From 43a5275e636e6f6dd5b31160952dc4d932ecea44 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 11 Jun 2021 20:10:20 +0000 Subject: automatic update --- data/CVE/list | 597 ++++++++++++++++++++++++++++------------------------------ 1 file changed, 283 insertions(+), 314 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 428edaa679..33393e38cc 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2021-3598 + RESERVED +CVE-2021-3597 + RESERVED CVE-2021-34674 RESERVED CVE-2021-34673 @@ -277,8 +281,8 @@ CVE-2021-34542 RESERVED CVE-2021-34541 RESERVED -CVE-2021-34540 - RESERVED +CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...) + TODO: check CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) NOT-FOR-US: CubeCoders AMP CVE-2021-34538 @@ -3204,8 +3208,8 @@ CVE-2021-33207 RESERVED CVE-2021-33206 RESERVED -CVE-2021-33205 - RESERVED +CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...) + TODO: check CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...) - libvirt (Vulnerable code never in a released version) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1) @@ -3280,7 +3284,7 @@ CVE-2021-33195 - golang-1.7 NOTE: https://github.com/golang/go/issues/46241 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI -CVE-2021-33194 (Go through 1.15.12 and 1.16.x through 1.16.4 has a golang.org/x/net/ht ...) +CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...) - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4 - golang-golang-x-net-dev NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ @@ -3865,12 +3869,12 @@ CVE-2021-32934 RESERVED CVE-2021-32933 RESERVED -CVE-2021-32932 - RESERVED +CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...) + TODO: check CVE-2021-32931 RESERVED -CVE-2021-32930 - RESERVED +CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...) + TODO: check CVE-2021-32929 RESERVED CVE-2021-32928 @@ -11522,8 +11526,8 @@ CVE-2021-29756 RESERVED CVE-2021-29755 RESERVED -CVE-2021-29754 - RESERVED +CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + TODO: check CVE-2021-29753 RESERVED CVE-2021-29752 @@ -14108,8 +14112,7 @@ CVE-2021-28690 [x86: TSX Async Abort protections not restored after S3] - xen [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-377.html -CVE-2021-28689 [x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests] - RESERVED +CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ...) - xen (unimportant) NOTE: https://xenbits.xen.org/xsa/advisory-370.html NOTE: Unfixable design/architecture limitation, no fix planned @@ -14207,8 +14210,7 @@ CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted ren NOTE: Prerequisite (test): https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70 NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148 (OpenSSL_1_1_1k) NOTE: Followup: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0 -CVE-2021-28687 [HVM soft-reset crashes toolstack] - RESERVED +CVE-2021-28687 (HVM soft-reset crashes toolstack libxl requires all data structures pa ...) - xen [bullseye] - xen (Fix along with next round of updates) [buster] - xen (Vulnerable code introduced later) @@ -15211,20 +15213,18 @@ CVE-2021-28215 RESERVED CVE-2021-28214 RESERVED -CVE-2021-28213 - RESERVED +CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...) + TODO: check CVE-2021-28212 RESERVED -CVE-2021-28211 [possible heap corruption with LzmaUefiDecompressGetInfo] - RESERVED +CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...) {DLA-2645-1} - edk2 2020.11-1 [buster] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816 NOTE: https://github.com/tianocore/edk2/pull/1138 NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0 -CVE-2021-28210 [unlimited FV recursion, round 2] - RESERVED +CVE-2021-28210 (An unlimited recursion in DxeCore in EDK II. ...) {DLA-2645-1} - edk2 2020.11-1 [buster] - edk2 (Minor issue) @@ -17159,12 +17159,12 @@ CVE-2021-27412 RESERVED CVE-2021-27411 RESERVED -CVE-2021-27410 - RESERVED +CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...) + TODO: check CVE-2021-27409 RESERVED -CVE-2021-27408 - RESERVED +CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...) + TODO: check CVE-2021-27407 RESERVED CVE-2021-27406 @@ -17677,8 +17677,8 @@ CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in [stretch] - spip 3.1.4-4~deb9u4+deb9u1 CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...) NOT-FOR-US: Endian Firewall Community (aka EFW) -CVE-2021-27200 - RESERVED +CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...) + TODO: check CVE-2021-27199 RESERVED CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...) @@ -18114,16 +18114,16 @@ CVE-2021-26999 RESERVED CVE-2021-26998 RESERVED -CVE-2021-26997 - RESERVED -CVE-2021-26996 - RESERVED -CVE-2021-26995 - RESERVED +CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + TODO: check +CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + TODO: check +CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + TODO: check CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...) NOT-FOR-US: Clustered Data ONTAP (NetApp) -CVE-2021-26993 - RESERVED +CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + TODO: check CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...) NOT-FOR-US: Cloud Manager (NetApp) CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...) @@ -18558,10 +18558,10 @@ CVE-2021-26831 RESERVED CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...) NOT-FOR-US: Tribalsystems Zenario CMS -CVE-2021-26829 - RESERVED -CVE-2021-26828 - RESERVED +CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) + TODO: check +CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) + TODO: check CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...) NOT-FOR-US: TP-Link CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...) @@ -20308,20 +20308,20 @@ CVE-2021-26124 RESERVED CVE-2021-23232 RESERVED -CVE-2021-23230 - RESERVED +CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...) + TODO: check CVE-2021-23224 RESERVED CVE-2021-23220 RESERVED CVE-2021-23212 RESERVED -CVE-2021-23211 - RESERVED -CVE-2021-23205 - RESERVED -CVE-2021-23204 - RESERVED +CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) + TODO: check +CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...) + TODO: check +CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check CVE-2021-23199 RESERVED CVE-2021-23197 @@ -20330,8 +20330,8 @@ CVE-2021-23193 RESERVED CVE-2021-23185 RESERVED -CVE-2021-23182 - RESERVED +CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) + TODO: check CVE-2021-23167 RESERVED CVE-2021-23162 @@ -20340,10 +20340,10 @@ CVE-2021-23155 RESERVED CVE-2021-23146 RESERVED -CVE-2021-23140 - RESERVED -CVE-2021-23136 - RESERVED +CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) + TODO: check +CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) + TODO: check CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...) NOT-FOR-US: LivingLogic XIST4C CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...) @@ -22099,92 +22099,92 @@ CVE-2021-25427 RESERVED CVE-2021-25426 RESERVED -CVE-2021-25425 - RESERVED -CVE-2021-25424 - RESERVED -CVE-2021-25423 - RESERVED -CVE-2021-25422 - RESERVED -CVE-2021-25421 - RESERVED -CVE-2021-25420 - RESERVED -CVE-2021-25419 - RESERVED -CVE-2021-25418 - RESERVED -CVE-2021-25417 - RESERVED -CVE-2021-25416 - RESERVED -CVE-2021-25415 - RESERVED -CVE-2021-25414 - RESERVED -CVE-2021-25413 - RESERVED -CVE-2021-25412 - RESERVED -CVE-2021-25411 - RESERVED -CVE-2021-25410 - RESERVED -CVE-2021-25409 - RESERVED -CVE-2021-25408 - RESERVED -CVE-2021-25407 - RESERVED -CVE-2021-25406 - RESERVED -CVE-2021-25405 - RESERVED -CVE-2021-25404 - RESERVED -CVE-2021-25403 - RESERVED -CVE-2021-25402 - RESERVED -CVE-2021-25401 - RESERVED -CVE-2021-25400 - RESERVED -CVE-2021-25399 - RESERVED -CVE-2021-25398 - RESERVED -CVE-2021-25397 - RESERVED -CVE-2021-25396 - RESERVED -CVE-2021-25395 - RESERVED -CVE-2021-25394 - RESERVED -CVE-2021-25393 - RESERVED -CVE-2021-25392 - RESERVED -CVE-2021-25391 - RESERVED -CVE-2021-25390 - RESERVED -CVE-2021-25389 - RESERVED -CVE-2021-25388 - RESERVED -CVE-2021-25387 - RESERVED -CVE-2021-25386 - RESERVED -CVE-2021-25385 - RESERVED -CVE-2021-25384 - RESERVED -CVE-2021-25383 - RESERVED +CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...) + TODO: check +CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...) + TODO: check +CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...) + TODO: check +CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to ...) + TODO: check +CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...) + TODO: check +CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to ...) + TODO: check +CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...) + TODO: check +CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior ...) + TODO: check +CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...) + TODO: check +CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) + TODO: check +CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) + TODO: check +CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) + TODO: check +CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) + TODO: check +CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...) + TODO: check +CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...) + TODO: check +CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR ...) + TODO: check +CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release ...) + TODO: check +CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...) + TODO: check +CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...) + TODO: check +CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...) + TODO: check +CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...) + TODO: check +CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...) + TODO: check +CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...) + TODO: check +CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...) + TODO: check +CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...) + TODO: check +CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version ...) + TODO: check +CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...) + TODO: check +CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...) + TODO: check +CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...) + TODO: check +CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...) + TODO: check +CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...) + TODO: check +CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...) + TODO: check +CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...) + TODO: check +CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior ...) + TODO: check +CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...) + TODO: check +CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...) + TODO: check +CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release ...) + TODO: check +CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...) + TODO: check +CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...) + TODO: check +CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...) + TODO: check +CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) + TODO: check +CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) + TODO: check +CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...) + TODO: check CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...) NOT-FOR-US: Samsung CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...) @@ -27684,14 +27684,14 @@ CVE-2021-22917 RESERVED CVE-2021-22916 RESERVED -CVE-2021-22915 - RESERVED +CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...) + TODO: check CVE-2021-22914 RESERVED -CVE-2021-22913 - RESERVED -CVE-2021-22912 - RESERVED +CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...) + TODO: check +CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...) + TODO: check CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...) NOT-FOR-US: Rocket.Chat CVE-2021-22910 @@ -27702,31 +27702,27 @@ CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource NOT-FOR-US: Windows File Resource Profiles CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...) NOT-FOR-US: Citrix -CVE-2021-22906 - RESERVED -CVE-2021-22905 - RESERVED -CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token Authentication] - RESERVED +CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers ...) + TODO: check +CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...) + TODO: check +CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...) {DSA-4929-1 DLA-2655-1} - rails 2:6.0.3.7+dfsg-1 (bug #988214) NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main) NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7) NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6) -CVE-2021-22903 - RESERVED +CVE-2021-22903 (The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...) - rails (Vulnerable code introduced in 6.1.0.rc2) NOTE: Introduced by: https://github.com/rails/rails/commit/9bc7ea5dab34c8657c91d0258bb5afd8bfcd3a8f (main) NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main) -CVE-2021-22902 [Possible Denial of Service vulnerability in Action Dispatch] - RESERVED +CVE-2021-22902 (The actionpack ruby gem (a framework for handling and responding to we ...) - rails 2:6.0.3.7+dfsg-1 (bug #988214) [buster] - rails (Vulnerable code introduced later) [stretch] - rails (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main) NOTE: Fixed by: https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a (v6.0.3.7) -CVE-2021-22901 [TLS session caching disaster] - RESERVED +CVE-2021-22901 (curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability ...) - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2021-22901.html NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0) @@ -27735,8 +27731,7 @@ CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse C NOT-FOR-US: Pulse Connect Secure CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...) NOT-FOR-US: Pulse Connect Secure -CVE-2021-22898 [TELNET stack contents disclosure] - RESERVED +CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...) - curl (bug #989228) [bullseye] - curl (Minor issue) [buster] - curl (Minor issue) @@ -27744,17 +27739,16 @@ CVE-2021-22898 [TELNET stack contents disclosure] NOTE: https://curl.se/docs/CVE-2021-22898.html NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7) NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0) -CVE-2021-22897 [schannel cipher selection surprise] - RESERVED +CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element to wr ...) - curl (Windows only) NOTE: https://curl.se/docs/CVE-2021-22897.html NOTE: Introduced by: https://github.com/curl/curl/commit/9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28 (7.61.0) NOTE: Fixed by: https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 (7.77.0) NOTE: Only affect builds with schannel support (which is Windows only) -CVE-2021-22896 - RESERVED -CVE-2021-22895 - RESERVED +CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...) + TODO: check +CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...) + TODO: check CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...) @@ -28038,48 +28032,48 @@ CVE-2021-22771 RESERVED CVE-2021-22770 RESERVED -CVE-2021-22769 - RESERVED -CVE-2021-22768 - RESERVED -CVE-2021-22767 - RESERVED -CVE-2021-22766 - RESERVED -CVE-2021-22765 - RESERVED -CVE-2021-22764 - RESERVED -CVE-2021-22763 - RESERVED -CVE-2021-22762 - RESERVED -CVE-2021-22761 - RESERVED -CVE-2021-22760 - RESERVED -CVE-2021-22759 - RESERVED -CVE-2021-22758 - RESERVED -CVE-2021-22757 - RESERVED -CVE-2021-22756 - RESERVED -CVE-2021-22755 - RESERVED -CVE-2021-22754 - RESERVED -CVE-2021-22753 - RESERVED -CVE-2021-22752 - RESERVED -CVE-2021-22751 - RESERVED -CVE-2021-22750 - RESERVED -CVE-2021-22749 - RESERVED +CVE-2021-22769 (A CWE-269: Improper Privilege Management vulnerability exists in Enerl ...) + TODO: check +CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + TODO: check +CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + TODO: check +CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + TODO: check +CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + TODO: check +CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic ...) + TODO: check +CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...) + TODO: check +CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + TODO: check +CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...) + TODO: check +CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...) + TODO: check +CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...) + TODO: check +CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) + TODO: check +CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) + TODO: check +CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + TODO: check +CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + TODO: check +CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) + TODO: check +CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + TODO: check +CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + TODO: check +CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + TODO: check +CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + TODO: check CVE-2021-22748 RESERVED CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) @@ -29398,8 +29392,7 @@ CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions st CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.7.7-1 - gitlab (Affected version never uploaded to unstable) -CVE-2021-22181 - RESERVED +CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab @@ -29411,8 +29404,8 @@ CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE ver - gitlab CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab -CVE-2021-22175 - RESERVED +CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...) + TODO: check CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark (Affected code not present) @@ -29852,8 +29845,8 @@ CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vuln NOT-FOR-US: VMware CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...) NOT-FOR-US: MikroTik RouterOS -CVE-2021-3013 - RESERVED +CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of arbitrary p ...) + TODO: check CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...) NOT-FOR-US: ESRI ArcGIS Online CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...) @@ -30140,8 +30133,8 @@ CVE-2021-21835 RESERVED CVE-2021-21834 RESERVED -CVE-2021-21833 - RESERVED +CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...) + TODO: check CVE-2021-21832 RESERVED CVE-2021-21831 @@ -30158,8 +30151,8 @@ CVE-2021-21826 RESERVED CVE-2021-21825 RESERVED -CVE-2021-21824 - RESERVED +CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...) + TODO: check CVE-2021-21823 RESERVED CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) @@ -30190,8 +30183,8 @@ CVE-2021-21810 RESERVED CVE-2021-21809 RESERVED -CVE-2021-21808 - RESERVED +CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...) + TODO: check CVE-2021-21807 RESERVED CVE-2021-21806 @@ -30216,8 +30209,8 @@ CVE-2021-21797 RESERVED CVE-2021-21796 RESERVED -CVE-2021-21795 - RESERVED +CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...) + TODO: check CVE-2021-21794 RESERVED CVE-2021-21793 @@ -33545,7 +33538,7 @@ CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier) NOT-FOR-US: Adobe CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...) NOT-FOR-US: Adobe -CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...) +CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe @@ -34501,8 +34494,8 @@ CVE-2021-20593 RESERVED CVE-2021-20592 RESERVED -CVE-2021-20591 - RESERVED +CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...) + TODO: check CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...) NOT-FOR-US: Mitsubishi CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...) @@ -34891,8 +34884,8 @@ CVE-2021-20398 RESERVED CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM -CVE-2021-20396 - RESERVED +CVE-2021-20396 (IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM ...) + TODO: check CVE-2021-20395 RESERVED CVE-2021-20394 @@ -44471,82 +44464,60 @@ CVE-2021-0500 RESERVED CVE-2021-0499 RESERVED -CVE-2021-0498 - RESERVED +CVE-2021-0498 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0497 - RESERVED +CVE-2021-0497 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0496 - RESERVED +CVE-2021-0496 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0495 - RESERVED +CVE-2021-0495 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0494 - RESERVED +CVE-2021-0494 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0493 - RESERVED +CVE-2021-0493 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0492 - RESERVED +CVE-2021-0492 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0491 - RESERVED +CVE-2021-0491 (In memory management driver, there is a possible escalation of privile ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0490 - RESERVED +CVE-2021-0490 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0489 - RESERVED +CVE-2021-0489 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds write du ...) NOT-FOR-US: Android -CVE-2021-0487 - RESERVED +CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2021-0486 RESERVED -CVE-2021-0485 - RESERVED +CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypa ...) NOT-FOR-US: Android -CVE-2021-0484 - RESERVED +CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...) NOT-FOR-US: Android media framework CVE-2021-0483 RESERVED -CVE-2021-0482 - RESERVED +CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible memory co ...) NOT-FOR-US: Android media framework -CVE-2021-0481 - RESERVED +CVE-2021-0481 (In onActivityResult of EditUserPhotoController.java, there is a possib ...) NOT-FOR-US: Android -CVE-2021-0480 - RESERVED +CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a possible broad ...) NOT-FOR-US: Android CVE-2021-0479 RESERVED CVE-2021-0478 RESERVED NOT-FOR-US: Android -CVE-2021-0477 - RESERVED +CVE-2021-0477 (In notifyScreenshotError of ScreenshotNotificationsController.java, th ...) NOT-FOR-US: Android -CVE-2021-0476 - RESERVED +CVE-2021-0476 (In FindOrCreatePeer of btif_av.cc, there is a possible use after free ...) NOT-FOR-US: Android -CVE-2021-0475 - RESERVED +CVE-2021-0475 (In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory c ...) NOT-FOR-US: Android -CVE-2021-0474 - RESERVED +CVE-2021-0474 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android -CVE-2021-0473 - RESERVED +CVE-2021-0473 (In rw_t3t_process_error of rw_t3t.cc, there is a possible double free ...) NOT-FOR-US: Android -CVE-2021-0472 - RESERVED +CVE-2021-0472 (In shouldLockKeyguard of LockTaskController.java, there is a possible ...) NOT-FOR-US: Android CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android media framework @@ -44559,8 +44530,7 @@ CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an inse CVE-2021-0467 RESERVED NOT-FOR-US: AMLogic -CVE-2021-0466 - RESERVED +CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...) NOT-FOR-US: Android CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of bounds writ ...) NOT-FOR-US: Android/Pixel kernel component not in mainline @@ -79066,8 +79036,8 @@ CVE-2020-13690 RESERVED CVE-2020-13689 RESERVED -CVE-2020-13688 - RESERVED +CVE-2020-13688 (Cross-site scripting vulnerability in l Drupal Core allows an attacker ...) + TODO: check CVE-2020-13687 RESERVED CVE-2020-13686 @@ -79122,8 +79092,7 @@ CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API when CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core under certai ...) - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2020-005 -CVE-2020-13663 [Drupal SA 2020-004] - RESERVED +CVE-2020-13663 (Cross Site Request Forgery vulnerability in Drupal Core Form API does ...) {DSA-4706-1 DLA-2263-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-004 @@ -95588,8 +95557,8 @@ CVE-2020-7862 RESERVED CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...) NOT-FOR-US: AnySupport -CVE-2020-7860 - RESERVED +CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...) + TODO: check CVE-2020-7859 RESERVED CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...) @@ -96379,7 +96348,7 @@ CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attemp NOT-FOR-US: Easergy T300 CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...) NOT-FOR-US: Easergy T300 -CVE-2020-7506 (A CWE-538: File and Directory Information Exposure vulnerability exist ...) +CVE-2020-7506 (A CWE-200: Information Exposure vulnerability exists in Easergy T300, ...) NOT-FOR-US: Easergy T300 CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...) NOT-FOR-US: Easergy T300 @@ -100379,33 +100348,33 @@ CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...) NOT-FOR-US: Philips Hue Bridge model CVE-2020-6006 - RESERVED + REJECTED CVE-2020-6005 - RESERVED + REJECTED CVE-2020-6004 - RESERVED + REJECTED CVE-2020-6003 - RESERVED + REJECTED CVE-2020-6002 - RESERVED + REJECTED CVE-2020-6001 - RESERVED + REJECTED CVE-2020-6000 - RESERVED + REJECTED CVE-2020-5999 - RESERVED + REJECTED CVE-2020-5998 - RESERVED + REJECTED CVE-2020-5997 - RESERVED + REJECTED CVE-2020-5996 - RESERVED + REJECTED CVE-2020-5995 - RESERVED + REJECTED CVE-2020-5994 - RESERVED + REJECTED CVE-2020-5993 - RESERVED + REJECTED CVE-2020-5992 (NVIDIA GeForce NOW application software on Windows, all versions prior ...) NOT-FOR-US: NVIDIA GeForce NOW application software CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerab ...) @@ -103124,8 +103093,8 @@ CVE-2020-5005 RESERVED CVE-2020-5004 RESERVED -CVE-2020-5003 - RESERVED +CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML Extern ...) + TODO: check CVE-2020-5002 RESERVED CVE-2020-5001 @@ -146945,8 +146914,8 @@ CVE-2019-9477 RESERVED CVE-2019-9476 RESERVED -CVE-2019-9475 - RESERVED +CVE-2019-9475 (In /proc/net of the kernel filesystem, there is a possible information ...) + TODO: check CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing ...) @@ -267982,23 +267951,23 @@ CVE-2017-3910 CVE-2017-3909 RESERVED CVE-2017-3908 - RESERVED + REJECTED CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) extensi ...) NOT-FOR-US: McAfee CVE-2017-3906 - RESERVED + REJECTED CVE-2017-3905 - RESERVED + REJECTED CVE-2017-3904 RESERVED CVE-2017-3903 - RESERVED + REJECTED CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface (UI ...) NOT-FOR-US: Intel Security ePO CVE-2017-3901 - RESERVED + REJECTED CVE-2017-3900 - RESERVED + REJECTED CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense ...) NOT-FOR-US: Intel antivirus CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based ...) @@ -275523,27 +275492,27 @@ CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc NOTE: kfreebsd not covered by security support CVE-2017-1080 - RESERVED + REJECTED CVE-2017-1079 - RESERVED + REJECTED CVE-2017-1078 - RESERVED + REJECTED CVE-2017-1077 - RESERVED + REJECTED CVE-2017-1076 - RESERVED + REJECTED CVE-2017-1075 - RESERVED + REJECTED CVE-2017-1074 - RESERVED + REJECTED CVE-2017-1073 - RESERVED + REJECTED CVE-2017-1072 - RESERVED + REJECTED CVE-2017-1071 - RESERVED + REJECTED CVE-2017-1070 - RESERVED + REJECTED CVE-2017-1069 RESERVED CVE-2017-1068 -- cgit v1.2.3