automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-07-13 20:10:26 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-07-13 20:10:26 +0000
commit: 4cd7a979fba5af33f8eae777ffe953ec6893d0e7 (patch)
tree: facbfa665c76b25ac997f770bb92f99127fdbbde /data
parent: dd2320ef2cbce079dc1bb0b31ce58d9ba5079fca (diff)
3 files changed, 235 insertions, 221 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 497ca2e0f8..78856ada83 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -44085,9 +44085,9 @@ CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch f
 	NOT-FOR-US: Siemens SCALANCE X switches
 CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions &lt; ...)
 	NOT-FOR-US: TIM
-CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
+CVE-2018-4840 (A vulnerability has been identified in DIGSI 4 (All versions &lt; V4.9 ...)
 	NOT-FOR-US: Siemens
-CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
+CVE-2018-4839 (A vulnerability has been identified in DIGSI 4 (All versions &lt; V4.9 ...)
 	NOT-FOR-US: Siemens
 CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module IEC 61850 ...)
 	NOT-FOR-US: Siemens
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 27e00fc9ab..ce3ce858f7 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -6216,8 +6216,8 @@ CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice
 	NOT-FOR-US: Star Practice Management Web
 CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...)
 	NOT-FOR-US: Star Practice Management Web
-CVE-2020-28400
-	RESERVED
+CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+	TODO: check
 CVE-2020-28399
 	RESERVED
 CVE-2020-28398
@@ -11600,8 +11600,8 @@ CVE-2020-26156
 	REJECTED
 CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31 ...)
 	NOT-FOR-US: Utimaco SecurityServer
-CVE-2020-26153
-	RESERVED
+CVE-2020-26153 (A cross-site scripting (XSS) vulnerability in wp-content/plugins/event ...)
+	TODO: check
 CVE-2020-26152
 	RESERVED
 CVE-2020-26151
@@ -18975,8 +18975,8 @@ CVE-2020-22909
 	RESERVED
 CVE-2020-22908
 	RESERVED
-CVE-2020-22907
-	RESERVED
+CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in jsish bef ...)
+	TODO: check
 CVE-2020-22906
 	RESERVED
 CVE-2020-22905
@@ -19017,16 +19017,16 @@ CVE-2020-22888
 	RESERVED
 CVE-2020-22887
 	RESERVED
-CVE-2020-22886
-	RESERVED
-CVE-2020-22885
-	RESERVED
-CVE-2020-22884
-	RESERVED
+CVE-2020-22886 (Buffer overflow vulnerability in function jsG_markobject in jsgc.c in  ...)
+	TODO: check
+CVE-2020-22885 (Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in ...)
+	TODO: check
+CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in Espruin ...)
+	TODO: check
 CVE-2020-22883
 	RESERVED
-CVE-2020-22882
-	RESERVED
+CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable, allows  ...)
+	TODO: check
 CVE-2020-22881
 	RESERVED
 CVE-2020-22880
@@ -19037,14 +19037,14 @@ CVE-2020-22878
 	RESERVED
 CVE-2020-22877
 	RESERVED
-CVE-2020-22876
-	RESERVED
-CVE-2020-22875
-	RESERVED
-CVE-2020-22874
-	RESERVED
-CVE-2020-22873
-	RESERVED
+CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote a ...)
+	TODO: check
+CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in jsish b ...)
+	TODO: check
+CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish  ...)
+	TODO: check
+CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd in jsis ...)
+	TODO: check
 CVE-2020-22872
 	RESERVED
 CVE-2020-22871
@@ -24425,12 +24425,12 @@ CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memor
 	NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by  ...)
 	NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20252
-	RESERVED
+CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
+	TODO: check
 CVE-2020-20251
 	RESERVED
-CVE-2020-20250
-	RESERVED
+CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
+	TODO: check
 CVE-2020-20249
 	RESERVED
 CVE-2020-20248
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 7b58f1f9a5..95746a592c 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,23 @@
+CVE-2021-36736
+	RESERVED
+CVE-2021-36735
+	RESERVED
+CVE-2021-36734
+	RESERVED
+CVE-2021-36733
+	RESERVED
+CVE-2021-36732
+	RESERVED
+CVE-2021-36731
+	RESERVED
+CVE-2021-36730
+	RESERVED
+CVE-2021-36729
+	RESERVED
+CVE-2021-36728
+	RESERVED
+CVE-2021-36727
+	RESERVED
 CVE-2021-XXXX [Varnish VSV00007]
 	- varnish <unfixed> (bug #991040)
 	NOTE: https://varnish-cache.org/security/VSV00007.html
@@ -720,8 +740,8 @@ CVE-2021-36378
 CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...)
 	- fossil 1:2.15.2-1
 	NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
-CVE-2021-36376
-	RESERVED
+CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...)
+	TODO: check
 CVE-2021-36375
 	RESERVED
 CVE-2021-36374
@@ -1068,8 +1088,8 @@ CVE-2021-36216
 	RESERVED
 CVE-2021-36215
 	RESERVED
-CVE-2021-36214
-	RESERVED
+CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...)
+	TODO: check
 CVE-2021-36213
 	RESERVED
 CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...)
@@ -1264,14 +1284,14 @@ CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWik
 CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
 	NOT-FOR-US: CentralAuth MediaWiki extension
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
-CVE-2021-36124
-	RESERVED
-CVE-2021-36123
-	RESERVED
-CVE-2021-36122
-	RESERVED
-CVE-2021-36121
-	RESERVED
+CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform  ...)
+	TODO: check
+CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...)
+	TODO: check
+CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...)
+	TODO: check
+CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...)
+	TODO: check
 CVE-2021-3633
 	RESERVED
 CVE-2021-36120
@@ -1337,8 +1357,7 @@ CVE-2021-36091
 CVE-2021-3632
 	RESERVED
 	NOT-FOR-US: Keycloak
-CVE-2021-36090
-	RESERVED
+CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to  ...)
 	- libcommons-compress-java <unfixed> (bug #991041)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4
 CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...)
@@ -1650,8 +1669,8 @@ CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the
 	NOT-FOR-US: Plone
 CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite  ...)
 	- tensorflow <itp> (bug #804612)
-CVE-2021-35957
-	RESERVED
+CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...)
+	TODO: check
 CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...)
 	NOT-FOR-US: AKCP sensorProbe
 CVE-2021-35955
@@ -2584,16 +2603,13 @@ CVE-2021-35519
 	RESERVED
 CVE-2021-35518
 	RESERVED
-CVE-2021-35517
-	RESERVED
+CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to  ...)
 	- libcommons-compress-java <unfixed> (bug #991041)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3
-CVE-2021-35516
-	RESERVED
+CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...)
 	- libcommons-compress-java <unfixed> (bug #991041)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2
-CVE-2021-35515
-	RESERVED
+CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...)
 	- libcommons-compress-java <unfixed> (bug #991041)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1
 CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...)
@@ -4719,8 +4735,8 @@ CVE-2021-34554
 	RESERVED
 CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...)
 	NOT-FOR-US: Sonatype Nexus Repository Manager
-CVE-2021-34552
-	RESERVED
+CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...)
+	TODO: check
 CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...)
 	- libphp-phpmailer <not-affected> (Windows-specific)
 CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...)
@@ -5201,92 +5217,92 @@ CVE-2021-34335
 	RESERVED
 CVE-2021-34334
 	RESERVED
-CVE-2021-34333
-	RESERVED
-CVE-2021-34332
-	RESERVED
-CVE-2021-34331
-	RESERVED
-CVE-2021-34330
-	RESERVED
-CVE-2021-34329
-	RESERVED
-CVE-2021-34328
-	RESERVED
-CVE-2021-34327
-	RESERVED
-CVE-2021-34326
-	RESERVED
-CVE-2021-34325
-	RESERVED
-CVE-2021-34324
-	RESERVED
-CVE-2021-34323
-	RESERVED
-CVE-2021-34322
-	RESERVED
-CVE-2021-34321
-	RESERVED
-CVE-2021-34320
-	RESERVED
-CVE-2021-34319
-	RESERVED
-CVE-2021-34318
-	RESERVED
-CVE-2021-34317
-	RESERVED
-CVE-2021-34316
-	RESERVED
-CVE-2021-34315
-	RESERVED
-CVE-2021-34314
-	RESERVED
-CVE-2021-34313
-	RESERVED
-CVE-2021-34312
-	RESERVED
-CVE-2021-34311
-	RESERVED
-CVE-2021-34310
-	RESERVED
-CVE-2021-34309
-	RESERVED
-CVE-2021-34308
-	RESERVED
-CVE-2021-34307
-	RESERVED
-CVE-2021-34306
-	RESERVED
-CVE-2021-34305
-	RESERVED
-CVE-2021-34304
-	RESERVED
-CVE-2021-34303
-	RESERVED
-CVE-2021-34302
-	RESERVED
-CVE-2021-34301
-	RESERVED
-CVE-2021-34300
-	RESERVED
-CVE-2021-34299
-	RESERVED
-CVE-2021-34298
-	RESERVED
-CVE-2021-34297
-	RESERVED
-CVE-2021-34296
-	RESERVED
-CVE-2021-34295
-	RESERVED
-CVE-2021-34294
-	RESERVED
-CVE-2021-34293
-	RESERVED
-CVE-2021-34292
-	RESERVED
-CVE-2021-34291
-	RESERVED
+CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
+CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+	TODO: check
 CVE-2021-3586
 	RESERVED
 	NOT-FOR-US: Maistra
@@ -6389,6 +6405,7 @@ CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. Wh
 	NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
 CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...)
+	{DSA-4938-1}
 	- linuxptp 3.1-2.1 (bug #990748)
 	NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master)
 	NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1)
@@ -6553,26 +6570,26 @@ CVE-2021-33720
 	RESERVED
 CVE-2021-33719
 	RESERVED
-CVE-2021-33718
-	RESERVED
+CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+	TODO: check
 CVE-2021-33717
 	RESERVED
 CVE-2021-33716
 	RESERVED
-CVE-2021-33715
-	RESERVED
-CVE-2021-33714
-	RESERVED
-CVE-2021-33713
-	RESERVED
+CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+	TODO: check
+CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+	TODO: check
+CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+	TODO: check
 CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...)
 	NOT-FOR-US: Mendix SAML Module
-CVE-2021-33711
-	RESERVED
-CVE-2021-33710
-	RESERVED
-CVE-2021-33709
-	RESERVED
+CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4  ...)
+	TODO: check
+CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4  ...)
+	TODO: check
+CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4  ...)
+	TODO: check
 CVE-2021-33708
 	RESERVED
 CVE-2021-33707
@@ -6850,8 +6867,8 @@ CVE-2021-3566
 	RESERVED
 CVE-2021-33579
 	RESERVED
-CVE-2021-33578
-	RESERVED
+CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities  ...)
+	TODO: check
 CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...)
 	NOT-FOR-US: Cleo LexiCom
 CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...)
@@ -10724,14 +10741,14 @@ CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user
 	NOT-FOR-US: JetBrains
 CVE-2021-31896
 	RESERVED
-CVE-2021-31895
-	RESERVED
-CVE-2021-31894
-	RESERVED
-CVE-2021-31893
-	RESERVED
-CVE-2021-31892
-	RESERVED
+CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+	TODO: check
+CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
+	TODO: check
+CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
+	TODO: check
+CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...)
+	TODO: check
 CVE-2021-31891
 	RESERVED
 CVE-2021-31890
@@ -10978,8 +10995,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou
 	- libpdfbox2-java <unfixed>
 	- libpdfbox-java <undetermined>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
-CVE-2021-31810 [Trusting FTP PASV responses vulnerability in Net::FTP]
-	RESERVED
+CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
@@ -12418,24 +12434,24 @@ CVE-2021-31227
 	RESERVED
 CVE-2021-31226
 	RESERVED
-CVE-2021-31225
-	RESERVED
-CVE-2021-31224
-	RESERVED
-CVE-2021-31223
-	RESERVED
-CVE-2021-31222
-	RESERVED
-CVE-2021-31221
-	RESERVED
-CVE-2021-31220
-	RESERVED
+CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...)
+	TODO: check
+CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...)
+	TODO: check
+CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...)
+	TODO: check
+CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...)
+	TODO: check
+CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...)
+	TODO: check
+CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...)
+	TODO: check
 CVE-2021-31219
 	RESERVED
 CVE-2021-31218
 	RESERVED
-CVE-2021-31217
-	RESERVED
+CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...)
+	TODO: check
 CVE-2021-31216
 	RESERVED
 CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
@@ -17474,9 +17490,9 @@ CVE-2021-29108
 	RESERVED
 CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
 	NOT-FOR-US: ArcGIS Server Manager
-CVE-2021-29106 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server  ...)
+CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...)
 	NOT-FOR-US: ArcGIS Server
-CVE-2021-29105 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Ser ...)
+CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
 	NOT-FOR-US: ArcGIS Server Services Directory
 CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
 	NOT-FOR-US: ArcGIS Server Manager
@@ -25693,8 +25709,8 @@ CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (A
 	NOT-FOR-US: Siemens
 CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...)
 	NOT-FOR-US: Mendix Forgot Password Appstore module
-CVE-2021-25671
-	RESERVED
+CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions &lt; V1. ...)
+	TODO: check
 CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...)
 	NOT-FOR-US: Tecnomatix RobotExpert (Siemens)
 CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
@@ -32804,8 +32820,8 @@ CVE-2021-22442
 	RESERVED
 CVE-2021-22441
 	RESERVED
-CVE-2021-22440
-	RESERVED
+CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...)
+	TODO: check
 CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22438
@@ -32886,8 +32902,8 @@ CVE-2021-22401
 	RESERVED
 CVE-2021-22400
 	RESERVED
-CVE-2021-22399
-	RESERVED
+CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
+	TODO: check
 CVE-2021-22398
 	RESERVED
 CVE-2021-22397
@@ -33316,7 +33332,7 @@ CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versi
 	- gitlab <unfixed>
 CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
 	NOT-FOR-US: gitlab-vscode-extension
-CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys  ...)
+CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...)
 	- gitlab <unfixed>
 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
@@ -33747,8 +33763,7 @@ CVE-2021-22002
 	RESERVED
 CVE-2021-22001
 	RESERVED
-CVE-2021-22000
-	RESERVED
+CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vul ...)
 	NOT-FOR-US: VMware
 CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...)
 	NOT-FOR-US: VMware
@@ -33758,11 +33773,9 @@ CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a den
 	NOT-FOR-US: VMware
 CVE-2021-21996
 	RESERVED
-CVE-2021-21995
-	RESERVED
+CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability due a he ...)
 	NOT-FOR-US: VMware
-CVE-2021-21994
-	RESERVED
+CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...)
 	NOT-FOR-US: VMware
 CVE-2021-21993
 	RESERVED
@@ -34155,6 +34168,7 @@ CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_
 CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
+	{DSA-4877-1}
 	- webkit2gtk 2.30.6-1
 	- wpewebkit 2.30.6-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
@@ -37061,12 +37075,12 @@ CVE-2021-20597
 	RESERVED
 CVE-2021-20596
 	RESERVED
-CVE-2021-20595
-	RESERVED
+CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+	TODO: check
 CVE-2021-20594
 	RESERVED
-CVE-2021-20593
-	RESERVED
+CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...)
+	TODO: check
 CVE-2021-20592
 	RESERVED
 CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
@@ -37403,12 +37417,12 @@ CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such
 	NOT-FOR-US: IBM
 CVE-2021-20425
 	RESERVED
-CVE-2021-20424
-	RESERVED
-CVE-2021-20423
-	RESERVED
-CVE-2021-20422
-	RESERVED
+CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote attacker to ob ...)
+	TODO: check
+CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated user g ...)
+	TODO: check
+CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...)
+	TODO: check
 CVE-2021-20421
 	RESERVED
 CVE-2021-20420
@@ -37513,26 +37527,26 @@ CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a r
 	NOT-FOR-US: IBM
 CVE-2021-20370
 	RESERVED
-CVE-2021-20369
-	RESERVED
-CVE-2021-20368
-	RESERVED
+CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+	TODO: check
+CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+	TODO: check
 CVE-2021-20367
 	RESERVED
-CVE-2021-20366
-	RESERVED
-CVE-2021-20365
-	RESERVED
-CVE-2021-20364
-	RESERVED
-CVE-2021-20363
-	RESERVED
-CVE-2021-20362
-	RESERVED
-CVE-2021-20361
-	RESERVED
-CVE-2021-20360
-	RESERVED
+CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+	TODO: check
+CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+	TODO: check
+CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+	TODO: check
+CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+	TODO: check
+CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+	TODO: check
+CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+	TODO: check
+CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+	TODO: check
 CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...)
 	NOT-FOR-US: IBM
 CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-07-13 20:10:26 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-07-13 20:10:26 +0000
commit	4cd7a979fba5af33f8eae777ffe953ec6893d0e7 (patch)
tree	facbfa665c76b25ac997f770bb92f99127fdbbde /data
parent	dd2320ef2cbce079dc1bb0b31ce58d9ba5079fca (diff)