContentType In ...)
+ - movabletype-opensource <removed>
+CVE-2021-20813 (Cross-site scripting vulnerability in Edit screen of Content Data of M ...)
+ - movabletype-opensource <removed>
+CVE-2021-20812 (Cross-site scripting vulnerability in Setting screen of Server Sync of ...)
+ - movabletype-opensource <removed>
+CVE-2021-20811 (Cross-site scripting vulnerability in List of Assets screen of Movable ...)
+ - movabletype-opensource <removed>
+CVE-2021-20810 (Cross-site scripting vulnerability in Website Management screen of Mov ...)
+ - movabletype-opensource <removed>
+CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, Page, a ...)
+ - movabletype-opensource <removed>
+CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...)
+ - movabletype-opensource <removed>
+CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20794
+ RESERVED
+CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...)
+ NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP Music Transfer
+CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...)
+ NOT-FOR-US: RevoWorks Browser
+CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...)
+ NOT-FOR-US: RevoWorks Browser
+CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20787 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20786 (Cross-site request forgery (CSRF) vulnerability in GroupSession (Group ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20785 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions except ...)
+ NOT-FOR-US: Everything
+CVE-2021-20783 (Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-W ...)
+ NOT-FOR-US: Optical BB unit E-WMTA2.3
+CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Cu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20779 (Cross-site request forgery (CSRF) vulnerability in WordPress Email Tem ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 seri ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20777 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: GU App for Android
+CVE-2021-20776 (Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR ...)
+ NOT-FOR-US: SCT-40CM01SR and AT-40CM01SR
+CVE-2021-20775 (Improper input validation vulnerability in Bulletin of Cybozu Garoon 4 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20774 (Cross-site scripting vulnerability in some functions of E-mail of Cybo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20769 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20768 (Operational restrictions bypass vulnerability in Scheduler and MultiRe ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20767 (Cross-site scripting vulnerability in Full Text Search of Cybozu Garoo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20766 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 t ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20765 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20764 (Improper input validation vulnerability in Attaching Files of Cybozu G ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20763 (Operational restrictions bypass vulnerability in Portal of Cybozu Garo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20762 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20761 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20760 (Improper input validation vulnerability in User Profile of Cybozu Garo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20759 (Operational restrictions bypass vulnerability in Bulletin of Cybozu Ga ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20758 (Cross-site request forgery (CSRF) vulnerability in Message of Cybozu G ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20757 (Operational restrictions bypass vulnerability in E-mail of Cybozu Garo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20756 (Viewing restrictions bypass vulnerability in Address of Cybozu Garoon ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20755 (Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20754 (Improper input validation vulnerability in Workflow of Cybozu Garoon 4 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20753 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...)
+ NOT-FOR-US: IkaIka RSS Reader
+CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and ear ...)
+ NOT-FOR-US: Fudousan plugin
+CVE-2021-20748 (Retty App for Android versions prior to 4.8.13 and Retty App for iOS v ...)
+ NOT-FOR-US: Retty
+CVE-2021-20747 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Retty App
+CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20745 (Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitra ...)
+ NOT-FOR-US: Inkdrop
+CVE-2021-20744 (Cross-site scripting vulnerability in EC-CUBE Category contents plugin ...)
+ NOT-FOR-US: EC-CUBE Category contents plugin
+CVE-2021-20743 (Cross-site scripting vulnerability in EC-CUBE Email newsletters manage ...)
+ NOT-FOR-US: EC-CUBE Email newsletters management plugin
+CVE-2021-20742 (Cross-site scripting vulnerability in EC-CUBE Business form output plu ...)
+ NOT-FOR-US: EC-CUBE Business form output plugin
+CVE-2021-20741 (Cross-site scripting vulnerability in Hitachi Application Server Help ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-20740 (Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-20739 (WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, ...)
+ NOT-FOR-US: Elecom
+CVE-2021-20738 (WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unau ...)
+ NOT-FOR-US: Elecom
+CVE-2021-20737 (Improper authentication vulnerability in GROWI versions prior to v4.2. ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20736 (NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allow ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20735 (Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery ...)
+ NOT-FOR-US: ETUNA EC-CUBE plugins
+CVE-2021-20734 (Cross-site scripting vulnerability in Welcart e-Commerce versions prio ...)
+ NOT-FOR-US: Welcart e-Commerce
+CVE-2021-20733 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Some Android app
+CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...)
+ NOT-FOR-US: ATOM (ATOM - Smart life App)
+CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...)
+ NOT-FOR-US: WSR-1166DHP3 firmware
+CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...)
+ NOT-FOR-US: WSR-1166DHP3 firmware
+CVE-2021-20729
+ RESERVED
+CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...)
+ NOT-FOR-US: goo blog App
+CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
+ NOT-FOR-US: Zettlr
+CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
+ NOT-FOR-US: Overwolf
+CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...)
+ NOT-FOR-US: Calendar01
+CVE-2021-20724 (Reflected cross-site scripting vulnerability in the admin page of [Tel ...)
+ NOT-FOR-US: Telop01
+CVE-2021-20723 (Reflected cross-site scripting vulnerability in [MailForm01] free edit ...)
+ NOT-FOR-US: MailForm01
+CVE-2021-20722 (Untrusted search path vulnerability in the installers of ScanSnap Mana ...)
+ NOT-FOR-US: ScanSnap Manager
+CVE-2021-20721 (KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload a ...)
+ NOT-FOR-US: KonaWiki2
+CVE-2021-20720 (SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 a ...)
+ NOT-FOR-US: KonaWiki2
+CVE-2021-20719 (RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 ...)
+ NOT-FOR-US: RFNTPS firmware
+CVE-2021-20718 (mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a de ...)
+ - libapache2-mod-auth-openidc 2.4.4.1-2 (bug #989055)
+ [buster] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later)
+ [stretch] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120
+CVE-2021-20717 (Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices (BHR-4RV firm ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...)
+ NOT-FOR-US: Hot Pepper Gourmet App
+CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...)
+ NOT-FOR-US: WP fastest cache
+CVE-2021-20713 (Privilege escalation vulnerability in QND Advance/Premium/Standard Ver ...)
+ NOT-FOR-US: QND Advance/Premium/Standard
+CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS firmware V ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20711 (Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to exe ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20710 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20709 (Improper validation of integrity check value vulnerability in NEC Ater ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20707 (Improper input validation vulnerability in the Transaction Server CLUS ...)
+ NOT-FOR-US: Nec
+CVE-2021-20706 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+ NOT-FOR-US: Nec
+CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+ NOT-FOR-US: Nec
+CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
+ NOT-FOR-US: Nec
+CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
+ NOT-FOR-US: Nec
+CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
+ NOT-FOR-US: Nec
+CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
+ NOT-FOR-US: Nec
+CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
+ NOT-FOR-US: Nec
+CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
+ NOT-FOR-US: SHARP
+CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
+ NOT-FOR-US: SHARP
+CVE-2021-20697 (Missing authentication for critical function in DAP-1880AC firmware ve ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20696 (DAP-1880AC firmware version 1.21 and earlier allows a remote authentic ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20695 (Improper following of a certificate's chain of trust vulnerability in ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20694 (Improper access control vulnerability in DAP-1880AC firmware version 1 ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20693 (Improper access control vulnerability in Gurunavi App for Android ver. ...)
+ NOT-FOR-US: Gurunavi App for Android and iOS
+CVE-2021-20692 (Directory traversal vulnerability in Archive collectively operation ut ...)
+ NOT-FOR-US: Enkisoft
+CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
+ NOT-FOR-US: Yomi-Search
+CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
+ NOT-FOR-US: Yomi-Search
+CVE-2021-20689 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
+ NOT-FOR-US: Yomi-Search
+CVE-2021-20688 (Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remo ...)
+ NOT-FOR-US: Click Ranker
+CVE-2021-20687 (Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allow ...)
+ NOT-FOR-US: Kagemai
+CVE-2021-20686 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...)
+ NOT-FOR-US: Kagemai
+CVE-2021-20685 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...)
+ NOT-FOR-US: Kagemai
+CVE-2021-20684 (Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remot ...)
+ NOT-FOR-US: MagazinegerZ
+CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-20680 (Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900H ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...)
+ NOT-FOR-US: Fuji
+CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...)
+ NOT-FOR-US: Paid Memberships Pro
+CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...)
+ NOT-FOR-US: UNIVERGE
+CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
+ NOT-FOR-US: M-System
+CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
+ NOT-FOR-US: M-System
+CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...)
+ NOT-FOR-US: MagicConnect client
+CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20671 (Invalid file validation on the upload feature in GROWI versions v4.2.2 ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20670 (Improper access control vulnerability in GROWI versions v4.2.2 and ear ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20669 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20668 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20667 (Stored cross-site scripting vulnerability due to inadequate CSP (Conte ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20666
+ RESERVED
+CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents ...)
+ - movabletype-opensource <removed>
+CVE-2021-20664 (Cross-site scripting vulnerability in in Asset registration screen of ...)
+ - movabletype-opensource <removed>
+CVE-2021-20663 (Cross-site scripting vulnerability in in Role authority setting screen ...)
+ - movabletype-opensource <removed>
+CVE-2021-20662 (Missing authentication for critical function in SolarView Compact SV-C ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20661 (Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 pr ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20660 (Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 p ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20659 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticate ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20658 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20657 (Improper access control vulnerability in SolarView Compact SV-CPT-MC31 ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20656 (Exposure of information through directory listing in SolarView Compact ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20655 (FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attack ...)
+ NOT-FOR-US: FileZen
+CVE-2021-20654 (Wekan, open source kanban board system, between version 3.12 and 4.11, ...)
+ NOT-FOR-US: Wekan
+CVE-2021-20653 (Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, ...)
+ NOT-FOR-US: Calsos CSDJ
+CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...)
+ NOT-FOR-US: Name Directory
+CVE-2021-20651 (Directory traversal vulnerability in ELECOM File Manager all versions ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20650 (Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RM ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20649 (ELECOM WRC-300FEBK-S contains an improper certificate validation vulne ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20648 (ELECOM WRC-300FEBK-S allows an attacker with administrator rights to e ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20647 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20646 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20645 (Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remo ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20644 (ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the u ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20643 (Improper access control vulnerability in ELECOM LD-PS/U1 allows remote ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20642 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20641 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/R ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20640 (Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an atta ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20639 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20638 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20637 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20636 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/P ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20635 (Improper restriction of excessive authentication attempts in LOGITEC L ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu Office 1 ...)
+ NOT-FOR-US: Custom App of Cybozu Office
+CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu Office 10.0 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20631 (Improper input validation vulnerability in Custom App of Cybozu Office ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20630 (Improper access control vulnerability in Phone Messages of Cybozu Offi ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 t ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu Office 10. ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu Office 10 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...)
+ NOT-FOR-US: Video Insight VMS
+CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
+ NOT-FOR-US: Aterm WG2600HP firmware
+CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...)
+ NOT-FOR-US: Aterm WG2600HP firmware
+CVE-2021-20620 (Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 ...)
+ NOT-FOR-US: Aterm WF800HP firmware
+CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...)
+ NOT-FOR-US: acmailer
+CVE-2021-20617 (Improper access control vulnerability in acmailer ver. 4.0.1 and earli ...)
+ NOT-FOR-US: acmailer
+CVE-2021-20616 (Untrusted search path vulnerability in the installer of SKYSEA Client ...)
+ NOT-FOR-US: SKYSEA Client View
+CVE-2021-20615
+ RESERVED
+CVE-2021-20614
+ RESERVED
+CVE-2021-20613 (Improper initialization vulnerability in MELSEC-F series FX3U-ENET Fir ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20612 (Lack of administrator control over security vulnerability in MELSEC-F ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versi ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20603 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT2000 s ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 model a ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20594 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20592 (Missing synchronization vulnerability in GOT2000 series GT27 model com ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model VNC ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive information ...)
+ NOT-FOR-US: IBM
+CVE-2021-20584 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...)
+ NOT-FOR-US: IBM
+CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in ...)
+ NOT-FOR-US: IBM
+CVE-2021-20581
+ RESERVED
+CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site request f ...)
+ NOT-FOR-US: IBM
+CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20578 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker to send ...)
+ NOT-FOR-US: IBM
+CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored locally ...)
+ NOT-FOR-US: IBM
+CVE-2021-20574 (IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2021-20573 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20572 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20571 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2021-20570
+ RESERVED
+CVE-2021-20569 (IBM Security Secret Server up to 11.0 could allow an attacker to enume ...)
+ NOT-FOR-US: IBM
+CVE-2021-20568
+ RESERVED
+CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-20566 (IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algor ...)
+ NOT-FOR-US: IBM
+CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...)
+ NOT-FOR-US: IBM
+CVE-2021-20561 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20560 (IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 ...)
+ NOT-FOR-US: IBM
+CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scrip ...)
+ NOT-FOR-US: IBM
+CVE-2021-20558
+ RESERVED
+CVE-2021-20557 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20556
+ RESERVED
+CVE-2021-20555
+ RESERVED
+CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cros ...)
+ NOT-FOR-US: IBM
+CVE-2021-20553
+ RESERVED
+CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20551
+ RESERVED
+CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20548
+ RESERVED
+CVE-2021-20547
+ RESERVED
+CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20545
+ RESERVED
+CVE-2021-20544
+ RESERVED
+CVE-2021-20543
+ RESERVED
+CVE-2021-20542
+ RESERVED
+CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20540 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20539 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20537 (IBM Security Verify Access Docker 10.0.0 contains hard-coded credentia ...)
+ NOT-FOR-US: IBM
+CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores ...)
+ NOT-FOR-US: IBM
+CVE-2021-20535 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2021-20534 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20533 (IBM Security Verify Access Docker 10.0.0 could allow a remote authenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20532 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a loc ...)
+ NOT-FOR-US: IBM
+CVE-2021-20531
+ RESERVED
+CVE-2021-20530
+ RESERVED
+CVE-2021-20529 (IBM Control Center 6.2.0.0 could allow a user to obtain sensitive vers ...)
+ NOT-FOR-US: IBM
+CVE-2021-20528 (IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20527 (IBM Resilient SOAR V38.0 could allow a privileged user to create creat ...)
+ NOT-FOR-US: IBM
+CVE-2021-20526 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-20525
+ RESERVED
+CVE-2021-20524 (IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
+CVE-2021-20523 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20522
+ RESERVED
+CVE-2021-20521
+ RESERVED
+CVE-2021-20520 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20519 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2021-20518 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20517 (IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could ...)
+ NOT-FOR-US: IBM
+CVE-2021-20516
+ RESERVED
+CVE-2021-20515 (IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffe ...)
+ NOT-FOR-US: IBM
+CVE-2021-20514
+ RESERVED
+CVE-2021-20513
+ RESERVED
+CVE-2021-20512
+ RESERVED
+CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...)
+ NOT-FOR-US: IBM
+CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-20508 (IBM Security Secret Server up to 11.0 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20505 (The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20504 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External Entity ...)
+ NOT-FOR-US: IBM
+CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send em ...)
+ NOT-FOR-US: IBM
+CVE-2021-20500 (IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive ...)
+ NOT-FOR-US: IBM
+CVE-2021-20499 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20498 (IBM Security Verify Access Docker 10.0.0 reveals version information i ...)
+ NOT-FOR-US: IBM
+CVE-2021-20497 (IBM Security Verify Access Docker 10.0.0 uses weaker than expected cry ...)
+ NOT-FOR-US: IBM
+CVE-2021-20496 (IBM Security Verify Access Docker 10.0.0 could allow an authenticated ...)
+ NOT-FOR-US: IBM
+CVE-2021-20495
+ RESERVED
+CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20493 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...)
+ NOT-FOR-US: IBM
+CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based bu ...)
+ NOT-FOR-US: IBM
+CVE-2021-20490 (IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20489 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20488 (IBM Security Identity Manager 6.0.2 could allow an authenticated malic ...)
+ NOT-FOR-US: IBM
+CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...)
+ NOT-FOR-US: IBM
+CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...)
+ NOT-FOR-US: IBM
+CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...)
+ NOT-FOR-US: IBM
+CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20481 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...)
+ NOT-FOR-US: IBM
+CVE-2021-20479
+ RESERVED
+CVE-2021-20478 (IBM Cloud Pak System 2.3 could allow a local user in some situations t ...)
+ NOT-FOR-US: IBM
+CVE-2021-20477 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20476
+ RESERVED
+CVE-2021-20475
+ RESERVED
+CVE-2021-20474 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perfor ...)
+ NOT-FOR-US: IBM
+CVE-2021-20473 (IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does ...)
+ NOT-FOR-US: IBM
+CVE-2021-20472
+ RESERVED
+CVE-2021-20471
+ RESERVED
+CVE-2021-20470 (IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users sho ...)
+ NOT-FOR-US: IBM
+CVE-2021-20469
+ RESERVED
+CVE-2021-20468
+ RESERVED
+CVE-2021-20467
+ RESERVED
+CVE-2021-20466
+ RESERVED
+CVE-2021-20465
+ RESERVED
+CVE-2021-20464
+ RESERVED
+CVE-2021-20463
+ RESERVED
+CVE-2021-20462
+ RESERVED
+CVE-2021-20461 (IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the ...)
+ NOT-FOR-US: IBM
+CVE-2021-20460
+ RESERVED
+CVE-2021-20459
+ RESERVED
+CVE-2021-20458
+ RESERVED
+CVE-2021-20457
+ RESERVED
+CVE-2021-20456
+ RESERVED
+CVE-2021-20455
+ RESERVED
+CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20452
+ RESERVED
+CVE-2021-20451
+ RESERVED
+CVE-2021-20450
+ RESERVED
+CVE-2021-20449
+ RESERVED
+CVE-2021-20448 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20447 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2021-20445 (IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain ...)
+ NOT-FOR-US: IBM
+CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...)
+ NOT-FOR-US: IBM
+CVE-2021-20442 (IBM Security Verify Bridge contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptographic alg ...)
+ NOT-FOR-US: IBM
+CVE-2021-20440 (IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not ...)
+ NOT-FOR-US: IBM
+CVE-2021-20439 (IBM Security Access Manager 9.0 and IBM Security Verify Access Docker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20438
+ RESERVED
+CVE-2021-20437
+ RESERVED
+CVE-2021-20436
+ RESERVED
+CVE-2021-20435 (IBM Security Verify Bridge 1.0.5.0 does not properly validate a certif ...)
+ NOT-FOR-US: IBM
+CVE-2021-20434 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...)
+ NOT-FOR-US: IBM
+CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...)
+ NOT-FOR-US: IBM
+CVE-2021-20431 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not inv ...)
+ NOT-FOR-US: IBM
+CVE-2021-20430 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose ...)
+ NOT-FOR-US: IBM
+CVE-2021-20428 (IBM Security Guardium 11.2 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-20427 (IBM Security Guardium 11.2 uses an inadequate account lockout setting ...)
+ NOT-FOR-US: IBM
+CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20425
+ RESERVED
+CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated user g ...)
+ NOT-FOR-US: IBM
+CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...)
+ NOT-FOR-US: IBM
+CVE-2021-20421
+ RESERVED
+CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive information due to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...)
+ NOT-FOR-US: IBM
+CVE-2021-20418 (IBM Security Guardium 11.2 does not require that users should have str ...)
+ NOT-FOR-US: IBM
+CVE-2021-20417 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...)
+ NOT-FOR-US: IBM
+CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a r ...)
+ NOT-FOR-US: IBM
+CVE-2021-20415 (IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account ...)
+ NOT-FOR-US: IBM
+CVE-2021-20414 (IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce ...)
+ NOT-FOR-US: IBM
+CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...)
+ NOT-FOR-US: IBM
+CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...)
+ NOT-FOR-US: IBM
+CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20410 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user crede ...)
+ NOT-FOR-US: IBM
+CVE-2021-20409 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...)
+ NOT-FOR-US: IBM
+CVE-2021-20408 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose h ...)
+ NOT-FOR-US: IBM
+CVE-2021-20407 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensit ...)
+ NOT-FOR-US: IBM
+CVE-2021-20406 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...)
+ NOT-FOR-US: IBM
+CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20400 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
+ NOT-FOR-US: IBM
+CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...)
+ NOT-FOR-US: IBM
+CVE-2021-20398
+ RESERVED
+CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2021-20396 (IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM ...)
+ NOT-FOR-US: IBM
+CVE-2021-20395
+ RESERVED
+CVE-2021-20394
+ RESERVED
+CVE-2021-20393 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a r ...)
+ NOT-FOR-US: IBM
+CVE-2021-20392 (IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable t ...)
+ NOT-FOR-US: IBM
+CVE-2021-20391 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web page ...)
+ NOT-FOR-US: IBM
+CVE-2021-20390
+ RESERVED
+CVE-2021-20389 (IBM Security Guardium 11.2 stores user credentials in plain clear text ...)
+ NOT-FOR-US: IBM
+CVE-2021-20388
+ RESERVED
+CVE-2021-20387
+ RESERVED
+CVE-2021-20386 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20385 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20384
+ RESERVED
+CVE-2021-20383
+ RESERVED
+CVE-2021-20382
+ RESERVED
+CVE-2021-20381
+ RESERVED
+CVE-2021-20380 (IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRad ...)
+ NOT-FOR-US: IBM
+CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker tha ...)
+ NOT-FOR-US: IBM
+CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invali ...)
+ NOT-FOR-US: IBM
+CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-20376 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ NOT-FOR-US: IBM
+CVE-2021-20375 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ NOT-FOR-US: IBM
+CVE-2021-20374 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
+ NOT-FOR-US: IBM
+CVE-2021-20373 (IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Inform ...)
+ NOT-FOR-US: IBM
+CVE-2021-20372 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20370
+ RESERVED
+CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20367
+ RESERVED
+CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...)
+ NOT-FOR-US: IBM
+CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...)
+ NOT-FOR-US: IBM
+CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20356
+ RESERVED
+CVE-2021-20355
+ RESERVED
+CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-20352 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-bas ...)
+ NOT-FOR-US: IBM
+CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20346 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20345 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20344
+ RESERVED
+CVE-2021-20343 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20342
+ RESERVED
+CVE-2021-20341 (IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20339
+ RESERVED
+CVE-2021-20338 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20337 (IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weak ...)
+ NOT-FOR-US: IBM
+CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-20335 (For MongoDB Ops Manager &lt;= 4.2.24 with multiple OM application serv ...)
+ NOT-FOR-US: MongoDB Ops Manager
+CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...)
+ NOT-FOR-US: MongoDB Compass
+CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may result in a ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-50605
+CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials used by ...)
+ NOT-FOR-US: MongoDB rust driver
+CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
+ NOT-FOR-US: MongoDB C# Driver
+CVE-2021-20330 (An attacker with basic CRUD permissions on a replicated collection can ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-36263
+CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...)
+ NOT-FOR-US: mongo-driver
+ NOTE: https://jira.mongodb.org/browse/GODRIVER-1923
+ NOTE: https://github.com/mongodb/mongo-go-driver/pull/622
+ NOTE: https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118 (v1.5.1)
+CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
+ - mongo-java-driver <not-affected> (Vulnerable code introduce later)
+ NOTE: https://jira.mongodb.org/browse/JAVA-4017
+ NOTE: Fixed by: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
+CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
+ NOT-FOR-US: Node mongodb-client-encryption
+CVE-2021-20326 (A user authorized to performing a specific type of find query may trig ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-53929
+CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
+ - apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
+CVE-2021-20324
+ RESERVED
+ NOT-FOR-US: WildFly Elytron
+CVE-2021-20323
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
+ {DLA-2843-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
+CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...)
+ {DLA-2843-1}
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
+CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...)
+ - linux 5.14.9-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <ignored> (s390x not supported in LTS)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010090
+CVE-2021-20319
+ RESERVED
+ NOT-FOR-US: coreos-installer
+CVE-2021-20318 (The HornetQ component of Artemis in EAP 7 was not updated with the fix ...)
+ NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
+CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...)
+ {DLA-2843-1}
+ - linux 5.4.6-1
+ NOTE: https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1)
+CVE-2021-20316
+ RESERVED
+ - samba <unfixed> (bug #1004690)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842
+CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...)
+ - gnome-shell <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285
+ TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
+CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when processing ...)
+ {DSA-4955-1 DLA-2739-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ NOTE: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/11/6
+CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A potential ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <no-dsa> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
+ NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
+CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
+CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...)
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
+CVE-2021-20310 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...)
+ - imagemagick <not-affected> (Specific to IM7)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3295
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5
+CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and before 6 ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
+CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...)
+ {DLA-2700-1}
+ - htmldoc 1.9.11-3 (unimportant; bug #984765)
+ [buster] - htmldoc 1.9.3-1+deb10u1
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...)
+ {DLA-2624-1}
+ - libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
+ [buster] - libpano13 2.9.19+dfsg-3+deb10u1
+ NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/
+CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any ...)
+ NOT-FOR-US: Red Hat Business Central
+CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...)
+ {DSA-4933-1 DLA-2760-1}
+ - nettle 3.7.2-1 (bug #985652)
+ NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
+ NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
+ NOTE: Use ecc_mod_mul_canonical for point comparison:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5
+ NOTE: Fix bug in ecc_ecdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2
+ NOTE: Ensure ecdsa_sign output is canonically reduced:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce
+ NOTE: Analogous fix to ecc_gostdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14
+ NOTE: Similar fix for eddsa:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b
+ NOTE: Fix canonical reduction in gostdsa_vko:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
+CVE-2021-20304 [Undefined-shift in Imf_2_5::hufDecode]
+ RESERVED
+ - openexr 2.5.4-1 (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/849
+ NOTE: Negligible security impact
+CVE-2021-20303 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/831
+CVE-2021-20302 [Floating-point-exception in Imf_2_5::precalculateTileInfot]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ [buster] - openexr <ignored> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/842
+CVE-2021-20301
+ RESERVED
+CVE-2021-20300 [Integer-overflow in Imf_2_5::hufUncompress]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0 (master)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5.x)
+CVE-2021-20299 [Null-dereference READ in Imf_2_5::Header::operator]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/840
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f
+CVE-2021-20298 [Out-of-memory in B44Compressor]
+ RESERVED
+ - openexr 2.5.4-1
+ [buster] - openexr <ignored> (Minor issue)
+ [stretch] - openexr <postponed> (Minor issue, OOM, revisit when there's a full fix upstream)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97 (master) (partial fix)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5.x) (partial fix)
+CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Setting ...)
+ - network-manager 1.30.0-2 (bug #986809)
+ [buster] - network-manager <not-affected> (Vulnerable code introduced later)
+ [stretch] - network-manager <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942741 (not yet public)
+ NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
+CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
+CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3]
+ RESERVED
+ - qemu <not-affected> (RHEL 8.3 specific security regression)
+CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is ...)
+ - binutils 2.35.2-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=372dd157272e0674d13372655cc60eaca9c06926
+ NOTE: binutils not covered by security support
+CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...)
+ - resteasy <undetermined>
+ - resteasy3.0 <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819
+CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions before 5.9 in ...)
+ {DLA-2689-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686
+ NOTE: https://git.kernel.org/linus/5de5b6ecf97a021f29403aa272cb4e03318ef586
+CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/storage' ...)
+ [experimental] - golang-github-containers-storage 1.29.0+ds1-1
+ - golang-github-containers-storage 1.34.1+ds1-1 (bug #988942)
+ NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
+ NOTE: golang-github-containers-buildah uses golang-github-containers-storage compression support.
+ NOTE: docker.io already uses the same library as the fix for golang-github-containers-storage.
+CVE-2021-20290
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20288 (An authentication flaw was found in ceph in versions before 14.2.20. W ...)
+ - ceph 14.2.20-1 (bug #986974)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/2
+ NOTE: https://github.com/ceph/ceph/commit/059eabcc0ada81078a898cdc25cf72bf3d506ad0
+ NOTE: https://github.com/ceph/ceph/commit/05b3b6a305ddbb56cc53bbeadf5866db4d785f49
+CVE-2021-20287
+ RESERVED
+CVE-2021-20286 (A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked ...)
+ - libnbd 1.6.2-1
+ [bullseye] - libnbd <no-dsa> (Minor issue)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/2216190ecbbd853648df6a3280c17b345b0907a0 (v1.6.2)
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 (v1.7.3)
+CVE-2021-20285 (A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ...)
+ - upx-ucl <unfixed> (unimportant)
+ NOTE: https://github.com/upx/upx/issues/421
+ NOTE: https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c
+CVE-2021-20284 (A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...)
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f60742b2a1988d276c77d5c1011143f320d9b4cb
+ NOTE: binutils not covered by security support
+CVE-2021-20283 (The web service responsible for fetching other users' enrolled courses ...)
+ - moodle <removed>
+CVE-2021-20282 (When creating a user account, it was possible to verify the account wi ...)
+ - moodle <removed>
+CVE-2021-20281 (It was possible for some users without permission to view other users' ...)
+ - moodle <removed>
+CVE-2021-20280 (Text-based feedback answers required additional sanitizing to prevent ...)
+ - moodle <removed>
+CVE-2021-20279 (The ID number user profile field required additional sanitizing to pre ...)
+ - moodle <removed>
+CVE-2021-20278 (An authentication bypass vulnerability was found in Kiali in versions ...)
+ NOT-FOR-US: Kiali
+CVE-2021-20277 (A flaw was found in Samba's libldb. Multiple, consecutive leading spac ...)
+ {DSA-4884-1 DLA-2611-1}
+ - ldb 2:2.2.0-3.1 (bug #985935)
+ - samba <unfixed> (unimportant)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14655
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=ea4bd2c437fbb5801fb82e2a038d9cdb5abea4c0
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=1fe8c790b2294fd10fe9c9c6254ecf2b6c00b709
+ NOTE: Samba uses the System ldb library
+CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory access with ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d
+CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of size two ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521
+CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due a NUL ...)
+ - privoxy 3.0.32-1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=85817cc55b9829e6c20db40d3a93b8380618463d
+CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur via a cra ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058
+CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure could ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b
+CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...)
+ - rpm 4.16.1.2+dfsg1-1 (bug #985308)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
+CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...)
+ {DSA-4889-1 DSA-4870-1 DLA-2648-1 DLA-2590-1}
+ - pygments 2.7.1+dfsg-2 (bug #984664)
+ - mediawiki 1:1.35.2-1
+ NOTE: https://github.com/pygments/pygments/issues/1625
+ NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
+CVE-2021-20269 [incorrect permissions on kdump dmesg file]
+ RESERVED
+ - kexec-tools <unfixed> (bug #985105)
+ [bullseye] - kexec-tools <no-dsa> (Minor issue)
+ [buster] - kexec-tools <no-dsa> (Minor issue)
+ [stretch] - kexec-tools <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/11/2
+CVE-2021-20268 (An out-of-bounds access flaw was found in the Linux kernel's implement ...)
+ - linux 5.10.12-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/
+ NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b
+CVE-2021-20267 (A flaw was found in openstack-neutron's default Open vSwitch firewall ...)
+ - neutron 2:17.1.1-5 (bug #985104)
+ [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
+ [stretch] - neutron <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/neutron/+bug/1902917
+ NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
+ NOTE: Followup: https://review.opendev.org/c/openstack/neutron/+/783743
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/12/2
+CVE-2021-20266 (A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...)
+ - rpm 4.16.1.2+dfsg1-1 (bug #985308)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927741
+CVE-2021-20265 (A flaw was found in the way memory resources were freed in the unix_st ...)
+ - linux 4.4.4-1
+ NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3)
+CVE-2021-20264 (An insecure modification flaw in the /etc/passwd file was found in the ...)
+ NOT-FOR-US: Container configuration of some Red Hat products
+CVE-2021-20263 (A flaw was found in the virtio-fs shared file system daemon (virtiofsd ...)
+ - qemu 1:5.2+dfsg-9 (bug #985083)
+ [buster] - qemu <not-affected> (Introduced in 5.2.0)
+ [stretch] - qemu <not-affected> (Introduced in 5.2.0)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933668
+ NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1e08f164e9fdc9528ad6990012301b9a04b0bc90
+CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication does not o ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20261 (A race condition was found in the Linux kernels implementation of the ...)
+ - linux 4.5.1-1
+ NOTE: https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932150
+CVE-2021-20260
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-20259 (A flaw was found in the Foreman project. The Proxmox compute resource ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-20258
+ RESERVED
+CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
+ RESERVED
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-9 (bug #984450)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3de46e6fc489c52c9431a8a832ad8170a7569bd8
+CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...)
+ NOT-FOR-US: Red Hat Satellite
+CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...)
+ {DLA-2623-1}
+ - qemu <unfixed> (bug #984451)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...)
+ {DLA-2668-1}
+ - samba 2:4.13.5+dfsg-2 (bug #987811)
+ [buster] - samba <no-dsa> (Minor issue)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14571
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=75ad84167f5d2379557ec078d17c9a1c244402fc (master)
+CVE-2021-20253 (A flaw was found in ansible-tower. The default installation is vulnera ...)
+ NOT-FOR-US: Ansible Tower
+CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2. The 3sca ...)
+ NOT-FOR-US: Red Hat 3scale API Management
+CVE-2021-20251
+ RESERVED
+CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...)
+ - wildfly <itp> (bug #752018)
+CVE-2021-20249
+ REJECTED
+CVE-2021-20248
+ REJECTED
+CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...)
+ - isync 1.3.0-2.1 (bug #983351)
+ [buster] - isync 1.3.0-2.2~deb10u1
+ [stretch] - isync <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
+CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...)
+ {DLA-2602-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
+CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca
+CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...)
+ {DLA-2602-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02
+CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 (resize.c hunk)
+CVE-2021-20242
+ REJECTED
+CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...)
+ {DLA-2602-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
+CVE-2021-20240 (A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer w ...)
+ - gdk-pixbuf 2.42.2+dfsg-1
+ [buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ [stretch] - gdk-pixbuf <not-affected> (Vulnerable code added later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926787
+ NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
+ NOTE: Vulnerable code introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f (2.39.2)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e (2.42.0)
+CVE-2021-20239 (A flaw was found in the Linux kernel in versions before 5.4.92 in the ...)
+ - linux 5.10.4-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-100/
+ NOTE: https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec
+CVE-2021-20238
+ RESERVED
+ NOT-FOR-US: OpenShift
+CVE-2021-20237 (An uncontrolled resource consumption (memory leak) flaw was found in Z ...)
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ [stretch] - zeromq3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/zeromq/libzmq/pull/3935
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22344
+CVE-2021-20236 (A flaw was found in the ZeroMQ server in versions before 4.3.3. This f ...)
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ [stretch] - zeromq3 <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://github.com/zeromq/libzmq/pull/3959
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488
+CVE-2021-20235 (There's a flaw in the zeromq server in versions before 4.3.3 in src/de ...)
+ {DLA-2588-1}
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/zeromq/libzmq/pull/3902
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984
+CVE-2021-20234 (An uncontrolled resource consumption (memory leak) flaw was found in t ...)
+ {DLA-2588-1}
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/zeromq/libzmq/pull/3918
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123
+CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2021-20232 (A flaw was found in gnutls. A use after free issue in client_send_para ...)
+ - gnutls28 3.7.1-1
+ [buster] - gnutls28 3.6.7-4+deb10u7
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
+ NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151
+CVE-2021-20231 (A flaw was found in gnutls. A use after free issue in client sending k ...)
+ - gnutls28 3.7.1-1
+ [buster] - gnutls28 3.6.7-4+deb10u7
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
+ NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151
+CVE-2021-20230 (A flaw was found in stunnel before 5.57, where it improperly validates ...)
+ - stunnel4 3:5.56+dfsg-8 (bug #982578)
+ [buster] - stunnel4 <no-dsa> (Minor issue)
+ [stretch] - stunnel4 <not-affected> (Re-ordering of redirect/accept/reject checks performed in stunnel 5.41b8)
+ NOTE: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
+ NOTE: Isolated fix only the changes in src/verify.c:
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177580#c2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925226
+CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ...)
+ - postgresql-13 13.2-1
+ NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
+CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...)
+ {DSA-4950-1}
+ - ansible 2.10.7+merged+base+2.10.8+dfsg-1
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
+ NOTE: https://github.com/ansible/ansible/pull/73487
+CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...)
+ - sqlite3 3.34.1-1
+ [buster] - sqlite3 <not-affected> (Introduced in 3.33)
+ [stretch] - sqlite3 <not-affected> (Introduced in 3.33)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1924886
+ NOTE: https://sqlite.org/src/info/30a4c323650cc949
+ NOTE: Patch: https://github.com/sqlite/sqlite/commit/f39168e468af3b1d6b6d37efdcb081eced6724b2
+ NOTE: Introduced in https://github.com/sqlite/sqlite/commit/896366282dae3789fb277c2dad8660784a0895a3
+CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel, where ...)
+ - linux 5.10.4-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/
+CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2021-20224
+ RESERVED
+CVE-2021-20223
+ RESERVED
+CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM Generic ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-4
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a (v6.0.0-rc0)
+CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...)
+ - undertow 2.2.0-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
+ NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e
+CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_char_spec ...)
+ - linux <not-affected> (Red Hat specific issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16
+CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and ...)
+ NOT-FOR-US: fabric8io / kubernetes-client
+CVE-2021-20217 (A flaw was found in Privoxy in versions before 3.0.31. An assertion fa ...)
+ {DLA-2548-1}
+ - privoxy 3.0.31-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31)
+CVE-2021-20216 (A flaw was found in Privoxy in versions before 3.0.31. A memory leak t ...)
+ {DLA-2548-1}
+ - privoxy 3.0.31-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31)
+CVE-2021-20215 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0f693e94ec8b3a64d1d91e8fb7e8e66 (3.0.29)
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3e2dbd7722ddc45e9ed912f02a2136 (3.0.29)
+CVE-2021-20214 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ [stretch] - privoxy <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a57197717758e225ad6e11cbaab1d6c (3.0.29)
+CVE-2021-20213 (A flaw was found in Privoxy in versions before 3.0.29. Dereference of ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=75301323495579ff27bdaaea67e31e2df83475fc (3.0.29)
+CVE-2021-20212 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak if ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8feecc82eb161450faa572abf9be19cbb (3.0.29)
+CVE-2021-20211 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak whe ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf325bc957df6226c745b7ac3f67a97ea07 (3.0.29)
+CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak in ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a9cc5434d3e0e54dd620df1e70c873 (3.0.29)
+CVE-2021-20209 (A memory leak vulnerability was found in Privoxy before 3.0.29 in the ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29)
+CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user when mo ...)
+ - cifs-utils 2:6.11-3 (bug #987308)
+ [buster] - cifs-utils <no-dsa> (Minor issue)
+ [stretch] - cifs-utils <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651
+ NOTE: https://lists.samba.org/archive/samba-technical/2021-April/136467.html
+ NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=e461afd8cfa6d0781ae0c5c10e89b6ef1ca6da32
+ NOTE: Fix causes regression: https://bugs.debian.org/989080
+CVE-2021-20207
+ REJECTED
+CVE-2021-20206 (An improper limitation of path name flaw was found in containernetwork ...)
+ - golang-github-appc-cni 0.8.1-1 (bug #983659)
+ [buster] - golang-github-appc-cni <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - golang-github-appc-cni <no-dsa> (Minor issue)
+ NOTE: https://github.com/containernetworking/cni/pull/808
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391
+CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of ...)
+ - libjpeg-turbo <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c
+CVE-2021-20204 (A heap memory corruption problem (use after free) can be triggered in ...)
+ {DLA-2660-1}
+ - libgetdata 0.10.0-10 (bug #988239)
+ [buster] - libgetdata 0.10.0-5+deb10u1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956348
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050
+ NOTE: Debian patch applied causes functional regressions: https://bugs.debian.org/992437
+CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
+ {DLA-2623-1}
+ - qemu 1:6.2+dfsg-1 (bug #984452)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/308
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1890152
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d05dcd94aee88728facafb993c7280547eb4d645 (v6.2.0-rc3)
+CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior to the ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20201 (A flaw was found in spice in versions before 0.14.92. A DoS tool might ...)
+ - spice 0.14.3-2.1 (bug #983698)
+ [buster] - spice <no-dsa> (Minor issue)
+ [stretch] - spice <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/spice/spice/-/issues/49
+ NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
+ NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
+ NOTE: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
+CVE-2021-20200
+ REJECTED
+CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a source ...)
+ - libpod 3.0.0~rc2+dfsg1-2
+ - rootlesskit 0.12.0-1
+ NOTE: https://github.com/containers/podman/issues/5138
+ NOTE: https://github.com/containers/podman/pull/9052
+ NOTE: https://github.com/rootless-containers/rootlesskit/pull/206
+ NOTE: For Podman v3.0: https://github.com/containers/podman/pull/9225 (v3.0.0-rc3)
+ NOTE: Issue in podman was fixed by linking against rootlesskit 0.12, and Debian updated
+ NOTE: ahead of time
+CVE-2021-20198 (A flaw was found in the OpenShift Installer before version v0.9.0-mast ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-20197 (There is an open race window when writing output in the following util ...)
+ [experimental] - binutils 2.35.50.20201209-1
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26945
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=014cc7f849e8209623fc99264814bce7b3b6faf2
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
+ NOTE: binutils not covered by security support
+CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...)
+ - qemu 1:6.2+dfsg-1 (bug #984453)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1912780
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/338
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/1ab95af033a419e7a64e2d58e67dd96b20af5233 (v6.2.0-rc4)
+CVE-2021-20195 (A flaw was found in keycloak in versions before 13.0.0. A Self Stored ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher than 5.2 ...)
+ - linux 5.10.19-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1912683
+ NOTE: https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223
+CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...)
+ - tar 1.34+dfsg-1 (unimportant; bug #980525)
+ NOTE: https://savannah.gnu.org/bugs/?59897
+ NOTE: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
+ NOTE: Memory leak in CLI tool, no security impact
+CVE-2021-20192
+ RESERVED
+CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...)
+ - ansible <unfixed> (bug #985753)
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813
+ NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
+ NOTE: https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa
+CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
+CVE-2021-20189
+ REJECTED
+CVE-2021-20188 (A flaw was found in podman before 1.7.0. File permissions for non-root ...)
+ - libpod 2.0.2+dfsg1-3
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915734
+ NOTE: https://github.com/containers/podman/commit/2c7b579fe7328dc6db48bdaf60d0ddd9136b1e24
+ NOTE: https://github.com/containers/podman/commit/c8bd4746151e6ae37d49c4688f2f64e03db429fc
+ NOTE: Fixed as part of https://github.com/containers/podman/commit/dcf3c742b1ac4d641d66810113f3d17441a412f4 (v1.7.0-rc1)
+CVE-2021-20187 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ - moodle <removed>
+CVE-2021-20186 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ - moodle <removed>
+CVE-2021-20185 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ - moodle <removed>
+CVE-2021-20184 (It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a i ...)
+ - moodle <removed>
+CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search inputs w ...)
+ - moodle <removed>
+CVE-2021-20182 (A privilege escalation flaw was found in openshift4/ose-docker-builder ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementation of Q ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-4
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
+CVE-2021-20180
+ RESERVED
+ - ansible <unfixed> (bug #985753)
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808
+ NOTE: https://github.com/ansible-collections/community.general/pull/1635
+ NOTE: https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc
+CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully comprom ...)
+ - dogtag-pki 10.10.2-2
+ NOTE: https://github.com/dogtagpki/pki/pull/3475
+CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...)
+ - ansible <unfixed> (bug #985753)
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
+ NOTE: https://github.com/ansible-collections/community.general/pull/1621
+ NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
+CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string matchi ...)
+ {DSA-4843-1 DLA-2557-1}
+ - linux 5.5.13-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1
+CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.57+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f
+CVE-2021-20175 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20174 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20173 (Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20172 (All known versions of the Netgear Genie Installer for macOS contain a ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20171 (Netgear RAX43 version 1.0.3.96 stores sensitive information in plainte ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20170 (Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20169 (Netgear RAX43 version 1.0.3.96 does not utilize secure communications ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20168 (Netgear RAX43 version 1.0.3.96 does not have sufficient protections to ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20167 (Netgear RAX43 version 1.0.3.96 contains a command injection vulnerabil ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20166 (Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20165 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20164 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses creden ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20163 (Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the f ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20162 (Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plain ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20161 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient pr ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20160 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injectio ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command in ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force the dev ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded cred ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20154 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw i ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20153 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerab ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20152 (Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20151 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the sess ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20150 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses inform ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20149 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient ac ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20148 (ManageEngine ADSelfService Plus below build 6116 stores the password p ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20147 (ManageEngine ADSelfService Plus below build 6116 contains an observabl ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20146 (An unprotected ssh private key exists on the Gryphon devices which cou ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20145 (Gryphon Tower routers contain an unprotected openvpn configuration fil ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20144 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20143 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20142 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20141 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20140 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20139 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20138 (An unauthenticated command injection vulnerability exists in multiple ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20137 (A reflected cross-site scripting vulnerability exists in the url param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20136 (ManageEngine Log360 Builds &lt; 5235 are affected by an improper acces ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)
+ NOT-FOR-US: Nessus
+CVE-2021-20134 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20133 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20132 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
+ NOT-FOR-US: ManageEngine ADManager Plus
+CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
+ NOT-FOR-US: ManageEngine ADManager Plus
+CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
+ NOT-FOR-US: Telus Wi-Fi Hub
+CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
+ NOT-FOR-US: Telus Wi-Fi Hub
+CVE-2021-20120 (The administration web interface for the Arris Surfboard SB8200 lacks ...)
+ NOT-FOR-US: Arris Surfboard SB8200
+CVE-2021-20119 (The password change utility for the Arris SurfBoard SB8200 can have sa ...)
+ NOT-FOR-US: Arris SurfBoard SB8200
+CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam &lt;= ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam &lt;= ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20114 (When installed following the default/recommended settings, TCExam &lt; ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20112 (A stored cross-site scripting vulnerability exists in TCExam &lt;= 14. ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20111 (A stored cross-site scripting vulnerability exists in TCExam &lt;= 14. ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS ...)
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
+CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an ...)
+ NOT-FOR-US: Asset Explorer agent
+CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for inc ...)
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
+CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...)
+ NOT-FOR-US: Sloan
+CVE-2021-20106 (Nessus Agent versions 8.2.5 and earlier were found to contain a privil ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20105 (Machform prior to version 16 is vulnerable to an open redirect in Safa ...)
+ NOT-FOR-US: Machform
+CVE-2021-20104 (Machform prior to version 16 is vulnerable to unauthenticated remote c ...)
+ NOT-FOR-US: Machform
+CVE-2021-20103 (Machform prior to version 16 is vulnerable to stored cross-site script ...)
+ NOT-FOR-US: Machform
+CVE-2021-20102 (Machform prior to version 16 is vulnerable to cross-site request forge ...)
+ NOT-FOR-US: Machform
+CVE-2021-20101 (Machform prior to version 16 is vulnerable to HTTP host header injecti ...)
+ NOT-FOR-US: Machform
+CVE-2021-20100 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20099 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20098
+ RESERVED
+CVE-2021-20097
+ RESERVED
+CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remote atta ...)
+ NOT-FOR-US: OpenOversight
+CVE-2021-20095
+ REJECTED
+CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems CodeMeter ver ...)
+ NOT-FOR-US: Wibu-Systems CodeMeter
+CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems CodeMeter vers ...)
+ NOT-FOR-US: Wibu-Systems CodeMeter
+CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version &lt;= 1.0 ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version &lt;= 1.0 ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20090 (A path traversal vulnerability in the web interfaces of Buffalo WSR-25 ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: purl javascript URL parser (different from src:purl)
+CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: mootools-more
+CVE-2021-20087 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-deparam
+CVE-2021-20086 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-bbq
+CVE-2021-20085 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: backbone-query-parameters
+CVE-2021-20084 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-sparkle
+CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-plugin-query-object
+CVE-2021-20082
+ RESERVED
+CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus ...)
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
+CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...)
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
+CVE-2021-20079 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...)
+ NOT-FOR-US: Nessus
+CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...)
+ NOT-FOR-US: Manage Engine OpManager
+CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...)
+ NOT-FOR-US: Tenable
+CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20073 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cr ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20072 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20071 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20070 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20069 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20068 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20067 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20066 (JSDom improperly allows the loading of local resources, which allows f ...)
+ NOTE: Disputed by upstream: https://github.com/jsdom/jsdom/issues/3124#issuecomment-783502951
+ NOTE: https://www.tenable.com/security/research/tra-2021-05
+ NOTE: https://github.com/jsdom/jsdom/issues/3124
+CVE-2021-20065
+ RESERVED
+CVE-2021-20064
+ RESERVED
+CVE-2021-20063
+ RESERVED
+CVE-2021-20062
+ RESERVED
+CVE-2021-20061
+ RESERVED
+CVE-2021-20060
+ RESERVED
+CVE-2021-20059
+ RESERVED
+CVE-2021-20058
+ RESERVED
+CVE-2021-20057
+ RESERVED
+CVE-2021-20056
+ RESERVED
+CVE-2021-20055
+ RESERVED
+CVE-2021-20054
+ RESERVED
+CVE-2021-20053
+ RESERVED
+CVE-2021-20052
+ RESERVED
+CVE-2021-20051
+ RESERVED
+CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series leads to ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP response h ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and ear ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP Content-Length respo ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacN ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20044 (A post-authentication remote command injection vulnerability in SonicW ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20043 (A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBook ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20042 (An unauthenticated remote attacker can use SMA 100 as an unintended pr ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20041 (An unauthenticated and remote adversary can consume all of the device' ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20040 (A relative path traversal vulnerability in the SMA100 upload funtion a ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20039 (Improper neutralization of special elements in the SMA100 management i ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20038 (A Stack-based buffer overflow vulnerability in SMA100 Apache httpd ser ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incor ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20036
+ RESERVED
+CVE-2021-20035 (Improper neutralization of special elements in the SMA100 management i ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20034 (An improper access control vulnerability in SMA100 allows a remote una ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20033
+ RESERVED
+CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20030
+ RESERVED
+CVE-2021-20029
+ RESERVED
+CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20024 (Multiple Out-of-Bound read vulnerability in SonicWall Switch when hand ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20023 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20022 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20021 (A vulnerability in the SonicWall Email Security version 10.0.9.x allow ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20020 (A command execution vulnerability in SonicWall GMS 9.3 allows a remote ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20019 (A vulnerability in SonicOS where the HTTP server response leaks partia ...)
+ NOT-FOR-US: SonicOS
+CVE-2021-20018 (A post-authenticated vulnerability in SonicWall SMA100 allows an attac ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWall SMA1 ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20015
+ REJECTED
+CVE-2021-20014
+ REJECTED
+CVE-2021-20013
+ REJECTED
+CVE-2021-20012
+ REJECTED
+CVE-2021-20011
+ REJECTED
+CVE-2021-20010
+ REJECTED
+CVE-2021-20009
+ REJECTED
+CVE-2021-20008
+ REJECTED
+CVE-2021-20007
+ REJECTED
+CVE-2021-20006
+ REJECTED
+CVE-2021-20005
+ REJECTED
+CVE-2021-20004
+ REJECTED
+CVE-2021-20003
+ REJECTED
+CVE-2021-20002
+ REJECTED
+CVE-2021-20001 (It was discovered, that debian-edu-config, a set of configuration file ...)
+ {DSA-5072-1 DLA-2918-1}
+ - debian-edu-config 2.12.16
+ NOTE: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
+CVE-2021-2485 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2484 (Vulnerability in the Oracle Operations Intelligence product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2483 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2482 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2481 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2480 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2479 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2478 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2476 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2475 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-2474 (Vulnerability in the Oracle Web Analytics product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2473
+ RESERVED
+CVE-2021-2472
+ RESERVED
+CVE-2021-2471 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2470
+ RESERVED
+CVE-2021-2469
+ RESERVED
+CVE-2021-2468
+ RESERVED
+CVE-2021-2467
+ RESERVED
+CVE-2021-2466
+ RESERVED
+CVE-2021-2465
+ RESERVED
+CVE-2021-2464 (Vulnerability in Oracle Linux (component: OSwatcher). Supported versio ...)
+ NOT-FOR-US: Oracle Linux
+CVE-2021-2463 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2462 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2461 (Vulnerability in the Oracle Communications Interactive Session Recorde ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2460 (Vulnerability in the Oracle Application Express Data Reporter componen ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2459
+ RESERVED
+CVE-2021-2458 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2457 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2456 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2455 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2454 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2453 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2452 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2451 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2450 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2449 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2448 (Vulnerability in the Oracle Financial Services Crime and Compliance In ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2447 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2446 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2445 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2444 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2443 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2442 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2441 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2440 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2439 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2438 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2437 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2436 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2435 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2434 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2433 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2432 (Vulnerability in the Java SE product of Oracle Java SE (component: JND ...)
+ - openjdk-11 <not-affected> (Only affects Java 7)
+ - openjdk-8 <not-affected> (Only affects Java 7)
+CVE-2021-2431 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2430 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2429 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2428 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2427 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2426 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2425 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2424 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2423 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2422 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2421 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2420 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2419 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2418 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2417 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2416 (Vulnerability in the Oracle Communications Session Border Controller p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2415 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2414 (Vulnerability in the Oracle Communications Session Border Controller p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2413
+ RESERVED
+CVE-2021-2412 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2411 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-cluster <itp> (bug #833356)
+CVE-2021-2410 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2409 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2408 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2406 (Vulnerability in the Oracle Collaborative Planning product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2405 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2404 (Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2403 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2402 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2401 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2400 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2399 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2398 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2397 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2396 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2395 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2394 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2393 (Vulnerability in the Oracle E-Records product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2392 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2391 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2390 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.12-1
+ [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+ NOTE: Fixed in MariaDB 10.5.12, 10.3.31
+CVE-2021-2388 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1 DLA-2737-1}
+ - openjdk-11 11.0.12+7-1
+ - openjdk-8 8u302-b08-1
+CVE-2021-2387 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2386 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2385 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2384 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2383 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2382 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2381 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2380 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2379
+ RESERVED
+CVE-2021-2378 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2377 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2376 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2375 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2373 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.12-1
+ [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+ NOTE: Fixed in MariaDB 10.5.12, 10.3.31
+CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2369 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1 DLA-2737-1}
+ - openjdk-11 11.0.12+7-1
+ - openjdk-8 8u302-b08-1
+CVE-2021-2368 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2366 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2365 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2364 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2363 (Vulnerability in the Oracle Public Sector Financials (International) p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2362 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2361 (Vulnerability in the Oracle Advanced Inbound Telephony product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2360 (Vulnerability in the Oracle Approvals Management product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2359 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2358 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2357 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2356 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2355 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2354 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2353 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2351 (Vulnerability in the Advanced Networking Option component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2350 (Vulnerability in the Hyperion Essbase Administration Services product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2349 (Vulnerability in the Hyperion Essbase Administration Services product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2348 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2347 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2346 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2345 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2344 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2343 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2341 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1 DLA-2737-1}
+ - openjdk-11 11.0.12+7-1
+ - openjdk-8 8u302-b08-1
+CVE-2021-2340 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2338 (Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2337 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2336 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2335 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2334 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2333 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2332 (Vulnerability in the Oracle LogMiner component of Oracle Database Serv ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2331
+ RESERVED
+CVE-2021-2330 (Vulnerability in the Core RDBMS component of Oracle Database Server. T ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2329 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2328 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2327
+ RESERVED
+CVE-2021-2326 (Vulnerability in the Database Vault component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2325
+ RESERVED
+CVE-2021-2324 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2323 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2322 (Vulnerability in OpenGrok (component: Web App). Versions that are affe ...)
+ NOT-FOR-US: OpenGrok
+CVE-2021-2321 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2320 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2319 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2318 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2317 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2316 (Vulnerability in the Oracle HRMS (France) product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2315 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2314 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2313
+ RESERVED
+CVE-2021-2312 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2311 (Vulnerability in the Oracle Hospitality Inventory Management product o ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2310 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2309 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2308 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2307 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2306 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2305 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2303 (Vulnerability in the OSS Support Tools product of Oracle Support Tools ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2302 (Vulnerability in the Oracle Platform Security for Java product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2300 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2299 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2298 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2297 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2296 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2295 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2294 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2293 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2292 (Vulnerability in the Oracle Document Management and Collaboration prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2291 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2290 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2289 (Vulnerability in the Oracle Product Hub product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2288 (Vulnerability in the Oracle Bills of Material product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2287 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2286 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2285 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2284 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2283 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2282 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2281 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2280 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2279 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2277 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2276 (Vulnerability in the Oracle iSetup product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2275 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2274 (Vulnerability in the Oracle E-Business Tax product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2273 (Vulnerability in the Oracle Legal Entity Configurator product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2272 (Vulnerability in the Oracle Subledger Accounting product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2271 (Vulnerability in the Oracle Work in Process product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2270 (Vulnerability in the Oracle Site Hub product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2269 (Vulnerability in the Oracle Advanced Pricing product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2268 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2267 (Vulnerability in the Oracle Labor Distribution product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2266 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2265
+ RESERVED
+CVE-2021-2264 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/1
+CVE-2021-2263 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2262 (Vulnerability in the Oracle Purchasing product of Oracle E-Business Su ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2261 (Vulnerability in the Oracle Lease and Finance Management product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2260 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2259 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2258 (Vulnerability in the Oracle Projects product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2257 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2256 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2255 (Vulnerability in the Oracle Service Contracts product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2254 (Vulnerability in the Oracle Project Contracts product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2253 (Vulnerability in the Oracle Advanced Supply Chain Planning product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2252 (Vulnerability in the Oracle Loans product of Oracle E-Business Suite ( ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2251 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2250 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2249 (Vulnerability in the Oracle Landed Cost Management product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2248 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2247 (Vulnerability in the Oracle Advanced Collections product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2246 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2245 (Vulnerability in the Oracle Database - Enterprise Edition Unified Audi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2244 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2243
+ RESERVED
+CVE-2021-2242 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2241 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2240 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2239 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2238 (Vulnerability in the Oracle MES for Process Manufacturing product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2237 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2236 (Vulnerability in the Oracle Financials Common Modules product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2235 (Vulnerability in the Oracle Transportation Execution product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2234 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2233 (Vulnerability in the Oracle Enterprise Asset Management product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2232 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2231 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2230 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2229 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2228 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2227 (Vulnerability in the Oracle Cash Management product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2226 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2225 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2224 (Vulnerability in the Oracle Compensation Workbench product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2223 (Vulnerability in the Oracle Receivables product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2222 (Vulnerability in the Oracle Bill Presentment Architecture product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2221 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2220 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2219 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2218 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2217 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2216 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2215 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2214 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2213 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2212 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2211 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2210 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2209 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2208 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2207 (Vulnerability in the Oracle Database - Enterprise Edition component of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2206 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2205 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2204 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2203 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2202 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2201 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2200 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2199 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2198 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2197 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2196 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2195 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2194 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.8-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+ NOTE: Fixed in MariaDB 10.5.7, 10.4.16, 10.3.26, 10.2.35
+CVE-2021-2193 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2192 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2191 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2190 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2189 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2188 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2187 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2186 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2185 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2184 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2183 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2182 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2181 (Vulnerability in the Oracle Document Management and Collaboration prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2180 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2179 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2178 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2177 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2176
+ RESERVED
+CVE-2021-2175 (Vulnerability in the Database Vault component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2174 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2173 (Vulnerability in the Recovery component of Oracle Database Server. Sup ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2172 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2171 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2170 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2169 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2168
+ RESERVED
+CVE-2021-2167 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2166 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.10-1 (bug #988428)
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.29-0+deb10u1
+ - mysql-8.0 <unfixed> (bug #987325)
+ - mysql-5.7 <removed>
+ NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38
+CVE-2021-2165
+ RESERVED
+CVE-2021-2164 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2163 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...)
+ {DSA-4899-1 DLA-2634-1}
+ - openjdk-17 17~19-1
+ - openjdk-11 11.0.11+9-1
+ - openjdk-8 8u292-b10-1
+ NOTE: OpenJDK-11: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256
+ NOTE: OpenJDK-8: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4
+CVE-2021-2162 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2161 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...)
+ - openjdk-17 <not-affected> (Windows-specific)
+ - openjdk-11 <not-affected> (Windows-specific)
+ - openjdk-8 <not-affected> (Windows-specific)
+CVE-2021-2160 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2159 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2158 (Vulnerability in the Hyperion Financial Management product of Oracle H ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2157 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2156 (Vulnerability in the Oracle Customers Online product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2155 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2154 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.10-1 (bug #988428)
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.29-0+deb10u1
+ - mysql-5.7 <removed>
+ NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38
+CVE-2021-2153 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2152 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2151 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2150 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2149 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2148
+ RESERVED
+CVE-2021-2147 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2146 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+ - mysql-5.7 <removed>
+CVE-2021-2145 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2144 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+ - mysql-5.7 <removed>
+CVE-2021-2143
+ RESERVED
+CVE-2021-2142 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2141 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2140 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2139
+ RESERVED
+CVE-2021-2138 (Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2137 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2136 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2135 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2134 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2133
+ RESERVED
+CVE-2021-2132
+ RESERVED
+CVE-2021-2131 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2130 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2129 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2128 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2127 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2126 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2125 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2124 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2123 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2122 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2120 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2119 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2118 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2117 (Vulnerability in the Oracle Application Express Survey Builder compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2116 (Vulnerability in the Oracle Application Express Opportunity Tracker co ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2115 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2114 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2113 (Vulnerability in the Oracle Financial Services Revenue Management and ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2112 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2111 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2110 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2109 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2107 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2106 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2105 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2104 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2103 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2102 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2101 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2100 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2099 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2098 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2097 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2096 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2095
+ RESERVED
+CVE-2021-2094 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2093 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2092 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2091 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2090 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2089 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2088 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2086 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2085 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2084 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2083 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2082 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2081 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2080 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2079 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2078 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2077 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2076 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2075 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2074 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2073 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2072 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2071 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2069 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2068 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2067 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2066 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2064 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2063 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2062 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2061 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2060 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2059 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2057 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2055 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2054 (Vulnerability in the RDBMS Sharding component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2053 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2052 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2051 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2050 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2049 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2047 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2045 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2044 (Vulnerability in the PeopleSoft Enterprise FIN Payables product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2043 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2042 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2041 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2040 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2039 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2037
+ RESERVED
+CVE-2021-2036 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2035 (Vulnerability in the RDBMS Scheduler component of Oracle Database Serv ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2034 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2033 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2031 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2030 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2029 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2027 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2026 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2025 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2024 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2023 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2022 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.5-1
+ - mariadb-10.3 1:10.3.24-1
+ [buster] - mariadb-10.3 1:10.3.25-0+deb10u1
+ - mariadb-10.1 <removed>
+ [stretch] - mariadb-10.1 10.1.47-0+deb9u1
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+ NOTE: Fixed in MariaDB 10.5.5, 10.4.14, 10.3.24, 10.2.33, 10.1.46
+CVE-2021-2021 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2020 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.21-1
+CVE-2021-2019 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+CVE-2021-2018 (Vulnerability in the Advanced Networking Option component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2017 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2016 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+CVE-2021-2015 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2014 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2013 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2012 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.21-1
+CVE-2021-2011 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2010 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+CVE-2021-2008 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2007 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2006 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.21-1
+CVE-2021-2005 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2004 (Vulnerability in the Siebel Core - Server BizLogic Script product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2003 (Vulnerability in the Business Intelligence Enterprise Edition product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2002 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2001 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2000 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1999 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-1997 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1995 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1994 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1993 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1992
+ RESERVED
+CVE-2021-1991
+ RESERVED
+CVE-2021-1990
+ RESERVED
+CVE-2021-1989
+ RESERVED
+CVE-2021-1988
+ RESERVED
+CVE-2021-1987
+ RESERVED
+CVE-2021-1986
+ RESERVED
+CVE-2021-1985 (Possible buffer over read due to lack of data length check in QVR Serv ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1984 (Possible buffer overflow due to improper validation of index value whi ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1983 (Possible buffer overflow due to improper handling of negative data len ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1982 (Possible denial of service scenario due to improper input validation o ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1981 (Possible buffer over read due to improper IE size check of Bearer capa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1980 (Possible buffer over read due to lack of length check while parsing be ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1979 (Possible buffer overflow due to improper validation of FTM command pay ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1978
+ RESERVED
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1977 (Possible buffer over read due to improper validation of frame length w ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1975 (Possible heap overflow due to improper length check of domain while pa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1974 (Possible buffer over read due to lack of alignment between map or unma ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1973 (A FTM Diag command can allow an arbitrary write into modem OS space in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1972 (Possible buffer overflow due to improper validation of device types du ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1971 (Possible assertion due to lack of physical layer state validation in S ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1970 (Possible out of bound read due to lack of length check of FT sub-eleme ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1969 (Improper validation of kernel buffer address while copying information ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1968 (Improper validation of kernel buffer address while copying information ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1967 (Possible stack buffer overflow due to lack of check on the maximum num ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1966 (Possible buffer overflow due to lack of length check of source and des ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1965 (Possible buffer overflow due to lack of parameter length check during ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1964 (Possible buffer over read due to improper validation of IE size while ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1963 (Possible use-after-free due to lack of validation for the rule count i ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1962 (Buffer Overflow while processing IOCTL for getting peripheral endpoint ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1961 (Possible buffer overflow due to lack of offset length check while upda ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted opcode in LM ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1959 (Possible memory corruption due to lack of bound check of input index i ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1958 (A race condition in fastrpc kernel driver for dynamic process creation ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1957 (Improper Access Control when ACL link encryption is failed and ACL lin ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1956 (Improper handling of ASB-U packet with L2CAP channel ID by slave host ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1955 (Denial of service in SAP case due to improper handling of connections ...)
+ NOT-FOR-US: SAP
+CVE-2021-1954 (Possible buffer over read due to improper validation of data pointer w ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1953 (Improper handling of received malformed FTMR request frame can lead to ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of reques ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1951
+ RESERVED
+CVE-2021-1950
+ RESERVED
+CVE-2021-1949 (Possible integer overflow due to improper check of batch count value w ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1947 (Use-after-free vulnerability in kernel graphics driver because of stor ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation while pr ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1945 (Possible out of bound read due to lack of length check of Bandwidth-NS ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1944
+ RESERVED
+CVE-2021-1943 (Possible buffer out of bound read can occur due to improper validation ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1942
+ RESERVED
+CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1939 (Null pointer dereference occurs due to improper validation when the pr ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1938 (Possible assertion due to improper verification while creating and del ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1937 (Reachable assertion is possible while processing peer association WLAN ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1936 (Null pointer dereference can occur due to lack of null check for user ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1935 (Possible null pointer dereference due to lack of validation check for ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1934 (Possible memory corruption due to improper check when application load ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1933 (UE assertion is possible due to improper validation of invite message ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1932 (Improper access control in trusted application environment can cause u ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer length w ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1930 (Possible out of bounds read due to incorrect validation of incoming bu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1929 (Lack of strict validation of bootmode can lead to information disclosu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1928 (Buffer over read could occur due to incorrect check of buffer size whi ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1927 (Possible use after free due to lack of null check while memory is bein ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1926
+ RESERVED
+CVE-2021-1925 (Possible denial of service scenario due to improper handling of group ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1924 (Information disclosure through timing and power side-channels during m ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1923 (Incorrect pointer argument passed to trusted application TA could resu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1922
+ RESERVED
+CVE-2021-1921 (Possible memory corruption due to Improper handling of hypervisor unma ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1920 (Integer underflow can occur due to improper handling of incoming RTCP ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1919 (Integer underflow can occur when the RTCP length is lesser than than t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1918 (Improper handling of resource allocation in virtual machines can lead ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1917 (Null pointer dereference can occur due to memory allocation failure in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1916 (Possible buffer underflow due to lack of check for negative indices va ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1915 (Buffer overflow can occur due to improper validation of NDP applicatio ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper handlin ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1913 (Possible integer overflow due to improper length check while updating ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1912 (Possible integer overflow can occur due to improper length check while ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1911
+ RESERVED
+CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1909 (Buffer overflow occurs in trusted applications due to lack of length c ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1908
+ RESERVED
+CVE-2021-1907 (Possible buffer overflow due to lack of length check in BA request in ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1906 (Improper handling of address deregistration on failure can lead to new ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1905 (Possible use after free due to improper handling of memory mapping of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1904 (Child process can leak information from parent process due to numeric ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1903 (Possible denial of service scenario can occur due to lack of length ch ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1902
+ RESERVED
+CVE-2021-1901 (Possible buffer over-read due to lack of length check while flashing m ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1900 (Possible use after free in Display due to race condition while creatin ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1899 (Possible buffer over read due to lack of length check while flashing m ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1898 (Possible buffer over-read due to incorrect overflow check when loading ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1897 (Possible Buffer Over-read due to lack of validation of boundary checks ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1896 (Weak configuration in WLAN could cause forwarding of unencrypted packe ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1894 (Improper access control in TrustZone due to improper error handling wh ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1893
+ RESERVED
+CVE-2021-1892 (Memory corruption due to improper input validation while processing IO ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1891 (A possible use-after-free occurrence in audio driver can happen when p ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1890 (Improper length check of public exponent in RSA import key function co ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1889 (Possible buffer overflow due to lack of length check in Trusted Applic ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1888 (Memory corruption in key parsing and import function due to double fre ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1887 (An assertion can be reached in the WLAN subsystem while using the Wi-F ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1886 (Incorrect handling of pointers in trusted application key import mecha ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1885 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1884 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1883 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1882 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1881 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1880 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1879 (This issue was addressed by improved management of object lifetimes. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1878 (An integer overflow was addressed with improved input validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1877 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1876 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-1875 (A double free issue was addressed with improved memory management. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1874 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1873 (An API issue in Accessibility TCC permissions was addressed with impro ...)
+ NOT-FOR-US: Apple
+CVE-2021-1872 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1871 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+CVE-2021-1870 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1869
+ RESERVED
+CVE-2021-1868 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1867 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1866
+ RESERVED
+CVE-2021-1865 (An issue obscuring passwords in screenshots was addressed with improve ...)
+ NOT-FOR-US: Apple
+CVE-2021-1864 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-1863 (An issue existed with authenticating the action triggered by an NFC ta ...)
+ NOT-FOR-US: Apple
+CVE-2021-1862 (Description: A person with physical access may be able to access conta ...)
+ NOT-FOR-US: Apple
+CVE-2021-1861 (An issue existed in determining cache occupancy. The issue was address ...)
+ NOT-FOR-US: Apple
+CVE-2021-1860 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2021-1859 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1858 (Processing a maliciously crafted image may lead to arbitrary code exec ...)
+ NOT-FOR-US: Apple
+CVE-2021-1857 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2021-1856
+ RESERVED
+CVE-2021-1855 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1854 (A call termination issue with was addressed with improved logic. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1853 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1852 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1851 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1850
+ RESERVED
+CVE-2021-1849 (An issue in code signature validation was addressed with improved chec ...)
+ NOT-FOR-US: Apple
+CVE-2021-1848 (The issue was addressed with improved UI handling. This issue is fixed ...)
+ NOT-FOR-US: Apple
+CVE-2021-1847 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1846 (Processing a maliciously crafted audio file may disclose restricted me ...)
+ NOT-FOR-US: Apple
+CVE-2021-1845
+ RESERVED
+CVE-2021-1844 (A memory corruption issue was addressed with improved validation. This ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+CVE-2021-1843 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1842
+ RESERVED
+CVE-2021-1841 (A malicious application may be able to execute arbitrary code with ker ...)
+ NOT-FOR-US: Apple
+CVE-2021-1840 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1839 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1838 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1837 (A certificate validation issue was addressed. This issue is fixed in i ...)
+ NOT-FOR-US: Apple
+CVE-2021-1836 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1835 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1834 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-1833 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1832 (Copied files may not have the expected file permissions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1831 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1830 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1829 (A type confusion issue was addressed with improved state handling. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1828 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1827
+ RESERVED
+CVE-2021-1826 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1825 (An input validation issue was addressed with improved input validation ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1824 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2021-1823
+ RESERVED
+CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1821 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1819
+ RESERVED
+CVE-2021-1818 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1817 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1816 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1815 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2021-1814 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1813 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1812 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1811 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1810 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1809 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1808 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1807 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1806 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1805 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1804
+ RESERVED
+CVE-2021-1803 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1802 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1801 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1800 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-1799 (A port redirection issue was addressed with additional port validation ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1798
+ RESERVED
+CVE-2021-1797 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1796 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1795 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1794 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1793 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1792 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1791 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
+ NOT-FOR-US: Apple
+CVE-2021-1790 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1789 (A type confusion issue was addressed with improved state handling. Thi ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1788 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+CVE-2021-1787 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Apple
+CVE-2021-1786 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1785 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1784 (A permissions issue existed in DiskArbitration. This was addressed wit ...)
+ NOT-FOR-US: Apple
+CVE-2021-1783 (An access issue was addressed with improved memory management. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1782 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1781 (A privacy issue existed in the handling of Contact cards. This was add ...)
+ NOT-FOR-US: Apple
+CVE-2021-1780 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2021-1779 (A logic error in kext loading was addressed with improved state handli ...)
+ NOT-FOR-US: Apple
+CVE-2021-1778 (An out-of-bounds read issue existed in the curl. This issue was addres ...)
+ NOT-FOR-US: Apple
+CVE-2021-1777 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1776 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-1775 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-1774 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1773 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1772 (A stack overflow was addressed with improved input validation. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1771 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1770 (A buffer overflow may result in arbitrary code execution. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-1769 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1768 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1767 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1766 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1765 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1764 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-1763 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1762 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1761 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1760 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-1759 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1758 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1757 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1756 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1755 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1754 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1753 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1752
+ RESERVED
+CVE-2021-1751 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1750 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Apple
+CVE-2021-1749
+ RESERVED
+CVE-2021-1748 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1747 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1746 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1745 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1744 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1743 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1742 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1741 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1740 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2021-1739 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2021-1738 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1737 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1736 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1735
+ RESERVED
+CVE-2021-1734 (Windows Remote Procedure Call Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1731 (PFX Encryption Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1730 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1729 (Windows Update Stack Setup Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1728 (System Center Operations Manager Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1726 (Microsoft SharePoint Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Bot Framework SDK
+CVE-2021-1724 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ NOT-FOR-US: ASP.NET Core and Visual Studio
+CVE-2021-1722 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1721 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2021-1720
+ RESERVED
+CVE-2021-1719 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1718 (Microsoft SharePoint Server Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1717 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1716 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1715 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1714 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1713 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1712 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1711 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1710 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1709 (Windows Win32k Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1708 (Windows GDI+ Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1707 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1706 (Windows LUAFV Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1705 (Microsoft Edge (HTML-based) Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1704 (Windows Hyper-V Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1703 (Windows Event Logging Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1702 (Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1701 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1698 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1695 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1694 (Windows Update Stack Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1693 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1692 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1691 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1690 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1689 (Windows Multipoint Management Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1688 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1687 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1686 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1685 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1684 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1683 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1682 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1681 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1680 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1679 (Windows CryptoAPI Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1678 (NTLM Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1677 (Azure Active Directory Pod Identity Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1675 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1672 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1671 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1670 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1669 (Windows Remote Desktop Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1668 (Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1667 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1666 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1665 (GDI+ Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1664 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1663 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1662 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1661 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1660 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1659 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1658 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1657 (Windows Fax Compose Form Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1656 (TPM Device Driver Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1655 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1654 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1653 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1652 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1651 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1650 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1649 (Active Template Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1648 (Microsoft splwow64 Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1647 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1646 (Windows WLAN Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1645 (Windows Docker Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1644 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1643 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1642 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1640 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1636 (Microsoft SQL Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1635
+ RESERVED
+CVE-2021-1634
+ RESERVED
+CVE-2021-1633
+ RESERVED
+CVE-2021-1632
+ RESERVED
+CVE-2021-1631
+ RESERVED
+CVE-2021-1630 (XML external entity (XXE) vulnerability affecting certain versions of ...)
+ NOT-FOR-US: Salesforce
+CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
+ NOT-FOR-US: Tableau Server
+CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
+ NOT-FOR-US: Tableau Server
+CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...)
+ NOT-FOR-US: MuleSoft
+CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...)
+ NOT-FOR-US: MuleSoft
+CVE-2021-1625 (A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1624 (A vulnerability in the Rate Limiting Network Address Translation (NAT) ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1623 (A vulnerability in the Simple Network Management Protocol (SNMP) punt ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1622 (A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1621 (A vulnerability in the Layer 2 punt code of Cisco IOS XE Software coul ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1620 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1619 (A vulnerability in the authentication, authorization, and accounting ( ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1618 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1617 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1616 (A vulnerability in the H.323 application level gateway (ALG) used by t ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1615 (A vulnerability in the packet processing functionality of Cisco Embedd ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1614 (A vulnerability in the Multiprotocol Label Switching (MPLS) packet han ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1613
+ RESERVED
+CVE-2021-1612 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1611 (A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1610 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1609 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1608
+ RESERVED
+CVE-2021-1607 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1606 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1605 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1604 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1603 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1602 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1601 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1600 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1599 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1598 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1597 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1596 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1595 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1594 (A vulnerability in the REST API of Cisco Identity Services Engine (ISE ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1592 (A vulnerability in the way Cisco UCS Manager software handles SSH sess ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1591 (A vulnerability in the EtherChannel port subscription logic of Cisco N ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1590 (A vulnerability in the implementation of the system login block-for co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1589 (A vulnerability in the disaster recovery feature of Cisco SD-WAN vMana ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1588 (A vulnerability in the MPLS Operation, Administration, and Maintenance ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1587 (A vulnerability in the VXLAN Operation, Administration, and Maintenanc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1586 (A vulnerability in the Multi-Pod or Multi-Site network configurations ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1584 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1583 (A vulnerability in the fabric infrastructure file system access contro ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1582 (A vulnerability in the web UI of Cisco Application Policy Infrastructu ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1581 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1580 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1579 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1578 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1577 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Virtual ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1569 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1568 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1567 (A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secur ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1566 (A vulnerability in the Cisco Advanced Malware Protection (AMP) for End ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1565 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1562 (A vulnerability in the XSI-Actions interface of Cisco BroadWorks Appli ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1561 (A vulnerability in the spam quarantine feature of Cisco Secure Email a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1560 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1559 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1558 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1557 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1556
+ RESERVED
+CVE-2021-1555 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1554 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1553 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1552 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1551 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1550 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1549 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1548 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1547 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1546 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1545
+ RESERVED
+CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1543 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1542 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1541 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes Record ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1534 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1533
+ RESERVED
+CVE-2021-1532 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1531 (A vulnerability in the web UI of Cisco Modeling Labs could allow an au ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1529 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1523 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1518 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex Meetin ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1514 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1513 (A vulnerability in the vDaemon process of Cisco SD-WAN Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1512 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1511 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1510 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1509 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1508 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1507 (A vulnerability in an API of Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1506 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1500 (A vulnerability in the web-based management interface of Cisco Webex V ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1499 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1498 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1494
+ RESERVED
+CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
+ NOT-FOR-US: Duo Authentication Proxy
+CVE-2021-1491
+ RESERVED
+CVE-2021-1490 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1487 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1486 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1485 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1484
+ RESERVED
+CVE-2021-1483
+ RESERVED
+CVE-2021-1482
+ RESERVED
+CVE-2021-1481
+ RESERVED
+CVE-2021-1480 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1478 (A vulnerability in the Java Management Extensions (JMX) component of C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1473 (Multiple vulnerabilities exist in the web-based management interface o ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1472 (Multiple vulnerabilities exist in the web-based management interface o ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1470
+ RESERVED
+CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1468 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1466
+ RESERVED
+CVE-2021-1465
+ RESERVED
+CVE-2021-1464
+ RESERVED
+CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1462
+ RESERVED
+CVE-2021-1461
+ RESERVED
+CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 809 In ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1452 (A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software f ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1451 (A vulnerability in the Easy Virtual Switching System (VSS) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1447 (A vulnerability in the user account management system of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1444
+ RESERVED
+CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play (PnP) su ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1441 (A vulnerability in the hardware initialization routines of Cisco IOS X ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1440
+ RESERVED
+CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1438 (A vulnerability in Cisco Wide Area Application Services (WAAS) Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1437 (A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Se ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1436 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1435 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1434 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1433 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1432 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1431 (A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1430 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1429 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1428 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1427 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1426 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1425
+ RESERVED
+CVE-2021-1424
+ RESERVED
+CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco Airone ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco Adaptive ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1421 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1419 (A vulnerability in the SSH management feature of multiple Cisco Access ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1418 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1417 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1415 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1414 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1413 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1410
+ RESERVED
+CVE-2021-1409 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1408 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
+ {DLA-2626-1}
+ - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
+ [buster] - clamav 0.103.2+dfsg-0+deb10u1
+ NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
+CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...)
+ - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
+ [buster] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1)
+ [stretch] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1)
+ NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
+CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1401 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1400 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1399 (A vulnerability in the Self Care Portal of Cisco Unified Communication ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1397 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1395 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1392 (A vulnerability in the CLI command permissions of Cisco IOS and Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1391 (A vulnerability in the dragonite debugger of Cisco IOS XE Software cou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1390 (A vulnerability in one of the diagnostic test CLI commands of Cisco IO ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrato ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1386 (A vulnerability in the dynamic link library (DLL) loading mechanism in ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1385 (A vulnerability in the Cisco IOx application hosting environment of mu ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1384 (A vulnerability in Cisco IOx application hosting environment of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1383 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1382 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1380 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1379
+ RESERVED
+CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1376 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1375 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1374 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1373 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE SD-WA ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1365 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1363 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1362 (A vulnerability in the SOAP API endpoint of Cisco Unified Communicatio ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1361 (A vulnerability in the implementation of an internal file management s ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1359 (A vulnerability in the configuration management of Cisco AsyncOS for C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1358 (A vulnerability in the web-based management interface of Cisco Finesse ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1356 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco Unifi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1352 (A vulnerability in the DECnet Phase IV and DECnet/OSI protocol process ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1348 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1347 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1346 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1345 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1344 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1343 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1342 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1341 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1340 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1339 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1338 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1337 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1336 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1335 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1334 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1333 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1332 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1331 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1330 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1329 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1328 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1327 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1326 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1325 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1324 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1323 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1322 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1321 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1320 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1319 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1318 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1317 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1316 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1315 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1314 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1313 (Multiple vulnerabilities in the ingress packet processing function of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1312 (A vulnerability in the system resource management of Cisco Elastic Ser ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1311 (A vulnerability in the reclaim host role feature of Cisco Webex Meetin ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1310 (A vulnerability in the web-based management interface of Cisco Webex M ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1309 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1308 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1307 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1306 (A vulnerability in the restricted shell of Cisco Evolved Programmable ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1305 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1304 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1303 (A vulnerability in the user management roles of Cisco DNA Center could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1302 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1301 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1300 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1299 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1298 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1297 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1296 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1295 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1294 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1293 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1292 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1291 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1290 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1289 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1288 (Multiple vulnerabilities in the ingress packet processing function of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1287 (A vulnerability in the web-based management interface of Cisco RV132W ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1285
+ RESERVED
+CVE-2021-1284 (A vulnerability in the web-based messaging service interface of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1281 (A vulnerability in CLI management in Cisco IOS XE SD-WAN Software coul ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1280 (A vulnerability in the loading mechanism of specific DLLs of Cisco Adv ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1279 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1278 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1277 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1276 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1275 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1274 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1273 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1272 (A vulnerability in the session validation feature of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1271 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1270 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1268 (A vulnerability in the IPv6 protocol handling of the management interf ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1267 (A vulnerability in the dashboard widget of Cisco Firepower Management ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1266 (A vulnerability in the REST API of Cisco Managed Services Accelerator ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1265 (A vulnerability in the configuration archive functionality of Cisco DN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1264 (A vulnerability in the Command Runner tool of Cisco DNA Center could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1263 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1262 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1261 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1260 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1259 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secure Mo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1254 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1253 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1252 (A vulnerability in the Excel XLM macro parsing module in Clam AntiViru ...)
+ - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
+ [buster] - clamav <not-affected> (Affects ony 0.103.0 and 0.103.1)
+ [stretch] - clamav <not-affected> (Affects ony 0.103.0 and 0.103.1)
+ NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
+CVE-2021-1251 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1250 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1249 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1248 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1247 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1246 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1245 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1244 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1243 (A vulnerability in the Local Packet Transport Services (LPTS) programm ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1242 (A vulnerability in Cisco Webex Teams could allow an unauthenticated, r ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1241 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1240 (A vulnerability in the loading process of specific DLLs in Cisco Proxi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1239 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1238 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security Agent c ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Snort a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1234
+ RESERVED
+CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1232
+ RESERVED
+CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1229 (A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS S ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1228 (A vulnerability in the fabric infrastructure VLAN connection establish ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1227 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified Commun ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1221 (A vulnerability in the user interface of Cisco Webex Meetings and Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1220 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1219 (A vulnerability in Cisco Smart Software Manager Satellite could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1218 (A vulnerability in the web management interface of Cisco Smart Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1217 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1216 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1215 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1214 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1213 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1212 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1211 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1210 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1209 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1208 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1207 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1206 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1205 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1204 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1203 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1202 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1201 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1200 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1199 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1198 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1197 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1196 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1195 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1194 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1193 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1192 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1191 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1190 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1189 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1188 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1187 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1186 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1185 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1184 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1183 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1182 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1181 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1180 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1179 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1178 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1177 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1176 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1175 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1174 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1173 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1172 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1171 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1170 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1169 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1168 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1167 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1166 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1165 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1164 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1163 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1162 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1161 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1160 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1159 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1158 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1157 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1156 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1155 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1154 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1153 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1152 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1151 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1150 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1149 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1148 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1147 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1146 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1145 (A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1144 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1143 (A vulnerability in Cisco Connected Mobile Experiences (CMX) API author ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1142 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1141 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1140 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1139 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1138 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1137 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1136 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1135 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1134 (A vulnerability in the Cisco Identity Services Engine (ISE) integratio ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1132
+ RESERVED
+CVE-2021-1131 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1130 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1129 (A vulnerability in the authentication for the general purpose APIs imp ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1128 (A vulnerability in the CLI parser of Cisco IOS XR Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1127 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1126 (A vulnerability in the storage of proxy server credentials of Cisco Fi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1125 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1124
+ RESERVED
+CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1115 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1113 (NVIDIA camera firmware contains a difficult to exploit vulnerability w ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1112 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1111 (Bootloader contains a vulnerability in the NV3P server where any user ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1110 (NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerabi ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1109 (NVIDIA camera firmware contains a multistep, timing-related vulnerabil ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1108 (NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capt ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1107 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVM ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1105 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1104 (The RISC-V Instruction Set Manual contains a documented ambiguity for ...)
+ NOT-FOR-US: RISC-V
+CVE-2021-1103 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1102 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1101 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1100 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1099 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1098 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1097 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerability ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.91.03-1 (bug #991351)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
+ - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357)
+ - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355)
+ - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.91.03-1 (bug #991351)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
+ - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357)
+ - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355)
+ - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.91.03-1 (bug #991351)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
+ - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357)
+ - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355)
+ - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+CVE-2021-1092 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1091 (NVIDIA GPU Display driver for Windows contains a vulnerability where a ...)
+ NOT-FOR-US: NVIDIA GPU Display driver for Windows
+CVE-2021-1090 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ NOT-FOR-US: NVIDIA GPU Display driver for Windows
+ NOTE: CVE description is wrong, per https://nvidia.custhelp.com/app/answers/detail/a_id/5211 only for Windows
+CVE-2021-1089 (NVIDIA GPU Display Driver for Windows contains a vulnerability in nvid ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1088 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1087 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1086 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1085 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1084 (NVIDIA vGPU driver contains a vulnerability in the guest kernel mode d ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1083 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1082 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1081 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1080 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver ...)
+ - nvidia-graphics-drivers 460.73.01-1 (bug #987216)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)
+ - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221)
+ - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222)
+CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.73.01-1 (bug #987216)
+ [buster] - nvidia-graphics-drivers 418.197.02-1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #987217)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx 390.143-1 (bug #987218)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.143-1~deb10u1
+ - nvidia-graphics-drivers-tesla-418 418.197.02-1 (bug #987219)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #987220)
+ - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221)
+ - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222)
+CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1074 (NVIDIA GPU Display Driver for Windows installer contains a vulnerabili ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1073 (NVIDIA GeForce Experience, all versions prior to 3.23, contains a vuln ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1067 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1064 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1063 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1062 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1061 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1060 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1059 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1058 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager NVIDIA vGPU manager
+CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.32.03-1 (bug #979670)
+ [buster] - nvidia-graphics-drivers 418.181.07-1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1
+ - nvidia-graphics-drivers-tesla-418 418.181.07-1 (bug #979673)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #979674)
+ - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
+CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+ NOT-FOR-US: NVIDIA Windows drivers
+CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+ NOT-FOR-US: NVIDIA Windows drivers
+CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+ - nvidia-graphics-drivers 460.32.03-1 (bug #979670)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)
+ - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
+CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+ - nvidia-graphics-drivers 460.32.03-1 (bug #979670)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)
+ - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
+CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA Windows drivers
+CVE-2021-1050
+ RESERVED
+CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...)
+ NOT-FOR-US: Unisoc
+CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...)
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/77f4689de17c0887775bb77896f4cc11a39bf848 (5.9-rc4)
+CVE-2021-1047 (In valid_ipc_dram_addr of cm_access_control.c, there is a possible out ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1046 (In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1045 (Product: AndroidVersions: Android kernelAndroid ID: A-195580473Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1044 (In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1043 (In TBD of TBD, there is a possible downgrade attack due to under utili ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1042 (In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible d ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1041 (In (TBD) of (TBD), there is a possible out of bounds read due to memor ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1040 (In onCreate of BluetoothPairingSelectionFragment.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...)
+ NOT-FOR-US: Android
+CVE-2021-1037 (The broadcast that DevicePickerFragment sends when a new device is pai ...)
+ NOT-FOR-US: Android
+CVE-2021-1036 (In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-1035 (In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...)
+ NOT-FOR-US: Android
+CVE-2021-1033
+ RESERVED
+CVE-2021-1032 (In getMimeGroup of PackageManagerService.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1031 (In cancelNotificationsFromListener of NotificationManagerService.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-1030 (In setNotificationsShownFromListener of NotificationManagerService.jav ...)
+ NOT-FOR-US: Android
+CVE-2021-1029 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-1028 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-1027 (In setTransactionState of SurfaceFlinger, there is possible arbitrary ...)
+ NOT-FOR-US: Android
+CVE-2021-1026 (In startRanging of RttServiceImpl.java, there is a possible way to det ...)
+ NOT-FOR-US: Android
+CVE-2021-1025 (In hasNamedWallpaper of WallpaperManagerService.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-1024 (In onEventReceived of EventResultPersister.java, there is a possible i ...)
+ NOT-FOR-US: Android
+CVE-2021-1023 (In onCreate of RequestIgnoreBatteryOptimizations.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1022 (In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1021 (In snoozeNotificationInt of NotificationManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1020 (In snoozeNotification of NotificationListenerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-1019 (In snoozeNotification of NotificationListenerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-1018 (In adjustStreamVolume of AudioService.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-1017 (In AdapterService and GattService definition of AndroidManifest.xml, t ...)
+ NOT-FOR-US: Android
+CVE-2021-1016 (In onCreate of UsbPermissionActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-1015 (In getMeidForSlot of PhoneInterfaceManager.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-1014 (In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1013 (In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of P ...)
+ NOT-FOR-US: Android
+CVE-2021-1012 (In onResume of NotificationAccessDetails.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1011 (In setPackageStoppedState of PackageManagerService.java, there is a mi ...)
+ NOT-FOR-US: Android
+CVE-2021-1010 (In getSigningKeySet of PackageManagerService.java, there is a missing ...)
+ NOT-FOR-US: Android
+CVE-2021-1009 (In setApplicationCategoryHint of PackageManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1008 (In addSubInfo of SubscriptionController.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1007 (In btu_hcif_process_event of btu_hcif.cc, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-1006 (In several functions of DatabaseManager.java, there is a possible leak ...)
+ NOT-FOR-US: Android
+CVE-2021-1005 (In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2021-1004 (In getConfiguredNetworks of WifiServiceImpl.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-1003 (In adjustStreamVolume of AudioService.java, there is a possible way fo ...)
+ NOT-FOR-US: Android
+CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bo ...)
+ NOT-FOR-US: Android
+CVE-2021-1000
+ RESERVED
+CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible ou ...)
+ NOT-FOR-US: Android
+CVE-2021-0997 (In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , t ...)
+ NOT-FOR-US: Android
+CVE-2021-0996 (In nfaHciCallback of HciEventManager.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-0995 (In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-0994 (In requestRouteToHostAddress of ConnectivityService.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0993 (In getOffsetBeforeAfter of TextLine.java, there is a possible denial o ...)
+ NOT-FOR-US: Android
+CVE-2021-0992 (In onCreate of PaymentDefaultDialog.java, there is a possible way to c ...)
+ NOT-FOR-US: Android
+CVE-2021-0991 (In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderControll ...)
+ NOT-FOR-US: Android
+CVE-2021-0990 (In getDeviceId of PhoneSubInfoController.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0989 (In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0988 (In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientCont ...)
+ NOT-FOR-US: Android
+CVE-2021-0987 (In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2021-0986 (In hasGrantedPolicy of DevicePolicyManagerService.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0985 (In onReceive of AlertReceiver.java, there is a possible way to dismiss ...)
+ NOT-FOR-US: Android
+CVE-2021-0984 (In onNullBinding of ManagedServices.java, there is a possible permissi ...)
+ NOT-FOR-US: Android
+CVE-2021-0983 (In createAdminSupportIntent of DevicePolicyManagerService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0982 (In getOrganizationNameForUser of DevicePolicyManagerService.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-0981 (In enqueueNotificationInternal of NotificationManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0980
+ RESERVED
+CVE-2021-0979 (In isRequestPinItemSupported of ShortcutService.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0978 (In getSerialForPackage of DeviceIdentifiersPolicyService.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read due to a ...)
+ NOT-FOR-US: Android
+CVE-2021-0975
+ RESERVED
+CVE-2021-0974
+ RESERVED
+CVE-2021-0973 (In isFileUri of UriUtil.java, there is a possible way to bypass ignori ...)
+ NOT-FOR-US: Android
+CVE-2021-0972
+ RESERVED
+CVE-2021-0971 (In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0970 (In createFromParcel of GpsNavigationMessage.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0969 (In getTitle of AccessPoint.java, there is a possible unhandled excepti ...)
+ NOT-FOR-US: Android
+CVE-2021-0968 (In osi_malloc and osi_calloc of allocator.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0967 (In vorbis_book_decodev_set of codebook.c, there is a possible out of b ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0966 (In code generated by BuildParcelFields of generate_cpp.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0965 (In AndroidManifest.xml of Settings, there is a possible pairing of a B ...)
+ NOT-FOR-US: Android
+CVE-2021-0964 (In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out o ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0963 (In onCreate of KeyChainActivity.java, there is a possible way to use a ...)
+ NOT-FOR-US: Android
+CVE-2021-0962
+ RESERVED
+CVE-2021-0961 (In quota_proc_write of xt_quota2.c, there is a possible way to read ke ...)
+ - linux <not-affected> (Android-specific xt_quota2 code)
+ NOTE: https://source.android.com/security/bulletin/2021-12-01
+CVE-2021-0960
+ RESERVED
+CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory restrict ...)
+ NOT-FOR-US: Android
+CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...)
+ NOT-FOR-US: Android
+CVE-2021-0957
+ RESERVED
+CVE-2021-0956 (In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0955 (In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption ...)
+ NOT-FOR-US: Android
+CVE-2021-0954 (In ResolverActivity, there is a possible user interaction bypass due t ...)
+ NOT-FOR-US: Android
+CVE-2021-0953 (In setOnClickActivityIntent of SearchWidgetProvider.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a possible perm ...)
+ NOT-FOR-US: Android
+CVE-2021-0951
+ RESERVED
+CVE-2021-0950
+ RESERVED
+CVE-2021-0949
+ RESERVED
+CVE-2021-0948
+ RESERVED
+CVE-2021-0947
+ RESERVED
+CVE-2021-0946
+ RESERVED
+CVE-2021-0945
+ RESERVED
+CVE-2021-0944
+ RESERVED
+CVE-2021-0943
+ RESERVED
+CVE-2021-0942
+ RESERVED
+CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds ...)
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae
+CVE-2021-0940 (In TBD of TBD, there is a possible out of bounds write due to improper ...)
+ NOT-FOR-US: Pixel components
+CVE-2021-0939 (In set_default_passthru_cfg of passthru.c, there is a possible out of ...)
+ NOT-FOR-US: Pixel components
+CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypass of ...)
+ - linux 5.9.15-1 (unimportant)
+ [buster] - linux 4.19.171-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+ NOTE: https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329
+CVE-2021-0937
+ RESERVED
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+ NOTE: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d
+ NOTE: Duplicate of CVE-2021-22555
+CVE-2021-0936 (In acc_read of f_accessory.c, there is a possible memory corruption du ...)
+ - linux <not-affected> (Pixel or Android-specific driver)
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds write d ...)
+ - linux 4.15.17-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4
+ NOTE: https://git.kernel.org/linus/b954f94023dcc61388c8384f0f14eb8e42c863c5
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+CVE-2021-0934
+ RESERVED
+CVE-2021-0933 (In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.j ...)
+ NOT-FOR-US: Android
+CVE-2021-0932 (In showNotification of NavigationModeController.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0931 (In getAlias of BluetoothDevice.java, there is a possible way to create ...)
+ NOT-FOR-US: Android
+CVE-2021-0930 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0929 (In ion_dma_buf_end_cpu_access and related functions of ion.c, there is ...)
+ - linux 5.6.4-1 (unimportant)
+ NOTE: https://source.android.com/security/bulletin/2021-11-01
+ NOTE: CONFIG_ION not enabled in Debian
+CVE-2021-0928 (In createFromParcel of OutputConfiguration.java, there is a possible p ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0927 (In requestChannelBrowsable of TvInputManagerService.java, there is a p ...)
+ NOT-FOR-US: Android TV
+CVE-2021-0926 (In onCreate of NfcImportVCardActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0925 (In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2021-0924 (In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds re ...)
+ - linux <not-affected> (Android-specific XHCI patch)
+ NOTE: https://source.android.com/security/bulletin/2021-11-01
+ NOTE: https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497
+CVE-2021-0923 (In createOrUpdate of Permission.java, there is a possible way to gain ...)
+ NOT-FOR-US: Android
+CVE-2021-0922 (In enforceCrossUserOrProfilePermission of PackageManagerService.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-0921 (In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0920 (In unix_scm_to_skb of af_unix.c, there is a possible use after free bu ...)
+ {DLA-2843-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca
+ NOTE: https://source.android.com/security/bulletin/2021-11-01
+CVE-2021-0919 (In getService of IServiceManager.cpp, there is a possible unhandled ex ...)
+ NOT-FOR-US: Android
+CVE-2021-0918 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2021-0917
+ RESERVED
+CVE-2021-0916
+ RESERVED
+CVE-2021-0915
+ RESERVED
+CVE-2021-0914
+ RESERVED
+CVE-2021-0913
+ RESERVED
+CVE-2021-0912
+ RESERVED
+CVE-2021-0911
+ RESERVED
+CVE-2021-0910
+ RESERVED
+CVE-2021-0909
+ RESERVED
+CVE-2021-0908
+ RESERVED
+CVE-2021-0907
+ RESERVED
+CVE-2021-0906
+ RESERVED
+CVE-2021-0905
+ RESERVED
+CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0901 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0892
+ RESERVED
+CVE-2021-0891
+ RESERVED
+CVE-2021-0890
+ RESERVED
+CVE-2021-0889 (In Android TV , there is a possible silent pairing due to lack of rate ...)
+ NOT-FOR-US: Android TV
+CVE-2021-0888
+ RESERVED
+CVE-2021-0887
+ RESERVED
+CVE-2021-0886
+ RESERVED
+CVE-2021-0885
+ RESERVED
+CVE-2021-0884
+ RESERVED
+CVE-2021-0883
+ RESERVED
+CVE-2021-0882
+ RESERVED
+CVE-2021-0881
+ RESERVED
+CVE-2021-0880
+ RESERVED
+CVE-2021-0879
+ RESERVED
+CVE-2021-0878
+ RESERVED
+CVE-2021-0877
+ RESERVED
+CVE-2021-0876
+ RESERVED
+CVE-2021-0875
+ RESERVED
+CVE-2021-0874
+ RESERVED
+CVE-2021-0873
+ RESERVED
+CVE-2021-0872
+ RESERVED
+CVE-2021-0871
+ RESERVED
+CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...)
+ NOT-FOR-US: Android
+CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0868
+ RESERVED
+CVE-2021-0867
+ RESERVED
+CVE-2021-0866
+ RESERVED
+CVE-2021-0865
+ RESERVED
+CVE-2021-0864
+ RESERVED
+CVE-2021-0863
+ RESERVED
+CVE-2021-0862
+ RESERVED
+CVE-2021-0861
+ RESERVED
+CVE-2021-0860
+ RESERVED
+CVE-2021-0859
+ RESERVED
+CVE-2021-0858
+ RESERVED
+CVE-2021-0857
+ RESERVED
+CVE-2021-0856
+ RESERVED
+CVE-2021-0855
+ RESERVED
+CVE-2021-0854
+ RESERVED
+CVE-2021-0853
+ RESERVED
+CVE-2021-0852
+ RESERVED
+CVE-2021-0851
+ RESERVED
+CVE-2021-0850
+ RESERVED
+CVE-2021-0849
+ RESERVED
+CVE-2021-0848
+ RESERVED
+CVE-2021-0847
+ RESERVED
+CVE-2021-0846
+ RESERVED
+CVE-2021-0845
+ RESERVED
+CVE-2021-0844
+ RESERVED
+CVE-2021-0843
+ RESERVED
+CVE-2021-0842
+ RESERVED
+CVE-2021-0841
+ RESERVED
+CVE-2021-0840
+ RESERVED
+CVE-2021-0839
+ RESERVED
+CVE-2021-0838
+ RESERVED
+CVE-2021-0837
+ RESERVED
+CVE-2021-0836
+ RESERVED
+CVE-2021-0835
+ RESERVED
+CVE-2021-0834
+ RESERVED
+CVE-2021-0833
+ RESERVED
+CVE-2021-0832
+ RESERVED
+CVE-2021-0831
+ RESERVED
+CVE-2021-0830
+ RESERVED
+CVE-2021-0829
+ RESERVED
+CVE-2021-0828
+ RESERVED
+CVE-2021-0827
+ RESERVED
+CVE-2021-0826
+ RESERVED
+CVE-2021-0825
+ RESERVED
+CVE-2021-0824
+ RESERVED
+CVE-2021-0823
+ RESERVED
+CVE-2021-0822
+ RESERVED
+CVE-2021-0821
+ RESERVED
+CVE-2021-0820
+ RESERVED
+CVE-2021-0819
+ RESERVED
+CVE-2021-0818
+ RESERVED
+CVE-2021-0817
+ RESERVED
+CVE-2021-0816
+ RESERVED
+CVE-2021-0815
+ RESERVED
+CVE-2021-0814
+ RESERVED
+CVE-2021-0813
+ RESERVED
+CVE-2021-0812
+ RESERVED
+CVE-2021-0811
+ RESERVED
+CVE-2021-0810
+ RESERVED
+CVE-2021-0809
+ RESERVED
+CVE-2021-0808
+ RESERVED
+CVE-2021-0807
+ RESERVED
+CVE-2021-0806
+ RESERVED
+CVE-2021-0805
+ RESERVED
+CVE-2021-0804
+ RESERVED
+CVE-2021-0803
+ RESERVED
+CVE-2021-0802
+ RESERVED
+CVE-2021-0801
+ RESERVED
+CVE-2021-0800
+ RESERVED
+CVE-2021-0799 (In ActivityThread.java, there is a possible way to collide the content ...)
+ NOT-FOR-US: Android
+CVE-2021-0798
+ RESERVED
+CVE-2021-0797
+ RESERVED
+CVE-2021-0796
+ RESERVED
+CVE-2021-0795
+ RESERVED
+CVE-2021-0794
+ RESERVED
+CVE-2021-0793
+ RESERVED
+CVE-2021-0792
+ RESERVED
+CVE-2021-0791
+ RESERVED
+CVE-2021-0790
+ RESERVED
+CVE-2021-0789
+ RESERVED
+CVE-2021-0788
+ RESERVED
+CVE-2021-0787
+ RESERVED
+CVE-2021-0786
+ RESERVED
+CVE-2021-0785
+ RESERVED
+CVE-2021-0784
+ RESERVED
+CVE-2021-0783
+ RESERVED
+CVE-2021-0782
+ RESERVED
+CVE-2021-0781
+ RESERVED
+CVE-2021-0780
+ RESERVED
+CVE-2021-0779
+ RESERVED
+CVE-2021-0778
+ RESERVED
+CVE-2021-0777
+ RESERVED
+CVE-2021-0776
+ RESERVED
+CVE-2021-0775
+ RESERVED
+CVE-2021-0774
+ RESERVED
+CVE-2021-0773
+ RESERVED
+CVE-2021-0772
+ RESERVED
+CVE-2021-0771
+ RESERVED
+CVE-2021-0770
+ RESERVED
+CVE-2021-0769 (In onCreate of AllowBindAppWidgetActivity.java, there is a possible by ...)
+ NOT-FOR-US: Android
+CVE-2021-0768
+ RESERVED
+CVE-2021-0767
+ RESERVED
+CVE-2021-0766
+ RESERVED
+CVE-2021-0765
+ RESERVED
+CVE-2021-0764
+ RESERVED
+CVE-2021-0763
+ RESERVED
+CVE-2021-0762
+ RESERVED
+CVE-2021-0761
+ RESERVED
+CVE-2021-0760
+ RESERVED
+CVE-2021-0759
+ RESERVED
+CVE-2021-0758
+ RESERVED
+CVE-2021-0757
+ RESERVED
+CVE-2021-0756
+ RESERVED
+CVE-2021-0755
+ RESERVED
+CVE-2021-0754
+ RESERVED
+CVE-2021-0753
+ RESERVED
+CVE-2021-0752
+ RESERVED
+CVE-2021-0751
+ RESERVED
+CVE-2021-0750
+ RESERVED
+CVE-2021-0749
+ RESERVED
+CVE-2021-0748
+ RESERVED
+CVE-2021-0747
+ RESERVED
+CVE-2021-0746
+ RESERVED
+CVE-2021-0745
+ RESERVED
+CVE-2021-0744
+ RESERVED
+CVE-2021-0743
+ RESERVED
+CVE-2021-0742
+ RESERVED
+CVE-2021-0741
+ RESERVED
+CVE-2021-0740
+ RESERVED
+CVE-2021-0739
+ RESERVED
+CVE-2021-0738
+ RESERVED
+CVE-2021-0737
+ RESERVED
+CVE-2021-0736
+ RESERVED
+CVE-2021-0735
+ RESERVED
+CVE-2021-0734
+ RESERVED
+CVE-2021-0733
+ RESERVED
+CVE-2021-0732
+ RESERVED
+CVE-2021-0731
+ RESERVED
+CVE-2021-0730
+ RESERVED
+CVE-2021-0729
+ RESERVED
+CVE-2021-0728
+ RESERVED
+CVE-2021-0727
+ RESERVED
+CVE-2021-0726
+ RESERVED
+CVE-2021-0725
+ RESERVED
+CVE-2021-0724
+ RESERVED
+CVE-2021-0723
+ RESERVED
+CVE-2021-0722
+ RESERVED
+CVE-2021-0721
+ RESERVED
+CVE-2021-0720
+ RESERVED
+CVE-2021-0719
+ RESERVED
+CVE-2021-0718
+ RESERVED
+CVE-2021-0717
+ RESERVED
+CVE-2021-0716
+ RESERVED
+CVE-2021-0715
+ RESERVED
+CVE-2021-0714
+ RESERVED
+CVE-2021-0713
+ RESERVED
+CVE-2021-0712
+ RESERVED
+CVE-2021-0711
+ RESERVED
+CVE-2021-0710
+ RESERVED
+CVE-2021-0709
+ RESERVED
+CVE-2021-0708 (In runDumpHeap of ActivityManagerShellCommand.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0707
+ RESERVED
+CVE-2021-0706 (In startListening of PluginManagerImpl.java, there is a possible way t ...)
+ NOT-FOR-US: Android
+CVE-2021-0705 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0704 (In createNoCredentialsPermissionNotification and related functions of ...)
+ NOT-FOR-US: Android
+CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after free due ...)
+ NOT-FOR-US: Android
+CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...)
+ NOT-FOR-US: Android
+CVE-2021-0701
+ RESERVED
+CVE-2021-0700
+ RESERVED
+CVE-2021-0699
+ RESERVED
+CVE-2021-0698
+ RESERVED
+CVE-2021-0697
+ RESERVED
+CVE-2021-0696
+ RESERVED
+CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...)
+ - linux <not-affected> (Android-specific xt_qtaguid code)
+ NOTE: https://source.android.com/security/bulletin/2021-09-01
+CVE-2021-0694
+ RESERVED
+CVE-2021-0693 (In openFile of HeapDumpProvider.java, there is a possible way to retri ...)
+ NOT-FOR-US: Android
+CVE-2021-0692 (In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0691 (In the SELinux policy configured in system_app.te, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0690 (In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a pos ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0689 (In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0688 (In lockNow of PhoneWindowManager.java, there is a possible lock screen ...)
+ NOT-FOR-US: Android
+CVE-2021-0687 (In ellipsize of Layout.java, there is a possible ANR due to improper i ...)
+ NOT-FOR-US: Android
+CVE-2021-0686 (In getDefaultSmsPackage of RoleManagerService.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0685 (In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parc ...)
+ NOT-FOR-US: Android
+CVE-2021-0684 (In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0683 (In runTraceIpcStop of ActivityManagerShellCommand.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0682 (In sendAccessibilityEvent of NotificationManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-0681 (In system properties, there is a possible information disclosure due t ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0679 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an intege ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due to an ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to an inco ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due to a m ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0670 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0669 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0668 (In apusys, there is a possible memory corruption due to incorrect erro ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0667 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0666 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0665 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0664 (In ccu, there is a possible memory corruption due to a use after free. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0659 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0658 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0657 (In apusys, there is a possible out of bounds write due to a stack-base ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0656 (In edma driver, there is a possible memory corruption due to a use aft ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0655 (In mdlactl driver, there is a possible memory corruption due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...)
+ NOT-FOR-US: Android
+CVE-2021-0653 (In enqueueNotification of NetworkPolicyManagerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0652 (In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0651 (In loadLabel of PackageItemInfo.java, there is a possible way to DoS a ...)
+ NOT-FOR-US: Android
+CVE-2021-0650 (In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0649 (In stopVpnProfile of Vpn.java, there is a possible VPN profile reset d ...)
+ NOT-FOR-US: Android
+CVE-2021-0648
+ RESERVED
+CVE-2021-0647
+ RESERVED
+CVE-2021-0646 (In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0644 (In conditionallyRemoveIdentifiers of SubscriptionController.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-0643 (In getAllSubInfoList of SubscriptionController.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0641 (In getAvailableSubscriptionInfoList of SubscriptionController.java, th ...)
+ NOT-FOR-US: Android
+CVE-2021-0640 (In noteAtomLogged of StatsdStats.cpp, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2021-0639 (In multiple functions of libl3oemcrypto.cpp, there is a possible weakn ...)
+ NOT-FOR-US: Widevine
+CVE-2021-0638
+ RESERVED
+CVE-2021-0637
+ RESERVED
+CVE-2021-0636 (When extracting the incorrectly formatted avi file, the memory is dama ...)
+ NOT-FOR-US: UniSoc components for Android
+CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory is dama ...)
+ NOT-FOR-US: UniSoc components for Android
+CVE-2021-0634 (In display driver, there is a possible memory corruption due to uninit ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0633 (In display driver, there is a possible out of bounds write due to an i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0632 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0631 (In wifi driver, there is a possible system crash due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0630 (In wifi driver, there is a possible system crash due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0629 (In mdlactl driver, there is a possible memory corruption due to a use ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integer ov ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper locking. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0624 (In flv extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0623 (In asf extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0622 (In asf extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0621 (In asf extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0620 (In asf extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0619 (In ape extractor, there is a possible out of bounds read due to a miss ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0616 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0615 (In flv extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0614 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0613 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0610 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0609
+ RESERVED
+CVE-2021-0608 (In handleAppLaunch of AppLaunchActivity.java, there is a possible arbi ...)
+ NOT-FOR-US: Pixel
+CVE-2021-0607 (In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware p ...)
+ NOT-FOR-US: Pixel
+CVE-2021-0606 (In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use ...)
+ - linux <not-affected> (Vulnerability specific to 4.14.y backporting)
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-06-01
+CVE-2021-0605 (In pfkey_dump of af_key.c, there is a possible out-of-bounds read due ...)
+ - linux 5.8.7-1
+ [buster] - linux 4.19.152-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac
+CVE-2021-0604 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0603 (In onCreate of ContactSelectionActivity.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0602 (In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0601 (In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of boun ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0600 (In onCreate of DeviceAdminAdd.java, there is a possible way to mislead ...)
+ NOT-FOR-US: Android
+CVE-2021-0599 (In scheduleTimeoutLocked of NotificationRecord.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0598 (In onCreate of ConfirmConnectActivity.java, there is a possible pairin ...)
+ NOT-FOR-US: Android
+CVE-2021-0597 (In notifyProfileAdded and notifyProfileRemoved of SipService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0596 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0595 (In lockAllProfileTasks of RootWindowContainer.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...)
+ NOT-FOR-US: Android
+CVE-2021-0593 (In sendDevicePickedIntent of DevicePickerFragment.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...)
+ NOT-FOR-US: Widevine
+CVE-2021-0591 (In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0589 (In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2021-0588 (In processInboundMessage of MceStateMachine.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0587 (In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way to t ...)
+ NOT-FOR-US: Android
+CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2021-0583 (In onCreate of BluetoothPairingDialog, there is a possible way to enab ...)
+ NOT-FOR-US: Android
+CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0580 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0579 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0578 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0576 (In flv extractor, there is a possible out of bounds write due to a mis ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0575
+ RESERVED
+CVE-2021-0574 (In asf extractor, there is a possible out of bounds write due to a mis ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0573 (In asf extractor, there is a possible out of bounds write due to a mis ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0572 (In doNotification of AccountManagerService.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0571 (In ActivityTaskManagerService.startActivity() and AppTaskImpl.startAct ...)
+ NOT-FOR-US: Android
+CVE-2021-0570 (In sendBugreportNotification of BugreportProgressService.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0569 (In onStart of ContactsDumpActivity.java, there is possible access to c ...)
+ NOT-FOR-US: Android
+CVE-2021-0568 (In onReceive of DevicePolicyManagerService.java, there is a possible e ...)
+ NOT-FOR-US: Android
+CVE-2021-0567 (In isRestricted of RemoteViews.java, there is a possible way to inject ...)
+ NOT-FOR-US: Android
+CVE-2021-0566 (In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0565 (In wrapUserThread of AudioStream.cpp, there is a possible use after fr ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0564 (In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0563 (In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a poss ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0562 (In RasterIntraUpdate of motion_est.cpp, there is a possible out of bou ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0561 (In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0560
+ RESERVED
+CVE-2021-0559 (In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0558 (In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0557 (In setRange of ABuffer.cpp, there is a possible out of bounds write du ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0556 (In getBlockSum of fastcodemb.cpp, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0555 (In RenderStruct of protostream_objectsource.cc, there is a possible cr ...)
+ NOT-FOR-US: Android
+CVE-2021-0554 (In isBackupServiceActive of BackupManagerService.java, there is a miss ...)
+ NOT-FOR-US: Android
+CVE-2021-0553 (In onBindViewHolder of AppSwitchPreference.java, there is a possible b ...)
+ NOT-FOR-US: Android
+CVE-2021-0552 (In getEndItemSliceAction of MediaOutputSlice.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0551 (In bind of MediaControlPanel.java, there is a possible way to lock up ...)
+ NOT-FOR-US: Android
+CVE-2021-0550 (In onLoadFailed of AnnotateActivity.java, there is a possible way to g ...)
+ NOT-FOR-US: Android
+CVE-2021-0549 (In sspRequestCallback of BondStateMachine.java, there is a possible le ...)
+ NOT-FOR-US: Android
+CVE-2021-0548 (In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2021-0547 (In onReceive of NetInitiatedActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0546 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0545 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0544 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0543 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0542 (In updateNotification of BeamTransferManager.java, there is a missing ...)
+ NOT-FOR-US: Android
+CVE-2021-0541 (In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0540 (In halWrapperDataCallback of hal_wrapper.cc, there is a possible out o ...)
+ NOT-FOR-US: Android
+CVE-2021-0539 (In archiveStoredConversation of MmsService.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-0538 (In onCreate of EmergencyCallbackModeExitDialog.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0537 (In onCreate of WiFiInstaller.java, there is a possible way to install ...)
+ NOT-FOR-US: Android
+CVE-2021-0536 (In dropFile of WiFiInstaller, there is a way to delete files accessibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0535 (In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0534 (In permission declarations of DeviceAdminReceiver.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0533 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0532 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0531 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0530 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0529 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0528 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0527 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0526 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0524 (In isServiceDistractionOptimized of CarPackageManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...)
+ NOT-FOR-US: Android
+CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible inform ...)
+ NOT-FOR-US: Android
+CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-0515 (In Factory::CreateStrictFunctionMap of factory.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0514 (In several functions of the V8 library, there is a possible use after ...)
+ NOT-FOR-US: Android
+CVE-2021-0513 (In deleteNotificationChannel and related functions of NotificationMana ...)
+ NOT-FOR-US: Android
+CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c, there is a ...)
+ {DLA-2689-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f
+CVE-2021-0511 (In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode i ...)
+ NOT-FOR-US: Android
+CVE-2021-0510 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0509 (In various functions of CryptoPlugin.cpp, there is a possible use afte ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0508 (In various functions of DrmPlugin.cpp, there is a possible use after f ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0507 (In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bou ...)
+ NOT-FOR-US: Android
+CVE-2021-0506 (In ActivityPicker.java, there is a possible bypass of user interaction ...)
+ NOT-FOR-US: Android
+CVE-2021-0505 (In the Settings app, there is a possible way to disable an always-on V ...)
+ NOT-FOR-US: Android
+CVE-2021-0504 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2021-0503
+ RESERVED
+CVE-2021-0502
+ RESERVED
+CVE-2021-0501
+ RESERVED
+CVE-2021-0500
+ RESERVED
+CVE-2021-0499
+ RESERVED
+CVE-2021-0498 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0497 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0496 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0495 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0494 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0493 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0492 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0491 (In memory management driver, there is a possible escalation of privile ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0490 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0489 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds write du ...)
+ NOT-FOR-US: Android
+CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0486 (In onPackageAddedInternal of PermissionManagerService.java, there is p ...)
+ NOT-FOR-US: Android
+CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypa ...)
+ NOT-FOR-US: Android
+CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0483 (In multiple methods of AAudioService, there is a possible use-after-fr ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible memory co ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0481 (In onActivityResult of EditUserPhotoController.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a possible broad ...)
+ NOT-FOR-US: Android
+CVE-2021-0479
+ RESERVED
+CVE-2021-0478 (In updateDrawable of StatusBarIconView.java, there is a possible permi ...)
+ NOT-FOR-US: Android
+CVE-2021-0477 (In notifyScreenshotError of ScreenshotNotificationsController.java, th ...)
+ NOT-FOR-US: Android
+CVE-2021-0476 (In FindOrCreatePeer of btif_av.cc, there is a possible use after free ...)
+ NOT-FOR-US: Android
+CVE-2021-0475 (In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory c ...)
+ NOT-FOR-US: Android
+CVE-2021-0474 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds wr ...)
+ NOT-FOR-US: Android
+CVE-2021-0473 (In rw_t3t_process_error of rw_t3t.cc, there is a possible double free ...)
+ NOT-FOR-US: Android
+CVE-2021-0472 (In shouldLockKeyguard of LockTaskController.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0470
+ RESERVED
+CVE-2021-0469
+ RESERVED
+CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0467 (In Chromecast bootROM, there is a possible out of bounds write due to ...)
+ NOT-FOR-US: AMLogic
+CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...)
+ NOT-FOR-US: Android
+CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of bounds writ ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0464 (In sound_trigger_event_alloc of platform.h, there is a possible out of ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0463 (In convertToHidl of convert.cpp, there is a possible out of bounds rea ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0462 (In the NXP NFC firmware, there is a possible insecure firmware update ...)
+ NOT-FOR-US: NXP NFC firmware as used in Android/Pixel
+CVE-2021-0461 (In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possib ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0460 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0459 (In fts_driver_test_write of fts_proc.c, there is a possible out of bou ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0458 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0457 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0456 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ NOT-FOR-US: Citadel chip firmware as used in Android/Pixel
+CVE-2021-0455 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ NOT-FOR-US: Citadel chip firmware as used in Android/Pixel
+CVE-2021-0454 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ NOT-FOR-US: Citadel chip firmware as used in Android/Pixel
+CVE-2021-0453 (In the Titan-M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0452 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0451 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0450 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0449 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0448
+ RESERVED
+CVE-2021-0447
+ RESERVED
+ - linux 4.15.4-1
+ [stretch] - linux 4.9.228-1
+CVE-2021-0446 (In ImportVCardActivity, there is a possible way to bypass user consent ...)
+ NOT-FOR-US: Android
+CVE-2021-0445 (In start of WelcomeActivity.java, there is a possible residual profile ...)
+ NOT-FOR-US: Android
+CVE-2021-0444 (In onActivityResult of QuickContactActivity.java, there is an unnecess ...)
+ NOT-FOR-US: Android
+CVE-2021-0443 (In several functions of ScreenshotHelper.java and related files, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0442 (In updateInfo of android_hardware_input_InputApplicationHandle.cpp, th ...)
+ NOT-FOR-US: Android
+CVE-2021-0441 (In onCreate of PermissionActivity.java, there is a possible permission ...)
+ NOT-FOR-US: Android
+CVE-2021-0440
+ RESERVED
+CVE-2021-0439 (In setPowerModeWithHandle of com_android_server_power_PowerManagerServ ...)
+ NOT-FOR-US: Android
+CVE-2021-0438 (In several functions of InputDispatcher.cpp, WindowManagerService.java ...)
+ NOT-FOR-US: Android
+CVE-2021-0437 (In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. Th ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...)
+ NOT-FOR-US: Android
+CVE-2021-0434 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0432 (In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPulle ...)
+ NOT-FOR-US: Android
+CVE-2021-0431 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android
+CVE-2021-0430 (In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2021-0429 (In pollOnce of ALooper.cpp, there is possible memory corruption due to ...)
+ NOT-FOR-US: Android
+CVE-2021-0428 (In getSimSerialNumber of TelephonyManager.java, there is a possible wa ...)
+ NOT-FOR-US: Android
+CVE-2021-0427 (In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0426 (In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0425 (In memory management driver, there is a possible side channel informat ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0424 (In memory management driver, there is a possible system crash due to a ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0423 (In memory management driver, there is a possible information disclosur ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0422 (In memory management driver, there is a possible system crash due to a ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0421 (In memory management driver, there is a possible information disclosur ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0420 (In memory management driver, there is a possible system crash due to a ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0419 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0418 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0417 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0416 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0414 (In flv extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0413 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0412 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0411 (In flv extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0410 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0409 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due to imp ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a missin ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper input ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0400 (In injectBestLocation and handleUpdateLocation of GnssLocationProvider ...)
+ NOT-FOR-US: Android
+CVE-2021-0399 (In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruptio ...)
+ - linux <not-affected> (Android-specific xt_qtaguid code)
+ NOTE: https://source.android.com/security/bulletin/2021-03-01
+CVE-2021-0398 (In bindServiceLocked of ActiveServices.java, there is a possible foreg ...)
+ NOT-FOR-US: Android
+CVE-2021-0397 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system c ...)
+ NOT-FOR-US: Android
+CVE-2021-0396 (In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc an ...)
+ NOT-FOR-US: Android
+CVE-2021-0395 (In StopServicesAndLogViolations of reboot.cpp, there is possible memor ...)
+ NOT-FOR-US: Android
+CVE-2021-0394 (In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0393 (In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0392 (In main of main.cpp, there is a possible memory corruption due to a do ...)
+ NOT-FOR-US: Android
+CVE-2021-0391 (In onCreate() of ChooseTypeAndAccountActivity.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0390 (In various methods of WifiNetworkSuggestionsManager.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0389 (In setNightModeActivated of UiModeManagerService.java, there is a miss ...)
+ NOT-FOR-US: Android
+CVE-2021-0388 (In onReceive of ImsPhoneCallTracker.java, there is a possible misattri ...)
+ NOT-FOR-US: Android
+CVE-2021-0387 (In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-a ...)
+ NOT-FOR-US: Android
+CVE-2021-0386 (In onCreate of UsbConfirmActivity, there is a possible tapjacking vect ...)
+ NOT-FOR-US: Android
+CVE-2021-0385 (In createConnectToAvailableNetworkNotification of ConnectToNetworkNoti ...)
+ NOT-FOR-US: Android
+CVE-2021-0384
+ REJECTED
+CVE-2021-0383 (In done of CaptivePortalLoginActivity.java, there is a confused deputy ...)
+ NOT-FOR-US: Android
+CVE-2021-0382 (In checkSlicePermission of SliceManagerService.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0381 (In updateNotifications of DeviceStorageMonitorService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0380 (In onReceive of DcTracker.java, there is a possible way to trigger a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0379 (In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of boun ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0378 (In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0377 (In DeltaPerformer::Write of delta_performer.cc, there is a possible us ...)
+ NOT-FOR-US: Android
+CVE-2021-0376 (In checkUriPermission and related functions of MediaProvider.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0375 (In onPackageModified of VoiceInteractionManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-0374 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0373
+ RESERVED
+CVE-2021-0372 (In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-0371 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0370 (In Write of NxpMfcReader.cc, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2021-0369 (In CrossProfileAppsServiceImpl.java, there is the possibility of an ap ...)
+ NOT-FOR-US: Android
+CVE-2021-0368 (In oggpack_look of bitwise.c, there is a possible out of bounds read d ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race condition. ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0363 (In mobile_log_d, there is a possible command injection due to a missin ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0362 (In aee, there is a possible memory corruption due to a stack buffer ov ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0361 (In kisd, there is a possible out of bounds read due to improper input ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0360 (In netdiag, there is a possible out of bounds write due to an incorrec ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0359 (In netdiag, there is a possible out of bounds write due to a missing b ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0358 (In netdiag, there is a possible command injection due to improper inpu ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0357 (In netdiag, there is a possible out of bounds write due to a missing b ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0356 (In netdiag, there is a possible command injection due to improper inpu ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0355 (In kisd, there is a possible out of bounds write due to an integer ove ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0354 (In ged, there is a possible out of bounds write due to an integer over ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0353 (In kisd, there is a possible memory corruption due to a heap buffer ov ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0352 (In RT regmap driver, there is a possible memory corruption due to type ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0351 (In wlan driver, there is a possible system crash due to a missing boun ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0350 (In ged, there is a possible system crash due to an improper input vali ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0349 (In display driver, there is a possible memory corruption due to a use ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0348 (In vpu, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0347 (In ccu, there is a possible out of bounds read due to a missing bounds ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0346 (In vpu, there is a possible out of bounds write due to an incorrect bo ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0345 (In mobile_log_d, there is a possible escalation of privilege due to im ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0344 (In mtkpower, there is a possible memory corruption due to a missing bo ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0343 (In kisd, there is a possible out of bounds write due to a missing boun ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0342 (In tun_get_user of tun.c, there is possible memory corruption due to a ...)
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f
+CVE-2021-0341 (In verifyHostName of OkHostnameVerifier.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0340 (In parseNextBox of IsoInterface.java, there is a possible leak of unre ...)
+ NOT-FOR-US: Android
+CVE-2021-0339 (In loadAnimation of WindowContainer.java, there is a possible way to k ...)
+ NOT-FOR-US: Android
+CVE-2021-0338 (In SystemSettingsValidators, there is a possible permanent denial of s ...)
+ NOT-FOR-US: Android
+CVE-2021-0337 (In moveInMediaStore of FileSystemProvider.java, there is a possible fi ...)
+ NOT-FOR-US: Android
+CVE-2021-0336 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0335 (In process of C2SoftHevcDec.cpp, there is a possible out of bounds wri ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0334 (In onTargetSelected of ResolverActivity.java, there is a possible sett ...)
+ NOT-FOR-US: Android
+CVE-2021-0333 (In onCreate of BluetoothPermissionActivity.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0332 (In bootFinished of SurfaceFlinger.cpp, there is a possible memory corr ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0331 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0330 (In add_user_ce and remove_user_ce of storaged.cpp, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0329 (In several native functions called by AdvertiseManager.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-0328 (In onBatchScanReports and deliverBatchScan of GattService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0327 (In getContentProviderImpl of ActivityManagerService.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of bounds wr ...)
+ {DSA-4898-1 DLA-2572-1}
+ - wpa 2:2.9.0-17 (bug #981971)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4
+ NOTE: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
+ NOTE: https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
+ NOTE: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e
+CVE-2021-0325 (In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible o ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0324 (Product: AndroidVersions: Android SoCAndroid ID: A-175402462 ...)
+ NOT-FOR-US: UniSoc components for Android
+CVE-2021-0323
+ RESERVED
+ NOTE: Duplicate for CVE-2020-10767, clarification with Android security team pending
+CVE-2021-0322 (In onCreate of SlicePermissionActivity.java, there is a possible misle ...)
+ NOT-FOR-US: Android
+CVE-2021-0321 (In enforceDumpPermissionForPackage of ActivityManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0320 (In is_device_locked and set_device_locked of keystore_keymaster_enforc ...)
+ NOT-FOR-US: Android
+CVE-2021-0319 (In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0318 (In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0317 (In createOrUpdate of Permission.java and related code, there is possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0316 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2021-0315 (In onCreate of GrantCredentialsPermissionActivity.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0314 (In onCreate of UninstallerActivity, there is a possible way to uninsta ...)
+ NOT-FOR-US: Android
+CVE-2021-0313 (In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slo ...)
+ NOT-FOR-US: Android
+CVE-2021-0312 (In WAVSource::read of WAVExtractor.cpp, there is a possible out of bou ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0311 (In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, ther ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0310 (In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0309 (In onCreate of grantCredentialsPermissionActivity, there is a confused ...)
+ NOT-FOR-US: Android
+CVE-2021-0308 (In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds ...)
+ {DLA-2549-1}
+ - gdisk 1.0.6-1
+ [buster] - gdisk <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29
+ NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5
+CVE-2021-0307 (In updatePermissionSourcePackage of PermissionManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0306 (In addAllPermissions of PermissionManagerService.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-0305 (In PackageInstaller, there is a possible tapjacking attack due to an i ...)
+ NOT-FOR-US: Android
+CVE-2021-0304 (In several functions of GlobalScreenshot.java, there is a possible per ...)
+ NOT-FOR-US: Android
+CVE-2021-0303 (In dispatchGraphTerminationMessage() of packages/services/Car/computep ...)
+ NOT-FOR-US: Android
+CVE-2021-0302 (In PackageInstaller, there is a possible tapjacking attack due to an i ...)
+ NOT-FOR-US: Android
+CVE-2021-0301 (In ged, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0300
+ RESERVED
+CVE-2021-0299 (An Improper Handling of Exceptional Conditions vulnerability in the pr ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0298 (A Race Condition in the 'show chassis pic' command in Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0297 (A vulnerability in the processing of TCP MD5 authentication in Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0296 (The Juniper Networks CTPView server is not enforcing HTTP Strict Trans ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0295 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0294 (A vulnerability in Juniper Networks Junos OS, which only affects the r ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0293 (A vulnerability in Juniper Networks Junos OS caused by Missing Release ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0292 (An Uncontrolled Resource Consumption vulnerability in the ARP daemon ( ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0291 (An Exposure of System Data vulnerability in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0290 (Improper Handling of Exceptional Conditions in Ethernet interface fram ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0289 (When user-defined ARP Policer is configured and applied on one or more ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0288 (A vulnerability in the processing of specific MPLS packets in Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0287 (In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Netwo ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0286 (A vulnerability in the handling of exceptional conditions in Juniper N ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0285 (An uncontrolled resource consumption vulnerability in Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0284 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0283 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0282 (On Juniper Networks Junos OS devices with Multipath or add-path featur ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0281 (On Juniper Networks Junos OS devices configured with BGP origin valida ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0280 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0279 (Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have Rab ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0278 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0277 (An Out-of-bounds Read vulnerability in the processing of specially cra ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0276 (A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Ca ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0275 (A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0274
+ RESERVED
+CVE-2021-0273 (An always-incorrect control flow implementation in the implicit filter ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0272 (A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX1 ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0271 (A Double Free vulnerability in the software forwarding interface daemo ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0270 (On PTX Series and QFX10k Series devices with the "inline-jflow" featur ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0269 (The improper handling of client-side parameters in J-Web of Juniper Ne ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0268 (An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Re ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0267 (An Improper Input Validation vulnerability in the active-lease query p ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0266 (The use of multiple hard-coded cryptographic keys in cSRX Series softw ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0265 (An unvalidated REST API in the AppFormix Agent of Juniper Networks App ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0264 (A vulnerability in the processing of traffic matching a firewall filte ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0263 (A Data Processing vulnerability in the Multi-Service process (multi-sv ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0262 (Through routine static code analysis of the Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0261 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0260 (An improper authorization vulnerability in the Simple Network Manageme ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0259 (Due to a vulnerability in DDoS protection in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0258 (A vulnerability in the forwarding of transit TCPv6 packets received on ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0257 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0256 (A sensitive information disclosure vulnerability in the mosquitto mess ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0255 (A local privilege escalation vulnerability in ethtraceroute of Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0254 (A buffer size validation vulnerability in the overlayd service of Juni ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0253 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0252 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0251 (A NULL Pointer Dereference vulnerability in the Captive Portal Content ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0250 (In segment routing traffic engineering (SRTE) environments where the B ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0249 (On SRX Series devices configured with UTM services a buffer overflow v ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0248 (This issue is not applicable to NFX NextGen Software. On NFX Series de ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0247 (A Race Condition (Concurrent Execution using Shared Resource with Impr ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0246 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0245 (A Use of Hard-coded Credentials vulnerability in Juniper Networks Juno ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0244 (A signal handler race condition exists in the Layer 2 Address Learning ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0243 (Improper Handling of Unexpected Data in the firewall policer of Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0242 (A vulnerability due to the improper handling of direct memory access ( ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0241 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0240 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0239 (In Juniper Networks Junos OS Evolved, receipt of a stream of specific ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0238 (When a MX Series is configured as a Broadband Network Gateway (BNG) ba ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0237 (On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QF ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0236 (Due to an improper check for unusual or exceptional conditions in Juni ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0235 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0234 (Due to an improper Initialization vulnerability on Juniper Networks Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0233 (A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Se ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0232 (An authentication bypass vulnerability in the Juniper Networks Paragon ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0231 (A path traversal vulnerability in the Juniper Networks SRX and vSRX Se ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0230 (On Juniper Networks SRX Series devices with link aggregation (lag) con ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0229 (An uncontrolled resource consumption vulnerability in Message Queue Te ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0228 (An improper check for unusual or exceptional conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0227 (An improper restriction of operations within the bounds of a memory bu ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0226 (On Juniper Networks Junos OS Evolved devices, receipt of a specific IP ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0225 (An Improper Check for Unusual or Exceptional Conditions in Juniper Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0224 (A vulnerability in the handling of internal resources necessary to bri ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0223 (A local privilege escalation vulnerability in telnetd.real of Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0222 (A vulnerability in Juniper Networks Junos OS allows an attacker to cau ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0221 (In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0220 (The Junos Space Network Management Platform has been found to store sh ...)
+ NOT-FOR-US: Junos Space Network Management Platform
+CVE-2021-0219 (A command injection vulnerability in install package validation subsys ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0218 (A command injection vulnerability in the license-check daemon of Junip ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0217 (A vulnerability in processing of certain DHCP packets from adjacent cl ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0216 (A vulnerability in Juniper Networks Junos OS running on the ACX5448 an ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0215 (On Juniper Networks Junos EX series, QFX Series, MX Series and SRX bra ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0214 (A vulnerability in the distributed or centralized periodic packet mana ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0213
+ RESERVED
+CVE-2021-0212 (An Information Exposure vulnerability in Juniper Networks Contrail Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0211 (An improper check for unusual or exceptional conditions in Juniper Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0210 (An Information Exposure vulnerability in J-Web of Juniper Networks Jun ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0209 (In Juniper Networks Junos OS Evolved an attacker sending certain valid ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0208 (An improper input validation vulnerability in the Routing Protocol Dae ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0207 (An improper interpretation conflict of certain data between certain so ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0206 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0205 (When the "Intrusion Detection Service" (IDS) feature is configured on ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0204 (A sensitive information disclosure vulnerability in delta-export confi ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0203 (On Juniper Networks EX and QFX5K Series platforms configured with Redu ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0202 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0201
+ RESERVED
+CVE-2021-0200 (Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series C ...)
+ NOT-FOR-US: Intel
+CVE-2021-0199 (Improper input validation in the firmware for the Intel(R) Ethernet Ne ...)
+ NOT-FOR-US: Intel
+CVE-2021-0198 (Improper access control in the firmware for the Intel(R) Ethernet Netw ...)
+ NOT-FOR-US: Intel
+CVE-2021-0197 (Protection mechanism failure in the firmware for the Intel(R) Ethernet ...)
+ NOT-FOR-US: Intel
+CVE-2021-0196 (Improper access control in kernel mode driver for some Intel(R) NUC 9 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0195
+ RESERVED
+CVE-2021-0194
+ RESERVED
+CVE-2021-0193
+ RESERVED
+CVE-2021-0192
+ RESERVED
+CVE-2021-0191
+ RESERVED
+CVE-2021-0190
+ RESERVED
+CVE-2021-0189
+ RESERVED
+CVE-2021-0188
+ RESERVED
+CVE-2021-0187
+ RESERVED
+CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...)
+ NOT-FOR-US: Intel
+CVE-2021-0185
+ RESERVED
+CVE-2021-0184
+ RESERVED
+CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
+ NOT-FOR-US: Intel Hardware Accelerated Execution Manager
+CVE-2021-0181
+ RESERVED
+CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
+ NOT-FOR-US: Intel Hardware Accelerated Execution Manager
+CVE-2021-0179 (Improper Use of Validation Framework in software for Intel(R) PROSet/W ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0178 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0177 (Improper Validation of Consistency within input in software for Intel( ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0176 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0175 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0174 (Improper Use of Validation Framework in firmware for some Intel(R) PRO ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0173 (Improper Validation of Consistency within input in firmware for some I ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0172 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0171 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0170 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0169 (Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0168 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0167 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0166 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0165 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0164 (Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0163 (Improper Validation of Consistency within input in software for Intel( ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0162 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...)
+ NOT-FOR-US: Intel
+CVE-2021-0159
+ RESERVED
+CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
+ NOT-FOR-US: Intel
+CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for some Int ...)
+ NOT-FOR-US: Intel
+CVE-2021-0156 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ TODO: check
+CVE-2021-0155
+ RESERVED
+CVE-2021-0154
+ RESERVED
+CVE-2021-0153
+ RESERVED
+CVE-2021-0152 (Improper verification of cryptographic signature in the installer for ...)
+ NOT-FOR-US: Intel
+CVE-2021-0151 (Improper access control in the installer for some Intel(R) Wireless Bl ...)
+ NOT-FOR-US: Intel
+CVE-2021-0150
+ RESERVED
+CVE-2021-0149
+ RESERVED
+CVE-2021-0148 (Insertion of information into log file in firmware for some Intel(R) S ...)
+ NOT-FOR-US: Intel
+CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for some Int ...)
+ NOT-FOR-US: Intel
+CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
+CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) Processor ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
+ NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html
+CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
+ NOT-FOR-US: Intel
+CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...)
+ NOT-FOR-US: Intel
+CVE-2021-0142
+ RESERVED
+CVE-2021-0141
+ RESERVED
+CVE-2021-0140
+ RESERVED
+CVE-2021-0139
+ RESERVED
+CVE-2021-0138
+ RESERVED
+CVE-2021-0137
+ RESERVED
+CVE-2021-0136
+ RESERVED
+CVE-2021-0135 (Improper input validation in the Intel(R) Ethernet Diagnostic Driver f ...)
+ NOT-FOR-US: Intel
+CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security Library ...)
+ NOT-FOR-US: Intel
+CVE-2021-0133 (Key exchange without entity authentication in the Intel(R) Security Li ...)
+ NOT-FOR-US: Intel
+CVE-2021-0132 (Missing release of resource after effective lifetime in an API for the ...)
+ NOT-FOR-US: Intel
+CVE-2021-0131 (Use of cryptographically weak pseudo-random number generator (PRNG) in ...)
+ NOT-FOR-US: Intel
+CVE-2021-0130
+ RESERVED
+CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user to po ...)
+ {DSA-4951-1 DLA-2692-1 DLA-2690-1 DLA-2689-1}
+ - bluez 5.55-3.1 (bug #989614)
+ - linux 5.10.40-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
+ NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
+CVE-2021-0128
+ RESERVED
+CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors may a ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
+CVE-2021-0126
+ RESERVED
+CVE-2021-0125 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0124 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0123
+ RESERVED
+CVE-2021-0122
+ RESERVED
+CVE-2021-0121 (Improper access control in the installer for some Intel(R) Iris(R) Xe ...)
+ NOT-FOR-US: Intel
+CVE-2021-0120 (Improper initialization in the installer for some Intel(R) Graphics DC ...)
+ NOT-FOR-US: Intel
+CVE-2021-0119 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0118 (Out-of-bounds read in the firmware for some Intel(R) Processors may al ...)
+ TODO: check
+CVE-2021-0117 (Pointer issues in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0116 (Out-of-bounds write in the firmware for some Intel(R) Processors may a ...)
+ TODO: check
+CVE-2021-0115 (Buffer overflow in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0114 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
+ NOT-FOR-US: Intel
+CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
+ NOT-FOR-US: Intel
+CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...)
+ NOT-FOR-US: Intel
+CVE-2021-0111 (NULL pointer dereference in the firmware for some Intel(R) Processors ...)
+ TODO: check
+CVE-2021-0110 (Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH D ...)
+ NOT-FOR-US: Intel
+CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
+ NOT-FOR-US: Intel
+CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...)
+ NOT-FOR-US: Intel
+CVE-2021-0107 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
+ TODO: check
+CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...)
+ NOT-FOR-US: Intel
+CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...)
+ NOT-FOR-US: Intel
+CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...)
+ NOT-FOR-US: Intel
+CVE-2021-0103 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
+CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...)
+ NOT-FOR-US: Intel
+CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
+ NOT-FOR-US: Intel
+CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...)
+ NOT-FOR-US: Intel
+CVE-2021-0099 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
+CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...)
+ NOT-FOR-US: Intel
+CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...)
+ NOT-FOR-US: Intel
+CVE-2021-0096 (Improper authentication in the software installer for the Intel(R) NUC ...)
+ NOT-FOR-US: Intel
+CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ NOT-FOR-US: Intel
+CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...)
+ NOT-FOR-US: Intel
+CVE-2021-0093 (Incorrect default permissions in the firmware for some Intel(R) Proces ...)
+ TODO: check
+CVE-2021-0092 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0091 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...)
+ NOT-FOR-US: Intel
+CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-375.html
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html
+CVE-2021-0088
+ RESERVED
+CVE-2021-0087
+ RESERVED
+CVE-2021-0086 (Observable response discrepancy in floating-point operations for some ...)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html
+ NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
+ NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
+ NOT-FOR-US: Intel
+CVE-2021-0085
+ RESERVED
+CVE-2021-0084 (Improper input validation in the Intel(R) Ethernet Controllers X722 an ...)
+ NOT-FOR-US: Intel
+CVE-2021-0083 (Improper input validation in some Intel(R) Optane(TM) PMem versions be ...)
+ NOT-FOR-US: Intel
+CVE-2021-0082 (Uncontrolled search path in software installer for Intel(R) PROSet/Wir ...)
+ NOT-FOR-US: Intel
+CVE-2021-0081
+ RESERVED
+CVE-2021-0080
+ RESERVED
+CVE-2021-0079 (Improper input validation in software for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...)
+ NOT-FOR-US: Intel
+CVE-2021-0076 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...)
+ NOT-FOR-US: Intel
+CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...)
+ NOT-FOR-US: Intel
+CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0072 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...)
+ NOT-FOR-US: Intel
+CVE-2021-0069 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0068
+ RESERVED
+CVE-2021-0067 (&amp;nbsp;Improper access control in system firmware for some Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2021-0066 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...)
+ NOT-FOR-US: Intel
+CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...)
+ NOT-FOR-US: Intel
+CVE-2021-0063 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers before ver ...)
+ NOT-FOR-US: Intel drivers for Windows
+CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...)
+ NOT-FOR-US: Intel drivers for Windows
+CVE-2021-0060 (Insufficient compartmentalization in HECI subsystem for the Intel(R) S ...)
+ NOT-FOR-US: Intel
+CVE-2021-0059
+ RESERVED
+CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...)
+ NOT-FOR-US: Intel
+CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...)
+ NOT-FOR-US: Intel
+CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...)
+ NOT-FOR-US: Intel
+CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop ...)
+ NOT-FOR-US: Intel
+CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...)
+ NOT-FOR-US: Intel
+CVE-2021-0053 (Improper initialization in firmware for some Intel(R) PROSet/Wireless ...)
+ NOT-FOR-US: Intel
+CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...)
+ NOT-FOR-US: Intel
+CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0050
+ RESERVED
+CVE-2021-0049
+ RESERVED
+CVE-2021-0048
+ RESERVED
+CVE-2021-0047
+ RESERVED
+CVE-2021-0046
+ RESERVED
+CVE-2021-0045
+ RESERVED
+CVE-2021-0044
+ RESERVED
+CVE-2021-0043
+ RESERVED
+CVE-2021-0042
+ RESERVED
+CVE-2021-0041
+ RESERVED
+CVE-2021-0040
+ RESERVED
+CVE-2021-0039
+ RESERVED
+CVE-2021-0038
+ RESERVED
+CVE-2021-0037
+ RESERVED
+CVE-2021-0036
+ RESERVED
+CVE-2021-0035
+ RESERVED
+CVE-2021-0034
+ RESERVED
+CVE-2021-0033
+ RESERVED
+CVE-2021-0032
+ RESERVED
+CVE-2021-0031
+ RESERVED
+CVE-2021-0030
+ RESERVED
+CVE-2021-0029
+ RESERVED
+CVE-2021-0028
+ RESERVED
+CVE-2021-0027
+ RESERVED
+CVE-2021-0026
+ RESERVED
+CVE-2021-0025
+ RESERVED
+CVE-2021-0024
+ RESERVED
+CVE-2021-0023
+ RESERVED
+CVE-2021-0022
+ RESERVED
+CVE-2021-0021
+ RESERVED
+CVE-2021-0020
+ RESERVED
+CVE-2021-0019
+ RESERVED
+CVE-2021-0018
+ RESERVED
+CVE-2021-0017
+ RESERVED
+CVE-2021-0016
+ RESERVED
+CVE-2021-0015
+ RESERVED
+CVE-2021-0014
+ RESERVED
+CVE-2021-0013 (Improper input validation for Intel(R) EMA before version 1.5.0 may al ...)
+ NOT-FOR-US: Intel
+CVE-2021-0012 (Use after free in some Intel(R) Graphics Driver before version 27.20.1 ...)
+ NOT-FOR-US: Intel drivers for Windows
+CVE-2021-0011
+ RESERVED
+CVE-2021-0010
+ RESERVED
+CVE-2021-0009 (Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0008 (Uncontrolled resource consumption in firmware for Intel(R) Ethernet Ad ...)
+ NOT-FOR-US: Intel
+CVE-2021-0007 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...)
+ NOT-FOR-US: Intel
+CVE-2021-0006 (Improper conditions check in firmware for Intel(R) Ethernet Adapters 8 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0005 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...)
+ NOT-FOR-US: Intel
+CVE-2021-0004 (Improper buffer restrictions in the firmware of Intel(R) Ethernet Adap ...)
+ NOT-FOR-US: Intel
+CVE-2021-0003 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...)
+ NOT-FOR-US: Intel
+CVE-2021-0002 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...)
+ NOT-FOR-US: Intel
+CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...)
+ NOT-FOR-US: Intel
+CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...)
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-10 (bug #986795)
+ [buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/09/1
+ NOTE: New patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00949.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8be45cc947832b3c02144c9d52921f499f2d77fe
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9
+CVE-2021-28375 (An issue was discovered in the Linux kernel through 5.11.6. fastrpc_in ...)
+ - linux 5.10.24-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6 (5.12-rc3)
+ NOTE: https://lore.kernel.org/stable/YD03ew7+6v0XPh6l@kroah.com

© 2014-2024 Faster IT GmbH | imprint | privacy policy