automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-06-11 20:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-06-11 20:10:20 +0000
commit: 43a5275e636e6f6dd5b31160952dc4d932ecea44 (patch)
tree: 359b15a37f24b80bb7a3de4db5804f6f62bdd038 /data
parent: b7635f8061daab1ddf5f605690f460c420cceaed (diff)
1 files changed, 283 insertions, 314 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 428edaa679..33393e38cc 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2021-3598
+	RESERVED
+CVE-2021-3597
+	RESERVED
 CVE-2021-34674
 	RESERVED
 CVE-2021-34673
@@ -277,8 +281,8 @@ CVE-2021-34542
 	RESERVED
 CVE-2021-34541
 	RESERVED
-CVE-2021-34540
-	RESERVED
+CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...)
+	TODO: check
 CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...)
 	NOT-FOR-US: CubeCoders AMP
 CVE-2021-34538
@@ -3204,8 +3208,8 @@ CVE-2021-33207
 	RESERVED
 CVE-2021-33206
 	RESERVED
-CVE-2021-33205
-	RESERVED
+CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges  ...)
+	TODO: check
 CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...)
 	- libvirt <not-affected> (Vulnerable code never in a released version)
 	NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1)
@@ -3280,7 +3284,7 @@ CVE-2021-33195
 	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/46241
 	NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
-CVE-2021-33194 (Go through 1.15.12 and 1.16.x through 1.16.4 has a golang.org/x/net/ht ...)
+CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...)
 	- golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4
 	- golang-golang-x-net-dev <removed>
 	NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
@@ -3865,12 +3869,12 @@ CVE-2021-32934
 	RESERVED
 CVE-2021-32933
 	RESERVED
-CVE-2021-32932
-	RESERVED
+CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
+	TODO: check
 CVE-2021-32931
 	RESERVED
-CVE-2021-32930
-	RESERVED
+CVE-2021-32930 (The affected product&#8217;s configuration is vulnerable due to missin ...)
+	TODO: check
 CVE-2021-32929
 	RESERVED
 CVE-2021-32928
@@ -11522,8 +11526,8 @@ CVE-2021-29756
 	RESERVED
 CVE-2021-29755
 	RESERVED
-CVE-2021-29754
-	RESERVED
+CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
+	TODO: check
 CVE-2021-29753
 	RESERVED
 CVE-2021-29752
@@ -14108,8 +14112,7 @@ CVE-2021-28690 [x86: TSX Async Abort protections not restored after S3]
 	- xen <unfixed>
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-377.html
-CVE-2021-28689 [x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests]
-	RESERVED
+CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ...)
 	- xen <unfixed> (unimportant)
 	NOTE: https://xenbits.xen.org/xsa/advisory-370.html
 	NOTE: Unfixable design/architecture limitation, no fix planned
@@ -14207,8 +14210,7 @@ CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted ren
 	NOTE: Prerequisite (test): https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
 	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148 (OpenSSL_1_1_1k)
 	NOTE: Followup: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
-CVE-2021-28687 [HVM soft-reset crashes toolstack]
-	RESERVED
+CVE-2021-28687 (HVM soft-reset crashes toolstack libxl requires all data structures pa ...)
 	- xen <unfixed>
 	[bullseye] - xen <postponed> (Fix along with next round of updates)
 	[buster] - xen <not-affected> (Vulnerable code introduced later)
@@ -15211,20 +15213,18 @@ CVE-2021-28215
 	RESERVED
 CVE-2021-28214
 	RESERVED
-CVE-2021-28213
-	RESERVED
+CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...)
+	TODO: check
 CVE-2021-28212
 	RESERVED
-CVE-2021-28211 [possible heap corruption with LzmaUefiDecompressGetInfo]
-	RESERVED
+CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...)
 	{DLA-2645-1}
 	- edk2 2020.11-1
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816
 	NOTE: https://github.com/tianocore/edk2/pull/1138
 	NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0
-CVE-2021-28210 [unlimited FV recursion, round 2]
-	RESERVED
+CVE-2021-28210 (An unlimited recursion in DxeCore in EDK II. ...)
 	{DLA-2645-1}
 	- edk2 2020.11-1
 	[buster] - edk2 <no-dsa> (Minor issue)
@@ -17159,12 +17159,12 @@ CVE-2021-27412
 	RESERVED
 CVE-2021-27411
 	RESERVED
-CVE-2021-27410
-	RESERVED
+CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
+	TODO: check
 CVE-2021-27409
 	RESERVED
-CVE-2021-27408
-	RESERVED
+CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...)
+	TODO: check
 CVE-2021-27407
 	RESERVED
 CVE-2021-27406
@@ -17677,8 +17677,8 @@ CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in
 	[stretch] - spip 3.1.4-4~deb9u4+deb9u1
 CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated  ...)
 	NOT-FOR-US: Endian Firewall Community (aka EFW)
-CVE-2021-27200
-	RESERVED
+CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...)
+	TODO: check
 CVE-2021-27199
 	RESERVED
 CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...)
@@ -18114,16 +18114,16 @@ CVE-2021-26999
 	RESERVED
 CVE-2021-26998
 	RESERVED
-CVE-2021-26997
-	RESERVED
-CVE-2021-26996
-	RESERVED
-CVE-2021-26995
-	RESERVED
+CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+	TODO: check
+CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+	TODO: check
+CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+	TODO: check
 CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...)
 	NOT-FOR-US: Clustered Data ONTAP (NetApp)
-CVE-2021-26993
-	RESERVED
+CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+	TODO: check
 CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
 	NOT-FOR-US: Cloud Manager (NetApp)
 CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...)
@@ -18558,10 +18558,10 @@ CVE-2021-26831
 	RESERVED
 CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...)
 	NOT-FOR-US: Tribalsystems Zenario CMS
-CVE-2021-26829
-	RESERVED
-CVE-2021-26828
-	RESERVED
+CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
+	TODO: check
+CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
+	TODO: check
 CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...)
 	NOT-FOR-US: TP-Link
 CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
@@ -20308,20 +20308,20 @@ CVE-2021-26124
 	RESERVED
 CVE-2021-23232
 	RESERVED
-CVE-2021-23230
-	RESERVED
+CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...)
+	TODO: check
 CVE-2021-23224
 	RESERVED
 CVE-2021-23220
 	RESERVED
 CVE-2021-23212
 	RESERVED
-CVE-2021-23211
-	RESERVED
-CVE-2021-23205
-	RESERVED
-CVE-2021-23204
-	RESERVED
+CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
+	TODO: check
+CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...)
+	TODO: check
+CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
 CVE-2021-23199
 	RESERVED
 CVE-2021-23197
@@ -20330,8 +20330,8 @@ CVE-2021-23193
 	RESERVED
 CVE-2021-23185
 	RESERVED
-CVE-2021-23182
-	RESERVED
+CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
+	TODO: check
 CVE-2021-23167
 	RESERVED
 CVE-2021-23162
@@ -20340,10 +20340,10 @@ CVE-2021-23155
 	RESERVED
 CVE-2021-23146
 	RESERVED
-CVE-2021-23140
-	RESERVED
-CVE-2021-23136
-	RESERVED
+CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
+	TODO: check
+CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
+	TODO: check
 CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...)
 	NOT-FOR-US: LivingLogic XIST4C
 CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...)
@@ -22099,92 +22099,92 @@ CVE-2021-25427
 	RESERVED
 CVE-2021-25426
 	RESERVED
-CVE-2021-25425
-	RESERVED
-CVE-2021-25424
-	RESERVED
-CVE-2021-25423
-	RESERVED
-CVE-2021-25422
-	RESERVED
-CVE-2021-25421
-	RESERVED
-CVE-2021-25420
-	RESERVED
-CVE-2021-25419
-	RESERVED
-CVE-2021-25418
-	RESERVED
-CVE-2021-25417
-	RESERVED
-CVE-2021-25416
-	RESERVED
-CVE-2021-25415
-	RESERVED
-CVE-2021-25414
-	RESERVED
-CVE-2021-25413
-	RESERVED
-CVE-2021-25412
-	RESERVED
-CVE-2021-25411
-	RESERVED
-CVE-2021-25410
-	RESERVED
-CVE-2021-25409
-	RESERVED
-CVE-2021-25408
-	RESERVED
-CVE-2021-25407
-	RESERVED
-CVE-2021-25406
-	RESERVED
-CVE-2021-25405
-	RESERVED
-CVE-2021-25404
-	RESERVED
-CVE-2021-25403
-	RESERVED
-CVE-2021-25402
-	RESERVED
-CVE-2021-25401
-	RESERVED
-CVE-2021-25400
-	RESERVED
-CVE-2021-25399
-	RESERVED
-CVE-2021-25398
-	RESERVED
-CVE-2021-25397
-	RESERVED
-CVE-2021-25396
-	RESERVED
-CVE-2021-25395
-	RESERVED
-CVE-2021-25394
-	RESERVED
-CVE-2021-25393
-	RESERVED
-CVE-2021-25392
-	RESERVED
-CVE-2021-25391
-	RESERVED
-CVE-2021-25390
-	RESERVED
-CVE-2021-25389
-	RESERVED
-CVE-2021-25388
-	RESERVED
-CVE-2021-25387
-	RESERVED
-CVE-2021-25386
-	RESERVED
-CVE-2021-25385
-	RESERVED
-CVE-2021-25384
-	RESERVED
-CVE-2021-25383
-	RESERVED
+CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...)
+	TODO: check
+CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...)
+	TODO: check
+CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...)
+	TODO: check
+CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to  ...)
+	TODO: check
+CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...)
+	TODO: check
+CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to  ...)
+	TODO: check
+CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...)
+	TODO: check
+CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior  ...)
+	TODO: check
+CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...)
+	TODO: check
+CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
+	TODO: check
+CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
+	TODO: check
+CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to  ...)
+	TODO: check
+CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to  ...)
+	TODO: check
+CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...)
+	TODO: check
+CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...)
+	TODO: check
+CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR  ...)
+	TODO: check
+CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release  ...)
+	TODO: check
+CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...)
+	TODO: check
+CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...)
+	TODO: check
+CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...)
+	TODO: check
+CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...)
+	TODO: check
+CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...)
+	TODO: check
+CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...)
+	TODO: check
+CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...)
+	TODO: check
+CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...)
+	TODO: check
+CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version  ...)
+	TODO: check
+CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...)
+	TODO: check
+CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...)
+	TODO: check
+CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...)
+	TODO: check
+CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...)
+	TODO: check
+CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...)
+	TODO: check
+CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...)
+	TODO: check
+CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...)
+	TODO: check
+CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior  ...)
+	TODO: check
+CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...)
+	TODO: check
+CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...)
+	TODO: check
+CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release  ...)
+	TODO: check
+CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...)
+	TODO: check
+CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...)
+	TODO: check
+CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...)
+	TODO: check
+CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
+	TODO: check
+CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
+	TODO: check
+CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...)
+	TODO: check
 CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder  ...)
 	NOT-FOR-US: Samsung
 CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in  ...)
@@ -27684,14 +27684,14 @@ CVE-2021-22917
 	RESERVED
 CVE-2021-22916
 	RESERVED
-CVE-2021-22915
-	RESERVED
+CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...)
+	TODO: check
 CVE-2021-22914
 	RESERVED
-CVE-2021-22913
-	RESERVED
-CVE-2021-22912
-	RESERVED
+CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...)
+	TODO: check
+CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...)
+	TODO: check
 CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2021-22910
@@ -27702,31 +27702,27 @@ CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource
 	NOT-FOR-US: Windows File Resource Profiles
 CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...)
 	NOT-FOR-US: Citrix
-CVE-2021-22906
-	RESERVED
-CVE-2021-22905
-	RESERVED
-CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token Authentication]
-	RESERVED
+CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers  ...)
+	TODO: check
+CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...)
+	TODO: check
+CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...)
 	{DSA-4929-1 DLA-2655-1}
 	- rails 2:6.0.3.7+dfsg-1 (bug #988214)
 	NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main)
 	NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7)
 	NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6)
-CVE-2021-22903
-	RESERVED
+CVE-2021-22903 (The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...)
 	- rails <not-affected> (Vulnerable code introduced in 6.1.0.rc2)
 	NOTE: Introduced by: https://github.com/rails/rails/commit/9bc7ea5dab34c8657c91d0258bb5afd8bfcd3a8f (main)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main)
-CVE-2021-22902 [Possible Denial of Service vulnerability in Action Dispatch]
-	RESERVED
+CVE-2021-22902 (The actionpack ruby gem (a framework for handling and responding to we ...)
 	- rails 2:6.0.3.7+dfsg-1 (bug #988214)
 	[buster] - rails <not-affected> (Vulnerable code introduced later)
 	[stretch] - rails <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a (v6.0.3.7)
-CVE-2021-22901 [TLS session caching disaster]
-	RESERVED
+CVE-2021-22901 (curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability ...)
 	- curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2021-22901.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0)
@@ -27735,8 +27731,7 @@ CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse C
 	NOT-FOR-US: Pulse Connect Secure
 CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...)
 	NOT-FOR-US: Pulse Connect Secure
-CVE-2021-22898 [TELNET stack contents disclosure]
-	RESERVED
+CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...)
 	- curl <unfixed> (bug #989228)
 	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
@@ -27744,17 +27739,16 @@ CVE-2021-22898 [TELNET stack contents disclosure]
 	NOTE: https://curl.se/docs/CVE-2021-22898.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0)
-CVE-2021-22897 [schannel cipher selection surprise]
-	RESERVED
+CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element to wr ...)
 	- curl <not-affected> (Windows only)
 	NOTE: https://curl.se/docs/CVE-2021-22897.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28 (7.61.0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 (7.77.0)
 	NOTE: Only affect builds with schannel support (which is Windows only)
-CVE-2021-22896
-	RESERVED
-CVE-2021-22895
-	RESERVED
+CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...)
+	TODO: check
+CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...)
+	TODO: check
 CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before  ...)
 	NOT-FOR-US: Pulse Connect Secure
 CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
@@ -28038,48 +28032,48 @@ CVE-2021-22771
 	RESERVED
 CVE-2021-22770
 	RESERVED
-CVE-2021-22769
-	RESERVED
-CVE-2021-22768
-	RESERVED
-CVE-2021-22767
-	RESERVED
-CVE-2021-22766
-	RESERVED
-CVE-2021-22765
-	RESERVED
-CVE-2021-22764
-	RESERVED
-CVE-2021-22763
-	RESERVED
-CVE-2021-22762
-	RESERVED
-CVE-2021-22761
-	RESERVED
-CVE-2021-22760
-	RESERVED
-CVE-2021-22759
-	RESERVED
-CVE-2021-22758
-	RESERVED
-CVE-2021-22757
-	RESERVED
-CVE-2021-22756
-	RESERVED
-CVE-2021-22755
-	RESERVED
-CVE-2021-22754
-	RESERVED
-CVE-2021-22753
-	RESERVED
-CVE-2021-22752
-	RESERVED
-CVE-2021-22751
-	RESERVED
-CVE-2021-22750
-	RESERVED
-CVE-2021-22749
-	RESERVED
+CVE-2021-22769 (A CWE-269: Improper Privilege Management vulnerability exists in Enerl ...)
+	TODO: check
+CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+	TODO: check
+CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+	TODO: check
+CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+	TODO: check
+CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+	TODO: check
+CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic  ...)
+	TODO: check
+CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
+	TODO: check
+CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
+	TODO: check
+CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+	TODO: check
+CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...)
+	TODO: check
+CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...)
+	TODO: check
+CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...)
+	TODO: check
+CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+	TODO: check
+CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+	TODO: check
+CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
+	TODO: check
+CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
+	TODO: check
+CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+	TODO: check
+CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
+	TODO: check
+CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
+	TODO: check
+CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
+	TODO: check
+CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
+	TODO: check
 CVE-2021-22748
 	RESERVED
 CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
@@ -29398,8 +29392,7 @@ CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions st
 CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
 	[experimental] - gitlab 13.7.7-1
 	- gitlab <not-affected> (Affected version never uploaded to unstable)
-CVE-2021-22181
-	RESERVED
+CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
 	- gitlab <unfixed>
 CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
@@ -29411,8 +29404,8 @@ CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE ver
 	- gitlab <unfixed>
 CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
-CVE-2021-22175
-	RESERVED
+CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...)
+	TODO: check
 CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
 	- wireshark 3.4.3-1 (bug #981791)
 	[buster] - wireshark <not-affected> (Affected code not present)
@@ -29852,8 +29845,8 @@ CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vuln
 	NOT-FOR-US: VMware
 CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...)
 	NOT-FOR-US: MikroTik RouterOS
-CVE-2021-3013
-	RESERVED
+CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of arbitrary p ...)
+	TODO: check
 CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...)
 	NOT-FOR-US: ESRI ArcGIS Online
 CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)
@@ -30140,8 +30133,8 @@ CVE-2021-21835
 	RESERVED
 CVE-2021-21834
 	RESERVED
-CVE-2021-21833
-	RESERVED
+CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
+	TODO: check
 CVE-2021-21832
 	RESERVED
 CVE-2021-21831
@@ -30158,8 +30151,8 @@ CVE-2021-21826
 	RESERVED
 CVE-2021-21825
 	RESERVED
-CVE-2021-21824
-	RESERVED
+CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420  ...)
+	TODO: check
 CVE-2021-21823
 	RESERVED
 CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -30190,8 +30183,8 @@ CVE-2021-21810
 	RESERVED
 CVE-2021-21809
 	RESERVED
-CVE-2021-21808
-	RESERVED
+CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
+	TODO: check
 CVE-2021-21807
 	RESERVED
 CVE-2021-21806
@@ -30216,8 +30209,8 @@ CVE-2021-21797
 	RESERVED
 CVE-2021-21796
 	RESERVED
-CVE-2021-21795
-	RESERVED
+CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...)
+	TODO: check
 CVE-2021-21794
 	RESERVED
 CVE-2021-21793
@@ -33545,7 +33538,7 @@ CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
 	NOT-FOR-US: Adobe
 CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
 	NOT-FOR-US: Adobe
-CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...)
+CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
@@ -34501,8 +34494,8 @@ CVE-2021-20593
 	RESERVED
 CVE-2021-20592
 	RESERVED
-CVE-2021-20591
-	RESERVED
+CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
+	TODO: check
 CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
@@ -34891,8 +34884,8 @@ CVE-2021-20398
 	RESERVED
 CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
 	NOT-FOR-US: IBM
-CVE-2021-20396
-	RESERVED
+CVE-2021-20396 (IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM ...)
+	TODO: check
 CVE-2021-20395
 	RESERVED
 CVE-2021-20394
@@ -44471,82 +44464,60 @@ CVE-2021-0500
 	RESERVED
 CVE-2021-0499
 	RESERVED
-CVE-2021-0498
-	RESERVED
+CVE-2021-0498 (In memory management driver, there is a possible memory corruption due ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0497
-	RESERVED
+CVE-2021-0497 (In memory management driver, there is a possible memory corruption due ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0496
-	RESERVED
+CVE-2021-0496 (In memory management driver, there is a possible memory corruption due ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0495
-	RESERVED
+CVE-2021-0495 (In memory management driver, there is a possible out of bounds write d ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0494
-	RESERVED
+CVE-2021-0494 (In memory management driver, there is a possible out of bounds write d ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0493
-	RESERVED
+CVE-2021-0493 (In memory management driver, there is a possible out of bounds write d ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0492
-	RESERVED
+CVE-2021-0492 (In memory management driver, there is a possible out of bounds write d ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0491
-	RESERVED
+CVE-2021-0491 (In memory management driver, there is a possible escalation of privile ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0490
-	RESERVED
+CVE-2021-0490 (In memory management driver, there is a possible out of bounds write d ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0489
-	RESERVED
+CVE-2021-0489 (In memory management driver, there is a possible out of bounds write d ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds write du ...)
 	NOT-FOR-US: Android
-CVE-2021-0487
-	RESERVED
+CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible way to  ...)
 	NOT-FOR-US: Android
 CVE-2021-0486
 	RESERVED
-CVE-2021-0485
-	RESERVED
+CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypa ...)
 	NOT-FOR-US: Android
-CVE-2021-0484
-	RESERVED
+CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...)
 	NOT-FOR-US: Android media framework
 CVE-2021-0483
 	RESERVED
-CVE-2021-0482
-	RESERVED
+CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible memory co ...)
 	NOT-FOR-US: Android media framework
-CVE-2021-0481
-	RESERVED
+CVE-2021-0481 (In onActivityResult of EditUserPhotoController.java, there is a possib ...)
 	NOT-FOR-US: Android
-CVE-2021-0480
-	RESERVED
+CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a possible broad ...)
 	NOT-FOR-US: Android
 CVE-2021-0479
 	RESERVED
 CVE-2021-0478
 	RESERVED
 	NOT-FOR-US: Android
-CVE-2021-0477
-	RESERVED
+CVE-2021-0477 (In notifyScreenshotError of ScreenshotNotificationsController.java, th ...)
 	NOT-FOR-US: Android
-CVE-2021-0476
-	RESERVED
+CVE-2021-0476 (In FindOrCreatePeer of btif_av.cc, there is a possible use after free  ...)
 	NOT-FOR-US: Android
-CVE-2021-0475
-	RESERVED
+CVE-2021-0475 (In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory c ...)
 	NOT-FOR-US: Android
-CVE-2021-0474
-	RESERVED
+CVE-2021-0474 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds wr ...)
 	NOT-FOR-US: Android
-CVE-2021-0473
-	RESERVED
+CVE-2021-0473 (In rw_t3t_process_error of rw_t3t.cc, there is a possible double free  ...)
 	NOT-FOR-US: Android
-CVE-2021-0472
-	RESERVED
+CVE-2021-0472 (In shouldLockKeyguard of LockTaskController.java, there is a possible  ...)
 	NOT-FOR-US: Android
 CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds  ...)
 	NOT-FOR-US: Android media framework
@@ -44559,8 +44530,7 @@ CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an inse
 CVE-2021-0467
 	RESERVED
 	NOT-FOR-US: AMLogic
-CVE-2021-0466
-	RESERVED
+CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...)
 	NOT-FOR-US: Android
 CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of bounds writ ...)
 	NOT-FOR-US: Android/Pixel kernel component not in mainline
@@ -79066,8 +79036,8 @@ CVE-2020-13690
 	RESERVED
 CVE-2020-13689
 	RESERVED
-CVE-2020-13688
-	RESERVED
+CVE-2020-13688 (Cross-site scripting vulnerability in l Drupal Core allows an attacker ...)
+	TODO: check
 CVE-2020-13687
 	RESERVED
 CVE-2020-13686
@@ -79122,8 +79092,7 @@ CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API when
 CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core under certai ...)
 	- drupal7 <not-affected> (Drupal 7 not affected)
 	NOTE: https://www.drupal.org/sa-core-2020-005
-CVE-2020-13663 [Drupal SA 2020-004]
-	RESERVED
+CVE-2020-13663 (Cross Site Request Forgery vulnerability in Drupal Core Form API does  ...)
 	{DSA-4706-1 DLA-2263-1}
 	- drupal7 <removed>
 	NOTE: https://www.drupal.org/sa-core-2020-004
@@ -95588,8 +95557,8 @@ CVE-2020-7862
 	RESERVED
 CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...)
 	NOT-FOR-US: AnySupport
-CVE-2020-7860
-	RESERVED
+CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...)
+	TODO: check
 CVE-2020-7859
 	RESERVED
 CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...)
@@ -96379,7 +96348,7 @@ CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attemp
 	NOT-FOR-US: Easergy T300
 CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...)
 	NOT-FOR-US: Easergy T300
-CVE-2020-7506 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
+CVE-2020-7506 (A CWE-200: Information Exposure vulnerability exists in Easergy T300,  ...)
 	NOT-FOR-US: Easergy T300
 CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
 	NOT-FOR-US: Easergy T300
@@ -100379,33 +100348,33 @@ CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to
 CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...)
 	NOT-FOR-US: Philips Hue Bridge model
 CVE-2020-6006
-	RESERVED
+	REJECTED
 CVE-2020-6005
-	RESERVED
+	REJECTED
 CVE-2020-6004
-	RESERVED
+	REJECTED
 CVE-2020-6003
-	RESERVED
+	REJECTED
 CVE-2020-6002
-	RESERVED
+	REJECTED
 CVE-2020-6001
-	RESERVED
+	REJECTED
 CVE-2020-6000
-	RESERVED
+	REJECTED
 CVE-2020-5999
-	RESERVED
+	REJECTED
 CVE-2020-5998
-	RESERVED
+	REJECTED
 CVE-2020-5997
-	RESERVED
+	REJECTED
 CVE-2020-5996
-	RESERVED
+	REJECTED
 CVE-2020-5995
-	RESERVED
+	REJECTED
 CVE-2020-5994
-	RESERVED
+	REJECTED
 CVE-2020-5993
-	RESERVED
+	REJECTED
 CVE-2020-5992 (NVIDIA GeForce NOW application software on Windows, all versions prior ...)
 	NOT-FOR-US: NVIDIA GeForce NOW application software
 CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerab ...)
@@ -103124,8 +103093,8 @@ CVE-2020-5005
 	RESERVED
 CVE-2020-5004
 	RESERVED
-CVE-2020-5003
-	RESERVED
+CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML Extern ...)
+	TODO: check
 CVE-2020-5002
 	RESERVED
 CVE-2020-5001
@@ -146945,8 +146914,8 @@ CVE-2019-9477
 	RESERVED
 CVE-2019-9476
 	RESERVED
-CVE-2019-9475
-	RESERVED
+CVE-2019-9475 (In /proc/net of the kernel filesystem, there is a possible information ...)
+	TODO: check
 CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
@@ -267982,23 +267951,23 @@ CVE-2017-3910
 CVE-2017-3909
 	RESERVED
 CVE-2017-3908
-	RESERVED
+	REJECTED
 CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) extensi ...)
 	NOT-FOR-US: McAfee
 CVE-2017-3906
-	RESERVED
+	REJECTED
 CVE-2017-3905
-	RESERVED
+	REJECTED
 CVE-2017-3904
 	RESERVED
 CVE-2017-3903
-	RESERVED
+	REJECTED
 CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface (UI ...)
 	NOT-FOR-US: Intel Security ePO
 CVE-2017-3901
-	RESERVED
+	REJECTED
 CVE-2017-3900
-	RESERVED
+	REJECTED
 CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense  ...)
 	NOT-FOR-US: Intel antivirus
 CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based  ...)
@@ -275523,27 +275492,27 @@ CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
 	NOTE: kfreebsd not covered by security support
 CVE-2017-1080
-	RESERVED
+	REJECTED
 CVE-2017-1079
-	RESERVED
+	REJECTED
 CVE-2017-1078
-	RESERVED
+	REJECTED
 CVE-2017-1077
-	RESERVED
+	REJECTED
 CVE-2017-1076
-	RESERVED
+	REJECTED
 CVE-2017-1075
-	RESERVED
+	REJECTED
 CVE-2017-1074
-	RESERVED
+	REJECTED
 CVE-2017-1073
-	RESERVED
+	REJECTED
 CVE-2017-1072
-	RESERVED
+	REJECTED
 CVE-2017-1071
-	RESERVED
+	REJECTED
 CVE-2017-1070
-	RESERVED
+	REJECTED
 CVE-2017-1069
 	RESERVED
 CVE-2017-1068
author	security tracker role <sectracker@soriano.debian.org>	2021-06-11 20:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-06-11 20:10:20 +0000
commit	43a5275e636e6f6dd5b31160952dc4d932ecea44 (patch)
tree	359b15a37f24b80bb7a3de4db5804f6f62bdd038 /data
parent	b7635f8061daab1ddf5f605690f460c420cceaed (diff)