diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-11-09 20:10:15 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-09 20:10:15 +0000 |
commit | b0f756b9ec14c904446071dbc4091856e9ec62fa (patch) | |
tree | ceb3de7deb28e05342b6e2c481aecb516c0e626d /data | |
parent | 18d1d082beddd13aa3c8634040e256b56b577d57 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2016 | 2 | ||||
-rw-r--r-- | data/CVE/list.2019 | 16 | ||||
-rw-r--r-- | data/CVE/list.2020 | 38 | ||||
-rw-r--r-- | data/CVE/list.2021 | 267 |
4 files changed, 173 insertions, 150 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 74c30c2232..bee9eceb46 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -26865,6 +26865,8 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext authentication] + RESERVED + {DSA-5003-1} - samba <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444 NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index e393013dbf..9d9df690cb 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -5709,16 +5709,16 @@ CVE-2019-18918 RESERVED CVE-2019-18917 (A potential security vulnerability has been identified for certain HP ...) NOT-FOR-US: HP -CVE-2019-18916 - RESERVED +CVE-2019-18916 (A potential security vulnerability has been identified for HP LaserJet ...) + TODO: check CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...) NOT-FOR-US: HP System Event Utility -CVE-2019-18914 - RESERVED +CVE-2019-18914 (A potential security vulnerability has been identified for certain HP ...) + TODO: check CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...) NOT-FOR-US: Generic UEFI hardware/software issue -CVE-2019-18912 - RESERVED +CVE-2019-18912 (A potential security vulnerability has been identified for certain HP ...) + TODO: check CVE-2019-18911 RESERVED CVE-2019-18910 (The Citrix Receiver wrapper function does not safely handle user suppl ...) @@ -12174,8 +12174,8 @@ CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engi NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...) NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices -CVE-2019-16240 - RESERVED +CVE-2019-16240 (A Buffer Overflow and Information Disclosure issue exists in HP Office ...) + TODO: check CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...) {DSA-4607-1 DLA-1945-1} - openconnect 8.02-1.1 (bug #940871) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index eaf4cfd13d..989e6cf87b 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -6424,8 +6424,8 @@ CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains a NOT-FOR-US: CA Unified Infrastructure Management CVE-2020-28420 RESERVED -CVE-2020-28419 - RESERVED +CVE-2020-28419 (During installation with certain driver software or application packag ...) + TODO: check CVE-2020-28418 RESERVED CVE-2020-28417 @@ -6497,7 +6497,7 @@ CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core ( NOT-FOR-US: Siemens CVE-2020-28389 RESERVED -CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All versions < ...) +CVE-2020-28388 (A vulnerability has been identified in Capital VSTAR (All versions), N ...) NOT-FOR-US: Siemens CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens @@ -8274,11 +8274,11 @@ CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit throug - webcit <removed> (bug #973385) [buster] - webcit <ignored> (Minor issue) [stretch] - webcit <ignored> (Minor issue) -CVE-2020-27738 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) +CVE-2020-27738 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) -CVE-2020-27737 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) +CVE-2020-27737 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) -CVE-2020-27736 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) +CVE-2020-27736 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...) NOT-FOR-US: Wing FTP @@ -9860,7 +9860,7 @@ CVE-2020-27011 RESERVED CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) NOT-FOR-US: Trend Micro -CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All versions < ...) +CVE-2020-27009 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go @@ -12901,11 +12901,15 @@ CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation [buster] - qemu <postponed> (Fix along in future DSA) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0) CVE-2020-25722 [AD DC UPN vs samAccountName not checked] + RESERVED + {DSA-5003-1} - samba <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)] + RESERVED + {DSA-5003-1} - samba <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557 @@ -12913,16 +12917,22 @@ CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (e CVE-2020-25720 RESERVED CVE-2020-25719 [AD DC Username based races when no PAC is given] + RESERVED + {DSA-5003-1} - samba <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers] + RESERVED + {DSA-5003-1} - samba <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html CVE-2020-25717 [A user on the domain can become root on domain members] + RESERVED + {DSA-5003-1} - samba <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 @@ -34707,7 +34717,7 @@ CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All NOT-FOR-US: DCA Vantage Analyzer CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens -CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All versions < ...) +CVE-2020-15795 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...) NOT-FOR-US: Desigo Insight @@ -49521,12 +49531,12 @@ CVE-2020-10056 (A vulnerability has been identified in License Management Utilit NOT-FOR-US: Siemens CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) NOT-FOR-US: Desigo -CVE-2020-10054 - RESERVED -CVE-2020-10053 - RESERVED -CVE-2020-10052 - RESERVED +CVE-2020-10054 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2020-10053 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2020-10052 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 6eac480d87..7a0b6b409f 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,9 @@ +CVE-2021-43557 + RESERVED +CVE-2021-3941 + RESERVED +CVE-2021-3940 + RESERVED CVE-2021-43556 RESERVED CVE-2021-43555 @@ -86,8 +92,8 @@ CVE-2021-43521 RESERVED CVE-2021-43520 RESERVED -CVE-2021-43519 - RESERVED +CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...) + TODO: check CVE-2021-43518 RESERVED CVE-2021-43517 @@ -192,8 +198,8 @@ CVE-2021-43468 RESERVED CVE-2021-43467 RESERVED -CVE-2021-43466 - RESERVED +CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...) + TODO: check CVE-2021-43465 RESERVED CVE-2021-43464 @@ -353,7 +359,7 @@ CVE-2021-43393 RESERVED CVE-2021-43392 RESERVED -CVE-2021-43396 (In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, re ...) +CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka ...) - glibc <unfixed> (bug #998622) [buster] - glibc <not-affected> (Vulnerable code not present) [stretch] - glibc <not-affected> (Vulnerable code not present) @@ -765,54 +771,54 @@ CVE-2021-3920 RESERVED CVE-2021-3919 RESERVED -CVE-2021-43203 - RESERVED +CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...) + TODO: check CVE-2021-43202 RESERVED -CVE-2021-43201 - RESERVED -CVE-2021-43200 - RESERVED -CVE-2021-43199 - RESERVED -CVE-2021-43198 - RESERVED -CVE-2021-43197 - RESERVED -CVE-2021-43196 - RESERVED -CVE-2021-43195 - RESERVED -CVE-2021-43194 - RESERVED -CVE-2021-43193 - RESERVED -CVE-2021-43192 - RESERVED -CVE-2021-43191 - RESERVED -CVE-2021-43190 - RESERVED -CVE-2021-43189 - RESERVED -CVE-2021-43188 - RESERVED -CVE-2021-43187 - RESERVED -CVE-2021-43186 - RESERVED -CVE-2021-43185 - RESERVED -CVE-2021-43184 - RESERVED -CVE-2021-43183 - RESERVED -CVE-2021-43182 - RESERVED -CVE-2021-43181 - RESERVED -CVE-2021-43180 - RESERVED +CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...) + TODO: check +CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...) + TODO: check +CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in the Create ...) + TODO: check +CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible. ...) + TODO: check +CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications could inclu ...) + TODO: check +CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure via the Do ...) + TODO: check +CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security headers were ...) + TODO: check +CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was possible. ...) + TODO: check +CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution via the a ...) + TODO: check +CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking i ...) + TODO: check +CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the security scree ...) + TODO: check +CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android ...) + TODO: check +CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) + TODO: check +CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) + TODO: check +CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side cache on i ...) + TODO: check +CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. ...) + TODO: check +CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header in ...) + TODO: check +CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. ...) + TODO: check +CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication throttling me ...) + TODO: check +CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user information is po ...) + TODO: check +CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible. ...) + TODO: check +CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure via avata ...) + TODO: check CVE-2021-43179 RESERVED CVE-2021-43178 @@ -825,12 +831,12 @@ CVE-2021-43175 RESERVED CVE-2021-3918 RESERVED -CVE-2021-43174 - RESERVED -CVE-2021-43173 - RESERVED -CVE-2021-43172 - RESERVED +CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...) + TODO: check +CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...) + TODO: check +CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...) + TODO: check CVE-2021-3917 RESERVED CVE-2021-43171 @@ -947,8 +953,8 @@ CVE-2021-43116 RESERVED CVE-2021-43115 RESERVED -CVE-2021-43114 - RESERVED +CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...) + TODO: check CVE-2021-43113 RESERVED CVE-2021-43112 @@ -1768,6 +1774,8 @@ CVE-2021-42745 CVE-2021-3895 RESERVED CVE-2021-23192 [dcerpc requests don't check all fragments against the first auth_state] + RESERVED + {DSA-5003-1} - samba <unfixed> [buster] - samba <not-affected> (Vulnerable code introduced later) [stretch] - samba <not-affected> (Vulnerable code introduced later) @@ -3354,18 +3362,18 @@ CVE-2021-42028 RESERVED CVE-2021-42027 RESERVED -CVE-2021-42026 - RESERVED -CVE-2021-42025 - RESERVED +CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...) + TODO: check +CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...) + TODO: check CVE-2021-42024 RESERVED CVE-2021-42023 RESERVED CVE-2021-42022 RESERVED -CVE-2021-42021 - RESERVED +CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...) + TODO: check CVE-2021-42020 RESERVED CVE-2021-42019 @@ -3376,8 +3384,8 @@ CVE-2021-42017 RESERVED CVE-2021-42016 RESERVED -CVE-2021-42015 - RESERVED +CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...) + TODO: check CVE-2021-42014 RESERVED CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...) @@ -4510,17 +4518,17 @@ CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All ve NOT-FOR-US: Siemens CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens -CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) +CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All versions &l ...) NOT-FOR-US: Siemens CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens -CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) +CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All versions &l ...) NOT-FOR-US: Siemens -CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) +CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) NOT-FOR-US: Siemens -CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) +CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) NOT-FOR-US: Siemens CVE-2021-41532 RESERVED @@ -7249,12 +7257,12 @@ CVE-2021-40368 RESERVED CVE-2021-40367 RESERVED -CVE-2021-40366 - RESERVED +CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWM module) (A ...) + TODO: check CVE-2021-40365 RESERVED -CVE-2021-40364 - RESERVED +CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + TODO: check CVE-2021-40363 RESERVED CVE-2021-40362 @@ -7263,10 +7271,10 @@ CVE-2021-40361 RESERVED CVE-2021-40360 RESERVED -CVE-2021-40359 - RESERVED -CVE-2021-40358 - RESERVED +CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + TODO: check +CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + TODO: check CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) NOT-FOR-US: Siemens CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) @@ -7799,6 +7807,8 @@ CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulne CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...) NOT-FOR-US: Apache Any23 CVE-2021-3738 [crash in dsdb stack] + RESERVED + {DSA-5003-1} - samba <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468 NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html @@ -14787,8 +14797,8 @@ CVE-2021-37209 RESERVED CVE-2021-37208 RESERVED -CVE-2021-37207 - RESERVED +CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...) + TODO: check CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens CVE-2021-37205 @@ -16558,8 +16568,8 @@ CVE-2021-36411 RESERVED CVE-2021-36410 RESERVED -CVE-2021-3641 - RESERVED +CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) + TODO: check CVE-2021-36409 RESERVED CVE-2021-36408 @@ -18397,7 +18407,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-8.0 <unfixed> - mysql-5.7 <removed> CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -18430,11 +18440,12 @@ CVE-2021-35590 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DLA-2814-1} - openjdk-8 8u312-b07-1 CVE-2021-35587 RESERVED CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -18453,7 +18464,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35579 RESERVED CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -18478,18 +18489,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -18498,14 +18509,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...) - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -18514,7 +18525,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -18529,7 +18540,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1} + {DSA-5000-1 DLA-2814-1} - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) @@ -27294,26 +27305,26 @@ CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondi NOT-FOR-US: Siemens CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...) NOT-FOR-US: Siemens -CVE-2021-31890 - RESERVED -CVE-2021-31889 - RESERVED -CVE-2021-31888 - RESERVED -CVE-2021-31887 - RESERVED -CVE-2021-31886 - RESERVED -CVE-2021-31885 - RESERVED -CVE-2021-31884 - RESERVED -CVE-2021-31883 - RESERVED -CVE-2021-31882 - RESERVED -CVE-2021-31881 - RESERVED +CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check CVE-2021-31880 RESERVED CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...) @@ -28713,12 +28724,12 @@ CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ -CVE-2021-31346 - RESERVED -CVE-2021-31345 - RESERVED -CVE-2021-31344 - RESERVED +CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check +CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + TODO: check CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...) NOT-FOR-US: Solid Edge CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...) @@ -38365,7 +38376,7 @@ CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian NOT-FOR-US: Siemens CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix Applications (Siemens) -CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...) +CVE-2021-27393 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network ...) NOT-FOR-US: Siveillance @@ -39172,11 +39183,11 @@ CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 201 NOT-FOR-US: Autodesk CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 201 ...) NOT-FOR-US: Autodesk -CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to write beyo ...) +CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...) NOT-FOR-US: Autodesk -CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2 ...) +CVE-2021-27035 (A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design ...) NOT-FOR-US: Autodesk -CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or TIFF fi ...) +CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT, PCX, RCL ...) NOT-FOR-US: Autodesk CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...) NOT-FOR-US: Autodesk @@ -42630,7 +42641,7 @@ CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command NOT-FOR-US: Node async-git CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) NOT-FOR-US: Solid Edge (Siemens) -CVE-2021-25677 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) +CVE-2021-25677 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...) NOT-FOR-US: Siemens @@ -42656,9 +42667,9 @@ CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (I NOT-FOR-US: Siemens CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) NOT-FOR-US: Siemens -CVE-2021-25664 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) +CVE-2021-25664 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) -CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) +CVE-2021-25663 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens @@ -55788,8 +55799,8 @@ CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00 NOT-FOR-US: Telus Wi-Fi Hub CVE-2021-20120 (The administration web interface for the Arris Surfboard SB8200 lacks ...) NOT-FOR-US: Arris Surfboard SB8200 -CVE-2021-20119 - RESERVED +CVE-2021-20119 (The password change utility for the Arris SurfBoard SB8200 can have sa ...) + TODO: check CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...) NOT-FOR-US: Nessus Agent CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...) |