automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-11-09 20:10:15 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-11-09 20:10:15 +0000
commit: b0f756b9ec14c904446071dbc4091856e9ec62fa (patch)
tree: ceb3de7deb28e05342b6e2c481aecb516c0e626d /data
parent: 18d1d082beddd13aa3c8634040e256b56b577d57 (diff)
4 files changed, 173 insertions, 150 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index 74c30c2232..bee9eceb46 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -26865,6 +26865,8 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
 	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
 CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext authentication]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index e393013dbf..9d9df690cb 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -5709,16 +5709,16 @@ CVE-2019-18918
 	RESERVED
 CVE-2019-18917 (A potential security vulnerability has been identified for certain HP  ...)
 	NOT-FOR-US: HP
-CVE-2019-18916
-	RESERVED
+CVE-2019-18916 (A potential security vulnerability has been identified for HP LaserJet ...)
+	TODO: check
 CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...)
 	NOT-FOR-US: HP System Event Utility
-CVE-2019-18914
-	RESERVED
+CVE-2019-18914 (A potential security vulnerability has been identified for certain HP  ...)
+	TODO: check
 CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...)
 	NOT-FOR-US: Generic UEFI hardware/software issue
-CVE-2019-18912
-	RESERVED
+CVE-2019-18912 (A potential security vulnerability has been identified for certain HP  ...)
+	TODO: check
 CVE-2019-18911
 	RESERVED
 CVE-2019-18910 (The Citrix Receiver wrapper function does not safely handle user suppl ...)
@@ -12174,8 +12174,8 @@ CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engi
 	NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
 CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...)
 	NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
-CVE-2019-16240
-	RESERVED
+CVE-2019-16240 (A Buffer Overflow and Information Disclosure issue exists in HP Office ...)
+	TODO: check
 CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...)
 	{DSA-4607-1 DLA-1945-1}
 	- openconnect 8.02-1.1 (bug #940871)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index eaf4cfd13d..989e6cf87b 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -6424,8 +6424,8 @@ CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains a
 	NOT-FOR-US: CA Unified Infrastructure Management
 CVE-2020-28420
 	RESERVED
-CVE-2020-28419
-	RESERVED
+CVE-2020-28419 (During installation with certain driver software or application packag ...)
+	TODO: check
 CVE-2020-28418
 	RESERVED
 CVE-2020-28417
@@ -6497,7 +6497,7 @@ CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (
 	NOT-FOR-US: Siemens
 CVE-2020-28389
 	RESERVED
-CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All versions &lt;  ...)
+CVE-2020-28388 (A vulnerability has been identified in Capital VSTAR (All versions), N ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
@@ -8274,11 +8274,11 @@ CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit throug
 	- webcit <removed> (bug #973385)
 	[buster] - webcit <ignored> (Minor issue)
 	[stretch] - webcit <ignored> (Minor issue)
-CVE-2020-27738 (A vulnerability has been identified in Nucleus 4 (All versions &lt; V4 ...)
+CVE-2020-27738 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27737 (A vulnerability has been identified in Nucleus 4 (All versions &lt; V4 ...)
+CVE-2020-27737 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27736 (A vulnerability has been identified in Nucleus 4 (All versions &lt; V4 ...)
+CVE-2020-27736 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...)
 	NOT-FOR-US: Wing FTP
@@ -9860,7 +9860,7 @@ CVE-2020-27011
 	RESERVED
 CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
 	NOT-FOR-US: Trend Micro
-CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All versions &lt;  ...)
+CVE-2020-27009 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
@@ -12901,11 +12901,15 @@ CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0)
 CVE-2020-25722 [AD DC UPN vs samAccountName not checked]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html
 CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557
@@ -12913,16 +12917,22 @@ CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (e
 CVE-2020-25720
 	RESERVED
 CVE-2020-25719 [AD DC Username based races when no PAC is given]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html
 CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
 CVE-2020-25717 [A user on the domain can become root on domain members]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
@@ -34707,7 +34717,7 @@ CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All
 	NOT-FOR-US: DCA Vantage Analyzer
 CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
 	NOT-FOR-US: Siemens
-CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All versions &lt;  ...)
+CVE-2020-15795 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions).  ...)
 	NOT-FOR-US: Desigo Insight
@@ -49521,12 +49531,12 @@ CVE-2020-10056 (A vulnerability has been identified in License Management Utilit
 	NOT-FOR-US: Siemens
 CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
 	NOT-FOR-US: Desigo
-CVE-2020-10054
-	RESERVED
-CVE-2020-10053
-	RESERVED
-CVE-2020-10052
-	RESERVED
+CVE-2020-10054 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+	TODO: check
+CVE-2020-10053 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+	TODO: check
+CVE-2020-10052 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+	TODO: check
 CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
 	NOT-FOR-US: Siemens
 CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 6eac480d87..7a0b6b409f 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,9 @@
+CVE-2021-43557
+	RESERVED
+CVE-2021-3941
+	RESERVED
+CVE-2021-3940
+	RESERVED
 CVE-2021-43556
 	RESERVED
 CVE-2021-43555
@@ -86,8 +92,8 @@ CVE-2021-43521
 	RESERVED
 CVE-2021-43520
 	RESERVED
-CVE-2021-43519
-	RESERVED
+CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...)
+	TODO: check
 CVE-2021-43518
 	RESERVED
 CVE-2021-43517
@@ -192,8 +198,8 @@ CVE-2021-43468
 	RESERVED
 CVE-2021-43467
 	RESERVED
-CVE-2021-43466
-	RESERVED
+CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...)
+	TODO: check
 CVE-2021-43465
 	RESERVED
 CVE-2021-43464
@@ -353,7 +359,7 @@ CVE-2021-43393
 	RESERVED
 CVE-2021-43392
 	RESERVED
-CVE-2021-43396 (In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, re ...)
+CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka  ...)
 	- glibc <unfixed> (bug #998622)
 	[buster] - glibc <not-affected> (Vulnerable code not present)
 	[stretch] - glibc <not-affected> (Vulnerable code not present)
@@ -765,54 +771,54 @@ CVE-2021-3920
 	RESERVED
 CVE-2021-3919
 	RESERVED
-CVE-2021-43203
-	RESERVED
+CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
+	TODO: check
 CVE-2021-43202
 	RESERVED
-CVE-2021-43201
-	RESERVED
-CVE-2021-43200
-	RESERVED
-CVE-2021-43199
-	RESERVED
-CVE-2021-43198
-	RESERVED
-CVE-2021-43197
-	RESERVED
-CVE-2021-43196
-	RESERVED
-CVE-2021-43195
-	RESERVED
-CVE-2021-43194
-	RESERVED
-CVE-2021-43193
-	RESERVED
-CVE-2021-43192
-	RESERVED
-CVE-2021-43191
-	RESERVED
-CVE-2021-43190
-	RESERVED
-CVE-2021-43189
-	RESERVED
-CVE-2021-43188
-	RESERVED
-CVE-2021-43187
-	RESERVED
-CVE-2021-43186
-	RESERVED
-CVE-2021-43185
-	RESERVED
-CVE-2021-43184
-	RESERVED
-CVE-2021-43183
-	RESERVED
-CVE-2021-43182
-	RESERVED
-CVE-2021-43181
-	RESERVED
-CVE-2021-43180
-	RESERVED
+CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...)
+	TODO: check
+CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent  ...)
+	TODO: check
+CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in the Create ...)
+	TODO: check
+CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible. ...)
+	TODO: check
+CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications could inclu ...)
+	TODO: check
+CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure via the Do ...)
+	TODO: check
+CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security headers were ...)
+	TODO: check
+CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was possible. ...)
+	TODO: check
+CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution via the a ...)
+	TODO: check
+CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking i ...)
+	TODO: check
+CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the security scree ...)
+	TODO: check
+CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android  ...)
+	TODO: check
+CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...)
+	TODO: check
+CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...)
+	TODO: check
+CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side cache on i ...)
+	TODO: check
+CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. ...)
+	TODO: check
+CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header in ...)
+	TODO: check
+CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. ...)
+	TODO: check
+CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication throttling me ...)
+	TODO: check
+CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user information is po ...)
+	TODO: check
+CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible. ...)
+	TODO: check
+CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure via avata ...)
+	TODO: check
 CVE-2021-43179
 	RESERVED
 CVE-2021-43178
@@ -825,12 +831,12 @@ CVE-2021-43175
 	RESERVED
 CVE-2021-3918
 	RESERVED
-CVE-2021-43174
-	RESERVED
-CVE-2021-43173
-	RESERVED
-CVE-2021-43172
-	RESERVED
+CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
+	TODO: check
+CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...)
+	TODO: check
+CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...)
+	TODO: check
 CVE-2021-3917
 	RESERVED
 CVE-2021-43171
@@ -947,8 +953,8 @@ CVE-2021-43116
 	RESERVED
 CVE-2021-43115
 	RESERVED
-CVE-2021-43114
-	RESERVED
+CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...)
+	TODO: check
 CVE-2021-43113
 	RESERVED
 CVE-2021-43112
@@ -1768,6 +1774,8 @@ CVE-2021-42745
 CVE-2021-3895
 	RESERVED
 CVE-2021-23192 [dcerpc requests don't check all fragments against the first auth_state]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	[buster] - samba <not-affected> (Vulnerable code introduced later)
 	[stretch] - samba <not-affected> (Vulnerable code introduced later)
@@ -3354,18 +3362,18 @@ CVE-2021-42028
 	RESERVED
 CVE-2021-42027
 	RESERVED
-CVE-2021-42026
-	RESERVED
-CVE-2021-42025
-	RESERVED
+CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+	TODO: check
+CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+	TODO: check
 CVE-2021-42024
 	RESERVED
 CVE-2021-42023
 	RESERVED
 CVE-2021-42022
 	RESERVED
-CVE-2021-42021
-	RESERVED
+CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
+	TODO: check
 CVE-2021-42020
 	RESERVED
 CVE-2021-42019
@@ -3376,8 +3384,8 @@ CVE-2021-42017
 	RESERVED
 CVE-2021-42016
 	RESERVED
-CVE-2021-42015
-	RESERVED
+CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+	TODO: check
 CVE-2021-42014
 	RESERVED
 CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...)
@@ -4510,17 +4518,17 @@ CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All ve
 	NOT-FOR-US: Siemens
 CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
 	NOT-FOR-US: Siemens
-CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All versions &l ...)
 	NOT-FOR-US: Siemens
 CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
 	NOT-FOR-US: Siemens
 CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
 	NOT-FOR-US: Siemens
-CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All versions &l ...)
 	NOT-FOR-US: Siemens
-CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
 	NOT-FOR-US: Siemens
-CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
 	NOT-FOR-US: Siemens
 CVE-2021-41532
 	RESERVED
@@ -7249,12 +7257,12 @@ CVE-2021-40368
 	RESERVED
 CVE-2021-40367
 	RESERVED
-CVE-2021-40366
-	RESERVED
+CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWM module) (A ...)
+	TODO: check
 CVE-2021-40365
 	RESERVED
-CVE-2021-40364
-	RESERVED
+CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
+	TODO: check
 CVE-2021-40363
 	RESERVED
 CVE-2021-40362
@@ -7263,10 +7271,10 @@ CVE-2021-40361
 	RESERVED
 CVE-2021-40360
 	RESERVED
-CVE-2021-40359
-	RESERVED
-CVE-2021-40358
-	RESERVED
+CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
+	TODO: check
+CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
+	TODO: check
 CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions  ...)
@@ -7799,6 +7807,8 @@ CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulne
 CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...)
 	NOT-FOR-US: Apache Any23
 CVE-2021-3738 [crash in dsdb stack]
+	RESERVED
+	{DSA-5003-1}
 	- samba <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
 	NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
@@ -14787,8 +14797,8 @@ CVE-2021-37209
 	RESERVED
 CVE-2021-37208
 	RESERVED
-CVE-2021-37207
-	RESERVED
+CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...)
+	TODO: check
 CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37205
@@ -16558,8 +16568,8 @@ CVE-2021-36411
 	RESERVED
 CVE-2021-36410
 	RESERVED
-CVE-2021-3641
-	RESERVED
+CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+	TODO: check
 CVE-2021-36409
 	RESERVED
 CVE-2021-36408
@@ -18397,7 +18407,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-8.0 <unfixed>
 	- mysql-5.7 <removed>
 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -18430,11 +18440,12 @@ CVE-2021-35590 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp
 CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DLA-2814-1}
 	- openjdk-8 8u312-b07-1
 CVE-2021-35587
 	RESERVED
 CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -18453,7 +18464,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35579
 	RESERVED
 CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -18478,18 +18489,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -18498,14 +18509,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle
 CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
 	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -18514,7 +18525,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser
 CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -18529,7 +18540,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1}
+	{DSA-5000-1 DLA-2814-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -27294,26 +27305,26 @@ CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondi
 	NOT-FOR-US: Siemens
 CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...)
 	NOT-FOR-US: Siemens
-CVE-2021-31890
-	RESERVED
-CVE-2021-31889
-	RESERVED
-CVE-2021-31888
-	RESERVED
-CVE-2021-31887
-	RESERVED
-CVE-2021-31886
-	RESERVED
-CVE-2021-31885
-	RESERVED
-CVE-2021-31884
-	RESERVED
-CVE-2021-31883
-	RESERVED
-CVE-2021-31882
-	RESERVED
-CVE-2021-31881
-	RESERVED
+CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
 CVE-2021-31880
 	RESERVED
 CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a  ...)
@@ -28713,12 +28724,12 @@ CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
 	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
 	[buster] - netcdf-parallel <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/27/
-CVE-2021-31346
-	RESERVED
-CVE-2021-31345
-	RESERVED
-CVE-2021-31344
-	RESERVED
+CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
+CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
+	TODO: check
 CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...)
 	NOT-FOR-US: Solid Edge
 CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...)
@@ -38365,7 +38376,7 @@ CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian
 	NOT-FOR-US: Siemens
 CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
 	NOT-FOR-US: Mendix Applications (Siemens)
-CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2021-27393 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network  ...)
 	NOT-FOR-US: Siveillance
@@ -39172,11 +39183,11 @@ CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 201
 	NOT-FOR-US: Autodesk
 CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 201 ...)
 	NOT-FOR-US: Autodesk
-CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to write beyo ...)
+CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...)
 	NOT-FOR-US: Autodesk
-CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2 ...)
+CVE-2021-27035 (A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design ...)
 	NOT-FOR-US: Autodesk
-CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or TIFF fi ...)
+CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT, PCX, RCL  ...)
 	NOT-FOR-US: Autodesk
 CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...)
 	NOT-FOR-US: Autodesk
@@ -42630,7 +42641,7 @@ CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command
 	NOT-FOR-US: Node async-git
 CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
 	NOT-FOR-US: Solid Edge (Siemens)
-CVE-2021-25677 (A vulnerability has been identified in Nucleus 4 (All versions &lt; V4 ...)
+CVE-2021-25677 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...)
 	NOT-FOR-US: Siemens
@@ -42656,9 +42667,9 @@ CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (I
 	NOT-FOR-US: Siemens
 CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
 	NOT-FOR-US: Siemens
-CVE-2021-25664 (A vulnerability has been identified in Nucleus 4 (All versions &lt; V4 ...)
+CVE-2021-25664 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
-CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions &lt; V4 ...)
+CVE-2021-25663 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
 	NOT-FOR-US: Siemens
@@ -55788,8 +55799,8 @@ CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00
 	NOT-FOR-US: Telus Wi-Fi Hub
 CVE-2021-20120 (The administration web interface for the Arris Surfboard SB8200 lacks  ...)
 	NOT-FOR-US: Arris Surfboard SB8200
-CVE-2021-20119
-	RESERVED
+CVE-2021-20119 (The password change utility for the Arris SurfBoard SB8200 can have sa ...)
+	TODO: check
 CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege  ...)
 	NOT-FOR-US: Nessus Agent
 CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege  ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-11-09 20:10:15 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-11-09 20:10:15 +0000
commit	b0f756b9ec14c904446071dbc4091856e9ec62fa (patch)
tree	ceb3de7deb28e05342b6e2c481aecb516c0e626d /data
parent	18d1d082beddd13aa3c8634040e256b56b577d57 (diff)