diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-07-13 20:10:26 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-07-13 20:10:26 +0000 |
commit | 4cd7a979fba5af33f8eae777ffe953ec6893d0e7 (patch) | |
tree | facbfa665c76b25ac997f770bb92f99127fdbbde | |
parent | dd2320ef2cbce079dc1bb0b31ce58d9ba5079fca (diff) |
automatic update
-rw-r--r-- | data/CVE/list.2018 | 4 | ||||
-rw-r--r-- | data/CVE/list.2020 | 52 | ||||
-rw-r--r-- | data/CVE/list.2021 | 400 |
3 files changed, 235 insertions, 221 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 497ca2e0f8..78856ada83 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -44085,9 +44085,9 @@ CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch f NOT-FOR-US: Siemens SCALANCE X switches CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...) NOT-FOR-US: TIM -CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...) +CVE-2018-4840 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...) NOT-FOR-US: Siemens -CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...) +CVE-2018-4839 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...) NOT-FOR-US: Siemens CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module IEC 61850 ...) NOT-FOR-US: Siemens diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 27e00fc9ab..ce3ce858f7 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -6216,8 +6216,8 @@ CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice NOT-FOR-US: Star Practice Management Web CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...) NOT-FOR-US: Star Practice Management Web -CVE-2020-28400 - RESERVED +CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation Kits for ...) + TODO: check CVE-2020-28399 RESERVED CVE-2020-28398 @@ -11600,8 +11600,8 @@ CVE-2020-26156 REJECTED CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31 ...) NOT-FOR-US: Utimaco SecurityServer -CVE-2020-26153 - RESERVED +CVE-2020-26153 (A cross-site scripting (XSS) vulnerability in wp-content/plugins/event ...) + TODO: check CVE-2020-26152 RESERVED CVE-2020-26151 @@ -18975,8 +18975,8 @@ CVE-2020-22909 RESERVED CVE-2020-22908 RESERVED -CVE-2020-22907 - RESERVED +CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in jsish bef ...) + TODO: check CVE-2020-22906 RESERVED CVE-2020-22905 @@ -19017,16 +19017,16 @@ CVE-2020-22888 RESERVED CVE-2020-22887 RESERVED -CVE-2020-22886 - RESERVED -CVE-2020-22885 - RESERVED -CVE-2020-22884 - RESERVED +CVE-2020-22886 (Buffer overflow vulnerability in function jsG_markobject in jsgc.c in ...) + TODO: check +CVE-2020-22885 (Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in ...) + TODO: check +CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in Espruin ...) + TODO: check CVE-2020-22883 RESERVED -CVE-2020-22882 - RESERVED +CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable, allows ...) + TODO: check CVE-2020-22881 RESERVED CVE-2020-22880 @@ -19037,14 +19037,14 @@ CVE-2020-22878 RESERVED CVE-2020-22877 RESERVED -CVE-2020-22876 - RESERVED -CVE-2020-22875 - RESERVED -CVE-2020-22874 - RESERVED -CVE-2020-22873 - RESERVED +CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote a ...) + TODO: check +CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in jsish b ...) + TODO: check +CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish ...) + TODO: check +CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd in jsis ...) + TODO: check CVE-2020-22872 RESERVED CVE-2020-22871 @@ -24425,12 +24425,12 @@ CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memor NOT-FOR-US: Mikrotik RouterOs CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...) NOT-FOR-US: Mikrotik RouterOs -CVE-2020-20252 - RESERVED +CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) + TODO: check CVE-2020-20251 RESERVED -CVE-2020-20250 - RESERVED +CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) + TODO: check CVE-2020-20249 RESERVED CVE-2020-20248 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 7b58f1f9a5..95746a592c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,23 @@ +CVE-2021-36736 + RESERVED +CVE-2021-36735 + RESERVED +CVE-2021-36734 + RESERVED +CVE-2021-36733 + RESERVED +CVE-2021-36732 + RESERVED +CVE-2021-36731 + RESERVED +CVE-2021-36730 + RESERVED +CVE-2021-36729 + RESERVED +CVE-2021-36728 + RESERVED +CVE-2021-36727 + RESERVED CVE-2021-XXXX [Varnish VSV00007] - varnish <unfixed> (bug #991040) NOTE: https://varnish-cache.org/security/VSV00007.html @@ -720,8 +740,8 @@ CVE-2021-36378 CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...) - fossil 1:2.15.2-1 NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 -CVE-2021-36376 - RESERVED +CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...) + TODO: check CVE-2021-36375 RESERVED CVE-2021-36374 @@ -1068,8 +1088,8 @@ CVE-2021-36216 RESERVED CVE-2021-36215 RESERVED -CVE-2021-36214 - RESERVED +CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...) + TODO: check CVE-2021-36213 RESERVED CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...) @@ -1264,14 +1284,14 @@ CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWik CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ -CVE-2021-36124 - RESERVED -CVE-2021-36123 - RESERVED -CVE-2021-36122 - RESERVED -CVE-2021-36121 - RESERVED +CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...) + TODO: check +CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...) + TODO: check +CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...) + TODO: check +CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...) + TODO: check CVE-2021-3633 RESERVED CVE-2021-36120 @@ -1337,8 +1357,7 @@ CVE-2021-36091 CVE-2021-3632 RESERVED NOT-FOR-US: Keycloak -CVE-2021-36090 - RESERVED +CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...) - libcommons-compress-java <unfixed> (bug #991041) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4 CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...) @@ -1650,8 +1669,8 @@ CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the NOT-FOR-US: Plone CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite ...) - tensorflow <itp> (bug #804612) -CVE-2021-35957 - RESERVED +CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...) + TODO: check CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...) NOT-FOR-US: AKCP sensorProbe CVE-2021-35955 @@ -2584,16 +2603,13 @@ CVE-2021-35519 RESERVED CVE-2021-35518 RESERVED -CVE-2021-35517 - RESERVED +CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...) - libcommons-compress-java <unfixed> (bug #991041) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3 -CVE-2021-35516 - RESERVED +CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...) - libcommons-compress-java <unfixed> (bug #991041) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2 -CVE-2021-35515 - RESERVED +CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...) - libcommons-compress-java <unfixed> (bug #991041) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1 CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...) @@ -4719,8 +4735,8 @@ CVE-2021-34554 RESERVED CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...) NOT-FOR-US: Sonatype Nexus Repository Manager -CVE-2021-34552 - RESERVED +CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...) + TODO: check CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...) - libphp-phpmailer <not-affected> (Windows-specific) CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...) @@ -5201,92 +5217,92 @@ CVE-2021-34335 RESERVED CVE-2021-34334 RESERVED -CVE-2021-34333 - RESERVED -CVE-2021-34332 - RESERVED -CVE-2021-34331 - RESERVED -CVE-2021-34330 - RESERVED -CVE-2021-34329 - RESERVED -CVE-2021-34328 - RESERVED -CVE-2021-34327 - RESERVED -CVE-2021-34326 - RESERVED -CVE-2021-34325 - RESERVED -CVE-2021-34324 - RESERVED -CVE-2021-34323 - RESERVED -CVE-2021-34322 - RESERVED -CVE-2021-34321 - RESERVED -CVE-2021-34320 - RESERVED -CVE-2021-34319 - RESERVED -CVE-2021-34318 - RESERVED -CVE-2021-34317 - RESERVED -CVE-2021-34316 - RESERVED -CVE-2021-34315 - RESERVED -CVE-2021-34314 - RESERVED -CVE-2021-34313 - RESERVED -CVE-2021-34312 - RESERVED -CVE-2021-34311 - RESERVED -CVE-2021-34310 - RESERVED -CVE-2021-34309 - RESERVED -CVE-2021-34308 - RESERVED -CVE-2021-34307 - RESERVED -CVE-2021-34306 - RESERVED -CVE-2021-34305 - RESERVED -CVE-2021-34304 - RESERVED -CVE-2021-34303 - RESERVED -CVE-2021-34302 - RESERVED -CVE-2021-34301 - RESERVED -CVE-2021-34300 - RESERVED -CVE-2021-34299 - RESERVED -CVE-2021-34298 - RESERVED -CVE-2021-34297 - RESERVED -CVE-2021-34296 - RESERVED -CVE-2021-34295 - RESERVED -CVE-2021-34294 - RESERVED -CVE-2021-34293 - RESERVED -CVE-2021-34292 - RESERVED -CVE-2021-34291 - RESERVED +CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check +CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + TODO: check CVE-2021-3586 RESERVED NOT-FOR-US: Maistra @@ -6389,6 +6405,7 @@ CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. Wh NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...) + {DSA-4938-1} - linuxptp 3.1-2.1 (bug #990748) NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master) NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1) @@ -6553,26 +6570,26 @@ CVE-2021-33720 RESERVED CVE-2021-33719 RESERVED -CVE-2021-33718 - RESERVED +CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...) + TODO: check CVE-2021-33717 RESERVED CVE-2021-33716 RESERVED -CVE-2021-33715 - RESERVED -CVE-2021-33714 - RESERVED -CVE-2021-33713 - RESERVED +CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < ...) + TODO: check +CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions < ...) + TODO: check +CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions < ...) + TODO: check CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...) NOT-FOR-US: Mendix SAML Module -CVE-2021-33711 - RESERVED -CVE-2021-33710 - RESERVED -CVE-2021-33709 - RESERVED +CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + TODO: check +CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + TODO: check +CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + TODO: check CVE-2021-33708 RESERVED CVE-2021-33707 @@ -6850,8 +6867,8 @@ CVE-2021-3566 RESERVED CVE-2021-33579 RESERVED -CVE-2021-33578 - RESERVED +CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...) + TODO: check CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...) NOT-FOR-US: Cleo LexiCom CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...) @@ -10724,14 +10741,14 @@ CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user NOT-FOR-US: JetBrains CVE-2021-31896 RESERVED -CVE-2021-31895 - RESERVED -CVE-2021-31894 - RESERVED -CVE-2021-31893 - RESERVED -CVE-2021-31892 - RESERVED +CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) + TODO: check +CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + TODO: check +CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + TODO: check +CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...) + TODO: check CVE-2021-31891 RESERVED CVE-2021-31890 @@ -10978,8 +10995,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou - libpdfbox2-java <unfixed> - libpdfbox-java <undetermined> NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2 -CVE-2021-31810 [Trusting FTP PASV responses vulnerability in Net::FTP] - RESERVED +CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 <removed> - ruby2.3 <removed> @@ -12418,24 +12434,24 @@ CVE-2021-31227 RESERVED CVE-2021-31226 RESERVED -CVE-2021-31225 - RESERVED -CVE-2021-31224 - RESERVED -CVE-2021-31223 - RESERVED -CVE-2021-31222 - RESERVED -CVE-2021-31221 - RESERVED -CVE-2021-31220 - RESERVED +CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...) + TODO: check +CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...) + TODO: check +CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...) + TODO: check +CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...) + TODO: check +CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...) + TODO: check +CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...) + TODO: check CVE-2021-31219 RESERVED CVE-2021-31218 RESERVED -CVE-2021-31217 - RESERVED +CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...) + TODO: check CVE-2021-31216 RESERVED CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...) @@ -17474,9 +17490,9 @@ CVE-2021-29108 RESERVED CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...) NOT-FOR-US: ArcGIS Server Manager -CVE-2021-29106 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server ...) +CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...) NOT-FOR-US: ArcGIS Server -CVE-2021-29105 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Ser ...) +CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...) NOT-FOR-US: ArcGIS Server Services Directory CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...) NOT-FOR-US: ArcGIS Server Manager @@ -25693,8 +25709,8 @@ CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (A NOT-FOR-US: Siemens CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) NOT-FOR-US: Mendix Forgot Password Appstore module -CVE-2021-25671 - RESERVED +CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions < V1. ...) + TODO: check CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...) NOT-FOR-US: Tecnomatix RobotExpert (Siemens) CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) @@ -32804,8 +32820,8 @@ CVE-2021-22442 RESERVED CVE-2021-22441 RESERVED -CVE-2021-22440 - RESERVED +CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...) + TODO: check CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...) NOT-FOR-US: Huawei CVE-2021-22438 @@ -32886,8 +32902,8 @@ CVE-2021-22401 RESERVED CVE-2021-22400 RESERVED -CVE-2021-22399 - RESERVED +CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...) + TODO: check CVE-2021-22398 RESERVED CVE-2021-22397 @@ -33316,7 +33332,7 @@ CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versi - gitlab <unfixed> CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...) NOT-FOR-US: gitlab-vscode-extension -CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys ...) +CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...) - gitlab <unfixed> CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> @@ -33747,8 +33763,7 @@ CVE-2021-22002 RESERVED CVE-2021-22001 RESERVED -CVE-2021-22000 - RESERVED +CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vul ...) NOT-FOR-US: VMware CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...) NOT-FOR-US: VMware @@ -33758,11 +33773,9 @@ CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a den NOT-FOR-US: VMware CVE-2021-21996 RESERVED -CVE-2021-21995 - RESERVED +CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability due a he ...) NOT-FOR-US: VMware -CVE-2021-21994 - RESERVED +CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...) NOT-FOR-US: VMware CVE-2021-21993 RESERVED @@ -34155,6 +34168,7 @@ CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_ CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...) + {DSA-4877-1} - webkit2gtk 2.30.6-1 - wpewebkit 2.30.6-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214 @@ -37061,12 +37075,12 @@ CVE-2021-20597 RESERVED CVE-2021-20596 RESERVED -CVE-2021-20595 - RESERVED +CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...) + TODO: check CVE-2021-20594 RESERVED -CVE-2021-20593 - RESERVED +CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...) + TODO: check CVE-2021-20592 RESERVED CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...) @@ -37403,12 +37417,12 @@ CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such NOT-FOR-US: IBM CVE-2021-20425 RESERVED -CVE-2021-20424 - RESERVED -CVE-2021-20423 - RESERVED -CVE-2021-20422 - RESERVED +CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote attacker to ob ...) + TODO: check +CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated user g ...) + TODO: check +CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...) + TODO: check CVE-2021-20421 RESERVED CVE-2021-20420 @@ -37513,26 +37527,26 @@ CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a r NOT-FOR-US: IBM CVE-2021-20370 RESERVED -CVE-2021-20369 - RESERVED -CVE-2021-20368 - RESERVED +CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...) + TODO: check +CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + TODO: check CVE-2021-20367 RESERVED -CVE-2021-20366 - RESERVED -CVE-2021-20365 - RESERVED -CVE-2021-20364 - RESERVED -CVE-2021-20363 - RESERVED -CVE-2021-20362 - RESERVED -CVE-2021-20361 - RESERVED -CVE-2021-20360 - RESERVED +CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + TODO: check +CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + TODO: check +CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + TODO: check +CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + TODO: check +CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + TODO: check +CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + TODO: check +CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...) + TODO: check CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...) NOT-FOR-US: IBM CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...) |