CVE-2021-42523 RESERVED CVE-2021-42522 RESERVED CVE-2021-42521 RESERVED CVE-2021-42520 RESERVED CVE-2021-42519 RESERVED CVE-2021-42518 RESERVED CVE-2021-42517 RESERVED CVE-2021-42516 RESERVED CVE-2021-42515 RESERVED CVE-2021-42514 RESERVED CVE-2021-42513 RESERVED CVE-2021-42512 RESERVED CVE-2021-42511 RESERVED CVE-2021-42510 RESERVED CVE-2021-42509 RESERVED CVE-2021-42508 RESERVED CVE-2021-42507 RESERVED CVE-2021-42506 RESERVED CVE-2021-42505 RESERVED CVE-2021-42504 RESERVED CVE-2021-42503 RESERVED CVE-2021-42502 RESERVED CVE-2021-42501 RESERVED CVE-2021-42500 RESERVED CVE-2021-42499 RESERVED CVE-2021-42498 RESERVED CVE-2021-42497 RESERVED CVE-2021-42496 RESERVED CVE-2021-42495 RESERVED CVE-2021-42494 RESERVED CVE-2021-42493 RESERVED CVE-2021-42492 RESERVED CVE-2021-42491 RESERVED CVE-2021-42490 RESERVED CVE-2021-42489 RESERVED CVE-2021-42488 RESERVED CVE-2021-42487 RESERVED CVE-2021-42486 RESERVED CVE-2021-42485 RESERVED CVE-2021-42484 RESERVED CVE-2021-42483 RESERVED CVE-2021-42482 RESERVED CVE-2021-42481 RESERVED CVE-2021-42480 RESERVED CVE-2021-42479 RESERVED CVE-2021-42478 RESERVED CVE-2021-42477 RESERVED CVE-2021-42476 RESERVED CVE-2021-42475 RESERVED CVE-2021-42474 RESERVED CVE-2021-42473 RESERVED CVE-2021-42472 RESERVED CVE-2021-42471 RESERVED CVE-2021-42470 RESERVED CVE-2021-42469 RESERVED CVE-2021-42468 RESERVED CVE-2021-42467 RESERVED CVE-2021-42466 RESERVED CVE-2021-42465 RESERVED CVE-2021-42464 RESERVED CVE-2021-42463 RESERVED CVE-2021-42462 RESERVED CVE-2021-42461 RESERVED CVE-2021-42460 RESERVED CVE-2021-42459 RESERVED CVE-2021-42458 RESERVED CVE-2021-42457 RESERVED CVE-2021-42456 RESERVED CVE-2021-42455 RESERVED CVE-2021-42454 RESERVED CVE-2021-42453 RESERVED CVE-2021-42452 RESERVED CVE-2021-42451 RESERVED CVE-2021-42450 RESERVED CVE-2021-42449 RESERVED CVE-2021-42448 RESERVED CVE-2021-42447 RESERVED CVE-2021-42446 RESERVED CVE-2021-42445 RESERVED CVE-2021-42444 RESERVED CVE-2021-42443 RESERVED CVE-2021-42442 RESERVED CVE-2021-42441 RESERVED CVE-2021-42440 RESERVED CVE-2021-42439 RESERVED CVE-2021-42438 RESERVED CVE-2021-42437 RESERVED CVE-2021-42436 RESERVED CVE-2021-42435 RESERVED CVE-2021-42434 RESERVED CVE-2021-42433 RESERVED CVE-2021-42432 RESERVED CVE-2021-42431 RESERVED CVE-2021-42430 RESERVED CVE-2021-42429 RESERVED CVE-2021-42428 RESERVED CVE-2021-42427 RESERVED CVE-2021-42426 RESERVED CVE-2021-42425 RESERVED CVE-2021-42424 RESERVED CVE-2021-42423 RESERVED CVE-2021-42422 RESERVED CVE-2021-42421 RESERVED CVE-2021-42420 RESERVED CVE-2021-42419 RESERVED CVE-2021-42418 RESERVED CVE-2021-42417 RESERVED CVE-2021-42416 RESERVED CVE-2021-42415 RESERVED CVE-2021-42414 RESERVED CVE-2021-42413 RESERVED CVE-2021-42412 RESERVED CVE-2021-42411 RESERVED CVE-2021-42410 RESERVED CVE-2021-42409 RESERVED CVE-2021-42408 RESERVED CVE-2021-42407 RESERVED CVE-2021-42406 RESERVED CVE-2021-42405 RESERVED CVE-2021-42404 RESERVED CVE-2021-42403 RESERVED CVE-2021-42402 RESERVED CVE-2021-42401 RESERVED CVE-2021-42400 RESERVED CVE-2021-42399 RESERVED CVE-2021-42398 RESERVED CVE-2021-42397 RESERVED CVE-2021-42396 RESERVED CVE-2021-42395 RESERVED CVE-2021-42394 RESERVED CVE-2021-42393 RESERVED CVE-2021-42392 RESERVED CVE-2021-42391 RESERVED CVE-2021-42390 RESERVED CVE-2021-42389 RESERVED CVE-2021-42388 RESERVED CVE-2021-42387 RESERVED CVE-2021-42386 RESERVED CVE-2021-42385 RESERVED CVE-2021-42384 RESERVED CVE-2021-42383 RESERVED CVE-2021-42382 RESERVED CVE-2021-42381 RESERVED CVE-2021-42380 RESERVED CVE-2021-42379 RESERVED CVE-2021-42378 RESERVED CVE-2021-42377 RESERVED CVE-2021-42376 RESERVED CVE-2021-42375 RESERVED CVE-2021-42374 RESERVED CVE-2021-42373 RESERVED CVE-2021-42372 RESERVED CVE-2021-42371 RESERVED CVE-2021-42370 RESERVED CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...) NOT-FOR-US: Imagicle Application Suite CVE-2021-42368 RESERVED CVE-2021-42367 RESERVED CVE-2021-42366 RESERVED CVE-2021-42365 RESERVED CVE-2021-42364 RESERVED CVE-2021-42363 RESERVED CVE-2021-42362 RESERVED CVE-2021-42361 RESERVED CVE-2021-42360 RESERVED CVE-2021-42359 RESERVED CVE-2021-42358 RESERVED CVE-2021-42357 RESERVED CVE-2021-42356 RESERVED CVE-2021-42355 RESERVED CVE-2021-42354 RESERVED CVE-2021-42353 RESERVED CVE-2021-42352 RESERVED CVE-2021-42351 RESERVED CVE-2021-42350 RESERVED CVE-2021-42349 RESERVED CVE-2021-42348 RESERVED CVE-2021-42347 RESERVED CVE-2021-42346 RESERVED CVE-2021-42345 RESERVED CVE-2021-42344 RESERVED CVE-2021-42343 RESERVED CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...) NOT-FOR-US: Embedthis GoAhead CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...) - openrc NOTE: https://github.com/OpenRC/openrc/issues/459 NOTE: https://github.com/OpenRC/openrc/pull/462 NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204 CVE-2021-3886 RESERVED CVE-2021-3885 RESERVED CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...) TODO: check CVE-2021-3884 RESERVED CVE-2021-3883 RESERVED CVE-2021-42339 RESERVED CVE-2021-42338 RESERVED CVE-2021-42337 RESERVED CVE-2021-42336 RESERVED CVE-2021-42335 RESERVED CVE-2021-42334 RESERVED CVE-2021-42333 RESERVED CVE-2021-42332 RESERVED CVE-2021-42331 RESERVED CVE-2021-42330 RESERVED CVE-2021-42329 RESERVED CVE-2021-42328 RESERVED CVE-2021-42327 RESERVED CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...) - redmine NOTE: https://www.redmine.org/news/133 NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10 CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...) NOT-FOR-US: Froxlor CVE-2021-42324 RESERVED CVE-2021-42323 RESERVED CVE-2021-42322 RESERVED CVE-2021-42321 RESERVED CVE-2021-42320 RESERVED CVE-2021-42319 RESERVED CVE-2021-42318 RESERVED CVE-2021-42317 RESERVED CVE-2021-42316 RESERVED CVE-2021-42315 RESERVED CVE-2021-42314 RESERVED CVE-2021-42313 RESERVED CVE-2021-42312 RESERVED CVE-2021-42311 RESERVED CVE-2021-42310 RESERVED CVE-2021-42309 RESERVED CVE-2021-42308 RESERVED CVE-2021-42307 RESERVED CVE-2021-42306 RESERVED CVE-2021-42305 RESERVED CVE-2021-42304 RESERVED CVE-2021-42303 RESERVED CVE-2021-42302 RESERVED CVE-2021-42301 RESERVED CVE-2021-42300 RESERVED CVE-2021-42299 RESERVED CVE-2021-42298 RESERVED CVE-2021-42297 RESERVED CVE-2021-42296 RESERVED CVE-2021-42295 RESERVED CVE-2021-42294 RESERVED CVE-2021-42293 RESERVED CVE-2021-42292 RESERVED CVE-2021-42291 RESERVED CVE-2021-42290 RESERVED CVE-2021-42289 RESERVED CVE-2021-42288 RESERVED CVE-2021-42287 RESERVED CVE-2021-42286 RESERVED CVE-2021-42285 RESERVED CVE-2021-42284 RESERVED CVE-2021-42283 RESERVED CVE-2021-42282 RESERVED CVE-2021-42281 RESERVED CVE-2021-42280 RESERVED CVE-2021-42279 RESERVED CVE-2021-42278 RESERVED CVE-2021-42277 RESERVED CVE-2021-42276 RESERVED CVE-2021-42275 RESERVED CVE-2021-42274 RESERVED CVE-2021-42273 RESERVED CVE-2021-42272 RESERVED CVE-2021-42271 RESERVED CVE-2021-42270 RESERVED CVE-2021-42269 RESERVED CVE-2021-42268 RESERVED CVE-2021-42267 RESERVED CVE-2021-42266 RESERVED CVE-2021-42265 RESERVED CVE-2021-42264 RESERVED CVE-2021-42263 RESERVED CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...) - ledgersmb (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/ NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie CVE-2021-3881 RESERVED CVE-2021-3880 RESERVED CVE-2021-3879 RESERVED CVE-2021-42262 RESERVED CVE-2021-42261 RESERVED CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) - tinyxml NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ CVE-2021-42259 RESERVED CVE-2021-42258 RESERVED CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an unprivil ...) NOT-FOR-US: check_smart Icinga plugin CVE-2021-42256 RESERVED CVE-2021-3878 RESERVED CVE-2021-42255 RESERVED CVE-2021-42254 RESERVED CVE-2021-42253 RESERVED CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...) {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/b49a0e69a7b1a68c8d3f64097d06dabb770fec96 (5.15-rc1) CVE-2021-42251 RESERVED CVE-2021-42250 RESERVED CVE-2021-42249 RESERVED CVE-2021-42248 RESERVED CVE-2021-42247 RESERVED CVE-2021-42246 RESERVED CVE-2021-42245 RESERVED CVE-2021-42244 RESERVED CVE-2021-42243 RESERVED CVE-2021-42242 RESERVED CVE-2021-42241 RESERVED CVE-2021-42240 RESERVED CVE-2021-42239 RESERVED CVE-2021-42238 RESERVED CVE-2021-42237 RESERVED CVE-2021-42236 RESERVED CVE-2021-42235 RESERVED CVE-2021-42234 RESERVED CVE-2021-42233 RESERVED CVE-2021-42232 RESERVED CVE-2021-42231 RESERVED CVE-2021-42230 RESERVED CVE-2021-42229 RESERVED CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...) NOT-FOR-US: KindEditor CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) NOT-FOR-US: KindEditor CVE-2021-42226 RESERVED CVE-2021-42225 RESERVED CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...) NOT-FOR-US: IFSC Code Finder Project CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...) NOT-FOR-US: Online DJ Booking Management System CVE-2021-42222 RESERVED CVE-2021-42221 RESERVED CVE-2021-42220 RESERVED CVE-2021-42219 RESERVED CVE-2021-42218 RESERVED CVE-2021-42217 RESERVED CVE-2021-42216 RESERVED CVE-2021-42215 RESERVED CVE-2021-42214 RESERVED CVE-2021-42213 RESERVED CVE-2021-42212 RESERVED CVE-2021-42211 RESERVED CVE-2021-42210 RESERVED CVE-2021-42209 RESERVED CVE-2021-42208 RESERVED CVE-2021-42207 RESERVED CVE-2021-42206 RESERVED CVE-2021-42205 RESERVED CVE-2021-42204 RESERVED CVE-2021-42203 RESERVED CVE-2021-42202 RESERVED CVE-2021-42201 RESERVED CVE-2021-42200 RESERVED CVE-2021-42199 RESERVED CVE-2021-42198 RESERVED CVE-2021-42197 RESERVED CVE-2021-42196 RESERVED CVE-2021-42195 RESERVED CVE-2021-42194 RESERVED CVE-2021-42193 RESERVED CVE-2021-42192 RESERVED CVE-2021-42191 RESERVED CVE-2021-42190 RESERVED CVE-2021-42189 RESERVED CVE-2021-42188 RESERVED CVE-2021-42187 RESERVED CVE-2021-42186 RESERVED CVE-2021-42185 RESERVED CVE-2021-42184 RESERVED CVE-2021-42183 RESERVED CVE-2021-42182 RESERVED CVE-2021-42181 RESERVED CVE-2021-42180 RESERVED CVE-2021-42179 RESERVED CVE-2021-42178 RESERVED CVE-2021-42177 RESERVED CVE-2021-42176 RESERVED CVE-2021-42175 RESERVED CVE-2021-42174 RESERVED CVE-2021-42173 RESERVED CVE-2021-42172 RESERVED CVE-2021-42171 RESERVED CVE-2021-42170 RESERVED CVE-2021-42169 RESERVED CVE-2021-42168 RESERVED CVE-2021-42167 RESERVED CVE-2021-42166 RESERVED CVE-2021-42165 RESERVED CVE-2021-42164 RESERVED CVE-2021-42163 RESERVED CVE-2021-42162 RESERVED CVE-2021-42161 RESERVED CVE-2021-42160 RESERVED CVE-2021-42159 RESERVED CVE-2021-42158 RESERVED CVE-2021-42157 RESERVED CVE-2021-42156 RESERVED CVE-2021-42155 RESERVED CVE-2021-42154 RESERVED CVE-2021-42153 RESERVED CVE-2021-42152 RESERVED CVE-2021-42151 RESERVED CVE-2021-42150 RESERVED CVE-2021-42149 RESERVED CVE-2021-42148 RESERVED CVE-2021-3877 RESERVED CVE-2021-42147 RESERVED CVE-2021-42146 RESERVED CVE-2021-42145 RESERVED CVE-2021-42144 RESERVED CVE-2021-42143 RESERVED CVE-2021-42142 RESERVED CVE-2021-42141 RESERVED CVE-2021-42140 RESERVED CVE-2021-42139 (Deno before 0.107.0 allows Code Injection via an untrusted YAML file i ...) NOT-FOR-US: Deno CVE-2021-42138 RESERVED CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...) - zammad (bug #841355) CVE-2021-42136 RESERVED CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...) NOT-FOR-US: HashiCorp Vault CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...) NOT-FOR-US: Django Unicorn, different from src:unicorn CVE-2021-3876 RESERVED CVE-2021-3875 RESERVED CVE-2021-42133 RESERVED CVE-2021-42132 RESERVED CVE-2021-42131 RESERVED CVE-2021-42130 RESERVED CVE-2021-42129 RESERVED CVE-2021-42128 RESERVED CVE-2021-42127 RESERVED CVE-2021-42126 RESERVED CVE-2021-42125 RESERVED CVE-2021-42124 RESERVED CVE-2021-42123 RESERVED CVE-2021-42122 RESERVED CVE-2021-42121 RESERVED CVE-2021-42120 RESERVED CVE-2021-42119 RESERVED CVE-2021-42118 RESERVED CVE-2021-42117 RESERVED CVE-2021-42116 RESERVED CVE-2021-42115 RESERVED CVE-2021-42114 RESERVED CVE-2021-42113 RESERVED CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...) - limesurvey (bug #472802) CVE-2021-42111 RESERVED CVE-2021-42110 RESERVED CVE-2021-3874 RESERVED CVE-2021-3873 RESERVED CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...) NOT-FOR-US: VITEC Exterity IPTV products CVE-2021-42108 RESERVED CVE-2021-42107 RESERVED CVE-2021-42106 RESERVED CVE-2021-42105 RESERVED CVE-2021-42104 RESERVED CVE-2021-42103 RESERVED CVE-2021-42102 RESERVED CVE-2021-42101 RESERVED CVE-2021-3872 RESERVED CVE-2021-3871 RESERVED CVE-2021-3870 RESERVED CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...) {DSA-4984-1} - flatpak 1.12.1-1 (bug #995935) [buster] - flatpak (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp) [stretch] - flatpak (Difficult to exploit) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q NOTE: Sourcewise fixed in 1.12.0-1 already, but 1.12.1-1 adds stricter dependency NOTE: to libseccomp 2.5.2 so that CVE-2021-41133 is fully prevented. NOTE: https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf NOTE: https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 NOTE: https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca NOTE: https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330 NOTE: https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f NOTE: https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36 NOTE: https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999 NOTE: https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf NOTE: Regression followups: NOTE: https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861 CVE-2021-42100 RESERVED CVE-2021-42099 RESERVED CVE-2021-42098 RESERVED CVE-2021-42097 RESERVED CVE-2021-42096 RESERVED CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by triggering ...) NOT-FOR-US: NetSarang Xshell CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command Injection can ...) - zammad (bug #841355) CVE-2021-42093 (An issue was discovered in Zammad before 4.1.1. An admin can execute c ...) - zammad (bug #841355) CVE-2021-42092 (An issue was discovered in Zammad before 4.1.1. Stored XSS may occur v ...) - zammad (bug #841355) CVE-2021-42091 (An issue was discovered in Zammad before 4.1.1. SSRF can occur via Git ...) - zammad (bug #841355) CVE-2021-42090 (An issue was discovered in Zammad before 4.1.1. The Form functionality ...) - zammad (bug #841355) CVE-2021-42089 (An issue was discovered in Zammad before 4.1.1. The REST API discloses ...) - zammad (bug #841355) CVE-2021-42088 (An issue was discovered in Zammad before 4.1.1. The Chat functionality ...) - zammad (bug #841355) CVE-2021-42087 (An issue was discovered in Zammad before 4.1.1. An admin can discover ...) - zammad (bug #841355) CVE-2021-42086 (An issue was discovered in Zammad before 4.1.1. An Agent account can m ...) - zammad (bug #841355) CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored XSS vi ...) - zammad (bug #841355) CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...) - zammad (bug #841355) CVE-2021-3869 RESERVED CVE-2021-42083 RESERVED CVE-2021-42082 RESERVED CVE-2021-42081 RESERVED CVE-2021-42080 RESERVED CVE-2021-42079 RESERVED CVE-2021-42078 RESERVED CVE-2021-42077 RESERVED CVE-2021-42076 RESERVED CVE-2021-42075 RESERVED CVE-2021-42074 RESERVED CVE-2021-42073 RESERVED CVE-2021-42072 RESERVED CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...) NOT-FOR-US: Visual Tools DVR VX16 CVE-2021-42070 RESERVED CVE-2021-42069 RESERVED CVE-2021-42068 RESERVED CVE-2021-42067 RESERVED CVE-2021-42066 RESERVED CVE-2021-42065 RESERVED CVE-2021-42064 RESERVED CVE-2021-42063 RESERVED CVE-2021-42062 RESERVED CVE-2021-42061 RESERVED CVE-2021-3868 RESERVED CVE-2021-3867 RESERVED CVE-2021-3866 RESERVED CVE-2021-42060 RESERVED CVE-2021-42059 RESERVED CVE-2021-42058 RESERVED CVE-2021-42057 RESERVED CVE-2021-42056 RESERVED CVE-2021-42055 RESERVED CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...) NOT-FOR-US: ACCEL-PPP CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...) NOT-FOR-US: Django Unicorn, different from src:unicorn CVE-2021-42052 RESERVED CVE-2021-42051 RESERVED CVE-2021-42050 RESERVED CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...) NOT-FOR-US: Translate MediaWiki extension CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) NOT-FOR-US: Growth MediaWiki extension CVE-2021-42047 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) NOT-FOR-US: Growth MediaWiki extension CVE-2021-42046 (An issue was discovered in the GlobalWatchlist extension in MediaWiki ...) NOT-FOR-US: GlobalWatchlist MediaWiki extension CVE-2021-42045 (An issue was discovered in SecurePoll in the Growth extension in Media ...) NOT-FOR-US: SecurePoll MediaWiki extension CVE-2021-42044 (An issue was discovered in the Mentor dashboard in the GrowthExperimen ...) NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2021-42043 (An issue was discovered in Special:MediaSearch in the MediaSearch exte ...) NOT-FOR-US: MediaSearch MediaWiki extension CVE-2021-42042 (An issue was discovered in SpecialEditGrowthConfig in the GrowthExperi ...) NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2021-42041 (An issue was discovered in CentralAuth in MediaWiki through 1.36.2. Th ...) NOT-FOR-US: CentralAuth MediaWiki extension CVE-2021-42040 (An issue was discovered in MediaWiki through 1.36.2. A parser function ...) NOT-FOR-US: Loops MediaWiki extension CVE-2021-3865 RESERVED CVE-2021-42039 RESERVED CVE-2021-42038 RESERVED CVE-2021-42037 RESERVED CVE-2021-42036 RESERVED CVE-2021-42035 RESERVED CVE-2021-42034 RESERVED CVE-2021-42033 RESERVED CVE-2021-42032 RESERVED CVE-2021-42031 RESERVED CVE-2021-42030 RESERVED CVE-2021-42029 RESERVED CVE-2021-42028 RESERVED CVE-2021-42027 RESERVED CVE-2021-42026 RESERVED CVE-2021-42025 RESERVED CVE-2021-42024 RESERVED CVE-2021-42023 RESERVED CVE-2021-42022 RESERVED CVE-2021-42021 RESERVED CVE-2021-42020 RESERVED CVE-2021-42019 RESERVED CVE-2021-42018 RESERVED CVE-2021-42017 RESERVED CVE-2021-42016 RESERVED CVE-2021-42015 RESERVED CVE-2021-42014 RESERVED CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...) - apache2 2.4.51-1 [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) [buster] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013 NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 CVE-2021-3864 RESERVED CVE-2021-42012 RESERVED CVE-2021-42011 RESERVED CVE-2021-3863 RESERVED CVE-2021-42010 RESERVED CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) NOT-FOR-US: Apache Traffic Control CVE-2021-3862 RESERVED CVE-2021-3861 RESERVED CVE-2021-3860 RESERVED CVE-2021-3859 RESERVED CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...) {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7) CVE-2021-42007 RESERVED CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...) - libgclib NOTE: https://github.com/gpertea/gclib/issues/11 CVE-2021-42005 RESERVED CVE-2021-42004 RESERVED CVE-2021-42003 RESERVED CVE-2021-42002 RESERVED CVE-2021-42001 RESERVED CVE-2021-42000 RESERVED CVE-2021-41999 RESERVED CVE-2021-41998 RESERVED CVE-2021-41997 RESERVED CVE-2021-41996 RESERVED CVE-2021-41995 RESERVED CVE-2021-41994 RESERVED CVE-2021-41993 RESERVED CVE-2021-41992 RESERVED CVE-2021-41991 RESERVED CVE-2021-41990 RESERVED CVE-2021-41989 RESERVED CVE-2021-41988 RESERVED CVE-2021-41987 RESERVED CVE-2021-41986 RESERVED CVE-2021-41985 RESERVED CVE-2021-41984 RESERVED CVE-2021-41983 RESERVED CVE-2021-41982 RESERVED CVE-2021-41981 RESERVED CVE-2021-41980 RESERVED CVE-2021-41979 RESERVED CVE-2021-41978 RESERVED CVE-2021-41977 RESERVED CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...) NOT-FOR-US: Tad Uploader CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...) NOT-FOR-US: TadTools CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) NOT-FOR-US: Tad Book3 CVE-2021-3858 RESERVED CVE-2021-3857 RESERVED CVE-2021-41973 RESERVED CVE-2021-41972 RESERVED CVE-2021-41971 RESERVED CVE-2021-3856 RESERVED NOT-FOR-US: Keycloak CVE-2021-3855 RESERVED CVE-2021-3854 RESERVED CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist] - rust-nix 0.19.0-2 (bug #995562) [bullseye] - rust-nix (Minor issue) [buster] - rust-nix (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html NOTE: https://github.com/nix-rust/nix/issues/1541 CVE-2021-41970 RESERVED CVE-2021-41969 RESERVED CVE-2021-41968 RESERVED CVE-2021-41967 RESERVED CVE-2021-41966 RESERVED CVE-2021-41965 RESERVED CVE-2021-41964 RESERVED CVE-2021-41963 RESERVED CVE-2021-41962 RESERVED CVE-2021-41961 RESERVED CVE-2021-41960 RESERVED CVE-2021-41959 RESERVED CVE-2021-41958 RESERVED CVE-2021-41957 RESERVED CVE-2021-41956 RESERVED CVE-2021-41955 RESERVED CVE-2021-41954 RESERVED CVE-2021-41953 RESERVED CVE-2021-41952 RESERVED CVE-2021-41951 RESERVED CVE-2021-41950 RESERVED CVE-2021-41949 RESERVED CVE-2021-41948 RESERVED CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...) NOT-FOR-US: Subrion CMS CVE-2021-41946 RESERVED CVE-2021-41945 RESERVED CVE-2021-41944 RESERVED CVE-2021-41943 RESERVED CVE-2021-41942 RESERVED CVE-2021-41941 RESERVED CVE-2021-41940 RESERVED CVE-2021-41939 RESERVED CVE-2021-41938 RESERVED CVE-2021-41937 RESERVED CVE-2021-41936 RESERVED CVE-2021-41935 RESERVED CVE-2021-41934 RESERVED CVE-2021-41933 RESERVED CVE-2021-41932 RESERVED CVE-2021-41931 RESERVED CVE-2021-41930 RESERVED CVE-2021-41929 RESERVED CVE-2021-41928 RESERVED CVE-2021-41927 RESERVED CVE-2021-41926 RESERVED CVE-2021-41925 RESERVED CVE-2021-41924 RESERVED CVE-2021-41923 RESERVED CVE-2021-41922 RESERVED CVE-2021-41921 RESERVED CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...) NOT-FOR-US: webTareas CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...) NOT-FOR-US: webTareas CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...) NOT-FOR-US: webTareas CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...) NOT-FOR-US: webTareas CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...) NOT-FOR-US: webTareas CVE-2021-41915 RESERVED CVE-2021-41914 RESERVED CVE-2021-41913 RESERVED CVE-2021-41912 RESERVED CVE-2021-41911 RESERVED CVE-2021-41910 RESERVED CVE-2021-41909 RESERVED CVE-2021-41908 RESERVED CVE-2021-41907 RESERVED CVE-2021-41906 RESERVED CVE-2021-41905 RESERVED CVE-2021-41904 RESERVED CVE-2021-41903 RESERVED CVE-2021-41902 RESERVED CVE-2021-41901 RESERVED CVE-2021-41900 RESERVED CVE-2021-41899 RESERVED CVE-2021-41898 RESERVED CVE-2021-41897 RESERVED CVE-2021-41896 RESERVED CVE-2021-41895 RESERVED CVE-2021-41894 RESERVED CVE-2021-41893 RESERVED CVE-2021-41892 RESERVED CVE-2021-41891 RESERVED CVE-2021-41890 RESERVED CVE-2021-41889 RESERVED CVE-2021-41888 RESERVED CVE-2021-41887 RESERVED CVE-2021-41886 RESERVED CVE-2021-41885 RESERVED CVE-2021-41884 RESERVED CVE-2021-41883 RESERVED CVE-2021-41882 RESERVED CVE-2021-41881 RESERVED CVE-2021-41880 RESERVED CVE-2021-41879 RESERVED CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...) NOT-FOR-US: i-Panel Administration System CVE-2021-41877 RESERVED CVE-2021-41876 RESERVED CVE-2021-41875 RESERVED CVE-2021-41874 RESERVED CVE-2021-41873 RESERVED CVE-2021-41872 RESERVED CVE-2021-41871 RESERVED CVE-2021-41870 RESERVED CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...) NOT-FOR-US: SuiteCRM CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...) - onionshare TODO: check details, exact fixing commits unclear CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...) - onionshare TODO: check details, exact fixing commits unclear CVE-2021-41866 RESERVED CVE-2021-3853 RESERVED CVE-2021-3852 RESERVED CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...) - nomad NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311 NOTE: https://github.com/hashicorp/nomad/issues/11243 NOTE: https://github.com/hashicorp/nomad/pull/11257 TODO: check CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...) - linux 5.14.12-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a CVE-2021-41863 RESERVED CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...) NOT-FOR-US: AviatorScript CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...) NOT-FOR-US: Telegram for Android CVE-2021-41860 RESERVED CVE-2021-41859 RESERVED CVE-2021-41858 RESERVED CVE-2021-41857 RESERVED CVE-2021-41856 RESERVED CVE-2021-41855 RESERVED CVE-2021-41854 RESERVED CVE-2021-41853 RESERVED CVE-2021-41852 RESERVED CVE-2021-41851 RESERVED CVE-2021-3851 RESERVED CVE-2021-3850 RESERVED CVE-2021-3849 RESERVED CVE-2021-41850 RESERVED CVE-2021-41849 RESERVED CVE-2021-41848 RESERVED CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...) NOT-FOR-US: 3xLogic CVE-2021-41846 RESERVED CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...) NOT-FOR-US: ThycoticCentrify Secret Server CVE-2021-41844 RESERVED CVE-2021-41843 RESERVED CVE-2021-41842 RESERVED CVE-2021-41841 RESERVED CVE-2021-41840 RESERVED CVE-2021-41839 RESERVED CVE-2021-41838 RESERVED CVE-2021-41837 RESERVED CVE-2021-41833 RESERVED CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...) NOT-FOR-US: Trend Micro CVE-2021-3847 [low-privileged user privileges escalation] RESERVED - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 CVE-2021-3846 RESERVED CVE-2021-23139 RESERVED CVE-2021-3845 RESERVED CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...) NOT-FOR-US: Apache OpenOffice CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...) NOT-FOR-US: Apache OpenOffice CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...) NOT-FOR-US: Apache OpenOffice CVE-2021-3844 RESERVED CVE-2021-3843 RESERVED CVE-2021-3842 RESERVED CVE-2021-3841 RESERVED CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...) NOT-FOR-US: PlaceOS Authentication Service CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection ...) NOT-FOR-US: Verint Workforce Optimization (WFO) CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...) NOT-FOR-US: Craft CMS CVE-2021-41823 RESERVED CVE-2021-41822 RESERVED CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...) NOT-FOR-US: Wazuh CVE-2021-41820 RESERVED CVE-2021-41819 RESERVED CVE-2021-41818 RESERVED CVE-2021-41817 RESERVED CVE-2021-41816 RESERVED CVE-2021-41815 RESERVED CVE-2021-41814 RESERVED CVE-2021-41813 RESERVED CVE-2021-41812 RESERVED CVE-2021-41811 RESERVED CVE-2021-41810 RESERVED CVE-2021-41809 RESERVED CVE-2021-41808 RESERVED CVE-2021-41807 RESERVED CVE-2021-41806 RESERVED CVE-2021-41805 RESERVED CVE-2021-41804 RESERVED CVE-2021-41803 RESERVED CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...) NOT-FOR-US: HashiCorp Vault CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...) {DSA-4979-1} - mediawiki 1:1.35.4-1 [stretch] - mediawiki (The vulnerable code was introduced later) NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T279090 CVE-2021-41800 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) {DSA-4979-1} - mediawiki 1:1.35.4-1 [stretch] - mediawiki (The vulnerable code was introduced later) NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T284419 NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 CVE-2021-41799 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) {DSA-4979-1 DLA-2779-1} - mediawiki 1:1.35.4-1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T290379 CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...) {DSA-4979-1 DLA-2779-1} - mediawiki 1:1.35.4-1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T285515 CVE-2021-41797 REJECTED CVE-2021-41796 REJECTED CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...) NOT-FOR-US: 1Password CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...) NOT-FOR-US: Open5GS CVE-2021-41793 RESERVED CVE-2021-41792 RESERVED CVE-2021-41791 RESERVED CVE-2021-41790 RESERVED CVE-2021-41789 RESERVED CVE-2021-41788 RESERVED CVE-2021-3840 RESERVED CVE-2021-41787 RESERVED CVE-2021-41786 RESERVED CVE-2021-41785 RESERVED CVE-2021-41784 RESERVED CVE-2021-41783 RESERVED CVE-2021-41782 RESERVED CVE-2021-41781 RESERVED CVE-2021-41780 RESERVED CVE-2021-41779 RESERVED CVE-2021-41778 RESERVED CVE-2021-41777 RESERVED CVE-2021-41776 RESERVED CVE-2021-41775 RESERVED CVE-2021-41774 RESERVED CVE-2021-41773 (A flaw was found in a change made to path normalization in Apache HTTP ...) - apache2 2.4.50-1 [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49) [buster] - apache2 (Vulnerable code not present, only affects 2.4.49) [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41773 NOTE: Fixed by: https://svn.apache.org/r1893775 NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/2 NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 CVE-2021-3839 RESERVED CVE-2021-41772 RESERVED CVE-2021-41771 RESERVED CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing valida ...) NOT-FOR-US: Ping Identity PingFederate CVE-2021-3838 RESERVED CVE-2021-41769 RESERVED CVE-2021-41768 RESERVED CVE-2021-41767 RESERVED CVE-2021-3837 RESERVED CVE-2021-41766 RESERVED CVE-2021-3836 RESERVED CVE-2021-3835 RESERVED CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...) NOT-FOR-US: Integria IMS CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...) NOT-FOR-US: Integria IMS CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...) NOT-FOR-US: Integria IMS CVE-2021-3831 RESERVED CVE-2021-41765 RESERVED CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...) NOT-FOR-US: Streama CVE-2021-41763 RESERVED CVE-2021-41762 RESERVED CVE-2021-41761 RESERVED CVE-2021-41760 RESERVED CVE-2021-41759 RESERVED CVE-2021-41758 RESERVED CVE-2021-41757 RESERVED CVE-2021-41756 RESERVED CVE-2021-41755 RESERVED CVE-2021-41754 RESERVED CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) NOT-FOR-US: D-Link CVE-2021-41752 RESERVED CVE-2021-41751 RESERVED CVE-2021-41750 RESERVED CVE-2021-41749 RESERVED CVE-2021-41748 RESERVED CVE-2021-41747 RESERVED CVE-2021-41746 RESERVED CVE-2021-41745 RESERVED CVE-2021-41744 RESERVED CVE-2021-41743 RESERVED CVE-2021-41742 RESERVED CVE-2021-41741 RESERVED CVE-2021-41740 RESERVED CVE-2021-41739 RESERVED CVE-2021-41738 RESERVED CVE-2021-41737 RESERVED CVE-2021-41736 RESERVED CVE-2021-41735 RESERVED CVE-2021-41734 RESERVED CVE-2021-41733 RESERVED CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ...) - zeek (unimportant) NOTE: https://github.com/zeek/zeek/issues/1798 NOTE: Disputed validitity of the security issue CVE-2021-41731 RESERVED CVE-2021-41730 RESERVED CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...) NOT-FOR-US: BaiCloud-cms CVE-2021-41728 RESERVED CVE-2021-41727 RESERVED CVE-2021-41726 RESERVED CVE-2021-41725 RESERVED CVE-2021-41724 RESERVED CVE-2021-41723 RESERVED CVE-2021-41722 RESERVED CVE-2021-41721 RESERVED CVE-2021-41720 (** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 all ...) - node-lodash (unimportant) NOTE: https://github.com/lodash/lodash/issues/5261 NOTE: Disputed security impact and validitity of the issue CVE-2021-41719 RESERVED CVE-2021-41718 RESERVED CVE-2021-41717 RESERVED CVE-2021-41716 RESERVED CVE-2021-41715 RESERVED CVE-2021-41714 RESERVED CVE-2021-41713 RESERVED CVE-2021-41712 RESERVED CVE-2021-41711 RESERVED CVE-2021-41710 RESERVED CVE-2021-41709 RESERVED CVE-2021-41708 RESERVED CVE-2021-41707 RESERVED CVE-2021-41706 RESERVED CVE-2021-41705 RESERVED CVE-2021-41704 RESERVED CVE-2021-41703 RESERVED CVE-2021-41702 RESERVED CVE-2021-41701 RESERVED CVE-2021-41700 RESERVED CVE-2021-41699 RESERVED CVE-2021-41698 RESERVED CVE-2021-41697 RESERVED CVE-2021-41696 RESERVED CVE-2021-41695 RESERVED CVE-2021-41694 RESERVED CVE-2021-41693 RESERVED CVE-2021-41692 RESERVED CVE-2021-41691 RESERVED CVE-2021-41690 RESERVED CVE-2021-41689 RESERVED CVE-2021-41688 RESERVED CVE-2021-41687 RESERVED CVE-2021-41686 RESERVED CVE-2021-41685 RESERVED CVE-2021-41684 RESERVED CVE-2021-41683 RESERVED CVE-2021-41682 RESERVED CVE-2021-41681 RESERVED CVE-2021-41680 RESERVED CVE-2021-41679 RESERVED CVE-2021-41678 RESERVED CVE-2021-41677 RESERVED CVE-2021-41676 RESERVED CVE-2021-41675 RESERVED CVE-2021-41674 RESERVED CVE-2021-41673 RESERVED CVE-2021-41672 RESERVED CVE-2021-41671 RESERVED CVE-2021-41670 RESERVED CVE-2021-41669 RESERVED CVE-2021-41668 RESERVED CVE-2021-41667 RESERVED CVE-2021-41666 RESERVED CVE-2021-41665 RESERVED CVE-2021-41664 RESERVED CVE-2021-41663 RESERVED CVE-2021-41662 RESERVED CVE-2021-41661 RESERVED CVE-2021-41660 RESERVED CVE-2021-41659 RESERVED CVE-2021-41658 RESERVED CVE-2021-41657 RESERVED CVE-2021-41656 RESERVED CVE-2021-41655 RESERVED CVE-2021-41654 RESERVED CVE-2021-41653 RESERVED CVE-2021-41652 RESERVED CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...) NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system CVE-2021-41650 RESERVED CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App CVE-2021-41646 RESERVED CVE-2021-41645 RESERVED CVE-2021-41644 RESERVED CVE-2021-41643 RESERVED CVE-2021-41642 RESERVED CVE-2021-41641 RESERVED CVE-2021-41640 RESERVED CVE-2021-41639 RESERVED CVE-2021-41638 RESERVED CVE-2021-41637 RESERVED CVE-2021-41636 RESERVED CVE-2021-41635 RESERVED CVE-2021-41634 RESERVED CVE-2021-41633 RESERVED CVE-2021-41632 RESERVED CVE-2021-41631 RESERVED CVE-2021-41630 RESERVED CVE-2021-41629 RESERVED CVE-2021-41628 RESERVED CVE-2021-41627 RESERVED CVE-2021-41626 RESERVED CVE-2021-41625 RESERVED CVE-2021-41624 RESERVED CVE-2021-41623 RESERVED CVE-2021-41622 RESERVED CVE-2021-41621 RESERVED CVE-2021-41620 RESERVED CVE-2021-41619 RESERVED CVE-2021-41618 RESERVED CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...) NOT-FOR-US: Apache DB DdlUtils CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: btcpayserver CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...) - openssh (bug #995130) [bullseye] - openssh (Minor issue) [buster] - openssh (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1 NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455 NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde CVE-2021-41615 RESERVED CVE-2021-41614 RESERVED CVE-2021-41613 RESERVED CVE-2021-41612 RESERVED CVE-2021-41611 [SQUID-2021:6 Improper Certificate Validation of TLS server certificates] RESERVED - squid 5.2-1 [bullseye] - squid (Vulnerable code introduced later) [buster] - squid (Vulnerable code introduced later) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch CVE-2021-3829 RESERVED CVE-2021-41610 RESERVED CVE-2021-41609 RESERVED CVE-2021-41608 RESERVED CVE-2021-41607 RESERVED CVE-2021-41606 RESERVED CVE-2021-41605 RESERVED CVE-2021-41604 RESERVED CVE-2021-41603 RESERVED CVE-2021-41602 RESERVED CVE-2021-41601 RESERVED CVE-2021-41600 RESERVED CVE-2021-41599 RESERVED CVE-2021-41598 RESERVED CVE-2021-41597 RESERVED CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) NOT-FOR-US: SuiteCRM CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) NOT-FOR-US: SuiteCRM CVE-2021-41594 RESERVED CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...) NOT-FOR-US: Lightning Labs lnd CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...) NOT-FOR-US: Blockstream c-lightning CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...) NOT-FOR-US: ACINQ Eclair CVE-2021-41590 RESERVED CVE-2021-41589 RESERVED CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) NOT-FOR-US: Gradle Enterprise CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity ...) - nltk (bug #995226) [bullseye] - nltk (Minor issue) [buster] - nltk (Minor issue) [stretch] - nltk (Minor issue) NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 NOTE: https://github.com/nltk/nltk/pull/2816 CVE-2021-41585 RESERVED CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...) NOT-FOR-US: vpn-user-portal CVE-2021-41582 RESERVED CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...) - libressl (bug #754513) NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch CVE-2021-41580 (** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mi ...) NOT-FOR-US: Node passport-oauth2 CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...) NOT-FOR-US: mySCADA myDESIGNER CVE-2021-41577 RESERVED CVE-2021-41576 RESERVED CVE-2021-41575 RESERVED CVE-2021-41574 RESERVED CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows info ...) NOT-FOR-US: Hitachi CVE-2021-3827 RESERVED NOT-FOR-US: Keycloak CVE-2021-41572 RESERVED CVE-2021-41571 RESERVED CVE-2021-41570 RESERVED CVE-2021-41569 RESERVED CVE-2021-3826 RESERVED CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...) NOT-FOR-US: Tad Web CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...) NOT-FOR-US: Tad Uploader CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...) NOT-FOR-US: TadTools CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...) NOT-FOR-US: TadTools CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...) NOT-FOR-US: Tad Honor CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...) NOT-FOR-US: Tad Book3 CVE-2021-41562 RESERVED CVE-2021-41561 RESERVED CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...) NOT-FOR-US: LiderAhenk CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...) NOT-FOR-US: OpenVPN Access Server CVE-2021-3823 RESERVED CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: jsoneditor CVE-2021-41560 RESERVED CVE-2021-41559 RESERVED CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...) NOT-FOR-US: set_user extension for Postgres CVE-2021-41557 RESERVED CVE-2021-41556 RESERVED CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...) NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a ver ...) NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...) NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41552 RESERVED CVE-2021-41551 RESERVED CVE-2021-41550 RESERVED CVE-2021-41549 RESERVED CVE-2021-41548 RESERVED CVE-2021-41547 RESERVED CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-41545 RESERVED CVE-2021-41544 RESERVED CVE-2021-41543 RESERVED CVE-2021-41542 RESERVED CVE-2021-41541 RESERVED CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41532 RESERVED CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...) - routinator (bug #929024) CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...) NOT-FOR-US: Forcepoint NGFW Engine CVE-2021-41529 RESERVED CVE-2021-41528 RESERVED CVE-2021-41527 RESERVED CVE-2021-41526 RESERVED CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...) NOT-FOR-US: FlexNet CVE-2021-3821 RESERVED CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: Nodejs inflect NOTE: https://github.com/pksunkara/inflect CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ...) - apache2 2.4.50-1 [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49) [buster] - apache2 (Vulnerable code not present, only affects 2.4.49) [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41524 NOTE: Fixed by: https://svn.apache.org/r1893655 NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/1 CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...) NOT-FOR-US: Grav CMS CVE-2021-3817 RESERVED CVE-2021-41523 RESERVED CVE-2021-41522 RESERVED CVE-2021-41521 RESERVED CVE-2021-41520 RESERVED CVE-2021-41519 RESERVED CVE-2021-41518 RESERVED CVE-2021-41517 RESERVED CVE-2021-41516 RESERVED CVE-2021-41515 RESERVED CVE-2021-41514 RESERVED CVE-2021-41513 RESERVED CVE-2021-41512 RESERVED CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...) NOT-FOR-US: Lodging Reservation Management System CVE-2021-41510 RESERVED CVE-2021-41509 RESERVED CVE-2021-41508 RESERVED CVE-2021-41507 RESERVED CVE-2021-41506 RESERVED CVE-2021-41505 RESERVED CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in ...) NOT-FOR-US: D-Link CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...) NOT-FOR-US: D-Link CVE-2021-41502 RESERVED CVE-2021-41501 RESERVED CVE-2021-41500 RESERVED CVE-2021-41499 RESERVED CVE-2021-41498 RESERVED CVE-2021-41497 RESERVED CVE-2021-41496 RESERVED CVE-2021-41495 RESERVED CVE-2021-41494 RESERVED CVE-2021-41493 RESERVED CVE-2021-41492 RESERVED CVE-2021-41491 RESERVED CVE-2021-41490 RESERVED CVE-2021-41489 RESERVED CVE-2021-41488 RESERVED CVE-2021-41487 RESERVED CVE-2021-41486 RESERVED CVE-2021-41485 RESERVED CVE-2021-41484 RESERVED CVE-2021-41483 RESERVED CVE-2021-41482 RESERVED CVE-2021-41481 RESERVED CVE-2021-41480 RESERVED CVE-2021-41479 RESERVED CVE-2021-41478 RESERVED CVE-2021-41477 RESERVED CVE-2021-41476 RESERVED CVE-2021-41475 RESERVED CVE-2021-41474 RESERVED CVE-2021-41473 RESERVED CVE-2021-41472 RESERVED CVE-2021-41471 RESERVED CVE-2021-41470 RESERVED CVE-2021-41469 RESERVED CVE-2021-41468 RESERVED CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...) NOT-FOR-US: JustWriting CVE-2021-41466 RESERVED CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...) NOT-FOR-US: concrete5-legacy CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41460 RESERVED CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) - gpac [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1912 NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 CVE-2021-41458 RESERVED CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...) - gpac [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1909 NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) - gpac [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1911 NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e CVE-2021-41455 RESERVED CVE-2021-41454 RESERVED CVE-2021-41453 RESERVED CVE-2021-41452 RESERVED CVE-2021-41451 RESERVED CVE-2021-41450 RESERVED CVE-2021-41449 RESERVED CVE-2021-41448 RESERVED CVE-2021-41447 RESERVED CVE-2021-41446 RESERVED CVE-2021-41445 RESERVED CVE-2021-41444 RESERVED CVE-2021-41443 RESERVED CVE-2021-41442 RESERVED CVE-2021-41441 RESERVED CVE-2021-41440 RESERVED CVE-2021-41439 RESERVED CVE-2021-41438 RESERVED CVE-2021-41437 RESERVED CVE-2021-41436 RESERVED CVE-2021-41435 RESERVED CVE-2021-41434 RESERVED CVE-2021-41433 RESERVED CVE-2021-41432 RESERVED CVE-2021-41431 RESERVED CVE-2021-41430 RESERVED CVE-2021-41429 RESERVED CVE-2021-41428 (Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= ...) NOT-FOR-US: DATEV CVE-2021-41427 RESERVED CVE-2021-41426 RESERVED CVE-2021-41425 RESERVED CVE-2021-41424 RESERVED CVE-2021-41423 RESERVED CVE-2021-41422 RESERVED CVE-2021-41421 RESERVED CVE-2021-41420 RESERVED CVE-2021-41419 RESERVED CVE-2021-41418 RESERVED CVE-2021-41417 RESERVED CVE-2021-41416 RESERVED CVE-2021-41415 RESERVED CVE-2021-41414 RESERVED CVE-2021-41413 RESERVED CVE-2021-41412 RESERVED CVE-2021-41411 RESERVED CVE-2021-41410 RESERVED CVE-2021-41409 RESERVED CVE-2021-41408 RESERVED CVE-2021-41407 RESERVED CVE-2021-41406 RESERVED CVE-2021-41405 RESERVED CVE-2021-41404 RESERVED CVE-2021-41403 RESERVED CVE-2021-41402 RESERVED CVE-2021-41401 RESERVED CVE-2021-41400 RESERVED CVE-2021-41399 RESERVED CVE-2021-41398 RESERVED CVE-2021-41397 RESERVED CVE-2021-41396 RESERVED CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...) NOT-FOR-US: Teleport CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) NOT-FOR-US: Teleport CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) NOT-FOR-US: Teleport CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...) NOT-FOR-US: BoostNote CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management ...) NOT-FOR-US: Ericsson ECM CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provider En ...) NOT-FOR-US: Ericsson ECM CVE-2021-41389 RESERVED CVE-2021-41388 RESERVED CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...) - seatd (Vulnerable code introduced later) NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E CVE-2021-41386 RESERVED CVE-2021-41385 (The third party intelligence connector in Securonix SNYPR 6.3.1 Build ...) NOT-FOR-US: third party intelligence connector in Securonix SNYPR CVE-2021-41384 RESERVED CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...) NOT-FOR-US: Netgear CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...) NOT-FOR-US: Plastic SCM CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...) NOT-FOR-US: Payara Micro Community CVE-2021-3816 RESERVED CVE-2021-41380 (** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to ca ...) NOT-FOR-US: RealVNC CVE-2021-41379 RESERVED CVE-2021-41378 RESERVED CVE-2021-41377 RESERVED CVE-2021-41376 RESERVED CVE-2021-41375 RESERVED CVE-2021-41374 RESERVED CVE-2021-41373 RESERVED CVE-2021-41372 RESERVED CVE-2021-41371 RESERVED CVE-2021-41370 RESERVED CVE-2021-41369 RESERVED CVE-2021-41368 RESERVED CVE-2021-41367 RESERVED CVE-2021-41366 RESERVED CVE-2021-41365 RESERVED CVE-2021-41364 RESERVED CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41362 RESERVED CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41360 RESERVED CVE-2021-41359 RESERVED CVE-2021-41358 RESERVED CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-41356 RESERVED CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft .NET CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41352 (SCOM Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41351 RESERVED CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41349 RESERVED CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41341 RESERVED CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41333 RESERVED CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...) NOT-FOR-US: Datalust Seq CVE-2021-41328 RESERVED CVE-2021-41327 RESERVED CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...) NOT-FOR-US: MISP CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...) NOT-FOR-US: Pydio Cells CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Pydio Ce ...) NOT-FOR-US: Pydio Cells CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...) NOT-FOR-US: Pydio Cells CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to chang ...) NOT-FOR-US: Poly VVX 400/410 CVE-2021-41321 RESERVED CVE-2021-41320 RESERVED CVE-2021-41319 RESERVED CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...) NOT-FOR-US: Progress WhatsUp Gold CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...) NOT-FOR-US: XSS Hunter Express CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...) NOT-FOR-US: Device42 Main Appliance CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...) NOT-FOR-US: Device42 Remote Collector CVE-2021-3815 RESERVED CVE-2021-3814 RESERVED CVE-2021-3813 RESERVED CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) NOT-FOR-US: NETGEAR CVE-2021-41313 RESERVED CVE-2021-41312 RESERVED CVE-2021-41311 RESERVED CVE-2021-41310 RESERVED CVE-2021-41309 RESERVED CVE-2021-41308 RESERVED CVE-2021-41307 RESERVED CVE-2021-41306 RESERVED CVE-2021-41305 RESERVED CVE-2021-41304 RESERVED CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: adminlte CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: adminlte CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: code-server CVE-2021-3809 RESERVED CVE-2021-3808 RESERVED CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...) - node-ansi-regex 5.0.1-1 (bug #994568) [bullseye] - node-ansi-regex 5.0.1-1~deb11u1 [buster] - node-ansi-regex 3.0.0-1+deb10u1 [stretch] - node-ansi-regex (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1) CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...) NOT-FOR-US: Pardus Software Center CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) - node-object-path 0.11.8-1 [bullseye] - node-object-path 0.11.5-3+deb11u1 [buster] - node-object-path (Minor issue) [stretch] - node-object-path (Minor issue) NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) - shiro [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue) [stretch] - shiro (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41300 (ECOA BAS controller’s special page displays user account and pas ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41289 RESERVED CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41287 RESERVED CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authent ...) NOT-FOR-US: Omikron MultiCash Desktop CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: NervJS Taro CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escal ...) NOT-FOR-US: Ballistix MOD Utility CVE-2021-41284 RESERVED CVE-2021-41283 RESERVED CVE-2021-41282 RESERVED CVE-2021-41281 RESERVED CVE-2021-41280 RESERVED CVE-2021-41279 RESERVED CVE-2021-41278 RESERVED CVE-2021-41277 RESERVED CVE-2021-41276 RESERVED CVE-2021-41275 RESERVED CVE-2021-41274 RESERVED CVE-2021-41273 RESERVED CVE-2021-41272 RESERVED CVE-2021-41271 RESERVED CVE-2021-41270 RESERVED CVE-2021-41269 RESERVED CVE-2021-41268 RESERVED CVE-2021-41267 RESERVED CVE-2021-41266 RESERVED CVE-2021-41265 RESERVED CVE-2021-41264 RESERVED CVE-2021-41263 RESERVED CVE-2021-41262 RESERVED CVE-2021-41261 RESERVED CVE-2021-41260 RESERVED CVE-2021-41259 RESERVED CVE-2021-41258 RESERVED CVE-2021-41257 RESERVED CVE-2021-41256 RESERVED CVE-2021-41255 RESERVED CVE-2021-41254 RESERVED CVE-2021-41253 RESERVED CVE-2021-41252 RESERVED CVE-2021-41251 RESERVED CVE-2021-41250 RESERVED CVE-2021-41249 RESERVED CVE-2021-41248 RESERVED CVE-2021-41247 RESERVED CVE-2021-41246 RESERVED CVE-2021-41245 RESERVED CVE-2021-41244 RESERVED CVE-2021-41243 RESERVED CVE-2021-41242 RESERVED CVE-2021-41241 RESERVED CVE-2021-41240 RESERVED CVE-2021-41239 RESERVED CVE-2021-41238 RESERVED CVE-2021-41237 RESERVED CVE-2021-41236 RESERVED CVE-2021-41235 RESERVED CVE-2021-41234 RESERVED CVE-2021-41233 RESERVED CVE-2021-41232 RESERVED CVE-2021-41231 RESERVED CVE-2021-41230 RESERVED CVE-2021-41229 RESERVED CVE-2021-41228 RESERVED CVE-2021-41227 RESERVED CVE-2021-41226 RESERVED CVE-2021-41225 RESERVED CVE-2021-41224 RESERVED CVE-2021-41223 RESERVED CVE-2021-41222 RESERVED CVE-2021-41221 RESERVED CVE-2021-41220 RESERVED CVE-2021-41219 RESERVED CVE-2021-41218 RESERVED CVE-2021-41217 RESERVED CVE-2021-41216 RESERVED CVE-2021-41215 RESERVED CVE-2021-41214 RESERVED CVE-2021-41213 RESERVED CVE-2021-41212 RESERVED CVE-2021-41211 RESERVED CVE-2021-41210 RESERVED CVE-2021-41209 RESERVED CVE-2021-41208 RESERVED CVE-2021-41207 RESERVED CVE-2021-41206 RESERVED CVE-2021-41205 RESERVED CVE-2021-41204 RESERVED CVE-2021-41203 RESERVED CVE-2021-41202 RESERVED CVE-2021-41201 RESERVED CVE-2021-41200 RESERVED CVE-2021-41199 RESERVED CVE-2021-41198 RESERVED CVE-2021-41197 RESERVED CVE-2021-41196 RESERVED CVE-2021-41195 RESERVED CVE-2021-41194 RESERVED CVE-2021-41193 RESERVED CVE-2021-41192 RESERVED CVE-2021-41191 RESERVED CVE-2021-41190 RESERVED CVE-2021-41189 RESERVED CVE-2021-41188 RESERVED CVE-2021-41187 RESERVED CVE-2021-41186 RESERVED CVE-2021-41185 RESERVED CVE-2021-41184 RESERVED CVE-2021-41183 RESERVED CVE-2021-41182 RESERVED CVE-2021-41181 RESERVED CVE-2021-41180 RESERVED CVE-2021-41179 RESERVED CVE-2021-41178 RESERVED CVE-2021-41177 RESERVED CVE-2021-41176 RESERVED CVE-2021-41175 RESERVED CVE-2021-41174 RESERVED CVE-2021-41173 RESERVED CVE-2021-41172 RESERVED CVE-2021-41171 RESERVED CVE-2021-41170 RESERVED CVE-2021-41169 RESERVED CVE-2021-41168 RESERVED CVE-2021-41167 RESERVED CVE-2021-41166 RESERVED CVE-2021-41165 RESERVED CVE-2021-41164 RESERVED CVE-2021-41163 RESERVED CVE-2021-41162 RESERVED CVE-2021-41161 RESERVED CVE-2021-41160 RESERVED CVE-2021-41159 RESERVED CVE-2021-41158 RESERVED CVE-2021-41157 RESERVED CVE-2021-41156 RESERVED CVE-2021-41155 RESERVED CVE-2021-41154 RESERVED CVE-2021-41153 RESERVED CVE-2021-41152 RESERVED CVE-2021-41151 RESERVED CVE-2021-41150 RESERVED CVE-2021-41149 RESERVED CVE-2021-41148 RESERVED CVE-2021-41147 RESERVED CVE-2021-41146 RESERVED CVE-2021-41145 RESERVED CVE-2021-41144 RESERVED CVE-2021-41143 RESERVED CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41141 RESERVED CVE-2021-41140 RESERVED CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) NOT-FOR-US: Frontier CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...) TODO: check CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) - puma NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f CVE-2021-41135 RESERVED CVE-2021-41134 RESERVED CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) NOT-FOR-US: OMERO.web CVE-2021-41131 RESERVED CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) NOT-FOR-US: Extensible Service Proxy CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...) NOT-FOR-US: Pterodactyl CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...) NOT-FOR-US: Hygeia CVE-2021-41127 RESERVED CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...) NOT-FOR-US: October CMS CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...) - python-scrapy 2.5.1-1 NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498 CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...) NOT-FOR-US: Scrapy-splash CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...) NOT-FOR-US: Survey Solutions CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) NOT-FOR-US: Vyper CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) NOT-FOR-US: Vyper CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...) NOT-FOR-US: sylius/paypal-plugin CVE-2021-41119 RESERVED CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...) NOT-FOR-US: DynamicPageList3 MediaWiki Extension CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...) NOT-FOR-US: keypair CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...) - composer (Only affects Windows) NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf NOTE: https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa CVE-2021-41115 (Zulip is an open source team chat server. In affected versions Zulip a ...) - zulip-server (bug #800052) CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2021-41112 RESERVED CVE-2021-41111 RESERVED CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...) NOT-FOR-US: cwlviewer CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2021-41108 RESERVED CVE-2021-41107 RESERVED CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...) NOT-FOR-US: PHP lcobucci/jwt CVE-2021-41105 RESERVED CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...) NOT-FOR-US: ESPHome CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...) - containerd 1.5.7~ds1-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq NOTE: https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8 CVE-2021-41102 RESERVED CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...) NOT-FOR-US: wire-server CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...) NOT-FOR-US: wire-server CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...) - ruby-nokogiri (jruby implementation not shiped) NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h NOTE: https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...) NOT-FOR-US: Aurelia CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 a ...) NOT-FOR-US: Rucky for Android CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...) NOT-FOR-US: Discourse CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...) NOT-FOR-US: Wire by Bund CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...) NOT-FOR-US: Wire iOS CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...) TODO: check CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...) - docker.io NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558 NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64 CVE-2021-41090 RESERVED CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...) - docker.io NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 TODO: check details CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...) - elvish 0.14.0-1 [buster] - elvish (Minor issue) NOTE: https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r NOTE: https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5 CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...) NOT-FOR-US: in-toto Go implementation (different from src:in-toto) CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...) NOT-FOR-US: jsuites CVE-2021-41085 RESERVED CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...) NOT-FOR-US: Http4s CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...) NOT-FOR-US: Dada Mail CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...) NOT-FOR-US: Discourse CVE-2021-41081 RESERVED CVE-2021-41080 RESERVED CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...) {DSA-4986-1 DLA-2764-1} - tomcat9 9.0.53-1 - tomcat8 NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44) NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: nth-check CVE-2021-3802 RESERVED CVE-2021-41078 RESERVED CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...) - node-prismjs 1.25.0+dfsg-1 [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1 NOTE: https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9 CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...) NOT-FOR-US: Travis CI CVE-2021-41076 REJECTED CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vu ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41074 RESERVED CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 ...) {DSA-4978-1} - linux 5.14.6-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2 CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) - squashfs-tools 1:4.5-3 (bug #994262) NOTE: Prerequisites: NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 NOTE: https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10 NOTE: https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d NOTE: Fixed by: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 CVE-2021-41071 REJECTED CVE-2021-41070 REJECTED CVE-2021-41069 RESERVED CVE-2021-41068 RESERVED CVE-2021-41067 RESERVED CVE-2021-41066 RESERVED CVE-2021-41065 RESERVED CVE-2021-41064 RESERVED CVE-2021-41063 RESERVED CVE-2021-41062 RESERVED CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...) NOT-FOR-US: RIOT-OS CVE-2021-41060 RESERVED CVE-2021-41059 RESERVED CVE-2021-41058 RESERVED CVE-2021-41057 RESERVED CVE-2021-41056 RESERVED CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...) - python-nbxmpp 2.0.4-1 NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638 NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version. TODO: double-check correctness for tracking of source package, underlying issue is fixed in python-nbxmpp CVE-2021-41053 RESERVED CVE-2021-41052 RESERVED CVE-2021-41051 RESERVED CVE-2021-41050 RESERVED CVE-2021-41049 RESERVED CVE-2021-41048 RESERVED CVE-2021-41047 RESERVED CVE-2021-41046 RESERVED CVE-2021-41045 RESERVED CVE-2021-41044 RESERVED CVE-2021-41043 RESERVED CVE-2021-41042 RESERVED CVE-2021-41041 RESERVED CVE-2021-41040 RESERVED CVE-2021-41039 RESERVED CVE-2021-41038 RESERVED CVE-2021-41037 RESERVED CVE-2021-41036 RESERVED CVE-2021-41035 RESERVED CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) NOT-FOR-US: Eclipse Che CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) NOT-FOR-US: Eclipse Equinox CVE-2021-41032 RESERVED CVE-2021-41031 RESERVED CVE-2021-41030 RESERVED CVE-2021-41029 RESERVED CVE-2021-41028 RESERVED CVE-2021-41027 RESERVED CVE-2021-41026 RESERVED CVE-2021-41025 RESERVED CVE-2021-41024 RESERVED CVE-2021-41023 RESERVED CVE-2021-41022 RESERVED CVE-2021-41021 RESERVED CVE-2021-41020 RESERVED CVE-2021-41019 RESERVED CVE-2021-41018 RESERVED CVE-2021-41017 RESERVED CVE-2021-41016 RESERVED CVE-2021-41015 RESERVED CVE-2021-41014 RESERVED CVE-2021-41013 RESERVED CVE-2021-41012 RESERVED CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...) NOT-FOR-US: LINE client for iOS CVE-2021-41010 RESERVED CVE-2021-41009 RESERVED CVE-2021-41008 RESERVED CVE-2021-41007 RESERVED CVE-2021-41006 RESERVED CVE-2021-41005 RESERVED CVE-2021-41004 RESERVED CVE-2021-41003 RESERVED CVE-2021-41002 RESERVED CVE-2021-41001 RESERVED CVE-2021-41000 RESERVED CVE-2021-40999 RESERVED CVE-2021-40998 RESERVED CVE-2021-40997 RESERVED CVE-2021-40996 RESERVED CVE-2021-40995 RESERVED CVE-2021-40994 RESERVED CVE-2021-40993 RESERVED CVE-2021-40992 RESERVED CVE-2021-40991 RESERVED CVE-2021-40990 RESERVED CVE-2021-40989 RESERVED CVE-2021-40988 RESERVED CVE-2021-40987 RESERVED CVE-2021-40986 RESERVED CVE-2021-3800 RESERVED CVE-2021-40985 RESERVED CVE-2021-40984 RESERVED CVE-2021-40983 RESERVED CVE-2021-40982 RESERVED CVE-2021-40981 (ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain p ...) NOT-FOR-US: ASUS ROG Armoury Crate Lite CVE-2021-40980 RESERVED CVE-2021-40979 RESERVED CVE-2021-40978 (** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory t ...) - python-mkdocs (unimportant) NOTE: https://github.com/mkdocs/mkdocs/issues/2601 CVE-2021-40977 RESERVED CVE-2021-40976 RESERVED CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2021-40974 RESERVED CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40967 RESERVED CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...) NOT-FOR-US: TinyFileManager CVE-2021-40965 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileMa ...) NOT-FOR-US: TinyFileManager CVE-2021-40964 (A Path Traversal vulnerability exists in TinyFileManager all version u ...) NOT-FOR-US: TinyFileManager CVE-2021-40963 RESERVED CVE-2021-40962 RESERVED CVE-2021-40961 RESERVED CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...) NOT-FOR-US: Galera WebTemplate CVE-2021-40959 RESERVED CVE-2021-40958 RESERVED CVE-2021-40957 RESERVED CVE-2021-40956 RESERVED CVE-2021-40955 RESERVED CVE-2021-40954 RESERVED CVE-2021-40953 RESERVED CVE-2021-40952 RESERVED CVE-2021-40951 RESERVED CVE-2021-40950 RESERVED CVE-2021-40949 RESERVED CVE-2021-40948 RESERVED CVE-2021-40947 RESERVED CVE-2021-40946 RESERVED CVE-2021-40945 RESERVED CVE-2021-40944 RESERVED CVE-2021-40943 RESERVED CVE-2021-40942 RESERVED CVE-2021-40941 RESERVED CVE-2021-40940 RESERVED CVE-2021-40939 RESERVED CVE-2021-40938 RESERVED CVE-2021-40937 RESERVED CVE-2021-40936 RESERVED CVE-2021-40935 RESERVED CVE-2021-40934 RESERVED CVE-2021-40933 RESERVED CVE-2021-40932 RESERVED CVE-2021-40931 RESERVED CVE-2021-40930 RESERVED CVE-2021-40929 RESERVED CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...) NOT-FOR-US: FlexTV CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...) NOT-FOR-US: Spotify-for-Alfred CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...) - php-getid3 1.9.21+dfsg-1 (unimportant) NOTE: https://github.com/JamesHeinrich/getID3/issues/341 NOTE: https://github.com/JamesHeinrich/getID3/commit/0163ba96f7fc64765e499847c2373b1f994797c5 (v1.9.21) NOTE: XSS issue in demo file CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...) NOT-FOR-US: infaveo-helpdesk CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) NOT-FOR-US: Pixeline Bugs CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) NOT-FOR-US: Pixeline Bugs CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) NOT-FOR-US: Pixeline Bugs CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...) NOT-FOR-US: Detector CVE-2021-40920 RESERVED CVE-2021-40919 RESERVED CVE-2021-40918 RESERVED CVE-2021-40917 RESERVED CVE-2021-40916 RESERVED CVE-2021-40915 RESERVED CVE-2021-40914 RESERVED CVE-2021-40913 RESERVED CVE-2021-40912 RESERVED CVE-2021-40911 RESERVED CVE-2021-40910 RESERVED CVE-2021-40909 RESERVED CVE-2021-40908 RESERVED CVE-2021-40907 RESERVED CVE-2021-40906 RESERVED CVE-2021-40905 RESERVED CVE-2021-40904 RESERVED CVE-2021-40903 RESERVED CVE-2021-40902 RESERVED CVE-2021-40901 RESERVED CVE-2021-40900 RESERVED CVE-2021-40899 RESERVED CVE-2021-40898 RESERVED CVE-2021-40897 RESERVED CVE-2021-40896 RESERVED CVE-2021-40895 RESERVED CVE-2021-40894 RESERVED CVE-2021-40893 RESERVED CVE-2021-40892 RESERVED CVE-2021-40891 RESERVED CVE-2021-40890 RESERVED CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...) NOT-FOR-US: CMSUno CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...) NOT-FOR-US: Projectsend CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...) NOT-FOR-US: Projectsend CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...) NOT-FOR-US: Projectsend CVE-2021-40885 RESERVED CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...) NOT-FOR-US: Projectsend CVE-2021-40883 RESERVED CVE-2021-40882 RESERVED CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...) NOT-FOR-US: PublicCMS CVE-2021-40880 RESERVED CVE-2021-40879 RESERVED CVE-2021-40878 RESERVED CVE-2021-40877 RESERVED CVE-2021-40876 RESERVED CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3014 re ...) NOT-FOR-US: Gurock TestRail CVE-2021-40874 RESERVED CVE-2021-40873 RESERVED CVE-2021-40872 RESERVED CVE-2021-40871 RESERVED CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...) NOT-FOR-US: Aviatrix Controller CVE-2021-40869 RESERVED CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...) NOT-FOR-US: Cloudron CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...) NOT-FOR-US: Netgear CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...) NOT-FOR-US: Netgear CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI ...) NOT-FOR-US: Grav CMS CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...) - atftp 0.7.git20210915-1 (bug #994895) [bullseye] - atftp 0.7.git20120829-3.3+deb11u1 [buster] - atftp 0.7.git20120829-3.2~deb10u2 [stretch] - atftp (Minor issue) NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/ CVE-2021-3798 [Soft token does not check if an EC key is valid] RESERVED - opencryptoki (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0) NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0 CVE-2021-40865 RESERVED CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...) NOT-FOR-US: Hestia Control Panel CVE-2021-3796 (vim is vulnerable to Use After Free ...) - vim 2:8.2.3455-1 (bug #994497) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/ NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...) NOT-FOR-US: Node semver-regex CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: vuelidate for Vue.js CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...) NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server CVE-2021-40863 RESERVED CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...) NOT-FOR-US: HashiCorp Terraform Enterprise CVE-2021-40861 RESERVED CVE-2021-40860 RESERVED CVE-2021-40859 RESERVED CVE-2021-40858 RESERVED CVE-2021-40857 RESERVED CVE-2021-40856 RESERVED CVE-2021-40855 RESERVED CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) NOT-FOR-US: AnyDesk CVE-2021-40853 RESERVED CVE-2021-40852 RESERVED CVE-2021-40851 RESERVED CVE-2021-40850 RESERVED CVE-2021-40849 RESERVED CVE-2021-40848 RESERVED CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...) NOT-FOR-US: Netgear CVE-2021-40846 RESERVED CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...) NOT-FOR-US: Zenitel CVE-2021-40844 RESERVED CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...) NOT-FOR-US: Proofpoint CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) NOT-FOR-US: Proofpoint CVE-2021-40841 RESERVED CVE-2021-40840 RESERVED CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) - python-rencode 1.0.6-2 [bullseye] - python-rencode (Minor issue) [buster] - python-rencode (Minor issue) [stretch] - python-rencode (Minor issue) NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 NOTE: https://github.com/aresch/rencode/pull/29 CVE-2021-40838 RESERVED CVE-2021-40837 RESERVED CVE-2021-40836 RESERVED CVE-2021-40835 RESERVED CVE-2021-40834 RESERVED CVE-2021-40833 RESERVED CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-40831 RESERVED CVE-2021-40830 RESERVED CVE-2021-40829 RESERVED CVE-2021-40828 RESERVED CVE-2021-40827 RESERVED CVE-2021-40826 RESERVED CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...) NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...) NOT-FOR-US: matrix-android-sdk2 CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) - element-web (bug #866502) - node-matrix-js-sdk (bug #994213) [bullseye] - node-matrix-js-sdk (Minor issue) [buster] - node-matrix-js-sdk (Minor issue) NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1) CVE-2021-40822 RESERVED CVE-2021-40821 RESERVED CVE-2021-40820 RESERVED CVE-2021-40819 RESERVED CVE-2021-3793 RESERVED CVE-2021-3792 RESERVED CVE-2021-3791 RESERVED CVE-2021-3790 RESERVED CVE-2021-3789 RESERVED CVE-2021-3788 RESERVED CVE-2021-3787 RESERVED CVE-2021-3786 RESERVED CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: yourls CVE-2021-3784 RESERVED CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: yourls CVE-2021-3782 RESERVED CVE-2021-3781 [Include device specifier strings in access validation] RESERVED {DSA-4972-1} - ghostscript 9.53.3~dfsg-8 (bug #994011) [buster] - ghostscript (Vulnerable code introduced later) [stretch] - ghostscript (Vulnerable code introduced later) NOTE: https://twitter.com/ducnt_/status/1434534373416574983 NOTE: https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704342 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20 CVE-2021-40817 RESERVED CVE-2021-40816 RESERVED CVE-2021-40815 RESERVED CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...) NOT-FOR-US: PrestaShop addon CVE-2021-40813 RESERVED CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...) - libgd2 [bullseye] - libgd2 (Minor issue) [buster] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385 NOTE: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 CVE-2021-40811 RESERVED CVE-2021-40810 RESERVED CVE-2021-40809 RESERVED CVE-2021-40808 RESERVED CVE-2021-40807 RESERVED CVE-2021-40806 RESERVED CVE-2021-40805 RESERVED CVE-2021-40804 RESERVED CVE-2021-40803 RESERVED CVE-2021-40802 RESERVED CVE-2021-40801 RESERVED CVE-2021-40800 RESERVED CVE-2021-40799 RESERVED CVE-2021-40798 RESERVED CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Neutron ...) - neutron 2:19.0.0-1 (unimportant; bug #994202) [bullseye] - neutron 2:17.2.1-0+deb11u1 [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 NOTE: https://launchpad.net/bugs/1942179 NOTE: neutron-api in Debian is served over UWSGI, cf. https://bugs.debian.org/994202 NOTE: and so serves the requests and stops the process. CVE-2021-40796 RESERVED CVE-2021-40795 RESERVED CVE-2021-40794 RESERVED CVE-2021-40793 RESERVED CVE-2021-40792 RESERVED CVE-2021-40791 RESERVED CVE-2021-40790 RESERVED CVE-2021-40789 RESERVED CVE-2021-40788 RESERVED CVE-2021-40787 RESERVED CVE-2021-40786 RESERVED CVE-2021-40785 RESERVED CVE-2021-40784 RESERVED CVE-2021-40783 RESERVED CVE-2021-40782 RESERVED CVE-2021-40781 RESERVED CVE-2021-40780 RESERVED CVE-2021-40779 RESERVED CVE-2021-40778 RESERVED CVE-2021-40777 RESERVED CVE-2021-40776 RESERVED CVE-2021-40775 RESERVED CVE-2021-40774 RESERVED CVE-2021-40773 RESERVED CVE-2021-40772 RESERVED CVE-2021-40771 RESERVED CVE-2021-40770 RESERVED CVE-2021-40769 RESERVED CVE-2021-40768 RESERVED CVE-2021-40767 RESERVED CVE-2021-40766 RESERVED CVE-2021-40765 RESERVED CVE-2021-40764 RESERVED CVE-2021-40763 RESERVED CVE-2021-40762 RESERVED CVE-2021-40761 RESERVED CVE-2021-40760 RESERVED CVE-2021-40759 RESERVED CVE-2021-40758 RESERVED CVE-2021-40757 RESERVED CVE-2021-40756 RESERVED CVE-2021-40755 RESERVED CVE-2021-40754 RESERVED CVE-2021-40753 RESERVED CVE-2021-40752 RESERVED CVE-2021-40751 RESERVED CVE-2021-40750 RESERVED CVE-2021-40749 RESERVED CVE-2021-40748 RESERVED CVE-2021-40747 RESERVED CVE-2021-40746 RESERVED CVE-2021-40745 RESERVED CVE-2021-40744 RESERVED CVE-2021-40743 RESERVED CVE-2021-40742 RESERVED CVE-2021-40741 RESERVED CVE-2021-40740 RESERVED CVE-2021-40739 RESERVED CVE-2021-40738 RESERVED CVE-2021-40737 RESERVED CVE-2021-40736 RESERVED CVE-2021-40735 RESERVED CVE-2021-40734 RESERVED CVE-2021-40733 RESERVED CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) NOT-FOR-US: Adobe CVE-2021-40731 RESERVED CVE-2021-40730 RESERVED CVE-2021-40729 RESERVED CVE-2021-40728 RESERVED CVE-2021-40727 RESERVED CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-40724 RESERVED CVE-2021-40723 RESERVED CVE-2021-40722 RESERVED CVE-2021-40721 RESERVED CVE-2021-40720 RESERVED CVE-2021-40719 RESERVED CVE-2021-40718 RESERVED CVE-2021-40717 RESERVED CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...) NOT-FOR-US: Adobe CVE-2021-40715 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40713 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40712 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40711 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40710 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-40709 (Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-40708 (Adobe Genuine Service versions 7.3 (and earlier) are affected by a pri ...) NOT-FOR-US: Adobe CVE-2021-40707 RESERVED CVE-2021-40706 RESERVED CVE-2021-40705 RESERVED CVE-2021-40704 RESERVED CVE-2021-40703 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40702 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40699 RESERVED CVE-2021-40698 RESERVED CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-40696 RESERVED CVE-2021-40695 RESERVED CVE-2021-40694 RESERVED CVE-2021-40693 RESERVED CVE-2021-40692 RESERVED CVE-2021-40691 RESERVED CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) {DLA-2767-1} - libxml-security-java 2.1.7-1 (bug #994569) NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) - peertube (bug #950821) CVE-2021-40689 RESERVED CVE-2021-40688 RESERVED CVE-2021-40687 RESERVED CVE-2021-40686 RESERVED CVE-2021-40685 RESERVED CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R ...) NOT-FOR-US: Talend ESB Runtime CVE-2021-XXXX [jwe cbc tag computation error] - rhonabwy 0.9.13-4 (bug #993866) [bullseye] - rhonabwy 0.9.13-3+deb11u1 NOTE: https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac (v1.0.0) CVE-2021-XXXX [jws alg:none signature verification issue] - rhonabwy 0.9.13-4 (bug #993866) [bullseye] - rhonabwy 0.9.13-3+deb11u1 NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0) CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...) - glewlwyd 2.5.2-3 (bug #993867) [bullseye] - glewlwyd 2.5.2-2+deb11u1 [buster] - glewlwyd (Minor issue; can be fixed via point release) NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2 CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...) NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client CVE-2021-40682 RESERVED CVE-2021-3779 RESERVED CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3455-1 (bug #994498) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: nodejs-tmpl CVE-2021-40681 RESERVED CVE-2021-40680 RESERVED CVE-2021-40679 RESERVED CVE-2021-40678 RESERVED CVE-2021-40677 RESERVED CVE-2021-40676 RESERVED CVE-2021-40675 RESERVED CVE-2021-40674 (An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyV ...) NOT-FOR-US: Wuzhi CMS CVE-2021-40673 RESERVED CVE-2021-40672 RESERVED CVE-2021-40671 RESERVED CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) NOT-FOR-US: Wuzhi CMS CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) NOT-FOR-US: Wuzhi CMS CVE-2021-40668 RESERVED CVE-2021-40667 RESERVED CVE-2021-40666 RESERVED CVE-2021-40665 RESERVED CVE-2021-40664 RESERVED CVE-2021-40663 RESERVED CVE-2021-40662 RESERVED CVE-2021-40661 RESERVED CVE-2021-40660 RESERVED CVE-2021-40659 RESERVED CVE-2021-40658 RESERVED CVE-2021-40657 RESERVED CVE-2021-40656 RESERVED CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...) NOT-FOR-US: D-Link CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...) NOT-FOR-US: D-Link CVE-2021-40653 RESERVED CVE-2021-40652 RESERVED CVE-2021-40651 (OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vu ...) NOT-FOR-US: OS4Ed OpenSIS Community CVE-2021-40650 RESERVED CVE-2021-40649 RESERVED CVE-2021-40648 RESERVED CVE-2021-40647 RESERVED CVE-2021-40646 RESERVED CVE-2021-40645 RESERVED CVE-2021-40644 RESERVED CVE-2021-40643 RESERVED CVE-2021-40642 RESERVED CVE-2021-40641 RESERVED CVE-2021-40640 RESERVED CVE-2021-40639 (Improper access control in Jfinal CMS 5.1.0 allows attackers to access ...) NOT-FOR-US: Jfinal CMS CVE-2021-40638 RESERVED CVE-2021-40637 RESERVED CVE-2021-40636 RESERVED CVE-2021-40635 RESERVED CVE-2021-40634 RESERVED CVE-2021-40633 RESERVED CVE-2021-40632 RESERVED CVE-2021-40631 RESERVED CVE-2021-40630 RESERVED CVE-2021-40629 RESERVED CVE-2021-40628 RESERVED CVE-2021-40627 RESERVED CVE-2021-40626 RESERVED CVE-2021-40625 RESERVED CVE-2021-40624 RESERVED CVE-2021-40623 RESERVED CVE-2021-40622 RESERVED CVE-2021-40621 RESERVED CVE-2021-40620 RESERVED CVE-2021-40619 RESERVED CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...) NOT-FOR-US: openSIS CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...) NOT-FOR-US: openSIS CVE-2021-40616 RESERVED CVE-2021-40615 RESERVED CVE-2021-40614 RESERVED CVE-2021-40613 RESERVED CVE-2021-40612 RESERVED CVE-2021-40611 RESERVED CVE-2021-40610 RESERVED CVE-2021-40609 RESERVED CVE-2021-40608 RESERVED CVE-2021-40607 RESERVED CVE-2021-40606 RESERVED CVE-2021-40605 RESERVED CVE-2021-40604 RESERVED CVE-2021-40603 RESERVED CVE-2021-40602 RESERVED CVE-2021-40601 RESERVED CVE-2021-40600 RESERVED CVE-2021-40599 RESERVED CVE-2021-40598 RESERVED CVE-2021-40597 RESERVED CVE-2021-40596 RESERVED CVE-2021-40595 RESERVED CVE-2021-40594 RESERVED CVE-2021-40593 RESERVED CVE-2021-40592 RESERVED CVE-2021-40591 RESERVED CVE-2021-40590 RESERVED CVE-2021-40589 RESERVED CVE-2021-40588 RESERVED CVE-2021-40587 RESERVED CVE-2021-40586 RESERVED CVE-2021-40585 RESERVED CVE-2021-40584 RESERVED CVE-2021-40583 RESERVED CVE-2021-40582 RESERVED CVE-2021-40581 RESERVED CVE-2021-40580 RESERVED CVE-2021-40579 RESERVED CVE-2021-40578 RESERVED CVE-2021-40577 RESERVED CVE-2021-40576 RESERVED CVE-2021-40575 RESERVED CVE-2021-40574 RESERVED CVE-2021-40573 RESERVED CVE-2021-40572 RESERVED CVE-2021-40571 RESERVED CVE-2021-40570 RESERVED CVE-2021-40569 RESERVED CVE-2021-40568 RESERVED CVE-2021-40567 RESERVED CVE-2021-40566 RESERVED CVE-2021-40565 RESERVED CVE-2021-40564 RESERVED CVE-2021-40563 RESERVED CVE-2021-40562 RESERVED CVE-2021-40561 RESERVED CVE-2021-40560 RESERVED CVE-2021-40559 RESERVED CVE-2021-40558 RESERVED CVE-2021-40557 RESERVED CVE-2021-40556 RESERVED CVE-2021-40555 RESERVED CVE-2021-40554 RESERVED CVE-2021-40553 RESERVED CVE-2021-40552 RESERVED CVE-2021-40551 RESERVED CVE-2021-40550 RESERVED CVE-2021-40549 RESERVED CVE-2021-40548 RESERVED CVE-2021-40547 RESERVED CVE-2021-40546 RESERVED CVE-2021-40545 RESERVED CVE-2021-40544 RESERVED CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulnerabili ...) NOT-FOR-US: openSIS CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...) NOT-FOR-US: openSIS CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...) NOT-FOR-US: PHP-Fusion CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...) - ulfius 2.7.1-2 (bug #993851) [bullseye] - ulfius 2.7.1-1+deb11u1 [buster] - ulfius 2.5.2-4+deb10u1 NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40538 RESERVED CVE-2021-40537 (Server Side Request Forgery (SSRF) vulnerability exists in owncloud/us ...) - owncloud CVE-2021-40536 RESERVED CVE-2021-40535 RESERVED CVE-2021-40534 RESERVED CVE-2021-40533 RESERVED CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...) NOT-FOR-US: tweb NOTE: https://github.com/morethanwords/tweb CVE-2021-40531 (Sketch before 75 mishandles external library feeds. ...) NOT-FOR-US: Sketch collaborative design (Mac or Web app) NOTE: sketch.com, not the sketch package in Debian. CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...) - libcrypto++ 8.6.0-1 (bug #993841) [bullseye] - libcrypto++ (Minor issue) [buster] - libcrypto++ (Minor issue) [stretch] - libcrypto++ (Minor issue) NOTE: https://eprint.iacr.org/2021/923 NOTE: https://github.com/weidai11/cryptopp/issues/1059 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 NOTE: https://github.com/weidai11/cryptopp/commit/bee8e8ca6658 (CRYPTOPP_8_6_0) CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...) - botan 2.18.1+dfsg-3 (bug #993840) - botan1.10 NOTE: https://eprint.iacr.org/2021/923 NOTE: https://github.com/randombit/botan/pull/2790 NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...) - libgcrypt20 1.9.4-2 [bullseye] - libgcrypt20 (Minor issue) [buster] - libgcrypt20 (Minor issue) [stretch] - libgcrypt20 (Minor issue) NOTE: https://eprint.iacr.org/2021/923 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x) NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on NOTE: a query). CVE-2021-40527 RESERVED CVE-2021-40526 RESERVED CVE-2021-40525 RESERVED CVE-2021-3776 RESERVED CVE-2021-3775 RESERVED CVE-2021-3774 RESERVED CVE-2021-3773 RESERVED NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3 NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html TODO: fill in tracking details CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associations] RESERVED - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694 CVE-2021-3771 RESERVED CVE-2021-40524 (In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the ...) - pure-ftpd (bug #993810) [bullseye] - pure-ftpd (Minor issue) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/pull/158 CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During negoti ...) NOT-FOR-US: Contiki CVE-2021-40522 RESERVED CVE-2021-40521 RESERVED CVE-2021-40520 RESERVED CVE-2021-40519 RESERVED CVE-2021-40518 RESERVED CVE-2021-40517 RESERVED CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...) {DLA-2770-1} - weechat 3.2.1-1 (bug #993803) NOTE: https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b CVE-2021-40515 RESERVED CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3455-1 (bug #994076) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/ NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402) NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 CVE-2021-3769 RESERVED CVE-2021-40514 RESERVED CVE-2021-40513 RESERVED CVE-2021-40512 RESERVED CVE-2021-40511 RESERVED CVE-2021-40510 RESERVED CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. ...) NOT-FOR-US: JForum2 CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: bookstack CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: bookstack CVE-2021-40508 RESERVED CVE-2021-40507 RESERVED CVE-2021-40506 RESERVED CVE-2021-40505 RESERVED CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...) NOT-FOR-US: Node objection.js CVE-2021-3765 RESERVED CVE-2021-40504 RESERVED CVE-2021-40503 RESERVED CVE-2021-40502 RESERVED CVE-2021-40501 RESERVED CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...) NOT-FOR-US: SAP CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...) NOT-FOR-US: SAP CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...) NOT-FOR-US: SAP CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...) NOT-FOR-US: SAP CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...) NOT-FOR-US: SAP CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...) NOT-FOR-US: SAP CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...) NOT-FOR-US: AdaptiveScale LXDUI CVE-2021-40493 (Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injecti ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...) NOT-FOR-US: Gibbon application CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40463 (Windows NAT Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...) NOT-FOR-US: Microsoft CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-40459 RESERVED CVE-2021-40458 RESERVED CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40453 RESERVED CVE-2021-40452 RESERVED CVE-2021-40451 RESERVED CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...) NOT-FOR-US: Microsoft CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-40446 RESERVED CVE-2021-40445 RESERVED CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-40442 RESERVED CVE-2021-40441 RESERVED CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function] RESERVED - linux 5.14.12-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467 NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) CVE-2021-3763 RESERVED NOT-FOR-US: Red Hat AMQ Broker CVE-2021-3762 RESERVED NOT-FOR-US: Quay/clair CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...) NOT-FOR-US: Apache OpenOffice CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...) {DSA-4982-1 DLA-2776-1} - apache2 2.4.49-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438 NOTE: Minimal fix: https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 (2.4.x) NOTE: Future-proof follow-up: https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 (2.4.x) NOTE: Regression fix #1: https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f (2.4.x) NOTE: Regression fix #2: https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c (2.4.x) CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...) - inetutils 2:2.2-1 (bug #993476) [bullseye] - inetutils (Minor issue) [buster] - inetutils (Minor issue) [stretch] - inetutils (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/ CVE-2021-40437 RESERVED CVE-2021-40436 RESERVED CVE-2021-40435 RESERVED CVE-2021-40434 RESERVED CVE-2021-40433 RESERVED CVE-2021-40432 RESERVED CVE-2021-40431 RESERVED CVE-2021-40430 RESERVED CVE-2021-40429 RESERVED CVE-2021-40428 RESERVED CVE-2021-40427 RESERVED CVE-2021-40426 RESERVED CVE-2021-40425 RESERVED CVE-2021-40424 RESERVED CVE-2021-40423 RESERVED CVE-2021-40422 RESERVED CVE-2021-40421 RESERVED CVE-2021-40420 RESERVED CVE-2021-40419 RESERVED CVE-2021-40418 RESERVED CVE-2021-40417 RESERVED CVE-2021-40416 RESERVED CVE-2021-40415 RESERVED CVE-2021-40414 RESERVED CVE-2021-40413 RESERVED CVE-2021-40412 RESERVED CVE-2021-40411 RESERVED CVE-2021-40410 RESERVED CVE-2021-40409 RESERVED CVE-2021-40408 RESERVED CVE-2021-40407 RESERVED CVE-2021-40406 RESERVED CVE-2021-40405 RESERVED CVE-2021-40404 RESERVED CVE-2021-40403 RESERVED CVE-2021-40402 RESERVED CVE-2021-40401 RESERVED CVE-2021-40400 RESERVED CVE-2021-40399 RESERVED CVE-2021-40398 RESERVED CVE-2021-40397 RESERVED CVE-2021-40396 RESERVED CVE-2021-40395 RESERVED CVE-2021-40394 RESERVED CVE-2021-40393 RESERVED CVE-2021-40392 RESERVED CVE-2021-40391 RESERVED CVE-2021-40390 RESERVED CVE-2021-40389 RESERVED CVE-2021-40388 RESERVED CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) NOT-FOR-US: Kaseya Unitrends Backup Software CVE-2021-40386 RESERVED CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) NOT-FOR-US: Kaseya Unitrends Backup Software CVE-2021-40384 RESERVED CVE-2021-40383 RESERVED CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40380 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...) NOT-FOR-US: SmarterTools CVE-2021-40376 RESERVED CVE-2021-40375 RESERVED CVE-2021-40374 RESERVED CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...) NOT-FOR-US: playSMS CVE-2021-40372 RESERVED CVE-2021-40371 RESERVED CVE-2021-40370 RESERVED CVE-2021-40369 RESERVED CVE-2021-40368 RESERVED CVE-2021-40367 RESERVED CVE-2021-40366 RESERVED CVE-2021-40365 RESERVED CVE-2021-40364 RESERVED CVE-2021-40363 RESERVED CVE-2021-40362 RESERVED CVE-2021-40361 RESERVED CVE-2021-40360 RESERVED CVE-2021-40359 RESERVED CVE-2021-40358 RESERVED CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) NOT-FOR-US: Siemens CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...) - cfrpki 1.3.0-1 (bug #994572) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 CVE-2021-3760 RESERVED CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) NOT-FOR-US: openSIS CVE-2021-40352 (OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Re ...) NOT-FOR-US: OpenEMR CVE-2021-40351 RESERVED CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows at ...) NOT-FOR-US: Christie Digital DWU850-GS V06.46 devices CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack th ...) NOT-FOR-US: e7d Speed Test CVE-2021-40348 RESERVED CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...) {DSA-4970-1} - postorius 1.3.5-1 (bug #993746) NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b NOTE: https://phabricator.wikimedia.org/T289798 CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...) {DSA-4968-1} - haproxy 2.2.16-3 [buster] - haproxy (Vulnerable code not present) [stretch] - haproxy (Vulnerable code not present) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 CVE-2021-40345 RESERVED CVE-2021-40344 RESERVED CVE-2021-40343 RESERVED CVE-2021-40342 RESERVED CVE-2021-40341 RESERVED CVE-2021-40340 RESERVED CVE-2021-40339 RESERVED CVE-2021-40338 RESERVED CVE-2021-40337 RESERVED CVE-2021-40336 RESERVED CVE-2021-40335 RESERVED CVE-2021-40334 RESERVED CVE-2021-40333 RESERVED CVE-2021-40332 RESERVED CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks] RESERVED - linux NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/ CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF) ...) NOT-FOR-US: bookstack CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...) NOT-FOR-US: Node immer NOTE: https://github.com/immerjs/immer CVE-2021-40331 RESERVED CVE-2021-3756 RESERVED CVE-2021-3755 RESERVED CVE-2021-3754 RESERVED CVE-2021-3753 RESERVED {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 CVE-2021-3752 RESERVED - linux NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4 CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...) - git 1:2.30.1-1 [bullseye] - git (Minor issue) [buster] - git (Minor issue) [stretch] - git (Minor issue) NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473 CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...) NOT-FOR-US: Ping Identity PingFederate CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...) - libmobi (bug #966677) CVE-2021-40328 RESERVED CVE-2021-40327 RESERVED CVE-2021-40326 RESERVED CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...) - cobbler CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...) - cobbler CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...) - cobbler CVE-2021-40322 RESERVED CVE-2021-40321 RESERVED CVE-2021-40320 RESERVED CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free] RESERVED - qemu [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) [stretch] - qemu (Fix along with a future DLA) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541 NOTE: Fix for whole class of DMA MMIO reentrancy issues: https://gitlab.com/qemu-project/qemu/-/issues/556 NOTE: Patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...) - node-axios 0.21.3+dfsg-1 [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1 [buster] - node-axios 0.17.1+dfsg-2+deb10u1 NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 NOTE: https://github.com/axios/axios/pull/3980 CVE-2021-3748 [virtio-net: heap use-after-free in virtio_net_receive_rcu] RESERVED {DSA-4980-1} - qemu 1:6.1+dfsg-6 (bug #993401) [stretch] - qemu (Fix along with a future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514 CVE-2021-40319 RESERVED CVE-2021-40318 RESERVED CVE-2021-40317 RESERVED CVE-2021-40316 RESERVED CVE-2021-40315 RESERVED CVE-2021-40314 RESERVED CVE-2021-40313 RESERVED CVE-2021-40312 RESERVED CVE-2021-40311 RESERVED CVE-2021-40310 (OpenSIS Community Edition version 8.0 is affected by a cross-site scri ...) NOT-FOR-US: OpenSIS CVE-2021-40309 (A SQL injection vulnerability exists in the Take Attendance functional ...) NOT-FOR-US: OpenSIS CVE-2021-40308 RESERVED CVE-2021-40307 RESERVED CVE-2021-40306 RESERVED CVE-2021-40305 RESERVED CVE-2021-40304 RESERVED CVE-2021-40303 RESERVED CVE-2021-40302 RESERVED CVE-2021-40301 RESERVED CVE-2021-40300 RESERVED CVE-2021-40299 RESERVED CVE-2021-40298 RESERVED CVE-2021-40297 RESERVED CVE-2021-40296 RESERVED CVE-2021-40295 RESERVED CVE-2021-40294 RESERVED CVE-2021-40293 RESERVED CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...) NOT-FOR-US: DzzOffice CVE-2021-40291 RESERVED CVE-2021-40290 RESERVED CVE-2021-40289 RESERVED CVE-2021-40288 RESERVED CVE-2021-40287 RESERVED CVE-2021-40286 RESERVED CVE-2021-40285 RESERVED CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...) NOT-FOR-US: D-Link CVE-2021-40283 RESERVED CVE-2021-40282 RESERVED CVE-2021-40281 RESERVED CVE-2021-40280 RESERVED CVE-2021-40279 RESERVED CVE-2021-40278 RESERVED CVE-2021-40277 RESERVED CVE-2021-40276 RESERVED CVE-2021-40275 RESERVED CVE-2021-40274 RESERVED CVE-2021-40273 RESERVED CVE-2021-40272 RESERVED CVE-2021-40271 RESERVED CVE-2021-40270 RESERVED CVE-2021-40269 RESERVED CVE-2021-40268 RESERVED CVE-2021-40267 RESERVED CVE-2021-40266 RESERVED CVE-2021-40265 RESERVED CVE-2021-40264 RESERVED CVE-2021-40263 RESERVED CVE-2021-40262 RESERVED CVE-2021-40261 RESERVED CVE-2021-40260 RESERVED CVE-2021-40259 RESERVED CVE-2021-40258 RESERVED CVE-2021-40257 RESERVED CVE-2021-40256 RESERVED CVE-2021-40255 RESERVED CVE-2021-40254 RESERVED CVE-2021-40253 RESERVED CVE-2021-40252 RESERVED CVE-2021-40251 RESERVED CVE-2021-40250 RESERVED CVE-2021-40249 RESERVED CVE-2021-40248 RESERVED CVE-2021-40247 RESERVED CVE-2021-40246 RESERVED CVE-2021-40245 RESERVED CVE-2021-40244 RESERVED CVE-2021-40243 RESERVED CVE-2021-40242 RESERVED CVE-2021-40241 RESERVED CVE-2021-40240 RESERVED CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...) NOT-FOR-US: Miniftpd CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...) NOT-FOR-US: Webuzo CVE-2021-40237 RESERVED CVE-2021-40236 RESERVED CVE-2021-40235 RESERVED CVE-2021-40234 RESERVED CVE-2021-40233 RESERVED CVE-2021-40232 RESERVED CVE-2021-40231 RESERVED CVE-2021-40230 RESERVED CVE-2021-40229 RESERVED CVE-2021-40228 RESERVED CVE-2021-40227 RESERVED CVE-2021-40226 RESERVED CVE-2021-40225 RESERVED CVE-2021-40224 RESERVED CVE-2021-40223 (Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitiz ...) NOT-FOR-US: Rittal CMC PU III Web management CVE-2021-40222 (Rittal CMC PU III Web management Version affected: V3.11.00_2. Version ...) NOT-FOR-US: Rittal CMC PU III Web management CVE-2021-40221 RESERVED CVE-2021-40220 RESERVED CVE-2021-40219 RESERVED CVE-2021-40218 RESERVED CVE-2021-40217 RESERVED CVE-2021-40216 RESERVED CVE-2021-40215 RESERVED CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...) NOT-FOR-US: Gibbon CVE-2021-40213 RESERVED CVE-2021-40212 RESERVED CVE-2021-40211 RESERVED CVE-2021-40210 RESERVED CVE-2021-40209 RESERVED CVE-2021-40208 RESERVED CVE-2021-40207 RESERVED CVE-2021-40206 RESERVED CVE-2021-40205 RESERVED CVE-2021-40204 RESERVED CVE-2021-40203 RESERVED CVE-2021-40202 RESERVED CVE-2021-40201 RESERVED CVE-2021-40200 RESERVED CVE-2021-40199 RESERVED CVE-2021-40198 RESERVED CVE-2021-40197 RESERVED CVE-2021-40196 RESERVED CVE-2021-40195 RESERVED CVE-2021-40194 RESERVED CVE-2021-40193 RESERVED CVE-2021-40192 RESERVED CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...) NOT-FOR-US: Dzzoffice CVE-2021-40190 RESERVED CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...) NOT-FOR-US: PHP-Fusion CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...) NOT-FOR-US: PHP-Fusion CVE-2021-40187 RESERVED CVE-2021-40186 RESERVED CVE-2021-40185 RESERVED CVE-2021-40184 RESERVED CVE-2021-40183 RESERVED CVE-2021-40182 RESERVED CVE-2021-40181 RESERVED CVE-2021-40180 RESERVED CVE-2021-40179 RESERVED CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the L ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40177 (Zoho ManageEngine Log360 before Build 5225 allows remote code executio ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40176 (Zoho ManageEngine Log360 before Build 5225 allows stored XSS. ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40175 (Zoho ManageEngine Log360 before Build 5219 allows unrestricted file up ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40174 (Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for di ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40171 RESERVED CVE-2021-40170 RESERVED CVE-2021-40169 RESERVED CVE-2021-40168 RESERVED CVE-2021-40167 RESERVED CVE-2021-40166 RESERVED CVE-2021-40165 RESERVED CVE-2021-40164 RESERVED CVE-2021-40163 RESERVED CVE-2021-40162 RESERVED CVE-2021-40161 RESERVED CVE-2021-40160 RESERVED CVE-2021-40159 RESERVED CVE-2021-40158 RESERVED CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...) NOT-FOR-US: Autodesk CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) NOT-FOR-US: Autodesk CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) NOT-FOR-US: Autodesk CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...) NOT-FOR-US: Multipass CVE-2021-40154 RESERVED CVE-2021-40152 RESERVED CVE-2021-40151 RESERVED CVE-2021-3746 RESERVED CVE-2021-3745 RESERVED CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()] RESERVED - linux 5.14.12-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627 NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...) {DSA-4967-1 DLA-2752-1} [experimental] - squashfs-tools 1:4.5-1 - squashfs-tools 1:4.5-2 NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790 NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5) NOTE: https://github.com/plougher/squashfs-tools/issues/72 CVE-2021-40150 RESERVED CVE-2021-40149 RESERVED CVE-2021-40148 RESERVED CVE-2021-3743 RESERVED {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://lists.openwall.net/netdev/2021/08/17/124 NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117 CVE-2021-3742 RESERVED CVE-2021-3741 RESERVED CVE-2021-3740 RESERVED CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...) NOT-FOR-US: EmTec ZOC CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...) NOT-FOR-US: Apache Any23 CVE-2021-3738 RESERVED CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server] RESERVED [experimental] - python3.9 3.9.6-1 - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 [buster] - python3.7 (Minor issue) - python3.5 - python3.4 NOTE: https://bugs.python.org/issue44022 NOTE: https://github.com/python/cpython/pull/25916 NOTE: https://github.com/python/cpython/pull/26503 NOTE: https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2) NOTE: https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6) NOTE: https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11) NOTE: https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11) NOTE: https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14) NOTE: Needs the "Improve the regression test" followup: NOTE: https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3) NOTE: https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6) NOTE: https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch) NOTE: https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11) NOTE: https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14 CVE-2021-3736 RESERVED CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ...) - libgd2 [bullseye] - libgd2 (Minor issue) [buster] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) NOTE: https://github.com/libgd/libgd/issues/700 NOTE: https://github.com/libgd/libgd/pull/713 NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af CVE-2021-40144 RESERVED CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...) NOT-FOR-US: Sonatype CVE-2021-40142 (In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, re ...) NOT-FOR-US: OPC Foundation Local Discovery Server (LDS) CVE-2021-40141 RESERVED CVE-2021-40140 RESERVED CVE-2021-40139 RESERVED CVE-2021-40138 RESERVED CVE-2021-40137 RESERVED CVE-2021-40136 RESERVED CVE-2021-40135 RESERVED CVE-2021-40134 RESERVED CVE-2021-40133 RESERVED CVE-2021-40132 RESERVED CVE-2021-40131 RESERVED CVE-2021-40130 RESERVED CVE-2021-40129 RESERVED CVE-2021-40128 RESERVED CVE-2021-40127 RESERVED CVE-2021-40126 RESERVED CVE-2021-40125 RESERVED CVE-2021-40124 RESERVED CVE-2021-40123 RESERVED CVE-2021-40122 RESERVED CVE-2021-40121 RESERVED CVE-2021-40120 RESERVED CVE-2021-40119 RESERVED CVE-2021-40118 RESERVED CVE-2021-40117 RESERVED CVE-2021-40116 RESERVED CVE-2021-40115 RESERVED CVE-2021-40114 RESERVED CVE-2021-40113 RESERVED CVE-2021-40112 RESERVED CVE-2021-40111 RESERVED CVE-2021-40110 RESERVED CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...) NOT-FOR-US: Concrete CMS CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...) NOT-FOR-US: Concrete CMS CVE-2021-40107 RESERVED CVE-2021-40106 (An issue was discovered in Concrete CMS through 8.5.5. There is unauth ...) NOT-FOR-US: Concrete CMS CVE-2021-40105 (An issue was discovered in Concrete CMS through 8.5.5. There is XSS vi ...) NOT-FOR-US: Concrete CMS CVE-2021-40104 (An issue was discovered in Concrete CMS through 8.5.5. There is an SVG ...) NOT-FOR-US: Concrete CMS CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) NOT-FOR-US: Concrete CMS CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...) NOT-FOR-US: Concrete CMS CVE-2021-40101 RESERVED CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...) NOT-FOR-US: Concrete CMS CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...) NOT-FOR-US: Concrete CMS CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) NOT-FOR-US: Concrete CMS CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...) NOT-FOR-US: Concrete CMS CVE-2021-40096 RESERVED CVE-2021-40095 RESERVED CVE-2021-40094 RESERVED CVE-2021-40093 RESERVED CVE-2021-40092 RESERVED CVE-2021-40091 RESERVED CVE-2021-40090 RESERVED CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Pu ...) NOT-FOR-US: PrimeKey CVE-2021-40088 (An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode ca ...) NOT-FOR-US: PrimeKey CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit log ...) NOT-FOR-US: PrimeKey CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...) NOT-FOR-US: PrimeKey CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...) {DSA-4983-1 DLA-2781-1} - neutron 2:18.1.0-3 (bug #993398) NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2 NOTE: https://launchpad.net/bugs/1939733 CVE-2021-40082 RESERVED CVE-2021-40081 RESERVED CVE-2021-3739 RESERVED {DSA-4978-1} - linux 5.14.6-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3 CVE-2021-3735 [ahci: deadlock issue leads to denial of service] RESERVED - qemu [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) [stretch] - qemu (Fix along with a future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184 CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...) [experimental] - knot-resolver 5.4.1-1 - knot-resolver 5.4.1-2 (bug #991463) [bullseye] - knot-resolver (Minor issue; can be fixed via point release) [buster] - knot-resolver (Vulnerable code introduced later) NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169 NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1) CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or ...) NOT-FOR-US: yourls CVE-2021-40080 RESERVED CVE-2021-40079 RESERVED CVE-2021-40078 RESERVED CVE-2021-40077 RESERVED CVE-2021-40076 RESERVED CVE-2021-40075 RESERVED CVE-2021-40074 RESERVED CVE-2021-40073 RESERVED CVE-2021-40072 RESERVED CVE-2021-40071 RESERVED CVE-2021-40070 RESERVED CVE-2021-40069 RESERVED CVE-2021-40068 RESERVED CVE-2021-40067 (The access controls on the Mobility read-write API improperly validate ...) NOT-FOR-US: Mobility CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...) NOT-FOR-US: Mobility CVE-2021-40065 RESERVED CVE-2021-40064 RESERVED CVE-2021-40063 RESERVED CVE-2021-40062 RESERVED CVE-2021-40061 RESERVED CVE-2021-40060 RESERVED CVE-2021-40059 RESERVED CVE-2021-40058 RESERVED CVE-2021-40057 RESERVED CVE-2021-40056 RESERVED CVE-2021-40055 RESERVED CVE-2021-40054 RESERVED CVE-2021-40053 RESERVED CVE-2021-40052 RESERVED CVE-2021-40051 RESERVED CVE-2021-40050 RESERVED CVE-2021-40049 RESERVED CVE-2021-40048 RESERVED CVE-2021-40047 RESERVED CVE-2021-40046 RESERVED CVE-2021-40045 RESERVED CVE-2021-40044 RESERVED CVE-2021-40043 RESERVED CVE-2021-40042 RESERVED CVE-2021-40041 RESERVED CVE-2021-40040 RESERVED CVE-2021-40039 RESERVED CVE-2021-40038 RESERVED CVE-2021-40037 RESERVED CVE-2021-40036 RESERVED CVE-2021-40035 RESERVED CVE-2021-40034 RESERVED CVE-2021-40033 RESERVED CVE-2021-40032 RESERVED CVE-2021-40031 RESERVED CVE-2021-40030 RESERVED CVE-2021-40029 RESERVED CVE-2021-40028 RESERVED CVE-2021-40027 RESERVED CVE-2021-40026 RESERVED CVE-2021-40025 RESERVED CVE-2021-40024 RESERVED CVE-2021-40023 RESERVED CVE-2021-40022 RESERVED CVE-2021-40021 RESERVED CVE-2021-40020 RESERVED CVE-2021-40019 RESERVED CVE-2021-40018 RESERVED CVE-2021-40017 RESERVED CVE-2021-40016 RESERVED CVE-2021-40015 RESERVED CVE-2021-40014 RESERVED CVE-2021-40013 RESERVED CVE-2021-40012 RESERVED CVE-2021-40011 RESERVED CVE-2021-40010 RESERVED CVE-2021-40009 RESERVED CVE-2021-40008 RESERVED CVE-2021-40007 RESERVED CVE-2021-40006 RESERVED CVE-2021-40005 RESERVED CVE-2021-40004 RESERVED CVE-2021-40003 RESERVED CVE-2021-40002 RESERVED CVE-2021-40001 RESERVED CVE-2021-40000 RESERVED CVE-2021-39999 RESERVED CVE-2021-39998 RESERVED CVE-2021-39997 RESERVED CVE-2021-39996 RESERVED CVE-2021-39995 RESERVED CVE-2021-39994 RESERVED CVE-2021-39993 RESERVED CVE-2021-39992 RESERVED CVE-2021-39991 RESERVED CVE-2021-39990 RESERVED CVE-2021-39989 RESERVED CVE-2021-39988 RESERVED CVE-2021-39987 RESERVED CVE-2021-39986 RESERVED CVE-2021-39985 RESERVED CVE-2021-39984 RESERVED CVE-2021-39983 RESERVED CVE-2021-39982 RESERVED CVE-2021-39981 RESERVED CVE-2021-39980 RESERVED CVE-2021-39979 RESERVED CVE-2021-39978 RESERVED CVE-2021-39977 RESERVED CVE-2021-39976 RESERVED CVE-2021-39975 RESERVED CVE-2021-39974 RESERVED CVE-2021-39973 RESERVED CVE-2021-39972 RESERVED CVE-2021-39971 RESERVED CVE-2021-39970 RESERVED CVE-2021-39969 RESERVED CVE-2021-39968 RESERVED CVE-2021-39967 RESERVED CVE-2021-39966 RESERVED CVE-2021-39965 RESERVED CVE-2021-39964 RESERVED CVE-2021-39963 RESERVED CVE-2021-39962 RESERVED CVE-2021-39961 RESERVED CVE-2021-39960 RESERVED CVE-2021-39959 RESERVED CVE-2021-39958 RESERVED CVE-2021-39957 RESERVED CVE-2021-39956 RESERVED CVE-2021-39955 RESERVED CVE-2021-39954 RESERVED CVE-2021-39953 RESERVED CVE-2021-39952 RESERVED CVE-2021-39951 RESERVED CVE-2021-39950 RESERVED CVE-2021-39949 RESERVED CVE-2021-39948 RESERVED CVE-2021-39947 RESERVED CVE-2021-39946 RESERVED CVE-2021-39945 RESERVED CVE-2021-39944 RESERVED CVE-2021-39943 RESERVED CVE-2021-39942 RESERVED CVE-2021-39941 RESERVED CVE-2021-39940 RESERVED CVE-2021-39939 RESERVED CVE-2021-39938 RESERVED CVE-2021-39937 RESERVED CVE-2021-39936 RESERVED CVE-2021-39935 RESERVED CVE-2021-39934 RESERVED CVE-2021-39933 RESERVED CVE-2021-39932 RESERVED CVE-2021-39931 RESERVED CVE-2021-39930 RESERVED CVE-2021-39929 RESERVED CVE-2021-39928 RESERVED CVE-2021-39927 RESERVED CVE-2021-39926 RESERVED CVE-2021-39925 RESERVED CVE-2021-39924 RESERVED CVE-2021-39923 RESERVED CVE-2021-39922 RESERVED CVE-2021-39921 RESERVED CVE-2021-39920 RESERVED CVE-2021-39919 RESERVED CVE-2021-39918 RESERVED CVE-2021-39917 RESERVED CVE-2021-39916 RESERVED CVE-2021-39915 RESERVED CVE-2021-39914 RESERVED CVE-2021-39913 RESERVED CVE-2021-39912 RESERVED CVE-2021-39911 RESERVED CVE-2021-39910 RESERVED CVE-2021-39909 RESERVED CVE-2021-39908 RESERVED CVE-2021-39907 RESERVED CVE-2021-39906 RESERVED CVE-2021-39905 RESERVED CVE-2021-39904 RESERVED CVE-2021-39903 RESERVED CVE-2021-39902 RESERVED CVE-2021-39901 RESERVED CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...) - gitlab CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...) - gitlab CVE-2021-39898 RESERVED CVE-2021-39897 RESERVED CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...) - gitlab CVE-2021-39895 RESERVED CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...) - gitlab CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) - gitlab CVE-2021-39892 RESERVED CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab CVE-2021-39890 RESERVED CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...) - gitlab CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...) - gitlab CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5 ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows subgroup ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...) - gitlab CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...) - gitlab CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...) - gitlab - ruby-apollo-upload-server TODO: reach out for details CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...) - gitlab CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...) - gitlab CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...) - gitlab CVE-2021-39876 RESERVED CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...) - gitlab CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...) - gitlab CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...) - gitlab CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...) - gitlab CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...) - gitlab CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...) - gitlab CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...) - gitlab CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...) - gitlab CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...) - gitlab CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...) - gitlab CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39864 RESERVED CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...) NOT-FOR-US: Adobe CVE-2021-39859 RESERVED CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...) NOT-FOR-US: Adobe CVE-2021-39856 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-39855 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-39854 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39853 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39852 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39851 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39850 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39848 RESERVED CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...) NOT-FOR-US: Adobe CVE-2021-39846 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39845 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39844 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39843 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39842 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39841 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39840 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39839 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39838 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39837 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39836 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39835 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39834 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39833 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39832 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39831 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39830 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39829 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39828 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a p ...) NOT-FOR-US: Adobe CVE-2021-39827 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) NOT-FOR-US: Adobe CVE-2021-39826 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) NOT-FOR-US: Adobe CVE-2021-39825 (Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and e ...) NOT-FOR-US: Adobe CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...) NOT-FOR-US: Adobe CVE-2021-39822 RESERVED CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2021-39820 RESERVED CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39815 RESERVED CVE-2021-39814 RESERVED CVE-2021-39813 RESERVED CVE-2021-39812 RESERVED CVE-2021-39811 RESERVED CVE-2021-39810 RESERVED CVE-2021-39809 RESERVED CVE-2021-39808 RESERVED CVE-2021-39807 RESERVED CVE-2021-39806 RESERVED CVE-2021-39805 RESERVED CVE-2021-39804 RESERVED CVE-2021-39803 RESERVED CVE-2021-39802 RESERVED CVE-2021-39801 RESERVED CVE-2021-39800 RESERVED CVE-2021-39799 RESERVED CVE-2021-39798 RESERVED CVE-2021-39797 RESERVED CVE-2021-39796 RESERVED CVE-2021-39795 RESERVED CVE-2021-39794 RESERVED CVE-2021-39793 RESERVED CVE-2021-39792 RESERVED CVE-2021-39791 RESERVED CVE-2021-39790 RESERVED CVE-2021-39789 RESERVED CVE-2021-39788 RESERVED CVE-2021-39787 RESERVED CVE-2021-39786 RESERVED CVE-2021-39785 RESERVED CVE-2021-39784 RESERVED CVE-2021-39783 RESERVED CVE-2021-39782 RESERVED CVE-2021-39781 RESERVED CVE-2021-39780 RESERVED CVE-2021-39779 RESERVED CVE-2021-39778 RESERVED CVE-2021-39777 RESERVED CVE-2021-39776 RESERVED CVE-2021-39775 RESERVED CVE-2021-39774 RESERVED CVE-2021-39773 RESERVED CVE-2021-39772 RESERVED CVE-2021-39771 RESERVED CVE-2021-39770 RESERVED CVE-2021-39769 RESERVED CVE-2021-39768 RESERVED CVE-2021-39767 RESERVED CVE-2021-39766 RESERVED CVE-2021-39765 RESERVED CVE-2021-39764 RESERVED CVE-2021-39763 RESERVED CVE-2021-39762 RESERVED CVE-2021-39761 RESERVED CVE-2021-39760 RESERVED CVE-2021-39759 RESERVED CVE-2021-39758 RESERVED CVE-2021-39757 RESERVED CVE-2021-39756 RESERVED CVE-2021-39755 RESERVED CVE-2021-39754 RESERVED CVE-2021-39753 RESERVED CVE-2021-39752 RESERVED CVE-2021-39751 RESERVED CVE-2021-39750 RESERVED CVE-2021-39749 RESERVED CVE-2021-39748 RESERVED CVE-2021-39747 RESERVED CVE-2021-39746 RESERVED CVE-2021-39745 RESERVED CVE-2021-39744 RESERVED CVE-2021-39743 RESERVED CVE-2021-39742 RESERVED CVE-2021-39741 RESERVED CVE-2021-39740 RESERVED CVE-2021-39739 RESERVED CVE-2021-39738 RESERVED CVE-2021-39737 RESERVED CVE-2021-39736 RESERVED CVE-2021-39735 RESERVED CVE-2021-39734 RESERVED CVE-2021-39733 RESERVED CVE-2021-39732 RESERVED CVE-2021-39731 RESERVED CVE-2021-39730 RESERVED CVE-2021-39729 RESERVED CVE-2021-39728 RESERVED CVE-2021-39727 RESERVED CVE-2021-39726 RESERVED CVE-2021-39725 RESERVED CVE-2021-39724 RESERVED CVE-2021-39723 RESERVED CVE-2021-39722 RESERVED CVE-2021-39721 RESERVED CVE-2021-39720 RESERVED CVE-2021-39719 RESERVED CVE-2021-39718 RESERVED CVE-2021-39717 RESERVED CVE-2021-39716 RESERVED CVE-2021-39715 RESERVED CVE-2021-39714 RESERVED CVE-2021-39713 RESERVED CVE-2021-39712 RESERVED CVE-2021-39711 RESERVED CVE-2021-39710 RESERVED CVE-2021-39709 RESERVED CVE-2021-39708 RESERVED CVE-2021-39707 RESERVED CVE-2021-39706 RESERVED CVE-2021-39705 RESERVED CVE-2021-39704 RESERVED CVE-2021-39703 RESERVED CVE-2021-39702 RESERVED CVE-2021-39701 RESERVED CVE-2021-39700 RESERVED CVE-2021-39699 RESERVED CVE-2021-39698 RESERVED CVE-2021-39697 RESERVED CVE-2021-39696 RESERVED CVE-2021-39695 RESERVED CVE-2021-39694 RESERVED CVE-2021-39693 RESERVED CVE-2021-39692 RESERVED CVE-2021-39691 RESERVED CVE-2021-39690 RESERVED CVE-2021-39689 RESERVED CVE-2021-39688 RESERVED CVE-2021-39687 RESERVED CVE-2021-39686 RESERVED CVE-2021-39685 RESERVED CVE-2021-39684 RESERVED CVE-2021-39683 RESERVED CVE-2021-39682 RESERVED CVE-2021-39681 RESERVED CVE-2021-39680 RESERVED CVE-2021-39679 RESERVED CVE-2021-39678 RESERVED CVE-2021-39677 RESERVED CVE-2021-39676 RESERVED CVE-2021-39675 RESERVED CVE-2021-39674 RESERVED CVE-2021-39673 RESERVED CVE-2021-39672 RESERVED CVE-2021-39671 RESERVED CVE-2021-39670 RESERVED CVE-2021-39669 RESERVED CVE-2021-39668 RESERVED CVE-2021-39667 RESERVED CVE-2021-39666 RESERVED CVE-2021-39665 RESERVED CVE-2021-39664 RESERVED CVE-2021-39663 RESERVED CVE-2021-39662 RESERVED CVE-2021-39661 RESERVED CVE-2021-39660 RESERVED CVE-2021-39659 RESERVED CVE-2021-39658 RESERVED CVE-2021-39657 RESERVED CVE-2021-39656 RESERVED CVE-2021-39655 RESERVED CVE-2021-39654 RESERVED CVE-2021-39653 RESERVED CVE-2021-39652 RESERVED CVE-2021-39651 RESERVED CVE-2021-39650 RESERVED CVE-2021-39649 RESERVED CVE-2021-39648 RESERVED CVE-2021-39647 RESERVED CVE-2021-39646 RESERVED CVE-2021-39645 RESERVED CVE-2021-39644 RESERVED CVE-2021-39643 RESERVED CVE-2021-39642 RESERVED CVE-2021-39641 RESERVED CVE-2021-39640 RESERVED CVE-2021-39639 RESERVED CVE-2021-39638 RESERVED CVE-2021-39637 RESERVED CVE-2021-39636 RESERVED CVE-2021-39635 RESERVED CVE-2021-39634 RESERVED CVE-2021-39633 RESERVED CVE-2021-39632 RESERVED CVE-2021-39631 RESERVED CVE-2021-39630 RESERVED CVE-2021-39629 RESERVED CVE-2021-39628 RESERVED CVE-2021-39627 RESERVED CVE-2021-39626 RESERVED CVE-2021-39625 RESERVED CVE-2021-39624 RESERVED CVE-2021-39623 RESERVED CVE-2021-39622 RESERVED CVE-2021-39621 RESERVED CVE-2021-39620 RESERVED CVE-2021-39619 RESERVED CVE-2021-39618 RESERVED CVE-2021-39617 RESERVED CVE-2021-39616 RESERVED CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs] RESERVED - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 [buster] - python3.7 (Minor issue) - python3.5 [stretch] - python3.5 (Minor issue) NOTE: https://bugs.python.org/issue43075 NOTE: https://github.com/python/cpython/pull/24391 NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master) NOTE: https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5) NOTE: https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10) NOTE: https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11) NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14) CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files] RESERVED {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249 NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631 CVE-2021-39615 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains ...) NOT-FOR-US: D-Link CVE-2021-39614 (D-Link DVX-2000MS contains hard-coded credentials for undocumented use ...) NOT-FOR-US: D-Link CVE-2021-39613 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1 ...) NOT-FOR-US: D-Link CVE-2021-39612 RESERVED CVE-2021-39611 RESERVED CVE-2021-39610 RESERVED CVE-2021-39609 (Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 v ...) NOT-FOR-US: FlatCore-CMS CVE-2021-39608 (Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 ...) NOT-FOR-US: FlatCore-CMS CVE-2021-39607 RESERVED CVE-2021-39606 RESERVED CVE-2021-39605 RESERVED CVE-2021-39604 RESERVED CVE-2021-39603 RESERVED CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd fu ...) NOT-FOR-US: Miniftpd CVE-2021-39601 RESERVED CVE-2021-39600 RESERVED CVE-2021-39599 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS ...) NOT-FOR-US: CXUUCMS CVE-2021-39598 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/145 CVE-2021-39597 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/143 CVE-2021-39596 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/146 CVE-2021-39595 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/141 CVE-2021-39594 (Other An issue was discovered in swftools through 20200710. A NULL poi ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/142 CVE-2021-39593 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/139 CVE-2021-39592 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/138 CVE-2021-39591 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/135 CVE-2021-39590 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/137 CVE-2021-39589 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/132 CVE-2021-39588 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/131 CVE-2021-39587 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/129 CVE-2021-39586 RESERVED CVE-2021-39585 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/133 CVE-2021-39584 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/130 CVE-2021-39583 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/136 CVE-2021-39582 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/122 CVE-2021-39581 RESERVED CVE-2021-39580 RESERVED CVE-2021-39579 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/125 CVE-2021-39578 RESERVED CVE-2021-39577 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/121 CVE-2021-39576 RESERVED CVE-2021-39575 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/128 CVE-2021-39574 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/124 CVE-2021-39573 RESERVED CVE-2021-39572 RESERVED CVE-2021-39571 RESERVED CVE-2021-39570 RESERVED CVE-2021-39569 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/114 CVE-2021-39568 RESERVED CVE-2021-39567 RESERVED CVE-2021-39566 RESERVED CVE-2021-39565 RESERVED CVE-2021-39564 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/116 CVE-2021-39563 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/115 CVE-2021-39562 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/98 CVE-2021-39561 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/102 CVE-2021-39560 RESERVED CVE-2021-39559 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/101 CVE-2021-39558 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/106 CVE-2021-39557 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/97 CVE-2021-39556 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/105 CVE-2021-39555 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/99 CVE-2021-39554 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/100 CVE-2021-39553 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/103 CVE-2021-39552 (An issue was discovered in sela through 20200412. file::WavFile::readF ...) NOT-FOR-US: sela CVE-2021-39551 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) NOT-FOR-US: sela CVE-2021-39550 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) NOT-FOR-US: sela CVE-2021-39549 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39548 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39547 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39546 (An issue was discovered in sela through 20200412. rice::RiceDecoder::p ...) NOT-FOR-US: sela CVE-2021-39545 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39544 (An issue was discovered in sela through 20200412. file::WavFile::write ...) NOT-FOR-US: sela CVE-2021-39543 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39542 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39541 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39540 (An issue was discovered in pdftools through 20200714. A stack-buffer-o ...) NOT-FOR-US: pdftools CVE-2021-39539 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39538 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39537 (An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...) - ncurses (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html NOTE: Negligible security impact CVE-2021-39536 (An issue was discovered in libxsmm through v1.16.1-93. The JIT code ha ...) - libxsmm (bug #996098) NOTE: https://github.com/hfp/libxsmm/issues/402 NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 NOTE: https://github.com/hfp/libxsmm/commit/c24027d07eef23411a56958e52afad5ee6db6393 CVE-2021-39535 (An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer ...) - libxsmm (bug #996098) NOTE: https://github.com/hfp/libxsmm/issues/398 NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 CVE-2021-39534 (An issue was discovered in libslax through v0.22.1. slaxIsCommentStart ...) - libslax (bug #766210) CVE-2021-39533 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) - libslax (bug #766210) CVE-2021-39532 (An issue was discovered in libslax through v0.22.1. A NULL pointer der ...) - libslax (bug #766210) CVE-2021-39531 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) - libslax (bug #766210) CVE-2021-39530 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen ...) - libredwg (bug #595191) CVE-2021-39529 RESERVED CVE-2021-39528 (An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MAT ...) - libredwg (bug #595191) CVE-2021-39527 (An issue was discovered in libredwg through v0.10.1.3751. appinfo_priv ...) - libredwg (bug #595191) CVE-2021-39526 RESERVED CVE-2021-39525 (An issue was discovered in libredwg through v0.10.1.3751. bit_read_fix ...) - libredwg (bug #595191) CVE-2021-39524 RESERVED CVE-2021-39523 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) - libredwg (bug #595191) CVE-2021-39522 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len( ...) - libredwg (bug #595191) CVE-2021-39521 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) - libredwg (bug #595191) CVE-2021-39520 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/34 CVE-2021-39519 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/28 CVE-2021-39518 (An issue was discovered in libjpeg through 2020021. LineBuffer::FetchR ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/35 CVE-2021-39517 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/33 CVE-2021-39516 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/42 CVE-2021-39515 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/37 CVE-2021-39514 (An issue was discovered in libjpeg through 2020021. An uncaught floati ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/36 CVE-2021-39513 RESERVED CVE-2021-39512 RESERVED CVE-2021-39511 RESERVED CVE-2021-39510 (An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wirele ...) NOT-FOR-US: D-Link CVE-2021-39509 (An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B01 ...) NOT-FOR-US: D-Link CVE-2021-39508 RESERVED CVE-2021-39507 RESERVED CVE-2021-39506 RESERVED CVE-2021-39505 RESERVED CVE-2021-39504 RESERVED CVE-2021-39503 (PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is ...) NOT-FOR-US: PHPMyWind CVE-2021-39502 RESERVED CVE-2021-39501 (EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect ...) NOT-FOR-US: EyouCMS CVE-2021-39500 (Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of i ...) NOT-FOR-US: EyouCMS CVE-2021-39499 (A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouC ...) NOT-FOR-US: EyouCMS CVE-2021-39498 RESERVED CVE-2021-39497 (eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) NOT-FOR-US: EyouCMS CVE-2021-39496 (Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) NOT-FOR-US: EyouCMS CVE-2021-39495 RESERVED CVE-2021-39494 RESERVED CVE-2021-39493 RESERVED CVE-2021-39492 RESERVED CVE-2021-39491 RESERVED CVE-2021-39490 RESERVED CVE-2021-39489 RESERVED CVE-2021-39488 RESERVED CVE-2021-39487 RESERVED CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...) NOT-FOR-US: Gila CMS CVE-2021-39485 RESERVED CVE-2021-39484 RESERVED CVE-2021-39483 RESERVED CVE-2021-39482 RESERVED CVE-2021-39481 RESERVED CVE-2021-39480 RESERVED CVE-2021-39479 RESERVED CVE-2021-39478 RESERVED CVE-2021-39477 RESERVED CVE-2021-39476 RESERVED CVE-2021-39475 RESERVED CVE-2021-39474 RESERVED CVE-2021-39473 RESERVED CVE-2021-39472 RESERVED CVE-2021-39471 RESERVED CVE-2021-39470 RESERVED CVE-2021-39469 RESERVED CVE-2021-39468 RESERVED CVE-2021-39467 RESERVED CVE-2021-39466 RESERVED CVE-2021-39465 RESERVED CVE-2021-39464 RESERVED CVE-2021-39463 RESERVED CVE-2021-39462 RESERVED CVE-2021-39461 RESERVED CVE-2021-39460 RESERVED CVE-2021-39459 (Remote code execution in the modules component in Yakamara Media Redax ...) NOT-FOR-US: Yakamara Media Redaxo CMS CVE-2021-39458 (Triggering an error page of the import process in Yakamara Media Redax ...) NOT-FOR-US: Yakamara Media Redaxo CMS CVE-2021-39457 RESERVED CVE-2021-39456 RESERVED CVE-2021-39455 RESERVED CVE-2021-39454 RESERVED CVE-2021-39453 RESERVED CVE-2021-39452 RESERVED CVE-2021-39451 RESERVED CVE-2021-39450 RESERVED CVE-2021-39449 RESERVED CVE-2021-39448 RESERVED CVE-2021-39447 RESERVED CVE-2021-39446 RESERVED CVE-2021-39445 RESERVED CVE-2021-39444 RESERVED CVE-2021-39443 RESERVED CVE-2021-39442 RESERVED CVE-2021-39441 RESERVED CVE-2021-39440 RESERVED CVE-2021-39439 RESERVED CVE-2021-39438 RESERVED CVE-2021-39437 RESERVED CVE-2021-39436 RESERVED CVE-2021-39435 RESERVED CVE-2021-39434 RESERVED CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version BIQS IT B ...) NOT-FOR-US: BIQS IT Biqs-drive CVE-2021-39432 RESERVED CVE-2021-39431 RESERVED CVE-2021-39430 RESERVED CVE-2021-39429 RESERVED CVE-2021-39428 RESERVED CVE-2021-39427 RESERVED CVE-2021-39426 RESERVED CVE-2021-39425 RESERVED CVE-2021-39424 RESERVED CVE-2021-39423 RESERVED CVE-2021-39422 RESERVED CVE-2021-39421 RESERVED CVE-2021-39420 RESERVED CVE-2021-39419 RESERVED CVE-2021-39418 RESERVED CVE-2021-39417 RESERVED CVE-2021-39416 RESERVED CVE-2021-39415 RESERVED CVE-2021-39414 RESERVED CVE-2021-39413 RESERVED CVE-2021-39412 RESERVED CVE-2021-39411 RESERVED CVE-2021-39410 RESERVED CVE-2021-39409 RESERVED CVE-2021-39408 RESERVED CVE-2021-39407 RESERVED CVE-2021-39406 RESERVED CVE-2021-39405 RESERVED CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative user to sav ...) NOT-FOR-US: MaianAffiliate CVE-2021-39403 RESERVED CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...) NOT-FOR-US: MaianAffiliate CVE-2021-39401 RESERVED CVE-2021-39400 RESERVED CVE-2021-39399 RESERVED CVE-2021-39398 RESERVED CVE-2021-39397 RESERVED CVE-2021-39396 RESERVED CVE-2021-39395 RESERVED CVE-2021-39394 RESERVED CVE-2021-39393 RESERVED CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...) NOT-FOR-US: MyLittleBackup CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...) NOT-FOR-US: Beego CVE-2021-39390 RESERVED CVE-2021-39389 RESERVED CVE-2021-39388 RESERVED CVE-2021-39387 RESERVED CVE-2021-39386 RESERVED CVE-2021-39385 RESERVED CVE-2021-39384 RESERVED CVE-2021-39383 RESERVED CVE-2021-39382 RESERVED CVE-2021-39381 RESERVED CVE-2021-39380 RESERVED CVE-2021-39379 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) NOT-FOR-US: openSIS CVE-2021-39378 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) NOT-FOR-US: openSIS CVE-2021-39377 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) NOT-FOR-US: openSIS CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) CVE-2021-39374 RESERVED CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers t ...) NOT-FOR-US: Samsung CVE-2021-39372 RESERVED CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an ...) {DLA-2754-1} - pywps 4.5.0-1 [bullseye] - pywps (Minor issue) [buster] - pywps (Minor issue) NOTE: https://github.com/geopython/OWSLib/issues/790 NOTE: https://github.com/geopython/pywps/pull/616 CVE-2021-39370 RESERVED CVE-2021-39369 RESERVED CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...) NOT-FOR-US: Canon Oce Print Exec Workgroup CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. ...) NOT-FOR-US: Canon Oce Print Exec Workgroup CVE-2021-39366 RESERVED CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...) {DSA-4964-1 DLA-2762-1} - grilo 0.3.13-1.1 (bug #992971) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146 CVE-2021-39364 RESERVED CVE-2021-39363 RESERVED CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...) NOT-FOR-US: ReCaptcha Solver CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable ...) - evolution-rss [bullseye] - evolution-rss (Minor issue) [buster] - evolution-rss (Minor issue) [stretch] - evolution-rss (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11 CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS ...) - libzapojit (bug #993538) [bullseye] - libzapojit (Minor issue) [buster] - libzapojit (Minor issue) [stretch] - libzapojit (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4 CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS ...) - libgda5 (bug #993592) [bullseye] - libgda5 (Minor issue) [buster] - libgda5 (Minor issue) [stretch] - libgda5 (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249 CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...) - gfbgraph (bug #993537) [bullseye] - gfbgraph (Minor issue) [buster] - gfbgraph (Minor issue) [stretch] - gfbgraph (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17 CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...) {DSA-4962-1} - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking CVE-2021-39357 RESERVED CVE-2021-39356 RESERVED CVE-2021-39355 RESERVED CVE-2021-39354 RESERVED CVE-2021-39353 RESERVED CVE-2021-39352 RESERVED CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...) NOT-FOR-US: WordPress plugin CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2021-39349 RESERVED CVE-2021-39348 RESERVED CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) NOT-FOR-US: WordPress plugin CVE-2021-39346 RESERVED CVE-2021-39345 RESERVED CVE-2021-39344 RESERVED CVE-2021-39343 RESERVED CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) NOT-FOR-US: WordPress plugin CVE-2021-39341 RESERVED CVE-2021-39340 RESERVED CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...) NOT-FOR-US: WordPress plugin CVE-2021-39338 RESERVED CVE-2021-39337 RESERVED CVE-2021-39336 RESERVED CVE-2021-39335 RESERVED CVE-2021-39334 RESERVED CVE-2021-39333 RESERVED CVE-2021-39332 RESERVED CVE-2021-39331 RESERVED CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2021-39329 RESERVED CVE-2021-39328 RESERVED CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) NOT-FOR-US: WordPress plugin CVE-2021-39326 RESERVED CVE-2021-39325 (The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2021-39324 RESERVED CVE-2021-39323 RESERVED CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the ...) NOT-FOR-US: WordPress plugin CVE-2021-39321 RESERVED CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the r ...) NOT-FOR-US: WordPress plugin CVE-2021-39319 RESERVED CVE-2021-39318 RESERVED CVE-2021-39317 (Versions up to, and including, 1.0.6, of the Access Demo Importer Word ...) NOT-FOR-US: WordPress plugin CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, ...) NOT-FOR-US: WordPress plugin CVE-2021-39315 RESERVED CVE-2021-39314 RESERVED CVE-2021-39313 RESERVED CVE-2021-39312 RESERVED CVE-2021-39311 RESERVED CVE-2021-39310 RESERVED CVE-2021-39309 RESERVED CVE-2021-39308 RESERVED CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...) NOT-FOR-US: PDFTron WebViewer UI CVE-2021-39306 RESERVED CVE-2021-39305 RESERVED CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...) NOT-FOR-US: Proofpoint CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-39303 RESERVED CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) NOT-FOR-US: MISP CVE-2021-39301 RESERVED CVE-2021-39300 RESERVED CVE-2021-39299 RESERVED CVE-2021-39298 RESERVED CVE-2021-39297 RESERVED CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...) NOT-FOR-US: OpenBMC CVE-2021-39295 RESERVED CVE-2021-3727 RESERVED CVE-2021-3726 RESERVED CVE-2021-3725 RESERVED CVE-2021-3724 RESERVED NOT-FOR-US: Red Hat Serverless CVE-2021-23161 RESERVED NOT-FOR-US: Red Hat Serverless CVE-2021-23156 RESERVED NOT-FOR-US: Red Hat Serverless CVE-2021-39294 RESERVED CVE-2021-39293 RESERVED - golang-1.17 1.17.1-1 - golang-1.16 1.16.8-1 - golang-1.15 1.15.15-2 - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/47801 NOTE: https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1) NOTE: https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8) CVE-2021-39292 RESERVED CVE-2021-3723 RESERVED CVE-2021-3722 RESERVED CVE-2021-3721 RESERVED CVE-2021-3720 RESERVED CVE-2021-3719 RESERVED CVE-2021-3718 RESERVED CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...) NOT-FOR-US: NetModule devices CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...) NOT-FOR-US: NetModule devices CVE-2021-39289 (Certain NetModule devices have Insecure Password Handling (cleartext o ...) NOT-FOR-US: NetModule devices CVE-2021-39288 RESERVED CVE-2021-39287 RESERVED CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...) NOT-FOR-US: Webrecorder pywb CVE-2021-39285 (A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8 ...) NOT-FOR-US: Versa CVE-2021-39284 RESERVED CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html CVE-2021-39281 RESERVED CVE-2021-39280 RESERVED CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...) NOT-FOR-US: MOXA CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...) NOT-FOR-US: MOXA CVE-2021-39277 RESERVED CVE-2021-39276 RESERVED CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...) {DSA-4982-1 DLA-2776-1} - apache2 2.4.49-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275 NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk) NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62 (trunk) NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk) NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x) NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x) CVE-2021-3717 RESERVED - wildfly (bug #752018) CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...) NOT-FOR-US: XeroSecurity Sn1per CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) ...) NOT-FOR-US: XeroSecurity Sn1per CVE-2021-39272 (Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption i ...) - fetchmail 6.4.22-1 (bug #993163) [bullseye] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) [buster] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) [stretch] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt CVE-2021-39271 (OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code ex ...) NOT-FOR-US: OrbiTeam BSCW Classic CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...) NOT-FOR-US: Ping Identity RSA SecurID Integration Kit CVE-2021-39269 RESERVED CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) NOT-FOR-US: SuiteCRM CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) NOT-FOR-US: SuiteCRM CVE-2021-39266 RESERVED CVE-2021-39265 RESERVED CVE-2021-39264 RESERVED CVE-2021-39263 (A crafted NTFS image can trigger a heap-based buffer overflow, caused ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39262 (A crafted NTFS image can cause an out-of-bounds access in ntfs_decompr ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39261 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_co ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39260 (A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_s ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39259 (A crafted NTFS image can trigger an out-of-bounds access, caused by an ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39258 (A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find a ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39257 (A crafted NTFS image with an unallocated bitmap can lead to a endless ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39256 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_in ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39255 (A crafted NTFS image can trigger an out-of-bounds read, caused by an i ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39254 (A crafted NTFS image can cause an integer overflow in memmove, leading ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39253 (A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_ ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39252 (A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39251 (A crafted NTFS image can cause a NULL pointer dereference in ntfs_exte ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) NOT-FOR-US: Invision Community CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) NOT-FOR-US: Invision Community CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...) NOT-FOR-US: Open edX CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...) - zint (Introduced and fixed between 2.9.1 and 2.10.0) NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/ NOTE: https://sourceforge.net/p/zint/tickets/232/ NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/ CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlatio ...) NOT-FOR-US: Tor Browser CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS] RESERVED - nbdkit 1.26.5-1 [bullseye] - nbdkit (Minor issue) [buster] - nbdkit (Vulnerable code introduced later) [stretch] - nbdkit (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8) NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html CVE-2021-3715 RESERVED - linux 5.5.17-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2021/09/07/1 NOTE: https://git.kernel.org/linus/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 (5.6) CVE-2021-3714 RESERVED CVE-2021-39245 (Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, ...) NOT-FOR-US: Altus CVE-2021-39244 (Authenticated Semi-Blind Command Injection (via Parameter Injection) e ...) NOT-FOR-US: Altus CVE-2021-39243 (Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, ...) NOT-FOR-US: Altus CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) {DSA-4960-1} - haproxy 2.2.16-1 [buster] - haproxy (Vulnerable code introduced later) [stretch] - haproxy (Vulnerable code introduced later) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1 CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...) {DSA-4960-1} - haproxy 2.2.16-1 [buster] - haproxy (Vulnerable code introduced later) [stretch] - haproxy (Vulnerable code introduced later) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=89265224d314a056d77d974284802c1b8a0dc97f CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) {DSA-4960-1} - haproxy 2.2.16-1 [buster] - haproxy (Vulnerable code introduced later) [stretch] - haproxy (Vulnerable code introduced later) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8 CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...) NOT-FOR-US: Apache Jena CVE-2021-39238 RESERVED CVE-2021-39237 RESERVED CVE-2021-39236 RESERVED CVE-2021-39235 RESERVED CVE-2021-39234 RESERVED CVE-2021-39233 RESERVED CVE-2021-39232 RESERVED CVE-2021-39231 RESERVED CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...) {DSA-4980-1 DLA-2753-1} - qemu 1:6.1+dfsg-2 (bug #992727) [buster] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640 CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...) NOT-FOR-US: Butter CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...) NOT-FOR-US: Apprise CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...) NOT-FOR-US: Tremor event processing (different from Vorbis Tremor) CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...) NOT-FOR-US: ZRender CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...) - grafana CVE-2021-39225 RESERVED CVE-2021-39224 RESERVED CVE-2021-39223 RESERVED CVE-2021-39222 RESERVED CVE-2021-39221 RESERVED CVE-2021-39220 RESERVED CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...) NOT-FOR-US: wasmtime CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) NOT-FOR-US: wasmtime CVE-2021-39217 RESERVED CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) NOT-FOR-US: wasmtime CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...) - jitsi-meet (bug #760485) CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) - mitmproxy (bug #994570) [bullseye] - mitmproxy (Minor issue) [buster] - mitmproxy (Minor issue) [stretch] - mitmproxy (Minor issue) NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777 NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...) - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39210 (GLPI is a free Asset and IT management software package. In versions p ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2 NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39209 (GLPI is a free Asset and IT management software package. In versions p ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...) NOT-FOR-US: SharpCompress CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...) NOT-FOR-US: Facebook ParlAI CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) NOT-FOR-US: Pomerium CVE-2021-39205 (Jitsi Meet is an open source video conferencing application. Versions ...) - jitsi-meet (bug #760485) CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) NOT-FOR-US: Pomerium CVE-2021-39203 (WordPress is a free and open-source content management system written ...) - wordpress (Only affects 5.8 beta 1; vulnerable code introduced later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6 CVE-2021-39202 (WordPress is a free and open-source content management system written ...) - wordpress (Vulnerable code introduced later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 CVE-2021-39201 (WordPress is a free and open-source content management system written ...) {DSA-4985-1} - wordpress 5.8.1+dfsg1-1 (bug #994059) [stretch] - wordpress (Vulnerable code added later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v CVE-2021-39200 (WordPress is a free and open-source content management system written ...) - wordpress 5.8.1+dfsg1-1 (bug #994060) [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1 [buster] - wordpress (Vulnerable code introduced later in 5.2) [stretch] - wordpress (Vulnerable code added later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5 CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...) NOT-FOR-US: Node remark-html CVE-2021-39198 RESERVED CVE-2021-39197 (better_errors is an open source replacement for the standard Rails err ...) - ruby-better-errors (bug #739168) CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In affected ...) NOT-FOR-US: pcapture CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...) NOT-FOR-US: Misskey CVE-2021-39194 (kaml is an open source implementation of the YAML format with support ...) NOT-FOR-US: kaml CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) NOT-FOR-US: Frontier CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...) NOT-FOR-US: Ghost CMS CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648) [bullseye] - libapache2-mod-auth-openidc (Minor issue; can be fixed via point release) [buster] - libapache2-mod-auth-openidc (Minor issue; can be fixed via point release) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672 CVE-2021-39190 RESERVED CVE-2021-39189 (Pimcore is an open source data & experience management platform. I ...) NOT-FOR-US: Pimcore CVE-2021-39188 RESERVED CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior ...) NOT-FOR-US: Miraheze CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...) NOT-FOR-US: Https4s CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...) - electron (bug #842420) CVE-2021-39183 RESERVED CVE-2021-39182 RESERVED CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...) NOT-FOR-US: OpenOlat CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) NOT-FOR-US: OpenOLAT CVE-2021-39179 RESERVED CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) NOT-FOR-US: next.js CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) NOT-FOR-US: geyser CVE-2021-39176 (detect-character-encoding is a package for detecting character encodin ...) NOT-FOR-US: detect-character-encoding NOTE: NPM addon - https://github.com/sonicdoe/detect-character-encoding CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...) NOT-FOR-US: hedgedoc CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) - cachet (bug #851177) CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.5.1 au ...) - cachet (bug #851177) CVE-2021-39172 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) - cachet (bug #851177) CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...) NOT-FOR-US: Node passport-saml CVE-2021-39170 (Pimcore is an open source data & experience management platform. P ...) NOT-FOR-US: Pimcore CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...) NOT-FOR-US: Misskey CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...) NOT-FOR-US: OpenZeppelin CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...) NOT-FOR-US: OpenZeppelin CVE-2021-39166 (Pimcore is an open source data & experience management platform. P ...) NOT-FOR-US: Pimcore CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and includi ...) - cachet (bug #851177) CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) - matrix-synapse 1.41.1-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) - matrix-synapse 1.41.1-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2 NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) NOT-FOR-US: Pomerium CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...) NOT-FOR-US: nbgitpuller CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...) NOT-FOR-US: BinderHub CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...) NOT-FOR-US: NVCaffe CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...) NOT-FOR-US: detect-character-encoding CVE-2021-39156 (Istio is an open source platform for providing a uniform way to integr ...) NOT-FOR-US: Istio CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...) NOT-FOR-US: Istio CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 NOTE: https://x-stream.github.io/CVE-2021-39154.html CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v NOTE: https://x-stream.github.io/CVE-2021-39153.html CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2 NOTE: https://x-stream.github.io/CVE-2021-39152.html CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4 NOTE: https://x-stream.github.io/CVE-2021-39151.html CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp NOTE: https://x-stream.github.io/CVE-2021-39150.html CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x NOTE: https://x-stream.github.io/CVE-2021-39149.html CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2 NOTE: https://x-stream.github.io/CVE-2021-39148.html CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc NOTE: https://x-stream.github.io/CVE-2021-39147.html CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f NOTE: https://x-stream.github.io/CVE-2021-39146.html CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v NOTE: https://x-stream.github.io/CVE-2021-39145.html CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh NOTE: https://x-stream.github.io/CVE-2021-39144.html CVE-2021-39143 RESERVED CVE-2021-39142 RESERVED CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2 NOTE: https://x-stream.github.io/CVE-2021-39141.html CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc NOTE: https://x-stream.github.io/CVE-2021-39140.html CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - libxstream-java 1.4.18-1 NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44 NOTE: https://x-stream.github.io/CVE-2021-39139.html CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...) NOT-FOR-US: go-ethereum CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...) NOT-FOR-US: baserCMS CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) [experimental] - npm 7.24.0+ds-1 - npm 7.24.0+ds-2 (bug #993405) [bullseye] - npm (Minor issue) [buster] - npm (Minor issue) NOTE: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2 CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) [experimental] - npm 7.24.0+ds-1 - npm 7.24.0+ds-2 (bug #993407) [bullseye] - npm (Minor issue) [buster] - npm (Minor issue) NOTE: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2021-39132 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2021-39131 (ced detects character encoding using Google’s compact_enc_det li ...) NOT-FOR-US: Node ced CVE-2021-39130 RESERVED CVE-2021-39129 RESERVED CVE-2021-39128 (Affected versions of Atlassian Jira Server or Data Center using the Ji ...) NOT-FOR-US: Atlassian CVE-2021-39127 RESERVED CVE-2021-39126 RESERVED CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassi ...) NOT-FOR-US: Atlassian CVE-2021-39123 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian CVE-2021-39120 RESERVED CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...) NOT-FOR-US: Atlassian CVE-2021-39118 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-39114 RESERVED CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center before vers ...) NOT-FOR-US: Atlassian CVE-2021-39110 RESERVED CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard before versio ...) NOT-FOR-US: Atlassian CVE-2021-39108 RESERVED CVE-2021-39107 RESERVED CVE-2021-39106 RESERVED CVE-2021-39105 RESERVED CVE-2021-39104 RESERVED CVE-2021-39103 RESERVED CVE-2021-39102 RESERVED CVE-2021-39101 RESERVED CVE-2021-39100 RESERVED CVE-2021-39099 RESERVED CVE-2021-39098 RESERVED CVE-2021-39097 RESERVED CVE-2021-39096 RESERVED CVE-2021-39095 RESERVED CVE-2021-39094 RESERVED CVE-2021-39093 RESERVED CVE-2021-39092 RESERVED CVE-2021-39091 RESERVED CVE-2021-39090 RESERVED CVE-2021-39089 RESERVED CVE-2021-39088 RESERVED CVE-2021-39087 RESERVED CVE-2021-39086 RESERVED CVE-2021-39085 RESERVED CVE-2021-39084 RESERVED CVE-2021-39083 RESERVED CVE-2021-39082 RESERVED CVE-2021-39081 RESERVED CVE-2021-39080 RESERVED CVE-2021-39079 RESERVED CVE-2021-39078 RESERVED CVE-2021-39077 RESERVED CVE-2021-39076 RESERVED CVE-2021-39075 RESERVED CVE-2021-39074 RESERVED CVE-2021-39073 RESERVED CVE-2021-39072 RESERVED CVE-2021-39071 RESERVED CVE-2021-39070 RESERVED CVE-2021-39069 RESERVED CVE-2021-39068 RESERVED CVE-2021-39067 RESERVED CVE-2021-39066 RESERVED CVE-2021-39065 RESERVED CVE-2021-39064 RESERVED CVE-2021-39063 RESERVED CVE-2021-39062 RESERVED CVE-2021-39061 RESERVED CVE-2021-39060 RESERVED CVE-2021-39059 RESERVED CVE-2021-39058 RESERVED CVE-2021-39057 RESERVED CVE-2021-39056 RESERVED CVE-2021-39055 RESERVED CVE-2021-39054 RESERVED CVE-2021-39053 RESERVED CVE-2021-39052 RESERVED CVE-2021-39051 RESERVED CVE-2021-39050 RESERVED CVE-2021-39049 RESERVED CVE-2021-39048 RESERVED CVE-2021-39047 RESERVED CVE-2021-39046 RESERVED CVE-2021-39045 RESERVED CVE-2021-39044 RESERVED CVE-2021-39043 RESERVED CVE-2021-39042 RESERVED CVE-2021-39041 RESERVED CVE-2021-39040 RESERVED CVE-2021-39039 RESERVED CVE-2021-39038 RESERVED CVE-2021-39037 RESERVED CVE-2021-39036 RESERVED CVE-2021-39035 RESERVED CVE-2021-39034 RESERVED CVE-2021-39033 RESERVED CVE-2021-39032 RESERVED CVE-2021-39031 RESERVED CVE-2021-39030 RESERVED CVE-2021-39029 RESERVED CVE-2021-39028 RESERVED CVE-2021-39027 RESERVED CVE-2021-39026 RESERVED CVE-2021-39025 RESERVED CVE-2021-39024 RESERVED CVE-2021-39023 RESERVED CVE-2021-39022 RESERVED CVE-2021-39021 RESERVED CVE-2021-39020 RESERVED CVE-2021-39019 RESERVED CVE-2021-39018 RESERVED CVE-2021-39017 RESERVED CVE-2021-39016 RESERVED CVE-2021-39015 RESERVED CVE-2021-39014 RESERVED CVE-2021-39013 RESERVED CVE-2021-39012 RESERVED CVE-2021-39011 RESERVED CVE-2021-39010 RESERVED CVE-2021-39009 RESERVED CVE-2021-39008 RESERVED CVE-2021-39007 RESERVED CVE-2021-39006 RESERVED CVE-2021-39005 RESERVED CVE-2021-39004 RESERVED CVE-2021-39003 RESERVED CVE-2021-39002 RESERVED CVE-2021-39001 RESERVED CVE-2021-39000 RESERVED CVE-2021-38999 RESERVED CVE-2021-38998 RESERVED CVE-2021-38997 RESERVED CVE-2021-38996 RESERVED CVE-2021-38995 RESERVED CVE-2021-38994 RESERVED CVE-2021-38993 RESERVED CVE-2021-38992 RESERVED CVE-2021-38991 RESERVED CVE-2021-38990 RESERVED CVE-2021-38989 RESERVED CVE-2021-38988 RESERVED CVE-2021-38987 RESERVED CVE-2021-38986 RESERVED CVE-2021-38985 RESERVED CVE-2021-38984 RESERVED CVE-2021-38983 RESERVED CVE-2021-38982 RESERVED CVE-2021-38981 RESERVED CVE-2021-38980 RESERVED CVE-2021-38979 RESERVED CVE-2021-38978 RESERVED CVE-2021-38977 RESERVED CVE-2021-38976 RESERVED CVE-2021-38975 RESERVED CVE-2021-38974 RESERVED CVE-2021-38973 RESERVED CVE-2021-38972 RESERVED CVE-2021-38971 RESERVED CVE-2021-38970 RESERVED CVE-2021-38969 RESERVED CVE-2021-38968 RESERVED CVE-2021-38967 RESERVED CVE-2021-38966 RESERVED CVE-2021-38965 RESERVED CVE-2021-38964 RESERVED CVE-2021-38963 RESERVED CVE-2021-38962 RESERVED CVE-2021-38961 RESERVED CVE-2021-38960 RESERVED CVE-2021-38959 RESERVED CVE-2021-38958 RESERVED CVE-2021-38957 RESERVED CVE-2021-38956 RESERVED CVE-2021-38955 RESERVED CVE-2021-38954 RESERVED CVE-2021-38953 RESERVED CVE-2021-38952 RESERVED CVE-2021-38951 RESERVED CVE-2021-38950 RESERVED CVE-2021-38949 RESERVED CVE-2021-38948 RESERVED CVE-2021-38947 RESERVED CVE-2021-38946 RESERVED CVE-2021-38945 RESERVED CVE-2021-38944 RESERVED CVE-2021-38943 RESERVED CVE-2021-38942 RESERVED CVE-2021-38941 RESERVED CVE-2021-38940 RESERVED CVE-2021-38939 RESERVED CVE-2021-38938 RESERVED CVE-2021-38937 RESERVED CVE-2021-38936 RESERVED CVE-2021-38935 RESERVED CVE-2021-38934 RESERVED CVE-2021-38933 RESERVED CVE-2021-38932 RESERVED CVE-2021-38931 RESERVED CVE-2021-38930 RESERVED CVE-2021-38929 RESERVED CVE-2021-38928 RESERVED CVE-2021-38927 RESERVED CVE-2021-38926 RESERVED CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...) NOT-FOR-US: IBM CVE-2021-38924 RESERVED CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain ac ...) NOT-FOR-US: IBM CVE-2021-38922 RESERVED CVE-2021-38921 RESERVED CVE-2021-38920 RESERVED CVE-2021-38919 RESERVED CVE-2021-38918 RESERVED CVE-2021-38917 RESERVED CVE-2021-38916 RESERVED CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...) NOT-FOR-US: IBM CVE-2021-38914 RESERVED CVE-2021-38913 RESERVED CVE-2021-38912 RESERVED CVE-2021-38911 RESERVED CVE-2021-38910 RESERVED CVE-2021-38909 RESERVED CVE-2021-38908 RESERVED CVE-2021-38907 RESERVED CVE-2021-38906 RESERVED CVE-2021-38905 RESERVED CVE-2021-38904 RESERVED CVE-2021-38903 RESERVED CVE-2021-38902 RESERVED CVE-2021-38901 RESERVED CVE-2021-38900 RESERVED CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with special privi ...) NOT-FOR-US: IBM CVE-2021-38898 RESERVED CVE-2021-38897 RESERVED CVE-2021-38896 RESERVED CVE-2021-38895 RESERVED CVE-2021-38894 RESERVED CVE-2021-38893 RESERVED CVE-2021-38892 RESERVED CVE-2021-38891 RESERVED CVE-2021-38890 RESERVED CVE-2021-38889 RESERVED CVE-2021-38888 RESERVED CVE-2021-38887 RESERVED CVE-2021-38886 RESERVED CVE-2021-38885 RESERVED CVE-2021-38884 RESERVED CVE-2021-38883 RESERVED CVE-2021-38882 RESERVED CVE-2021-38881 RESERVED CVE-2021-38880 RESERVED CVE-2021-38879 RESERVED CVE-2021-38878 RESERVED CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) NOT-FOR-US: IBM CVE-2021-38876 RESERVED CVE-2021-38875 RESERVED CVE-2021-38874 RESERVED CVE-2021-38873 RESERVED CVE-2021-38872 RESERVED CVE-2021-38871 RESERVED CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2021-38869 RESERVED CVE-2021-38868 RESERVED CVE-2021-38867 RESERVED CVE-2021-38866 RESERVED CVE-2021-38865 RESERVED CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...) NOT-FOR-US: IBM CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) NOT-FOR-US: IBM CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2021-38861 RESERVED CVE-2021-38860 RESERVED CVE-2021-38859 RESERVED CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...) {DSA-4963-1 DLA-2774-1 DLA-2766-1} - openssl 1.1.1l-1 - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20210824.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=174ba8048a7f2f5e1fca31cfb93b1730d9db8300 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f54e57406ca17731b9ade3afd561d3c652e07f2 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23446958685a593d4d9434475734b99138902ed2 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8393de42498f8be75cf0353f5c9f906a43a748d2 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4de66925203ca99189c842136ec4a623137ea447 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bb4d2ed4091408404e18b3326e3df67848ef63d0 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8c74c9d1ade0fbdab5b815ddb747351b8b839641 (OpenSSL_1_1_1l) CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...) {DSA-4963-1} - openssl 1.1.1l-1 [stretch] - openssl (support for SM2 decryption added in 1.1.1-pre3) - openssl1.0 (Vulnerability does not affect 1.0.2 series) NOTE: https://www.openssl.org/news/secadv/20210824.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=515ac8b5e544dd713a2b4cabfc54b722d122c218 (OpenSSL_1_1_1l) CVE-2021-38858 RESERVED CVE-2021-38857 RESERVED CVE-2021-38856 RESERVED CVE-2021-38855 RESERVED CVE-2021-38854 RESERVED CVE-2021-38853 RESERVED CVE-2021-38852 RESERVED CVE-2021-38851 RESERVED CVE-2021-38850 RESERVED CVE-2021-38849 RESERVED CVE-2021-38848 RESERVED CVE-2021-38847 RESERVED CVE-2021-38846 RESERVED CVE-2021-38845 RESERVED CVE-2021-38844 RESERVED CVE-2021-38843 RESERVED CVE-2021-38842 RESERVED CVE-2021-38841 (Remote Code Execution can occur in Simple Water Refilling Station Mana ...) NOT-FOR-US: Simple Water Refilling Station Management System CVE-2021-38840 (SQL Injection can occur in Simple Water Refilling Station Management S ...) NOT-FOR-US: Simple Water Refilling Station Management System CVE-2021-38839 RESERVED CVE-2021-38838 RESERVED CVE-2021-38837 RESERVED CVE-2021-38836 RESERVED CVE-2021-38835 RESERVED CVE-2021-38834 RESERVED CVE-2021-38833 (SQL injection vulnerability in PHPGurukul Apartment Visitors Managemen ...) NOT-FOR-US: PHPGurukul Apartment Visitors Management System (AVMS) CVE-2021-38832 RESERVED CVE-2021-38831 RESERVED CVE-2021-38830 RESERVED CVE-2021-38829 RESERVED CVE-2021-38828 RESERVED CVE-2021-38827 RESERVED CVE-2021-38826 RESERVED CVE-2021-38825 RESERVED CVE-2021-38824 RESERVED CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...) NOT-FOR-US: IceHrm CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload ...) NOT-FOR-US: IceHrm CVE-2021-38821 RESERVED CVE-2021-38820 RESERVED CVE-2021-38819 RESERVED CVE-2021-38818 RESERVED CVE-2021-38817 RESERVED CVE-2021-38816 RESERVED CVE-2021-38815 RESERVED CVE-2021-38814 RESERVED CVE-2021-38813 RESERVED CVE-2021-38812 RESERVED CVE-2021-38811 RESERVED CVE-2021-38810 RESERVED CVE-2021-38809 RESERVED CVE-2021-38808 RESERVED CVE-2021-38807 RESERVED CVE-2021-38806 RESERVED CVE-2021-38805 RESERVED CVE-2021-38804 RESERVED CVE-2021-38803 RESERVED CVE-2021-38802 RESERVED CVE-2021-38801 RESERVED CVE-2021-38800 RESERVED CVE-2021-38799 RESERVED CVE-2021-38798 RESERVED CVE-2021-38797 RESERVED CVE-2021-38796 RESERVED CVE-2021-38795 RESERVED CVE-2021-38794 RESERVED CVE-2021-38793 RESERVED CVE-2021-38792 RESERVED CVE-2021-38791 RESERVED CVE-2021-38790 RESERVED CVE-2021-38789 RESERVED CVE-2021-38788 RESERVED CVE-2021-38787 RESERVED CVE-2021-38786 RESERVED CVE-2021-38785 RESERVED CVE-2021-38784 RESERVED CVE-2021-38783 RESERVED CVE-2021-38782 RESERVED CVE-2021-38781 RESERVED CVE-2021-38780 RESERVED CVE-2021-38779 RESERVED CVE-2021-38778 RESERVED CVE-2021-38777 RESERVED CVE-2021-38776 RESERVED CVE-2021-38775 RESERVED CVE-2021-38774 RESERVED CVE-2021-38773 RESERVED CVE-2021-38772 RESERVED CVE-2021-38771 RESERVED CVE-2021-38770 RESERVED CVE-2021-38769 RESERVED CVE-2021-38768 RESERVED CVE-2021-38767 RESERVED CVE-2021-38766 RESERVED CVE-2021-38765 RESERVED CVE-2021-38764 RESERVED CVE-2021-38763 RESERVED CVE-2021-38762 RESERVED CVE-2021-38761 RESERVED CVE-2021-38760 RESERVED CVE-2021-38759 RESERVED CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...) NOT-FOR-US: Directory traversal in Online Catering Reservation System CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) NOT-FOR-US: Hospital Management System CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) NOT-FOR-US: Hospital Management System CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management System in ...) NOT-FOR-US: Hospital Management System CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due to lack ...) NOT-FOR-US: Hospital Management System CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App can be exp ...) NOT-FOR-US: Simple Image Gallery Web App CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering Reservat ...) NOT-FOR-US: Online Catering Reservation System CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below in /expo ...) NOT-FOR-US: ExponentCMS CVE-2021-38750 RESERVED CVE-2021-38749 RESERVED CVE-2021-38748 RESERVED CVE-2021-38747 RESERVED CVE-2021-38746 RESERVED CVE-2021-38745 RESERVED CVE-2021-38744 RESERVED CVE-2021-38743 RESERVED CVE-2021-38742 RESERVED CVE-2021-38741 RESERVED CVE-2021-38740 RESERVED CVE-2021-38739 RESERVED CVE-2021-38738 RESERVED CVE-2021-38737 RESERVED CVE-2021-38736 RESERVED CVE-2021-38735 RESERVED CVE-2021-38734 RESERVED CVE-2021-38733 RESERVED CVE-2021-38732 RESERVED CVE-2021-38731 RESERVED CVE-2021-38730 RESERVED CVE-2021-38729 RESERVED CVE-2021-38728 RESERVED CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) NOT-FOR-US: FUEL CMS CVE-2021-38726 RESERVED CVE-2021-38725 (Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/co ...) NOT-FOR-US: FUEL CMS CVE-2021-38724 RESERVED CVE-2021-38723 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) NOT-FOR-US: FUEL CMS CVE-2021-38722 RESERVED CVE-2021-38721 (FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) ...) NOT-FOR-US: FUEL CMS CVE-2021-38720 RESERVED CVE-2021-38719 RESERVED CVE-2021-38718 RESERVED CVE-2021-38717 RESERVED CVE-2021-38716 RESERVED CVE-2021-38715 RESERVED CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...) {DLA-2775-1} - plib 1.8.5-10 (bug #992973) [bullseye] - plib (Minor issue) [buster] - plib (Minor issue) NOTE: https://sourceforge.net/p/plib/bugs/55/ CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...) NOT-FOR-US: imgURL CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...) NOT-FOR-US: OneNav CVE-2021-38710 (** DISPUTED ** Static (Persistent) XSS Vulnerability exists in version ...) NOT-FOR-US: Yclas CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) NOT-FOR-US: ocProducts Composr CMS CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) NOT-FOR-US: ocProducts Composr CMS CVE-2021-3710 (An information disclosure via path traversal was discovered in apport/ ...) NOT-FOR-US: Apport CVE-2021-3709 (Function check_attachment_for_errors() in file data/general-hooks/ubun ...) NOT-FOR-US: Apport CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to leak ...) - gitit (bug #992297) [bullseye] - gitit (Minor issue) [buster] - gitit (Minor issue) [stretch] - gitit (Minor issue) NOTE: https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8 CVE-2021-38707 (Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7 ...) NOT-FOR-US: ClinicCases CVE-2021-38706 (messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL inject ...) NOT-FOR-US: ClinicCases CVE-2021-38705 (ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A ...) NOT-FOR-US: ClinicCases CVE-2021-38704 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Clini ...) NOT-FOR-US: ClinicCases CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...) NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) NOT-FOR-US: D-Link CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) NOT-FOR-US: D-Link CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...) NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices CVE-2021-38701 RESERVED CVE-2021-38700 RESERVED CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...) NOT-FOR-US: TastyIgniter CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...) - consul NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) CVE-2021-38697 RESERVED CVE-2021-38696 RESERVED CVE-2021-38695 RESERVED CVE-2021-38694 RESERVED CVE-2021-38693 RESERVED CVE-2021-38692 RESERVED CVE-2021-38691 RESERVED CVE-2021-38690 RESERVED CVE-2021-38689 RESERVED CVE-2021-38688 RESERVED CVE-2021-38687 RESERVED CVE-2021-38686 RESERVED CVE-2021-38685 RESERVED CVE-2021-38684 RESERVED CVE-2021-38683 RESERVED CVE-2021-38682 RESERVED CVE-2021-38681 RESERVED CVE-2021-38680 RESERVED CVE-2021-38679 RESERVED CVE-2021-38678 RESERVED CVE-2021-38677 RESERVED CVE-2021-38676 RESERVED CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-38674 RESERVED CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...) NOT-FOR-US: adminlte CVE-2021-38673 RESERVED CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-38670 RESERVED CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38668 RESERVED CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-38666 RESERVED CVE-2021-38665 RESERVED CVE-2021-38664 RESERVED CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-38650 (Microsoft Office Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) NOT-FOR-US: Microsoft CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) NOT-FOR-US: Microsoft CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) NOT-FOR-US: Microsoft CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38643 RESERVED CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38640 RESERVED CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2021-38637 (Windows Storage Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38636 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) NOT-FOR-US: Microsoft CVE-2021-38635 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) NOT-FOR-US: Microsoft CVE-2021-38634 (Microsoft Windows Update Client Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38633 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38631 RESERVED CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...) NOT-FOR-US: Microsoft CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2021-38627 RESERVED CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...) NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3 CVE-2021-38622 RESERVED CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...) NOT-FOR-US: Agora Flat Server CVE-2021-38620 RESERVED CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) NOT-FOR-US: openBaraza HCM CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application ...) NOT-FOR-US: GFOS Workforce Management CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...) NOT-FOR-US: Eigen CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...) NOT-FOR-US: Eigen CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...) NOT-FOR-US: Eigen CVE-2021-3705 RESERVED CVE-2021-3704 RESERVED CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...) - polipo [buster] - polipo (Minor issue) [stretch] - polipo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2 CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...) NOT-FOR-US: NASCENT RemKon Device Manager CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...) NOT-FOR-US: NASCENT RemKon Device Manager CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the ...) NOT-FOR-US: NASCENT RemKon Device Manager CVE-2021-38610 RESERVED CVE-2021-38609 RESERVED CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.73 ...) NOT-FOR-US: Tranquil WAPT Enterprise CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated u ...) NOT-FOR-US: Crocoblock JetEngine CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...) NOT-FOR-US: reNgine CVE-2021-38605 RESERVED CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...) - glibc (Vulnerability introduced as side effect of the CVE-2021-33574 fix) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...) - pluxml [stretch] - pluxml (Minor issue) CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...) - pluxml [stretch] - pluxml (Minor issue) CVE-2021-38601 RESERVED CVE-2021-38600 RESERVED CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...) NOT-FOR-US: WAL-G CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows ...) - neutron 2:18.1.0-2 [bullseye] - neutron 2:17.2.1-0+deb11u1 [buster] - neutron (Minor issue, not backported to rocky branch) [stretch] - neutron (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/08/17/4 NOTE: https://launchpad.net/bugs/1938670 NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/ CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...) - wolfssl (bug #992174) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093 CVE-2021-38596 RESERVED CVE-2021-38595 RESERVED CVE-2021-38594 RESERVED CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::c ...) - qtbase-opensource-src (Vulnerable code introduced later) - qtbase-opensource-src-gles (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml NOTE: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 (6.1) NOTE: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd (6.2) NOTE: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c (dev) NOTE: Introduced by https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510 (6.0) CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...) NOT-FOR-US: Wasm3 CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...) NOT-FOR-US: LG mobile devices CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...) NOT-FOR-US: cPanel CVE-2021-38589 (In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly re ...) NOT-FOR-US: cPanel CVE-2021-38588 (In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the in ...) NOT-FOR-US: cPanel CVE-2021-38587 (In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creat ...) NOT-FOR-US: cPanel CVE-2021-38586 (In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operatio ...) NOT-FOR-US: cPanel CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows unseriali ...) NOT-FOR-US: cPanel CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...) NOT-FOR-US: cPanel CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) NOT-FOR-US: openBaraza HCM CVE-2021-38582 RESERVED CVE-2021-38581 RESERVED CVE-2021-38580 RESERVED CVE-2021-38579 RESERVED CVE-2021-38578 RESERVED CVE-2021-38577 RESERVED CVE-2021-38576 RESERVED CVE-2021-38575 [edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe] RESERVED - edk2 2021.08-1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) [stretch] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 NOTE: https://edk2.groups.io/g/devel/message/76198 NOTE: https://github.com/tianocore/edk2/pull/1698 CVE-2021-38574 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38573 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38572 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38571 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38570 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38569 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38568 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38567 (An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Read ...) NOT-FOR-US: Foxit CVE-2021-38566 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-38565 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-3703 RESERVED NOT-FOR-US: Red Hat Serverless CVE-2021-3702 RESERVED - ansible-runner (Vulnerable code introduced later) NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/0e9aa8a97e7832ef9a1553ef2908632a32d2b8c4 NOTE: Introduced in https://github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253 CVE-2021-3701 RESERVED - ansible-runner NOTE: https://github.com/ansible/ansible-runner/issues/738 NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89 CVE-2021-3700 RESERVED CVE-2021-38562 RESERVED - request-tracker5 (bug #995167) - request-tracker4 4.4.4+dfsg-3 (bug #995175) [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1 [buster] - request-tracker4 4.4.3-2+deb10u1 [stretch] - request-tracker4 (Minor issue) NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2) NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5) NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17) CVE-2021-38561 RESERVED CVE-2021-38560 RESERVED CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...) - hoteldruid [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) CVE-2021-38558 RESERVED CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...) NOT-FOR-US: RaspAP CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers to exec ...) NOT-FOR-US: RaspAP CVE-2021-38555 (An XML external entity (XXE) injection vulnerability was discovered in ...) NOT-FOR-US: Apache Any23 CVE-2021-38554 (HashiCorp Vault and Vault Enterprise’s UI erroneously cached and ...) NOT-FOR-US: HashiCorp Vault CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...) NOT-FOR-US: HashiCorp Vault CVE-2021-38552 RESERVED CVE-2021-38551 RESERVED CVE-2021-38550 RESERVED CVE-2021-38549 (MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific ...) NOT-FOR-US: MIRACASE MHUB500 USB splitters CVE-2021-38548 (JBL Go 2 devices through 2021-08-09 allow remote attackers to recover ...) NOT-FOR-US: JBL Go 2 devices CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote attack ...) NOT-FOR-US: Logitech CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...) NOT-FOR-US: CREATIVE Pebble devices CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...) NOT-FOR-US: Raspberry Pi hardware CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...) NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...) NOT-FOR-US: TP-Link CVE-2021-38542 RESERVED CVE-2021-38541 RESERVED CVE-2021-3699 RESERVED CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...) - rust-tar (bug #992173) [bullseye] - rust-tar (Minor issue) [buster] - rust-tar (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html NOTE: https://github.com/alexcrichton/tar-rs/issues/238 CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...) - airflow (bug #819700) CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) NOT-FOR-US: Netgear CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. ...) NOT-FOR-US: Netgear CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...) NOT-FOR-US: Netgear CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...) NOT-FOR-US: Netgear CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...) NOT-FOR-US: Rust crate actix-http CVE-2021-38510 RESERVED CVE-2021-38509 RESERVED CVE-2021-38508 RESERVED CVE-2021-38507 RESERVED CVE-2021-38506 RESERVED CVE-2021-38505 RESERVED CVE-2021-38504 RESERVED CVE-2021-38503 RESERVED CVE-2021-38502 RESERVED - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502 TODO: double check, it was only referenced in mfsa2021-47 but not mfsa2021-46, but issue is about attack on SMTP STARTTLS connections CVE-2021-38501 RESERVED - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501 CVE-2021-38500 RESERVED {DSA-4981-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500 CVE-2021-38499 RESERVED - firefox 93.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499 CVE-2021-38498 RESERVED - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498 CVE-2021-38497 RESERVED - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497 CVE-2021-38496 RESERVED {DSA-4981-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496 CVE-2021-38495 RESERVED - thunderbird (Vulnerable code introduced later) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495 CVE-2021-38494 RESERVED - firefox 92.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494 CVE-2021-38493 RESERVED {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1} - firefox 92.0-1 - firefox-esr 78.14.0esr-1 - thunderbird 1:78.14.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493 CVE-2021-38492 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492 CVE-2021-38491 RESERVED - firefox 92.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491 CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...) NOT-FOR-US: Altova MobileTogether Server CVE-2021-38489 RESERVED CVE-2021-38488 RESERVED CVE-2021-38487 RESERVED CVE-2021-38486 RESERVED CVE-2021-38485 RESERVED CVE-2021-38484 RESERVED CVE-2021-38483 RESERVED CVE-2021-38482 RESERVED CVE-2021-38481 RESERVED CVE-2021-38480 RESERVED CVE-2021-38479 RESERVED CVE-2021-38478 RESERVED CVE-2021-38477 RESERVED CVE-2021-38476 RESERVED CVE-2021-38475 RESERVED CVE-2021-38474 RESERVED CVE-2021-38473 RESERVED CVE-2021-38472 RESERVED CVE-2021-38471 RESERVED CVE-2021-38470 RESERVED CVE-2021-38469 RESERVED CVE-2021-38468 RESERVED CVE-2021-38467 RESERVED CVE-2021-38466 RESERVED CVE-2021-38465 RESERVED CVE-2021-38464 RESERVED CVE-2021-38463 RESERVED CVE-2021-38462 RESERVED CVE-2021-38461 RESERVED CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38459 RESERVED CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38457 RESERVED CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38455 RESERVED CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38453 RESERVED CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38451 RESERVED CVE-2021-38450 RESERVED CVE-2021-38449 RESERVED CVE-2021-38448 RESERVED CVE-2021-38447 RESERVED CVE-2021-38446 RESERVED CVE-2021-38445 RESERVED CVE-2021-38444 RESERVED CVE-2021-38443 RESERVED CVE-2021-38442 RESERVED CVE-2021-38441 RESERVED CVE-2021-38440 RESERVED CVE-2021-38439 RESERVED CVE-2021-38438 RESERVED CVE-2021-38437 RESERVED CVE-2021-38436 RESERVED CVE-2021-38435 RESERVED CVE-2021-38434 RESERVED CVE-2021-38433 RESERVED CVE-2021-38432 RESERVED CVE-2021-38431 RESERVED CVE-2021-38430 RESERVED CVE-2021-38429 RESERVED CVE-2021-38428 RESERVED CVE-2021-38427 RESERVED CVE-2021-38426 RESERVED CVE-2021-38425 RESERVED CVE-2021-38424 RESERVED CVE-2021-38423 RESERVED CVE-2021-38422 RESERVED CVE-2021-38421 RESERVED CVE-2021-38420 RESERVED CVE-2021-38419 RESERVED CVE-2021-38418 RESERVED CVE-2021-38417 RESERVED CVE-2021-38416 RESERVED CVE-2021-38415 RESERVED CVE-2021-38414 RESERVED CVE-2021-38413 RESERVED CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...) NOT-FOR-US: Digi PortServer TS CVE-2021-38411 RESERVED CVE-2021-38410 RESERVED CVE-2021-38409 RESERVED CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...) NOT-FOR-US: Advantech WebAccess CVE-2021-38407 RESERVED CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) NOT-FOR-US: Delta Electronic CVE-2021-38405 RESERVED CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) NOT-FOR-US: Delta Electronic CVE-2021-38403 RESERVED CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) NOT-FOR-US: Delta Electronic CVE-2021-38401 RESERVED CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...) NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120 CVE-2021-38399 RESERVED CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...) NOT-FOR-US: Boston Scientific CVE-2021-38397 RESERVED CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...) NOT-FOR-US: Boston Scientific CVE-2021-38395 RESERVED CVE-2021-38394 (An attacker with physical access to the device can extract the binary ...) NOT-FOR-US: Boston Scientific CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) NOT-FOR-US: Delta Electronics CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...) NOT-FOR-US: Boston Scientific CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...) NOT-FOR-US: Delta Electronics CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) NOT-FOR-US: Delta Electronics CVE-2021-38389 RESERVED CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...) NOT-FOR-US: Central Dogma CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...) NOT-FOR-US: Contiki CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...) NOT-FOR-US: Contiki CVE-2021-38385 (Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship ...) {DSA-4961-1} - tor 0.4.5.10-1 [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2062 NOTE: https://bugs.torproject.org/tpo/core/tor/40078 CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...) NOT-FOR-US: Serverless Offline CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_ ...) NOT-FOR-US: OwnTone CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06] CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] CVE-2021-38379 RESERVED CVE-2021-38378 RESERVED CVE-2021-38377 RESERVED CVE-2021-38376 RESERVED CVE-2021-38375 RESERVED CVE-2021-38374 RESERVED CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...) - kmail [bullseye] - kmail (Minor issue) [buster] - kmail (Minor issue) NOTE: https://bugs.kde.org/show_bug.cgi?id=423423 NOTE: https://nostarttls.secvuln.info CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...) - trojita (bug #795701) CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...) - exim4 (bug #992172) [bullseye] - exim4 (Minor issue) [buster] - exim4 (Minor issue) [stretch] - exim4 (Minor issue, revisit when fixed upstream) NOTE: https://nostarttls.secvuln.info NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...) - alpine 2.25+dfsg1-1 (bug #992171) [bullseye] - alpine (Minor issue) [buster] - alpine (Minor issue) [stretch] - alpine (Minor issue, revisit when/if fixed upstream) NOTE: https://nostarttls.secvuln.info CVE-2021-38369 RESERVED CVE-2021-38368 RESERVED CVE-2021-38367 RESERVED CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...) NOT-FOR-US: Sitecore CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...) NOT-FOR-US: Winner (aka ToneWinner) desktop speakers CVE-2021-3698 [authenticates with revoked certificates] RESERVED - cockpit [bullseye] - cockpit (Minor issue) [buster] - cockpit (Vulnerable code not present, introduced in 208) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149 CVE-2021-3697 RESERVED CVE-2021-3696 RESERVED CVE-2021-3695 RESERVED CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...) - opensysusers 0.6-3 (bug #992058) [bullseye] - opensysusers (Minor issue; if fixed upstream address via point release) CVE-2021-38364 RESERVED CVE-2021-38363 RESERVED CVE-2021-38362 RESERVED CVE-2021-38361 RESERVED CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...) NOT-FOR-US: WordPress plugin CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-38356 RESERVED CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...) NOT-FOR-US: WordPress plugin CVE-2021-38352 (The Feedify – Web Push Notifications WordPress plugin is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...) NOT-FOR-US: WordPress plugin CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authe ...) NOT-FOR-US: WordPress plugin CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incor ...) NOT-FOR-US: WordPress plugin CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...) NOT-FOR-US: WordPress plugin CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...) NOT-FOR-US: WordPress plugin CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...) NOT-FOR-US: WordPress plugin CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...) NOT-FOR-US: WordPress plugin CVE-2021-38334 (The WP Design Maps & Places WordPress plugin is vulnerable to Refl ...) NOT-FOR-US: WordPress plugin CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...) NOT-FOR-US: WordPress plugin CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2021-38323 (The RentPress WordPress plugin is vulnerable to Reflected Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2021-38322 (The Twitter Friends Widget WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38321 (The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-38320 (The simpleSAMLphp Authentication WordPress plugin is vulnerable to Ref ...) NOT-FOR-US: WordPress plugin CVE-2021-38319 (The More From Google WordPress plugin is vulnerable to Reflected Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-38318 (The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cros ...) NOT-FOR-US: WordPress plugin CVE-2021-38317 (The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38316 (The WP Academic People List WordPress plugin is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...) NOT-FOR-US: Gutenberg Template Library CVE-2021-38313 RESERVED CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...) NOT-FOR-US: Gutenberg Template Library CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...) NOT-FOR-US: Contiki CVE-2021-38310 RESERVED CVE-2021-38309 RESERVED CVE-2021-38308 RESERVED CVE-2021-38307 RESERVED CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...) NOT-FOR-US: LG CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...) NOT-FOR-US: 23andMe Yamale CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...) NOT-FOR-US: National Instruments NI-PAL driver CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...) NOT-FOR-US: Sureline SUREedge Migrator CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...) NOT-FOR-US: Newsletter extension for TYPO3 CVE-2021-38301 RESERVED CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [stretch] - linux (mips not supported in LTS) NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5 NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/ CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...) NOT-FOR-US: FIDO2/Webauthn Support for PHP CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-38297 RESERVED - golang-1.17 1.17.2-1 - golang-1.16 1.16.9-1 NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4 NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A NOTE: https://github.com/golang/go/issues/48797 TODO: check older branches CVE-2021-38296 RESERVED CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...) - couchdb CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...) {DSA-4962-1} - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3694-cross-site-scripting CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into the ...) {DSA-4962-1} - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) - yii (bug #597899) CVE-2021-38294 RESERVED CVE-2021-38293 RESERVED CVE-2021-38292 RESERVED CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...) - ffmpeg (unimportant) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1 NOTE: https://trac.ffmpeg.org/ticket/9312 NOTE: Negligible security impact CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...) NOT-FOR-US: FUEL CMS CVE-2021-38289 RESERVED CVE-2021-38288 RESERVED CVE-2021-38287 RESERVED CVE-2021-38286 RESERVED CVE-2021-38285 RESERVED CVE-2021-38284 RESERVED CVE-2021-38283 RESERVED CVE-2021-38282 RESERVED CVE-2021-38281 RESERVED CVE-2021-38280 RESERVED CVE-2021-38279 RESERVED CVE-2021-38278 RESERVED CVE-2021-38277 RESERVED CVE-2021-38276 RESERVED CVE-2021-38275 RESERVED CVE-2021-38274 RESERVED CVE-2021-38273 RESERVED CVE-2021-38272 RESERVED CVE-2021-38271 RESERVED CVE-2021-38270 RESERVED CVE-2021-38269 RESERVED CVE-2021-38268 RESERVED CVE-2021-38267 RESERVED CVE-2021-38266 RESERVED CVE-2021-38265 RESERVED CVE-2021-38264 RESERVED CVE-2021-38263 RESERVED CVE-2021-38262 RESERVED CVE-2021-38261 RESERVED CVE-2021-38260 RESERVED CVE-2021-38259 RESERVED CVE-2021-38258 RESERVED CVE-2021-38257 RESERVED CVE-2021-38256 RESERVED CVE-2021-38255 RESERVED CVE-2021-38254 RESERVED CVE-2021-38253 RESERVED CVE-2021-38252 RESERVED CVE-2021-38251 RESERVED CVE-2021-38250 RESERVED CVE-2021-38249 RESERVED CVE-2021-38248 RESERVED CVE-2021-38247 RESERVED CVE-2021-38246 RESERVED CVE-2021-38245 RESERVED CVE-2021-38244 RESERVED CVE-2021-38243 RESERVED CVE-2021-38242 RESERVED CVE-2021-38241 RESERVED CVE-2021-38240 RESERVED CVE-2021-38239 RESERVED CVE-2021-38238 RESERVED CVE-2021-38237 RESERVED CVE-2021-38236 RESERVED CVE-2021-38235 RESERVED CVE-2021-38234 RESERVED CVE-2021-38233 RESERVED CVE-2021-38232 RESERVED CVE-2021-38231 RESERVED CVE-2021-38230 RESERVED CVE-2021-38229 RESERVED CVE-2021-38228 RESERVED CVE-2021-38227 RESERVED CVE-2021-38226 RESERVED CVE-2021-38225 RESERVED CVE-2021-38224 RESERVED CVE-2021-38223 RESERVED CVE-2021-38222 RESERVED CVE-2021-38221 RESERVED CVE-2021-38220 RESERVED CVE-2021-38219 RESERVED CVE-2021-38218 RESERVED CVE-2021-38217 RESERVED CVE-2021-38216 RESERVED CVE-2021-38215 RESERVED CVE-2021-38214 RESERVED CVE-2021-38213 RESERVED CVE-2021-38212 RESERVED CVE-2021-38211 RESERVED CVE-2021-38210 RESERVED CVE-2021-3691 RESERVED CVE-2021-3690 [buffer leak on incoming websocket PONG message may lead to DoS] RESERVED - undertow 2.2.10-1 NOTE: https://issues.redhat.com/browse/UNDERTOW-1935 CVE-2021-38209 (net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.1 ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://git.kernel.org/linus/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6 CVE-2021-38208 (net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba CVE-2021-38207 (drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before ...) - linux 5.10.46-1 [buster] - linux (Not applicable to any release architecture) [stretch] - linux (Not applicable to any release architecture) NOTE: https://git.kernel.org/linus/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when a devi ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48 CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...) {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37 CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...) {DLA-2785-1} - linux 5.14.6-1 (unimportant) [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerability introduced later) [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 CVE-2021-38202 (fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote a ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/7b08cf62b1239a4322427d677ea9363f0ab677c6 CVE-2021-38201 (net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attac ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...) {DLA-2785-1} - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7 CVE-2021-38197 (unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Director ...) NOT-FOR-US: Go unarr CVE-2021-38196 (An issue was discovered in the better-macro crate through 2021-07-22 f ...) NOT-FOR-US: Rust crate better macto CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rus ...) NOT-FOR-US: Rust crate libsecp256k1 CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rus ...) NOT-FOR-US: Rust crate ark-r1cs-std CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0 for Rust ...) NOT-FOR-US: Rust crate prost-types CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1 for Rust. ...) NOT-FOR-US: Rust crate nalgebra CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for Rust. In ...) NOT-FOR-US: Rust crate lettre CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. ...) NOT-FOR-US: Rust crate iced-x86 CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for Rust. I ...) - rust-anymap (bug #992046) [bullseye] - rust-anymap (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0065.html CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for Rust. It ...) NOT-FOR-US: Rust crate comrak CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...) - cpio 2.13+dfsg-5 (bug #992045) [bullseye] - cpio (Minor issue) [buster] - cpio (Minor issue) [stretch] - cpio (Minor issue) NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b NOTE: https://github.com/fangqyi/cpiopwn NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html NOTE: Regression: https://bugs.debian.org/992098 NOTE: Regression fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8 NOTE: Regression #2: https://bugs.debian.org/992192 NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1 CVE-2021-38184 RESERVED CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...) NOT-FOR-US: SAP CVE-2021-38182 RESERVED CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...) NOT-FOR-US: SAP CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...) NOT-FOR-US: SAP CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...) NOT-FOR-US: SAP CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...) NOT-FOR-US: SAP CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...) NOT-FOR-US: SAP CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...) NOT-FOR-US: SAP CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an attacker wi ...) NOT-FOR-US: SAP CVE-2021-38174 (When a user opens manipulated files received from untrusted sources in ...) NOT-FOR-US: SAP CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) - yii (bug #597899) CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mishandlin ...) {DLA-2755-1} - btrbk 0.27.1-2 [bullseye] - btrbk 0.27.1-1.1+deb11u1 [buster] - btrbk 0.27.1-1+deb10u1 NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2) NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1) CVE-2021-38172 RESERVED CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) - ffmpeg [bullseye] - ffmpeg (Wait for 4.3.3) [stretch] - ffmpeg (Wait to be fixed in buster first) NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 CVE-2021-38170 RESERVED CVE-2021-38169 (Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and ...) NOT-FOR-US: Roxy-WI CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_ ...) NOT-FOR-US: Roxy-WI CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unaut ...) NOT-FOR-US: Roxy-WI CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - ...) NOT-FOR-US: SAP CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7. ...) NOT-FOR-US: SAP CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...) NOT-FOR-US: SAP CVE-2021-38161 RESERVED CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...) {DSA-4978-1} - linux 5.14.6-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) CVE-2021-38159 (In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2021-38158 RESERVED CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before ...) NOT-FOR-US: LeoStream Connection Broker CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboar ...) NOT-FOR-US: Nagios XI CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...) - keystone 2:19.0.0-3 (bug #992070) [bullseye] - keystone (Minor issue) [buster] - keystone (Minor issue) [stretch] - keystone (Keystone not supported in stretch) NOTE: https://launchpad.net/bugs/1688137 CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...) {DSA-4953-1 DLA-2736-1} [experimental] - lynx 2.9.0dev.9-1 - lynx 2.9.0dev.6-3 (bug #991971) [bullseye] - lynx 2.9.0dev.6-3~deb11u1 NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9 NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46 CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...) NOT-FOR-US: Canon CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to validate a pass ...) - kafka (bug #786460) CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...) NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...) NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38150 (When an attacker manages to get access to the local memory, or the mem ...) NOT-FOR-US: SAP CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...) NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...) NOT-FOR-US: Obsidian CVE-2021-38147 RESERVED CVE-2021-38146 RESERVED CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...) NOT-FOR-US: Form Tools CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...) NOT-FOR-US: Form Tools CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...) NOT-FOR-US: Form Tools CVE-2021-38142 (Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and ...) NOT-FOR-US: Barco MirrorOp Windows Sender CVE-2021-38141 RESERVED CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...) NOT-FOR-US: set_user extension for Postgres CVE-2021-38139 RESERVED CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...) NOT-FOR-US: OneNav CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctly chec ...) NOT-FOR-US: Corero SecureWatch Managed Services CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...) NOT-FOR-US: Corero SecureWatch Managed Services CVE-2021-3688 RESERVED NOT-FOR-US: Red Hat JBoss Core Services HTTP Server CVE-2021-38135 RESERVED CVE-2021-38134 RESERVED CVE-2021-38133 RESERVED CVE-2021-38132 RESERVED CVE-2021-38131 RESERVED CVE-2021-38130 RESERVED CVE-2021-38129 RESERVED CVE-2021-38128 RESERVED CVE-2021-38127 RESERVED CVE-2021-38126 RESERVED CVE-2021-38125 RESERVED CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...) NOT-FOR-US: Micro Focus CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...) NOT-FOR-US: Micro Focus CVE-2021-38122 RESERVED CVE-2021-38121 RESERVED CVE-2021-38120 RESERVED CVE-2021-38119 RESERVED CVE-2021-38118 RESERVED CVE-2021-38117 RESERVED CVE-2021-38116 RESERVED CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) - libgd2 (bug #991912) [bullseye] - libgd2 (Minor issue) [buster] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) NOTE: https://github.com/libgd/libgd/issues/697 NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032 CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...) {DLA-2742-1} - ffmpeg [bullseye] - ffmpeg (Wait for 4.3.3) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 CVE-2021-3687 RESERVED CVE-2021-3686 RESERVED CVE-2021-3685 RESERVED CVE-2021-3684 RESERVED CVE-2021-3683 RESERVED CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...) NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif) CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...) NOT-FOR-US: Amazon AWS client for Windows CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...) NOT-FOR-US: DEF CON 27 badge CVE-2021-38110 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) NOT-FOR-US: Corel WordPerfect CVE-2021-38109 (Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Rea ...) NOT-FOR-US: Corel DrawStandard CVE-2021-38108 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) NOT-FOR-US: Corel WordPerfect CVE-2021-38107 (CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Ou ...) NOT-FOR-US: Corel DrawStandard CVE-2021-38106 (UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38105 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38102 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38101 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) NOT-FOR-US: Corel PhotoPaint Standard CVE-2021-38100 (Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bou ...) NOT-FOR-US: Corel PhotoPaint Standard CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) NOT-FOR-US: Corel PhotoPaint Standard CVE-2021-38098 (Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerabilit ...) NOT-FOR-US: Corel PDF Fusion CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...) NOT-FOR-US: Corel PDF Fusion CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...) NOT-FOR-US: Corel PDF Fusion CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...) NOT-FOR-US: Planview Spigit CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 NOTE: Negligible security impact CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 NOTE: Negligible security impact CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38089 REJECTED CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...) {DSA-4980-1 DLA-2753-1} - qemu 1:6.0+dfsg-3 (bug #991911) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2) CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...) NOT-FOR-US: Acronis Cyber Protect CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...) NOT-FOR-US: Acronis Cyber Protect CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...) NOT-FOR-US: Acronis Cyber Protect CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...) NOT-FOR-US: Canon CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...) - courier (bug #989375) [bullseye] - courier (Minor issue) [buster] - courier (Minor issue) [stretch] - courier (Minor issue, include in next update) NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/ NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5) CVE-2021-38083 RESERVED CVE-2021-38082 RESERVED CVE-2021-38081 RESERVED CVE-2021-38080 RESERVED CVE-2021-38079 RESERVED CVE-2021-38078 RESERVED CVE-2021-38077 RESERVED CVE-2021-38076 RESERVED CVE-2021-38075 RESERVED CVE-2021-38074 RESERVED CVE-2021-38073 RESERVED CVE-2021-38072 RESERVED CVE-2021-38071 RESERVED CVE-2021-38070 RESERVED CVE-2021-38069 RESERVED CVE-2021-38068 RESERVED CVE-2021-38067 RESERVED CVE-2021-38066 RESERVED CVE-2021-38065 RESERVED CVE-2021-38064 RESERVED CVE-2021-38063 RESERVED CVE-2021-38062 RESERVED CVE-2021-38061 RESERVED CVE-2021-38060 RESERVED CVE-2021-38059 RESERVED CVE-2021-38058 RESERVED CVE-2021-38057 RESERVED CVE-2021-38056 RESERVED CVE-2021-38055 RESERVED CVE-2021-38054 RESERVED CVE-2021-38053 RESERVED CVE-2021-38052 RESERVED CVE-2021-38051 RESERVED CVE-2021-38050 RESERVED CVE-2021-38049 RESERVED CVE-2021-38048 RESERVED CVE-2021-38047 RESERVED CVE-2021-38046 RESERVED CVE-2021-38045 RESERVED CVE-2021-38044 RESERVED CVE-2021-38043 RESERVED CVE-2021-38042 RESERVED CVE-2021-38041 RESERVED CVE-2021-38040 RESERVED CVE-2021-38039 RESERVED CVE-2021-38038 RESERVED CVE-2021-38037 RESERVED CVE-2021-38036 RESERVED CVE-2021-38035 RESERVED CVE-2021-38034 RESERVED CVE-2021-38033 RESERVED CVE-2021-38032 RESERVED CVE-2021-38031 RESERVED CVE-2021-38030 RESERVED CVE-2021-38029 RESERVED CVE-2021-38028 RESERVED CVE-2021-38027 RESERVED CVE-2021-38026 RESERVED CVE-2021-38025 RESERVED CVE-2021-38024 RESERVED CVE-2021-38023 RESERVED CVE-2021-38022 RESERVED CVE-2021-38021 RESERVED CVE-2021-38020 RESERVED CVE-2021-38019 RESERVED CVE-2021-38018 RESERVED CVE-2021-38017 RESERVED CVE-2021-38016 RESERVED CVE-2021-38015 RESERVED CVE-2021-38014 RESERVED CVE-2021-38013 RESERVED CVE-2021-38012 RESERVED CVE-2021-38011 RESERVED CVE-2021-38010 RESERVED CVE-2021-38009 RESERVED CVE-2021-38008 RESERVED CVE-2021-38007 RESERVED CVE-2021-38006 RESERVED CVE-2021-38005 RESERVED CVE-2021-38004 RESERVED CVE-2021-38003 RESERVED CVE-2021-38002 RESERVED CVE-2021-38001 RESERVED CVE-2021-38000 RESERVED CVE-2021-37999 RESERVED CVE-2021-37998 RESERVED CVE-2021-37997 RESERVED CVE-2021-37996 RESERVED CVE-2021-37995 RESERVED CVE-2021-37994 RESERVED CVE-2021-37993 RESERVED CVE-2021-37992 RESERVED CVE-2021-37991 RESERVED CVE-2021-37990 RESERVED CVE-2021-37989 RESERVED CVE-2021-37988 RESERVED CVE-2021-37987 RESERVED CVE-2021-37986 RESERVED CVE-2021-37985 RESERVED CVE-2021-37984 RESERVED CVE-2021-37983 RESERVED CVE-2021-37982 RESERVED CVE-2021-37981 RESERVED CVE-2021-37980 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37979 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37978 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37977 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37960 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2021-37955 RESERVED CVE-2021-37954 RESERVED CVE-2021-37953 RESERVED CVE-2021-37952 RESERVED CVE-2021-37951 RESERVED CVE-2021-37950 RESERVED CVE-2021-37949 RESERVED CVE-2021-37948 RESERVED CVE-2021-37947 RESERVED CVE-2021-37946 RESERVED CVE-2021-37945 RESERVED CVE-2021-37944 RESERVED CVE-2021-37943 RESERVED CVE-2021-37942 RESERVED CVE-2021-37941 RESERVED CVE-2021-37940 RESERVED CVE-2021-37939 RESERVED CVE-2021-37938 RESERVED CVE-2021-37937 RESERVED CVE-2021-37936 RESERVED CVE-2021-37935 RESERVED CVE-2021-37934 RESERVED CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...) NOT-FOR-US: Huntflow Enterprise CVE-2021-37932 RESERVED CVE-2021-3681 RESERVED NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407 TODO: check, needs verifying the affected ansible/ansible-base components CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...) NOT-FOR-US: showdoc CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) NOT-FOR-US: showdoc CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37929 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37928 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...) NOT-FOR-US: Zoho ManageEngine ADManager Plus CVE-2021-37926 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...) NOT-FOR-US: Zoho ManageEngine ADManager Plus CVE-2021-37924 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37923 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37922 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37921 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37920 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37919 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37917 RESERVED CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...) NOT-FOR-US: Joplin CVE-2021-37915 RESERVED CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...) NOT-FOR-US: Argo Workflows CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...) NOT-FOR-US: HGiga OAKlouds mobile portal CVE-2021-37912 (The HGiga OAKlouds mobile portal does not filter special characters of ...) NOT-FOR-US: HGiga OAKlouds mobile portal CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...) NOT-FOR-US: BenQ smart wireless conference projector CVE-2021-37910 RESERVED CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not filter and v ...) NOT-FOR-US: TSSServiSignAdapter Windows CVE-2021-37908 RESERVED CVE-2021-37907 RESERVED CVE-2021-37906 RESERVED CVE-2021-37905 RESERVED CVE-2021-37904 RESERVED CVE-2021-37903 RESERVED CVE-2021-37902 RESERVED CVE-2021-37901 RESERVED CVE-2021-37900 RESERVED CVE-2021-37899 RESERVED CVE-2021-37898 RESERVED CVE-2021-37897 RESERVED CVE-2021-37896 RESERVED CVE-2021-37895 RESERVED CVE-2021-37894 RESERVED CVE-2021-37893 RESERVED CVE-2021-37892 RESERVED CVE-2021-37891 RESERVED CVE-2021-37890 RESERVED CVE-2021-37889 RESERVED CVE-2021-37888 RESERVED CVE-2021-37887 RESERVED CVE-2021-37886 RESERVED CVE-2021-37885 RESERVED CVE-2021-37884 RESERVED CVE-2021-37883 RESERVED CVE-2021-37882 RESERVED CVE-2021-37881 RESERVED CVE-2021-37880 RESERVED CVE-2021-37879 RESERVED CVE-2021-37878 RESERVED CVE-2021-37877 RESERVED CVE-2021-37876 RESERVED CVE-2021-37875 RESERVED CVE-2021-37874 RESERVED CVE-2021-37873 RESERVED CVE-2021-37872 RESERVED CVE-2021-37871 RESERVED CVE-2021-37870 RESERVED CVE-2021-37869 RESERVED CVE-2021-37868 RESERVED CVE-2021-37867 RESERVED CVE-2021-37866 RESERVED CVE-2021-37865 RESERVED CVE-2021-37864 RESERVED CVE-2021-37863 RESERVED CVE-2021-37862 RESERVED CVE-2021-37861 RESERVED CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...) - mattermost-server (bug #823556) CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...) - mattermost-server (bug #823556) CVE-2021-37858 RESERVED CVE-2021-37857 RESERVED CVE-2021-37856 RESERVED CVE-2021-37855 RESERVED CVE-2021-37854 RESERVED CVE-2021-37853 RESERVED CVE-2021-37852 RESERVED CVE-2021-37851 RESERVED CVE-2021-37850 RESERVED CVE-2021-37849 RESERVED CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...) NOT-FOR-US: Pengutronix Barebox CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing ...) NOT-FOR-US: Pengutronix Barebox CVE-2021-37846 RESERVED CVE-2021-37845 RESERVED - citadel [buster] - citadel (Minor issue) [stretch] - citadel (Minor issue, revisit when fixed upstream) NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 NOTE: https://nostarttls.secvuln.info/ NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes CVE-2021-37844 RESERVED CVE-2021-3677 [Memory disclosure in certain queries] RESERVED - postgresql-13 13.4-1 [bullseye] - postgresql-13 13.4-0+deb11u1 - postgresql-11 [buster] - postgresql-11 11.13-0+deb10u1 NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/ CVE-2021-3676 RESERVED CVE-2021-3675 RESERVED CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...) NOT-FOR-US: resolution SAML SSO apps for Atlassian products CVE-2021-37842 RESERVED CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...) NOT-FOR-US: Docker Desktop on Windows CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...) NOT-FOR-US: aaPanel CVE-2021-37839 RESERVED CVE-2021-3674 RESERVED CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...) - radare2 NOTE: https://github.com/radareorg/radare2/issues/18923 NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d CVE-2021-37838 RESERVED CVE-2021-37837 RESERVED CVE-2021-37836 RESERVED CVE-2021-37835 RESERVED CVE-2021-37834 RESERVED CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...) - hoteldruid (bug #991910) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) NOTE: https://github.com/dievus/CVE-2021-37833 CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid w ...) - hoteldruid (bug #991910) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) NOTE: https://github.com/dievus/CVE-2021-37832 CVE-2021-37831 RESERVED CVE-2021-37830 RESERVED CVE-2021-37829 RESERVED CVE-2021-37828 RESERVED CVE-2021-37827 RESERVED CVE-2021-37826 RESERVED CVE-2021-37825 RESERVED CVE-2021-37824 RESERVED CVE-2021-37823 RESERVED CVE-2021-37822 RESERVED CVE-2021-37821 RESERVED CVE-2021-37820 RESERVED CVE-2021-37819 RESERVED CVE-2021-37818 RESERVED CVE-2021-37817 RESERVED CVE-2021-37816 RESERVED CVE-2021-37815 RESERVED CVE-2021-37814 RESERVED CVE-2021-37813 RESERVED CVE-2021-37812 RESERVED CVE-2021-37811 RESERVED CVE-2021-37810 RESERVED CVE-2021-37809 RESERVED CVE-2021-37808 RESERVED CVE-2021-37807 RESERVED CVE-2021-37806 RESERVED CVE-2021-37805 RESERVED CVE-2021-37804 RESERVED CVE-2021-37803 RESERVED CVE-2021-37802 RESERVED CVE-2021-37801 RESERVED CVE-2021-37800 RESERVED CVE-2021-37799 RESERVED CVE-2021-37798 RESERVED CVE-2021-37797 RESERVED CVE-2021-37796 RESERVED CVE-2021-37795 RESERVED CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in FileBrowse ...) NOT-FOR-US: FileBrowser CVE-2021-37793 RESERVED CVE-2021-37792 RESERVED CVE-2021-37791 RESERVED CVE-2021-37790 RESERVED CVE-2021-37789 RESERVED CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...) NOT-FOR-US: Gurock TestRail CVE-2021-37787 RESERVED CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...) NOT-FOR-US: Covid certificate app in Switzerland. CVE-2021-37785 RESERVED CVE-2021-37784 RESERVED CVE-2021-37783 RESERVED CVE-2021-37782 RESERVED CVE-2021-37781 RESERVED CVE-2021-37780 RESERVED CVE-2021-37779 RESERVED CVE-2021-37778 RESERVED CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...) NOT-FOR-US: Gila CMS CVE-2021-37776 RESERVED CVE-2021-37775 RESERVED CVE-2021-37774 RESERVED CVE-2021-37773 RESERVED CVE-2021-37772 RESERVED CVE-2021-37771 RESERVED CVE-2021-37770 RESERVED CVE-2021-37769 RESERVED CVE-2021-37768 RESERVED CVE-2021-37767 RESERVED CVE-2021-37766 RESERVED CVE-2021-37765 RESERVED CVE-2021-37764 RESERVED CVE-2021-37763 RESERVED CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...) - graylog2 (bug #652273) CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...) - graylog2 (bug #652273) CVE-2021-37758 RESERVED CVE-2021-37757 RESERVED CVE-2021-37756 RESERVED CVE-2021-37755 RESERVED CVE-2021-37754 RESERVED CVE-2021-37753 RESERVED CVE-2021-37752 RESERVED CVE-2021-37751 RESERVED CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...) {DLA-2771-1} - krb5 1.18.3-7 (bug #992607) [bullseye] - krb5 1.18.3-6+deb11u1 [buster] - krb5 1.17-3+deb10u3 NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...) NOT-FOR-US: Hexagon GeoMedia WebMap CVE-2021-37748 RESERVED CVE-2021-37747 RESERVED CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...) - claws-mail 3.18.0-1 (bug #991722) [bullseye] - claws-mail (Minor issue) [buster] - claws-mail (Minor issue) [stretch] - claws-mail (Minor issue) - sylpheed (bug #991723) [bullseye] - sylpheed (Minor issue) [buster] - sylpheed (Minor issue) [stretch] - sylpheed (Minor issue) NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431 CVE-2021-3672 [Missing input validation on hostnames returned by DNS servers] RESERVED {DSA-4954-1 DLA-2738-1} - c-ares 1.17.1-1.1 (bug #992053) [bullseye] - c-ares 1.17.1-1+deb11u1 NOTE: https://c-ares.haxx.se/adv_20210810.html NOTE: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 NOTE: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14 CVE-2021-37745 RESERVED CVE-2021-37744 RESERVED CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored X ...) NOT-FOR-US: MISP CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...) NOT-FOR-US: MISP CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...) NOT-FOR-US: ManageEngine CVE-2021-37740 RESERVED CVE-2021-37739 RESERVED CVE-2021-37738 RESERVED CVE-2021-37737 RESERVED CVE-2021-37736 RESERVED CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...) NOT-FOR-US: Aruba CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) NOT-FOR-US: Aruba CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...) NOT-FOR-US: Aruba CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...) NOT-FOR-US: Aruba CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...) NOT-FOR-US: Aruba CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) NOT-FOR-US: Aruba CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...) NOT-FOR-US: Aruba CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...) NOT-FOR-US: Aruba CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...) NOT-FOR-US: Aruba CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37723 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37722 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37721 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37720 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37719 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37718 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37717 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba SD-WAN ...) NOT-FOR-US: Aruba CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) NOT-FOR-US: Aruba CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...) - heimdal [bullseye] - heimdal (Minor issue) [buster] - heimdal (Minor issue) [stretch] - heimdal (Minor issue) - samba [bullseye] - samba (Minor issue) [buster] - samba (Minor issue) [stretch] - samba (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770 NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability. NOTE: Fixed by (Samba): https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5 CVE-2021-3670 RESERVED CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...) - jsoup 1.14.2-1 (bug #992590) NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) - node-tar (Only affects node-tar on Windows) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) - node-tar 6.1.11+~cs11.3.10-1 (bug #993981) [stretch] - node-tar (Nodejs in stretch not covered by security support) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p CVE-2021-37711 (Versions prior to 6.4.3.1 contain an authenticated server-side request ...) NOT-FOR-US: Shopware CVE-2021-37710 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37706 RESERVED CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) NOT-FOR-US: OneFuzz CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) NOT-FOR-US: PhpFastCache CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...) NOT-FOR-US: Discourse CVE-2021-37702 (Pimcore is an open source data & experience management platform. P ...) NOT-FOR-US: Pimcore CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...) - node-tar 6.1.7+~cs11.3.10-1 [stretch] - node-tar (Nodejs in stretch not covered by security support) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...) NOT-FOR-US: Node paste-markdown CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...) NOT-FOR-US: next.js CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...) - icinga2 2.13.1-1 NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2 NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/ CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) NOT-FOR-US: tmerc-cogs CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) NOT-FOR-US: tmerc-cogs CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) - ckeditor 4.16.2+dfsg-1 (bug #992290) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...) NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...) NOT-FOR-US: Discourse CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37690 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37689 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37688 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37687 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37686 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37685 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37684 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37683 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37682 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37681 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37680 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37679 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37678 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37677 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37676 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37675 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37674 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37673 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37672 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37671 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37670 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37669 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37668 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37667 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37666 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37665 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37664 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37663 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37662 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37661 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37659 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37658 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37657 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37656 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37655 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37654 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37652 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37651 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37650 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37648 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37646 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37645 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37644 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37641 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37638 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37635 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...) NOT-FOR-US: Leafkit CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...) NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft) CVE-2021-37631 (Deck is an open source kanban style organization tool aimed at persona ...) NOT-FOR-US: Nextcloud Deck CVE-2021-37630 (Nextcloud Circles is an open source social network built for the nextc ...) NOT-FOR-US: Nextcloud Cirles CVE-2021-37629 (Nextcloud Richdocuments is an open source collaborative office suite. ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-37628 (Nextcloud Richdocuments is an open source collaborative office suite. ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...) NOT-FOR-US: Contao CMS CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...) NOT-FOR-US: Contao CMS CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...) NOT-FOR-US: Skytable CVE-2021-37624 RESERVED CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq NOTE: https://github.com/Exiv2/exiv2/pull/1790 CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv NOTE: https://github.com/Exiv2/exiv2/pull/1788 CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg NOTE: https://github.com/Exiv2/exiv2/pull/1778 CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 NOTE: https://github.com/Exiv2/exiv2/pull/1769 CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v NOTE: https://github.com/Exiv2/exiv2/pull/1752 CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 NOTE: https://github.com/Exiv2/exiv2/pull/1759 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) - nextcloud-desktop (Doesn't affect Nextcloud client as shipped in Debian) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...) NOT-FOR-US: MOVEit Transfer CVE-2021-37613 RESERVED CVE-2021-37612 RESERVED CVE-2021-37611 RESERVED CVE-2021-37610 RESERVED CVE-2021-37609 RESERVED CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...) NOT-FOR-US: Apache OFBiz CVE-2021-37607 RESERVED CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory segment counts] RESERVED - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...) NOT-FOR-US: Meow hash CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...) NOT-FOR-US: Microchip MiWi CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...) NOT-FOR-US: Microchip MiWi CVE-2021-37603 RESERVED CVE-2021-37602 RESERVED CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Winscribe ...) NOT-FOR-US: Nuance CVE-2021-3668 RESERVED CVE-2021-37600 (** DISPUTED ** An integer overflow in util-linux through 2.37.1 can po ...) - util-linux 2.36.1-8 (low; bug #991619) [buster] - util-linux (Minor issue) [stretch] - util-linux (Minor issue) NOTE: https://github.com/karelzak/util-linux/issues/1395 NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c CVE-2021-37598 (WP Cerber before 8.9.3 allows bypass of /wp-json access control via a ...) NOT-FOR-US: WordPress plugin CVE-2021-37597 (WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash ...) NOT-FOR-US: WordPress plugin CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name. ...) NOT-FOR-US: Telegram Web K Alpha CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) - freerdp2 (Windows-specific) NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) - freerdp2 (Windows-specific) NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...) NOT-FOR-US: PEEL Shopping CVE-2021-37592 RESERVED CVE-2021-37591 RESERVED CVE-2021-37590 RESERVED CVE-2021-37589 RESERVED CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...) NOT-FOR-US: Charm CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...) NOT-FOR-US: Charm CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...) NOT-FOR-US: Mitel CVE-2021-37585 RESERVED CVE-2021-37584 RESERVED CVE-2021-37583 RESERVED CVE-2021-37582 RESERVED CVE-2021-37581 RESERVED CVE-2021-37580 RESERVED CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...) NOT-FOR-US: Apache Dubbo CVE-2021-3667 RESERVED - libvirt 7.6.0-1 (bug #991594) [bullseye] - libvirt (Minor issue) [buster] - libvirt (Minor issue) [stretch] - libvirt (Introduced in 4.1) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 (v7.6.0-rc1) NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote Method Invo ...) NOT-FOR-US: Apache jUDDI CVE-2021-37577 RESERVED CVE-2021-37575 RESERVED CVE-2021-37574 RESERVED CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...) NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS) CVE-2021-37572 RESERVED CVE-2021-37571 RESERVED CVE-2021-37570 RESERVED CVE-2021-37569 RESERVED CVE-2021-37568 RESERVED CVE-2021-37567 RESERVED CVE-2021-37566 RESERVED CVE-2021-37565 RESERVED CVE-2021-37564 RESERVED CVE-2021-37563 RESERVED CVE-2021-37562 RESERVED CVE-2021-37561 RESERVED CVE-2021-37560 RESERVED CVE-2021-37559 RESERVED CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...) - centreon-web (bug #913903) CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon before 2 ...) - centreon-web (bug #913903) CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon before 2 ...) - centreon-web (bug #913903) CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...) NOT-FOR-US: TX9 Automatic Food Dispenser CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...) NOT-FOR-US: JetBrains CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. ...) NOT-FOR-US: JetBrains CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. ...) NOT-FOR-US: JetBrains CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...) NOT-FOR-US: JetBrains CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...) NOT-FOR-US: JetBrains CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...) NOT-FOR-US: JetBrains CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...) NOT-FOR-US: JetBrains CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...) NOT-FOR-US: JetBrains CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...) NOT-FOR-US: JetBrains CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...) NOT-FOR-US: JetBrains CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...) NOT-FOR-US: JetBrains CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...) NOT-FOR-US: JetBrains CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...) NOT-FOR-US: JetBrains CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...) NOT-FOR-US: JetBrains CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...) NOT-FOR-US: JetBrains CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestri ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...) NOT-FOR-US: Node body-parser-xml CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux (powerpc architectures not included in LTS) NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3) CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...) NOT-FOR-US: PrestaShop CVE-2021-37537 RESERVED CVE-2021-37536 RESERVED CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) - versio ...) NOT-FOR-US: SAP CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...) NOT-FOR-US: MISP CVE-2021-37533 RESERVED CVE-2021-37532 (SAP Business One version - 10, due to improper input validation, allow ...) NOT-FOR-US: SAP CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...) NOT-FOR-US: SAP CVE-2021-37530 RESERVED CVE-2021-37529 RESERVED CVE-2021-37528 RESERVED CVE-2021-37527 RESERVED CVE-2021-37526 RESERVED CVE-2021-37525 RESERVED CVE-2021-37524 RESERVED CVE-2021-37523 RESERVED CVE-2021-37522 RESERVED CVE-2021-37521 RESERVED CVE-2021-37520 RESERVED CVE-2021-37519 RESERVED CVE-2021-37518 RESERVED CVE-2021-37517 RESERVED CVE-2021-37516 RESERVED CVE-2021-37515 RESERVED CVE-2021-37514 RESERVED CVE-2021-37513 RESERVED CVE-2021-37512 RESERVED CVE-2021-37511 RESERVED CVE-2021-37510 RESERVED CVE-2021-37509 RESERVED CVE-2021-37508 RESERVED CVE-2021-37507 RESERVED CVE-2021-37506 RESERVED CVE-2021-37505 RESERVED CVE-2021-37504 RESERVED CVE-2021-37503 RESERVED CVE-2021-37502 RESERVED CVE-2021-37501 RESERVED CVE-2021-37500 RESERVED CVE-2021-37499 RESERVED CVE-2021-37498 RESERVED CVE-2021-37497 RESERVED CVE-2021-37496 RESERVED CVE-2021-37495 RESERVED CVE-2021-37494 RESERVED CVE-2021-37493 RESERVED CVE-2021-37492 RESERVED CVE-2021-37491 RESERVED CVE-2021-37490 RESERVED CVE-2021-37489 RESERVED CVE-2021-37488 RESERVED CVE-2021-37487 RESERVED CVE-2021-37486 RESERVED CVE-2021-37485 RESERVED CVE-2021-37484 RESERVED CVE-2021-37483 RESERVED CVE-2021-37482 RESERVED CVE-2021-37481 RESERVED CVE-2021-37480 RESERVED CVE-2021-37479 RESERVED CVE-2021-37478 (In NavigateCMS version 2.9.4 and below, function `block` is vulnerable ...) NOT-FOR-US: NavigateCMS CVE-2021-37477 (In NavigateCMS version 2.9.4 and below, function in `structure.php` is ...) NOT-FOR-US: NavigateCMS CVE-2021-37476 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) NOT-FOR-US: NavigateCMS CVE-2021-37475 (In NavigateCMS version 2.9.4 and below, function in `templates.php` is ...) NOT-FOR-US: NavigateCMS CVE-2021-37474 RESERVED CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) NOT-FOR-US: NavigateCMS CVE-2021-37472 RESERVED CVE-2021-37471 RESERVED CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...) NOT-FOR-US: NCH CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can abuse log ...) NOT-FOR-US: NCH CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext user acc ...) NOT-FOR-US: NCH CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploa ...) NOT-FOR-US: NCH CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (refle ...) NOT-FOR-US: NCH CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflec ...) NOT-FOR-US: NCH CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference Description ...) NOT-FOR-US: NCH CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (sto ...) NOT-FOR-US: NCH CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover cleartext ...) NOT-FOR-US: NCH CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) NOT-FOR-US: NCH CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) NOT-FOR-US: NCH CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) NOT-FOR-US: NCH CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory traversal ...) NOT-FOR-US: NCH CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via the logd ...) NOT-FOR-US: NCH CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile ...) NOT-FOR-US: NCH CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file deletion ...) NOT-FOR-US: NCH CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file disclosu ...) NOT-FOR-US: NCH CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vu ...) NOT-FOR-US: NCH CVE-2021-37438 REJECTED CVE-2021-37437 RESERVED CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, ...) NOT-FOR-US: Amazon Echo CVE-2021-37435 RESERVED CVE-2021-37434 RESERVED CVE-2021-37433 RESERVED CVE-2021-37432 RESERVED CVE-2021-37431 RESERVED CVE-2021-37430 RESERVED CVE-2021-37429 RESERVED CVE-2021-37428 RESERVED CVE-2021-37427 RESERVED CVE-2021-37426 RESERVED CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...) NOT-FOR-US: Altova MobileTogether Server CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...) NOT-FOR-US: ManageEngine CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoo ...) NOT-FOR-US: ManageEngine CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. ...) NOT-FOR-US: ManageEngine CVE-2021-37418 REJECTED CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37413 RESERVED CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...) NOT-FOR-US: TechRadar app for Confluence Server CVE-2021-37411 RESERVED CVE-2021-3665 RESERVED CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site ...) - node-url-parse 1.5.3-1 (bug #991577) [buster] - node-url-parse (Minor issue) [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/ NOTE: https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0 CVE-2021-26250 RESERVED CVE-2021-23208 RESERVED CVE-2021-23183 RESERVED CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...) - prosody 0.11.9-2 [buster] - prosody (Minor issue) [stretch] - prosody (Vulnerable code not present) NOTE: https://prosody.im/security/advisory_20210722/ CVE-2021-37404 RESERVED CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...) NOT-FOR-US: firefly-iii CVE-2021-3662 RESERVED CVE-2021-3661 RESERVED CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) NOT-FOR-US: OX App Suite CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) NOT-FOR-US: OX App Suite CVE-2021-3660 RESERVED - cockpit 254-1 [bullseye] - cockpit (Minor issue) [buster] - cockpit (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688 CVE-2021-37401 RESERVED CVE-2021-37400 RESERVED CVE-2021-37399 RESERVED CVE-2021-37398 RESERVED CVE-2021-37397 RESERVED CVE-2021-37396 RESERVED CVE-2021-37395 RESERVED CVE-2021-37394 (In RPCMS v1.8 and below, attackers can interact with API and change va ...) NOT-FOR-US: RPCMS CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) NOT-FOR-US: RPCMS CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) NOT-FOR-US: RPCMS CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...) NOT-FOR-US: Chamilo LMS CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...) NOT-FOR-US: Chamilo LMS CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...) NOT-FOR-US: Chamilo LMS CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...) NOT-FOR-US: D-Link CVE-2021-37387 RESERVED CVE-2021-37386 RESERVED CVE-2021-37385 RESERVED CVE-2021-37384 RESERVED CVE-2021-37383 RESERVED CVE-2021-37382 RESERVED CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access ...) NOT-FOR-US: Southsoft GMIS CVE-2021-37380 RESERVED CVE-2021-37379 RESERVED CVE-2021-37378 RESERVED CVE-2021-37377 RESERVED CVE-2021-37376 RESERVED CVE-2021-37375 RESERVED CVE-2021-37374 RESERVED CVE-2021-37373 RESERVED CVE-2021-37372 RESERVED CVE-2021-37371 RESERVED CVE-2021-37370 RESERVED CVE-2021-37369 RESERVED CVE-2021-37368 RESERVED CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...) NOT-FOR-US: CTparental CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...) NOT-FOR-US: CTparental CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...) NOT-FOR-US: CTparental CVE-2021-37364 RESERVED CVE-2021-37363 RESERVED CVE-2021-37362 RESERVED CVE-2021-37361 RESERVED CVE-2021-37360 RESERVED CVE-2021-37359 RESERVED CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...) NOT-FOR-US: SEACMS CVE-2021-37357 RESERVED CVE-2021-37356 RESERVED CVE-2021-37355 RESERVED CVE-2021-37354 RESERVED CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...) NOT-FOR-US: Nagios XI CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...) NOT-FOR-US: Nagios XI CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...) NOT-FOR-US: Nagios XI CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...) NOT-FOR-US: Nagios XI CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) NOT-FOR-US: Nagios XI CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...) NOT-FOR-US: Nagios XI CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) NOT-FOR-US: Nagios XI CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...) NOT-FOR-US: Nagios XI CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) NOT-FOR-US: Nagios XI CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...) NOT-FOR-US: Nagios XI CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...) NOT-FOR-US: Nagios XI CVE-2021-37342 RESERVED CVE-2021-37341 RESERVED CVE-2021-37340 RESERVED CVE-2021-37339 RESERVED CVE-2021-37338 RESERVED CVE-2021-37337 RESERVED CVE-2021-37336 RESERVED CVE-2021-37335 RESERVED CVE-2021-37334 (A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could l ...) NOT-FOR-US: Umbraco Forms CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...) NOT-FOR-US: Laravel Booking System Booking Core CVE-2021-37332 RESERVED CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...) NOT-FOR-US: Laravel Booking System Booking Core CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...) NOT-FOR-US: Laravel Booking System Booking Core CVE-2021-37329 RESERVED CVE-2021-37328 RESERVED CVE-2021-37327 RESERVED CVE-2021-37326 (NetSarang Xshell 7 before Build 0077 includes unintended code strings ...) NOT-FOR-US: NetSarang Xshell CVE-2021-37325 RESERVED CVE-2021-37324 RESERVED CVE-2021-37323 RESERVED CVE-2021-37322 RESERVED CVE-2021-37321 RESERVED CVE-2021-37320 RESERVED CVE-2021-37319 RESERVED CVE-2021-37318 RESERVED CVE-2021-37317 RESERVED CVE-2021-37316 RESERVED CVE-2021-37315 RESERVED CVE-2021-37314 RESERVED CVE-2021-37313 RESERVED CVE-2021-37312 RESERVED CVE-2021-37311 RESERVED CVE-2021-37310 RESERVED CVE-2021-37309 RESERVED CVE-2021-37308 RESERVED CVE-2021-37307 RESERVED CVE-2021-37306 RESERVED CVE-2021-37305 RESERVED CVE-2021-37304 RESERVED CVE-2021-37303 RESERVED CVE-2021-37302 RESERVED CVE-2021-37301 RESERVED CVE-2021-37300 RESERVED CVE-2021-37299 RESERVED CVE-2021-37298 RESERVED CVE-2021-37297 RESERVED CVE-2021-37296 RESERVED CVE-2021-37295 RESERVED CVE-2021-37294 RESERVED CVE-2021-37293 RESERVED CVE-2021-37292 RESERVED CVE-2021-37291 RESERVED CVE-2021-37290 RESERVED CVE-2021-37289 RESERVED CVE-2021-37288 RESERVED CVE-2021-37287 RESERVED CVE-2021-37286 RESERVED CVE-2021-37285 RESERVED CVE-2021-37284 RESERVED CVE-2021-37283 RESERVED CVE-2021-37282 RESERVED CVE-2021-37281 RESERVED CVE-2021-37280 RESERVED CVE-2021-37279 RESERVED CVE-2021-37278 RESERVED CVE-2021-37277 RESERVED CVE-2021-37276 RESERVED CVE-2021-37275 RESERVED CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...) NOT-FOR-US: Kingdee KIS Professional Edition CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...) NOT-FOR-US: Tianyi Gateway CVE-2021-37272 RESERVED CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...) NOT-FOR-US: UEditor CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...) NOT-FOR-US: CMS Enterprise Website Construction System CVE-2021-37269 RESERVED CVE-2021-37268 RESERVED CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all versions of Kin ...) NOT-FOR-US: KindEditor CVE-2021-37266 RESERVED CVE-2021-37265 RESERVED CVE-2021-37264 RESERVED CVE-2021-37263 RESERVED CVE-2021-37262 RESERVED CVE-2021-37261 RESERVED CVE-2021-37260 RESERVED CVE-2021-37259 RESERVED CVE-2021-37258 RESERVED CVE-2021-37257 RESERVED CVE-2021-37256 RESERVED CVE-2021-37255 RESERVED CVE-2021-37254 RESERVED CVE-2021-37253 RESERVED CVE-2021-37252 RESERVED CVE-2021-37251 RESERVED CVE-2021-37250 RESERVED CVE-2021-37249 RESERVED CVE-2021-37248 RESERVED CVE-2021-37247 RESERVED CVE-2021-37246 RESERVED CVE-2021-37245 RESERVED CVE-2021-37244 RESERVED CVE-2021-37243 RESERVED CVE-2021-37242 RESERVED CVE-2021-37241 RESERVED CVE-2021-37240 RESERVED CVE-2021-37239 RESERVED CVE-2021-37238 RESERVED CVE-2021-37237 RESERVED CVE-2021-37236 RESERVED CVE-2021-37235 RESERVED CVE-2021-37234 RESERVED CVE-2021-37233 RESERVED CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...) - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366) - gtkpod (bug #993376) [bullseye] - gtkpod (Minor issue) [buster] - gtkpod (Minor issue) [stretch] - gtkpod (Minor issue) NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1 NOTE: https://github.com/wez/atomicparsley/issues/32 CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...) - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372) - gtkpod (bug #993375) [bullseye] - gtkpod (Minor issue) [buster] - gtkpod (Minor issue) [stretch] - gtkpod (Minor issue) NOTE: https://github.com/wez/atomicparsley/issues/30 NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335 CVE-2021-37230 RESERVED CVE-2021-37229 RESERVED CVE-2021-37228 RESERVED CVE-2021-37227 RESERVED CVE-2021-37226 RESERVED CVE-2021-37225 RESERVED CVE-2021-37224 RESERVED CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request ...) NOT-FOR-US: Nagios XI CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...) NOT-FOR-US: RCDCAP CVE-2021-37221 RESERVED CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...) - mupdf 1.17.0+ds1-2 (bug #991402) [buster] - mupdf (Minor issue; can be fixed via point release) [stretch] - mupdf (Vulnerable code not present) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791 NOTE: On Stretch, an earlier version of the code exits early instead of crashing. CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...) - consul NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...) - nomad NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 NOTE: https://github.com/hashicorp/nomad/pull/11089 (main) NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4) NOTE: https://github.com/hashicorp/nomad/commit/61a922afcf12784281757402c8e0b61686ff855d (release-1.0.11) CVE-2021-37217 RESERVED CVE-2021-3659 [NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c] RESERVED - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8 CVE-2021-3658 RESERVED - bluez 5.61-1 (bug #991596) [bullseye] - bluez (Minor issue) [buster] - bluez (Minor issue) [stretch] - bluez (Minor issue) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...) NOT-FOR-US: QSAN Storage Manager CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...) NOT-FOR-US: Flygo CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object ...) NOT-FOR-US: Flygo CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...) NOT-FOR-US: Flygo CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...) NOT-FOR-US: Flygo CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...) NOT-FOR-US: Flygo CVE-2021-37210 RESERVED CVE-2021-37209 RESERVED CVE-2021-37208 RESERVED CVE-2021-37207 RESERVED CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens CVE-2021-37205 RESERVED CVE-2021-37204 RESERVED CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) NOT-FOR-US: Siemens CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) NOT-FOR-US: Siemens CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...) NOT-FOR-US: Siemens CVE-2021-37198 RESERVED CVE-2021-37197 RESERVED CVE-2021-37196 RESERVED CVE-2021-37195 RESERVED CVE-2021-37194 RESERVED CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37189 RESERVED CVE-2021-37188 RESERVED CVE-2021-37187 RESERVED CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions < ...) NOT-FOR-US: Siemens CVE-2021-37185 RESERVED CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...) NOT-FOR-US: Siemens CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37182 RESERVED CVE-2021-37181 (A vulnerability has been identified in Cerberus DMS V4.0 (All versions ...) NOT-FOR-US: Siemens CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) NOT-FOR-US: Siemens CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) NOT-FOR-US: Siemens CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) NOT-FOR-US: Siemens CVE-2021-37177 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37176 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-37175 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-37174 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-37173 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...) NOT-FOR-US: Siemens CVE-2021-37171 RESERVED CVE-2021-37170 RESERVED CVE-2021-37169 RESERVED CVE-2021-37168 RESERVED CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37166 (A buffer overflow issue leading to denial of service was discovered in ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel conta ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37158 RESERVED CVE-2021-37157 RESERVED CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...) - redmine (Only affected 4.2.0 and 4.2.1 upstream) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...) - wolfssl (bug #991443) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/pull/3990 NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...) NOT-FOR-US: ForgeRock Access Management (AM) CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...) NOT-FOR-US: ForgeRock Access Management (AM) CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...) NOT-FOR-US: Sonatype CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...) NOT-FOR-US: CyberArk Identity CVE-2021-3657 RESERVED CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...) {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html CVE-2021-37150 RESERVED CVE-2021-37149 RESERVED CVE-2021-37148 RESERVED CVE-2021-37147 RESERVED CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) [experimental] - ros-ros-comm 1.15.13+ds1-1 - ros-ros-comm [bullseye] - ros-ros-comm (Minor issue) [buster] - ros-ros-comm (Minor issue) [stretch] - ros-ros-comm (Minor issue) NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446 NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447 NOTE: https://github.com/ros/ros_comm/pull/2185 NOTE: https://github.com/ros/ros_comm/commit/41a956c092b2f15405945f40f43dea09516df202 (1.15.12) NOTE: https://github.com/ros/ros_comm/pull/2186 NOTE: https://github.com/ros/ros_comm/commit/71ff62670d15eeec39efd16c3ec4d19b6db8380a (1.14.12) CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in a ...) NOT-FOR-US: Poly (formerly Polycom) CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...) NOT-FOR-US: CSZ CMS CVE-2021-37143 RESERVED CVE-2021-37142 RESERVED CVE-2021-37141 RESERVED CVE-2021-37140 RESERVED CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested] RESERVED {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 CVE-2021-37139 RESERVED CVE-2021-37138 RESERVED CVE-2021-37137 RESERVED - netty [bullseye] - netty (Minor issue) [buster] - netty (Minor issue) [stretch] - netty (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final) CVE-2021-37136 RESERVED - netty [bullseye] - netty (Minor issue) [buster] - netty (Minor issue) [stretch] - netty (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final) CVE-2021-37135 RESERVED CVE-2021-37134 RESERVED CVE-2021-37133 RESERVED CVE-2021-37132 RESERVED CVE-2021-37131 RESERVED CVE-2021-37130 RESERVED CVE-2021-37129 RESERVED CVE-2021-37128 RESERVED CVE-2021-37127 RESERVED CVE-2021-37126 RESERVED CVE-2021-37125 RESERVED CVE-2021-37124 RESERVED CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...) NOT-FOR-US: Hero-CT060 CVE-2021-37122 RESERVED CVE-2021-37121 RESERVED CVE-2021-37120 RESERVED CVE-2021-37119 RESERVED CVE-2021-37118 RESERVED CVE-2021-37117 RESERVED CVE-2021-37116 RESERVED CVE-2021-37115 RESERVED CVE-2021-37114 RESERVED CVE-2021-37113 RESERVED CVE-2021-37112 RESERVED CVE-2021-37111 RESERVED CVE-2021-37110 RESERVED CVE-2021-37109 RESERVED CVE-2021-37108 RESERVED CVE-2021-37107 RESERVED CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...) NOT-FOR-US: FusionCompute (Huawei) CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...) NOT-FOR-US: FusionCompute (Huawei) CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...) NOT-FOR-US: Huawei CVE-2021-37103 RESERVED CVE-2021-37102 RESERVED CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...) NOT-FOR-US: Huawei CVE-2021-37100 RESERVED CVE-2021-37099 RESERVED CVE-2021-37098 RESERVED CVE-2021-37097 RESERVED CVE-2021-37096 RESERVED CVE-2021-37095 RESERVED CVE-2021-37094 RESERVED CVE-2021-37093 RESERVED CVE-2021-37092 RESERVED CVE-2021-37091 RESERVED CVE-2021-37090 RESERVED CVE-2021-37089 RESERVED CVE-2021-37088 RESERVED CVE-2021-37087 RESERVED CVE-2021-37086 RESERVED CVE-2021-37085 RESERVED CVE-2021-37084 RESERVED CVE-2021-37083 RESERVED CVE-2021-37082 RESERVED CVE-2021-37081 RESERVED CVE-2021-37080 RESERVED CVE-2021-37079 RESERVED CVE-2021-37078 RESERVED CVE-2021-37077 RESERVED CVE-2021-37076 RESERVED CVE-2021-37075 RESERVED CVE-2021-37074 RESERVED CVE-2021-37073 RESERVED CVE-2021-37072 RESERVED CVE-2021-37071 RESERVED CVE-2021-37070 RESERVED CVE-2021-37069 RESERVED CVE-2021-37068 RESERVED CVE-2021-37067 RESERVED CVE-2021-37066 RESERVED CVE-2021-37065 RESERVED CVE-2021-37064 RESERVED CVE-2021-37063 RESERVED CVE-2021-37062 RESERVED CVE-2021-37061 RESERVED CVE-2021-37060 RESERVED CVE-2021-37059 RESERVED CVE-2021-37058 RESERVED CVE-2021-37057 RESERVED CVE-2021-37056 RESERVED CVE-2021-37055 RESERVED CVE-2021-37054 RESERVED CVE-2021-37053 RESERVED CVE-2021-37052 RESERVED CVE-2021-37051 RESERVED CVE-2021-37050 RESERVED CVE-2021-37049 RESERVED CVE-2021-37048 RESERVED CVE-2021-37047 RESERVED CVE-2021-37046 RESERVED CVE-2021-37045 RESERVED CVE-2021-37044 RESERVED CVE-2021-37043 RESERVED CVE-2021-37042 RESERVED CVE-2021-37041 RESERVED CVE-2021-37040 RESERVED CVE-2021-37039 RESERVED CVE-2021-37038 RESERVED CVE-2021-37037 RESERVED CVE-2021-37036 RESERVED CVE-2021-37035 RESERVED CVE-2021-37034 RESERVED CVE-2021-37033 RESERVED CVE-2021-37032 RESERVED CVE-2021-37031 RESERVED CVE-2021-37030 RESERVED CVE-2021-37029 RESERVED CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...) NOT-FOR-US: Huawei CVE-2021-37027 RESERVED CVE-2021-37026 RESERVED CVE-2021-37025 RESERVED CVE-2021-37024 RESERVED CVE-2021-37023 RESERVED CVE-2021-37022 RESERVED CVE-2021-37021 RESERVED CVE-2021-37020 RESERVED CVE-2021-37019 RESERVED CVE-2021-37018 RESERVED CVE-2021-37017 RESERVED CVE-2021-37016 RESERVED CVE-2021-37015 RESERVED CVE-2021-37014 RESERVED CVE-2021-37013 RESERVED CVE-2021-37012 RESERVED CVE-2021-37011 RESERVED CVE-2021-37010 RESERVED CVE-2021-37009 RESERVED CVE-2021-37008 RESERVED CVE-2021-37007 RESERVED CVE-2021-37006 RESERVED CVE-2021-37005 RESERVED CVE-2021-37004 RESERVED CVE-2021-37003 RESERVED CVE-2021-37002 RESERVED CVE-2021-37001 RESERVED CVE-2021-37000 RESERVED CVE-2021-36999 RESERVED CVE-2021-36998 RESERVED CVE-2021-36997 RESERVED CVE-2021-36996 RESERVED CVE-2021-36995 RESERVED CVE-2021-36994 RESERVED CVE-2021-36993 RESERVED CVE-2021-36992 RESERVED CVE-2021-36991 RESERVED CVE-2021-36990 RESERVED CVE-2021-36989 RESERVED CVE-2021-36988 RESERVED CVE-2021-36987 RESERVED CVE-2021-36986 RESERVED CVE-2021-36985 RESERVED CVE-2021-36984 RESERVED CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...) NOT-FOR-US: ReplaySorcery CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...) NOT-FOR-US: SerNet verinice CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...) {DLA-2785-1} - linux 5.10.46-3 [buster] - linux 4.19.208-1 CVE-2021-3654 [novnc allows open redirection] RESERVED - nova 2:23.0.2-3 (bug #991441) [bullseye] - nova (Minor issue) [buster] - nova (Minor issue) [stretch] - nova (Minor issue) NOTE: https://bugs.launchpad.net/nova/+bug/1927677 NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1 CVE-2021-26263 RESERVED CVE-2021-23203 RESERVED CVE-2021-23184 RESERVED CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...) - openvswitch (bug #991308) [bullseye] - openvswitch (Minor issue) [buster] - openvswitch (Vulnerable code not present, introduced in 2.11) [stretch] - openvswitch (Vulnerable code not present, introduced in 2.11) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml NOTE: https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f NOTE: https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 NOTE: https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 NOTE: https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 NOTE: Introduced in: https://github.com/openvswitch/ovs/commit/418a7a84245f5fbe589dd1267463fc9ba27a1dd6 CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...) NOT-FOR-US: Unicorn Engine CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...) - qpdf 10.1.0-1 [buster] - qpdf (Minor issue) [stretch] - qpdf (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0) CVE-2021-36977 (matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based bu ...) - libmatio (Vulnerable code not yet present) NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (ca ...) - libarchive (bug #991442) [bullseye] - libarchive (Minor issue) [buster] - libarchive (Minor issue) [stretch] - libarchive (Vulnerable code introduced by 47bb818 in version 3.4.1) NOTE: https://github.com/libarchive/libarchive/issues/1554 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-36971 RESERVED CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) NOT-FOR-US: Microsoft CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36967 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36961 (Windows Installer Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-36957 RESERVED CVE-2021-36956 (Azure Sphere Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36951 RESERVED CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...) NOT-FOR-US: Microsoft CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36944 RESERVED CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) NOT-FOR-US: Microsoft CVE-2021-36942 (Windows LSA Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36939 RESERVED CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-36935 RESERVED CVE-2021-36934 (Windows Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) NOT-FOR-US: Microsoft CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) NOT-FOR-US: Microsoft CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) NOT-FOR-US: Microsoft CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...) NOT-FOR-US: Microsoft CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-36925 RESERVED CVE-2021-36924 RESERVED CVE-2021-36923 RESERVED CVE-2021-36922 RESERVED CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices CVE-2021-36920 RESERVED CVE-2021-36919 RESERVED CVE-2021-36918 RESERVED CVE-2021-36917 RESERVED CVE-2021-36916 RESERVED CVE-2021-36915 RESERVED CVE-2021-36914 RESERVED CVE-2021-36913 RESERVED CVE-2021-36912 RESERVED CVE-2021-36911 RESERVED CVE-2021-36910 RESERVED CVE-2021-36909 RESERVED CVE-2021-36908 RESERVED CVE-2021-36907 RESERVED CVE-2021-36906 RESERVED CVE-2021-36905 RESERVED CVE-2021-36904 RESERVED CVE-2021-36903 RESERVED CVE-2021-36902 RESERVED CVE-2021-36901 RESERVED CVE-2021-36900 RESERVED CVE-2021-36899 RESERVED CVE-2021-36898 RESERVED CVE-2021-36897 RESERVED CVE-2021-36896 RESERVED CVE-2021-36895 RESERVED CVE-2021-36894 RESERVED CVE-2021-36893 RESERVED CVE-2021-36892 RESERVED CVE-2021-36891 RESERVED CVE-2021-36890 RESERVED CVE-2021-36889 RESERVED CVE-2021-36888 RESERVED CVE-2021-36887 RESERVED CVE-2021-36886 RESERVED CVE-2021-36885 RESERVED CVE-2021-36884 RESERVED CVE-2021-36883 RESERVED CVE-2021-36882 RESERVED CVE-2021-36881 RESERVED CVE-2021-36880 (Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListi ...) NOT-FOR-US: WordPress plugin CVE-2021-36879 (Unauthenticated Privilege Escalation vulnerability in WordPress uListi ...) NOT-FOR-US: WordPress plugin CVE-2021-36878 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) NOT-FOR-US: WordPress plugin CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) NOT-FOR-US: WordPress plugin CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...) NOT-FOR-US: WordPress plugin CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) NOT-FOR-US: WordPress plugin CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) NOT-FOR-US: WordPress plugin CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: Wordpress plugin CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: Wordpress plugin CVE-2021-36869 RESERVED CVE-2021-36868 RESERVED CVE-2021-36867 RESERVED CVE-2021-36866 RESERVED CVE-2021-36865 RESERVED CVE-2021-36864 RESERVED CVE-2021-36863 RESERVED CVE-2021-36862 RESERVED CVE-2021-36861 RESERVED CVE-2021-36860 RESERVED CVE-2021-36859 RESERVED CVE-2021-36858 RESERVED CVE-2021-36857 RESERVED CVE-2021-36856 RESERVED CVE-2021-36855 RESERVED CVE-2021-36854 RESERVED CVE-2021-36853 RESERVED CVE-2021-36852 RESERVED CVE-2021-36851 RESERVED CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...) NOT-FOR-US: WordPress plugin CVE-2021-36849 RESERVED CVE-2021-36848 RESERVED CVE-2021-36847 RESERVED CVE-2021-36846 RESERVED CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2021-36844 RESERVED CVE-2021-36843 RESERVED CVE-2021-36842 RESERVED CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...) NOT-FOR-US: WordPress plugin CVE-2021-36840 RESERVED CVE-2021-36839 RESERVED CVE-2021-36838 RESERVED CVE-2021-36837 RESERVED CVE-2021-36836 RESERVED CVE-2021-36835 RESERVED CVE-2021-36834 RESERVED CVE-2021-36833 RESERVED CVE-2021-36832 RESERVED CVE-2021-36831 RESERVED CVE-2021-36830 RESERVED CVE-2021-36829 RESERVED CVE-2021-36828 RESERVED CVE-2021-36827 RESERVED CVE-2021-36826 RESERVED CVE-2021-36825 RESERVED CVE-2021-36824 RESERVED CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-36822 RESERVED CVE-2021-36821 RESERVED CVE-2021-36820 RESERVED CVE-2021-36819 RESERVED CVE-2021-36818 RESERVED CVE-2021-36817 RESERVED CVE-2021-36816 RESERVED CVE-2021-36815 RESERVED CVE-2021-36814 RESERVED CVE-2021-36813 RESERVED CVE-2021-36812 RESERVED CVE-2021-36811 RESERVED CVE-2021-36810 RESERVED CVE-2021-36809 RESERVED CVE-2021-36808 RESERVED CVE-2021-36807 RESERVED CVE-2021-36806 RESERVED CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) NOT-FOR-US: Akaunting CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...) NOT-FOR-US: Akaunting CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) NOT-FOR-US: Akaunting CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service ...) NOT-FOR-US: Akaunting CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...) NOT-FOR-US: Akaunting CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...) NOT-FOR-US: Akaunting CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value ...) NOT-FOR-US: KNX ETS5 CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...) NOT-FOR-US: HelpSystems Cobalt Strike CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...) NOT-FOR-US: Victron Energy Venus OS CVE-2021-36796 RESERVED CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...) NOT-FOR-US: Cohesity CVE-2021-36794 RESERVED CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...) NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3 CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36791 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36790 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36789 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36788 (The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows ...) NOT-FOR-US: yoast_seo (aka Yoast SEO) extension for TYPO3 CVE-2021-36787 (The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 al ...) NOT-FOR-US: femanager extension for TYPO3 CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 CVE-2021-36784 RESERVED CVE-2021-36783 RESERVED CVE-2021-36782 RESERVED CVE-2021-36781 RESERVED CVE-2021-36780 RESERVED CVE-2021-36779 RESERVED CVE-2021-36778 RESERVED CVE-2021-36777 RESERVED CVE-2021-36776 RESERVED CVE-2021-36775 RESERVED CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 CVE-2021-36774 RESERVED CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) - ublock-origin 1.37.0+dfsg-1 (bug #991386) [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1 [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1 [stretch] - ublock-origin (Minor issue) - umatrix (bug #991344) [buster] - umatrix (Minor issue) NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...) NOT-FOR-US: Zoho CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...) NOT-FOR-US: Zoho CVE-2021-36770 (Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...) - libencode-perl 3.08-2 [bullseye] - libencode-perl 3.08-1+deb11u1 [buster] - libencode-perl (Vulnerable code introduced later) [stretch] - libencode-perl (Vulnerable code introduced later) - perl 5.32.1-5 [bullseye] - perl 5.32.1-4+deb11u1 [buster] - perl (Vulnerable code introduced later) [stretch] - perl (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/dankogai/p5-encode/commit/9c5f5a307863b66da3701f6c7d13139aa20179b8 (3.05) NOTE: Fixed by: https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 (3.12) NOTE: Introduced by: https://github.com/Perl/perl5/commit/8ced1423dbb2a874f2d95e9c5c4c46960c2bf318 (v5.32.0-RC0) NOTE: Fixed by: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...) [experimental] - telegram-desktop 2.9.0+ds-1 - telegram-desktop 2.9.2+ds-1 (bug #991493) [bullseye] - telegram-desktop (Minor issue) [buster] - telegram-desktop (Minor issue) NOTE: https://mtpsym.github.io/ CVE-2021-36768 RESERVED CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed] RESERVED - 389-ds-base (bug #991405) [bullseye] - 389-ds-base (Minor issue) [buster] - 389-ds-base (Minor issue) [stretch] - 389-ds-base (Minor issue) NOTE: https://github.com/389ds/389-ds-base/issues/4817 NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a challen ...) NOT-FOR-US: Digi RealPort CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...) NOT-FOR-US: Concrete5 CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...) NOT-FOR-US: CODESYS EtherNetIP CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...) NOT-FOR-US: CODESYS Gateway CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...) NOT-FOR-US: CODESYS V3 web server CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...) NOT-FOR-US: HCC Embedded InterNiche NicheStack CVE-2021-36761 RESERVED CVE-2021-36760 RESERVED CVE-2021-36759 RESERVED CVE-2021-3651 RESERVED CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...) NOT-FOR-US: 1Password CVE-2021-36757 RESERVED CVE-2021-36756 RESERVED CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...) NOT-FOR-US: Nightscout Web Monitor CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...) - pdns (Vulnerable code introduced in 4.5.0) NOTE: https://www.openwall.com/lists/oss-security/2021/07/26/2 CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...) NOT-FOR-US: sharkdp BAT CVE-2021-36752 RESERVED CVE-2021-36751 RESERVED CVE-2021-36750 RESERVED CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...) - druid (bug #825797) NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1 CVE-2021-3650 RESERVED CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: chatwoot CVE-2021-36748 (A SQL Injection issue in the list controller of the Prestahome Blog (a ...) NOT-FOR-US: Prestahome Blog CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) NOT-FOR-US: Blackboard Learn CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) NOT-FOR-US: Blackboard Learn CVE-2021-36745 (A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerPr ...) NOT-FOR-US: Trend Micro CVE-2021-36744 (Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a dire ...) NOT-FOR-US: Trend Micro CVE-2021-36743 RESERVED CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex One, Ape ...) NOT-FOR-US: Trend Micro CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...) NOT-FOR-US: Trend Micro CVE-2021-3648 RESERVED - binutils (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968 NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 NOTE: binutils not covered by security support CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...) NOT-FOR-US: URI.js CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: btcpayserver CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...) NOT-FOR-US: Node viking04/merge CVE-2021-3644 RESERVED - wildfly (bug #752018) CVE-2021-36739 RESERVED CVE-2021-36738 RESERVED CVE-2021-36737 RESERVED CVE-2021-36736 RESERVED CVE-2021-36735 RESERVED CVE-2021-36734 RESERVED CVE-2021-36733 RESERVED CVE-2021-36732 RESERVED CVE-2021-36731 RESERVED CVE-2021-36730 RESERVED CVE-2021-36729 RESERVED CVE-2021-36728 RESERVED CVE-2021-36727 RESERVED CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...) - varnish 6.5.2-1 (bug #991040) [stretch] - varnish (HTTP/2 support is marked experimental in 5.0 and enabling is not recommended, code is quite different) NOTE: https://varnish-cache.org/security/VSV00007.html NOTE: https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0.8) NOTE: https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5.2) CVE-2021-36726 RESERVED CVE-2021-36725 RESERVED CVE-2021-36724 RESERVED CVE-2021-36723 RESERVED CVE-2021-36722 RESERVED CVE-2021-36721 RESERVED CVE-2021-36720 RESERVED CVE-2021-36719 RESERVED CVE-2021-36718 RESERVED CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...) NOT-FOR-US: Synerion TimeNet CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...) NOT-FOR-US: Node is-email CVE-2021-3643 RESERVED CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...) - rust-ammonia 3.1.2-1 (bug #991497) NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515 NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0074.html CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon ...) - rust-tokio (Introduced in 0.3.0) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0072.html NOTE: https://github.com/tokio-rs/tokio/issues/3929 NOTE: https://github.com/tokio-rs/tokio/pull/3934 NOTE: https://github.com/tokio-rs/tokio/pull/3934/commits/84394949228d11d1f68925e26f36c435946b9d11 CVE-2021-36715 RESERVED CVE-2021-36714 RESERVED CVE-2021-36713 RESERVED CVE-2021-36712 RESERVED CVE-2021-36711 RESERVED CVE-2021-36710 RESERVED CVE-2021-36709 RESERVED CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...) NOT-FOR-US: ProLink CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in th ...) NOT-FOR-US: ProLink CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the ...) NOT-FOR-US: ProLink CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the a ...) NOT-FOR-US: ProLink CVE-2021-36704 RESERVED CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...) NOT-FOR-US: htmly CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...) NOT-FOR-US: htmly CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...) NOT-FOR-US: htmly CVE-2021-36700 RESERVED CVE-2021-36699 RESERVED CVE-2021-36698 RESERVED CVE-2021-36697 RESERVED CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) NOT-FOR-US: Deskpro CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) NOT-FOR-US: Deskpro CVE-2021-36694 RESERVED CVE-2021-36693 RESERVED CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...) NOT-FOR-US: libjxl CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...) NOT-FOR-US: libjxl CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...) - sqlite3 3.36.0-2 (unimportant) [stretch] - sqlite3 (vulnerable code is not present) NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17 CVE-2021-36689 RESERVED CVE-2021-36688 RESERVED CVE-2021-36687 RESERVED CVE-2021-36686 RESERVED CVE-2021-36685 RESERVED CVE-2021-36684 RESERVED CVE-2021-36683 RESERVED CVE-2021-36682 RESERVED CVE-2021-36681 RESERVED CVE-2021-36680 RESERVED CVE-2021-36679 RESERVED CVE-2021-36678 RESERVED CVE-2021-36677 RESERVED CVE-2021-36676 RESERVED CVE-2021-36675 RESERVED CVE-2021-36674 RESERVED CVE-2021-36673 RESERVED CVE-2021-36672 RESERVED CVE-2021-36671 RESERVED CVE-2021-36670 RESERVED CVE-2021-36669 RESERVED CVE-2021-36668 RESERVED CVE-2021-36667 RESERVED CVE-2021-36666 RESERVED CVE-2021-36665 RESERVED CVE-2021-36664 RESERVED CVE-2021-36663 RESERVED CVE-2021-36662 RESERVED CVE-2021-36661 RESERVED CVE-2021-36660 RESERVED CVE-2021-36659 RESERVED CVE-2021-36658 RESERVED CVE-2021-36657 RESERVED CVE-2021-36656 RESERVED CVE-2021-36655 RESERVED CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site scripti ...) NOT-FOR-US: CMSuno CVE-2021-36653 RESERVED CVE-2021-36652 RESERVED CVE-2021-36651 RESERVED CVE-2021-36650 RESERVED CVE-2021-36649 RESERVED CVE-2021-36648 RESERVED CVE-2021-36647 RESERVED CVE-2021-36646 RESERVED CVE-2021-36645 RESERVED CVE-2021-36644 RESERVED CVE-2021-36643 RESERVED CVE-2021-36642 RESERVED CVE-2021-36641 RESERVED CVE-2021-36640 RESERVED CVE-2021-36639 RESERVED CVE-2021-36638 RESERVED CVE-2021-36637 RESERVED CVE-2021-36636 RESERVED CVE-2021-36635 RESERVED CVE-2021-36634 RESERVED CVE-2021-36633 RESERVED CVE-2021-36632 RESERVED CVE-2021-36631 RESERVED CVE-2021-36630 RESERVED CVE-2021-36629 RESERVED CVE-2021-36628 RESERVED CVE-2021-36627 RESERVED CVE-2021-36626 RESERVED CVE-2021-36625 RESERVED CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...) NOT-FOR-US: Sourcecodester CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...) NOT-FOR-US: Sourcecodester CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affect ...) NOT-FOR-US: Sourcecodester CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...) NOT-FOR-US: Sourcecodester CVE-2021-36620 RESERVED CVE-2021-36619 RESERVED CVE-2021-36618 RESERVED CVE-2021-36617 RESERVED CVE-2021-36616 RESERVED CVE-2021-36615 RESERVED CVE-2021-36614 RESERVED CVE-2021-36613 RESERVED CVE-2021-36612 RESERVED CVE-2021-36611 RESERVED CVE-2021-36610 RESERVED CVE-2021-36609 RESERVED CVE-2021-36608 RESERVED CVE-2021-36607 RESERVED CVE-2021-36606 RESERVED CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is ...) NOT-FOR-US: engineercms CVE-2021-36604 RESERVED CVE-2021-36603 RESERVED CVE-2021-36602 RESERVED CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: GetSimpleCMS CVE-2021-36600 RESERVED CVE-2021-36599 RESERVED CVE-2021-36598 RESERVED CVE-2021-36597 RESERVED CVE-2021-36596 RESERVED CVE-2021-36595 RESERVED CVE-2021-36594 RESERVED CVE-2021-36593 RESERVED CVE-2021-36592 RESERVED CVE-2021-36591 RESERVED CVE-2021-36590 RESERVED CVE-2021-36589 RESERVED CVE-2021-36588 RESERVED CVE-2021-36587 RESERVED CVE-2021-36586 RESERVED CVE-2021-36585 RESERVED CVE-2021-36584 (An issue was discovered in GPAC 1.0.1. There is a heap-based buffer ov ...) - gpac (bug #991965) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1842 NOTE: https://github.com/gpac/gpac/commit/13442ec1c401a4181ba6d7f79c27df6054c817c7 CVE-2021-36583 RESERVED CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., ...) NOT-FOR-US: Kooboo CMS CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...) NOT-FOR-US: Kooboo CMS CVE-2021-36580 RESERVED CVE-2021-36579 RESERVED CVE-2021-36578 RESERVED CVE-2021-36577 RESERVED CVE-2021-36576 RESERVED CVE-2021-36575 RESERVED CVE-2021-36574 RESERVED CVE-2021-36573 RESERVED CVE-2021-36572 RESERVED CVE-2021-36571 RESERVED CVE-2021-36570 RESERVED CVE-2021-36569 RESERVED CVE-2021-36568 RESERVED CVE-2021-36567 RESERVED CVE-2021-36566 RESERVED CVE-2021-36565 RESERVED CVE-2021-36564 RESERVED CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) does not ...) - check-mk CVE-2021-36562 RESERVED CVE-2021-36561 RESERVED CVE-2021-36560 RESERVED CVE-2021-36559 RESERVED CVE-2021-36558 RESERVED CVE-2021-36557 RESERVED CVE-2021-36556 RESERVED CVE-2021-36555 RESERVED CVE-2021-36554 RESERVED CVE-2021-36553 RESERVED CVE-2021-36552 RESERVED CVE-2021-36551 RESERVED CVE-2021-36550 RESERVED CVE-2021-36549 RESERVED CVE-2021-36548 RESERVED CVE-2021-36547 RESERVED CVE-2021-36546 RESERVED CVE-2021-36545 RESERVED CVE-2021-36544 RESERVED CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...) NOT-FOR-US: SeedDMS CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...) NOT-FOR-US: SeedDMS CVE-2021-36541 RESERVED CVE-2021-36540 RESERVED CVE-2021-36539 RESERVED CVE-2021-36538 RESERVED CVE-2021-36537 RESERVED CVE-2021-36536 RESERVED CVE-2021-36535 RESERVED CVE-2021-36534 RESERVED CVE-2021-36533 RESERVED CVE-2021-36532 RESERVED CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...) NOT-FOR-US: ngiflib CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...) NOT-FOR-US: ngiflib CVE-2021-36529 RESERVED CVE-2021-36528 RESERVED CVE-2021-36527 RESERVED CVE-2021-36526 RESERVED CVE-2021-36525 RESERVED CVE-2021-36524 RESERVED CVE-2021-36523 RESERVED CVE-2021-36522 RESERVED CVE-2021-36521 RESERVED CVE-2021-36520 RESERVED CVE-2021-36519 RESERVED CVE-2021-36518 RESERVED CVE-2021-36517 RESERVED CVE-2021-36516 RESERVED CVE-2021-36515 RESERVED CVE-2021-36514 RESERVED CVE-2021-36513 RESERVED CVE-2021-36512 RESERVED CVE-2021-36511 RESERVED CVE-2021-36510 RESERVED CVE-2021-36509 RESERVED CVE-2021-36508 RESERVED CVE-2021-36507 RESERVED CVE-2021-36506 RESERVED CVE-2021-36505 RESERVED CVE-2021-36504 RESERVED CVE-2021-36503 RESERVED CVE-2021-36502 RESERVED CVE-2021-36501 RESERVED CVE-2021-36500 RESERVED CVE-2021-36499 RESERVED CVE-2021-36498 RESERVED CVE-2021-36497 RESERVED CVE-2021-36496 RESERVED CVE-2021-36495 RESERVED CVE-2021-36494 RESERVED CVE-2021-36493 RESERVED CVE-2021-36492 RESERVED CVE-2021-36491 RESERVED CVE-2021-36490 RESERVED CVE-2021-36489 RESERVED CVE-2021-36488 RESERVED CVE-2021-36487 RESERVED CVE-2021-36486 RESERVED CVE-2021-36485 RESERVED CVE-2021-36484 RESERVED CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...) NOT-FOR-US: DevExpress.XtraReports.UI CVE-2021-36482 RESERVED CVE-2021-36481 RESERVED CVE-2021-36480 RESERVED CVE-2021-36479 RESERVED CVE-2021-36478 RESERVED CVE-2021-36477 RESERVED CVE-2021-36476 RESERVED CVE-2021-36475 RESERVED CVE-2021-36474 RESERVED CVE-2021-36473 RESERVED CVE-2021-36472 RESERVED CVE-2021-36471 RESERVED CVE-2021-36470 RESERVED CVE-2021-36469 RESERVED CVE-2021-36468 RESERVED CVE-2021-36467 RESERVED CVE-2021-36466 RESERVED CVE-2021-36465 RESERVED CVE-2021-36464 RESERVED CVE-2021-36463 RESERVED CVE-2021-36462 RESERVED CVE-2021-36461 RESERVED CVE-2021-36460 RESERVED CVE-2021-36459 RESERVED CVE-2021-36458 RESERVED CVE-2021-36457 RESERVED CVE-2021-36456 RESERVED CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quick ...) NOT-FOR-US: Naviwebs Navigate CMS CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 ...) NOT-FOR-US: Naviwebs Navigate CMS CVE-2021-36453 RESERVED CVE-2021-36452 RESERVED CVE-2021-36451 RESERVED CVE-2021-36450 RESERVED CVE-2021-36449 RESERVED CVE-2021-36448 RESERVED CVE-2021-36447 RESERVED CVE-2021-36446 RESERVED CVE-2021-36445 RESERVED CVE-2021-36444 RESERVED CVE-2021-36443 RESERVED CVE-2021-36442 RESERVED CVE-2021-36441 RESERVED CVE-2021-36440 (Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to ...) NOT-FOR-US: ShowDoc CVE-2021-36439 RESERVED CVE-2021-36438 RESERVED CVE-2021-36437 RESERVED CVE-2021-36436 RESERVED CVE-2021-36435 RESERVED CVE-2021-36434 RESERVED CVE-2021-36433 RESERVED CVE-2021-36432 RESERVED CVE-2021-36431 RESERVED CVE-2021-36430 RESERVED CVE-2021-36429 RESERVED CVE-2021-36428 RESERVED CVE-2021-36427 RESERVED CVE-2021-36426 RESERVED CVE-2021-36425 RESERVED CVE-2021-36424 RESERVED CVE-2021-36423 RESERVED CVE-2021-36422 RESERVED CVE-2021-36421 RESERVED CVE-2021-36420 RESERVED CVE-2021-3642 (A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final ...) NOT-FOR-US: WildFly Elytron CVE-2021-36419 RESERVED CVE-2021-36418 RESERVED CVE-2021-36417 RESERVED CVE-2021-36416 RESERVED CVE-2021-36415 RESERVED CVE-2021-36414 RESERVED CVE-2021-36413 RESERVED CVE-2021-36412 RESERVED CVE-2021-36411 RESERVED CVE-2021-36410 RESERVED CVE-2021-3641 RESERVED CVE-2021-36409 RESERVED CVE-2021-36408 RESERVED CVE-2021-36407 RESERVED CVE-2021-36406 RESERVED CVE-2021-36405 RESERVED CVE-2021-36404 RESERVED CVE-2021-36403 RESERVED CVE-2021-36402 RESERVED CVE-2021-36401 RESERVED CVE-2021-36400 RESERVED CVE-2021-36399 RESERVED CVE-2021-36398 RESERVED CVE-2021-36397 RESERVED CVE-2021-36396 RESERVED CVE-2021-36395 RESERVED CVE-2021-36394 RESERVED CVE-2021-36393 RESERVED CVE-2021-36392 RESERVED CVE-2021-36391 RESERVED CVE-2021-36390 RESERVED CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...) NOT-FOR-US: Yellowfin CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...) NOT-FOR-US: Yellowfin CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...) NOT-FOR-US: Yellowfin CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...) - fetchmail 6.4.16-4 (unimportant) NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5 (RELEASE_6-4-20) NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21) NOTE: Negligible security impact CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...) NOT-FOR-US: Cerner Mobile Care CVE-2021-36384 RESERVED CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...) NOT-FOR-US: Xen Orchestra CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...) NOT-FOR-US: Devolutions Server CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...) NOT-FOR-US: Edifecs CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...) NOT-FOR-US: Sunhillo SureLine CVE-2021-36379 REJECTED CVE-2021-36378 RESERVED CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...) - fossil 1:2.15.2-1 [buster] - fossil (Minor issue) [stretch] - fossil (Minor issue) NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...) NOT-FOR-US: dandavison delta CVE-2021-36375 RESERVED CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...) - ant 1.10.11-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6 NOTE: Crash in CLI tool, no security impact CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build can b ...) - ant 1.10.11-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5 NOTE: Crash in CLI tool, no security impact CVE-2021-36372 RESERVED CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...) NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway) CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. When est ...) - mc 3:4.8.27-1 (bug #993404) [bullseye] - mc (Minor issue) [buster] - mc (Minor issue) [stretch] - mc (Minor issue) NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f CVE-2021-36369 RESERVED CVE-2021-36368 RESERVED CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...) - putty 0.75-3 (bug #990901) [bullseye] - putty (Minor issue) [buster] - putty (Minor issue) [stretch] - putty (Minor issue) NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...) NOT-FOR-US: Nagios XI CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...) NOT-FOR-US: Nagios XI CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. ...) NOT-FOR-US: Nagios XI CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...) NOT-FOR-US: Nagios XI CVE-2021-36362 RESERVED CVE-2021-36361 RESERVED CVE-2021-36360 RESERVED CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remo ...) NOT-FOR-US: OrbiTeam BSCW Classic CVE-2021-36358 RESERVED CVE-2021-36357 RESERVED CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...) NOT-FOR-US: KRAMER VIAware CVE-2021-36355 RESERVED CVE-2021-36354 RESERVED CVE-2021-36353 RESERVED CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...) NOT-FOR-US: Care2x Hospital Information Management CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...) NOT-FOR-US: Care2x Open Source Hospital Information Management CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function] RESERVED - linux NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1 CVE-2021-3639 [Prevent redirect to URLs that begin with '///'] RESERVED - libapache2-mod-auth-mellon 0.18.0-1 (bug #991730) [bullseye] - libapache2-mod-auth-mellon (Minor issue) [buster] - libapache2-mod-auth-mellon (Minor issue) [stretch] - libapache2-mod-auth-mellon (Minor issue) NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 CVE-2021-36350 RESERVED CVE-2021-36349 RESERVED CVE-2021-36348 RESERVED CVE-2021-36347 RESERVED CVE-2021-36346 RESERVED CVE-2021-36345 RESERVED CVE-2021-36344 RESERVED CVE-2021-36343 RESERVED CVE-2021-36342 RESERVED CVE-2021-36341 RESERVED CVE-2021-36340 RESERVED CVE-2021-36339 RESERVED CVE-2021-36338 RESERVED CVE-2021-36337 RESERVED CVE-2021-36336 RESERVED CVE-2021-36335 RESERVED CVE-2021-36334 RESERVED CVE-2021-36333 RESERVED CVE-2021-36332 RESERVED CVE-2021-36331 RESERVED CVE-2021-36330 RESERVED CVE-2021-36329 RESERVED CVE-2021-36328 RESERVED CVE-2021-36327 RESERVED CVE-2021-36326 RESERVED CVE-2021-36325 RESERVED CVE-2021-36324 RESERVED CVE-2021-36323 RESERVED CVE-2021-36322 RESERVED CVE-2021-36321 RESERVED CVE-2021-36320 RESERVED CVE-2021-36319 RESERVED CVE-2021-36318 RESERVED CVE-2021-36317 RESERVED CVE-2021-36316 RESERVED CVE-2021-36315 RESERVED CVE-2021-36314 RESERVED CVE-2021-36313 RESERVED CVE-2021-36312 RESERVED CVE-2021-36311 RESERVED CVE-2021-36310 RESERVED CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...) NOT-FOR-US: Dell CVE-2021-36308 RESERVED CVE-2021-36307 RESERVED CVE-2021-36306 RESERVED CVE-2021-36305 RESERVED CVE-2021-36304 RESERVED CVE-2021-36303 RESERVED CVE-2021-36302 RESERVED CVE-2021-36301 RESERVED CVE-2021-36300 RESERVED CVE-2021-36299 RESERVED CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...) NOT-FOR-US: EMC CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...) NOT-FOR-US: SupportAssist Client (Dell) CVE-2021-36296 RESERVED CVE-2021-36295 RESERVED CVE-2021-36294 RESERVED CVE-2021-36293 RESERVED CVE-2021-36292 RESERVED CVE-2021-36291 RESERVED CVE-2021-36290 RESERVED CVE-2021-36289 RESERVED CVE-2021-36288 RESERVED CVE-2021-36287 RESERVED CVE-2021-36286 (Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions ...) NOT-FOR-US: Dell SupportAssist Client Consumer CVE-2021-36285 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) NOT-FOR-US: Dell CVE-2021-36284 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) NOT-FOR-US: Dell CVE-2021-36283 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36282 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of un ...) NOT-FOR-US: EMC CVE-2021-36281 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) NOT-FOR-US: EMC CVE-2021-36280 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) NOT-FOR-US: EMC CVE-2021-36279 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) NOT-FOR-US: EMC CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insert ...) NOT-FOR-US: EMC CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update versions prior ...) NOT-FOR-US: Dell CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...) NOT-FOR-US: Dell CVE-2021-36275 RESERVED CVE-2021-36274 RESERVED CVE-2021-36273 RESERVED CVE-2021-36272 RESERVED CVE-2021-36271 RESERVED CVE-2021-36270 RESERVED CVE-2021-36269 RESERVED CVE-2021-36268 RESERVED CVE-2021-36267 RESERVED CVE-2021-36266 RESERVED CVE-2021-36265 RESERVED CVE-2021-36264 RESERVED CVE-2021-36263 RESERVED CVE-2021-36262 RESERVED CVE-2021-36261 RESERVED CVE-2021-36260 (A command injection vulnerability in the web server of some Hikvision ...) NOT-FOR-US: Hikvision CVE-2021-36259 RESERVED CVE-2021-36258 RESERVED CVE-2021-36257 RESERVED CVE-2021-36256 RESERVED CVE-2021-36255 RESERVED CVE-2021-36254 RESERVED CVE-2021-36253 RESERVED CVE-2021-36252 RESERVED CVE-2021-36251 RESERVED CVE-2021-36250 RESERVED CVE-2021-36249 RESERVED CVE-2021-36248 RESERVED CVE-2021-36247 RESERVED CVE-2021-36246 RESERVED CVE-2021-36245 RESERVED CVE-2021-36244 RESERVED CVE-2021-36243 RESERVED CVE-2021-36242 RESERVED CVE-2021-36241 RESERVED CVE-2021-36240 RESERVED CVE-2021-36239 RESERVED CVE-2021-36238 RESERVED CVE-2021-36237 RESERVED CVE-2021-36236 RESERVED CVE-2021-3638 [ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write] RESERVED {DSA-4980-1} - qemu 1:6.1+dfsg-6 (bug #992726) [buster] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) [stretch] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858 NOTE: https://lore.kernel.org/qemu-devel/CAA8xKjXkDwPYxSAeRb+2mfHRrbiL_kh9unVkemFXLfF68UXePA@mail.gmail.com CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 10.6.30.0. ...) NOT-FOR-US: Ivanti CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...) NOT-FOR-US: MIK.starlight CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...) NOT-FOR-US: MIK.starlight CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight 7.9.5.24 ...) NOT-FOR-US: MIK.starlight CVE-2021-36231 (Deserialization of untrusted data in multiple functions in MIK.starlig ...) NOT-FOR-US: MIK.starlight CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did not proper ...) NOT-FOR-US: Terraform Enterprise CVE-2021-36229 RESERVED CVE-2021-36228 RESERVED CVE-2021-36227 RESERVED CVE-2021-36226 RESERVED CVE-2021-36225 RESERVED CVE-2021-36224 RESERVED CVE-2021-36223 RESERVED CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...) {DSA-4944-1} - krb5 1.18.3-6 (bug #991365) [stretch] - krb5 (Vulnerable code (k5memdup0()) introduced later) NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007 CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...) - golang-1.16 1.16.7-1 - golang-1.15 1.15.15-1 (bug #991961) [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/46866 NOTE: https://github.com/golang/go/commit/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e (master) NOTE: https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 (release-branch.go1.16) NOTE: https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15) CVE-2021-36220 RESERVED CVE-2021-36219 (An issue was discovered in SKALE sgxwallet 1.58.3. The provided input ...) NOT-FOR-US: SKALE sgxwallet CVE-2021-36218 (An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GC ...) NOT-FOR-US: SKALE sgxwallet CVE-2021-36217 REJECTED CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...) NOT-FOR-US: LINE for Windows CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...) NOT-FOR-US: LINE client for iOS CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...) NOT-FOR-US: LINE client for iOS CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...) - consul (Only applies to 1.9 and later) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 NOTE: https://github.com/hashicorp/consul/pull/10619 CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...) NOT-FOR-US: MISP CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak versions bef ...) NOT-FOR-US: Keycloak CVE-2021-36211 RESERVED CVE-2021-36210 RESERVED CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...) NOT-FOR-US: JetBrains CVE-2021-36208 RESERVED CVE-2021-36207 RESERVED CVE-2021-36206 RESERVED CVE-2021-36205 RESERVED CVE-2021-36204 RESERVED CVE-2021-36203 RESERVED CVE-2021-36202 RESERVED CVE-2021-36201 RESERVED CVE-2021-36200 RESERVED CVE-2021-36199 RESERVED CVE-2021-36198 RESERVED CVE-2021-36197 RESERVED CVE-2021-36196 RESERVED CVE-2021-36195 RESERVED CVE-2021-36194 RESERVED CVE-2021-36193 RESERVED CVE-2021-36192 RESERVED CVE-2021-36191 RESERVED CVE-2021-36190 RESERVED CVE-2021-36189 RESERVED CVE-2021-36188 RESERVED CVE-2021-36187 RESERVED CVE-2021-36186 RESERVED CVE-2021-36185 RESERVED CVE-2021-36184 RESERVED CVE-2021-36183 RESERVED CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...) NOT-FOR-US: FortiGuard CVE-2021-36181 RESERVED CVE-2021-36180 RESERVED CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...) NOT-FOR-US: FortiGuard CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...) NOT-FOR-US: Fortiguard CVE-2021-36177 RESERVED CVE-2021-36176 RESERVED CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...) NOT-FOR-US: Fortiguard CVE-2021-36174 RESERVED CVE-2021-36173 RESERVED CVE-2021-36172 RESERVED CVE-2021-36171 RESERVED CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...) NOT-FOR-US: Fortiguard CVE-2021-36169 RESERVED CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...) NOT-FOR-US: Fortinet CVE-2021-36167 RESERVED CVE-2021-36166 RESERVED CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...) NOT-FOR-US: RICON Industrial Cellular Router CVE-2021-36164 RESERVED CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...) NOT-FOR-US: Apache Dubbo CVE-2021-36162 (Apache Dubbo supports various rules to support configuration override ...) NOT-FOR-US: Apache Dubbo CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...) NOT-FOR-US: Apache Dubbo CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...) {DSA-4982-1 DLA-2768-1} - apache2 2.4.49-1 [stretch] - apache2 (Vulnerable module not present) - uwsgi (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160 NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} NOTE: packages which are provided by src:apache2 itself. NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616 CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...) NOT-FOR-US: libfetch CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...) - xrdp (xrdp as packaged in Alpine) CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...) NOT-FOR-US: Grafana Cortex CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...) NOT-FOR-US: Grafana Loki CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...) NOT-FOR-US: gRPC Swift CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...) NOT-FOR-US: gRPC Swift CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...) NOT-FOR-US: gRPC Swift CVE-2021-36152 RESERVED CVE-2021-36151 RESERVED CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...) NOT-FOR-US: OpenShift CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...) - linux 5.4.19-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946 CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...) {DSA-4965-1} - libssh 0.9.6-1 (bug #993046) [buster] - libssh (Vulnerable code not present) [stretch] - libssh (Vulnerable code not present) NOTE: https://www.libssh.org/security/advisories/CVE-2021-3634.txt NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/ NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6) CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS. ...) NOT-FOR-US: SilverStripe CMS CVE-2021-36149 RESERVED CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...) NOT-FOR-US: ACRN CVE-2021-36147 (An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw ...) NOT-FOR-US: ACRN CVE-2021-36146 (ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereferen ...) NOT-FOR-US: ACRN CVE-2021-36145 (The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use- ...) NOT-FOR-US: ACRN CVE-2021-36144 (The polling timer handler in ACRN before 2.5 has a use-after-free for ...) NOT-FOR-US: ACRN CVE-2021-36143 (ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer ...) NOT-FOR-US: ACRN CVE-2021-36142 RESERVED CVE-2021-36141 RESERVED CVE-2021-36140 RESERVED CVE-2021-36139 RESERVED CVE-2021-36138 RESERVED CVE-2021-36137 RESERVED CVE-2021-36136 RESERVED CVE-2021-36135 RESERVED CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...) NOT-FOR-US: McAfee CVE-2021-36133 RESERVED CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...) NOT-FOR-US: FileImport MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in MediaWiki ...) NOT-FOR-US: SportsTeams MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in MediaWik ...) NOT-FOR-US: SocialProfile MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36129 (An issue was discovered in the Translate extension in MediaWiki throug ...) NOT-FOR-US: Translate MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36128 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36127 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWiki thro ...) NOT-FOR-US: AbuseFilter MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...) NOT-FOR-US: Echo ShareCare CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...) NOT-FOR-US: Echo ShareCare CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...) NOT-FOR-US: Echo ShareCare CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...) NOT-FOR-US: Echo ShareCare CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...) NOT-FOR-US: Lenovo CVE-2021-36120 RESERVED CVE-2021-36119 RESERVED CVE-2021-36118 RESERVED CVE-2021-36117 RESERVED CVE-2021-36116 RESERVED CVE-2021-36115 RESERVED CVE-2021-36114 RESERVED CVE-2021-36113 RESERVED CVE-2021-36112 RESERVED CVE-2021-36111 RESERVED CVE-2021-36110 RESERVED CVE-2021-36109 RESERVED CVE-2021-36108 RESERVED CVE-2021-36107 RESERVED CVE-2021-36106 RESERVED CVE-2021-36105 RESERVED CVE-2021-36104 RESERVED CVE-2021-36103 RESERVED CVE-2021-36102 RESERVED CVE-2021-36101 RESERVED CVE-2021-36100 RESERVED CVE-2021-36099 RESERVED CVE-2021-36098 RESERVED CVE-2021-36097 RESERVED CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...) - otrs2 (bug #993846) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) NOTE: CVE-2021-36096 is an update from the original CVE-2021-21440. TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase CVE-2021-36095 (Malicious attacker is able to find out valid user logins by using the ...) - otrs2 (bug #993846) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-18/ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) CVE-2021-36094 (It's possible to craft a request for appointment edit screen, which co ...) - otrs2 (bug #993846) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-17/ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase CVE-2021-36093 (It's possible to create an email which can be stuck while being proces ...) - otrs2 (bug #993846) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-16/ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) CVE-2021-36092 (It's possible to create an email which contains specially crafted link ...) - otrs2 NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-15/ NOTE: Unclear whether this affects Znuny, they could not reproduce it: NOTE: https://github.com/znuny/Znuny/issues/105#issuecomment-894013730 CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...) - otrs2 6.0.32-6 (bug #991593) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/ NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632 NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) CVE-2021-3632 RESERVED NOT-FOR-US: Keycloak CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...) - libgrokj2k (bug #990525) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...) NOT-FOR-US: Fluent Bit CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...) - libsepol (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675 NOTE: https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...) - libsepol (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177 NOTE: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) - libsepol (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124 NOTE: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) - libsepol (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065 NOTE: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...) [experimental] - kimageformats 5.83.0-1 - kimageformats 5.78.0-5 (bug #990527) [buster] - kimageformats (Minor issue) [stretch] - kimageformats (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...) - ndpi 4.0-1 (bug #990528) [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code added later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...) - tesseract (bug #990529) [bullseye] - tesseract (Minor issue) [buster] - tesseract (Minor issue) [stretch] - tesseract (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...) - libredwg (bug #595191) CVE-2021-3631 [insecure sVirt label generation] RESERVED - libvirt 7.6.0-1 (bug #990709) [bullseye] - libvirt (Minor issue) [buster] - libvirt (Minor issue) [stretch] - libvirt (Minor issue) NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153 NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 (v7.5.0) CVE-2021-36079 (Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bound ...) NOT-FOR-US: Adobe CVE-2021-36078 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36077 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36076 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36075 (Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overfl ...) NOT-FOR-US: Adobe CVE-2021-36074 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36073 (Adobe Bridge version 11.1 (and earlier) is affected by a heap-based bu ...) NOT-FOR-US: Adobe CVE-2021-36072 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36071 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36070 (Adobe Media Encoder version 15.1 (and earlier) is affected by an impro ...) NOT-FOR-US: Adobe CVE-2021-36069 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36068 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36067 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...) NOT-FOR-US: Adobe CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) NOT-FOR-US: Adobe CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) NOT-FOR-US: Adobe CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...) NOT-FOR-US: Adobe CVE-2021-36060 RESERVED CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...) NOT-FOR-US: Adobe CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...) NOT-FOR-US: Adobe CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) NOT-FOR-US: Adobe CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...) NOT-FOR-US: Adobe CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) NOT-FOR-US: Adobe CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) NOT-FOR-US: Adobe CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) NOT-FOR-US: Adobe CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) NOT-FOR-US: Adobe CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) NOT-FOR-US: Adobe CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) NOT-FOR-US: Adobe CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) NOT-FOR-US: Adobe CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36042 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36041 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36040 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36039 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36036 RESERVED CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36033 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36032 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36031 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36030 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36029 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36028 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36027 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36026 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36023 RESERVED CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36021 RESERVED CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) NOT-FOR-US: Adobe CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) NOT-FOR-US: Adobe CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-36014 (Adobe Media Encoder version 15.2 (and earlier) is affected by an unini ...) NOT-FOR-US: Adobe CVE-2021-36013 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-36012 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a potent ...) NOT-FOR-US: Adobe CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-o ...) NOT-FOR-US: Adobe CVE-2021-36009 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an memor ...) NOT-FOR-US: Adobe CVE-2021-36008 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-a ...) NOT-FOR-US: Adobe CVE-2021-36007 (Adobe Prelude version 10.0 (and earlier) are affected by an uninitiali ...) NOT-FOR-US: Adobe CVE-2021-36006 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36003 RESERVED CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an Creatio ...) NOT-FOR-US: Adobe CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...) NOT-FOR-US: Adobe CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected by a me ...) NOT-FOR-US: Adobe CVE-2021-35999 (Adobe Prelude version 10.0 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-35998 RESERVED CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Imp ...) NOT-FOR-US: Adobe CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) NOT-FOR-US: Adobe CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) NOT-FOR-US: Adobe CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...) NOT-FOR-US: Adobe CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-35989 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-35988 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35987 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35986 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35985 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35984 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35983 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35980 RESERVED CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...) NOT-FOR-US: Digi RealPort CVE-2021-35978 RESERVED CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...) NOT-FOR-US: Digi RealPort CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...) NOT-FOR-US: Plesk Obsidian CVE-2021-35975 RESERVED CVE-2021-35974 RESERVED CVE-2021-35973 (NETGEAR WAC104 devices before 1.0.4.15 are affected by an authenticati ...) NOT-FOR-US: Netgear CVE-2021-35972 RESERVED CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 be ...) NOT-FOR-US: Veeam CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...) NOT-FOR-US: Coral CVE-2021-35969 RESERVED CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...) NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...) NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system CVE-2021-35960 RESERVED CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folde ...) NOT-FOR-US: Plone CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite ...) - tensorflow (bug #804612) CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...) NOT-FOR-US: Stormshield Endpoint Security Evolution CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...) NOT-FOR-US: AKCP sensorProbe CVE-2021-35955 (Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML fi ...) NOT-FOR-US: Contao CMS CVE-2021-35954 RESERVED CVE-2021-35953 RESERVED CVE-2021-35952 RESERVED CVE-2021-35951 RESERVED CVE-2021-35950 RESERVED CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...) - owncloud CVE-2021-35948 (Session fixation on password protected public links in the ownCloud Se ...) - owncloud CVE-2021-35947 (The public share controller in the ownCloud server before version 10.8 ...) - owncloud CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...) - owncloud CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...) NOT-FOR-US: Couchbase Server CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...) NOT-FOR-US: Couchbase Server CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...) NOT-FOR-US: Couchbase Server CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...) - glibc 2.31-13 (bug #990542) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011 NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...) NOT-FOR-US: Western Digital CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...) {DLA-2702-1} - djvulibre 3.5.27.1-12 NOTE: https://sourceforge.net/p/djvu/bugs/302/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/ CVE-2021-3629 RESERVED - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362 CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...) NOT-FOR-US: OpenKM CVE-2021-3627 RESERVED CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...) - apr 1.7.0-7 (bug #992789) [bullseye] - apr 1.7.0-6+deb11u1 [buster] - apr (Vulnerable code re-introduced in 1.7.0) [stretch] - apr (Vulnerable code re-introduced in 1.7.0) NOTE: The issue exists because the CVE-2017-12613 fix was not carried forward NOTE: in the APR 1.7.x branch and hence version 1.7.0 regressed from 1.6.3 NOTE: and so vulnerable to the same issue. NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198 NOTE: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary directories] RESERVED - rpm (bug #990543) [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129 CVE-2021-35938 [races with chown/chmod/capabilities calls during installation] RESERVED - rpm (bug #990543) [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114 CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks] RESERVED - rpm (bug #990543) [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125 CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...) - airflow (bug #819700) CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...) NOT-FOR-US: Multipass CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-35935 RESERVED CVE-2021-35934 RESERVED CVE-2021-35933 RESERVED CVE-2021-35932 RESERVED CVE-2021-35931 RESERVED CVE-2021-35930 RESERVED CVE-2021-35929 RESERVED CVE-2021-35928 RESERVED CVE-2021-35927 RESERVED CVE-2021-35926 RESERVED CVE-2021-35925 RESERVED CVE-2021-35924 RESERVED CVE-2021-35923 RESERVED CVE-2021-35922 RESERVED CVE-2021-35921 RESERVED CVE-2021-35920 RESERVED CVE-2021-35919 RESERVED CVE-2021-35918 RESERVED CVE-2021-35917 RESERVED CVE-2021-35916 RESERVED CVE-2021-35915 RESERVED CVE-2021-35914 RESERVED CVE-2021-35913 RESERVED CVE-2021-35912 RESERVED CVE-2021-35911 RESERVED CVE-2021-35910 RESERVED CVE-2021-35909 RESERVED CVE-2021-35908 RESERVED CVE-2021-35907 RESERVED CVE-2021-35906 RESERVED CVE-2021-35905 RESERVED CVE-2021-35904 RESERVED CVE-2021-35903 RESERVED CVE-2021-35902 RESERVED CVE-2021-35901 RESERVED CVE-2021-35900 RESERVED CVE-2021-35899 RESERVED CVE-2021-35898 RESERVED CVE-2021-35897 RESERVED CVE-2021-35896 RESERVED CVE-2021-35895 RESERVED CVE-2021-35894 RESERVED CVE-2021-35893 RESERVED CVE-2021-35892 RESERVED CVE-2021-35891 RESERVED CVE-2021-35890 RESERVED CVE-2021-35889 RESERVED CVE-2021-35888 RESERVED CVE-2021-35887 RESERVED CVE-2021-35886 RESERVED CVE-2021-35885 RESERVED CVE-2021-35884 RESERVED CVE-2021-35883 RESERVED CVE-2021-35882 RESERVED CVE-2021-35881 RESERVED CVE-2021-35880 RESERVED CVE-2021-35879 RESERVED CVE-2021-35878 RESERVED CVE-2021-35877 RESERVED CVE-2021-35876 RESERVED CVE-2021-35875 RESERVED CVE-2021-35874 RESERVED CVE-2021-35873 RESERVED CVE-2021-35872 RESERVED CVE-2021-35871 RESERVED CVE-2021-35870 RESERVED CVE-2021-35869 RESERVED CVE-2021-35868 RESERVED CVE-2021-35867 RESERVED CVE-2021-35866 RESERVED CVE-2021-35865 RESERVED CVE-2021-35864 RESERVED CVE-2021-35863 RESERVED CVE-2021-35862 RESERVED CVE-2021-35861 RESERVED CVE-2021-35860 RESERVED CVE-2021-35859 RESERVED CVE-2021-35858 RESERVED CVE-2021-35857 RESERVED CVE-2021-35856 RESERVED CVE-2021-35855 RESERVED CVE-2021-35854 RESERVED CVE-2021-35853 RESERVED CVE-2021-35852 RESERVED CVE-2021-35851 RESERVED CVE-2021-35850 RESERVED CVE-2021-35849 RESERVED CVE-2021-35848 RESERVED CVE-2021-35847 RESERVED CVE-2021-35846 RESERVED CVE-2021-35845 RESERVED CVE-2021-35844 RESERVED CVE-2021-35843 RESERVED CVE-2021-35842 RESERVED CVE-2021-35841 RESERVED CVE-2021-35840 RESERVED CVE-2021-35839 RESERVED CVE-2021-35838 RESERVED CVE-2021-35837 RESERVED CVE-2021-35836 RESERVED CVE-2021-35835 RESERVED CVE-2021-35834 RESERVED CVE-2021-35833 RESERVED CVE-2021-35832 RESERVED CVE-2021-35831 RESERVED CVE-2021-35830 RESERVED CVE-2021-35829 RESERVED CVE-2021-35828 RESERVED CVE-2021-35827 RESERVED CVE-2021-35826 RESERVED CVE-2021-35825 RESERVED CVE-2021-35824 RESERVED CVE-2021-35823 RESERVED CVE-2021-35822 RESERVED CVE-2021-35821 RESERVED CVE-2021-35820 RESERVED CVE-2021-35819 RESERVED CVE-2021-35818 RESERVED CVE-2021-35817 RESERVED CVE-2021-35816 RESERVED CVE-2021-35815 RESERVED CVE-2021-35814 RESERVED CVE-2021-35813 RESERVED CVE-2021-35812 RESERVED CVE-2021-35811 RESERVED CVE-2021-35810 RESERVED CVE-2021-35809 RESERVED CVE-2021-35808 RESERVED CVE-2021-35807 RESERVED CVE-2021-35806 RESERVED CVE-2021-35805 RESERVED CVE-2021-35804 RESERVED CVE-2021-35803 RESERVED CVE-2021-35802 RESERVED CVE-2021-35801 RESERVED CVE-2021-35800 RESERVED CVE-2021-35799 RESERVED CVE-2021-35798 RESERVED CVE-2021-35797 RESERVED CVE-2021-35796 RESERVED CVE-2021-35795 RESERVED CVE-2021-35794 RESERVED CVE-2021-35793 RESERVED CVE-2021-35792 RESERVED CVE-2021-35791 RESERVED CVE-2021-35790 RESERVED CVE-2021-35789 RESERVED CVE-2021-35788 RESERVED CVE-2021-35787 RESERVED CVE-2021-35786 RESERVED CVE-2021-35785 RESERVED CVE-2021-35784 RESERVED CVE-2021-35783 RESERVED CVE-2021-35782 RESERVED CVE-2021-35781 RESERVED CVE-2021-35780 RESERVED CVE-2021-35779 RESERVED CVE-2021-35778 RESERVED CVE-2021-35777 RESERVED CVE-2021-35776 RESERVED CVE-2021-35775 RESERVED CVE-2021-35774 RESERVED CVE-2021-35773 RESERVED CVE-2021-35772 RESERVED CVE-2021-35771 RESERVED CVE-2021-35770 RESERVED CVE-2021-35769 RESERVED CVE-2021-35768 RESERVED CVE-2021-35767 RESERVED CVE-2021-35766 RESERVED CVE-2021-35765 RESERVED CVE-2021-35764 RESERVED CVE-2021-35763 RESERVED CVE-2021-35762 RESERVED CVE-2021-35761 RESERVED CVE-2021-35760 RESERVED CVE-2021-35759 RESERVED CVE-2021-35758 RESERVED CVE-2021-35757 RESERVED CVE-2021-35756 RESERVED CVE-2021-35755 RESERVED CVE-2021-35754 RESERVED CVE-2021-35753 RESERVED CVE-2021-35752 RESERVED CVE-2021-35751 RESERVED CVE-2021-35750 RESERVED CVE-2021-35749 RESERVED CVE-2021-35748 RESERVED CVE-2021-35747 RESERVED CVE-2021-35746 RESERVED CVE-2021-35745 RESERVED CVE-2021-35744 RESERVED CVE-2021-35743 RESERVED CVE-2021-35742 RESERVED CVE-2021-35741 RESERVED CVE-2021-35740 RESERVED CVE-2021-35739 RESERVED CVE-2021-35738 RESERVED CVE-2021-35737 RESERVED CVE-2021-35736 RESERVED CVE-2021-35735 RESERVED CVE-2021-35734 RESERVED CVE-2021-35733 RESERVED CVE-2021-35732 RESERVED CVE-2021-35731 RESERVED CVE-2021-35730 RESERVED CVE-2021-35729 RESERVED CVE-2021-35728 RESERVED CVE-2021-35727 RESERVED CVE-2021-35726 RESERVED CVE-2021-35725 RESERVED CVE-2021-35724 RESERVED CVE-2021-35723 RESERVED CVE-2021-35722 RESERVED CVE-2021-35721 RESERVED CVE-2021-35720 RESERVED CVE-2021-35719 RESERVED CVE-2021-35718 RESERVED CVE-2021-35717 RESERVED CVE-2021-35716 RESERVED CVE-2021-35715 RESERVED CVE-2021-35714 RESERVED CVE-2021-35713 RESERVED CVE-2021-35712 RESERVED CVE-2021-35711 RESERVED CVE-2021-35710 RESERVED CVE-2021-35709 RESERVED CVE-2021-35708 RESERVED CVE-2021-35707 RESERVED CVE-2021-35706 RESERVED CVE-2021-35705 RESERVED CVE-2021-35704 RESERVED CVE-2021-35703 RESERVED CVE-2021-35702 RESERVED CVE-2021-35701 RESERVED CVE-2021-35700 RESERVED CVE-2021-35699 RESERVED CVE-2021-35698 RESERVED CVE-2021-35697 RESERVED CVE-2021-35696 RESERVED CVE-2021-35695 RESERVED CVE-2021-35694 RESERVED CVE-2021-35693 RESERVED CVE-2021-35692 RESERVED CVE-2021-35691 RESERVED CVE-2021-35690 RESERVED CVE-2021-35689 RESERVED CVE-2021-35688 RESERVED CVE-2021-35687 RESERVED CVE-2021-35686 RESERVED CVE-2021-35685 RESERVED CVE-2021-35684 RESERVED CVE-2021-35683 RESERVED CVE-2021-35682 RESERVED CVE-2021-35681 RESERVED CVE-2021-35680 RESERVED CVE-2021-35679 RESERVED CVE-2021-35678 RESERVED CVE-2021-35677 RESERVED CVE-2021-35676 RESERVED CVE-2021-35675 RESERVED CVE-2021-35674 RESERVED CVE-2021-35673 RESERVED CVE-2021-35672 RESERVED CVE-2021-35671 RESERVED CVE-2021-35670 RESERVED CVE-2021-35669 RESERVED CVE-2021-35668 RESERVED CVE-2021-35667 RESERVED CVE-2021-35666 RESERVED CVE-2021-35665 RESERVED CVE-2021-35664 RESERVED CVE-2021-35663 RESERVED CVE-2021-35662 RESERVED CVE-2021-35661 RESERVED CVE-2021-35660 RESERVED CVE-2021-35659 RESERVED CVE-2021-35658 RESERVED CVE-2021-35657 RESERVED CVE-2021-35656 RESERVED CVE-2021-35655 RESERVED CVE-2021-35654 RESERVED CVE-2021-35653 RESERVED CVE-2021-35652 RESERVED CVE-2021-35651 RESERVED CVE-2021-35650 RESERVED CVE-2021-35649 RESERVED CVE-2021-35648 RESERVED CVE-2021-35647 RESERVED CVE-2021-35646 RESERVED CVE-2021-35645 RESERVED CVE-2021-35644 RESERVED CVE-2021-35643 RESERVED CVE-2021-35642 RESERVED CVE-2021-35641 RESERVED CVE-2021-35640 RESERVED CVE-2021-35639 RESERVED CVE-2021-35638 RESERVED CVE-2021-35637 RESERVED CVE-2021-35636 RESERVED CVE-2021-35635 RESERVED CVE-2021-35634 RESERVED CVE-2021-35633 RESERVED CVE-2021-35632 RESERVED CVE-2021-35631 RESERVED CVE-2021-35630 RESERVED CVE-2021-35629 RESERVED CVE-2021-35628 RESERVED CVE-2021-35627 RESERVED CVE-2021-35626 RESERVED CVE-2021-35625 RESERVED CVE-2021-35624 RESERVED CVE-2021-35623 RESERVED CVE-2021-35622 RESERVED CVE-2021-35621 RESERVED CVE-2021-35620 RESERVED CVE-2021-35619 RESERVED CVE-2021-35618 RESERVED CVE-2021-35617 RESERVED CVE-2021-35616 RESERVED CVE-2021-35615 RESERVED CVE-2021-35614 RESERVED CVE-2021-35613 RESERVED CVE-2021-35612 RESERVED CVE-2021-35611 RESERVED CVE-2021-35610 RESERVED CVE-2021-35609 RESERVED CVE-2021-35608 RESERVED CVE-2021-35607 RESERVED CVE-2021-35606 RESERVED CVE-2021-35605 RESERVED CVE-2021-35604 RESERVED CVE-2021-35603 RESERVED CVE-2021-35602 RESERVED CVE-2021-35601 RESERVED CVE-2021-35600 RESERVED CVE-2021-35599 RESERVED CVE-2021-35598 RESERVED CVE-2021-35597 RESERVED CVE-2021-35596 RESERVED CVE-2021-35595 RESERVED CVE-2021-35594 RESERVED CVE-2021-35593 RESERVED CVE-2021-35592 RESERVED CVE-2021-35591 RESERVED CVE-2021-35590 RESERVED CVE-2021-35589 RESERVED CVE-2021-35588 RESERVED CVE-2021-35587 RESERVED CVE-2021-35586 RESERVED CVE-2021-35585 RESERVED CVE-2021-35584 RESERVED CVE-2021-35583 RESERVED CVE-2021-35582 RESERVED CVE-2021-35581 RESERVED CVE-2021-35580 RESERVED CVE-2021-35579 RESERVED CVE-2021-35578 RESERVED CVE-2021-35577 RESERVED CVE-2021-35576 RESERVED CVE-2021-35575 RESERVED CVE-2021-35574 RESERVED CVE-2021-35573 RESERVED CVE-2021-35572 RESERVED CVE-2021-35571 RESERVED CVE-2021-35570 RESERVED CVE-2021-35569 RESERVED CVE-2021-35568 RESERVED CVE-2021-35567 RESERVED CVE-2021-35566 RESERVED CVE-2021-35565 RESERVED CVE-2021-35564 RESERVED CVE-2021-35563 RESERVED CVE-2021-35562 RESERVED CVE-2021-35561 RESERVED CVE-2021-35560 RESERVED CVE-2021-35559 RESERVED CVE-2021-35558 RESERVED CVE-2021-35557 RESERVED CVE-2021-35556 RESERVED CVE-2021-35555 RESERVED CVE-2021-35554 RESERVED CVE-2021-35553 RESERVED CVE-2021-35552 RESERVED CVE-2021-35551 RESERVED CVE-2021-35550 RESERVED CVE-2021-35549 RESERVED CVE-2021-35548 RESERVED CVE-2021-35547 RESERVED CVE-2021-35546 RESERVED CVE-2021-35545 RESERVED CVE-2021-35544 RESERVED CVE-2021-35543 RESERVED CVE-2021-35542 RESERVED CVE-2021-35541 RESERVED CVE-2021-35540 RESERVED CVE-2021-35539 RESERVED CVE-2021-35538 RESERVED CVE-2021-35537 RESERVED CVE-2021-35536 RESERVED CVE-2021-35535 RESERVED CVE-2021-35534 RESERVED CVE-2021-35533 RESERVED CVE-2021-35532 RESERVED CVE-2021-35531 RESERVED CVE-2021-35530 RESERVED CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...) NOT-FOR-US: Hitachi CVE-2021-35528 RESERVED CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...) NOT-FOR-US: Hitachi ABB Power Grids eSOMS CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...) NOT-FOR-US: Hitachi ABB Power Grids System Data Manager CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()] RESERVED - dcraw (bug #984761) [bullseye] - dcraw (Minor issue) [buster] - dcraw (Minor issue) [stretch] - dcraw (Minor issue) CVE-2021-3623 [out-of-bounds access when trying to resume the state of the vTPM] RESERVED - libtpms (bug #990522) NOTE: https://github.com/stefanberger/libtpms/pull/223 NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263 NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809 NOTE: https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...) - postsrsd 1.10-2 (bug #990439) [buster] - postsrsd (Minor issue; can be fixed via point release) [stretch] - postsrsd (Minor issue) NOTE: https://bugs.gentoo.org/793674 NOTE: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2 CVE-2021-35524 RESERVED CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...) NOT-FOR-US: Securepoint CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) NOT-FOR-US: IDEMIA CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...) NOT-FOR-US: IDEMIA CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) NOT-FOR-US: IDEMIA CVE-2021-35519 RESERVED CVE-2021-35518 RESERVED CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=26924e96c7730db014c310757e11c9359db07f3e NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=c51de6cfaec75b21566374158f25e1734c3a94cb NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=0aba8b8fd8053ae323f15d736d1762b2161c76a6 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=60d551a748236d7f4651a4ae88d5a351f7c5754b NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=bf5a5346ae04b9d2a5b0356ca75f11dcc8d94789 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=5761493cbaf7a7d608a3b68f4d61aaa822dbeb4f NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ae2b27cc011f47f0289cb24a11f2d4f1db711f8a CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1 NOTE: Fixed by https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=3fe6b42110dc56d0d6fe0aaf80cfecb8feea5321 CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...) NOT-FOR-US: Narou CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used. ...) - node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449) NOTE: https://github.com/mermaid-js/mermaid/issues/2122 NOTE: https://github.com/mermaid-js/mermaid/pull/2123 CVE-2021-35512 RESERVED CVE-2021-35511 RESERVED CVE-2021-35510 RESERVED CVE-2021-35509 RESERVED CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to ex ...) NOT-FOR-US: TeraRecon AQNetClient CVE-2021-35507 RESERVED CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator encounters a ...) NOT-FOR-US: Afian FileRun CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) NOT-FOR-US: Afian FileRun CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) NOT-FOR-US: Afian FileRun CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For ...) NOT-FOR-US: Afian FileRun CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...) NOT-FOR-US: MISP CVE-2021-3622 RESERVED - hivex 1.3.21-1 (bug #991860) [bullseye] - hivex (Minor issue) [buster] - hivex (Minor issue) [stretch] - hivex (Minor issue) NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255 CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the nam ...) NOT-FOR-US: PandoraFMS CVE-2021-3621 [shell command injection in sssctl] RESERVED {DLA-2758-1} - sssd 2.5.2-1 (bug #992710) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142 NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91) CVE-2021-3620 RESERVED - ansible [bullseye] - ansible (Minor issue, revisit when/if fixed upstream) [buster] - ansible (Minor issue, revisit when/if fixed upstream) - ansible-base NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767 CVE-2021-35500 RESERVED CVE-2021-35499 RESERVED CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) NOT-FOR-US: TIBCO CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) NOT-FOR-US: TIBCO CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) NOT-FOR-US: TIBCO CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...) NOT-FOR-US: TIBCO CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) NOT-FOR-US: TIBCO CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...) NOT-FOR-US: WebFOCUS CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...) NOT-FOR-US: Rapid7 Velociraptor CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-35490 RESERVED CVE-2021-35489 RESERVED CVE-2021-35488 RESERVED CVE-2021-35487 RESERVED CVE-2021-35486 RESERVED CVE-2021-35485 RESERVED CVE-2021-35484 RESERVED CVE-2021-35483 RESERVED CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...) NOT-FOR-US: Barco MirrorOp Windows Sender CVE-2021-35481 RESERVED CVE-2021-35480 RESERVED CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom colum ...) NOT-FOR-US: Nagios Log Server CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...) NOT-FOR-US: Nagios Log Server CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) {DLA-2785-1} - linux 5.10.46-4 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 CVE-2021-35476 RESERVED CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...) NOT-FOR-US: SAS Environment Manager CVE-2021-3618 RESERVED - nginx (bug #991328) [bullseye] - nginx (Minor issue) [buster] - nginx (Minor issue) [stretch] - nginx (Minor issue) - vsftpd (bug #991329) [bullseye] - vsftpd (Minor issue) [buster] - vsftpd (Minor issue) [stretch] - vsftpd (Minor issue) [experimental] - sendmail 8.16.1-1 - sendmail (bug #991331) [bullseye] - sendmail (Minor issue) [buster] - sendmail (Minor issue) [stretch] - sendmail (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975623 NOTE: https://alpaca-attack.com/ NOTE: Generic TLS protocol issue, some applications have released mitigations: NOTE: nginx: http://hg.nginx.org/nginx/rev/ec1071830799 NOTE: vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4) NOTE: * Close the control connection after 10 unknown commands pre-login. NOTE: * Reject any TLS ALPN advertisement that's not 'ftp'. NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname. NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2 NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) NOT-FOR-US: Lenovo CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) NOT-FOR-US: Lenovo CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) NOT-FOR-US: Lenovo CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...) NOT-FOR-US: Lenovo CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] RESERVED - lemonldap-ng 2.0.11+ds-4 [buster] - lemonldap-ng (OAuth2 Handler introduced later) [stretch] - lemonldap-ng (OAuth2 Handler introduced later) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549 CVE-2021-35472 (An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache ...) {DSA-4943-1} - lemonldap-ng 2.0.11+ds-4 [stretch] - lemonldap-ng (Vulnerable code not present; updateSession doesn't use in-memory cache) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 CVE-2021-35471 RESERVED CVE-2021-35470 RESERVED CVE-2021-35469 (The Lexmark Printer Software G2, G3 and G4 Installation Packages have ...) NOT-FOR-US: Lexmark CVE-2021-35468 RESERVED CVE-2021-35467 RESERVED CVE-2021-35466 RESERVED CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...) NOT-FOR-US: ARM CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...) NOT-FOR-US: ForgeRock CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...) NOT-FOR-US: Liferay CVE-2021-35462 RESERVED CVE-2021-35461 RESERVED CVE-2021-35460 RESERVED CVE-2021-35459 RESERVED CVE-2021-35458 (Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in pro ...) NOT-FOR-US: Online Pet Shop We App CVE-2021-35457 RESERVED CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...) NOT-FOR-US: Online Pet Shop We App CVE-2021-35455 RESERVED CVE-2021-35454 RESERVED CVE-2021-35453 RESERVED CVE-2021-35452 RESERVED CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...) NOT-FOR-US: Teradici PCoIP Management Console-Enterprise CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...) NOT-FOR-US: Entando Admin Console CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...) NOT-FOR-US: Lexmark CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...) NOT-FOR-US: Emote Interactive Remote Mouse on Windows CVE-2021-35447 RESERVED CVE-2021-35446 RESERVED CVE-2021-35445 RESERVED CVE-2021-35444 RESERVED CVE-2021-35443 RESERVED CVE-2021-35442 RESERVED CVE-2021-35441 RESERVED CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...) NOT-FOR-US: Smashing CVE-2021-35439 RESERVED CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...) - phpipam (bug #731713) NOTE: https://github.com/phpipam/phpipam/issues/3351 CVE-2021-35437 RESERVED CVE-2021-35436 RESERVED CVE-2021-35435 RESERVED CVE-2021-35434 RESERVED CVE-2021-35433 RESERVED CVE-2021-35432 RESERVED CVE-2021-35431 RESERVED CVE-2021-35430 RESERVED CVE-2021-35429 RESERVED CVE-2021-35428 RESERVED CVE-2021-35427 RESERVED CVE-2021-35426 RESERVED CVE-2021-35425 RESERVED CVE-2021-35424 RESERVED CVE-2021-35423 RESERVED CVE-2021-35422 RESERVED CVE-2021-35421 RESERVED CVE-2021-35420 RESERVED CVE-2021-35419 RESERVED CVE-2021-35418 RESERVED CVE-2021-35417 RESERVED CVE-2021-35416 RESERVED CVE-2021-35415 RESERVED CVE-2021-35414 RESERVED CVE-2021-35413 RESERVED CVE-2021-35412 RESERVED CVE-2021-35411 RESERVED CVE-2021-35410 RESERVED CVE-2021-35409 RESERVED CVE-2021-35408 RESERVED CVE-2021-35407 RESERVED CVE-2021-35406 RESERVED CVE-2021-35405 RESERVED CVE-2021-35404 RESERVED CVE-2021-35403 RESERVED CVE-2021-35402 RESERVED CVE-2021-35401 RESERVED CVE-2021-35400 RESERVED CVE-2021-35399 RESERVED CVE-2021-35398 RESERVED CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon from 1. ...) NOT-FOR-US: Drogon CVE-2021-35396 RESERVED CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web se ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic t ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35391 RESERVED CVE-2021-35390 RESERVED CVE-2021-35389 RESERVED CVE-2021-35388 RESERVED CVE-2021-35387 RESERVED CVE-2021-35386 RESERVED CVE-2021-35385 RESERVED CVE-2021-35384 RESERVED CVE-2021-35383 RESERVED CVE-2021-35382 RESERVED CVE-2021-35381 RESERVED CVE-2021-35380 RESERVED CVE-2021-35379 RESERVED CVE-2021-35378 RESERVED CVE-2021-35377 RESERVED CVE-2021-35376 RESERVED CVE-2021-35375 RESERVED CVE-2021-35374 RESERVED CVE-2021-35373 RESERVED CVE-2021-35372 RESERVED CVE-2021-35371 RESERVED CVE-2021-35370 RESERVED CVE-2021-35369 RESERVED CVE-2021-35368 [CRS Request Body Bypass] RESERVED - modsecurity-crs 3.3.2-1 (bug #992000) [bullseye] - modsecurity-crs 3.3.0-1+deb11u1 [buster] - modsecurity-crs 3.1.0-1+deb10u2 [stretch] - modsecurity-crs (Minor issue) NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ NOTE: https://github.com/coreruleset/coreruleset/pull/2143 NOTE: https://github.com/coreruleset/coreruleset/commit/132c19c8f21c8cd4d3cd484d4f34ef786ee39b05 (v3.4-dev) NOTE: Introduced by https://github.com/coreruleset/coreruleset/commit/b3995e5d332be9f2445ee91b6e1366440bdbe109 (v3.0.0-rc2) CVE-2021-35367 RESERVED CVE-2021-35366 RESERVED CVE-2021-35365 RESERVED CVE-2021-35364 RESERVED CVE-2021-35363 RESERVED CVE-2021-35362 RESERVED CVE-2021-35361 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/l ...) NOT-FOR-US: dotCMS CVE-2021-35360 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/c ...) NOT-FOR-US: dotCMS CVE-2021-35359 RESERVED CVE-2021-35358 (A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Im ...) NOT-FOR-US: dotCMS CVE-2021-35357 RESERVED CVE-2021-35356 RESERVED CVE-2021-35355 RESERVED CVE-2021-35354 RESERVED CVE-2021-35353 RESERVED CVE-2021-35352 RESERVED CVE-2021-35351 RESERVED CVE-2021-35350 RESERVED CVE-2021-35349 RESERVED CVE-2021-35348 RESERVED CVE-2021-35347 RESERVED CVE-2021-35346 RESERVED CVE-2021-35345 RESERVED CVE-2021-35344 RESERVED CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...) NOT-FOR-US: SeedDMS CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...) NOT-FOR-US: Northern.tech CVE-2021-35341 RESERVED CVE-2021-35340 RESERVED CVE-2021-35339 RESERVED CVE-2021-35338 RESERVED CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...) NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...) NOT-FOR-US: Tieline IP Audio Gateway CVE-2021-35335 RESERVED CVE-2021-35334 RESERVED CVE-2021-35333 RESERVED CVE-2021-35332 RESERVED CVE-2021-35331 (** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehl ...) - tcl8.6 (unimportant) NOTE: https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 NOTE: https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 NOTE: https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 NOTE: https://sqlite.org/forum/info/7dcd751996c93ec9 NOTE: Various other sources would embedd a copy as well, but the security impact of NOTE: the issue tself for tcl is disputed in its significance. CVE-2021-35330 RESERVED CVE-2021-35329 RESERVED CVE-2021-35328 RESERVED CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...) NOT-FOR-US: TOTOLINK A720R A720R_Firmware CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...) NOT-FOR-US: TOTOLINK A720R router firmware CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...) NOT-FOR-US: TOTOLINK A720R A720R_Firmware CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...) NOT-FOR-US: TOTOLINK A720R A720R_Firmware CVE-2021-35323 RESERVED CVE-2021-35322 RESERVED CVE-2021-35321 RESERVED CVE-2021-35320 RESERVED CVE-2021-35319 RESERVED CVE-2021-35318 RESERVED CVE-2021-35317 RESERVED CVE-2021-35316 RESERVED CVE-2021-35315 RESERVED CVE-2021-35314 RESERVED CVE-2021-35313 REJECTED CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...) NOT-FOR-US: Amica Prodigy CVE-2021-35311 RESERVED CVE-2021-35310 RESERVED CVE-2021-35309 RESERVED CVE-2021-35308 RESERVED CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) NOT-FOR-US: Bento4 CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) NOT-FOR-US: Bento4 CVE-2021-35305 RESERVED CVE-2021-35304 RESERVED CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) - zammad (bug #841355) CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...) - zammad (bug #841355) CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...) - zammad (bug #841355) CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...) - zammad (bug #841355) CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...) - zammad (bug #841355) CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) - zammad (bug #841355) CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...) NOT-FOR-US: Scalabium dBase Viewer CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...) NOT-FOR-US: PTCL HG150-Ub CVE-2021-35295 RESERVED CVE-2021-35294 RESERVED CVE-2021-35293 RESERVED CVE-2021-35292 RESERVED CVE-2021-35291 RESERVED CVE-2021-35290 RESERVED CVE-2021-35289 RESERVED CVE-2021-35288 RESERVED CVE-2021-35287 RESERVED CVE-2021-35286 RESERVED CVE-2021-35285 RESERVED CVE-2021-35284 RESERVED CVE-2021-35283 RESERVED CVE-2021-35282 RESERVED CVE-2021-35281 RESERVED CVE-2021-35280 RESERVED CVE-2021-35279 RESERVED CVE-2021-35278 RESERVED CVE-2021-35277 RESERVED CVE-2021-35276 RESERVED CVE-2021-35275 RESERVED CVE-2021-35274 RESERVED CVE-2021-35273 RESERVED CVE-2021-35272 RESERVED CVE-2021-35271 RESERVED CVE-2021-35270 RESERVED CVE-2021-35269 (NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribu ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35268 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inod ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35267 (NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur whe ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35266 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inod ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...) NOT-FOR-US: MaxSite CMS CVE-2021-35264 RESERVED CVE-2021-35263 RESERVED CVE-2021-35262 RESERVED CVE-2021-35261 RESERVED CVE-2021-35260 RESERVED CVE-2021-35259 RESERVED CVE-2021-35258 RESERVED CVE-2021-35257 RESERVED CVE-2021-35256 RESERVED CVE-2021-35255 RESERVED CVE-2021-35254 RESERVED CVE-2021-35253 RESERVED CVE-2021-35252 RESERVED CVE-2021-35251 RESERVED CVE-2021-35250 RESERVED CVE-2021-35249 RESERVED CVE-2021-35248 RESERVED CVE-2021-35247 RESERVED CVE-2021-35246 RESERVED CVE-2021-35245 RESERVED CVE-2021-35244 RESERVED CVE-2021-35243 RESERVED CVE-2021-35242 RESERVED CVE-2021-35241 RESERVED CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...) NOT-FOR-US: SolarWinds CVE-2021-35239 (A security researcher found a user with Orion map manage rights could ...) NOT-FOR-US: SolarWinds CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...) NOT-FOR-US: Solarwinds CVE-2021-35237 RESERVED CVE-2021-35236 RESERVED CVE-2021-35235 RESERVED CVE-2021-35234 RESERVED CVE-2021-35233 RESERVED CVE-2021-35232 RESERVED CVE-2021-35231 RESERVED CVE-2021-35230 RESERVED CVE-2021-35229 RESERVED CVE-2021-35228 RESERVED CVE-2021-35227 RESERVED CVE-2021-35226 RESERVED CVE-2021-35225 RESERVED CVE-2021-35224 RESERVED CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...) NOT-FOR-US: SolarWinds CVE-2021-35222 (This vulnerability allows attackers to impersonate users and perform a ...) NOT-FOR-US: SolarWinds CVE-2021-35221 (Improper Access Control Tampering Vulnerability using ImportAlert func ...) NOT-FOR-US: SolarWinds CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can lead to ...) NOT-FOR-US: SolarWinds CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerabilit ...) NOT-FOR-US: SolarWinds CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...) NOT-FOR-US: Solarwinds CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...) NOT-FOR-US: Solarwinds CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...) NOT-FOR-US: Solarwinds CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...) NOT-FOR-US: Solarwinds CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...) NOT-FOR-US: Solarwinds CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...) NOT-FOR-US: SolarWinds CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...) NOT-FOR-US: SolarWinds CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) vulnerability in th ...) NOT-FOR-US: SolarWinds CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitra ...) NOT-FOR-US: OpenVPN Connect CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...) NOT-FOR-US: Contao CMS CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...) NOT-FOR-US: Zimbra CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar Invite com ...) NOT-FOR-US: Zimbra CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.1 ...) NOT-FOR-US: Zimbra CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...) NOT-FOR-US: Gitpod CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...) NOT-FOR-US: NETSCOUT CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...) NOT-FOR-US: NETSCOUT CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...) NOT-FOR-US: NETSCOUT CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...) NOT-FOR-US: NETSCOUT CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...) NOT-FOR-US: NETSCOUT CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...) NOT-FOR-US: NETSCOUT CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...) NOT-FOR-US: NETSCOUT CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...) NOT-FOR-US: NETSCOUT CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...) {DSA-4979-1 DLA-2779-1} - mediawiki 1:1.35.3-1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ NOTE: https://phabricator.wikimedia.org/T280226 CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to ex ...) - manuskript (bug #990366) [bullseye] - manuskript (Minor issue) [buster] - manuskript (Minor issue) NOTE: https://github.com/olivierkes/manuskript/issues/891 CVE-2021-35195 RESERVED CVE-2021-35194 RESERVED CVE-2021-35193 (Patterson Application Service in Patterson Eaglesoft 18 through 21 acc ...) NOT-FOR-US: Patterson Eaglesoft CVE-2021-35192 RESERVED CVE-2021-35191 RESERVED CVE-2021-35190 RESERVED CVE-2021-35189 RESERVED CVE-2021-35188 RESERVED CVE-2021-35187 RESERVED CVE-2021-35186 RESERVED CVE-2021-35185 RESERVED CVE-2021-35184 RESERVED CVE-2021-35183 RESERVED CVE-2021-35182 RESERVED CVE-2021-35181 RESERVED CVE-2021-35180 RESERVED CVE-2021-35179 RESERVED CVE-2021-35178 RESERVED CVE-2021-35177 RESERVED CVE-2021-35176 RESERVED CVE-2021-35175 RESERVED CVE-2021-35174 RESERVED CVE-2021-35173 RESERVED CVE-2021-35172 RESERVED CVE-2021-35171 RESERVED CVE-2021-35170 RESERVED CVE-2021-35169 RESERVED CVE-2021-35168 RESERVED CVE-2021-35167 RESERVED CVE-2021-35166 RESERVED CVE-2021-35165 RESERVED CVE-2021-35164 RESERVED CVE-2021-35163 RESERVED CVE-2021-35162 RESERVED CVE-2021-35161 RESERVED CVE-2021-35160 RESERVED CVE-2021-35159 RESERVED CVE-2021-35158 RESERVED CVE-2021-35157 RESERVED CVE-2021-35156 RESERVED CVE-2021-35155 RESERVED CVE-2021-35154 RESERVED CVE-2021-35153 RESERVED CVE-2021-35152 RESERVED CVE-2021-35151 RESERVED CVE-2021-35150 RESERVED CVE-2021-35149 RESERVED CVE-2021-35148 RESERVED CVE-2021-35147 RESERVED CVE-2021-35146 RESERVED CVE-2021-35145 RESERVED CVE-2021-35144 RESERVED CVE-2021-35143 RESERVED CVE-2021-35142 RESERVED CVE-2021-35141 RESERVED CVE-2021-35140 RESERVED CVE-2021-35139 RESERVED CVE-2021-35138 RESERVED CVE-2021-35137 RESERVED CVE-2021-35136 RESERVED CVE-2021-35135 RESERVED CVE-2021-35134 RESERVED CVE-2021-35133 RESERVED CVE-2021-35132 RESERVED CVE-2021-35131 RESERVED CVE-2021-35130 RESERVED CVE-2021-35129 RESERVED CVE-2021-35128 RESERVED CVE-2021-35127 RESERVED CVE-2021-35126 RESERVED CVE-2021-35125 RESERVED CVE-2021-35124 RESERVED CVE-2021-35123 RESERVED CVE-2021-35122 RESERVED CVE-2021-35121 RESERVED CVE-2021-35120 RESERVED CVE-2021-35119 RESERVED CVE-2021-35118 RESERVED CVE-2021-35117 RESERVED CVE-2021-35116 RESERVED CVE-2021-35115 RESERVED CVE-2021-35114 RESERVED CVE-2021-35113 RESERVED CVE-2021-35112 RESERVED CVE-2021-35111 RESERVED CVE-2021-35110 RESERVED CVE-2021-35109 RESERVED CVE-2021-35108 RESERVED CVE-2021-35107 RESERVED CVE-2021-35106 RESERVED CVE-2021-35105 RESERVED CVE-2021-35104 RESERVED CVE-2021-35103 RESERVED CVE-2021-35102 RESERVED CVE-2021-35101 RESERVED CVE-2021-35100 RESERVED CVE-2021-35099 RESERVED CVE-2021-35098 RESERVED CVE-2021-35097 RESERVED CVE-2021-35096 RESERVED CVE-2021-35095 RESERVED CVE-2021-35094 RESERVED CVE-2021-35093 RESERVED CVE-2021-35092 RESERVED CVE-2021-35091 RESERVED CVE-2021-35090 RESERVED CVE-2021-35089 RESERVED CVE-2021-35088 RESERVED CVE-2021-35087 RESERVED CVE-2021-35086 RESERVED CVE-2021-35085 RESERVED CVE-2021-35084 RESERVED CVE-2021-35083 RESERVED CVE-2021-35082 RESERVED CVE-2021-35081 RESERVED CVE-2021-35080 RESERVED CVE-2021-35079 RESERVED CVE-2021-35078 RESERVED CVE-2021-35077 RESERVED CVE-2021-35076 RESERVED CVE-2021-35075 RESERVED CVE-2021-35074 RESERVED CVE-2021-35073 RESERVED CVE-2021-35072 RESERVED CVE-2021-35071 RESERVED CVE-2021-35070 RESERVED CVE-2021-35069 RESERVED CVE-2021-35068 RESERVED CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...) NOT-FOR-US: Meross MSG100 devices CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...) {DLA-2785-1} - linux 5.10.46-3 [buster] - linux 4.19.208-1 NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...) NOT-FOR-US: ConnectWise Automate CVE-2021-35065 RESERVED CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...) NOT-FOR-US: KramerAV VIAWare CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." ...) [experimental] - suricata 1:6.0.3-1~exp1 - suricata 1:6.0.1-3 (bug #990835) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489 CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...) NOT-FOR-US: DRK Odenwaldkreis Testerfassung CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...) NOT-FOR-US: DRK Odenwaldkreis Testerfassung CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...) NOT-FOR-US: OpenWay WAY4 ACS CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...) NOT-FOR-US: OpenWay WAY4 ACS CVE-2021-35058 RESERVED CVE-2021-35057 RESERVED CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...) NOT-FOR-US: Unisys CVE-2021-35055 RESERVED CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...) NOT-FOR-US: Minecraft CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow] RESERVED - qemu (bug #990562) [bullseye] - qemu (Minor issue) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/qemu/+bug/1907497 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542 NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0) CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c] RESERVED - imagemagick (Specific to Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 CVE-2021-35053 RESERVED CVE-2021-35052 RESERVED CVE-2021-35051 RESERVED CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...) NOT-FOR-US: Fidelis CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) NOT-FOR-US: Fidelis CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...) NOT-FOR-US: Fidelis CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of ...) NOT-FOR-US: Fidelis CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...) NOT-FOR-US: Ice Hrm CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows ...) NOT-FOR-US: Ice Hrm CVE-2021-35044 RESERVED CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...) NOT-FOR-US: OWASP AntiSamy CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...) - python-django (Vulnerable code introduced in 3.1) NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/ NOTE: Issue did affect only the experimental version and fixed in 2:3.2.5-1 CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...) NOT-FOR-US: FISCO-BCOS CVE-2021-3609 RESERVED {DSA-4941-1 DLA-2714-1 DLA-2713-1} - linux 5.10.46-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1 CVE-2021-35040 RESERVED CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...) {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3 NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75 CVE-2021-35038 RESERVED CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...) NOT-FOR-US: Jamf Pro CVE-2021-35036 RESERVED CVE-2021-35035 RESERVED CVE-2021-35034 RESERVED CVE-2021-35033 RESERVED CVE-2021-35032 RESERVED CVE-2021-35031 RESERVED CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...) NOT-FOR-US: Zyxel CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...) NOT-FOR-US: Zyxel CVE-2021-35028 (A command injection vulnerability in the CGI program of the Zyxel VPN2 ...) NOT-FOR-US: Zyxel CVE-2021-35027 (A directory traversal vulnerability in the web server of the Zyxel VPN ...) NOT-FOR-US: Zyxel CVE-2021-35026 RESERVED CVE-2021-35025 RESERVED CVE-2021-35024 RESERVED CVE-2021-35023 RESERVED CVE-2021-35022 RESERVED CVE-2021-35021 RESERVED CVE-2021-35020 RESERVED CVE-2021-35019 RESERVED CVE-2021-35018 RESERVED CVE-2021-35017 RESERVED CVE-2021-35016 RESERVED CVE-2021-35015 RESERVED CVE-2021-35014 RESERVED CVE-2021-35013 RESERVED CVE-2021-35012 RESERVED CVE-2021-35011 RESERVED CVE-2021-35010 RESERVED CVE-2021-35009 RESERVED CVE-2021-35008 RESERVED CVE-2021-35007 RESERVED CVE-2021-35006 RESERVED CVE-2021-35005 RESERVED CVE-2021-35004 RESERVED CVE-2021-35003 RESERVED CVE-2021-35002 RESERVED CVE-2021-35001 RESERVED CVE-2021-35000 RESERVED CVE-2021-34999 RESERVED CVE-2021-34998 RESERVED CVE-2021-34997 RESERVED CVE-2021-34996 RESERVED CVE-2021-34995 RESERVED CVE-2021-34994 RESERVED CVE-2021-34993 RESERVED CVE-2021-34992 RESERVED CVE-2021-34991 RESERVED CVE-2021-34990 RESERVED CVE-2021-34989 RESERVED CVE-2021-34988 RESERVED CVE-2021-34987 RESERVED CVE-2021-34986 RESERVED CVE-2021-34985 RESERVED CVE-2021-34984 RESERVED CVE-2021-34983 RESERVED CVE-2021-34982 RESERVED CVE-2021-34981 RESERVED CVE-2021-34980 RESERVED CVE-2021-34979 RESERVED CVE-2021-34978 RESERVED CVE-2021-34977 RESERVED CVE-2021-34976 RESERVED CVE-2021-34975 RESERVED CVE-2021-34974 RESERVED CVE-2021-34973 RESERVED CVE-2021-34972 RESERVED CVE-2021-34971 RESERVED CVE-2021-34970 RESERVED CVE-2021-34969 RESERVED CVE-2021-34968 RESERVED CVE-2021-34967 RESERVED CVE-2021-34966 RESERVED CVE-2021-34965 RESERVED CVE-2021-34964 RESERVED CVE-2021-34963 RESERVED CVE-2021-34962 RESERVED CVE-2021-34961 RESERVED CVE-2021-34960 RESERVED CVE-2021-34959 RESERVED CVE-2021-34958 RESERVED CVE-2021-34957 RESERVED CVE-2021-34956 RESERVED CVE-2021-34955 RESERVED CVE-2021-34954 RESERVED CVE-2021-34953 RESERVED CVE-2021-34952 RESERVED CVE-2021-34951 RESERVED CVE-2021-34950 RESERVED CVE-2021-34949 RESERVED CVE-2021-34948 RESERVED CVE-2021-34947 RESERVED CVE-2021-34946 RESERVED CVE-2021-34945 RESERVED CVE-2021-34944 RESERVED CVE-2021-34943 RESERVED CVE-2021-34942 RESERVED CVE-2021-34941 RESERVED CVE-2021-34940 RESERVED CVE-2021-34939 RESERVED CVE-2021-34938 RESERVED CVE-2021-34937 RESERVED CVE-2021-34936 RESERVED CVE-2021-34935 RESERVED CVE-2021-34934 RESERVED CVE-2021-34933 RESERVED CVE-2021-34932 RESERVED CVE-2021-34931 RESERVED CVE-2021-34930 RESERVED CVE-2021-34929 RESERVED CVE-2021-34928 RESERVED CVE-2021-34927 RESERVED CVE-2021-34926 RESERVED CVE-2021-34925 RESERVED CVE-2021-34924 RESERVED CVE-2021-34923 RESERVED CVE-2021-34922 RESERVED CVE-2021-34921 RESERVED CVE-2021-34920 RESERVED CVE-2021-34919 RESERVED CVE-2021-34918 RESERVED CVE-2021-34917 RESERVED CVE-2021-34916 RESERVED CVE-2021-34915 RESERVED CVE-2021-34914 RESERVED CVE-2021-34913 RESERVED CVE-2021-34912 RESERVED CVE-2021-34911 RESERVED CVE-2021-34910 RESERVED CVE-2021-34909 RESERVED CVE-2021-34908 RESERVED CVE-2021-34907 RESERVED CVE-2021-34906 RESERVED CVE-2021-34905 RESERVED CVE-2021-34904 RESERVED CVE-2021-34903 RESERVED CVE-2021-34902 RESERVED CVE-2021-34901 RESERVED CVE-2021-34900 RESERVED CVE-2021-34899 RESERVED CVE-2021-34898 RESERVED CVE-2021-34897 RESERVED CVE-2021-34896 RESERVED CVE-2021-34895 RESERVED CVE-2021-34894 RESERVED CVE-2021-34893 RESERVED CVE-2021-34892 RESERVED CVE-2021-34891 RESERVED CVE-2021-34890 RESERVED CVE-2021-34889 RESERVED CVE-2021-34888 RESERVED CVE-2021-34887 RESERVED CVE-2021-34886 RESERVED CVE-2021-34885 RESERVED CVE-2021-34884 RESERVED CVE-2021-34883 RESERVED CVE-2021-34882 RESERVED CVE-2021-34881 RESERVED CVE-2021-34880 RESERVED CVE-2021-34879 RESERVED CVE-2021-34878 RESERVED CVE-2021-34877 RESERVED CVE-2021-34876 RESERVED CVE-2021-34875 RESERVED CVE-2021-34874 RESERVED CVE-2021-34873 RESERVED CVE-2021-34872 RESERVED CVE-2021-34871 RESERVED CVE-2021-34870 RESERVED CVE-2021-34869 RESERVED CVE-2021-34868 RESERVED CVE-2021-34867 RESERVED CVE-2021-34866 RESERVED CVE-2021-34865 RESERVED CVE-2021-34864 RESERVED CVE-2021-34863 RESERVED CVE-2021-34862 RESERVED CVE-2021-34861 RESERVED CVE-2021-34860 RESERVED CVE-2021-34859 RESERVED CVE-2021-34858 RESERVED CVE-2021-34857 RESERVED CVE-2021-34856 RESERVED CVE-2021-34855 RESERVED CVE-2021-34854 RESERVED CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()] RESERVED - qemu 1:5.2+dfsg-11 (bug #990563) [buster] - qemu (Minor issue) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383 CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()] RESERVED - qemu 1:5.2+dfsg-11 (bug #990564) [buster] - qemu (Minor issue) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349 CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...) - openvpn (Windows-specific) CVE-2021-34826 RESERVED CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...) - quassel (bug #990567) [bullseye] - quassel (Minor issue) [buster] - quassel (Minor issue) [stretch] - quassel (Minor issue) NOTE: https://github.com/quassel/quassel/pull/581 NOTE: https://bugs.quassel-irc.org/issues/1728 NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43 CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...) NOT-FOR-US: Istio CVE-2021-34823 (The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 fo ...) NOT-FOR-US: ON24 ScreenShare CVE-2021-34822 RESERVED CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...) NOT-FOR-US: AAT Novus Management System CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...) NOT-FOR-US: Novus HTTP Server CVE-2021-34819 RESERVED CVE-2021-34818 RESERVED CVE-2021-34817 (A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1 ...) - etherpad-lite (bug #576998) CVE-2021-34816 (An Argument Injection issue in the plugin management of Etherpad 1.8.1 ...) - etherpad-lite (bug #576998) CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...) NOT-FOR-US: CheckSec Canopy CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...) NOT-FOR-US: Proofpoint CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) [experimental] - olm 3.2.3~dfsg-1 - olm (bug #989997) [bullseye] - olm (Minor issue) [buster] - olm (Minor issue) NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b NOTE: https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3 NOTE: https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm CVE-2021-34812 (Use of hard-coded credentials vulnerability in php component in Synolo ...) NOT-FOR-US: Synology CVE-2021-34811 (Server-Side Request Forgery (SSRF) vulnerability in task management co ...) NOT-FOR-US: Synology CVE-2021-34810 (Improper privilege management vulnerability in cgi component in Synolo ...) NOT-FOR-US: Synology CVE-2021-34809 (Improper neutralization of special elements used in a command ('Comman ...) NOT-FOR-US: Synology CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi component in S ...) NOT-FOR-US: Synology CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...) NOT-FOR-US: Zimbra CVE-2021-34806 RESERVED CVE-2021-34805 RESERVED CVE-2021-34804 RESERVED CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...) NOT-FOR-US: TeamViewer CVE-2021-34802 (A failure in resetting the security context in some transaction action ...) NOT-FOR-US: Neo4j CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...) NOT-FOR-US: Valine CVE-2021-34800 RESERVED CVE-2021-34799 RESERVED CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...) {DSA-4982-1 DLA-2776-1} - apache2 2.4.49-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798 NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1) CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...) NOT-FOR-US: Secure 8 (Evalos) CVE-2021-34797 RESERVED CVE-2021-34796 RESERVED CVE-2021-34795 RESERVED CVE-2021-34794 RESERVED CVE-2021-34793 RESERVED CVE-2021-34792 RESERVED CVE-2021-34791 RESERVED CVE-2021-34790 RESERVED CVE-2021-34789 RESERVED CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...) NOT-FOR-US: Cisco CVE-2021-34787 RESERVED CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) NOT-FOR-US: Cisco CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) NOT-FOR-US: Cisco CVE-2021-34784 RESERVED CVE-2021-34783 RESERVED CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...) NOT-FOR-US: Cisco CVE-2021-34781 RESERVED CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34778 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34777 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34776 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34774 RESERVED CVE-2021-34773 RESERVED CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco Orbital ...) NOT-FOR-US: Cisco CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...) NOT-FOR-US: Cisco CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Co ...) NOT-FOR-US: Cisco CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On-Prem ...) NOT-FOR-US: Cisco CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...) NOT-FOR-US: Cisco CVE-2021-34764 RESERVED CVE-2021-34763 RESERVED CVE-2021-34762 RESERVED CVE-2021-34761 RESERVED CVE-2021-34760 RESERVED CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence Collabo ...) NOT-FOR-US: Cisco CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) NOT-FOR-US: Cisco CVE-2021-34756 RESERVED CVE-2021-34755 RESERVED CVE-2021-34754 RESERVED CVE-2021-34753 RESERVED CVE-2021-34752 RESERVED CVE-2021-34751 RESERVED CVE-2021-34750 RESERVED CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...) NOT-FOR-US: Cisco CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...) NOT-FOR-US: Cisco CVE-2021-34747 RESERVED CVE-2021-34746 (A vulnerability in the TACACS+ authentication, authorization and accou ...) NOT-FOR-US: Cisco CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows could allow ...) NOT-FOR-US: .NET Agent for Windows CVE-2021-34744 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) NOT-FOR-US: Cisco CVE-2021-34743 RESERVED CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2021-34741 RESERVED CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...) NOT-FOR-US: Cisco CVE-2021-34739 RESERVED CVE-2021-34738 RESERVED CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...) NOT-FOR-US: Cisco CVE-2021-34736 RESERVED CVE-2021-34735 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) NOT-FOR-US: Cisco CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...) NOT-FOR-US: Cisco CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evo ...) NOT-FOR-US: Cisco CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2021-34731 RESERVED CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...) NOT-FOR-US: Cisco CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...) NOT-FOR-US: Cisco CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...) NOT-FOR-US: Cisco CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...) NOT-FOR-US: Cisco CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco IOS XE ...) NOT-FOR-US: Cisco CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34720 (A vulnerability in the IP Service Level Agreements (IP SLA) responder ...) NOT-FOR-US: Cisco CVE-2021-34719 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34718 (A vulnerability in the SSH Server process of Cisco IOS XR Software cou ...) NOT-FOR-US: Cisco CVE-2021-34717 RESERVED CVE-2021-34716 (A vulnerability in the web-based management interface of Cisco Express ...) NOT-FOR-US: Cisco CVE-2021-34715 (A vulnerability in the image verification function of Cisco Expressway ...) NOT-FOR-US: Cisco CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) NOT-FOR-US: Cisco CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR Software runn ...) NOT-FOR-US: Cisco CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2021-34711 (A vulnerability in the debug shell of Cisco IP Phone software could al ...) NOT-FOR-US: Cisco CVE-2021-34710 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) NOT-FOR-US: Cisco CVE-2021-34709 (Multiple vulnerabilities in image verification checks of Cisco Network ...) NOT-FOR-US: Cisco CVE-2021-34708 (Multiple vulnerabilities in image verification checks of Cisco Network ...) NOT-FOR-US: Cisco CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...) NOT-FOR-US: Cisco CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...) NOT-FOR-US: Cisco CVE-2021-34704 RESERVED CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...) NOT-FOR-US: Cisco CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2021-34701 RESERVED CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...) NOT-FOR-US: Cisco CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...) NOT-FOR-US: Cisco CVE-2021-34698 (A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Se ...) NOT-FOR-US: Cisco CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of Servic ...) NOT-FOR-US: Cisco CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco ...) NOT-FOR-US: Cisco CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...) {DLA-2732-1} - openexr 2.5.7-1 (bug #990899) [buster] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283 (v2.5) NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if' CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...) - libphp-phpmailer (bug #991666) [bullseye] - libphp-phpmailer (Minor issue) [buster] - libphp-phpmailer (Minor issue) [stretch] - libphp-phpmailer (Minor issue, fix along with next DLA) NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/ NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0) CVE-2021-3602 [Host environment variables leaked in build container when using chroot isolation] RESERVED - golang-github-containers-buildah [bullseye] - golang-github-containers-buildah (Minor issue) NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main) NOTE: https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21) NOTE: https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19) CVE-2021-34695 RESERVED CVE-2021-34694 RESERVED CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) {DSA-4941-1 DLA-2714-1 DLA-2713-1} - linux 5.10.46-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1 NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693 NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) NOT-FOR-US: iDrive RemotePC CVE-2021-3601 RESERVED - openssl1.0 [stretch] - openssl1.0 (Minor issue, upstream does not want to change the behavior in this old version) - openssl 1.1.0b-2 NOTE: Only affects 1.0.2 NOTE: https://github.com/openssl/openssl/issues/5236 CVE-2021-34686 RESERVED CVE-2021-34685 RESERVED CVE-2021-34684 RESERVED CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...) NOT-FOR-US: EXCELLENT INFOTEK CORPORATION CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...) NOT-FOR-US: Receita Federal IRPF 2021 1.7 CVE-2021-3600 RESERVED {DLA-2785-1} - linux 5.10.19-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1 CVE-2021-3599 RESERVED CVE-2021-34681 RESERVED CVE-2021-34680 RESERVED CVE-2021-34679 (Thycotic Password Reset Server before 5.3.0 allows credential disclosu ...) NOT-FOR-US: Thycotic Password Reset Server CVE-2021-34678 RESERVED CVE-2021-34677 RESERVED CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...) NOT-FOR-US: Basix NEX-Forms CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...) NOT-FOR-US: Basix NEX-Forms CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...) {DLA-2701-1} - openexr 2.5.7-1 (bug #990450) [bullseye] - openexr (Minor issue) [buster] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5) NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) CVE-2021-3597 RESERVED - undertow (bug #989861) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930 CVE-2021-34674 RESERVED CVE-2021-34673 RESERVED CVE-2021-34672 RESERVED CVE-2021-34671 RESERVED CVE-2021-34670 RESERVED CVE-2021-34669 RESERVED CVE-2021-34668 (The WordPress Real Media Library WordPress plugin is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-34662 RESERVED CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Wordpress plugin CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...) NOT-FOR-US: Wordpress plugin CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...) NOT-FOR-US: WordPress plugin CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-34655 (The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-34650 (The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...) NOT-FOR-US: WordPress plugin CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary email send ...) NOT-FOR-US: WordPress plugin CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive informatio ...) NOT-FOR-US: WordPress plugin CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...) NOT-FOR-US: WordPress plugin CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...) NOT-FOR-US: WordPress plugin CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scrip ...) NOT-FOR-US: WordPress plugin CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 a ...) NOT-FOR-US: WordPress Download Manager CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager <= ...) NOT-FOR-US: WordPress Download Manager CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...) NOT-FOR-US: WordPress plugin CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...) NOT-FOR-US: WordPress plugin CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress plugin CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtra ...) NOT-FOR-US: GTranslate (Pro and Enterprise versions) CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...) NOT-FOR-US: WordPress plugin CVE-2021-34628 (The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...) NOT-FOR-US: WordPress plugin CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...) NOT-FOR-US: WordPress plugin CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP Upload Restri ...) NOT-FOR-US: WordPress plugin CVE-2021-34624 (A vulnerability in the file uploader component found in the ~/src/Clas ...) NOT-FOR-US: WordPress plugin CVE-2021-34623 (A vulnerability in the image uploader component found in the ~/src/Cla ...) NOT-FOR-US: WordPress plugin CVE-2021-34622 (A vulnerability in the user profile update component found in the ~/sr ...) NOT-FOR-US: WordPress plugin CVE-2021-34621 (A vulnerability in the user registration component found in the ~/src/ ...) NOT-FOR-US: WordPress plugin CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some ...) NOT-FOR-US: Aruba CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...) NOT-FOR-US: Aruba CVE-2021-34616 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34615 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34613 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34612 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) NOT-FOR-US: Aruba CVE-2021-34608 RESERVED CVE-2021-34607 RESERVED CVE-2021-34606 RESERVED CVE-2021-34605 RESERVED CVE-2021-34604 RESERVED CVE-2021-34603 RESERVED CVE-2021-34602 RESERVED CVE-2021-34601 RESERVED CVE-2021-34600 RESERVED CVE-2021-34599 RESERVED CVE-2021-34598 RESERVED CVE-2021-34597 RESERVED CVE-2021-34596 RESERVED CVE-2021-34595 RESERVED CVE-2021-34594 RESERVED CVE-2021-34593 RESERVED CVE-2021-34592 RESERVED CVE-2021-34591 RESERVED CVE-2021-34590 RESERVED CVE-2021-34589 RESERVED CVE-2021-34588 RESERVED CVE-2021-34587 RESERVED CVE-2021-34586 RESERVED CVE-2021-34585 RESERVED CVE-2021-34584 RESERVED CVE-2021-34583 RESERVED CVE-2021-34582 RESERVED CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...) NOT-FOR-US: WAGO CVE-2021-34580 RESERVED CVE-2021-34579 RESERVED CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...) NOT-FOR-US: WAGO CVE-2021-34577 RESERVED CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...) NOT-FOR-US: Kaden PICOFLUX Air CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...) NOT-FOR-US: MB connect line CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...) NOT-FOR-US: MB connect line CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...) NOT-FOR-US: Enbra EWM CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sent by w ...) NOT-FOR-US: Enbra EWM CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...) NOT-FOR-US: Enbra CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to ...) NOT-FOR-US: Phoenix Contact PLCnext control devices CVE-2021-34569 RESERVED CVE-2021-34568 RESERVED CVE-2021-34567 RESERVED CVE-2021-34566 RESERVED CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly att ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject a ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a pa ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-3596 RESERVED CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...) {DLA-2753-1} - libslirp 4.6.1-1 (bug #989996) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 [buster] - qemu (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...) {DLA-2753-1} - libslirp 4.6.1-1 (bug #989995) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 [buster] - qemu (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...) - libslirp 4.6.1-1 (bug #989994) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...) - libslirp 4.6.1-1 (bug #989993) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 [buster] - qemu (Minor issue) [stretch] - qemu (Introduces a regression. See Debian bug #994080) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: The patch introduced a regression, see Debian bug #994080 for more information. CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...) - golang-1.16 1.16.6-1 - golang-1.15 1.15.9-6 - golang-1.11 - golang-1.8 [stretch] - golang-1.8 (Minor issue, DoS, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, DoS, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/47143 NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x) NOTE: key_agreement.go also bundled in various other packages CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) {DLA-2785-1} - linux 5.10.46-4 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...) - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001) [buster] - opendmarc (Vulnerable code not present) [stretch] - opendmarc (Vulnerable code (multi-value-From:) introduced later) NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/179 NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/178 CVE-2021-34554 RESERVED CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...) {DLA-2716-1} - pillow 8.1.2+dfsg-0.3 (bug #991293) [buster] - pillow (Minor issue, mitigated by FORTIFY_SOURCE) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow NOTE: https://github.com/python-pillow/Pillow/pull/5567 NOTE: https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f (8.3.0) CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...) - libphp-phpmailer (Windows-specific) CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...) {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 CVE-2021-34549 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Has ...) {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 CVE-2021-34548 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An ...) {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 NOTE: https://bugs.torproject.org/tpo/core/tor/40389 CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...) NOT-FOR-US: PRTG Network Monitor CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...) NOT-FOR-US: NetSetMan Pro CVE-2021-34545 RESERVED CVE-2021-34544 RESERVED CVE-2021-34543 RESERVED CVE-2021-34542 RESERVED CVE-2021-34541 RESERVED CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...) NOT-FOR-US: Advantech WebAccess CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) NOT-FOR-US: CubeCoders AMP CVE-2021-34538 RESERVED CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34531 RESERVED CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-34527 (Windows Print Spooler Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34526 RESERVED CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-34521 (Raw Image Extension Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34520 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-34519 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34518 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-34517 (Microsoft SharePoint Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34516 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-34515 RESERVED CVE-2021-34514 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-34513 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-34512 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-34511 (Windows Installer Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34510 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-34509 (Storage Spaces Controller Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34506 RESERVED CVE-2021-34505 RESERVED CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34503 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34502 RESERVED CVE-2021-34501 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-34500 (Windows Kernel Memory Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34499 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-34498 (Windows GDI Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34497 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...) NOT-FOR-US: Microsoft CVE-2021-34496 (Windows GDI Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34495 RESERVED CVE-2021-34494 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-34493 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-34492 (Windows Certificate Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34491 (Win32k Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34490 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) NOT-FOR-US: Microsoft CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34482 RESERVED CVE-2021-34481 (Windows Print Spooler Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34475 RESERVED CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-34472 RESERVED CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34468 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-34467 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-34466 (Windows Hello Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34465 RESERVED CVE-2021-34464 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-34463 RESERVED CVE-2021-34462 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-34461 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2021-34460 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-34459 (Windows AppContainer Elevation Of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34458 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-34457 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34456 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34450 (Windows Hyper-V Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-34448 (Scripting Engine Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34447 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...) NOT-FOR-US: Microsoft CVE-2021-34446 (Windows HTML Platforms Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34445 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34444 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-34443 RESERVED CVE-2021-34442 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-34441 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34440 (GDI+ Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34439 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-3591 REJECTED CVE-2021-3590 RESERVED - foreman (bug #663101) CVE-2021-3589 RESERVED NOT-FOR-US: Foreman Ansible CVE-2021-34437 RESERVED CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...) NOT-FOR-US: Eclipse Theia CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...) NOT-FOR-US: Eclipse Theia CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...) - mosquitto (bug #993400) [buster] - mosquitto (Vulnerable code introduced later) [stretch] - mosquitto (Vulnerable code introduced later) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324 CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...) NOT-FOR-US: Eclipse Californium CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...) - mosquitto 2.0.8-1 [buster] - mosquitto (Vulnerable code is not accessible in version 1.x) [stretch] - mosquitto (Vulnerable code is not accessible in version 1.x) NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) - mosquitto 2.0.11-1 [buster] - mosquitto (Vulnerable code introduced later) [stretch] - mosquitto (Vulnerable code introduced later) NOTE: https://mosquitto.org/blog/2021/06/version-2-0-11-released/ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191 CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...) NOT-FOR-US: Eclipse TinyDTLS CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...) - jetty9 9.4.39-3 (bug #991188) [buster] - jetty9 (Vulnerable code was introduced in version 9.4.37) [stretch] - jetty9 (Vulnerable code was introduced in version 9.4.37) NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477 CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...) {DSA-4949-1} - jetty9 9.4.39-2 (bug #990578) [stretch] - jetty9 (vulnerable code is not present) - jetty8 - jetty NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 NOTE: https://github.com/eclipse/jetty.project/issues/6277 NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x) CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...) NOT-FOR-US: Eclipse BIRT CVE-2021-34426 RESERVED CVE-2021-34425 RESERVED CVE-2021-34424 RESERVED CVE-2021-34423 RESERVED CVE-2021-34422 RESERVED CVE-2021-34421 RESERVED CVE-2021-34420 RESERVED CVE-2021-34419 RESERVED CVE-2021-34418 RESERVED CVE-2021-34417 RESERVED CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...) NOT-FOR-US: Zoom on-premise Meeting Connector CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...) NOT-FOR-US: Zoom On-Premise Meeting Connector Controller CVE-2021-34414 (The network proxy page on the web portal for the Zoom on-premise Meeti ...) NOT-FOR-US: Zoom On-Premise Meeting Connector Controller CVE-2021-34413 (All versions of the Zoom Plugin for Microsoft Outlook for MacOS before ...) NOT-FOR-US: Zoom Plugin for Microsoft Outlook for MacOS CVE-2021-34412 (During the installation process for all versions of the Zoom Client fo ...) NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-34411 (During the installation process forZoom Rooms for Conference Room for ...) NOT-FOR-US: Zoom CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...) NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac CVE-2021-34409 (User-writable pre and post-install scripts unpacked during the Zoom Cl ...) NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...) NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-34407 REJECTED CVE-2021-34406 RESERVED CVE-2021-34405 RESERVED CVE-2021-34404 RESERVED CVE-2021-34403 RESERVED CVE-2021-34402 RESERVED CVE-2021-34401 RESERVED CVE-2021-34400 RESERVED CVE-2021-34399 RESERVED CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in ...) NOT-FOR-US: NVIDIA CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...) NOT-FOR-US: NVIDIA CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...) NOT-FOR-US: NVIDIA CVE-2021-34395 (Trusty TLK contains a vulnerability in its access permission settings ...) NOT-FOR-US: Trusty CVE-2021-34394 (Trusty contains a vulnerability in the NVIDIA OTE protocol that is pre ...) NOT-FOR-US: Trusty CVE-2021-34393 (Trusty contains a vulnerability in TSEC TA which deserializes the inco ...) NOT-FOR-US: Trusty CVE-2021-34392 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) NOT-FOR-US: Trusty CVE-2021-34391 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) NOT-FOR-US: Trusty CVE-2021-34390 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) NOT-FOR-US: Trusty CVE-2021-34389 (Trusty contains a vulnerability in NVIDIA OTE protocol message parsing ...) NOT-FOR-US: NVIDIA CVE-2021-34388 (Bootloader contains a vulnerability in NVIDIA TegraBoot where a potent ...) NOT-FOR-US: NVIDIA CVE-2021-34387 (The ARM TrustZone Technology on which Trusty is based on contains a vu ...) NOT-FOR-US: NVIDIA CVE-2021-34386 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) NOT-FOR-US: NVIDIA CVE-2021-34385 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) NOT-FOR-US: Trusty TLK (NVIDIA) CVE-2021-34384 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) NOT-FOR-US: NVIDIA CVE-2021-34383 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) NOT-FOR-US: NVIDIA CVE-2021-34382 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s t ...) NOT-FOR-US: NVIDIA CVE-2021-34381 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function ...) NOT-FOR-US: NVIDIA CVE-2021-34380 (Bootloader contains a vulnerability in NVIDIA MB2 where potential heap ...) NOT-FOR-US: NVIDIA CVE-2021-34379 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34378 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34377 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34376 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34375 (Trusty contains a vulnerability in all trusted applications (TAs) wher ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34374 (Trusty contains a vulnerability in command handlers where the length o ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVID ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...) NOT-FOR-US: Trusty CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...) NOT-FOR-US: Neo4j CVE-2021-34370 (** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/lo ...) NOT-FOR-US: Accela Civic Platform CVE-2021-34369 (** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civi ...) NOT-FOR-US: Accela Civic Platform CVE-2021-34368 REJECTED CVE-2021-34367 REJECTED CVE-2021-34366 REJECTED CVE-2021-34365 REJECTED CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...) NOT-FOR-US: Refined GitHub browser extension CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...) - thefuck 3.29-0.3 (bug #989989) [buster] - thefuck (Minor issue) [stretch] - thefuck (Minor issue) NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31) NOTE: https://github.com/nvbn/thefuck/pull/1206 CVE-2021-34362 RESERVED CVE-2021-34361 RESERVED CVE-2021-34360 RESERVED CVE-2021-34359 RESERVED CVE-2021-34358 RESERVED CVE-2021-34357 RESERVED CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34353 RESERVED CVE-2021-34352 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34350 RESERVED CVE-2021-34349 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34348 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34347 RESERVED CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...) - bluez 5.55-3.1 (bug #989700) [buster] - bluez (Vulnerable code introduced later) [stretch] - bluez (Vulnerable code introduced later) NOTE: https://github.com/bluez/bluez/issues/70 NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548 NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (5.56) CVE-2021-34342 RESERVED - ming NOTE: https://github.com/libming/libming/issues/205 CVE-2021-34341 RESERVED - ming NOTE: https://github.com/libming/libming/issues/204 CVE-2021-34340 RESERVED - ming NOTE: https://github.com/libming/libming/issues/203 CVE-2021-34339 RESERVED - ming NOTE: https://github.com/libming/libming/issues/202 CVE-2021-34338 RESERVED - ming NOTE: https://github.com/libming/libming/issues/201 CVE-2021-34337 RESERVED CVE-2021-34336 RESERVED CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #992707) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 NOTE: https://github.com/Exiv2/exiv2/pull/1750 CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #992706) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p NOTE: https://github.com/Exiv2/exiv2/pull/1766 CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) NOT-FOR-US: JT2Go CVE-2021-3586 RESERVED NOT-FOR-US: Maistra CVE-2021-3585 RESERVED - tripleo-heat-templates NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247 CVE-2021-3584 RESERVED - foreman (bug #663101) CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...) - ansible [bullseye] - ansible (Minor issue) [buster] - ansible (Minor issue) - ansible-base NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412 NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch CVE-2021-34290 RESERVED CVE-2021-34289 RESERVED CVE-2021-34288 RESERVED CVE-2021-34287 RESERVED CVE-2021-34286 RESERVED CVE-2021-34285 RESERVED CVE-2021-34284 RESERVED CVE-2021-34283 RESERVED CVE-2021-34282 RESERVED CVE-2021-34281 RESERVED CVE-2021-34280 (Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer ...) NOT-FOR-US: Polaris Office CVE-2021-34279 RESERVED CVE-2021-34278 RESERVED CVE-2021-34277 RESERVED CVE-2021-34276 RESERVED CVE-2021-34275 RESERVED CVE-2021-34274 RESERVED CVE-2021-34273 (A security flaw in the 'owned' function of a smart contract implementa ...) NOT-FOR-US: BTC2X CVE-2021-34272 (A security flaw in the 'owned' function of a smart contract implementa ...) NOT-FOR-US: RobotCoin CVE-2021-34271 RESERVED CVE-2021-34270 (An integer overflow in the mintToken function of a smart contract impl ...) NOT-FOR-US: Doftcoin CVE-2021-34269 RESERVED CVE-2021-34268 (An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM ...) NOT-FOR-US: STMicroelectronics CVE-2021-34267 (An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM3 ...) NOT-FOR-US: STMicroelectronics CVE-2021-34266 RESERVED CVE-2021-34265 RESERVED CVE-2021-34264 RESERVED CVE-2021-34263 RESERVED CVE-2021-34262 (A buffer overflow vulnerability in the USBH_ParseEPDesc() function of ...) NOT-FOR-US: STMicroelectronics CVE-2021-34261 (An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middle ...) NOT-FOR-US: STMicroelectronics CVE-2021-34260 (A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() funct ...) NOT-FOR-US: STMicroelectronics CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of ...) NOT-FOR-US: STMicroelectronics CVE-2021-34258 RESERVED CVE-2021-34257 RESERVED CVE-2021-34256 RESERVED CVE-2021-34255 RESERVED CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...) NOT-FOR-US: Umbraco CMS CVE-2021-34253 RESERVED CVE-2021-34252 RESERVED CVE-2021-34251 RESERVED CVE-2021-34250 RESERVED CVE-2021-34249 RESERVED CVE-2021-34248 RESERVED CVE-2021-34247 RESERVED CVE-2021-34246 RESERVED CVE-2021-34245 RESERVED CVE-2021-34244 (A cross site request forgery (CSRF) vulnerability was discovered in Ic ...) NOT-FOR-US: Ice Hrm CVE-2021-34243 (A stored cross site scripting (XSS) vulnerability was discovered in Ic ...) NOT-FOR-US: Ice Hrm CVE-2021-34242 RESERVED CVE-2021-34241 RESERVED CVE-2021-34240 RESERVED CVE-2021-34239 RESERVED CVE-2021-34238 RESERVED CVE-2021-34237 RESERVED CVE-2021-34236 RESERVED CVE-2021-34235 RESERVED CVE-2021-34234 RESERVED CVE-2021-34233 RESERVED CVE-2021-34232 RESERVED CVE-2021-34231 RESERVED CVE-2021-34230 RESERVED CVE-2021-34229 RESERVED CVE-2021-34228 (Cross-site scripting in parent_control.htm in TOTOLINK A3002R version ...) NOT-FOR-US: TOTOLINK CVE-2021-34227 RESERVED CVE-2021-34226 RESERVED CVE-2021-34225 RESERVED CVE-2021-34224 RESERVED CVE-2021-34223 (Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1. ...) NOT-FOR-US: TOTOLINK CVE-2021-34222 RESERVED CVE-2021-34221 RESERVED CVE-2021-34220 (Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1. ...) NOT-FOR-US: TOTOLINK CVE-2021-34219 RESERVED CVE-2021-34218 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...) NOT-FOR-US: TOTOLINK CVE-2021-34217 RESERVED CVE-2021-34216 RESERVED CVE-2021-34215 (Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1 ...) NOT-FOR-US: TOTOLINK CVE-2021-34214 RESERVED CVE-2021-34213 RESERVED CVE-2021-34212 RESERVED CVE-2021-34211 RESERVED CVE-2021-34210 RESERVED CVE-2021-34209 RESERVED CVE-2021-34208 RESERVED CVE-2021-34207 (Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20 ...) NOT-FOR-US: TOTOLINK CVE-2021-34206 RESERVED CVE-2021-34205 RESERVED CVE-2021-34204 (D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Cre ...) NOT-FOR-US: D-Link CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...) NOT-FOR-US: D-Link CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...) NOT-FOR-US: D-Link CVE-2021-34201 (D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are ...) NOT-FOR-US: D-Link CVE-2021-34200 RESERVED CVE-2021-34199 RESERVED CVE-2021-34198 RESERVED CVE-2021-34197 RESERVED CVE-2021-34196 RESERVED CVE-2021-34195 RESERVED CVE-2021-34194 RESERVED CVE-2021-34193 RESERVED CVE-2021-34192 RESERVED CVE-2021-34191 RESERVED CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) NOT-FOR-US: Issabel PBX CVE-2021-34189 RESERVED CVE-2021-34188 RESERVED CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...) NOT-FOR-US: Chamilo CVE-2021-34186 RESERVED CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...) NOT-FOR-US: Miniaudio CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...) NOT-FOR-US: Miniaudio CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in s ...) - imagemagick (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3767 CVE-2021-34182 RESERVED CVE-2021-34181 RESERVED CVE-2021-34180 RESERVED CVE-2021-34179 RESERVED CVE-2021-34178 RESERVED CVE-2021-34177 RESERVED CVE-2021-34176 RESERVED CVE-2021-34175 RESERVED CVE-2021-34174 (A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wir ...) NOT-FOR-US: Broadcom CVE-2021-34173 (An attacker can cause a Denial of Service and kernel panic in v4.2 and ...) NOT-FOR-US: Espressif CVE-2021-34172 RESERVED CVE-2021-34171 RESERVED CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote attackers to ex ...) NOT-FOR-US: Bandai CVE-2021-34169 RESERVED CVE-2021-34168 RESERVED CVE-2021-34167 RESERVED CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...) NOT-FOR-US: Sourcecodester CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...) NOT-FOR-US: Sourcecodester CVE-2021-34164 RESERVED CVE-2021-34163 RESERVED CVE-2021-34162 RESERVED CVE-2021-34161 RESERVED CVE-2021-34160 RESERVED CVE-2021-34159 RESERVED CVE-2021-34158 RESERVED CVE-2021-34157 RESERVED CVE-2021-34156 RESERVED CVE-2021-34155 RESERVED CVE-2021-34154 RESERVED CVE-2021-34153 RESERVED CVE-2021-34152 RESERVED CVE-2021-34151 RESERVED CVE-2021-34150 (The Bluetooth Classic implementation on Bluetrum AB5301A devices with ...) NOT-FOR-US: Bluetrum CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC256XCQ ...) NOT-FOR-US: Texas Instruments CC256XCQFN-EM CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) NOT-FOR-US: Cypress CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) NOT-FOR-US: Cypress CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...) NOT-FOR-US: Cypress CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) NOT-FOR-US: Cypress CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_ ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-34142 RESERVED CVE-2021-34141 RESERVED CVE-2021-34140 RESERVED CVE-2021-34139 RESERVED CVE-2021-34138 RESERVED CVE-2021-34137 RESERVED CVE-2021-34136 RESERVED CVE-2021-34135 RESERVED CVE-2021-34134 RESERVED CVE-2021-34133 RESERVED CVE-2021-34132 RESERVED CVE-2021-34131 RESERVED CVE-2021-34130 RESERVED CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary f ...) NOT-FOR-US: LaikeTui CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary ...) NOT-FOR-US: LaikeTui CVE-2021-34127 RESERVED CVE-2021-34126 RESERVED CVE-2021-34125 RESERVED CVE-2021-34124 RESERVED CVE-2021-34123 RESERVED CVE-2021-34122 RESERVED CVE-2021-34121 RESERVED CVE-2021-34120 RESERVED CVE-2021-34119 RESERVED CVE-2021-34118 RESERVED CVE-2021-34117 RESERVED CVE-2021-34116 RESERVED CVE-2021-34115 RESERVED CVE-2021-34114 RESERVED CVE-2021-34113 RESERVED CVE-2021-34112 RESERVED CVE-2021-34111 RESERVED CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...) NOT-FOR-US: WinWaste.NET CVE-2021-34109 RESERVED CVE-2021-34108 RESERVED CVE-2021-34107 RESERVED CVE-2021-34106 RESERVED CVE-2021-34105 RESERVED CVE-2021-34104 RESERVED CVE-2021-34103 RESERVED CVE-2021-34102 RESERVED CVE-2021-34101 RESERVED CVE-2021-34100 RESERVED CVE-2021-34099 RESERVED CVE-2021-34098 RESERVED CVE-2021-34097 RESERVED CVE-2021-34096 RESERVED CVE-2021-34095 RESERVED CVE-2021-34094 RESERVED CVE-2021-34093 RESERVED CVE-2021-34092 RESERVED CVE-2021-34091 RESERVED CVE-2021-34090 RESERVED CVE-2021-34089 RESERVED CVE-2021-34088 RESERVED CVE-2021-34087 RESERVED CVE-2021-34086 RESERVED CVE-2021-34085 RESERVED CVE-2021-34084 RESERVED CVE-2021-34083 RESERVED CVE-2021-34082 RESERVED CVE-2021-34081 RESERVED CVE-2021-34080 RESERVED CVE-2021-34079 RESERVED CVE-2021-34078 RESERVED CVE-2021-34077 RESERVED CVE-2021-34076 RESERVED CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, there is ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remot ...) NOT-FOR-US: PandoraFMS CVE-2021-34073 RESERVED CVE-2021-34072 RESERVED CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) NOT-FOR-US: tsMuxer CVE-2021-34070 (Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denia ...) NOT-FOR-US: tsMuxer CVE-2021-34069 (Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denia ...) NOT-FOR-US: tsMuxer CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) NOT-FOR-US: tsMuxer CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) NOT-FOR-US: tsMuxer CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...) NOT-FOR-US: EdgeGallery/developer CVE-2021-34065 RESERVED CVE-2021-34064 RESERVED CVE-2021-34063 RESERVED CVE-2021-34062 RESERVED CVE-2021-34061 RESERVED CVE-2021-34060 RESERVED CVE-2021-34059 RESERVED CVE-2021-34058 RESERVED CVE-2021-34057 RESERVED CVE-2021-34056 RESERVED CVE-2021-34055 RESERVED CVE-2021-34054 RESERVED CVE-2021-34053 RESERVED CVE-2021-34052 RESERVED CVE-2021-34051 RESERVED CVE-2021-34050 RESERVED CVE-2021-34049 RESERVED CVE-2021-34048 RESERVED CVE-2021-34047 RESERVED CVE-2021-34046 RESERVED CVE-2021-34045 RESERVED CVE-2021-34044 RESERVED CVE-2021-34043 RESERVED CVE-2021-34042 RESERVED CVE-2021-34041 RESERVED CVE-2021-34040 RESERVED CVE-2021-34039 RESERVED CVE-2021-34038 RESERVED CVE-2021-34037 RESERVED CVE-2021-34036 RESERVED CVE-2021-34035 RESERVED CVE-2021-34034 RESERVED CVE-2021-34033 RESERVED CVE-2021-34032 RESERVED CVE-2021-34031 RESERVED CVE-2021-34030 RESERVED CVE-2021-34029 RESERVED CVE-2021-34028 RESERVED CVE-2021-34027 RESERVED CVE-2021-34026 RESERVED CVE-2021-34025 RESERVED CVE-2021-34024 RESERVED CVE-2021-34023 RESERVED CVE-2021-34022 RESERVED CVE-2021-34021 RESERVED CVE-2021-34020 RESERVED CVE-2021-34019 RESERVED CVE-2021-34018 RESERVED CVE-2021-34017 RESERVED CVE-2021-34016 RESERVED CVE-2021-34015 RESERVED CVE-2021-34014 RESERVED CVE-2021-34013 RESERVED CVE-2021-34012 RESERVED CVE-2021-34011 RESERVED CVE-2021-34010 RESERVED CVE-2021-34009 RESERVED CVE-2021-34008 RESERVED CVE-2021-34007 RESERVED CVE-2021-34006 RESERVED CVE-2021-34005 RESERVED CVE-2021-34004 RESERVED CVE-2021-34003 RESERVED CVE-2021-34002 RESERVED CVE-2021-34001 RESERVED CVE-2021-34000 RESERVED CVE-2021-33999 RESERVED CVE-2021-33998 RESERVED CVE-2021-33997 RESERVED CVE-2021-33996 RESERVED CVE-2021-33995 RESERVED CVE-2021-33994 RESERVED CVE-2021-33993 RESERVED CVE-2021-33992 RESERVED CVE-2021-33991 RESERVED CVE-2021-33990 RESERVED CVE-2021-33989 RESERVED CVE-2021-33988 RESERVED CVE-2021-33987 RESERVED CVE-2021-33986 RESERVED CVE-2021-33985 RESERVED CVE-2021-33984 RESERVED CVE-2021-33983 RESERVED CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...) NOT-FOR-US: "Fish | Hunt FL" iOS app CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...) NOT-FOR-US: "Fish | Hunt FL" iOS app CVE-2021-33980 RESERVED CVE-2021-33979 RESERVED CVE-2021-33978 RESERVED CVE-2021-33977 RESERVED CVE-2021-33976 RESERVED CVE-2021-33975 RESERVED CVE-2021-33974 RESERVED CVE-2021-33973 RESERVED CVE-2021-33972 RESERVED CVE-2021-33971 RESERVED CVE-2021-33970 RESERVED CVE-2021-33969 RESERVED CVE-2021-33968 RESERVED CVE-2021-33967 RESERVED CVE-2021-33966 RESERVED CVE-2021-33965 RESERVED CVE-2021-33964 RESERVED CVE-2021-33963 RESERVED CVE-2021-33962 RESERVED CVE-2021-33961 RESERVED CVE-2021-33960 RESERVED CVE-2021-33959 RESERVED CVE-2021-33958 RESERVED CVE-2021-33957 RESERVED CVE-2021-33956 RESERVED CVE-2021-33955 RESERVED CVE-2021-33954 RESERVED CVE-2021-33953 RESERVED CVE-2021-33952 RESERVED CVE-2021-33951 RESERVED CVE-2021-33950 RESERVED CVE-2021-33949 RESERVED CVE-2021-33948 RESERVED CVE-2021-33947 RESERVED CVE-2021-33946 RESERVED CVE-2021-33945 RESERVED CVE-2021-33944 RESERVED CVE-2021-33943 RESERVED CVE-2021-33942 RESERVED CVE-2021-33941 RESERVED CVE-2021-33940 RESERVED CVE-2021-33939 RESERVED CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/420 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33937 RESERVED CVE-2021-33936 RESERVED CVE-2021-33935 RESERVED CVE-2021-33934 RESERVED CVE-2021-33933 RESERVED CVE-2021-33932 RESERVED CVE-2021-33931 RESERVED CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33927 RESERVED CVE-2021-33926 RESERVED CVE-2021-33925 RESERVED CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...) NOT-FOR-US: Confluent Ansible CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...) NOT-FOR-US: Confluent Ansible CVE-2021-33922 RESERVED CVE-2021-33921 RESERVED CVE-2021-33920 RESERVED CVE-2021-33919 RESERVED CVE-2021-33918 RESERVED CVE-2021-33917 RESERVED CVE-2021-33916 RESERVED CVE-2021-33915 RESERVED CVE-2021-33914 RESERVED CVE-2021-33913 RESERVED CVE-2021-33912 RESERVED CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...) NOT-FOR-US: Zoho CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 ...) {DSA-4942-1 DLA-2715-1} - systemd 247.3-6 NOTE: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt NOTE: Introduced by: https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2 (v220) NOTE: Fixed by: https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9 NOTE: Fixed by: https://github.com/systemd/systemd/commit/4e2544c30bfb95e7cb4d1551ba066b1a56520ad6 (comment fix) NOTE: https://github.com/systemd/systemd/pull/20256 CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 do ...) {DSA-4941-1 DLA-2714-1 DLA-2713-1} - linux 5.10.46-2 NOTE: https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt NOTE: https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b CVE-2021-33908 RESERVED CVE-2021-3587 REJECTED CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device] RESERVED - qemu 1:5.2+dfsg-11 (bug #990565) [buster] - qemu (Minor issue) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...) NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-33906 RESERVED CVE-2021-33905 RESERVED CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the security/hos ...) NOT-FOR-US: Accela Civic Platform CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...) NOT-FOR-US: LANCOM CVE-2021-33902 RESERVED CVE-2021-33901 RESERVED CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that configured Star ...) - apache-directory-studio (bug #733044) NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1 CVE-2021-33899 RESERVED CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...) NOT-FOR-US: Invoice Ninja CVE-2021-33897 RESERVED CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...) - dino-im 0.2.0-3 [buster] - dino-im (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2 NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master) NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1) CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...) NOT-FOR-US: ETINET CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...) NOT-FOR-US: Progress MOVEit CVE-2021-33893 RESERVED CVE-2021-33892 RESERVED CVE-2021-33891 RESERVED CVE-2021-33890 RESERVED CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overfl ...) NOT-FOR-US: OpenThread wpantund CVE-2021-33888 RESERVED CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to ...) NOT-FOR-US: Peloton TTR01 CVE-2021-33886 (An improper sanitization of input vulnerability in B. Braun SpaceCom2 ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33885 (An Insufficient Verification of Data Authenticity vulnerability in B. ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33884 (An Unrestricted Upload of File with Dangerous Type vulnerability in B. ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33883 (A Cleartext Transmission of Sensitive Information vulnerability in B. ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33882 (A Missing Authentication for Critical Function vulnerability in B. Bra ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a w ...) NOT-FOR-US: NXP CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...) - python-websockets 9.1-1 (bug #989561) [buster] - python-websockets (Vulnerable code introduced in 8.0) [stretch] - python-websockets (Vulnerable code introduced in 8.0) NOTE: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure ...) NOT-FOR-US: Tencent CVE-2021-33878 RESERVED CVE-2021-33877 RESERVED CVE-2021-33876 RESERVED CVE-2021-33875 RESERVED CVE-2021-33874 RESERVED CVE-2021-33873 RESERVED CVE-2021-33872 RESERVED CVE-2021-33871 RESERVED CVE-2021-33870 RESERVED CVE-2021-33869 RESERVED CVE-2021-33868 RESERVED CVE-2021-33867 RESERVED CVE-2021-33866 RESERVED CVE-2021-33865 RESERVED CVE-2021-33864 RESERVED CVE-2021-33863 RESERVED CVE-2021-33862 RESERVED CVE-2021-33861 RESERVED CVE-2021-33860 RESERVED CVE-2021-33859 RESERVED CVE-2021-33858 RESERVED CVE-2021-33857 RESERVED CVE-2021-33856 RESERVED CVE-2021-33855 RESERVED CVE-2021-33854 RESERVED CVE-2021-33853 RESERVED CVE-2021-33852 RESERVED CVE-2021-33851 RESERVED CVE-2021-33850 RESERVED CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...) NOT-FOR-US: Zoho CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions & ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled ...) {DSA-4933-1 DLA-2760-1} - nettle 3.7.3-1 (bug #989631) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983 NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c CVE-2021-33844 RESERVED CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...) NOT-FOR-US: Circutor SGE-PLC1000 firmware CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...) NOT-FOR-US: SGE-PLC1000 device CVE-2021-23210 RESERVED CVE-2021-23172 RESERVED CVE-2021-23159 RESERVED CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...) NOT-FOR-US: Luca CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) NOT-FOR-US: Luca CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) NOT-FOR-US: Luca CVE-2021-33837 RESERVED CVE-2021-33836 RESERVED CVE-2021-33835 RESERVED CVE-2021-33834 RESERVED CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...) - connman 1.36-2.2 (bug #989662) [buster] - connman 1.36-2.1~deb10u2 [stretch] - connman (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c CVE-2021-33832 RESERVED CVE-2021-33831 (api/account/register in the TH Wildau COVID-19 Contact Tracing applica ...) NOT-FOR-US: TH Wildau COVID-19 Contact Tracing App (Germany) CVE-2021-33830 RESERVED CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) - ckeditor 4.16.0+dfsg-2 [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Fix along next DLA) NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed CVE-2021-33828 RESERVED CVE-2021-33827 RESERVED CVE-2021-33826 RESERVED CVE-2021-33825 RESERVED CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) NOT-FOR-US: MOXA CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) NOT-FOR-US: MOXA CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...) NOT-FOR-US: 4GEE ROUTER HH70VB CVE-2021-33821 RESERVED CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) NOT-FOR-US: UniFi Protect G3 FLEX Camera CVE-2021-33819 RESERVED CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) NOT-FOR-US: UniFi Protect G3 FLEX Camera CVE-2021-33817 RESERVED CVE-2021-33816 RESERVED CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...) [experimental] - ffmpeg - ffmpeg (Vulnerable code not present, introduced in cc85ca1cb34) NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 CVE-2021-33814 RESERVED CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...) {DLA-2712-1 DLA-2696-1} - libjdom2-intellij-java (bug #990673) [bullseye] - libjdom2-intellij-java (Minor issue) [buster] - libjdom2-intellij-java (Minor issue) - libjdom2-java 2.0.6-2.1 (bug #990671) [buster] - libjdom2-java (Minor issue) - libjdom1-java 1.1.3-2.1 (bug #990672) [buster] - libjdom1-java (Minor issue) NOTE: https://github.com/hunterhacker/jdom/pull/188 NOTE: https://alephsecurity.com/vulns/aleph-2021003 NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e NOTE: Possible regression impact: https://github.com/hunterhacker/jdom/pull/188#issuecomment-872685011 NOTE: Improved regression with: https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361 NOTE: https://github.com/hunterhacker/jdom/commit/07f316957b59d305f04c7bdb26292852bcbc2eb5 CVE-2021-33812 RESERVED CVE-2021-33811 RESERVED CVE-2021-33810 RESERVED CVE-2021-33809 RESERVED CVE-2021-33808 RESERVED CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...) NOT-FOR-US: Cartadis Gespage CVE-2021-3579 RESERVED CVE-2021-3578 [possible remote code execution in isync/mbsync] RESERVED - isync 1.3.0-2.2 (bug #989564) [buster] - isync 1.3.0-2.2~deb10u1 [stretch] - isync (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1 CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...) NOT-FOR-US: BDew BdLib library CVE-2021-33805 REJECTED CVE-2021-3577 RESERVED CVE-2021-3576 RESERVED CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS] RESERVED - openjpeg2 (bug #989775) [bullseye] - openjpeg2 (Minor issue) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1347 CVE-2021-3574 RESERVED CVE-2021-33804 RESERVED CVE-2021-33803 RESERVED CVE-2021-33802 RESERVED CVE-2021-33801 RESERVED CVE-2021-33800 RESERVED CVE-2021-33799 RESERVED CVE-2021-33798 RESERVED CVE-2021-33797 RESERVED CVE-2021-33796 RESERVED CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2 CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...) NOT-FOR-US: Foxit CVE-2021-33794 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow informat ...) NOT-FOR-US: Foxit Reader CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) NOT-FOR-US: Foxit Reader CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) NOT-FOR-US: Foxit CVE-2021-3572 [Don't split git references on unicode separators #9827] RESERVED - python-pip 20.3.4-2 [buster] - python-pip (Minor issue) [stretch] - python-pip (Minor issue. Fix along with next DLA) NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957 NOTE: https://github.com/pypa/pip/pull/9827 NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1) CVE-2021-33791 REJECTED CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...) - linuxptp 3.1-2.1 (bug #990749) [buster] - linuxptp (Vulnerable code introduced later, transparent clock implementation in v2.0) [stretch] - linuxptp (Vulnerable code introduced later, transparent clock implementation in v2.0) NOTE: https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15 (master) NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...) {DSA-4938-1 DLA-2723-1} - linuxptp 3.1-2.1 (bug #990748) NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master) NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1) NOTE: https://github.com/richardcochran/linuxptp/commit/c15da0756d9b0ad9c0b9307c4a8685b490b76485 (v1.9.3) NOTE: https://github.com/richardcochran/linuxptp/commit/7795df89dd4f94e0f55959dc61a85535d0f01cae (v1.8.1) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...) NOT-FOR-US: RebornCore CVE-2021-33789 RESERVED CVE-2021-33788 (Windows LSA Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33787 RESERVED CVE-2021-33786 (Windows LSA Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33785 (Windows AF_UNIX Socket Provider Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33784 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-33783 (Windows SMB Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33782 (Windows Authenticode Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33781 (Azure AD Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33780 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-33779 (Windows ADFS Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33778 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-33777 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-33776 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-33775 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-33774 (Windows Event Tracing Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33773 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-33772 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) NOT-FOR-US: Microsoft CVE-2021-33771 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-33770 RESERVED CVE-2021-33769 RESERVED CVE-2021-33768 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-33767 (Open Enclave SDK Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33766 (Microsoft Exchange Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33765 (Windows Installer Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) NOT-FOR-US: Microsoft CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33759 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33758 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-33757 (Windows Security Account Manager Remote Protocol Security Feature Bypa ...) NOT-FOR-US: Microsoft CVE-2021-33756 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-33755 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-33754 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-33753 (Microsoft Bing Search Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33752 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-33751 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft CVE-2021-33750 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-33749 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-33748 RESERVED CVE-2021-33747 RESERVED CVE-2021-33746 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-33745 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-33744 (Windows Secure Kernel Mode Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33743 (Windows Projected File System Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33740 (Windows Media Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.7.2 a ...) - libtpms 0.8.2-1 NOTE: https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b (v0.8.0) NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2) CVE-2021-3568 RESERVED CVE-2021-3567 RESERVED - caribou 0.4.21-7.1 (bug #980061) [buster] - caribou (Security impact only with cinnamon-screensaver >= 4.2) [stretch] - caribou (Security impact only with cinnamon-screensaver >= 4.2) NOTE: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060 NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3 NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6 CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: JT2Go CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...) NOT-FOR-US: Siemens CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens CVE-2021-33719 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix Applications CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: JT2Go CVE-2021-33716 (A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS ...) NOT-FOR-US: Siemens CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...) NOT-FOR-US: Mendix SAML Module CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) NOT-FOR-US: Siemens CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) NOT-FOR-US: Siemens CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) NOT-FOR-US: Siemens CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can ...) NOT-FOR-US: Kyma CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...) NOT-FOR-US: SAP CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...) NOT-FOR-US: InfraBox CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...) NOT-FOR-US: SAP CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...) NOT-FOR-US: SAP CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...) NOT-FOR-US: NetWeaver CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...) NOT-FOR-US: NetWeaver CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...) NOT-FOR-US: SAP CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access ...) NOT-FOR-US: SAP CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...) NOT-FOR-US: Android CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...) NOT-FOR-US: SAP CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...) NOT-FOR-US: SAP CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...) NOT-FOR-US: SAP CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...) NOT-FOR-US: SAP CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...) NOT-FOR-US: SAP CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...) NOT-FOR-US: SAP CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as ...) NOT-FOR-US: SAP CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...) NOT-FOR-US: SAP CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in ...) NOT-FOR-US: SAP CVE-2021-33689 (When user with insufficient privileges tries to access any application ...) NOT-FOR-US: SAP CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...) NOT-FOR-US: SAP CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30 ...) NOT-FOR-US: SAP CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, allows an u ...) NOT-FOR-US: SAP CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized attacker t ...) NOT-FOR-US: SAP CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7. ...) NOT-FOR-US: SAP CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), versions ...) NOT-FOR-US: SAP CVE-2021-33682 (SAP Lumira Server version 2.4 does not sufficiently encode user contro ...) NOT-FOR-US: SAP CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an attacker, ...) NOT-FOR-US: SAP CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), ...) NOT-FOR-US: SAP CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, ...) NOT-FOR-US: SAP CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 7 ...) NOT-FOR-US: SAP CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, does not s ...) NOT-FOR-US: SAP CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, does not s ...) NOT-FOR-US: SAP CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 700,does not su ...) NOT-FOR-US: SAP CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication Desktop ...) NOT-FOR-US: SAP CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), versions - 7 ...) NOT-FOR-US: SAP CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - ...) NOT-FOR-US: SAP CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider allows a ...) NOT-FOR-US: SAP CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP queries can ...) NOT-FOR-US: SAP CVE-2021-33667 (Under certain conditions, SAP Business Objects Web Intelligence (BI La ...) NOT-FOR-US: SAP CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it ...) NOT-FOR-US: SAP CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on SAP GUI f ...) NOT-FOR-US: SAP CVE-2021-33664 (SAP NetWeaver Application Server ABAP (Applications based on Web Dynpr ...) NOT-FOR-US: SAP CVE-2021-33663 (SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - ...) NOT-FOR-US: SAP CVE-2021-33662 (Under certain conditions, the installation of SAP Business One, versio ...) NOT-FOR-US: SAP CVE-2021-33661 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33658 RESERVED CVE-2021-33657 RESERVED CVE-2021-33656 RESERVED CVE-2021-33655 RESERVED CVE-2021-33654 RESERVED CVE-2021-33653 RESERVED CVE-2021-33652 RESERVED CVE-2021-33651 RESERVED CVE-2021-33650 RESERVED CVE-2021-33649 RESERVED CVE-2021-33648 RESERVED CVE-2021-33647 RESERVED CVE-2021-33646 RESERVED CVE-2021-33645 RESERVED CVE-2021-33644 RESERVED CVE-2021-33643 RESERVED CVE-2021-33642 RESERVED CVE-2021-33641 RESERVED CVE-2021-33640 RESERVED CVE-2021-33639 RESERVED CVE-2021-33638 RESERVED CVE-2021-33637 RESERVED CVE-2021-33636 RESERVED CVE-2021-33635 RESERVED CVE-2021-33634 RESERVED CVE-2021-33633 RESERVED CVE-2021-33632 RESERVED CVE-2021-33631 RESERVED CVE-2021-33630 RESERVED CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...) NOT-FOR-US: isula-build CVE-2021-33628 RESERVED CVE-2021-33627 RESERVED CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not cor ...) NOT-FOR-US: Insyde CVE-2021-33625 RESERVED CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...) {DLA-2785-1} - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1 CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...) NOT-FOR-US: Node.js trim-newlines package CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...) - singularity-container (bug #990201) NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- CVE-2021-33621 RESERVED CVE-2021-33619 RESERVED CVE-2021-33618 RESERVED CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-33616 RESERVED CVE-2021-33615 RESERVED CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch CVE-2021-33614 RESERVED CVE-2021-33613 RESERVED CVE-2021-33612 RESERVED CVE-2021-33611 RESERVED CVE-2021-33610 RESERVED CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...) NOT-FOR-US: Vaadin CVE-2021-33608 RESERVED CVE-2021-33607 RESERVED CVE-2021-33606 RESERVED CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...) NOT-FOR-US: com.vaadin:vaadin-checkbox-flow CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...) NOT-FOR-US: com.vaadin:flow-server CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...) NOT-FOR-US: F-Secure CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...) NOT-FOR-US: F-Secure CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...) NOT-FOR-US: F-Secure CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...) NOT-FOR-US: F-Secure Antivirus CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...) NOT-FOR-US: F-Secure CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...) NOT-FOR-US: F-Secure CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Browser fo ...) NOT-FOR-US: Safe Browser for iOS CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...) NOT-FOR-US: Safe Browser for Android CVE-2021-33593 RESERVED CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...) NOT-FOR-US: NAVER Toolbar CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...) NOT-FOR-US: Naver Comic Viewer CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...) NOT-FOR-US: GattLib CVE-2021-33589 RESERVED CVE-2021-33588 RESERVED CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...) - node-css-what 5.0.1-1 (bug #989264) [bullseye] - node-css-what (Minor issue, intrusive to backport fixes to older series) [buster] - node-css-what (Minor issue, intrusive to backport fixes to older series) [stretch] - node-css-what (Nodejs in stretch not covered by security support) NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655 NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1 CVE-2021-33585 RESERVED CVE-2021-33584 RESERVED CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa pas ...) NOT-FOR-US: REINER CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...) - cyrus-imapd 3.4.2-1 (bug #993433) [bullseye] - cyrus-imapd 3.2.6-2+deb11u1 [buster] - cyrus-imapd 3.0.8-6+deb10u6 [stretch] - cyrus-imapd (Minor issue; can be fixed via point release) - cyrus-imapd-2.4 NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master) CVE-2021-33581 RESERVED CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...) NOT-FOR-US: Apache Roller CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...) - inspircd 3.8.1-2 (bug #989144) [buster] - inspircd (Vulnerable code not present) [stretch] - inspircd (Vulnerable code not present) NOTE: https://docs.inspircd.org/security/2021-01/ NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...) {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg (Wait for 4.1.8) NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532 CVE-2021-33579 RESERVED CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...) NOT-FOR-US: Echo ShareCare CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...) NOT-FOR-US: Cleo LexiCom CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...) NOT-FOR-US: Cleo LexiCom CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...) NOT-FOR-US: ruby-jss gem CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...) [experimental] - glibc 2.32-0experimental0 - glibc 2.32-1 (bug #989147) [bullseye] - glibc (Minor issue) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 NOTE: When fixing this issue the fix needs to be applied such that CVE-2021-38604 NOTE: is not opened, CVE-2021-38604 information: NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 CVE-2021-33573 RESERVED CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...) NOT-FOR-US: F-Secure CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...) {DLA-2676-1} - python-django 2:2.2.24-1 (bug #989394) NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main) NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24) CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...) NOT-FOR-US: Postbird CVE-2021-33569 RESERVED CVE-2021-33568 RESERVED CVE-2021-33567 RESERVED CVE-2021-33566 RESERVED CVE-2021-33565 RESERVED CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3 ...) - tpm2-tools 5.0-2 (bug #989148) [buster] - tpm2-tools (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427 NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738 NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0 ...) NOT-FOR-US: Dragonfly gem CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...) NOT-FOR-US: Koel CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...) NOT-FOR-US: Shopizer CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...) NOT-FOR-US: Shopizer CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...) {DLA-2691-1} - libgcrypt20 1.8.7-6 [buster] - libgcrypt20 1.8.4-5+deb10u1 NOTE: https://dev.gnupg.org/T5328 NOTE: https://eprint.iacr.org/2021/923.pdf NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9.x) NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8.x) NOTE: See notes on CVE-2021-40528 on the confusion about swapping of scope of NOTE: CVE-2021-40528 and CVE-2021-33560. CVE-2021-33559 RESERVED CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...) - boa CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...) - mantis CVE-2021-33556 RESERVED CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename paramet ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-33554 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33553 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33552 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33551 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33550 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33549 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33548 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33547 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33546 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33545 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33544 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33543 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) NOT-FOR-US: UDP Technology CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...) NOT-FOR-US: Phoenix CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...) NOT-FOR-US: Phoenix CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...) NOT-FOR-US: Phoenix CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) NOT-FOR-US: MB connect line CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) NOT-FOR-US: MB connect line CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...) NOT-FOR-US: EyesOfNetwork (EON) eonweb CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1 CVE-2021-33524 RESERVED CVE-2021-33523 RESERVED CVE-2021-33522 RESERVED CVE-2021-33521 RESERVED CVE-2021-33520 RESERVED CVE-2021-33519 RESERVED CVE-2021-33518 RESERVED CVE-2021-33517 RESERVED CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...) [experimental] - gupnp 1.2.7-1 - gupnp (bug #989098) [bullseye] - gupnp (Minor issue) [buster] - gupnp (Minor issue) [stretch] - gupnp (Minor issue) NOTE: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9 (gupnp-1.0) NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) - dovecot 1:2.3.13+dfsg1-2 (bug #990566) [buster] - dovecot (Minor issue, fix along with next update) [stretch] - dovecot (Vulnerable code (smtp_server_command queue) introduced later) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2 CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in Products ...) NOT-FOR-US: Plone CVE-2021-33512 (Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by up ...) NOT-FOR-US: Plone CVE-2021-33511 (Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo ...) NOT-FOR-US: Plone CVE-2021-33510 (Plone through 5.2.4 allows remote authenticated managers to conduct SS ...) NOT-FOR-US: Plone CVE-2021-33509 (Plone through 5.2.4 allows remote authenticated managers to perform di ...) NOT-FOR-US: Plone CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandled duri ...) NOT-FOR-US: Plone CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...) NOT-FOR-US: Zope Products.CMFCore (as used in Plone) CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...) NOT-FOR-US: jitsi-meet-prosody CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...) - falco (bug #842306) CVE-2021-33504 RESERVED CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...) - python-urllib3 1.26.5-1~exp1 (bug #989848) [buster] - python-urllib3 (Minor issue) [stretch] - python-urllib3 (Intrusive to backport) NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...) - node-got 11.8.1+~cs53.13.17-3 (bug #989258) [buster] - node-got (Vulnerable code introduced later) NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1 NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103 CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...) NOT-FOR-US: Overwolf CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...) - putty (Windows-specific) CVE-2021-33499 RESERVED CVE-2021-33498 RESERVED CVE-2021-3563 RESERVED - keystone (bug #989998) [bullseye] - keystone (Minor issue) [buster] - keystone (Minor issue) [stretch] - keystone (Keystone is not supported in stretch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908 NOTE: https://bugs.launchpad.net/keystone/+bug/1901891 CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...) NOT-FOR-US: Dutchcoders transfer.sh CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...) NOT-FOR-US: Dutchcoders transfer.sh CVE-2021-33495 RESERVED CVE-2021-33494 RESERVED CVE-2021-33493 RESERVED CVE-2021-33492 RESERVED CVE-2021-33491 RESERVED CVE-2021-33490 RESERVED CVE-2021-33489 RESERVED CVE-2021-33488 RESERVED CVE-2021-33487 RESERVED CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...) NOT-FOR-US: CODESYS V3 Runtime Toolkit for VxWorks CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffe ...) NOT-FOR-US: CODESYS Control Runtime CVE-2021-3562 RESERVED CVE-2021-33484 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) NOT-FOR-US: OnyakTech Comments Pro DNN Module CVE-2021-33483 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) NOT-FOR-US: OnyakTech Comments Pro DNN Module CVE-2021-33482 RESERVED CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...) NOT-FOR-US: Broadcom CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...) {DLA-2778-1} - fig2dev 1:3.2.8-3 [buster] - fig2dev 1:3.2.7a-5+deb10u4 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/116/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/ NOTE: Depends on CVE-2019-19797 fix CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()] RESERVED - policykit-1 0.105-31 (bug #989429) [buster] - policykit-1 (Vulnerable code introduced later) [stretch] - policykit-1 (Vulnerable code introduced later) NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38 NOTE: Debian backported 0.113 commits in 0.105-26 NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (0.119) NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1961710 NOTE: https://www.openwall.com/lists/oss-security/2021/06/03/1 NOTE: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ CVE-2021-33476 RESERVED CVE-2021-33475 RESERVED CVE-2021-33474 RESERVED CVE-2021-33473 RESERVED CVE-2021-33472 RESERVED CVE-2021-33471 RESERVED CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: COVID19 Testing Management System CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...) NOT-FOR-US: COVID19 Testing Management System CVE-2021-33468 RESERVED CVE-2021-33467 RESERVED CVE-2021-33466 RESERVED CVE-2021-33465 RESERVED CVE-2021-33464 RESERVED CVE-2021-33463 RESERVED CVE-2021-33462 RESERVED CVE-2021-33461 RESERVED CVE-2021-33460 RESERVED CVE-2021-33459 RESERVED CVE-2021-33458 RESERVED CVE-2021-33457 RESERVED CVE-2021-33456 RESERVED CVE-2021-33455 RESERVED CVE-2021-33454 RESERVED CVE-2021-33453 RESERVED CVE-2021-33452 RESERVED CVE-2021-33451 RESERVED CVE-2021-33450 RESERVED CVE-2021-33449 RESERVED CVE-2021-33448 RESERVED CVE-2021-33447 RESERVED CVE-2021-33446 RESERVED CVE-2021-33445 RESERVED CVE-2021-33444 RESERVED CVE-2021-33443 RESERVED CVE-2021-33442 RESERVED CVE-2021-33441 RESERVED CVE-2021-33440 RESERVED CVE-2021-33439 RESERVED CVE-2021-33438 RESERVED CVE-2021-33437 RESERVED CVE-2021-33436 RESERVED CVE-2021-33435 RESERVED CVE-2021-33434 RESERVED CVE-2021-33433 RESERVED CVE-2021-33432 RESERVED CVE-2021-33431 RESERVED CVE-2021-33430 RESERVED CVE-2021-33429 RESERVED CVE-2021-33428 RESERVED CVE-2021-33427 RESERVED CVE-2021-33426 RESERVED CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...) NOT-FOR-US: OpenWRT LuCI CVE-2021-33424 RESERVED CVE-2021-33423 RESERVED CVE-2021-33422 RESERVED CVE-2021-33421 RESERVED CVE-2021-33420 RESERVED CVE-2021-33419 RESERVED CVE-2021-33418 RESERVED CVE-2021-33417 RESERVED CVE-2021-33416 RESERVED CVE-2021-33415 RESERVED CVE-2021-33414 RESERVED CVE-2021-33413 RESERVED CVE-2021-33412 RESERVED CVE-2021-33411 RESERVED CVE-2021-33410 RESERVED CVE-2021-33409 RESERVED CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio Control>Center befo ...) NOT-FOR-US: Ab Initio CVE-2021-33407 RESERVED CVE-2021-33406 RESERVED CVE-2021-33405 RESERVED CVE-2021-33404 RESERVED CVE-2021-33403 (An integer overflow in the transfer function of a smart contract imple ...) NOT-FOR-US: Lancer CVE-2021-33402 RESERVED CVE-2021-33401 RESERVED CVE-2021-33400 RESERVED CVE-2021-33399 RESERVED CVE-2021-33398 RESERVED CVE-2021-33397 RESERVED CVE-2021-33396 RESERVED CVE-2021-33395 RESERVED CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...) NOT-FOR-US: Cubecart CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/bac ...) NOT-FOR-US: IPFire CVE-2021-33392 RESERVED CVE-2021-33391 RESERVED CVE-2021-33390 RESERVED CVE-2021-33389 RESERVED CVE-2021-33388 RESERVED CVE-2021-33387 RESERVED CVE-2021-33386 RESERVED CVE-2021-33385 RESERVED CVE-2021-33384 RESERVED CVE-2021-33383 RESERVED CVE-2021-33382 RESERVED CVE-2021-33381 RESERVED CVE-2021-33380 RESERVED CVE-2021-33379 RESERVED CVE-2021-33378 RESERVED CVE-2021-33377 RESERVED CVE-2021-33376 RESERVED CVE-2021-33375 RESERVED CVE-2021-33374 RESERVED CVE-2021-33373 RESERVED CVE-2021-33372 RESERVED CVE-2021-33371 RESERVED CVE-2021-33370 RESERVED CVE-2021-33369 RESERVED CVE-2021-33368 RESERVED CVE-2021-33367 RESERVED CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...) - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf NOTE: https://github.com/gpac/gpac/issues/1785 NOTE: Negligible security impact CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...) - gpac (unimportant) NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5 NOTE: https://github.com/gpac/gpac/issues/1784 NOTE: Negligible security impact CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...) - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7 NOTE: https://github.com/gpac/gpac/issues/1783 NOTE: Negligible security impact CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...) - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9 NOTE: https://github.com/gpac/gpac/issues/1786 NOTE: Negligible security impact CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d NOTE: https://github.com/gpac/gpac/issues/1780 CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...) - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f NOTE: https://github.com/gpac/gpac/issues/1782 NOTE: Negligible security impact CVE-2021-33360 RESERVED CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthen ...) NOT-FOR-US: gowitness CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...) NOT-FOR-US: RaspAP CVE-2021-33357 (A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET param ...) NOT-FOR-US: RaspAP CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 c ...) NOT-FOR-US: RaspAP CVE-2021-33355 RESERVED CVE-2021-33354 RESERVED CVE-2021-33353 RESERVED CVE-2021-33352 RESERVED CVE-2021-33351 RESERVED CVE-2021-33350 RESERVED CVE-2021-33349 RESERVED CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...) NOT-FOR-US: JFinal CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...) NOT-FOR-US: JPress CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK ...) NOT-FOR-US: D-LINK CVE-2021-33345 RESERVED CVE-2021-33344 RESERVED CVE-2021-33343 RESERVED CVE-2021-33342 RESERVED CVE-2021-33341 RESERVED CVE-2021-33340 RESERVED CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...) NOT-FOR-US: Liferay CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...) NOT-FOR-US: Liferay CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...) NOT-FOR-US: Liferay CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...) NOT-FOR-US: Liferay CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...) NOT-FOR-US: Liferay CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...) NOT-FOR-US: Liferay CVE-2021-33333 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) NOT-FOR-US: Liferay CVE-2021-33332 (Cross-site scripting (XSS) vulnerability in the Portlet Configuration ...) NOT-FOR-US: Liferay CVE-2021-33331 (Open redirect vulnerability in the Notifications module in Liferay Por ...) NOT-FOR-US: Liferay CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pac ...) NOT-FOR-US: Liferay CVE-2021-33329 RESERVED CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's edit vo ...) NOT-FOR-US: Liferay CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 ...) NOT-FOR-US: Liferay CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS module in ...) NOT-FOR-US: Liferay CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) NOT-FOR-US: Liferay CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay D ...) NOT-FOR-US: Liferay CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, ...) NOT-FOR-US: Liferay CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pa ...) NOT-FOR-US: Liferay CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, ...) NOT-FOR-US: Liferay CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP ...) NOT-FOR-US: Liferay CVE-2021-33319 RESERVED CVE-2021-33318 RESERVED CVE-2021-33317 RESERVED CVE-2021-33316 RESERVED CVE-2021-33315 RESERVED CVE-2021-33314 RESERVED CVE-2021-33313 RESERVED CVE-2021-33312 RESERVED CVE-2021-33311 RESERVED CVE-2021-33310 RESERVED CVE-2021-33309 RESERVED CVE-2021-33308 RESERVED CVE-2021-33307 RESERVED CVE-2021-33306 RESERVED CVE-2021-33305 RESERVED CVE-2021-33304 RESERVED CVE-2021-33303 RESERVED CVE-2021-33302 RESERVED CVE-2021-33301 RESERVED CVE-2021-33300 RESERVED CVE-2021-33299 RESERVED CVE-2021-33298 RESERVED CVE-2021-33297 RESERVED CVE-2021-33296 RESERVED CVE-2021-33295 RESERVED CVE-2021-33294 RESERVED CVE-2021-33293 RESERVED CVE-2021-33292 RESERVED CVE-2021-33291 RESERVED CVE-2021-33290 RESERVED CVE-2021-33289 (In NTFS-3G versions < 2021.8.22, when a specially crafted MFT secti ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33288 RESERVED CVE-2021-33287 (In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attrib ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33286 (In NTFS-3G versions < 2021.8.22, when a specially crafted unicode s ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33285 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attr ...) {DSA-4971-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33284 RESERVED CVE-2021-33283 RESERVED CVE-2021-33282 RESERVED CVE-2021-33281 RESERVED CVE-2021-33280 RESERVED CVE-2021-33279 RESERVED CVE-2021-33278 RESERVED CVE-2021-33277 RESERVED CVE-2021-33276 RESERVED CVE-2021-33275 RESERVED CVE-2021-33274 RESERVED CVE-2021-33273 RESERVED CVE-2021-33272 RESERVED CVE-2021-33271 RESERVED CVE-2021-33270 RESERVED CVE-2021-33269 RESERVED CVE-2021-33268 RESERVED CVE-2021-33267 RESERVED CVE-2021-33266 RESERVED CVE-2021-33265 RESERVED CVE-2021-33264 RESERVED CVE-2021-33263 RESERVED CVE-2021-33262 RESERVED CVE-2021-33261 RESERVED CVE-2021-33260 RESERVED CVE-2021-33259 RESERVED CVE-2021-33258 RESERVED CVE-2021-33257 RESERVED CVE-2021-33256 (** DISPUTED ** A CSV injection vulnerability on the login panel of Man ...) NOT-FOR-US: ManageEngine CVE-2021-33255 RESERVED CVE-2021-33254 RESERVED CVE-2021-33253 RESERVED CVE-2021-33252 RESERVED CVE-2021-33251 RESERVED CVE-2021-33250 RESERVED CVE-2021-33249 RESERVED CVE-2021-33248 RESERVED CVE-2021-33247 RESERVED CVE-2021-33246 RESERVED CVE-2021-33245 RESERVED CVE-2021-33244 RESERVED CVE-2021-33243 RESERVED CVE-2021-33242 RESERVED CVE-2021-33241 RESERVED CVE-2021-33240 RESERVED CVE-2021-33239 RESERVED CVE-2021-33238 RESERVED CVE-2021-33237 RESERVED CVE-2021-33236 RESERVED CVE-2021-33235 RESERVED CVE-2021-33234 RESERVED CVE-2021-33233 RESERVED CVE-2021-33232 RESERVED CVE-2021-33231 RESERVED CVE-2021-33230 RESERVED CVE-2021-33229 RESERVED CVE-2021-33228 RESERVED CVE-2021-33227 RESERVED CVE-2021-33226 RESERVED CVE-2021-33225 RESERVED CVE-2021-33224 RESERVED CVE-2021-33223 RESERVED CVE-2021-33222 RESERVED CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...) NOT-FOR-US: HMS Ewon eCatcher CVE-2021-33213 (An SSRF vulnerability in the "Upload from URL" feature in Elements-IT ...) NOT-FOR-US: Elements-IT HTTP Commander CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Browser" fe ...) NOT-FOR-US: Elements-IT HTTP Commander CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...) NOT-FOR-US: Elements-IT HTTP Commander CVE-2021-33210 RESERVED CVE-2021-33209 RESERVED CVE-2021-33208 RESERVED CVE-2021-33207 RESERVED CVE-2021-33206 RESERVED CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...) NOT-FOR-US: Western Digital CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...) - libvirt (Vulnerable code never in a released version) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1) CVE-2021-3558 RESERVED - moodle CVE-2021-3557 RESERVED NOT-FOR-US: Argo CD CVE-2021-3556 REJECTED CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...) - pg-partman 4.5.1-1 (bug #988917) [buster] - pg-partman (Minor issue) [stretch] - pg-partman (Minor issue) NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3 CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...) {DLA-2676-1} - python-django 2:2.2.24-1 (bug #989394) NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main) NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24) CVE-2021-33202 RESERVED CVE-2021-33201 RESERVED CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...) - linux 5.10.40-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/05/27/1 NOTE: Issue introduced due to fixes applied for CVE-2021-29155 CVE-2021-33199 (In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.p ...) NOT-FOR-US: Expression Engine CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...) - golang-1.16 1.16.5-1 - golang-1.15 1.15.9-5 - golang-1.11 - golang-1.8 [stretch] - golang-1.8 (Vulnerable code introduced later) - golang-1.7 [stretch] - golang-1.7 (Vulnerable code introduced later) NOTE: https://github.com/golang/go/issues/45910 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1) CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ...) - golang-1.16 1.16.5-1 - golang-1.15 1.15.9-5 - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 [stretch] - golang-1.8 (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/46313 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15) CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...) - golang-1.16 1.16.5-1 (bug #989492) - golang-1.15 1.15.9-4 - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 [stretch] - golang-1.8 (Minor issue, OOM, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, OOM, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/46242 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10 (1.15) NOTE: Incomplete fix, cf. CVE-2021-39293 CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...) - golang-1.16 1.16.5-1 - golang-1.15 1.15.9-5 - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 [stretch] - golang-1.8 (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/46241 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e (1.15) CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...) - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4 - golang-golang-x-net-dev [stretch] - golang-golang-x-net-dev (Limited support in stretch) NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ NOTE: https://github.com/golang/go/issues/46288 TODO: check completeness CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...) - apache2 2.4.48-4 [bullseye] - apache2 2.4.48-3.1+deb11u1 [buster] - apache2 (Revisit when a suitable backport is available for 2.4.38) [stretch] - apache2 (Revisit when a suitable backport is available for 2.4.25) NOTE: https://portswigger.net/research/http2 NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193 CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...) NOT-FOR-US: Apache Jena Fuseki CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...) NOT-FOR-US: Apache NiFi CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...) NOT-FOR-US: Apache APISIX Dashboard CVE-2021-33481 [stack-based buffer overflow in try_to_divide_boxes() in pgm2asc.c] RESERVED - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/42/ NOTE: Crash in CLI tool, no security impact CVE-2021-33480 [use-after-free in context_correction() in pgm2asc.c] RESERVED - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/40/ NOTE: https://sourceforge.net/p/jocr/bugs/41/ NOTE: Crash in CLI tool, no security impact CVE-2021-33479 [stack-based buffer overflow in measure_pitch() in pgm2asc.c] RESERVED - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/39/ NOTE: Crash in CLI tool, no security impact CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...) {DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1} - rxvt - rxvt-unicode 9.22-11 (bug #988763) [buster] - rxvt-unicode 9.22-6+deb10u1 - mrxvt - eterm 0.9.6-6.1 (bug #989041) [buster] - eterm 0.9.6-5+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1 NOTE: Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20 NOTE: Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 NOTE: Disabled problematic code in: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585 CVE-2021-33189 RESERVED CVE-2021-33188 RESERVED CVE-2021-33187 RESERVED CVE-2021-3555 RESERVED CVE-2021-33186 (SerenityOS in test-crypto.cpp contains a stack buffer overflow which c ...) NOT-FOR-US: SerenityOS CVE-2021-33185 (SerenityOS contains a buffer overflow in the set_range test in TestBit ...) NOT-FOR-US: SerenityOS CVE-2021-33184 (Server-Side request forgery (SSRF) vulnerability in task management co ...) NOT-FOR-US: Synology CVE-2021-33183 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2021-33182 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi component i ...) NOT-FOR-US: Synology CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) NOT-FOR-US: Nagios XI CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) - nagvis TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/ CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) NOT-FOR-US: Nagios XI CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...) NOT-FOR-US: VerneMQ MQTT Broker CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...) NOT-FOR-US: EMQ X Broker CVE-2021-33174 RESERVED CVE-2021-33173 RESERVED CVE-2021-33172 RESERVED CVE-2021-33171 RESERVED CVE-2021-33170 RESERVED CVE-2021-33169 RESERVED CVE-2021-33168 RESERVED CVE-2021-33167 RESERVED CVE-2021-33166 RESERVED CVE-2021-33165 RESERVED CVE-2021-33164 RESERVED CVE-2021-33163 RESERVED CVE-2021-33162 RESERVED CVE-2021-33161 RESERVED CVE-2021-33160 RESERVED CVE-2021-33159 RESERVED CVE-2021-33158 RESERVED CVE-2021-33157 RESERVED CVE-2021-33156 RESERVED CVE-2021-33155 RESERVED CVE-2021-33154 RESERVED CVE-2021-33153 RESERVED CVE-2021-33152 RESERVED CVE-2021-33151 RESERVED CVE-2021-33150 RESERVED CVE-2021-33149 RESERVED CVE-2021-33148 RESERVED CVE-2021-33147 RESERVED CVE-2021-33146 RESERVED CVE-2021-33145 RESERVED CVE-2021-33144 RESERVED CVE-2021-33143 RESERVED CVE-2021-33142 RESERVED CVE-2021-33141 RESERVED CVE-2021-33140 RESERVED CVE-2021-33139 RESERVED CVE-2021-33138 RESERVED CVE-2021-33137 RESERVED CVE-2021-33136 RESERVED CVE-2021-33135 RESERVED CVE-2021-33134 RESERVED CVE-2021-33133 RESERVED CVE-2021-33132 RESERVED CVE-2021-33131 RESERVED CVE-2021-33130 RESERVED CVE-2021-33129 RESERVED CVE-2021-33128 RESERVED CVE-2021-33127 RESERVED CVE-2021-33126 RESERVED CVE-2021-33125 RESERVED CVE-2021-33124 RESERVED CVE-2021-33123 RESERVED CVE-2021-33122 RESERVED CVE-2021-33121 RESERVED CVE-2021-33120 RESERVED CVE-2021-33119 RESERVED CVE-2021-33118 RESERVED CVE-2021-33117 RESERVED CVE-2021-33116 RESERVED CVE-2021-33115 RESERVED CVE-2021-33114 RESERVED CVE-2021-33113 RESERVED CVE-2021-33112 RESERVED CVE-2021-33111 RESERVED CVE-2021-33110 RESERVED CVE-2021-33109 RESERVED CVE-2021-33108 RESERVED CVE-2021-33107 RESERVED CVE-2021-33106 RESERVED CVE-2021-33105 RESERVED CVE-2021-33104 RESERVED CVE-2021-33103 RESERVED CVE-2021-33102 RESERVED CVE-2021-33101 RESERVED CVE-2021-33100 RESERVED CVE-2021-33099 RESERVED CVE-2021-33098 RESERVED CVE-2021-33097 RESERVED CVE-2021-33096 RESERVED CVE-2021-33095 RESERVED CVE-2021-33094 RESERVED CVE-2021-33093 RESERVED CVE-2021-33092 RESERVED CVE-2021-33091 RESERVED CVE-2021-33090 RESERVED CVE-2021-33089 RESERVED CVE-2021-33088 RESERVED CVE-2021-33087 RESERVED CVE-2021-33086 RESERVED CVE-2021-33085 RESERVED CVE-2021-33084 RESERVED CVE-2021-33083 RESERVED CVE-2021-33082 RESERVED CVE-2021-33081 RESERVED CVE-2021-33080 RESERVED CVE-2021-33079 RESERVED CVE-2021-33078 RESERVED CVE-2021-33077 RESERVED CVE-2021-33076 RESERVED CVE-2021-33075 RESERVED CVE-2021-33074 RESERVED CVE-2021-33073 RESERVED CVE-2021-33072 RESERVED CVE-2021-33071 RESERVED CVE-2021-33070 RESERVED CVE-2021-33069 RESERVED CVE-2021-33068 RESERVED CVE-2021-33067 RESERVED CVE-2021-33066 RESERVED CVE-2021-33065 RESERVED CVE-2021-33064 RESERVED CVE-2021-33063 RESERVED CVE-2021-33062 RESERVED CVE-2021-33061 RESERVED CVE-2021-33060 RESERVED CVE-2021-33059 RESERVED CVE-2021-33058 RESERVED CVE-2021-33057 RESERVED CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...) NOT-FOR-US: Belledonne Belle-sip CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...) {DLA-2707-1} - sogo 5.1.1-1 (bug #989479) NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html NOTE: https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html NOTE: Introduced by: https://github.com/inverse-inc/sogo/commit/5487f34b9ee9b9639e3f1d4a7abf4fad2d240d66 (SOGo-2.0.5) NOTE: Fixed by: https://github.com/inverse-inc/sogo/commit/e53636564680ac0df11ec898304bc442908ba746 (SOGo-5.1.1) NOTE: CVE is assigned for the SOGo vulnerability regarding the lasso usage. CVE-2021-33053 RESERVED CVE-2021-33052 RESERVED CVE-2021-33051 RESERVED CVE-2021-33050 RESERVED CVE-2021-33049 RESERVED CVE-2021-33048 RESERVED CVE-2021-33047 RESERVED CVE-2021-33046 RESERVED CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...) NOT-FOR-US: Dahua CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...) NOT-FOR-US: Dahua CVE-2021-3554 RESERVED CVE-2021-3553 RESERVED CVE-2021-3552 RESERVED CVE-2021-33043 RESERVED CVE-2021-33042 RESERVED CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...) NOT-FOR-US: vmd CVE-2021-33040 RESERVED CVE-2021-33039 RESERVED CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...) {DSA-4922-1} - hyperkitty 1.3.4-4 (bug #989183) NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380 NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...) {DSA-4952-1 DLA-2733-1} - tomcat9 9.0.43-2 (bug #991046) [bullseye] - tomcat9 9.0.43-2~deb11u1 - tomcat8 NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47) NOTE: https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47) NOTE: https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47) NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67) NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67) NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67) CVE-2021-33036 RESERVED CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...) - libreoffice 1:4.3.1-1 NOTE: OpenOffice fixed this in https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56 NOTE: Libreoffice fixed in this 2014 with https://github.com/LibreOffice/core/commit/d4e64d030092984077021a9af9d281cd64c476bf ... CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 CVE-2021-33032 (A Remote Code Execution (RCE) vulnerability in the WebUI component of ...) NOT-FOR-US: eQ-3 HomeMatic CCU2 CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the save API ...) NOT-FOR-US: LabCup CVE-2021-33030 RESERVED CVE-2021-33029 RESERVED CVE-2021-33028 RESERVED CVE-2021-33027 (Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy i ...) - singularity-container (Only affects Enterprise version) CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...) - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08 CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on Pickle ...) - flask-caching (unimportant; bug #988916) NOTE: https://github.com/sh4nks/flask-caching/pull/209 NOTE: Negligible security impact CVE-2021-33025 RESERVED CVE-2021-33024 RESERVED CVE-2021-33023 RESERVED CVE-2021-33022 RESERVED CVE-2021-33021 RESERVED CVE-2021-33020 RESERVED CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...) NOT-FOR-US: Delta Electronics CVE-2021-33018 RESERVED CVE-2021-33017 RESERVED CVE-2021-33016 RESERVED CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-33014 RESERVED CVE-2021-33013 RESERVED CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) NOT-FOR-US: Rockwell CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...) NOT-FOR-US: JTEKT Corporation CVE-2021-33010 RESERVED CVE-2021-33009 RESERVED CVE-2021-33008 RESERVED CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...) NOT-FOR-US: Delta Electronics CVE-2021-33006 RESERVED CVE-2021-33005 RESERVED CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) NOT-FOR-US: Delta Electronics CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-33001 RESERVED CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...) NOT-FOR-US: Suitelink CVE-2021-32998 RESERVED CVE-2021-32997 RESERVED CVE-2021-32996 RESERVED CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-32994 RESERVED CVE-2021-32993 RESERVED CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...) NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32989 RESERVED CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...) NOT-FOR-US: Suitelink CVE-2021-32986 RESERVED CVE-2021-32985 RESERVED CVE-2021-32984 RESERVED CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) NOT-FOR-US: Delta Electronics CVE-2021-32982 RESERVED CVE-2021-32981 RESERVED CVE-2021-32980 RESERVED CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...) NOT-FOR-US: Suitelink CVE-2021-32978 RESERVED CVE-2021-32977 RESERVED CVE-2021-32976 RESERVED CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-32974 RESERVED CVE-2021-32973 RESERVED CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...) NOT-FOR-US: Panasonic CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...) NOT-FOR-US: Suitelink CVE-2021-32970 RESERVED CVE-2021-32969 RESERVED CVE-2021-32968 RESERVED CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) NOT-FOR-US: Delta Electronics CVE-2021-32966 RESERVED CVE-2021-32965 RESERVED CVE-2021-32964 RESERVED CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...) NOT-FOR-US: Suitelink CVE-2021-32962 RESERVED CVE-2021-32961 RESERVED CVE-2021-32960 RESERVED CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...) NOT-FOR-US: Suitelink CVE-2021-32958 RESERVED CVE-2021-32957 RESERVED CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...) NOT-FOR-US: Delta Electronics CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2021-32953 RESERVED CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...) NOT-FOR-US: Open Design Alliance CVE-2021-32951 RESERVED CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...) NOT-FOR-US: Open Design Alliance CVE-2021-32949 RESERVED CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...) NOT-FOR-US: Open Design Alliance CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) NOT-FOR-US: FATEK Automation FvDesigner CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...) NOT-FOR-US: Open Design Alliance CVE-2021-32945 RESERVED CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...) NOT-FOR-US: Open Design Alliance CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...) NOT-FOR-US: WebAccess/SCADA CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...) NOT-FOR-US: AVEVA InTouch Runtime CVE-2021-32941 RESERVED CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...) NOT-FOR-US: Open Design Alliance CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) NOT-FOR-US: FATEK Automation FvDesigner CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...) NOT-FOR-US: Open Design Alliance CVE-2021-32937 RESERVED CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...) NOT-FOR-US: Open Design Alliance CVE-2021-32935 RESERVED CVE-2021-32934 RESERVED CVE-2021-32933 RESERVED CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...) NOT-FOR-US: Advantech CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...) NOT-FOR-US: FATEK Automation FvDesigner CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...) NOT-FOR-US: Advantech CVE-2021-32929 RESERVED CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...) NOT-FOR-US: Sentinel LDK Run-Time Environment installer CVE-2021-32927 RESERVED CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...) NOT-FOR-US: Rockwell Automation CVE-2021-3551 RESERVED - dogtag-pki 10.10.6-1 (bug #991665) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971 NOTE: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548 NOTE: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6 NOTE: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5 CVE-2021-3550 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...) NOT-FOR-US: Microsoft CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.x reads XML data without disabli ...) NOT-FOR-US: Chamilo CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...) NOT-FOR-US: Invision Community (aka IPS Community Suite) CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...) NOT-FOR-US: HashiCorp Vault and Vault Enterprise CVE-2021-32922 RESERVED CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...) {DSA-4916-1 DLA-2687-1} - prosody 0.11.9-1 (bug #988668) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9 NOTE: https://hg.prosody.im/trunk/rev/13b84682518e NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986 CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...) {DSA-4916-1} - prosody 0.11.9-1 (bug #988668) [stretch] - prosody (Fix is consisting of many patches. Not appliable. Ingored) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65 NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7 NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...) {DSA-4916-1} - prosody 0.11.9-1 (bug #988668) [stretch] - prosody (Vulnerable code (=dwd) introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9 CVE-2021-32918 (An issue was discovered in Prosody before 0.11.9. Default settings are ...) {DSA-4916-1} - prosody 0.11.9-1 (bug #988668) [stretch] - prosody (Fix is consisting of many patches. Not appliable. Ingored) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/db8e41eb6eff NOTE: https://hg.prosody.im/trunk/rev/b0d8920ed5e5 NOTE: https://hg.prosody.im/trunk/rev/929de6ade6b6 NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5 NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...) {DSA-4916-1 DLA-2687-1} - prosody 0.11.9-1 (bug #988668) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/65dcc175ef5b CVE-2021-32916 RESERVED CVE-2021-32915 RESERVED CVE-2021-32914 RESERVED CVE-2021-32913 RESERVED CVE-2021-32912 RESERVED CVE-2021-32911 RESERVED CVE-2021-32910 RESERVED CVE-2021-32909 RESERVED CVE-2021-32908 RESERVED CVE-2021-32907 RESERVED CVE-2021-32906 RESERVED CVE-2021-32905 RESERVED CVE-2021-32904 RESERVED CVE-2021-32903 RESERVED CVE-2021-32902 RESERVED CVE-2021-32901 RESERVED CVE-2021-32900 RESERVED CVE-2021-32899 RESERVED CVE-2021-32898 RESERVED CVE-2021-32897 RESERVED CVE-2021-32896 RESERVED CVE-2021-32895 RESERVED CVE-2021-32894 RESERVED CVE-2021-32893 RESERVED CVE-2021-32892 RESERVED CVE-2021-32891 RESERVED CVE-2021-32890 RESERVED CVE-2021-32889 RESERVED CVE-2021-32888 RESERVED CVE-2021-32887 RESERVED CVE-2021-32886 RESERVED CVE-2021-32885 RESERVED CVE-2021-32884 RESERVED CVE-2021-32883 RESERVED CVE-2021-32882 RESERVED CVE-2021-32881 RESERVED CVE-2021-32880 RESERVED CVE-2021-32879 RESERVED CVE-2021-32878 RESERVED CVE-2021-32877 RESERVED CVE-2021-32876 RESERVED CVE-2021-32875 RESERVED CVE-2021-32874 RESERVED CVE-2021-32873 RESERVED CVE-2021-32872 RESERVED CVE-2021-32871 RESERVED CVE-2021-32870 RESERVED CVE-2021-32869 RESERVED CVE-2021-32868 RESERVED CVE-2021-32867 RESERVED CVE-2021-32866 RESERVED CVE-2021-32865 RESERVED CVE-2021-32864 RESERVED CVE-2021-32863 RESERVED CVE-2021-32862 RESERVED CVE-2021-32861 RESERVED CVE-2021-32860 RESERVED CVE-2021-32859 RESERVED CVE-2021-32858 RESERVED CVE-2021-32857 RESERVED CVE-2021-32856 RESERVED CVE-2021-32855 RESERVED CVE-2021-32854 RESERVED CVE-2021-32853 RESERVED CVE-2021-32852 RESERVED CVE-2021-32851 RESERVED CVE-2021-32850 RESERVED CVE-2021-32849 RESERVED CVE-2021-32848 RESERVED CVE-2021-32847 RESERVED CVE-2021-32846 RESERVED CVE-2021-32845 RESERVED CVE-2021-32844 RESERVED CVE-2021-32843 RESERVED CVE-2021-32842 RESERVED CVE-2021-32841 RESERVED CVE-2021-32840 RESERVED CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...) - sqlparse (bug #994841) [bullseye] - sqlparse (Minor issue) [buster] - sqlparse (Vulnerable code introduced later) [stretch] - sqlparse (Vulnerable code introduced later) NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/1499cffcd7c4d635b4297b44d48fb4fe94cf988e (0.4.0) NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2) CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...) NOT-FOR-US: Flask restx CVE-2021-32837 RESERVED CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...) NOT-FOR-US: ZStack CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) NOT-FOR-US: Eclipse Keti CVE-2021-32834 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) NOT-FOR-US: Eclipse Keti CVE-2021-32833 (Emby Server is a personal media server with apps on many devices. In E ...) NOT-FOR-US: Emby Server CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...) NOT-FOR-US: Rocket.Chat CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...) NOT-FOR-US: Total.js CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...) NOT-FOR-US: Node @diez/generation CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...) NOT-FOR-US: ZStack CVE-2021-32828 RESERVED CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...) NOT-FOR-US: MockServer CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...) NOT-FOR-US: Proxyee-Down CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...) NOT-FOR-US: bblfshd CVE-2021-32824 RESERVED CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...) - ruby-bindata (bug #990577) [bullseye] - ruby-bindata (Minor issue) [buster] - ruby-bindata (Minor issue) [stretch] - ruby-bindata (Minor issue) NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323 NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18- CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...) NOT-FOR-US: Node hbs CVE-2021-32821 RESERVED CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...) NOT-FOR-US: Express-handlebars CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...) NOT-FOR-US: Squirrelly CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...) NOT-FOR-US: haml-coffee CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...) NOT-FOR-US: express-hbs CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...) NOT-FOR-US: ProtonMail Web Client CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #992705) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m NOTE: https://github.com/Exiv2/exiv2/pull/1739 CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...) NOT-FOR-US: Skytable CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) NOT-FOR-US: Traefik CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...) NOT-FOR-US: Monkshu CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to ...) NOT-FOR-US: zope NOTE: only affects specific versions using Python3 with options enabled. CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...) - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) - rust-crossbeam-deque 0.7.4-1 (bug #993146) [bullseye] - rust-crossbeam-deque (Minor issue) [buster] - rust-crossbeam-deque (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-32810 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-32810 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-32810 CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) - ckeditor 4.16.2+dfsg-1 (bug #992291) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg NOTE: https://github.com/ckeditor/ckeditor4/commit/f6856decd5992b2b07945292416bb113d5f7ff82 (v4.16.2) NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/ca0851c7a14f616a0c4cda905816aa87ca399efb (v4.5.2) CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) - ckeditor 4.16.2+dfsg-1 (bug #992292) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Vulnerable code introduced later) [stretch] - ckeditor (Vulnerable code introduced later) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c NOTE: https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a (v4.16.2) NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/72428a762271d5e54a609a7913356a6d309c895d (v4.13.0) CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...) NOT-FOR-US: Zope AccessControl CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...) NOT-FOR-US: Plone CVE-2021-32805 (Flask-AppBuilder is an application development framework, built on top ...) NOT-FOR-US: Flask-AppBuilder CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...) - node-tar 6.1.7+~cs11.3.10-1 (bug #992111) [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 [buster] - node-tar 4.4.6+ds1-3+deb10u1 [stretch] - node-tar (Vulnerable code introduced later) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9 NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4 CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...) - node-tar 6.1.7+~cs11.3.10-1 (bug #992110) [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 [buster] - node-tar 4.4.6+ds1-3+deb10u1 [stretch] - node-tar (Vulnerable code introduced later) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 CVE-2021-32802 (Nextcloud server is an open source, self hosted personal cloud. Nextcl ...) - nextcloud-server (bug #941708) CVE-2021-32801 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) - nextcloud-server (bug #941708) CVE-2021-32800 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) - nextcloud-server (bug #941708) CVE-2021-32799 RESERVED CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...) - jupyter-notebook 6.4.3-1 (bug #992704) [bullseye] - jupyter-notebook (Minor issue) [buster] - jupyter-notebook (Minor issue) [stretch] - jupyter-notebook (Minor issue) NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797 NOTE: https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5 CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...) - jupyterlab (bug #934258) CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...) - node-xmldom 0.7.3-1 (bug #991612) [bullseye] - node-xmldom (Minor issue, too intrusive to backport) [buster] - node-xmldom (Minor issue, too intrusive to backport) NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q NOTE: https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) NOT-FOR-US: ArchiSteamFarm CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) NOT-FOR-US: ArchiSteamFarm CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) NOT-FOR-US: Pi-hole CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580) [buster] - libapache2-mod-auth-openidc (Minor issue) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9) NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9) CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581) [buster] - libapache2-mod-auth-openidc (Minor issue) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9) CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An SQL i ...) NOT-FOR-US: Woocommerce CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for WooCommer ...) NOT-FOR-US: woocommerce-gutenberg-products-block CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...) NOT-FOR-US: Sourcegraph CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582) [buster] - libapache2-mod-auth-openidc (Minor issue) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9) CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583) [buster] - libapache2-mod-auth-openidc (Minor issue) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9) CVE-2021-32784 RESERVED CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...) NOT-FOR-US: Countour CVE-2021-32782 (Nextcloud Circles is an open source social network built for the nextc ...) NOT-FOR-US: Nextcloud Circles CVE-2021-32781 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32780 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32779 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32778 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32777 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32776 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) NOT-FOR-US: Combodo iTop CVE-2021-32775 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) NOT-FOR-US: Combodo iTop CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior ...) NOT-FOR-US: DataDump MediaWiki extension CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for ...) [experimental] - racket 8.2+dfsg1-1 - racket 7.9+dfsg1-2 (bug #991327) [buster] - racket (Minor issue) [stretch] - racket (Minor issue) NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...) NOT-FOR-US: Poddycast CVE-2021-32771 RESERVED CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...) NOT-FOR-US: Gatsby CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...) NOT-FOR-US: Micronaut CVE-2021-32768 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo 3 CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...) NOT-FOR-US: Typo 3 CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...) NOT-FOR-US: Nextcloud Text CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...) {DLA-2783-1} - hiredis 0.14.1-2 NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1) CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...) NOT-FOR-US: Discourse CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...) NOT-FOR-US: OpenProject CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...) {DLA-2717-2 DLA-2717-1} - redis 5:6.0.15-1 (bug #991375) [buster] - redis (Minor issue) NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd versi ...) - containerd 1.4.5~ds1-2 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w CVE-2021-32759 (OpenMage magento-lts is an alternative to the Magento CE official rele ...) NOT-FOR-US: Magento CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...) NOT-FOR-US: Magento CVE-2021-32757 RESERVED CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...) NOT-FOR-US: ManageIQ CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles authentic ...) NOT-FOR-US: wire-ios (iOS version of Wire) CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2. ...) NOT-FOR-US: FlowDroid CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...) NOT-FOR-US: EdgeX Foundry CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...) NOT-FOR-US: Ether Logs CVE-2021-32751 (Gradle is a build tool with a focus on build automation. In versions p ...) - gradle [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) [stretch] - gradle (Minor issue) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...) NOT-FOR-US: MuWire CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...) - fail2ban 0.11.2-2 [buster] - fail2ban (Minor issue, can be fixed in point release) [stretch] - fail2ban (Minor issue, can be fixed after fix of regression) NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9) NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0) NOTE: Fix introduces regression for installations with mail command from the bsd-mailx package: NOTE: https://github.com/fail2ban/fail2ban/issues/3059 CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online office. N ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...) [experimental] - icingaweb2 2.8.3-1~exp1 - icingaweb2 2.8.4-1 (bug #991116) [buster] - icingaweb2 (Minor issue) [stretch] - icingaweb2 (Minor issue) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx NOTE: https://github.com/Icinga/icingaweb2/commit/ffe8741c66af6ea085514a35ec878093b991875c (v2.8.3) CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...) [experimental] - icingaweb2 2.8.3-1~exp1 - icingaweb2 2.8.4-1 (bug #991116) [buster] - icingaweb2 (Minor issue) [stretch] - icingaweb2 (Minor issue) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 NOTE: https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 (v2.8.3) CVE-2021-32745 (Collabora Online is a collaborative online office suite. A reflected X ...) NOT-FOR-US: Collabora Online CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...) NOT-FOR-US: Collabora Online CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...) [experimental] - icinga2 2.12.5-1~exp1 - icinga2 2.12.5-1 (bug #991494) NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...) NOT-FOR-US: Vapor CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...) - ruby-addressable 2.7.0-2 (bug #990791) [stretch] - ruby-addressable (Minor issue) NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76 CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...) [experimental] - icinga2 2.12.5-1~exp1 - icinga2 2.12.5-1 (bug #991494) NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...) NOT-FOR-US: js-stellar-sdk CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...) NOT-FOR-US: Sulu CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...) NOT-FOR-US: think-helper CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions 3.5.5 and ...) NOT-FOR-US: Kirby CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...) NOT-FOR-US: Nextcloud Text CVE-2021-32732 RESERVED CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) {DSA-4974-1} - nextcloud-desktop 3.3.1-1 NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5 NOTE: https://github.com/nextcloud/desktop/pull/3338 CVE-2021-32727 (Nextcloud Android Client is the Android client for Nextcloud. Clients ...) NOT-FOR-US: Nextcloud Android Client CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...) NOT-FOR-US: Github CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...) NOT-FOR-US: Prism CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...) NOT-FOR-US: GlobalNewFiles MediaWiki extension CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux ...) NOT-FOR-US: PowerMux CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...) NOT-FOR-US: Sylius CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - rabbitmq-server (bug #990524) [bullseye] - rabbitmq-server (Minor issue) [buster] - rabbitmq-server (Minor issue) [stretch] - rabbitmq-server (Vulnerable code not present) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122 CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - rabbitmq-server (bug #990524) [bullseye] - rabbitmq-server (Minor issue) [buster] - rabbitmq-server (Minor issue) [stretch] - rabbitmq-server (Vulnerable code not present) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028 CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) NOT-FOR-US: Shopware CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) NOT-FOR-US: Shopware CVE-2021-32715 (hyper is an HTTP library for rust. hyper's HTTP/1 server code had a fl ...) - rust-hyper NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c CVE-2021-32714 (hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper ...) - rust-hyper NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9 CVE-2021-32713 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) NOT-FOR-US: Shopware CVE-2021-32712 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) NOT-FOR-US: Shopware CVE-2021-32711 (Shopware is an open source eCommerce platform. Versions prior to 6.3.5 ...) NOT-FOR-US: Shopware CVE-2021-32710 (Shopware is an open source eCommerce platform. Potential session hijac ...) NOT-FOR-US: Shopware CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...) NOT-FOR-US: Shopware CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...) NOT-FOR-US: Flysystem CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...) NOT-FOR-US: Nextcloud Mail CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) NOT-FOR-US: Pi-hole CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...) NOT-FOR-US: DHIS 2 CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...) NOT-FOR-US: Auth0 Next.js SDK CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Cont ...) NOT-FOR-US: ORY Oathkeeper CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...) NOT-FOR-US: Ballerina CVE-2021-32699 (Wings is the control plane software for the open source Pterodactyl ga ...) NOT-FOR-US: Wings CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research labs. T ...) NOT-FOR-US: eLabFTW CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...) NOT-FOR-US: neos/forms CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...) NOT-FOR-US: Node striptags CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) NOT-FOR-US: Nextcloud Android app CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) NOT-FOR-US: Nextcloud Android app CVE-2021-32693 (Symfony is a PHP framework for web and console applications and a set ...) - symfony (Vulnerable code not present) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2) NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one CVE-2021-32692 RESERVED CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...) NOT-FOR-US: Apollo Apps CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...) - helm-kubernetes (bug #910799) CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) NOT-FOR-US: Nextcloud Talk CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) - nextcloud-server (bug #941708) CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk 1:16.16.1~dfsg-2 (bug #991931) [stretch] - asterisk (Vulnerable code not present) - pjproject [stretch] - pjproject (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd NOTE: https://github.com/pjsip/pjproject/pull/2716 TODO: check, might affect in impact src:ring CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...) NOT-FOR-US: tEnvoy CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) NOT-FOR-US: Create Magento app CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger. A cr ...) NOT-FOR-US: wire-webapp CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) NOT-FOR-US: elFinder CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...) NOT-FOR-US: Wagtail CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...) - fastapi 0.70.0-1 (bug #990582) [bullseye] - fastapi (Minor issue) NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7 NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2) CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) NOT-FOR-US: Nextcloud Talk CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...) NOT-FOR-US: Zope CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...) NOT-FOR-US: reg-keygen-git-hash-plugin CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...) NOT-FOR-US: Flarum CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...) NOT-FOR-US: Datasette CVE-2021-32669 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo 3 CVE-2021-32668 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo 3 CVE-2021-32667 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo 3 CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) NOT-FOR-US: wire-ios (iOS version of Wire) CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) NOT-FOR-US: wire-ios (iOS version of Wire) CVE-2021-32664 RESERVED CVE-2021-32663 RESERVED CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...) NOT-FOR-US: Backstage CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...) NOT-FOR-US: Backstage CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...) NOT-FOR-US: Backstage CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...) NOT-FOR-US: Matrix-appservice-bridge CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...) NOT-FOR-US: Nextcloud client for Android CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...) - nextcloud-server (bug #941708) CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) - nextcloud-server (bug #941708) CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missing per ...) - nextcloud-server (bug #941708) CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...) NOT-FOR-US: OneDev CVE-2021-32650 RESERVED CVE-2021-32649 RESERVED CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...) NOT-FOR-US: October CMS CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...) NOT-FOR-US: Emissary CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...) NOT-FOR-US: Roomer CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...) NOT-FOR-US: Teancy multi-tenant CVE-2021-32644 (Ampache is an open source web based audio/video streaming application ...) - ampache CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...) NOT-FOR-US: Http4s CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...) - radsecproxy 1.8.2-4 (unimportant) NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af NOTE: Only affects example script CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before ...) NOT-FOR-US: auth0-lock CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...) - node-ws 7.4.2+~cs18.0.8-2 [buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1 [stretch] - node-ws (Minor issue) NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693 NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary version ...) NOT-FOR-US: NSA Emissary CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...) NOT-FOR-US: Github CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...) NOT-FOR-US: Authelia CVE-2021-32636 RESERVED CVE-2021-32635 (Singularity is an open source container platform. In verions 3.7.2 and ...) - singularity-container (Vulnerable code introduced in 3.7.2) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jq42-hfch-42f3 NOTE: https://github.com/hpcng/singularity/commit/cd298aaeb7698fb692689e2e1b49972c94bfa440 CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...) NOT-FOR-US: NSA Emissary CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior ...) NOT-FOR-US: Zope CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...) NOT-FOR-US: Pajbot CVE-2021-32631 (Common is a package of common modules that can be accessed by NIMBLE s ...) NOT-FOR-US: NIMBLE CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...) NOT-FOR-US: Admidio CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...) NOT-FOR-US: Cranelift CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...) - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...) - redis 5:6.0.14-1 (bug #989351) [buster] - redis (Vulnerable code not present) [stretch] - redis (Vulnerable code not present) NOTE: https://github.com/redis/redis/pull/9011 NOTE: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af81964 NOTE: https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq NOTE: CVE is result of incomplete fix by CVE-2021-29477. CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...) NOT-FOR-US: Keystone CMS CVE-2021-32623 (Opencast is a free and open source solution for automated video captur ...) NOT-FOR-US: Opencast CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...) NOT-FOR-US: Matrix-React-SDK CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) NOT-FOR-US: Deno CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...) NOT-FOR-US: Flask-Security-Too CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #988731) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj NOTE: https://github.com/Exiv2/exiv2/pull/1657 CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...) NOT-FOR-US: 1CDN CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...) - binutils 2.37-3 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 NOTE: binutils not covered by security support CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...) - piwigo CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...) - dmg2img (unimportant; bug #989008) NOTE: https://github.com/Lekensteyn/dmg2img/issues/11 NOTE: Crash in CLI tool, no security impact CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...) - radare2 (bug #989067) NOTE: https://github.com/radareorg/radare2/issues/18679 NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...) NOT-FOR-US: VeryFitPro CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...) - libexosip2 [buster] - libexosip2 (Minor issue) [stretch] - libexosip2 (Minor issue) NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054 CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outside of ...) {DLA-2721-1} - drupal7 - php-pear (bug #991541) [bullseye] - php-pear (Minor issue) [buster] - php-pear (Minor issue) [stretch] - php-pear (Minor issue) NOTE: https://www.drupal.org/sa-core-2021-004 NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/ NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14) CVE-2021-32609 RESERVED CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) NOT-FOR-US: Smartstore CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) NOT-FOR-US: Smartstore CVE-2021-3547 (OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middl ...) - openvpn3 (bug #904044) CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...) NOT-FOR-US: zzzcms CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...) NOT-FOR-US: SolarWinds CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...) NOT-FOR-US: FortiGuard CVE-2021-32602 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2021-32601 RESERVED CVE-2021-32600 RESERVED CVE-2021-32599 RESERVED CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) NOT-FOR-US: FortiGuard CVE-2021-32597 (Multiple improper neutralization of input during web page generation ( ...) NOT-FOR-US: Fortiguard CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...) NOT-FOR-US: FortiPortal CVE-2021-32595 RESERVED CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...) NOT-FOR-US: FortiPortal CVE-2021-32593 RESERVED CVE-2021-32592 RESERVED CVE-2021-32591 RESERVED CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...) NOT-FOR-US: FortiPortal CVE-2021-32589 RESERVED CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...) NOT-FOR-US: FortiGuard CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...) NOT-FOR-US: Fortiguard CVE-2021-32586 RESERVED CVE-2021-32585 RESERVED CVE-2021-32584 RESERVED CVE-2021-32583 RESERVED CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...) NOT-FOR-US: ConnectWise Automate CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...) NOT-FOR-US: Acronis CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...) NOT-FOR-US: Acronis CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...) - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16 CVE-2021-3545 (An information disclosure vulnerability was found in the virtio vhost- ...) {DSA-4980-1} - qemu 1:6.1+dfsg-1 (bug #989042) [buster] - qemu (Minor issue) [stretch] - qemu (The vulnerable code was introduced later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/121841b2 CVE-2021-3544 (Several memory leaks were found in the virtio vhost-user GPU device (v ...) {DSA-4980-1} - qemu 1:6.1+dfsg-1 (bug #989042) [buster] - qemu (Minor issue) [stretch] - qemu (The vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958935 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9f79858 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6091d86 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/63736af5 CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...) - dmg2img (unimportant) NOTE: https://github.com/Lekensteyn/dmg2img/issues/9 NOTE: Crash in CLI tool, no security impact CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driver wa ...) - linux 5.10.38-1 (unimportant) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99 NOTE: nitro_enclaves not enabled in Debian binary builds CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...) - nomad 0.12.10+dfsg1-3 (bug #990581) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296 CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...) - consul (bug #991719) [bullseye] - consul (Minor issue) [buster] - consul (Only affects 1.3.0 and later) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 NOTE: https://github.com/hashicorp/consul/pull/10619 CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...) NOT-FOR-US: Node express-cart CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...) NOT-FOR-US: Speco Web Viewer CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) NOT-FOR-US: OSS-RC CVE-2021-32570 RESERVED CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) NOT-FOR-US: OSS-RC CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...) NOT-FOR-US: mrdoc CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache Traffic Ser ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32564 RESERVED CVE-2021-32562 RESERVED CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...) NOT-FOR-US: OctoPrint CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...) NOT-FOR-US: OctoPrint CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...) NOT-FOR-US: pywin32 CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...) {DLA-2729-1} - asterisk 1:16.16.1~dfsg-2 (bug #991710) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...) NOT-FOR-US: Apport CVE-2021-32556 (It was discovered that the get_modified_conffiles() function in backen ...) NOT-FOR-US: Apport CVE-2021-32555 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32554 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32553 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32552 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32551 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32550 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32549 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32546 RESERVED CVE-2021-32545 RESERVED CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...) NOT-FOR-US: igt+ CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...) NOT-FOR-US: CTS Web transaction system CVE-2021-32542 (The parameters of the specific functions in the CTS Web trading system ...) NOT-FOR-US: CTS Web trading system CVE-2021-32541 (The CTS Web transaction system related to authentication and session m ...) NOT-FOR-US: CTS Web transaction system CVE-2021-32540 (Add announcement function in the 101EIP system does not filter special ...) NOT-FOR-US: 101EIP system CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...) NOT-FOR-US: 101EIP system CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...) NOT-FOR-US: ARTWARE CMS CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...) NOT-FOR-US: Realtek CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...) NOT-FOR-US: MCUsystem CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...) NOT-FOR-US: QSAN SANOS CVE-2021-32534 (QSAN SANOS factory reset function does not filter special parameters. ...) NOT-FOR-US: QSAN SANOS CVE-2021-32533 (The QSAN SANOS setting page does not filter special parameters. Remote ...) NOT-FOR-US: QSAN SANOS CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in QSAN XEV ...) NOT-FOR-US: QSAN XEVO CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN XEVO allow ...) NOT-FOR-US: QSAN XEVO CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN XEVO allo ...) NOT-FOR-US: QSAN XEVO CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows remote unau ...) NOT-FOR-US: QSAN CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN Storage Manage ...) NOT-FOR-US: QSAN CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows remote una ...) NOT-FOR-US: QSAN CVE-2021-32526 (Incorrect permission assignment for critical resource vulnerability in ...) NOT-FOR-US: QSAN CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the firmware ...) NOT-FOR-US: QSAN CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows remote ...) NOT-FOR-US: QSAN CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager allows re ...) NOT-FOR-US: QSAN CVE-2021-32522 (Improper restriction of excessive authentication attempts vulnerabilit ...) NOT-FOR-US: QSAN CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN Storage Manage ...) NOT-FOR-US: QSAN CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN Storage Mana ...) NOT-FOR-US: QSAN CVE-2021-32519 (Use of password hash with insufficient computational effort vulnerabil ...) NOT-FOR-US: QSAN CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows remote at ...) NOT-FOR-US: QSAN CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN Storage Ma ...) NOT-FOR-US: QSAN CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage Manager all ...) NOT-FOR-US: QSAN CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage Manager ...) NOT-FOR-US: QSAN CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in QSAN Stora ...) NOT-FOR-US: QSAN CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special parameters ...) NOT-FOR-US: QSAN CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special parameter ...) NOT-FOR-US: QSAN CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability in ViewBr ...) NOT-FOR-US: QSAN CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability in antivi ...) NOT-FOR-US: QSAN CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage M ...) NOT-FOR-US: QSAN CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage ...) NOT-FOR-US: QSAN CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN Storage ...) NOT-FOR-US: QSAN CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...) NOT-FOR-US: QSAN CVE-2021-32505 RESERVED CVE-2021-32504 RESERVED CVE-2021-32503 RESERVED CVE-2021-32502 RESERVED CVE-2021-32501 RESERVED CVE-2021-32500 RESERVED CVE-2021-32499 RESERVED CVE-2021-32498 RESERVED CVE-2021-32497 RESERVED CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...) NOT-FOR-US: SICK Visionary-S CX CVE-2021-32495 RESERVED CVE-2021-32494 RESERVED CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) NOT-FOR-US: Yubico yubihsm-shell CVE-2021-32488 RESERVED CVE-2021-32487 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32486 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32483 RESERVED CVE-2021-32482 RESERVED CVE-2021-32481 RESERVED CVE-2021-32480 RESERVED CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...) - thunar 4.16.8-1 (bug #988394) [buster] - thunar (Minor issue) [stretch] - thunar (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2 NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575 CVE-2021-3546 (A flaw was found in vhost-user-gpu of QEMU in versions up to and inclu ...) {DSA-4980-1} - qemu 1:6.1+dfsg-1 (bug #989042) [buster] - qemu (Minor issue) [stretch] - qemu (The vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9f22893a CVE-2021-3542 RESERVED - linux NOTE: https://seclists.org/oss-sec/2021/q2/46 NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...) {DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12) CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...) {DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10) CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...) {DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9) CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...) {DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8) CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack its p ...) {DLA-2669-1} - libxml2 2.9.10+dfsg-6.7 (bug #988603) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private) NOTE: https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/ CVE-2021-32479 RESERVED CVE-2021-32478 RESERVED CVE-2021-32477 RESERVED CVE-2021-32476 RESERVED CVE-2021-32475 RESERVED CVE-2021-32474 RESERVED CVE-2021-32473 RESERVED CVE-2021-32472 RESERVED CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implementation ...) NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...) NOT-FOR-US: Craft CMS CVE-2021-32469 RESERVED CVE-2021-32468 RESERVED CVE-2021-32467 RESERVED CVE-2021-32466 (An uncontrolled search path element privilege escalation vulnerability ...) NOT-FOR-US: Trend Micro CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...) NOT-FOR-US: Trend Micro CVE-2021-32464 (An incorrect permission assignment privilege escalation vulnerability ...) NOT-FOR-US: Trend Micro CVE-2021-32463 (An incorrect permission assignment denial-of-service vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) NOT-FOR-US: Trend Micro CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) NOT-FOR-US: Trend Micro CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...) NOT-FOR-US: Trend Micro CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...) NOT-FOR-US: Trend Micro CVE-2021-32458 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) NOT-FOR-US: Trend Micro CVE-2021-32457 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) NOT-FOR-US: Trend Micro CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker can esca ...) NOT-FOR-US: Ivanti MobileIron Core CVE-2021-32452 RESERVED CVE-2021-32451 RESERVED CVE-2021-32450 RESERVED CVE-2021-32449 RESERVED CVE-2021-32448 RESERVED CVE-2021-32447 RESERVED CVE-2021-32446 RESERVED CVE-2021-32445 RESERVED CVE-2021-32444 RESERVED CVE-2021-32443 RESERVED CVE-2021-32442 RESERVED CVE-2021-32441 RESERVED CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011 NOTE: https://github.com/gpac/gpac/issues/1772 CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...) - gpac [stretch] - gpac (Minor issue; can be fixed in next update) NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae NOTE: https://github.com/gpac/gpac/issues/1774 CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868 NOTE: https://github.com/gpac/gpac/issues/1769 CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e NOTE: https://github.com/gpac/gpac/issues/1770 CVE-2021-32436 RESERVED CVE-2021-32435 RESERVED CVE-2021-32434 RESERVED CVE-2021-32433 RESERVED CVE-2021-32432 RESERVED CVE-2021-32431 RESERVED CVE-2021-32430 RESERVED CVE-2021-32429 RESERVED CVE-2021-32428 RESERVED CVE-2021-32427 RESERVED CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...) NOT-FOR-US: TrendNet TW100-S4W1CA CVE-2021-32425 RESERVED CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session contr ...) NOT-FOR-US: TrendNet TW100-S4W1CA CVE-2021-32423 RESERVED CVE-2021-32422 RESERVED CVE-2021-32421 RESERVED CVE-2021-32420 RESERVED CVE-2021-32419 RESERVED CVE-2021-32418 RESERVED CVE-2021-32417 RESERVED CVE-2021-32416 RESERVED CVE-2021-32415 RESERVED CVE-2021-32414 RESERVED CVE-2021-32413 RESERVED CVE-2021-32412 RESERVED CVE-2021-32411 RESERVED CVE-2021-32410 RESERVED CVE-2021-32409 RESERVED CVE-2021-32408 RESERVED CVE-2021-32407 RESERVED CVE-2021-32406 RESERVED CVE-2021-32405 RESERVED CVE-2021-32404 RESERVED CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) NOT-FOR-US: Intelbras Router RF 301K Firmware CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) NOT-FOR-US: Intelbras Router RF 301K Firmware CVE-2021-32401 RESERVED CVE-2021-32400 RESERVED CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2 CVE-2021-32398 RESERVED CVE-2021-32397 RESERVED CVE-2021-32396 RESERVED CVE-2021-32395 RESERVED CVE-2021-32394 RESERVED CVE-2021-32393 RESERVED CVE-2021-32392 RESERVED CVE-2021-32391 RESERVED CVE-2021-32390 RESERVED CVE-2021-32389 RESERVED CVE-2021-32388 RESERVED CVE-2021-32387 RESERVED CVE-2021-32386 RESERVED CVE-2021-32385 RESERVED CVE-2021-32384 RESERVED CVE-2021-32383 RESERVED CVE-2021-32382 RESERVED CVE-2021-32381 RESERVED CVE-2021-32380 RESERVED CVE-2021-32379 RESERVED CVE-2021-32378 RESERVED CVE-2021-32377 RESERVED CVE-2021-32376 RESERVED CVE-2021-32375 RESERVED CVE-2021-32374 RESERVED CVE-2021-32373 RESERVED CVE-2021-32372 RESERVED CVE-2021-32371 RESERVED CVE-2021-32370 RESERVED CVE-2021-32369 RESERVED CVE-2021-32368 RESERVED CVE-2021-32367 RESERVED CVE-2021-32366 RESERVED CVE-2021-32365 RESERVED CVE-2021-32364 RESERVED CVE-2021-32363 RESERVED CVE-2021-32362 RESERVED CVE-2021-32361 RESERVED CVE-2021-32360 RESERVED CVE-2021-32359 RESERVED CVE-2021-32358 RESERVED CVE-2021-32357 RESERVED CVE-2021-32356 RESERVED CVE-2021-32355 RESERVED CVE-2021-32354 RESERVED CVE-2021-32353 RESERVED CVE-2021-32352 RESERVED CVE-2021-32351 RESERVED CVE-2021-32350 RESERVED CVE-2021-32349 RESERVED CVE-2021-32348 RESERVED CVE-2021-32347 RESERVED CVE-2021-32346 RESERVED CVE-2021-32345 RESERVED CVE-2021-32344 RESERVED CVE-2021-32343 RESERVED CVE-2021-32342 RESERVED CVE-2021-32341 RESERVED CVE-2021-32340 RESERVED CVE-2021-32339 RESERVED CVE-2021-32338 RESERVED CVE-2021-32337 RESERVED CVE-2021-32336 RESERVED CVE-2021-32335 RESERVED CVE-2021-32334 RESERVED CVE-2021-32333 RESERVED CVE-2021-32332 RESERVED CVE-2021-32331 RESERVED CVE-2021-32330 RESERVED CVE-2021-32329 RESERVED CVE-2021-32328 RESERVED CVE-2021-32327 RESERVED CVE-2021-32326 RESERVED CVE-2021-32325 RESERVED CVE-2021-32324 RESERVED CVE-2021-32323 RESERVED CVE-2021-32322 RESERVED CVE-2021-32321 RESERVED CVE-2021-32320 RESERVED CVE-2021-32319 RESERVED CVE-2021-32318 RESERVED CVE-2021-32317 RESERVED CVE-2021-32316 RESERVED CVE-2021-32315 RESERVED CVE-2021-32314 RESERVED CVE-2021-32313 RESERVED CVE-2021-32312 RESERVED CVE-2021-32311 RESERVED CVE-2021-32310 RESERVED CVE-2021-32309 RESERVED CVE-2021-32308 RESERVED CVE-2021-32307 RESERVED CVE-2021-32306 RESERVED CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...) - websvn CVE-2021-32304 RESERVED CVE-2021-32303 RESERVED CVE-2021-32302 RESERVED CVE-2021-32301 RESERVED CVE-2021-32300 RESERVED CVE-2021-32299 (An issue was discovered in pbrt through 20200627. A stack-buffer-overf ...) NOT-FOR-US: pbrt CVE-2021-32298 (An issue was discovered in libiff through 20190123. A global-buffer-ov ...) NOT-FOR-US: libiff CVE-2021-32297 (An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow ...) NOT-FOR-US: LIEF CVE-2021-32296 RESERVED CVE-2021-32295 RESERVED CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffer-over ...) - libgig [bullseye] - libgig (Minor issue) [buster] - libgig (Minor issue) [stretch] - libgig (Minor issue, revisit when/if fixed upstream) NOTE: https://github.com/drbye78/libgig/issues/1 CVE-2021-32293 RESERVED CVE-2021-32292 RESERVED CVE-2021-32291 RESERVED CVE-2021-32290 RESERVED CVE-2021-32289 (An issue was discovered in heif through through v3.6.2. A NULL pointer ...) NOT-FOR-US: Nokia HEIF implementation (different from libheif) CVE-2021-32288 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) NOT-FOR-US: Nokia HEIF implementation (different from libheif) CVE-2021-32287 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) NOT-FOR-US: Nokia HEIF implementation (different from libheif) CVE-2021-32286 (An issue was discovered in hcxtools through 6.1.6. A global-buffer-ove ...) - hcxtools (bug #994790) [bullseye] - hcxtools (Minor issue) NOTE: https://github.com/ZerBea/hcxtools/issues/155 NOTE: https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2 (6.1.2) CVE-2021-32285 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32284 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32283 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...) NOT-FOR-US: Gravity CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...) {DLA-2778-1} - fig2dev 1:3.2.7b-5 (bug #960736) [buster] - fig2dev (Minor issue) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/107/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/ CVE-2021-32279 RESERVED CVE-2021-32278 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/62 NOTE: https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e (2_10_0) CVE-2021-32277 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/59 NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) CVE-2021-32276 (An issue was discovered in faad2 through 2.10.0. A NULL pointer derefe ...) - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/58 NOTE: https://github.com/knik0/faad2/commit/b58840121d1827b4b6c7617e2431589af1776ddc (2_10_0) CVE-2021-32275 (An issue was discovered in faust through v2.30.5. A NULL pointer deref ...) - faust (unimportant) NOTE: https://github.com/grame-cncm/faust/issues/482 NOTE: Negligible security impact CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/60 NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...) - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/56 NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0) CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...) - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/57 NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0) CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...) - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1) NOTE: https://github.com/gpac/gpac/issues/1575 CVE-2021-32270 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1586 NOTE: https://github.com/gpac/gpac/commit/362fc486b5c0eea04f26793d5623f6a9272bd85a (v1.0.1) CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1574 NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1) CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...) - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/issues/1587 NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1) CVE-2021-32267 RESERVED CVE-2021-32266 RESERVED CVE-2021-32265 (An issue was discovered in Bento4 through v1.6.0-637. A global-buffer- ...) NOT-FOR-US: Bento4 CVE-2021-32264 RESERVED CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...) NOT-FOR-US: ok-file-formats CVE-2021-32262 RESERVED CVE-2021-32261 RESERVED CVE-2021-32260 RESERVED CVE-2021-32259 REJECTED CVE-2021-32258 RESERVED CVE-2021-32257 RESERVED CVE-2021-32256 RESERVED CVE-2021-32255 RESERVED CVE-2021-32254 RESERVED CVE-2021-32253 RESERVED CVE-2021-32252 RESERVED CVE-2021-32251 RESERVED CVE-2021-32250 RESERVED CVE-2021-32249 RESERVED CVE-2021-32248 RESERVED CVE-2021-32247 RESERVED CVE-2021-32246 RESERVED CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file upload por ...) NOT-FOR-US: PageKit CMS CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to ...) - moodle CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). ...) NOT-FOR-US: FOGProject CVE-2021-32242 RESERVED CVE-2021-32241 RESERVED CVE-2021-32240 RESERVED CVE-2021-32239 RESERVED CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Ove ...) NOT-FOR-US: Epic Games / Psyonix Rocket League CVE-2021-32237 RESERVED CVE-2021-32236 RESERVED CVE-2021-32235 RESERVED CVE-2021-32234 RESERVED CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS. ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2021-32232 RESERVED CVE-2021-32231 RESERVED CVE-2021-32230 RESERVED CVE-2021-32229 RESERVED CVE-2021-32228 RESERVED CVE-2021-32227 RESERVED CVE-2021-32226 RESERVED CVE-2021-32225 RESERVED CVE-2021-32224 RESERVED CVE-2021-32223 RESERVED CVE-2021-32222 RESERVED CVE-2021-32221 RESERVED CVE-2021-32220 RESERVED CVE-2021-32219 RESERVED CVE-2021-32218 RESERVED CVE-2021-32217 RESERVED CVE-2021-32216 RESERVED CVE-2021-32215 RESERVED CVE-2021-32214 RESERVED CVE-2021-32213 RESERVED CVE-2021-32212 RESERVED CVE-2021-32211 RESERVED CVE-2021-32210 RESERVED CVE-2021-32209 RESERVED CVE-2021-32208 RESERVED CVE-2021-32207 RESERVED CVE-2021-32206 RESERVED CVE-2021-32205 RESERVED CVE-2021-32204 RESERVED CVE-2021-32203 RESERVED CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by ...) NOT-FOR-US: CS-Cart CVE-2021-32201 RESERVED CVE-2021-32200 RESERVED CVE-2021-32199 RESERVED CVE-2021-32198 (EmTec ZOC through 8.02.4 allows remote servers to cause a denial of se ...) NOT-FOR-US: EmTec ZOC CVE-2021-32197 RESERVED CVE-2021-32196 RESERVED CVE-2021-32195 RESERVED CVE-2021-32194 RESERVED CVE-2021-32193 RESERVED CVE-2021-32192 RESERVED CVE-2021-32191 RESERVED CVE-2021-32190 RESERVED CVE-2021-32189 RESERVED CVE-2021-32188 RESERVED CVE-2021-32187 RESERVED CVE-2021-32186 RESERVED CVE-2021-32185 RESERVED CVE-2021-32184 RESERVED CVE-2021-32183 RESERVED CVE-2021-32182 RESERVED CVE-2021-32181 RESERVED CVE-2021-32180 RESERVED CVE-2021-32179 RESERVED CVE-2021-32178 RESERVED CVE-2021-32177 RESERVED CVE-2021-32176 RESERVED CVE-2021-32175 RESERVED CVE-2021-32174 RESERVED CVE-2021-32173 RESERVED CVE-2021-32172 (Maian Cart v3.8 contains a preauthorization remote code execution (RCE ...) NOT-FOR-US: Maian Cart CVE-2021-32171 RESERVED CVE-2021-32170 RESERVED CVE-2021-32169 RESERVED CVE-2021-32168 RESERVED CVE-2021-32167 RESERVED CVE-2021-32166 RESERVED CVE-2021-32165 RESERVED CVE-2021-32164 RESERVED CVE-2021-32163 RESERVED CVE-2021-32162 RESERVED CVE-2021-32161 RESERVED CVE-2021-32160 RESERVED CVE-2021-32159 RESERVED CVE-2021-32158 RESERVED CVE-2021-32157 RESERVED CVE-2021-32156 RESERVED CVE-2021-32155 RESERVED CVE-2021-32154 RESERVED CVE-2021-32153 RESERVED CVE-2021-32152 RESERVED CVE-2021-32151 RESERVED CVE-2021-32150 RESERVED CVE-2021-32149 RESERVED CVE-2021-32148 RESERVED CVE-2021-32147 RESERVED CVE-2021-32146 RESERVED CVE-2021-32145 RESERVED CVE-2021-32144 RESERVED CVE-2021-32143 RESERVED CVE-2021-32142 RESERVED CVE-2021-32141 RESERVED CVE-2021-32140 RESERVED CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Vulnerable code introduced later) [buster] - ccextractor (Vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e NOTE: https://github.com/gpac/gpac/issues/1768 CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b NOTE: https://github.com/gpac/gpac/issues/1767 CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca NOTE: https://github.com/gpac/gpac/issues/1766 CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed NOTE: https://github.com/gpac/gpac/issues/1765 CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8 NOTE: https://github.com/gpac/gpac/issues/1757 CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Vulnerable code introduced later) [buster] - ccextractor (Vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01 NOTE: https://github.com/gpac/gpac/issues/1756 CVE-2021-32133 RESERVED CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23 NOTE: https://github.com/gpac/gpac/issues/1753 CVE-2021-32131 RESERVED CVE-2021-32130 RESERVED CVE-2021-32129 RESERVED CVE-2021-32128 RESERVED CVE-2021-32127 RESERVED CVE-2021-32126 RESERVED CVE-2021-32125 RESERVED CVE-2021-32124 RESERVED CVE-2021-32123 RESERVED CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...) NOT-FOR-US: Netgear CVE-2021-32121 RESERVED CVE-2021-32120 RESERVED CVE-2021-32119 RESERVED CVE-2021-32118 RESERVED CVE-2021-32117 RESERVED CVE-2021-32116 RESERVED CVE-2021-32115 RESERVED CVE-2021-32114 RESERVED CVE-2021-32113 RESERVED CVE-2021-32112 RESERVED CVE-2021-32111 RESERVED CVE-2021-32110 RESERVED CVE-2021-32109 RESERVED CVE-2021-32108 RESERVED CVE-2021-32107 RESERVED CVE-2021-32106 (In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified i ...) NOT-FOR-US: ICEcoder CVE-2021-32105 RESERVED CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...) NOT-FOR-US: OpenEMR CVE-2021-32103 (A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php ...) NOT-FOR-US: OpenEMR CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in library ...) NOT-FOR-US: OpenEMR CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect acces ...) NOT-FOR-US: OpenEMR CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora FMS 742 ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component of Arti ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to perform Pha ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-32097 RESERVED CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency (NSA) Emi ...) NOT-FOR-US: NSA Emissary CVE-2021-32095 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) NOT-FOR-US: NSA Emissary CVE-2021-32094 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) NOT-FOR-US: NSA Emissary CVE-2021-32093 (The ConfigFileAction component of U.S. National Security Agency (NSA) ...) NOT-FOR-US: NSA Emissary CVE-2021-32092 (A Cross-site scripting (XSS) vulnerability in the DocumentAction compo ...) NOT-FOR-US: NSA Emissary CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift LocalSt ...) NOT-FOR-US: StackList LocalStack CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...) NOT-FOR-US: StackList LocalStack CVE-2021-32089 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (form ...) NOT-FOR-US: Zebra CVE-2021-32088 RESERVED CVE-2021-32087 RESERVED CVE-2021-32086 RESERVED CVE-2021-32085 RESERVED CVE-2021-32084 RESERVED CVE-2021-32083 RESERVED CVE-2021-32082 RESERVED CVE-2021-32081 RESERVED CVE-2021-32080 RESERVED CVE-2021-32079 RESERVED CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...) - linux 5.14.6-1 (unimportant) NOTE: https://kirtikumarar.com/CVE-2021-32078.txt NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1) CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...) NOT-FOR-US: EspoCRM CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...) - golang-github-satori-go.uuid (Vulnerable code introduced later and not in any released version) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 NOTE: Possibly introduced by: https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c NOTE: Fixed by: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45 NOTE: https://github.com/satori/go.uuid/issues/73 CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...) NOT-FOR-US: VerityStream MSOW Solutions CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...) NOT-FOR-US: SolarWinds CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. ...) NOT-FOR-US: Re-Logic Terraria CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...) NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action) CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...) NOT-FOR-US: DedeCMS CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) NOT-FOR-US: Mitel CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...) NOT-FOR-US: Mitel CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) NOT-FOR-US: Mitel CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...) NOT-FOR-US: Mitel CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) NOT-FOR-US: Mitel CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) {DLA-2780-1} - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 - ruby2.3 [buster] - ruby2.3 (Minor issue) - jruby [buster] - jruby (Minor issue) [stretch] - jruby (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ NOTE: https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) CVE-2021-32065 RESERVED CVE-2021-32064 RESERVED CVE-2021-32063 RESERVED CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...) [experimental] - mapserver 7.6.3-1~exp1 - mapserver 7.6.2-2 (bug #988208) [bullseye] - mapserver (Minor issue; #988224) [buster] - mapserver (Minor issue; will be fixed via point release) [stretch] - mapserver (Minor issue; can be fixed in next update) NOTE: https://github.com/mapserver/mapserver/issues/6313 NOTE: https://github.com/MapServer/MapServer/pull/6314 NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6) NOTE: https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2) NOTE: https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0) NOTE: Fixed in 7.0.8, 7.2.3, 7.4.5, 7.6.3 CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows that ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #988123) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...) - wildfly (bug #752018) CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting ...) NOT-FOR-US: Rapid7 CVE-2021-32061 RESERVED CVE-2021-32060 RESERVED CVE-2021-32059 RESERVED CVE-2021-32058 RESERVED CVE-2021-32057 RESERVED CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remo ...) - cyrus-imapd 3.2.6-2 [buster] - cyrus-imapd (Vulnerable code introduced in the 3.2.x series) [stretch] - cyrus-imapd (Vulnerable code introduced in the 3.2.x series) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers ...) NOT-FOR-US: Firely/Incendi Spark CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...) NOT-FOR-US: HAPI FHIR CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...) - python-django 2:2.2.22-1 (bug #988136; unimportant) NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/ NOTE: Only an issue in combination with python3.9 3.9.5+ CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...) NOT-FOR-US: Hexagon G!nius Auskunftsportal CVE-2021-32050 RESERVED CVE-2021-32049 RESERVED CVE-2021-32048 RESERVED CVE-2021-32047 RESERVED CVE-2021-32046 RESERVED CVE-2021-32045 RESERVED CVE-2021-32044 RESERVED CVE-2021-32043 RESERVED CVE-2021-32042 RESERVED CVE-2021-32041 RESERVED CVE-2021-32040 RESERVED CVE-2021-32039 RESERVED CVE-2021-32038 RESERVED CVE-2021-32037 RESERVED CVE-2021-32036 RESERVED CVE-2021-32035 RESERVED CVE-2021-32034 RESERVED CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...) NOT-FOR-US: Protectimus SLIM NFC CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...) NOT-FOR-US: Trusted Firmware-M CVE-2021-32031 RESERVED CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through ...) - mutt 2.0.5-4.1 (bug #988106) [buster] - mutt (Vulnerable code introduced later) [stretch] - mutt (Vulnerable code introduced later) - neomutt 20201127+dfsg.1-1.2 (bug #988107) [buster] - neomutt (Vulnerable code introduced later) NOTE: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc NOTE: imap_qresync not enabled by default and considered an experimental feature CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...) NOT-FOR-US: ASUS CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING command ...) {DSA-4915-1} - postgresql-13 13.3-1 - postgresql-11 - postgresql-9.6 [stretch] - postgresql-9.6 (Vulnerable code introduced later) NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3) CVE-2021-32028 (A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO ...) {DSA-4915-1 DLA-2662-1} - postgresql-13 13.3-1 - postgresql-11 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f (REL_13_3) CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 12.7, b ...) {DSA-4915-1 DLA-2662-1} - postgresql-13 13.3-1 - postgresql-11 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3) CVE-2021-3534 RESERVED CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR ...) - ansible [bullseye] - ansible (Minor issue, revisit when/if fixed upstream) [buster] - ansible (Minor issue, revisit when/if fixed upstream) - ansible-base NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477 CVE-2021-32026 RESERVED CVE-2021-32025 RESERVED CVE-2021-32024 RESERVED CVE-2021-32023 RESERVED CVE-2021-32022 RESERVED CVE-2021-32021 RESERVED CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...) NOT-FOR-US: kernel in Amazon Web Services FreeRTOS CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...) NOT-FOR-US: OpenWrt CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...) NOT-FOR-US: JUMP AMS CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) NOT-FOR-US: JUMP AMS CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) NOT-FOR-US: JUMP AMS CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...) NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) NOT-FOR-US: SheetJS CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) NOT-FOR-US: SheetJS CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) NOT-FOR-US: SheetJS CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...) - ansible [bullseye] - ansible (Minor issue, revisit when/if fixed upstream) [buster] - ansible (Minor issue, revisit when/if fixed upstream) - ansible-base NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464 CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...) - ceph 14.2.21-1 (bug #988890) [buster] - ceph (Minor issue) [stretch] - ceph (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5 NOTE: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e NOTE: Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039 NOTE: Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7 CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in rust- ...) - binutils (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348 NOTE: binutils not covered by security support CVE-2021-32011 RESERVED CVE-2021-32010 RESERVED CVE-2021-32009 RESERVED CVE-2021-32008 RESERVED CVE-2021-32007 RESERVED CVE-2021-32006 RESERVED CVE-2021-32005 RESERVED CVE-2021-32004 RESERVED CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...) NOT-FOR-US: Secomea SiteManager CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...) NOT-FOR-US: Secomea SiteManager CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...) NOT-FOR-US: Rancher CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...) NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...) NOT-FOR-US: Rancher CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - inn2 (SuSE-specific packaging issue) CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...) - postorius (SuSE-specific packaging issue) CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...) NOT-FOR-US: Rust crate algorithmica CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...) NOT-FOR-US: noobaa CVE-2021-31995 RESERVED CVE-2021-31994 RESERVED CVE-2021-31993 RESERVED CVE-2021-31992 RESERVED CVE-2021-31991 RESERVED CVE-2021-31990 RESERVED CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...) NOT-FOR-US: AXIS CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not ...) NOT-FOR-US: AXIS CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not ...) NOT-FOR-US: AXIS CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...) NOT-FOR-US: AXIS CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...) NOT-FOR-US: Microsoft CVE-2021-31982 RESERVED CVE-2021-31981 RESERVED CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-31979 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31976 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-31975 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-31974 (Server for NFS Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31973 (Windows GPSVC Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31972 (Event Tracing for Windows Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31971 (Windows HTML Platform Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31970 (Windows TCP/IP Driver Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31969 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-31968 (Windows Remote Desktop Services Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31967 (VP9 Video Extensions Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31966 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-31965 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31964 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-31963 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31961 (Windows InstallService Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31957 (ASP.NET Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31955 (Windows Kernel Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31954 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-31953 (Windows Filter Manager Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31952 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31951 (Windows Kernel Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31950 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-31949 (Microsoft Outlook Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-31947 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...) NOT-FOR-US: Microsoft CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...) NOT-FOR-US: Microsoft CVE-2021-31944 (3D Viewer Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31943 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) NOT-FOR-US: Microsoft CVE-2021-31942 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) NOT-FOR-US: Microsoft CVE-2021-31941 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-31940 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...) NOT-FOR-US: Microsoft CVE-2021-31937 RESERVED CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...) NOT-FOR-US: OX App Suite CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...) NOT-FOR-US: OX App Suite CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...) NOT-FOR-US: Chamilo CVE-2021-31932 RESERVED CVE-2021-31931 RESERVED CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...) NOT-FOR-US: Concerto CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...) NOT-FOR-US: Annex Cloud Loyalty Experience Platform CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...) NOT-FOR-US: Annex Cloud Loyalty Experience Platform CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...) NOT-FOR-US: Annex Cloud Loyalty Experience Platform CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...) NOT-FOR-US: CubeCoders AMP CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...) NOT-FOR-US: Pexip CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...) - pam-u2f 1.1.0-1.1 (bug #987545) [buster] - pam-u2f (Vulnerable code not present) [stretch] - pam-u2f (Vulnerable code not present) NOTE: https://www.yubico.com/support/security-advisories/ysa-2021-03 NOTE: https://github.com/Yubico/pam-u2f/commit/6059b057dd9b6d0164fc16f9422c0d728f902bb5 (pam_u2f-1.1.1) NOTE: https://github.com/Yubico/pam-u2f/issues/175 NOTE: Support for PIN verification introduced in 1.1.0. CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...) NOT-FOR-US: Ping Identity PingAccess CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...) NOT-FOR-US: Pulse Secure CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...) NOT-FOR-US: noobaa CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...) {DLA-2753-1} - qemu 1:5.2+dfsg-11 (bug #988157) [buster] - qemu (Minor issue) NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html CVE-2021-3526 REJECTED CVE-2021-3525 REJECTED CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) {DLA-2735-1} - ceph 14.2.21-1 (bug #988889) [buster] - ceph (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674 NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1 CVE-2021-3523 RESERVED CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...) NOT-FOR-US: Istio CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...) NOT-FOR-US: Istio CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...) NOT-FOR-US: Rust crate rkyv CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...) NOT-FOR-US: tripleo-ansible CVE-2021-31917 (A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1. ...) NOT-FOR-US: Infinispan CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1 CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...) NOT-FOR-US: JetBrains CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execu ...) NOT-FOR-US: JetBrains CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of the redi ...) NOT-FOR-US: JetBrains CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was potentiall ...) NOT-FOR-US: JetBrains CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on s ...) NOT-FOR-US: JetBrains CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF ...) NOT-FOR-US: JetBrains CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection leading to r ...) NOT-FOR-US: JetBrains CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible on seve ...) NOT-FOR-US: JetBrains CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for changing ...) NOT-FOR-US: JetBrains CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient ...) NOT-FOR-US: JetBrains CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information disclosure in an ...) NOT-FOR-US: JetBrains CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on ...) NOT-FOR-US: JetBrains CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's title was s ...) NOT-FOR-US: JetBrains CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control during the ex ...) NOT-FOR-US: JetBrains CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't ...) NOT-FOR-US: JetBrains CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE versions befor ...) NOT-FOR-US: JetBrains CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs before versio ...) NOT-FOR-US: JetBrains CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used instead o ...) NOT-FOR-US: JetBrains CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user confi ...) NOT-FOR-US: JetBrains CVE-2021-31896 RESERVED CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) NOT-FOR-US: Siemens CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...) NOT-FOR-US: Siemens CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...) NOT-FOR-US: Siemens CVE-2021-31890 RESERVED CVE-2021-31889 RESERVED CVE-2021-31888 RESERVED CVE-2021-31887 RESERVED CVE-2021-31886 RESERVED CVE-2021-31885 RESERVED CVE-2021-31884 RESERVED CVE-2021-31883 RESERVED CVE-2021-31882 RESERVED CVE-2021-31881 RESERVED CVE-2021-31880 RESERVED CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...) - wget (bug #988209) [bullseye] - wget (Minor issue) [buster] - wget (Minor issue) [stretch] - wget (Minor issue; can be fixed in next update) NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html CVE-2021-31878 (An issue was discovered in PJSIP in Asterisk before 16.19.1 and before ...) - asterisk (Vulnerability introduced in 16.17.0) NOTE: http://downloads.asterisk.org/pub/security/AST-2021-007.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29381 CVE-2021-31877 REJECTED CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the rep ...) - bitcoin NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876 NOTE: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...) NOT-FOR-US: Cesanta MongooseOS mJS CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, ...) NOT-FOR-US: Zoho CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202 NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5 NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2021-3521 RESERVED - rpm [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://github.com/rpm-software-management/rpm/pull/1788 CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to an ap ...) {DSA-4919-1 DLA-2657-1} - lz4 1.9.3-2 (bug #987856) NOTE: https://github.com/lz4/lz4/pull/972 NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...) NOT-FOR-US: Pimcore CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users o ...) NOT-FOR-US: Rapid7 Nexpose CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...) NOT-FOR-US: Pimcore CVE-2021-3519 RESERVED CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...) {DLA-2658-1} - redmine (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20854 CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) {DLA-2658-1} - redmine (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20946 CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) {DLA-2658-1} - redmine (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20970 CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...) {DLA-2658-1} - redmine (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962 CVE-2021-31862 RESERVED CVE-2021-31861 RESERVED CVE-2021-31860 RESERVED CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...) NOT-FOR-US: Ysoft SafeQ CVE-2021-31858 RESERVED CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...) NOT-FOR-US: Zoho ManageEngine Password Manager Pro CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...) NOT-FOR-US: Layer Meshery CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...) - kf5-messagelib 4:20.08.3-5 (bug #989438) [buster] - kf5-messagelib (Minor issue) [stretch] - kf5-messagelib (Minor issue) - kdepim4 [stretch] - kdepim4 (Minor issue) NOTE: https://kde.org/info/security/advisory-20210429-1.txt NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799 CVE-2021-31854 RESERVED CVE-2021-31853 RESERVED CVE-2021-31852 RESERVED CVE-2021-31851 RESERVED CVE-2021-31850 RESERVED CVE-2021-31849 RESERVED CVE-2021-31848 RESERVED CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...) NOT-FOR-US: McAfee CVE-2021-31846 RESERVED CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...) NOT-FOR-US: McAfee CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...) NOT-FOR-US: McAfee CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...) NOT-FOR-US: McAfee CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...) NOT-FOR-US: McAfee CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5 ...) NOT-FOR-US: McAfee CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...) NOT-FOR-US: McAfee CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...) NOT-FOR-US: McAfee CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4. ...) NOT-FOR-US: MVISION EDR (MVEDR) CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...) NOT-FOR-US: McAfee CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...) NOT-FOR-US: McAfee CVE-2021-31835 RESERVED CVE-2021-31834 RESERVED CVE-2021-31833 RESERVED CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...) NOT-FOR-US: McAfee CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...) NOT-FOR-US: McAfee CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: McAfee CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #987737) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7 CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #987738) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #987739) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before 2.3.4 ...) - pglogical 2.3.3-3 (bug #988735) [buster] - pglogical (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112 NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5 CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...) - 389-ds-base 1.4.4.11-2 (bug #988727) [stretch] - 389-ds-base (Minor issue) NOTE: https://github.com/389ds/389-ds-base/issues/4711 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...) {DLA-2690-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4 CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...) NOT-FOR-US: OpenDistro for Elasticsearch CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2021-31825 RESERVED CVE-2021-31824 RESERVED CVE-2021-31823 RESERVED CVE-2021-31822 RESERVED CVE-2021-31821 RESERVED CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...) NOT-FOR-US: Octopus Server CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...) NOT-FOR-US: Octopus CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...) NOT-FOR-US: Octopus Server CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...) NOT-FOR-US: Octopus Server CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...) NOT-FOR-US: Octopus Server CVE-2021-3513 NOT-FOR-US: Keycloak CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...) NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications) CVE-2021-31814 RESERVED CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...) NOT-FOR-US: Zoho CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...) - libpdfbox2-java 2.0.24-1 (bug #991526) [bullseye] - libpdfbox2-java (Minor issue) [buster] - libpdfbox2-java (Minor issue) - libpdfbox-java (bug #991527) [bullseye] - libpdfbox-java (Minor issue) [buster] - libpdfbox-java (Minor issue) [stretch] - libpdfbox-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/1 NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMem ...) - libpdfbox2-java 2.0.24-1 (bug #991526) [bullseye] - libpdfbox2-java (Minor issue) [buster] - libpdfbox2-java (Minor issue) - libpdfbox-java (bug #991527) [bullseye] - libpdfbox-java (Minor issue) [buster] - libpdfbox-java (Minor issue) [stretch] - libpdfbox-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2 NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) {DLA-2780-1} - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 [buster] - ruby2.5 (Minor issue) - ruby2.3 - jruby [buster] - jruby (Minor issue) [stretch] - jruby (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ NOTE: https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) CVE-2021-31809 RESERVED CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #989043) - squid3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #989043) - squid3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #989043) - squid3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch CVE-2021-31805 RESERVED CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...) {DSA-4905-1} - shibboleth-sp 3.2.2+dfsg1-1 (bug #987608) NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927 NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec CVE-2021-31804 (LeoCAD before 21.03 sometimes allows a use-after-free during the openi ...) - leocad (unimportant) NOTE: https://github.com/leozide/leocad/issues/645 NOTE: https://github.com/leozide/leocad/commit/233affe3fcdc851fa82cb058871bddd0046e1c87 NOTE: Crash in CLI tool, no security impact CVE-2021-31803 (cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SE ...) NOT-FOR-US: cPanel CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow tha ...) NOT-FOR-US: Netgear CVE-2021-31801 RESERVED CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...) - impacket 0.9.22-2 (bug #988141) [buster] - impacket (Minor issue) [stretch] - impacket (Minor issue) NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...) {DLA-2780-1} - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 [buster] - ruby2.5 (Minor issue) - ruby2.3 NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11) NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1) NOTE: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ NOTE: https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master) NOTE: https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7) CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk Credenti ...) NOT-FOR-US: CyberArk CVE-2021-31797 (The user identification mechanism used by CyberArk Credential Provider ...) NOT-FOR-US: CyberArk CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk Credenti ...) NOT-FOR-US: CyberArk CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...) NOT-FOR-US: PowerVR GPU kernel driver (OOT) CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...) NOT-FOR-US: Directum CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that ...) NOT-FOR-US: NightOwl WDB-20-V2 WDB-20-V2_20190314 devices CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...) NOT-FOR-US: SuiteCRM CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...) NOT-FOR-US: Sentry KM CVE-2021-31790 RESERVED CVE-2021-31789 RESERVED CVE-2021-31788 RESERVED CVE-2021-31787 RESERVED CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...) NOT-FOR-US: Actions ATS CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...) NOT-FOR-US: Actions ATS CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...) NOT-FOR-US: Piwigo extension CVE-2021-31782 RESERVED CVE-2021-31781 RESERVED CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...) NOT-FOR-US: MISP CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows ...) NOT-FOR-US: Typo3 extension CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...) NOT-FOR-US: Typo3 extension CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...) NOT-FOR-US: Typo3 extension CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search p ...) NOT-FOR-US: Aviatrix VPN Client CVE-2021-31775 RESERVED CVE-2021-31774 RESERVED CVE-2021-31773 RESERVED CVE-2021-31772 RESERVED CVE-2021-31771 (Splinterware System Scheduler Professional version 5.30 is subject to ...) NOT-FOR-US: Splinterware CVE-2021-31770 RESERVED CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...) NOT-FOR-US: MyQ CVE-2021-31768 RESERVED CVE-2021-31767 RESERVED CVE-2021-31766 RESERVED CVE-2021-31765 RESERVED CVE-2021-31764 RESERVED CVE-2021-31763 RESERVED CVE-2021-31762 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to creat ...) - webmin CVE-2021-31761 (Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to ac ...) - webmin CVE-2021-31760 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achie ...) - webmin CVE-2021-31759 RESERVED CVE-2021-31758 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31757 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31756 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31755 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31754 RESERVED CVE-2021-31753 RESERVED CVE-2021-31752 RESERVED CVE-2021-31751 RESERVED CVE-2021-31750 RESERVED CVE-2021-31749 RESERVED CVE-2021-31748 RESERVED CVE-2021-31747 RESERVED CVE-2021-31746 RESERVED CVE-2021-31745 RESERVED CVE-2021-31744 RESERVED CVE-2021-31743 RESERVED CVE-2021-31742 RESERVED CVE-2021-31741 RESERVED CVE-2021-31740 RESERVED CVE-2021-31739 RESERVED CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...) NOT-FOR-US: Adiscon LogAnalyzer CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...) NOT-FOR-US: emlog CVE-2021-31736 RESERVED CVE-2021-31735 RESERVED CVE-2021-31734 RESERVED CVE-2021-31733 RESERVED CVE-2021-31732 RESERVED CVE-2021-31731 (A directory traversal issue in KiteCMS 1.1.1 allows remote administrat ...) NOT-FOR-US: KiteCMS CVE-2021-31730 RESERVED CVE-2021-31729 RESERVED CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) NOT-FOR-US: MalwareFox AntiMalware CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) NOT-FOR-US: MalwareFox AntiMalware CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...) NOT-FOR-US: Akuvox CVE-2021-31725 RESERVED CVE-2021-31724 RESERVED CVE-2021-31723 RESERVED CVE-2021-31722 RESERVED CVE-2021-31721 (Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image ...) NOT-FOR-US: Chevereto CVE-2021-31720 RESERVED CVE-2021-31719 RESERVED CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the ...) NOT-FOR-US: npupnp CVE-2021-31717 RESERVED CVE-2021-31716 RESERVED CVE-2021-31715 RESERVED CVE-2021-31714 RESERVED CVE-2021-31713 RESERVED CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...) NOT-FOR-US: react-draft-wysiwyg CVE-2021-31711 RESERVED CVE-2021-31710 RESERVED CVE-2021-31709 RESERVED CVE-2021-31708 RESERVED CVE-2021-31707 RESERVED CVE-2021-31706 RESERVED CVE-2021-31705 RESERVED CVE-2021-31704 RESERVED CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious executab ...) NOT-FOR-US: Frontier ichris CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request for the h ...) NOT-FOR-US: Frontier ichris CVE-2021-31701 (Mintty before 3.4.7 mishandles Bracketed Paste Mode. ...) NOT-FOR-US: Mintty CVE-2021-31700 RESERVED CVE-2021-31699 RESERVED CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...) NOT-FOR-US: Quectel EG25-G devices CVE-2021-31697 RESERVED CVE-2021-31696 RESERVED CVE-2021-31695 RESERVED CVE-2021-31694 RESERVED CVE-2021-31693 RESERVED CVE-2021-31692 RESERVED CVE-2021-31691 RESERVED CVE-2021-31690 RESERVED CVE-2021-31689 RESERVED CVE-2021-31688 RESERVED CVE-2021-31687 RESERVED CVE-2021-31686 RESERVED CVE-2021-31685 RESERVED CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...) - json-smart (unimportant) NOTE: https://github.com/netplex/json-smart-v2/issues/67 NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5 NOTE: Security impact disputed by upstream CVE-2021-31683 RESERVED CVE-2021-31682 RESERVED CVE-2021-31681 RESERVED CVE-2021-31680 RESERVED CVE-2021-31679 RESERVED CVE-2021-31678 RESERVED CVE-2021-31677 RESERVED CVE-2021-31676 RESERVED CVE-2021-31675 RESERVED CVE-2021-31674 RESERVED CVE-2021-31673 RESERVED CVE-2021-31672 RESERVED CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...) NOT-FOR-US: pgsync CVE-2021-31670 RESERVED CVE-2021-31669 RESERVED CVE-2021-31668 RESERVED CVE-2021-31667 RESERVED CVE-2021-31666 RESERVED CVE-2021-31665 RESERVED CVE-2021-31664 (RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31663 (RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31662 (RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31661 (RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31660 (RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...) NOT-FOR-US: TP-Link CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...) NOT-FOR-US: TP-Link CVE-2021-31657 RESERVED CVE-2021-31656 RESERVED CVE-2021-31655 (Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2 ...) NOT-FOR-US: TRENDnet CVE-2021-31654 RESERVED CVE-2021-31653 RESERVED CVE-2021-31652 RESERVED CVE-2021-31651 RESERVED CVE-2021-31650 RESERVED CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...) NOT-FOR-US: jfinal CVE-2021-31648 RESERVED CVE-2021-31647 RESERVED CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...) NOT-FOR-US: Gestsup CVE-2021-31645 RESERVED CVE-2021-31644 RESERVED CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...) NOT-FOR-US: CHIYU Technology CVE-2021-31642 (A denial of service condition exists after an integer overflow in seve ...) NOT-FOR-US: CHIYU Technology CVE-2021-31641 (An unauthenticated XSS vulnerability exists in several IoT devices fro ...) NOT-FOR-US: CHIYU Technology CVE-2021-31640 RESERVED CVE-2021-31639 RESERVED CVE-2021-31638 RESERVED CVE-2021-31637 RESERVED CVE-2021-31636 RESERVED CVE-2021-31635 RESERVED CVE-2021-31634 RESERVED CVE-2021-31633 RESERVED CVE-2021-31632 RESERVED CVE-2021-31631 RESERVED CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...) NOT-FOR-US: Open PLC webserver CVE-2021-31629 RESERVED CVE-2021-31628 RESERVED CVE-2021-31627 RESERVED CVE-2021-31626 RESERVED CVE-2021-31625 RESERVED CVE-2021-31624 RESERVED CVE-2021-31623 RESERVED CVE-2021-31622 RESERVED CVE-2021-31621 RESERVED CVE-2021-31620 RESERVED CVE-2021-31619 RESERVED CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...) {DSA-4937-1 DLA-2706-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.46-5 (bug #989562) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4 NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759 CVE-2021-31617 RESERVED CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...) NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...) NOTE: Bluetooth protocol issue CVE-2021-31614 RESERVED CVE-2021-31613 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-31612 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices do ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-31611 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not prope ...) NOT-FOR-US: Bluetrum CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...) NOT-FOR-US: Silicon Labs Bluetooth CVE-2021-31608 RESERVED CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...) - salt 3002.6+dfsg1-2 (bug #987496) NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/ CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...) NOT-FOR-US: openvpn-monitor CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...) NOT-FOR-US: openvpn-monitor CVE-2021-31604 (furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an ar ...) NOT-FOR-US: openvpn-monitor CVE-2021-31603 RESERVED CVE-2021-31602 RESERVED CVE-2021-31601 RESERVED CVE-2021-31600 RESERVED CVE-2021-31599 RESERVED CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/28/ CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...) - node-xmlhttprequest-ssl [buster] - node-xmlhttprequest-ssl (Minor issue, should possibly be removed from stable as well) [stretch] - node-xmlhttprequest-ssl (Minor issue) NOTE: https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 NOTE: https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt CVE-2021-31596 RESERVED CVE-2021-31595 RESERVED CVE-2021-31594 RESERVED CVE-2021-31593 RESERVED CVE-2021-31592 RESERVED CVE-2021-31591 RESERVED CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...) NOT-FOR-US: PwnDoc CVE-2021-31589 RESERVED CVE-2021-31588 RESERVED CVE-2021-31587 RESERVED CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user to perfo ...) NOT-FOR-US: Accellion Kiteworks CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin privileges t ...) NOT-FOR-US: Accellion Kiteworks CVE-2021-31584 (Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGC ...) NOT-FOR-US: Sipwise CVE-2021-31583 (Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform v ...) NOT-FOR-US: Sipwise CVE-2021-31582 RESERVED CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...) NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) CVE-2021-31578 RESERVED CVE-2021-31577 RESERVED CVE-2021-31576 RESERVED CVE-2021-31575 RESERVED CVE-2021-31574 RESERVED CVE-2021-31573 RESERVED CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...) NOT-FOR-US: Buffalo CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...) NOT-FOR-US: Buffalo CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) NOT-FOR-US: Amazon Web Services FreeRTOS kernel CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) NOT-FOR-US: Amazon Web Services FreeRTOS kernel CVE-2021-31570 RESERVED CVE-2021-31569 RESERVED CVE-2021-31568 RESERVED CVE-2021-31557 RESERVED CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) NOT-FOR-US: MediaWiki extension OAuth CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) NOT-FOR-US: MediaWiki extension OAuth CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31553 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2021-31552 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31551 (An issue was discovered in the PageForms extension for MediaWiki throu ...) NOT-FOR-US: MediaWiki extension PageForms CVE-2021-31550 (An issue was discovered in the CommentBox extension for MediaWiki thro ...) NOT-FOR-US: MediaWiki extension CommentBox CVE-2021-31549 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31548 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31547 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31546 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31545 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31544 RESERVED CVE-2021-31543 RESERVED CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...) {DLA-2651-1} - python-django 2:2.2.21-1 (bug #988053) NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/ NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main) NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21) CVE-2021-31541 RESERVED CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-31538 (LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allo ...) NOT-FOR-US: LANCOM CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...) NOT-FOR-US: SIS-REWE Go CVE-2021-31536 RESERVED CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...) {DSA-4920-1 DLA-2666-1} - libx11 2:1.7.1-1 (bug #988737) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/2 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/3 NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt NOTE: https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ CVE-2021-31534 RESERVED CVE-2021-31533 RESERVED CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...) NOT-FOR-US: NXP CVE-2021-31531 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to S ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31530 (Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to I ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31529 RESERVED CVE-2021-31528 RESERVED CVE-2021-31527 RESERVED CVE-2021-31526 RESERVED CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...) - golang-1.16 1.16.4-1 - golang-1.15 1.15.9-2 - golang-1.11 - golang-1.8 [stretch] - golang-1.8 (Minor issue, DoS, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, DoS, requires rebuilding reverse-dependencies) - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-3 - golang-golang-x-net-dev [stretch] - golang-golang-x-net-dev (Limited support in stretch) NOTE: https://github.com/golang/go/issues/45710 NOTE: https://github.com/golang/go/issues/45711 (1.15 backport) NOTE: https://github.com/golang/go/issues/45712 (1.16 backport) NOTE: https://go-review.googlesource.com/c/net/+/313069 NOTE: golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1) NOTE: golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...) - openexr (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05 NOTE: Only affects exrcheck, which isn't built into the binary packages CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DLA-2701-1} - openexr 2.5.7-1 (bug #992703) [bullseye] - openexr (Minor issue) [buster] - openexr (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5) CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DLA-2701-1} - openexr 2.5.7-1 [bullseye] - openexr (Minor issue, might change ABI) [buster] - openexr (Minor issue, might change ABI) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c (v3.0.0-beta) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (v2.5.5) NOTE: Depends on https://github.com/AcademySoftwareFoundation/openexr/commit/de27156b77896aeef5b1c99edbca2bc4fa784b51 (v2.3.0) CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...) - openexr 2.5.4-2 (bug #988240) [buster] - openexr (Vulnerable code not present) [stretch] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e CVE-2021-31524 RESERVED CVE-2021-31522 RESERVED CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...) - ceph 14.2.21-1 (bug #988888) [buster] - ceph (Vulnerable code introduced later) [stretch] - ceph (Vulnerable code introduced later) NOTE: Nautilus: https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca NOTE: Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b NOTE: Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4 NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly NOTE: cookie, introducing the specific CVE-2021-3509 issue. CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...) NOT-FOR-US: Trend Micro CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...) NOT-FOR-US: Trend Micro CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...) NOT-FOR-US: Trend Micro CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) NOT-FOR-US: Trend Micro CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) NOT-FOR-US: Trend Micro CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...) - pdfresurrect (unimportant) NOTE: https://github.com/enferex/pdfresurrect/issues/17 NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370 NOTE: Hang in CLI tool, no security impact CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...) - qemu (bug #987410) [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118 CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...) {DLA-2690-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux (f2fs is not supportable) NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2 NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/ CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...) - xscreensaver 5.45+dfsg1-2 (bug #989508) [buster] - xscreensaver (Minor issue) [stretch] - xscreensaver (Minor issue, fix along with next dla) NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2 NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...) - xscreensaver 5.45+dfsg1-2 (bug #987149) [buster] - xscreensaver (Vulnerability introduced later) [stretch] - xscreensaver (Vulnerability introduced later) NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444 NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 NOTE: Only in 5.44+dfsg1-1 net_raw capability was added to sonar executable via postinst NOTE: and so exposing the vulnerability. CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...) - libtpms 0.8.0~dev1-1 NOTE: https://github.com/stefanberger/libtpms/issues/183 NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0) NOTE: https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b (v0.8.0) CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20. It is ...) {DSA-4913-1 DLA-2656-1} - hivex 1.3.20-1 (bug #988024) NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381 CVE-2021-3503 RESERVED - wildfly (bug #752018) CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Vector 35 Binary Ninja CVE-2021-31515 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Vector 35 Binary Ninja CVE-2021-31514 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31513 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31512 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31511 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31510 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31509 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31508 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31507 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...) NOT-FOR-US: Arlo Q Plus CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31500 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31499 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31498 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31497 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31496 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31495 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31494 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31493 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31492 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31491 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31490 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31489 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31488 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31487 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31486 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31485 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31484 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31483 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31482 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31481 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31480 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31479 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31478 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31477 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: GE Reason RPV311 14A03 CVE-2021-31476 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: SolarWinds CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: SolarWinds CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31471 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31470 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31469 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31468 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31467 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31466 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31465 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31464 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31463 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31462 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31461 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31460 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31459 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31458 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31457 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31456 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31455 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31454 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31453 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31452 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31451 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31450 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31449 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31448 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31447 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31446 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31445 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31444 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31443 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31442 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-503/ CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Synology CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...) NOT-FOR-US: Parallels Desktop CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...) - linux 5.10.38-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a CVE-2021-31416 RESERVED CVE-2021-31415 RESERVED CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...) NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code CVE-2021-31413 RESERVED CVE-2021-31412 (Improper sanitization of path in default RouteNotFoundError view in co ...) NOT-FOR-US: Vaadin CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...) NOT-FOR-US: Vaadin CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...) NOT-FOR-US: Vaadin CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...) NOT-FOR-US: Vaadin CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...) NOT-FOR-US: Vaadin CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...) NOT-FOR-US: Vaadin CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...) NOT-FOR-US: Vaadin CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...) NOT-FOR-US: Vaadin CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) NOT-FOR-US: Vaadin CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) NOT-FOR-US: Vaadin CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present in a ...) - avahi (bug #986018) [bullseye] - avahi (Minor issue) [buster] - avahi (Vulnerable code introduced later) [stretch] - avahi (Vulnerable code introduced later) NOTE: https://github.com/lathiat/avahi/issues/338 NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8) CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...) {DLA-2667-1} - djvulibre 3.5.28-2 (bug #988215) [buster] - djvulibre (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685 NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently) CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...) NOT-FOR-US: dio package for Dart CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterN ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embe ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...) NOT-FOR-US: On 2N Access Unit devices CVE-2021-31398 RESERVED CVE-2021-31397 RESERVED CVE-2021-31396 RESERVED CVE-2021-31395 RESERVED CVE-2021-31394 RESERVED CVE-2021-31393 RESERVED CVE-2021-31392 RESERVED CVE-2021-31391 RESERVED CVE-2021-31390 RESERVED CVE-2021-31389 RESERVED CVE-2021-31388 RESERVED CVE-2021-31387 RESERVED CVE-2021-31386 RESERVED NOT-FOR-US: Juniper CVE-2021-31385 RESERVED NOT-FOR-US: Juniper CVE-2021-31384 RESERVED NOT-FOR-US: Juniper CVE-2021-31383 RESERVED CVE-2021-31382 RESERVED NOT-FOR-US: Juniper CVE-2021-31381 RESERVED NOT-FOR-US: Juniper CVE-2021-31380 RESERVED NOT-FOR-US: Juniper CVE-2021-31379 RESERVED NOT-FOR-US: Juniper CVE-2021-31378 RESERVED NOT-FOR-US: Juniper CVE-2021-31377 RESERVED NOT-FOR-US: Juniper CVE-2021-31376 RESERVED NOT-FOR-US: Juniper CVE-2021-31375 RESERVED NOT-FOR-US: Juniper CVE-2021-31374 RESERVED NOT-FOR-US: Juniper CVE-2021-31373 RESERVED NOT-FOR-US: Juniper CVE-2021-31372 RESERVED NOT-FOR-US: Juniper CVE-2021-31371 RESERVED NOT-FOR-US: Juniper CVE-2021-31370 RESERVED NOT-FOR-US: Juniper CVE-2021-31369 RESERVED NOT-FOR-US: Juniper CVE-2021-31368 RESERVED NOT-FOR-US: Juniper CVE-2021-31367 RESERVED NOT-FOR-US: Juniper CVE-2021-31366 RESERVED NOT-FOR-US: Juniper CVE-2021-31365 RESERVED NOT-FOR-US: Juniper CVE-2021-31364 RESERVED NOT-FOR-US: Juniper CVE-2021-31363 RESERVED NOT-FOR-US: Juniper CVE-2021-31362 RESERVED NOT-FOR-US: Juniper CVE-2021-31361 RESERVED NOT-FOR-US: Juniper CVE-2021-31360 RESERVED NOT-FOR-US: Juniper CVE-2021-31359 RESERVED NOT-FOR-US: Juniper CVE-2021-31358 RESERVED CVE-2021-31357 RESERVED CVE-2021-31356 RESERVED CVE-2021-31355 RESERVED NOT-FOR-US: Juniper CVE-2021-31354 RESERVED NOT-FOR-US: Juniper CVE-2021-31353 RESERVED NOT-FOR-US: Juniper CVE-2021-31352 RESERVED NOT-FOR-US: Juniper CVE-2021-31351 RESERVED NOT-FOR-US: Juniper CVE-2021-31350 RESERVED NOT-FOR-US: Juniper CVE-2021-31349 RESERVED NOT-FOR-US: Juniper CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ CVE-2021-31346 RESERVED CVE-2021-31345 RESERVED CVE-2021-31344 RESERVED CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...) NOT-FOR-US: Solid Edge CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...) NOT-FOR-US: Solid Edge CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...) NOT-FOR-US: Mendix Database Replication CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions &g ...) NOT-FOR-US: Siemens CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...) NOT-FOR-US: Mendix Excel Importer Module CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...) NOT-FOR-US: SINEMA Remote Connect Client CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...) NOT-FOR-US: Siemens CVE-2021-31336 RESERVED CVE-2021-31335 RESERVED CVE-2021-31334 RESERVED CVE-2021-31333 RESERVED CVE-2021-31332 RESERVED CVE-2021-31331 RESERVED CVE-2021-31330 RESERVED CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...) NOT-FOR-US: Remote Clinic CVE-2021-31328 RESERVED CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...) NOT-FOR-US: Remote Clinic CVE-2021-31326 RESERVED CVE-2021-31325 RESERVED CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) NOT-FOR-US: CentOS Web Panel CVE-2021-31323 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/ CVE-2021-31322 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/ CVE-2021-31321 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie 0.1+dfsg-2 (bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/ CVE-2021-31320 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/ CVE-2021-31319 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/ CVE-2021-31318 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/ CVE-2021-31317 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie 0.1+dfsg-2 (bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/ CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) NOT-FOR-US: CentOS Web Panel CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/ CVE-2021-31314 RESERVED CVE-2021-31313 RESERVED CVE-2021-31312 RESERVED CVE-2021-31311 RESERVED CVE-2021-31310 RESERVED CVE-2021-31309 RESERVED CVE-2021-31308 RESERVED CVE-2021-31307 RESERVED CVE-2021-31306 RESERVED CVE-2021-31305 RESERVED CVE-2021-31304 RESERVED CVE-2021-31303 RESERVED CVE-2021-31302 RESERVED CVE-2021-31301 RESERVED CVE-2021-31300 RESERVED CVE-2021-31299 RESERVED CVE-2021-31298 RESERVED CVE-2021-31297 RESERVED CVE-2021-31296 RESERVED CVE-2021-31295 RESERVED CVE-2021-31294 RESERVED CVE-2021-31293 RESERVED CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...) {DSA-4958-1 DLA-2750-1} - exiv2 0.27.3-3.1 (bug #991706) [bullseye] - exiv2 0.27.3-3+deb11u1 NOTE: https://github.com/Exiv2/exiv2/issues/1530 NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0 NOTE: In older releases affected code is in src/crwimage.cpp CVE-2021-31291 REJECTED CVE-2021-31290 RESERVED CVE-2021-31289 RESERVED CVE-2021-31288 RESERVED CVE-2021-31287 RESERVED CVE-2021-31286 RESERVED CVE-2021-31285 RESERVED CVE-2021-31284 RESERVED CVE-2021-31283 RESERVED CVE-2021-31282 RESERVED CVE-2021-31281 RESERVED CVE-2021-31280 RESERVED CVE-2021-31279 RESERVED CVE-2021-31278 RESERVED CVE-2021-31277 RESERVED CVE-2021-31276 RESERVED CVE-2021-31275 RESERVED CVE-2021-31274 (In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in ...) NOT-FOR-US: LibreNMS CVE-2021-31273 RESERVED CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...) NOT-FOR-US: SerenityOS CVE-2021-31271 RESERVED CVE-2021-31270 RESERVED CVE-2021-31269 RESERVED CVE-2021-31268 RESERVED CVE-2021-31267 RESERVED CVE-2021-31266 RESERVED CVE-2021-31265 RESERVED CVE-2021-31264 RESERVED CVE-2021-31263 RESERVED CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50 NOTE: https://github.com/gpac/gpac/issues/1738 CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...) - gpac 1.0.1+dfsg1-4 (unimportant; bug #987280) NOTE: https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65 NOTE: https://github.com/gpac/gpac/issues/1737 NOTE: Negligible security impact CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9 NOTE: https://github.com/gpac/gpac/issues/1736 CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...) - gpac (Vulnerable code was introduced later) NOTE: https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8 NOTE: https://github.com/gpac/gpac/issues/1735 NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e NOTE: https://github.com/gpac/gpac/issues/1706 CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0 NOTE: https://github.com/gpac/gpac/issues/1734 CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...) - gpac 1.0.1+dfsg1-4 (bug #987280; unimportant) NOTE: https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e NOTE: https://github.com/gpac/gpac/issues/1705 NOTE: Negligible security impact CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5 NOTE: https://github.com/gpac/gpac/issues/1733 CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 ...) - gpac (Vulnerable code was introduced later) NOTE: https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8 NOTE: https://github.com/gpac/gpac/issues/1703 NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) CVE-2021-31253 RESERVED CVE-2021-31252 (An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-4 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31251 (An authentication bypass in telnet server in BF-430 and BF431 232/422 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31250 (Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31249 (A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31248 RESERVED CVE-2021-31247 RESERVED CVE-2021-31246 RESERVED CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...) NOT-FOR-US: openmptcprouter-vps-admin CVE-2021-31244 RESERVED CVE-2021-31243 RESERVED CVE-2021-31242 RESERVED CVE-2021-31241 RESERVED CVE-2021-31240 RESERVED CVE-2021-31239 RESERVED CVE-2021-31238 RESERVED CVE-2021-31237 RESERVED CVE-2021-31236 RESERVED CVE-2021-31235 RESERVED CVE-2021-31234 RESERVED CVE-2021-31233 RESERVED CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...) NOT-FOR-US: CNCF Cortex CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...) NOT-FOR-US: Grafana Enterprise Metrics and Metrics Enterprise CVE-2021-31230 RESERVED CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/26/ CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...) NOT-FOR-US: SES Evolution CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...) NOT-FOR-US: SES Evolution CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...) NOT-FOR-US: SES Evolution CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...) NOT-FOR-US: SES Evolution CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...) NOT-FOR-US: SES Evolution CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...) NOT-FOR-US: SES Evolution CVE-2021-31219 RESERVED CVE-2021-31218 RESERVED CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...) NOT-FOR-US: SolarWinds CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...) NOT-FOR-US: Siren Investigate CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...) - slurm-wlm 20.11.7+really20.11.4-2 (bug #988439) - slurm-llnl [buster] - slurm-llnl (Minor issue) [stretch] - slurm-llnl (env is already SPANKed) NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing) NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2 NOTE: for consistency with BTS. CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to and incl ...) NOT-FOR-US: Openshift/ovn-kubernetes CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...) NOT-FOR-US: Microsoft CVE-2021-31212 RESERVED CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-31210 RESERVED CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31206 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31203 RESERVED CVE-2021-31202 RESERVED CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-31197 RESERVED CVE-2021-31196 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2021-31189 RESERVED CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...) NOT-FOR-US: Microsoft CVE-2021-31183 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) NOT-FOR-US: Microsoft CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31172 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...) NOT-FOR-US: Apache Unomi CVE-2021-31163 RESERVED CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free can occur ...) - rustc 1.53.0+dfsg1-1 [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/83618 NOTE: https://github.com/rust-lang/rust/pull/83629 NOTE: https://github.com/rust-lang/rust/commit/542f441d445026d0996eebee9ddddee98f5dc3e5 CVE-2021-31161 RESERVED CVE-2021-31160 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...) NOT-FOR-US: Couchbase Server CVE-2021-31157 RESERVED CVE-2021-31156 RESERVED CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...) NOT-FOR-US: Multilaser Router AC1200 CVE-2021-31151 REJECTED CVE-2021-31150 REJECTED CVE-2021-31149 REJECTED CVE-2021-31148 REJECTED CVE-2021-31147 REJECTED CVE-2021-31146 REJECTED CVE-2021-31145 REJECTED CVE-2021-31144 REJECTED CVE-2021-31143 REJECTED CVE-2021-31142 REJECTED CVE-2021-31141 REJECTED CVE-2021-31140 REJECTED CVE-2021-31139 REJECTED CVE-2021-31138 REJECTED CVE-2021-31137 REJECTED CVE-2021-31136 REJECTED CVE-2021-31135 REJECTED CVE-2021-31134 REJECTED CVE-2021-31133 REJECTED CVE-2021-31132 REJECTED CVE-2021-31131 REJECTED CVE-2021-31130 REJECTED CVE-2021-31129 REJECTED CVE-2021-31128 REJECTED CVE-2021-31127 REJECTED CVE-2021-31126 REJECTED CVE-2021-31125 REJECTED CVE-2021-31124 REJECTED CVE-2021-31123 REJECTED CVE-2021-31122 REJECTED CVE-2021-31121 REJECTED CVE-2021-31120 REJECTED CVE-2021-31119 REJECTED CVE-2021-31118 REJECTED CVE-2021-31117 REJECTED CVE-2021-31116 REJECTED CVE-2021-31115 REJECTED CVE-2021-31114 REJECTED CVE-2021-31113 REJECTED CVE-2021-31112 REJECTED CVE-2021-31111 REJECTED CVE-2021-31110 REJECTED CVE-2021-31109 REJECTED CVE-2021-31108 REJECTED CVE-2021-31107 REJECTED CVE-2021-31106 REJECTED CVE-2021-31105 REJECTED CVE-2021-31104 REJECTED CVE-2021-31103 REJECTED CVE-2021-31102 REJECTED CVE-2021-31101 REJECTED CVE-2021-31100 REJECTED CVE-2021-31099 REJECTED CVE-2021-31098 REJECTED CVE-2021-31097 REJECTED CVE-2021-31096 REJECTED CVE-2021-31095 REJECTED CVE-2021-31094 REJECTED CVE-2021-31093 REJECTED CVE-2021-31092 REJECTED CVE-2021-31091 REJECTED CVE-2021-31090 REJECTED CVE-2021-31089 REJECTED CVE-2021-31088 REJECTED CVE-2021-31087 REJECTED CVE-2021-31086 REJECTED CVE-2021-31085 REJECTED CVE-2021-31084 REJECTED CVE-2021-31083 REJECTED CVE-2021-31082 REJECTED CVE-2021-31081 REJECTED CVE-2021-31080 REJECTED CVE-2021-31079 REJECTED CVE-2021-31078 REJECTED CVE-2021-31077 REJECTED CVE-2021-31076 REJECTED CVE-2021-31075 REJECTED CVE-2021-31074 REJECTED CVE-2021-31073 REJECTED CVE-2021-31072 REJECTED CVE-2021-31071 REJECTED CVE-2021-31070 REJECTED CVE-2021-31069 REJECTED CVE-2021-31068 REJECTED CVE-2021-31067 REJECTED CVE-2021-31066 REJECTED CVE-2021-31065 REJECTED CVE-2021-31064 REJECTED CVE-2021-31063 REJECTED CVE-2021-31062 REJECTED CVE-2021-31061 REJECTED CVE-2021-31060 REJECTED CVE-2021-31059 REJECTED CVE-2021-31058 REJECTED CVE-2021-31057 REJECTED CVE-2021-31056 REJECTED CVE-2021-31055 REJECTED CVE-2021-31054 REJECTED CVE-2021-31053 REJECTED CVE-2021-31052 REJECTED CVE-2021-31051 REJECTED CVE-2021-31050 REJECTED CVE-2021-31049 REJECTED CVE-2021-31048 REJECTED CVE-2021-31047 REJECTED CVE-2021-31046 REJECTED CVE-2021-31045 REJECTED CVE-2021-31044 REJECTED CVE-2021-31043 REJECTED CVE-2021-31042 REJECTED CVE-2021-31041 REJECTED CVE-2021-31040 REJECTED CVE-2021-31039 REJECTED CVE-2021-31038 REJECTED CVE-2021-31037 REJECTED CVE-2021-31036 REJECTED CVE-2021-31035 REJECTED CVE-2021-31034 REJECTED CVE-2021-31033 REJECTED CVE-2021-31032 REJECTED CVE-2021-31031 REJECTED CVE-2021-31030 REJECTED CVE-2021-31029 REJECTED CVE-2021-31028 REJECTED CVE-2021-31027 REJECTED CVE-2021-31026 REJECTED CVE-2021-31025 REJECTED CVE-2021-31024 REJECTED CVE-2021-31023 REJECTED CVE-2021-31022 REJECTED CVE-2021-31021 REJECTED CVE-2021-31020 REJECTED CVE-2021-31019 REJECTED CVE-2021-31018 REJECTED CVE-2021-31017 REJECTED CVE-2021-31016 REJECTED CVE-2021-31015 REJECTED CVE-2021-31014 REJECTED CVE-2021-31013 REJECTED CVE-2021-31012 REJECTED CVE-2021-31011 REJECTED CVE-2021-31010 REJECTED CVE-2021-31009 REJECTED CVE-2021-31008 REJECTED CVE-2021-31007 REJECTED CVE-2021-31006 REJECTED CVE-2021-31005 REJECTED CVE-2021-31004 REJECTED CVE-2021-31003 REJECTED CVE-2021-31002 REJECTED CVE-2021-31001 REJECTED CVE-2021-31000 REJECTED CVE-2021-30999 REJECTED CVE-2021-30998 REJECTED CVE-2021-30997 REJECTED CVE-2021-30996 REJECTED CVE-2021-30995 REJECTED CVE-2021-30994 REJECTED CVE-2021-30993 REJECTED CVE-2021-30992 REJECTED CVE-2021-30991 REJECTED CVE-2021-30990 REJECTED CVE-2021-30989 REJECTED CVE-2021-30988 REJECTED CVE-2021-30987 REJECTED CVE-2021-30986 REJECTED CVE-2021-30985 REJECTED CVE-2021-30984 REJECTED CVE-2021-30983 REJECTED CVE-2021-30982 REJECTED CVE-2021-30981 REJECTED CVE-2021-30980 REJECTED CVE-2021-30979 REJECTED CVE-2021-30978 REJECTED CVE-2021-30977 REJECTED CVE-2021-30976 REJECTED CVE-2021-30975 REJECTED CVE-2021-30974 REJECTED CVE-2021-30973 REJECTED CVE-2021-30972 REJECTED CVE-2021-30971 REJECTED CVE-2021-30970 REJECTED CVE-2021-30969 REJECTED CVE-2021-30968 REJECTED CVE-2021-30967 REJECTED CVE-2021-30966 REJECTED CVE-2021-30965 REJECTED CVE-2021-30964 REJECTED CVE-2021-30963 REJECTED CVE-2021-30962 REJECTED CVE-2021-30961 REJECTED CVE-2021-30960 REJECTED CVE-2021-30959 REJECTED CVE-2021-30958 REJECTED CVE-2021-30957 REJECTED CVE-2021-30956 REJECTED CVE-2021-30955 REJECTED CVE-2021-30954 REJECTED CVE-2021-30953 REJECTED CVE-2021-30952 REJECTED CVE-2021-30951 REJECTED CVE-2021-30950 REJECTED CVE-2021-30949 REJECTED CVE-2021-30948 REJECTED CVE-2021-30947 REJECTED CVE-2021-30946 REJECTED CVE-2021-30945 REJECTED CVE-2021-30944 REJECTED CVE-2021-30943 REJECTED CVE-2021-30942 REJECTED CVE-2021-30941 REJECTED CVE-2021-30940 REJECTED CVE-2021-30939 REJECTED CVE-2021-30938 REJECTED CVE-2021-30937 REJECTED CVE-2021-30936 REJECTED CVE-2021-30935 REJECTED CVE-2021-30934 REJECTED CVE-2021-30933 REJECTED CVE-2021-30932 REJECTED CVE-2021-30931 REJECTED CVE-2021-30930 REJECTED CVE-2021-30929 REJECTED CVE-2021-30928 REJECTED CVE-2021-30927 REJECTED CVE-2021-30926 REJECTED CVE-2021-30925 REJECTED CVE-2021-30924 REJECTED CVE-2021-30923 REJECTED CVE-2021-30922 REJECTED CVE-2021-30921 REJECTED CVE-2021-30920 REJECTED CVE-2021-30919 REJECTED CVE-2021-30918 REJECTED CVE-2021-30917 REJECTED CVE-2021-30916 REJECTED CVE-2021-30915 REJECTED CVE-2021-30914 REJECTED CVE-2021-30913 REJECTED CVE-2021-30912 REJECTED CVE-2021-30911 REJECTED CVE-2021-30910 REJECTED CVE-2021-30909 REJECTED CVE-2021-30908 REJECTED CVE-2021-30907 REJECTED CVE-2021-30906 REJECTED CVE-2021-30905 REJECTED CVE-2021-30904 REJECTED CVE-2021-30903 REJECTED CVE-2021-30902 REJECTED CVE-2021-30901 REJECTED CVE-2021-30900 REJECTED CVE-2021-30899 REJECTED CVE-2021-30898 REJECTED CVE-2021-30897 REJECTED CVE-2021-30896 REJECTED CVE-2021-30895 REJECTED CVE-2021-30894 REJECTED CVE-2021-30893 REJECTED CVE-2021-30892 REJECTED CVE-2021-30891 REJECTED CVE-2021-30890 REJECTED CVE-2021-30889 REJECTED CVE-2021-30888 REJECTED CVE-2021-30887 REJECTED CVE-2021-30886 REJECTED CVE-2021-30885 REJECTED CVE-2021-30884 REJECTED CVE-2021-30883 REJECTED CVE-2021-30882 REJECTED CVE-2021-30881 REJECTED CVE-2021-30880 REJECTED CVE-2021-30879 REJECTED CVE-2021-30878 REJECTED CVE-2021-30877 REJECTED CVE-2021-30876 REJECTED CVE-2021-30875 REJECTED CVE-2021-30874 REJECTED CVE-2021-30873 REJECTED CVE-2021-30872 REJECTED CVE-2021-30871 REJECTED CVE-2021-30870 REJECTED CVE-2021-30869 REJECTED CVE-2021-30868 REJECTED CVE-2021-30867 REJECTED CVE-2021-30866 REJECTED CVE-2021-30865 REJECTED CVE-2021-30864 REJECTED CVE-2021-30863 REJECTED CVE-2021-30862 REJECTED CVE-2021-30861 REJECTED CVE-2021-30860 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2021-30859 REJECTED CVE-2021-30858 (A use after free issue was addressed with improved memory management. ...) {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 NOTE: https://webkitgtk.org/security/WSA-2021-0005.html CVE-2021-30857 REJECTED CVE-2021-30856 REJECTED CVE-2021-30855 REJECTED CVE-2021-30854 REJECTED CVE-2021-30853 REJECTED CVE-2021-30852 REJECTED CVE-2021-30851 REJECTED CVE-2021-30850 RESERVED CVE-2021-30849 RESERVED CVE-2021-30848 RESERVED CVE-2021-30847 RESERVED CVE-2021-30846 RESERVED CVE-2021-30845 RESERVED CVE-2021-30844 RESERVED CVE-2021-30843 RESERVED CVE-2021-30842 RESERVED CVE-2021-30841 RESERVED CVE-2021-30840 RESERVED CVE-2021-30839 RESERVED CVE-2021-30838 RESERVED CVE-2021-30837 RESERVED CVE-2021-30836 RESERVED CVE-2021-30835 RESERVED CVE-2021-30834 RESERVED CVE-2021-30833 RESERVED CVE-2021-30832 RESERVED CVE-2021-30831 RESERVED CVE-2021-30830 RESERVED CVE-2021-30829 RESERVED CVE-2021-30828 RESERVED CVE-2021-30827 RESERVED CVE-2021-30826 RESERVED CVE-2021-30825 RESERVED CVE-2021-30824 RESERVED CVE-2021-30823 RESERVED CVE-2021-30822 RESERVED CVE-2021-30821 RESERVED CVE-2021-30820 RESERVED CVE-2021-30819 RESERVED CVE-2021-30818 RESERVED CVE-2021-30817 RESERVED CVE-2021-30816 RESERVED CVE-2021-30815 RESERVED CVE-2021-30814 RESERVED CVE-2021-30813 RESERVED CVE-2021-30812 RESERVED CVE-2021-30811 RESERVED CVE-2021-30810 RESERVED CVE-2021-30809 RESERVED CVE-2021-30808 RESERVED CVE-2021-30807 RESERVED CVE-2021-30806 RESERVED CVE-2021-30805 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30804 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30803 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30802 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30801 RESERVED CVE-2021-30800 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30799 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30798 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30797 (This issue was addressed with improved checks. This issue is fixed in ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30796 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30795 (A use after free issue was addressed with improved memory management. ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30794 RESERVED CVE-2021-30793 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30792 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30791 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30790 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2021-30789 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30788 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30787 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30786 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30785 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2021-30784 (Multiple issues were addressed with improved logic. This issue is fixe ...) NOT-FOR-US: Apple CVE-2021-30783 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30782 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30781 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30780 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30779 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30778 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2021-30777 (An injection issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30776 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30775 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30774 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30773 (An issue in code signature validation was addressed with improved chec ...) NOT-FOR-US: Apple CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30771 RESERVED CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30767 RESERVED CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30764 (Processing a maliciously crafted file may lead to arbitrary code execu ...) NOT-FOR-US: Apple CVE-2021-30763 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30762 (A use after free issue was addressed with improved memory management. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30761 (A memory corruption issue was addressed with improved state management ...) {DSA-4558-1} - webkit2gtk 2.26.1-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.26.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30760 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30759 (A stack overflow was addressed with improved input validation. This is ...) NOT-FOR-US: Apple CVE-2021-30758 (A type confusion issue was addressed with improved state handling. Thi ...) {DSA-4945-1} - webkit2gtk 2.32.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.2-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30757 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2021-30756 (A local attacker may be able to view Now Playing information from the ...) NOT-FOR-US: Apple CVE-2021-30755 (Processing a maliciously crafted font may result in the disclosure of ...) NOT-FOR-US: Apple CVE-2021-30754 RESERVED CVE-2021-30753 (Processing a maliciously crafted font may result in the disclosure of ...) NOT-FOR-US: Apple CVE-2021-30752 (Processing a maliciously crafted image may lead to arbitrary code exec ...) NOT-FOR-US: Apple CVE-2021-30751 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2021-30750 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30749 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30748 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30747 RESERVED CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30745 RESERVED CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30743 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30742 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2021-30741 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30740 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30739 (A local attacker may be able to elevate their privileges. This issue i ...) NOT-FOR-US: Apple CVE-2021-30738 (A malicious application may be able to overwrite arbitrary files. This ...) NOT-FOR-US: Apple CVE-2021-30737 (A memory corruption issue in the ASN.1 decoder was addressed by removi ...) NOT-FOR-US: Apple CVE-2021-30736 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2021-30735 (A malicious application may be able to execute arbitrary code with ker ...) NOT-FOR-US: Apple CVE-2021-30734 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30733 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30732 RESERVED CVE-2021-30731 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30730 RESERVED CVE-2021-30729 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-30728 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30727 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30726 (A malicious application may be able to execute arbitrary code with ker ...) NOT-FOR-US: Apple CVE-2021-30725 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30724 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30723 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30722 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30721 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2021-30720 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30719 (A local user may be able to cause unexpected system termination or rea ...) NOT-FOR-US: Apple CVE-2021-30718 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30717 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30716 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30715 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30714 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30713 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30712 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30711 RESERVED CVE-2021-30710 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30709 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30708 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30707 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30706 (Processing a maliciously crafted image may lead to disclosure of user ...) NOT-FOR-US: Apple CVE-2021-30705 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30704 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30703 (A double free issue was addressed with improved memory management. Thi ...) NOT-FOR-US: Apple CVE-2021-30702 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30701 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30700 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30699 (A window management issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30698 (A null pointer dereference was addressed with improved input validatio ...) NOT-FOR-US: Apple CVE-2021-30697 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30696 (An attacker in a privileged network position may be able to misreprese ...) NOT-FOR-US: Apple CVE-2021-30695 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30694 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30693 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30692 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30691 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30690 (Multiple issues in apache were addressed by updating apache to version ...) NOT-FOR-US: Apple CVE-2021-30689 (A logic issue was addressed with improved state management. This issue ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30688 (A malicious application may be able to break out of its sandbox. This ...) NOT-FOR-US: Apple CVE-2021-30687 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30686 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30685 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30684 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30683 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30682 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4923-1} - webkit2gtk 2.32.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.0-2 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30681 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2021-30680 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30679 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2021-30678 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30677 (This issue was addressed with improved environment sanitization. This ...) NOT-FOR-US: Apple CVE-2021-30676 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30675 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30674 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30673 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30672 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30671 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30670 RESERVED CVE-2021-30669 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30668 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30667 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30666 (A buffer overflow issue was addressed with improved memory handling. T ...) {DSA-4558-1} - webkit2gtk 2.26.1-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.26.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30665 (A memory corruption issue was addressed with improved state management ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30664 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30663 (An integer overflow was addressed with improved input validation. This ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30662 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30661 (A use after free issue was addressed with improved memory management. ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30660 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30659 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30658 (This issue was addressed with improved handling of file metadata. This ...) NOT-FOR-US: Apple CVE-2021-30657 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30656 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2021-30655 (An application may be able to execute arbitrary code with system privi ...) NOT-FOR-US: Apple CVE-2021-30654 (This issue was addressed by removing additional entitlements. This iss ...) NOT-FOR-US: Apple CVE-2021-30653 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30651 RESERVED CVE-2021-30650 RESERVED CVE-2021-30649 RESERVED CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...) NOT-FOR-US: Symantec CVE-2021-30647 RESERVED CVE-2021-30646 RESERVED CVE-2021-30645 RESERVED CVE-2021-30644 RESERVED CVE-2021-30643 RESERVED CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics web UI 7.2 ...) NOT-FOR-US: Symantec CVE-2021-XXXX [out of bounds reads in ASF demuxer] - gst-plugins-ugly1.0 1.18.4-2 [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1 [stretch] - gst-plugins-ugly1.0 1.10.4-1+deb9u1 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4) CVE-2021-3522 (GStreamer before 1.18.4 may perform an out-of-bounds read when handlin ...) {DSA-4903-1 DLA-2641-1} - gst-plugins-base1.0 1.18.4-2 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0001.html CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations] - gst-plugins-bad1.0 1.18.4-2 [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2 [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d (1.18-branch) CVE-2021-XXXX [stack corruption when handling files with more than 64 audio channels] - gst-libav1.0 1.18.4-2 [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1 [stretch] - gst-libav1.0 1.10.4-1+deb9u1 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1 (master) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92 CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...) {DSA-4900-1} [experimental] - gst-plugins-good1.0 1.18.4-1 - gst-plugins-good1.0 1.18.4-2 (bug #986911) [stretch] - gst-plugins-good1.0 (Vulnerable code introduced later) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0 NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366 CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...) {DSA-4900-1 DLA-2640-1} [experimental] - gst-plugins-good1.0 1.18.4-1 - gst-plugins-good1.0 1.18.4-2 (bug #986910) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3 CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 in Get ...) - jhead 1:3.04-6 (bug #986923; unimportant) NOTE: https://github.com/Matthias-Wandel/jhead/issues/33 NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0 NOTE: Crash in CLI tool, no security impact CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...) {DSA-4937-1 DLA-2706-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1966743 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238 NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...) {DSA-4952-1 DLA-2733-1} - tomcat9 9.0.43-2 (bug #991046) [bullseye] - tomcat9 9.0.43-2~deb11u1 [buster] - tomcat9 9.0.31-1~deb10u6 - tomcat8 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224 NOTE: https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46) NOTE: https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46) NOTE: https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66) NOTE: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66) NOTE: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66) NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66) NOTE: Fix for CVE-2021-30640 introduced a regression: NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...) - tomcat9 (Vulnerable code introduced later in 9.0.44) - tomcat8 [stretch] - tomcat8 (Vulnerable code was introduced later) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65203 NOTE: https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45) NOTE: https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65) CVE-2021-30638 (Information Exposure vulnerability in context asset handling of Apache ...) NOT-FOR-US: Apache Tapestry CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...) NOT-FOR-US: htmly CVE-2021-30636 RESERVED CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2021-30634 RESERVED CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30631 RESERVED - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...) - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...) NOT-FOR-US: ChromeOS Readiness Tool installer on Windows CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30595 RESERVED CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30570 RESERVED CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30558 RESERVED CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...) {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) - firefox 90.0-1 - firefox-esr 78.12.0esr-1 - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-30547 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547 CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) - icu 67.1-7 [stretch] - icu (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1194899 (restricted) NOTE: Bugfix: https://github.com/unicode-org/icu/pull/1698/commits/e450fa50fc242282551f56b941dc93b9a8a0bcbb NOTE: Backports: https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2842864 CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [stretch] - chromium (see DSA 4562) CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30519 (Use after free in Payments in Google Chrome prior to 90.0.4430.212 all ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.443 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to 90.0.4430.21 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30515 (Use after free in File API in Google Chrome prior to 90.0.4430.212 all ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to 90.0.4430.212 all ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to 90.0.4430.21 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.2 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.2 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.443 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on Android pr ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on Android ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30505 RESERVED CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of ...) NOT-FOR-US: JetBrains CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...) NOT-FOR-US: GLSL Linting extension for Visual Studio Code CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...) NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code CVE-2021-3495 (An incorrect access control flaw was found in the kiali-operator in ve ...) NOT-FOR-US: kiali-operator CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems of th ...) - foreman (bug #663101) CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...) - linux 5.10.38-1 [stretch] - linux (Unprivileged users cannot mount overlayfs) NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...) - upx-ucl (unimportant) NOTE: https://github.com/upx/upx/issues/486 NOTE: https://github.com/upx/upx/pull/487 NOTE: https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46 CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...) - upx-ucl (unimportant) NOTE: https://github.com/upx/upx/issues/485 NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...) - libcaca (bug #987278) [bullseye] - libcaca (Minor issue) [buster] - libcaca (Minor issue) [stretch] - libcaca (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/54 CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...) - libcaca (bug #987278) [bullseye] - libcaca (Minor issue) [buster] - libcaca (Minor issue) [stretch] - libcaca (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/53 CVE-2021-30497 RESERVED CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...) NOT-FOR-US: Telegram for iOS CVE-2021-30495 RESERVED CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...) NOT-FOR-US: Razer Synapse 3 software suite CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...) NOT-FOR-US: Razer Synapse 3 software suite CVE-2021-30492 RESERVED CVE-2021-30491 RESERVED CVE-2021-30490 RESERVED CVE-2021-30489 RESERVED CVE-2021-30488 RESERVED CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organization a ...) - zulip-server (bug #800052) CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via ...) NOT-FOR-US: SysAid CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/25 CVE-2021-30484 RESERVED CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...) NOT-FOR-US: isomorphic-git CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...) NOT-FOR-US: JetBrains CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...) NOT-FOR-US: Valve Steam NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam NOTE: is started, so nothing really to be updated there CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux ...) - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 NOTE: Debian does not include the (not yet upstream accepted) shiftfs CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13 NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11 CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/10 CVE-2021-30480 (Zoom Chat through 2021-04-09 on Windows and macOS allows certain remot ...) NOT-FOR-US: Zoom Chat CVE-2021-3488 RESERVED CVE-2021-30479 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) - zulip-server (bug #800052) CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) - zulip-server (bug #800052) CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) - zulip-server (bug #800052) CVE-2021-30476 (HashiCorp Terraform’s Vault Provider (terraform-provider-vault) ...) NOT-FOR-US: HashiCorp Terraform Vault Provider CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...) - binutils 2.37-3 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24 NOTE: binutils not covered by security support CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...) - glpi NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...) - aom NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999 CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...) - aom NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000 CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...) - aom (bug #988211) NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...) - libpodofo (bug #986794) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/132/ CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...) - libpodofo (bug #986793) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/131/ CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...) - libpodofo (bug #986792) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/130/ CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...) - libpodofo (bug #986791) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/129/ CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...) NOT-FOR-US: Apache CXF CVE-2021-30467 RESERVED CVE-2021-30466 RESERVED CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...) - runc 1.0.0~rc93+ds1-5 (bug #988768) [stretch] - runc (Intrusive to backport fix) NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2 NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r NOTE: Initial patch in -4, but revised patch was applied only in -5 CVE-2021-30464 (OMICRON StationGuard before 1.10 allows remote attackers to cause a de ...) NOT-FOR-US: OMICRON StationGuard CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...) NOT-FOR-US: VestaCP CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...) NOT-FOR-US: VestaCP CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...) NOT-FOR-US: VoIPmonitor CVE-2021-30460 RESERVED CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...) NOT-FOR-US: Jazzband Django Debug Toolbar CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...) - mediawiki 1:1.35.2-1 [buster] - mediawiki (Only applies to 1.35 and later) [stretch] - mediawiki (Only applies to 1.35 and later) NOTE: https://phabricator.wikimedia.org/T279451 CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) NOT-FOR-US: Rust crate id-map CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) NOT-FOR-US: Rust crate id-map CVE-2021-30455 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) NOT-FOR-US: Rust crate id-map CVE-2021-30454 (An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. ...) NOT-FOR-US: Rust crate outer_cgi CVE-2021-30453 RESERVED CVE-2021-30452 RESERVED CVE-2021-30451 RESERVED CVE-2021-30450 RESERVED CVE-2021-30449 RESERVED CVE-2021-30448 RESERVED CVE-2021-30447 RESERVED CVE-2021-30446 RESERVED CVE-2021-30445 RESERVED CVE-2021-30444 RESERVED CVE-2021-30443 RESERVED CVE-2021-30442 RESERVED CVE-2021-30441 RESERVED CVE-2021-30440 RESERVED CVE-2021-30439 RESERVED CVE-2021-30438 RESERVED CVE-2021-30437 RESERVED CVE-2021-30436 RESERVED CVE-2021-30435 RESERVED CVE-2021-30434 RESERVED CVE-2021-30433 RESERVED CVE-2021-30432 RESERVED CVE-2021-30431 RESERVED CVE-2021-30430 RESERVED CVE-2021-30429 RESERVED CVE-2021-30428 RESERVED CVE-2021-30427 RESERVED CVE-2021-30426 RESERVED CVE-2021-30425 RESERVED CVE-2021-30424 RESERVED CVE-2021-30423 RESERVED CVE-2021-30422 RESERVED CVE-2021-30421 RESERVED CVE-2021-30420 RESERVED CVE-2021-30419 RESERVED CVE-2021-30418 RESERVED CVE-2021-30417 RESERVED CVE-2021-30416 RESERVED CVE-2021-30415 RESERVED CVE-2021-30414 RESERVED CVE-2021-30413 RESERVED CVE-2021-30412 RESERVED CVE-2021-30411 RESERVED CVE-2021-30410 RESERVED CVE-2021-30409 RESERVED CVE-2021-30408 RESERVED CVE-2021-30407 RESERVED CVE-2021-30406 RESERVED CVE-2021-30405 RESERVED CVE-2021-30404 RESERVED CVE-2021-30403 RESERVED CVE-2021-30402 RESERVED CVE-2021-30401 RESERVED CVE-2021-30400 RESERVED CVE-2021-30399 RESERVED CVE-2021-30398 RESERVED CVE-2021-30397 RESERVED CVE-2021-30396 RESERVED CVE-2021-30395 RESERVED CVE-2021-30394 RESERVED CVE-2021-30393 RESERVED CVE-2021-30392 RESERVED CVE-2021-30391 RESERVED CVE-2021-30390 RESERVED CVE-2021-30389 RESERVED CVE-2021-30388 RESERVED CVE-2021-30387 RESERVED CVE-2021-30386 RESERVED CVE-2021-30385 RESERVED CVE-2021-30384 RESERVED CVE-2021-30383 RESERVED CVE-2021-30382 RESERVED CVE-2021-30381 RESERVED CVE-2021-30380 RESERVED CVE-2021-30379 RESERVED CVE-2021-30378 RESERVED CVE-2021-30377 RESERVED CVE-2021-30376 RESERVED CVE-2021-30375 RESERVED CVE-2021-30374 RESERVED CVE-2021-30373 RESERVED CVE-2021-30372 RESERVED CVE-2021-30371 RESERVED CVE-2021-30370 RESERVED CVE-2021-30369 RESERVED CVE-2021-30368 RESERVED CVE-2021-30367 RESERVED CVE-2021-30366 RESERVED CVE-2021-30365 RESERVED CVE-2021-30364 RESERVED CVE-2021-30363 RESERVED CVE-2021-30362 RESERVED CVE-2021-30361 RESERVED CVE-2021-30360 RESERVED CVE-2021-30359 RESERVED CVE-2021-30358 RESERVED CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...) NOT-FOR-US: SSL Network Extender Client CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...) NOT-FOR-US: Check Point Identity Agent CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 improperl ...) NOT-FOR-US: Amazon Kindle e-reader CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...) NOT-FOR-US: Amazon Kindle e-reader CVE-2021-30353 RESERVED CVE-2021-30352 RESERVED CVE-2021-30351 RESERVED CVE-2021-30350 RESERVED CVE-2021-30349 RESERVED CVE-2021-30348 RESERVED CVE-2021-30347 RESERVED CVE-2021-30346 RESERVED CVE-2021-30345 RESERVED CVE-2021-30344 RESERVED CVE-2021-30343 RESERVED CVE-2021-30342 RESERVED CVE-2021-30341 RESERVED CVE-2021-30340 RESERVED CVE-2021-30339 RESERVED CVE-2021-30338 RESERVED CVE-2021-30337 RESERVED CVE-2021-30336 RESERVED CVE-2021-30335 RESERVED CVE-2021-30334 RESERVED CVE-2021-30333 RESERVED CVE-2021-30332 RESERVED CVE-2021-30331 RESERVED CVE-2021-30330 RESERVED CVE-2021-30329 RESERVED CVE-2021-30328 RESERVED CVE-2021-30327 RESERVED CVE-2021-30326 RESERVED CVE-2021-30325 RESERVED CVE-2021-30324 RESERVED CVE-2021-30323 RESERVED CVE-2021-30322 RESERVED CVE-2021-30321 RESERVED CVE-2021-30320 RESERVED CVE-2021-30319 RESERVED CVE-2021-30318 RESERVED CVE-2021-30317 RESERVED CVE-2021-30316 RESERVED CVE-2021-30315 RESERVED CVE-2021-30314 RESERVED CVE-2021-30313 RESERVED CVE-2021-30312 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30311 RESERVED CVE-2021-30310 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30309 RESERVED CVE-2021-30308 RESERVED CVE-2021-30307 RESERVED CVE-2021-30306 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30305 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30304 RESERVED CVE-2021-30303 RESERVED CVE-2021-30302 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30301 RESERVED CVE-2021-30300 RESERVED CVE-2021-30299 RESERVED CVE-2021-30298 RESERVED CVE-2021-30297 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30296 RESERVED CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30293 RESERVED CVE-2021-30292 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30291 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...) NOT-FOR-US: Snapdragon CVE-2021-30289 RESERVED CVE-2021-30288 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30287 RESERVED CVE-2021-30286 RESERVED CVE-2021-30285 RESERVED CVE-2021-30284 RESERVED CVE-2021-30283 RESERVED CVE-2021-30282 RESERVED CVE-2021-30281 RESERVED CVE-2021-30280 RESERVED CVE-2021-30279 RESERVED CVE-2021-30278 RESERVED CVE-2021-30277 RESERVED CVE-2021-30276 RESERVED CVE-2021-30275 RESERVED CVE-2021-30274 RESERVED CVE-2021-30273 RESERVED CVE-2021-30272 RESERVED CVE-2021-30271 RESERVED CVE-2021-30270 RESERVED CVE-2021-30269 RESERVED CVE-2021-30268 RESERVED CVE-2021-30267 RESERVED CVE-2021-30266 RESERVED CVE-2021-30265 RESERVED CVE-2021-30264 RESERVED CVE-2021-30263 RESERVED CVE-2021-30262 RESERVED CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30259 RESERVED CVE-2021-30258 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30257 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30256 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-30255 RESERVED CVE-2021-30254 RESERVED CVE-2021-30253 RESERVED CVE-2021-30252 RESERVED CVE-2021-30251 RESERVED CVE-2021-30250 RESERVED CVE-2021-30249 RESERVED CVE-2021-30248 RESERVED CVE-2021-30247 RESERVED CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA ...) NOT-FOR-US: Node jsrasign CVE-2021-30245 (The project received a report that all versions of Apache OpenOffice t ...) NOT-FOR-US: Apache OpenOffice, equivalent to CVE-2021-25631 CVE-2021-3485 (An Improper Input Validation vulnerability in the Product Update featu ...) NOT-FOR-US: Bitdefender CVE-2021-30244 RESERVED CVE-2021-30243 RESERVED CVE-2021-30242 RESERVED CVE-2021-30241 RESERVED CVE-2021-30240 RESERVED CVE-2021-30239 RESERVED CVE-2021-30238 RESERVED CVE-2021-30237 RESERVED CVE-2021-30236 RESERVED CVE-2021-30235 RESERVED CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...) NOT-FOR-US: emlog CVE-2021-30226 RESERVED CVE-2021-30225 RESERVED CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...) NOT-FOR-US: Rukovoditel CVE-2021-30223 RESERVED CVE-2021-30222 RESERVED CVE-2021-30221 RESERVED CVE-2021-30220 RESERVED CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...) NOT-FOR-US: samurai CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...) NOT-FOR-US: samurai CVE-2021-30217 RESERVED CVE-2021-30216 RESERVED CVE-2021-30215 RESERVED CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...) NOT-FOR-US: Knowage Suite CVE-2021-30213 (Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-sit ...) NOT-FOR-US: Knowage Suite CVE-2021-30212 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) NOT-FOR-US: Knowage Suite CVE-2021-30211 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) NOT-FOR-US: Knowage Suite CVE-2021-30210 RESERVED CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...) NOT-FOR-US: Textpattern CMS CVE-2021-30208 RESERVED CVE-2021-30207 RESERVED CVE-2021-30206 RESERVED CVE-2021-30205 RESERVED CVE-2021-30204 RESERVED CVE-2021-30203 RESERVED CVE-2021-30202 RESERVED CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. ...) NOT-FOR-US: Kaseya CVE-2021-30200 RESERVED CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca NOTE: https://github.com/gpac/gpac/issues/1728 CVE-2021-30198 RESERVED CVE-2021-30197 RESERVED CVE-2021-30196 RESERVED CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...) NOT-FOR-US: CODESYS CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. ...) NOT-FOR-US: CODESYS CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. ...) NOT-FOR-US: CODESYS CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...) NOT-FOR-US: CODESYS CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...) NOT-FOR-US: CODESYS CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. ...) NOT-FOR-US: CODESYS CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...) NOT-FOR-US: CODESYS CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...) NOT-FOR-US: CODESYS CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...) NOT-FOR-US: CODESYS CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...) NOT-FOR-US: CODESYS CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) NOT-FOR-US: CERN Indico CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) - gnuchess (bug #986801) [bullseye] - gnuchess (Minor issue) [buster] - gnuchess (Minor issue) [stretch] - gnuchess (Minor issue in a game; can be fixed in next update) NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...) NOT-FOR-US: Octopus Server CVE-2021-30182 RESERVED CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...) NOT-FOR-US: Apache Dubbo CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...) NOT-FOR-US: Apache Dubbo CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...) NOT-FOR-US: Apache Dubbo CVE-2021-3484 RESERVED CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918 CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...) NOT-FOR-US: PHP-Nuke CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...) NOT-FOR-US: ZEROF Expert CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...) NOT-FOR-US: ZEROF Web Server CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in specific f ...) NOT-FOR-US: RiyaLab CloudISO CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...) NOT-FOR-US: omni-directional communication system CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...) NOT-FOR-US: Quan-Fang-Wei-Tong-Xun system CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users̵ ...) NOT-FOR-US: ERP POS CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...) NOT-FOR-US: ERP POS CVE-2021-30169 (The sensitive information of webcam device is not properly protected. ...) NOT-FOR-US: LILIN CVE-2021-30168 (The sensitive information of webcam device is not properly protected. ...) NOT-FOR-US: LILIN CVE-2021-30167 (The manage users profile services of the network camera device allows ...) NOT-FOR-US: LILIN CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...) NOT-FOR-US: LILIN CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...) NOT-FOR-US: EDIMAX CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) {DLA-2658-1} - redmine (bug #986800) NOTE: https://www.redmine.org/projects/redmine/repository/revisions/19975 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) {DLA-2658-1} - redmine (bug #986800) NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20819 CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) NOT-FOR-US: LG mobile devices CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) NOT-FOR-US: LG mobile devices CVE-2021-26948 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/410 NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2 NOTE: Crash in CLI tool, no security impact CVE-2021-26259 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/417 NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5 NOTE: Crash in CLI tool, no security impact CVE-2021-26252 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/412 NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc NOTE: Crash in CLI tool, no security impact CVE-2021-23206 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/416 NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8 NOTE: Crash in CLI tool, no security impact CVE-2021-23191 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/415 NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc NOTE: Crash in CLI tool, no security impact CVE-2021-23180 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/418 NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a NOTE: Crash in CLI tool, no security impact CVE-2021-23165 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/413 NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f CVE-2021-23158 RESERVED {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/414 NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc NOTE: Crash in CLI tool, no security impact CVE-2021-30160 RESERVED CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T272386 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T277009 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546 CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1} - mediawiki 1:1.35.2-1 [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T278058 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085 CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) - mediawiki (Not a security issue on release branches, only affected master) NOTE: https://phabricator.wikimedia.org/T276306 NOTE: CVE description is wrong CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T270988 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1} - mediawiki 1:1.35.2-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T278014 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/ CVE-2021-30153 RESERVED - mediawiki 1:1.35.2-1 [buster] - mediawiki (Vulnerable code not present) [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T270453 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T270713 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) - ruby-sidekiq (bug #987354) [bullseye] - ruby-sidekiq (Minor issue) [buster] - ruby-sidekiq (Minor issue) [stretch] - ruby-sidekiq (Minor issue) NOTE: https://github.com/mperham/sidekiq/issues/4852 NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8 CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...) NOT-FOR-US: Composr CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...) NOT-FOR-US: Composr CVE-2021-30148 RESERVED CVE-2021-30147 (DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as addi ...) NOT-FOR-US: DMA Softlab Radius Manager CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...) - seafile-client (bug #987282) [bullseye] - seafile-client (Minor issue) [buster] - seafile-client (Minor issue) NOTE: https://github.com/Security-AVS/CVE-2021-30146 CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...) - mpv 0.32.0-3 (bug #986839) [buster] - mpv (Minor issue) [stretch] - mpv (Minor issue; can be fixed in next update) NOTE: https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) NOT-FOR-US: GLPI plugin CVE-2021-30143 RESERVED CVE-2021-30142 RESERVED CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) NOT-FOR-US: Friendica CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...) NOT-FOR-US: LiquidFiles CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a b ...) NOT-FOR-US: Alpine Linux apk-tools CVE-2021-30138 REJECTED CVE-2021-30137 (Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarsha ...) NOT-FOR-US: Axios Assyst CVE-2021-30136 RESERVED CVE-2021-30135 RESERVED CVE-2021-30134 RESERVED CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...) NOT-FOR-US: CloverDX CVE-2021-30132 RESERVED CVE-2021-30131 RESERVED CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) - phpseclib 1.0.19-3 [stretch] - phpseclib (Only affects 3.x branch) - php-phpseclib 2.0.30-2 [stretch] - php-phpseclib (Only affects 3.x branch) - php-phpseclib3 3.0.7-1 NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890 NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1) NOTE: According to upstream, 1.x and 2.x are not vulnerable, the fix on these branches only backports more exhaustive PKCS#1 v1.5 support (functional change) NOTE: According to upstream, 1.x and 2.x have the problem described as "incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5 NOTE: signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter." but NOTE: this is not considered as a security problem. CVE-2021-30129 (A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...) NOT-FOR-US: Apache Mina SSHD CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...) NOT-FOR-US: Apache OFBiz CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...) NOT-FOR-US: Terramaster CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...) NOT-FOR-US: Lightmeter ControlCenter CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...) NOT-FOR-US: Jamf Pro CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...) NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual Studio Code CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec ...) - ffmpeg (Only affects 4.4 development branches) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f NOTE: https://trac.ffmpeg.org/ticket/8845 NOTE: https://trac.ffmpeg.org/ticket/8863 NOTE: CVE description is wrong, this landed in 4.4 only NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 CVE-2021-30122 RESERVED CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...) NOT-FOR-US: Kaseya CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...) NOT-FOR-US: Kaseya CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. ...) NOT-FOR-US: Kaseya CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...) NOT-FOR-US: Kaseya CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...) NOT-FOR-US: Kaseya CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...) NOT-FOR-US: Kaseya CVE-2021-30115 RESERVED CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) NOT-FOR-US: Web-School ERP CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...) NOT-FOR-US: Web-School ERP CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) NOT-FOR-US: Web-School ERP CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...) NOT-FOR-US: Web-School ERP CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II before 5 ...) NOT-FOR-US: Greyware CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...) NOT-FOR-US: Froala Editor CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vu ...) NOT-FOR-US: Feehi CMS CVE-2021-30107 RESERVED CVE-2021-30106 RESERVED CVE-2021-30105 RESERVED CVE-2021-30104 RESERVED CVE-2021-30103 RESERVED CVE-2021-30102 RESERVED CVE-2021-30101 RESERVED CVE-2021-30100 RESERVED CVE-2021-30099 RESERVED CVE-2021-30098 RESERVED CVE-2021-30097 RESERVED CVE-2021-30096 RESERVED CVE-2021-30095 RESERVED CVE-2021-30094 RESERVED CVE-2021-30093 RESERVED CVE-2021-30092 RESERVED CVE-2021-30091 RESERVED CVE-2021-30090 RESERVED CVE-2021-30089 RESERVED CVE-2021-30088 RESERVED CVE-2021-30087 RESERVED CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese ...) NOT-FOR-US: KindEditor CVE-2021-30085 RESERVED CVE-2021-30084 RESERVED CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vuln ...) NOT-FOR-US: Mediat CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vu ...) NOT-FOR-US: Gris CMS CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...) NOT-FOR-US: emlog CVE-2021-30080 RESERVED CVE-2021-30079 RESERVED CVE-2021-30078 RESERVED CVE-2021-30077 RESERVED CVE-2021-30076 RESERVED CVE-2021-30075 RESERVED CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the s ...) NOT-FOR-US: docsify CVE-2021-30073 RESERVED CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...) NOT-FOR-US: D-Link CVE-2021-30071 RESERVED CVE-2021-30070 RESERVED CVE-2021-30069 RESERVED CVE-2021-30068 RESERVED CVE-2021-30067 RESERVED CVE-2021-30066 RESERVED CVE-2021-30065 RESERVED CVE-2021-30064 RESERVED CVE-2021-30063 RESERVED CVE-2021-30062 RESERVED CVE-2021-30061 RESERVED CVE-2021-30060 RESERVED CVE-2021-30059 RESERVED CVE-2021-30058 (Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). ...) NOT-FOR-US: Knowage Suite CVE-2021-30057 (A stored HTML injection vulnerability exists in Knowage Suite version ...) NOT-FOR-US: Knowage Suite CVE-2021-30056 (Knowage Suite before 7.4 is vulnerable to reflected cross-site scripti ...) NOT-FOR-US: Knowage Suite CVE-2021-30055 (A SQL injection vulnerability in Knowage Suite version 7.1 exists in t ...) NOT-FOR-US: Knowage Suite CVE-2021-30054 RESERVED CVE-2021-30053 RESERVED CVE-2021-30052 RESERVED CVE-2021-30051 RESERVED CVE-2021-30050 RESERVED CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /Ke ...) NOT-FOR-US: SysAid CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...) NOT-FOR-US: Novel-plus CVE-2021-30047 RESERVED CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) NOT-FOR-US: VIGRA Computer Vision Library CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) NOT-FOR-US: SerenityOS CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or ...) NOT-FOR-US: Remote Clinic CVE-2021-30043 RESERVED CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name" ...) NOT-FOR-US: Remote Clinic CVE-2021-30041 RESERVED CVE-2021-30040 RESERVED CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "B ...) NOT-FOR-US: Remote Clinic CVE-2021-30038 RESERVED CVE-2021-30037 RESERVED CVE-2021-30036 RESERVED CVE-2021-30035 RESERVED CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons fiel ...) NOT-FOR-US: Remote Clinic CVE-2021-30033 RESERVED CVE-2021-30032 RESERVED CVE-2021-30031 REJECTED CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...) NOT-FOR-US: Remote Clinic CVE-2021-30029 RESERVED CVE-2021-30028 RESERVED CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...) - md4c 0.4.7-2 (bug #987799) NOTE: https://github.com/mity/md4c/issues/155 NOTE: https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19 CVE-2021-30026 RESERVED CVE-2021-30025 RESERVED CVE-2021-30024 RESERVED CVE-2021-30023 RESERVED CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 NOTE: https://github.com/gpac/gpac/issues/1720 CVE-2021-30021 RESERVED CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 NOTE: https://github.com/gpac/gpac/issues/1722 CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc NOTE: https://github.com/gpac/gpac/issues/1723 CVE-2021-30018 RESERVED CVE-2021-30017 RESERVED CVE-2021-30016 RESERVED CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec NOTE: https://github.com/gpac/gpac/issues/1719 CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 NOTE: https://github.com/gpac/gpac/issues/1721 CVE-2021-30013 RESERVED CVE-2021-30012 RESERVED CVE-2021-30011 RESERVED CVE-2021-30010 RESERVED CVE-2021-30009 RESERVED CVE-2021-30008 RESERVED CVE-2021-30007 RESERVED CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to informa ...) - intellij-idea (bug #747616) CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was possibl ...) NOT-FOR-US: JetBrains CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...) - wpa (unimportant) NOTE: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 NOTE: Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal) NOTE: but Debian builds with CONFIG_TLS=openssl CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...) NOT-FOR-US: Nokia G-120W-F 3FE46606AGAB91 devices CVE-2021-30001 RESERVED CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...) NOT-FOR-US: LATRIX CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...) NOT-FOR-US: Wind River VxWorks CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...) NOT-FOR-US: Wind River VxWorks CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A specia ...) NOT-FOR-US: Helix ALM CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...) NOT-FOR-US: marktext CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...) NOT-FOR-US: CloverDX CVE-2021-29994 RESERVED CVE-2021-29993 RESERVED - firefox (Specific to Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993 CVE-2021-29992 RESERVED CVE-2021-29991 RESERVED - firefox 91.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991 CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 91.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990 CVE-2021-29989 (Mozilla developers reported memory safety bugs present in Firefox 90 a ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989 CVE-2021-29988 (Firefox incorrectly treated an inline list-item element as a block ele ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29988 CVE-2021-29987 (After requesting multiple permissions, and closing the first permissio ...) - firefox 91.0-1 - thunderbird (Thunderbird 78.x not affected, only TB91) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987 CVE-2021-29986 (A suspected race condition when calling getaddrinfo led to memory corr ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986 CVE-2021-29985 (A use-after-free vulnerability in media channels could have led to mem ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985 CVE-2021-29984 (Instruction reordering resulted in a sequence of instructions that wou ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29984 CVE-2021-29983 (Firefox for Android could get stuck in fullscreen mode and not exit it ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29983 CVE-2021-29982 (Due to incorrect JIT optimization, we incorrectly interpreted data fro ...) - firefox 91.0-1 - thunderbird (Thunderbird 78.x not affected, only TB91) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29982 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29982 CVE-2021-29981 (An issue present in lowering/register allocation could have led to obs ...) - firefox 91.0-1 - thunderbird (Thunderbird 78.x not affected, only TB91) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29981 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981 CVE-2021-29980 (Uninitialized memory in a canvas object could have caused an incorrect ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29980 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29980 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29980 CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...) NOT-FOR-US: Hubs Cloud CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...) NOT-FOR-US: Mozilla VPN CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977 CVE-2021-29976 (Mozilla developers reported memory safety bugs present in code shared ...) {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} - firefox 90.0-1 - firefox-esr 78.12.0esr-1 - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976 CVE-2021-29975 (Through a series of DOM manipulations, a message, over which the attac ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975 CVE-2021-29974 (When network partitioning was enabled, e.g. as a result of Enhanced Tr ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974 CVE-2021-29973 (Password autofill was enabled without user interaction on insecure web ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973 CVE-2021-29972 (A use-after-free vulnerability was found via testing, and traced to an ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972 CVE-2021-29971 (If a user had granted a permission to a webpage and saved that grant, ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971 CVE-2021-29970 (A malicious webpage could have triggered a use-after-free, memory corr ...) {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} - firefox 90.0-1 - firefox-esr 78.12.0esr-1 - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970 CVE-2021-29969 (If Thunderbird was configured to use STARTTLS for an IMAP connection, ...) {DSA-4940-1 DLA-2711-1} - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969 CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...) - firefox (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/#CVE-2021-29968 CVE-2021-29967 (Mozilla developers reported memory safety bugs present in Firefox 88 a ...) {DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1} - firefox-esr 78.11.0esr-1 - firefox 89.0-1 - thunderbird 1:78.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29967 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967 CVE-2021-29966 (Mozilla developers reported memory safety bugs present in Firefox 88. ...) - firefox 89.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966 CVE-2021-29965 (A malicious website that causes an HTTP Authentication dialog to be sp ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965 CVE-2021-29964 (A locally-installed hostile program could send `WM_COPYDATA` messages ...) - firefox-esr (Only affects Windows) - firefox (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29964 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29964 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964 CVE-2021-29963 (Address bar search suggestions in private browsing mode were re-using ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963 CVE-2021-29962 (Firefox for Android would become unstable and hard-to-recover when a w ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962 CVE-2021-29961 (When styling and rendering an oversized `<select>` element, Fire ...) - firefox 89.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29961 CVE-2021-29960 (Firefox used to cache the last filename used for printing a file. When ...) - firefox 89.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29960 CVE-2021-29959 (When a user has already allowed a website to access microphone and cam ...) - firefox 89.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29959 CVE-2021-29958 (When a download was initiated, the client did not check whether it was ...) - firefox (Only affects Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29958 CVE-2021-29957 (If a MIME encoded email contains an OpenPGP inline signed or encrypted ...) {DSA-4927-1 DLA-2679-1} - thunderbird 1:78.10.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957 CVE-2021-29956 (OpenPGP secret keys that were imported using Thunderbird version 78.8. ...) {DSA-4927-1 DLA-2679-1} - thunderbird 1:78.10.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956 CVE-2021-29955 (A transient execution vulnerability, named Floating Point Value Inject ...) {DSA-4874-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-29955 CVE-2021-29954 (Proxy functionality built into Hubs Cloud’s Reticulum software a ...) NOT-FOR-US: Hubs Cloud CVE-2021-29953 (A malicious webpage could have forced a Firefox for Android user into ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29953 CVE-2021-29952 (When Web Render components were destructed, a race condition could hav ...) - firefox 88.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29952 CVE-2021-29951 (The Mozilla Maintenance Service granted SERVICE_START access to BUILTI ...) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-18/#CVE-2021-29951 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-19/#CVE-2021-29951 CVE-2021-29950 (Thunderbird unprotects a secret OpenPGP key prior to using it for a de ...) {DSA-4876-1 DLA-2609-1} - thunderbird 1:78.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950 CVE-2021-29949 (When loading the shared library that provides the OTR protocol impleme ...) {DSA-4897-1 DLA-2632-1} - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-29949 CVE-2021-29948 (Signatures are written to disk before and read during verification, wh ...) {DSA-4897-1 DLA-2632-1} - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29948 CVE-2021-29947 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 88.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947 CVE-2021-29946 (Ports that were written as an integer overflow above the bounds of a 1 ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 88.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29946 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946 CVE-2021-29945 (The WebAssembly JIT could miscalculate the size of a return type, whic ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 88.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29945 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29945 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29945 CVE-2021-29944 (Lack of escaping allowed HTML injection when a webpage was viewed in R ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29944 CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a webca ...) {DLA-2689-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...) {DSA-4958-1 DLA-2750-1} - exiv2 (bug #986888) [bullseye] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/1522 NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] RESERVED - qtsvg-opensource-src 5.15.2-3 (bug #986798) [buster] - qtsvg-opensource-src (Minor issue) [stretch] - qtsvg-opensource-src (Minor issue; can be fixed in next update) - qt4-x11 [buster] - qt4-x11 (Minor issue) [stretch] - qt4-x11 (Minor issue; can be fixed in next update) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931444 NOTE: https://bugreports.qt.io/browse/QTBUG-91507 NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f (qt/qtsvg/dev) NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=0fa522904d65b73d48d5fadf690131e9ebb58d2a (qt/qtsvg/6.0) NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=9f7ccbfc68d20d0dc2ddc1e7dee5572dcf7dcd48 (qt/qtsvg/6.1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668 NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/337587 CVE-2021-29943 (When using ConfigurableInternodeAuthHadoopPlugin for authentication, A ...) - lucene-solr (Vulnerable functionality not yet present) CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...) NOT-FOR-US: reorder crate CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...) NOT-FOR-US: reorder crate CVE-2021-29940 (An issue was discovered in the through crate through 2021-02-18 for Ru ...) NOT-FOR-US: Rust crate through CVE-2021-29939 (An issue was discovered in the stackvector crate through 2021-02-19 fo ...) - rust-stackvector 1.0.6-3 (bug #986808) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html CVE-2021-29938 (An issue was discovered in the slice-deque crate through 2021-02-19 fo ...) NOT-FOR-US: Rust crate slice-deque CVE-2021-29937 (An issue was discovered in the telemetry crate through 2021-02-17 for ...) NOT-FOR-US: Rust crate telemetry CVE-2021-29936 (An issue was discovered in the adtensor crate through 2021-01-11 for R ...) NOT-FOR-US: Rust crate adtensor CVE-2021-29935 (An issue was discovered in the rocket crate before 0.4.7 for Rust. uri ...) NOT-FOR-US: Rust crate rocket CVE-2021-29934 (An issue was discovered in PartialReader in the uu_od crate before 0.0 ...) NOT-FOR-US: Rust crate uu_od CVE-2021-29933 (An issue was discovered in the insert_many crate through 2021-01-26 fo ...) NOT-FOR-US: Rust crate insert_many CVE-2021-29932 (An issue was discovered in the parse_duration crate through 2021-03-18 ...) NOT-FOR-US: Rust crate parse_duration CVE-2021-29931 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...) NOT-FOR-US: Rust crate arenavec CVE-2021-29930 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...) NOT-FOR-US: Rust crate arenavec CVE-2021-29929 (An issue was discovered in the endian_trait crate through 2021-01-04 f ...) NOT-FOR-US: Rust crate endian_trait CVE-2021-29928 RESERVED CVE-2021-29927 RESERVED CVE-2021-29926 RESERVED CVE-2021-29925 RESERVED CVE-2021-29924 RESERVED CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero characters a ...) - golang-1.16 - golang-1.15 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/30999 NOTE: https://github.com/golang/go/issues/43389 NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md NOTE: https://go-review.googlesource.com/c/go/+/325829/ CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not properly ...) - rustc 1.53.0+dfsg1-1 [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue. Patch can be backported, but risky.) NOTE: https://github.com/rust-lang/rust/issues/83648 NOTE: https://github.com/rust-lang/rust/pull/83652 NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md NOTE: https://github.com/rust-lang/rust/commit/974192cd98b3efca8e5cd293f641f561e7487b30 CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading zero ...) [experimental] - python3.9 3.9.5-1 - python3.9 3.9.7-1 (bug #989195) [bullseye] - python3.9 (Minor issue) NOTE: https://bugs.python.org/issue36384#msg392423 NOTE: https://github.com/python/cpython/commit/60ce8f0be6354ad565393ab449d8de5d713f35bc (v3.10.0b1) NOTE: https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04 (v3.9.5) NOTE: Introduced by: https://github.com/python/cpython/commit/e653d4d8e820a7a004ad399530af0135b45db27a (v3.8.0a4) CVE-2021-29920 RESERVED CVE-2021-29919 RESERVED CVE-2021-29918 RESERVED CVE-2021-29917 RESERVED CVE-2021-29916 RESERVED CVE-2021-29915 RESERVED CVE-2021-29914 RESERVED CVE-2021-29913 RESERVED CVE-2021-29912 RESERVED CVE-2021-29911 RESERVED CVE-2021-29910 RESERVED CVE-2021-29909 RESERVED CVE-2021-29908 (The IBM TS7700 Management Interface is vulnerable to unauthenticated a ...) NOT-FOR-US: IBM CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2021-29906 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 ...) NOT-FOR-US: IBM CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29903 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 i ...) NOT-FOR-US: IBM CVE-2021-29902 RESERVED CVE-2021-29901 RESERVED CVE-2021-29900 RESERVED CVE-2021-29899 RESERVED CVE-2021-29898 RESERVED CVE-2021-29897 RESERVED CVE-2021-29896 RESERVED CVE-2021-29895 RESERVED CVE-2021-29894 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...) NOT-FOR-US: IBM CVE-2021-29893 RESERVED CVE-2021-29892 RESERVED CVE-2021-29891 RESERVED CVE-2021-29890 RESERVED CVE-2021-29889 RESERVED CVE-2021-29888 RESERVED CVE-2021-29887 RESERVED CVE-2021-29886 RESERVED CVE-2021-29885 RESERVED CVE-2021-29884 RESERVED CVE-2021-29883 RESERVED CVE-2021-29882 RESERVED CVE-2021-29881 RESERVED CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or mult ...) NOT-FOR-US: IBM CVE-2021-29879 RESERVED CVE-2021-29878 RESERVED CVE-2021-29877 RESERVED CVE-2021-29876 RESERVED CVE-2021-29875 RESERVED CVE-2021-29874 RESERVED CVE-2021-29873 RESERVED CVE-2021-29872 RESERVED CVE-2021-29871 RESERVED CVE-2021-29870 RESERVED CVE-2021-29869 RESERVED CVE-2021-29868 RESERVED CVE-2021-29867 RESERVED CVE-2021-29866 RESERVED CVE-2021-29865 RESERVED CVE-2021-29864 RESERVED CVE-2021-29863 RESERVED CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2021-29861 RESERVED CVE-2021-29860 RESERVED CVE-2021-29859 RESERVED CVE-2021-29858 RESERVED CVE-2021-29857 RESERVED CVE-2021-29856 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre ...) NOT-FOR-US: IBM CVE-2021-29855 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) NOT-FOR-US: IBM CVE-2021-29854 RESERVED CVE-2021-29853 (IBM Planning Analytics 2.0 could expose information that could be used ...) NOT-FOR-US: IBM CVE-2021-29852 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2021-29850 RESERVED CVE-2021-29849 RESERVED CVE-2021-29848 RESERVED CVE-2021-29847 RESERVED CVE-2021-29846 RESERVED CVE-2021-29845 RESERVED CVE-2021-29844 RESERVED CVE-2021-29843 RESERVED CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...) NOT-FOR-US: IBM CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2021-29840 RESERVED CVE-2021-29839 RESERVED CVE-2021-29838 RESERVED CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) NOT-FOR-US: IBM CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...) NOT-FOR-US: IBM CVE-2021-29835 RESERVED CVE-2021-29834 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...) NOT-FOR-US: IBM CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29830 RESERVED CVE-2021-29829 RESERVED CVE-2021-29828 RESERVED CVE-2021-29827 RESERVED CVE-2021-29826 RESERVED CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...) NOT-FOR-US: IBM CVE-2021-29824 RESERVED CVE-2021-29823 RESERVED CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2021-29821 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29820 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29819 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29818 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29807 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29806 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29805 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) NOT-FOR-US: IBM CVE-2021-29804 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) NOT-FOR-US: IBM CVE-2021-29803 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) NOT-FOR-US: IBM CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level that is h ...) NOT-FOR-US: IBM CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1 ...) NOT-FOR-US: IBM CVE-2021-29799 RESERVED CVE-2021-29798 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 i ...) NOT-FOR-US: IBM CVE-2021-29797 RESERVED CVE-2021-29796 RESERVED CVE-2021-29795 (IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a lo ...) NOT-FOR-US: IBM CVE-2021-29794 (IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH s ...) NOT-FOR-US: IBM CVE-2021-29793 RESERVED CVE-2021-29792 (IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA ...) NOT-FOR-US: IBM CVE-2021-29791 RESERVED CVE-2021-29790 RESERVED CVE-2021-29789 RESERVED CVE-2021-29788 RESERVED CVE-2021-29787 RESERVED CVE-2021-29786 RESERVED CVE-2021-29785 RESERVED CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2021-29783 RESERVED CVE-2021-29782 RESERVED CVE-2021-29781 (IBM Partner Engagement Manager 2.0 could allow a remote attacker to ex ...) NOT-FOR-US: IBM CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...) NOT-FOR-US: IBM CVE-2021-29779 RESERVED CVE-2021-29778 RESERVED CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2021-29776 RESERVED CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak fo ...) NOT-FOR-US: IBM CVE-2021-29774 RESERVED CVE-2021-29773 (IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated ...) NOT-FOR-US: IBM CVE-2021-29772 (IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potenti ...) NOT-FOR-US: IBM CVE-2021-29771 RESERVED CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) NOT-FOR-US: IBM CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) NOT-FOR-US: IBM CVE-2021-29768 RESERVED CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow ...) NOT-FOR-US: IBM CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) NOT-FOR-US: IBM CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...) NOT-FOR-US: IBM CVE-2021-29764 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) NOT-FOR-US: IBM CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2021-29762 RESERVED CVE-2021-29761 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) NOT-FOR-US: IBM CVE-2021-29760 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) NOT-FOR-US: IBM CVE-2021-29759 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 ...) NOT-FOR-US: IBM CVE-2021-29758 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) NOT-FOR-US: IBM CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site r ...) NOT-FOR-US: IBM CVE-2021-29756 RESERVED CVE-2021-29755 RESERVED CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2021-29753 RESERVED CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability ...) NOT-FOR-US: IBM CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...) NOT-FOR-US: IBM CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...) NOT-FOR-US: IBM CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...) NOT-FOR-US: IBM CVE-2021-29748 RESERVED CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2021-29746 RESERVED CVE-2021-29745 RESERVED CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...) NOT-FOR-US: IBM CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...) NOT-FOR-US: IBM CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) NOT-FOR-US: IBM CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...) NOT-FOR-US: IBM CVE-2021-29739 (IBM Planning Analytics Local 2.0 could allow a remote attacker to obta ...) NOT-FOR-US: IBM CVE-2021-29738 RESERVED CVE-2021-29737 RESERVED CVE-2021-29736 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2021-29735 RESERVED CVE-2021-29734 RESERVED CVE-2021-29733 RESERVED CVE-2021-29732 RESERVED CVE-2021-29731 RESERVED CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) NOT-FOR-US: IBM CVE-2021-29729 RESERVED CVE-2021-29728 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains ...) NOT-FOR-US: IBM CVE-2021-29727 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) NOT-FOR-US: IBM CVE-2021-29726 RESERVED CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IB ...) NOT-FOR-US: IBM CVE-2021-29724 RESERVED CVE-2021-29723 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...) NOT-FOR-US: IBM CVE-2021-29722 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...) NOT-FOR-US: IBM CVE-2021-29721 RESERVED CVE-2021-29720 RESERVED CVE-2021-29719 RESERVED CVE-2021-29718 RESERVED CVE-2021-29717 RESERVED CVE-2021-29716 RESERVED CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to ...) NOT-FOR-US: IBM CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...) NOT-FOR-US: IBM CVE-2021-29713 RESERVED CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...) NOT-FOR-US: IBM CVE-2021-29710 RESERVED CVE-2021-29709 RESERVED CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI ...) NOT-FOR-US: IBM CVE-2021-29707 (IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could ...) NOT-FOR-US: IBM CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a vulne ...) NOT-FOR-US: IBM CVE-2021-29705 RESERVED CVE-2021-29704 (IBM Security SOAR uses weaker than expected cryptographic algorithms t ...) NOT-FOR-US: IBM CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulne ...) NOT-FOR-US: IBM CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...) NOT-FOR-US: IBM CVE-2021-29701 RESERVED CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) NOT-FOR-US: IBM CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...) NOT-FOR-US: IBM CVE-2021-29698 RESERVED CVE-2021-29697 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) NOT-FOR-US: IBM CVE-2021-29696 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) NOT-FOR-US: IBM CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2021-29693 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the ...) NOT-FOR-US: IBM CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) NOT-FOR-US: IBM CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...) NOT-FOR-US: IBM CVE-2021-29690 RESERVED CVE-2021-29689 RESERVED CVE-2021-29688 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) NOT-FOR-US: IBM CVE-2021-29687 (IBM Security Identity Manager 7.0.2 could allow a remote user to enume ...) NOT-FOR-US: IBM CVE-2021-29686 (IBM Security Identity Manager 7.0.2 could allow an authenticated user ...) NOT-FOR-US: IBM CVE-2021-29685 RESERVED CVE-2021-29684 RESERVED CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in plain c ...) NOT-FOR-US: IBM CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) NOT-FOR-US: IBM CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...) NOT-FOR-US: IBM CVE-2021-29680 RESERVED CVE-2021-29679 RESERVED CVE-2021-29678 RESERVED CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...) NOT-FOR-US: IBM CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...) NOT-FOR-US: IBM CVE-2021-29675 RESERVED CVE-2021-29674 RESERVED CVE-2021-29673 RESERVED CVE-2021-29672 (IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...) NOT-FOR-US: IBM CVE-2021-29670 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-29669 RESERVED CVE-2021-29668 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...) NOT-FOR-US: IBM CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...) NOT-FOR-US: IBM CVE-2021-29665 (IBM Security Verify Access 20.07 is vulnerable to a stack based buffer ...) NOT-FOR-US: IBM CVE-2021-29664 RESERVED CVE-2021-29663 (CourseMS (aka Course Registration Management System) 2.1 is affected b ...) NOT-FOR-US: CourseMS (aka Course Registration Management System) CVE-2021-29661 (Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.htm ...) NOT-FOR-US: Softing AG OPC Toolbox CVE-2021-29660 (A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.htm ...) NOT-FOR-US: Softing AG OPC Toolbox CVE-2021-29659 (ownCloud 10.7 has an incorrect access control vulnerability, leading t ...) - owncloud CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Co ...) NOT-FOR-US: vscode-rufo extension for Visual Studio Code CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use ...) - linux 5.10.28-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134 NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html CVE-2021-29656 RESERVED CVE-2021-29655 RESERVED CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...) NOT-FOR-US: AjaxSearchPro CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...) NOT-FOR-US: HashiCorp Vault and Vault Enterprise CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...) NOT-FOR-US: Pomerium CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...) NOT-FOR-US: Pomerium CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1 CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...) - linux 5.10.28-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f60a85cad677c4f9bb4cadd764f1d106c38c7cf8 CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The BPF su ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160 CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...) - linux 5.10.28-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointe ...) - slapi-nis 0.56.5-2 (bug #988736) [bullseye] - slapi-nis (Minor issue) [buster] - slapi-nis (Minor issue) [stretch] - slapi-nis (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640 NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) {DLA-2701-1} - openexr 2.5.4-1 (bug #986796) [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830 CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...) {DLA-2701-1} - openexr 2.5.4-1 (bug #986796) [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a (master) NOTE: Depends on prior v3 checks https://github.com/AcademySoftwareFoundation/openexr/commit/0963ff1c4fcb3e748a9386685622747bfef00eb1 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5) CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...) {DLA-2701-1} - openexr 2.5.4-1 (bug #986796) [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1 NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendM ...) NOT-FOR-US: Hitachi CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remo ...) NOT-FOR-US: Hitachi CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...) NOT-FOR-US: PRTG Network Monitor CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...) NOT-FOR-US: GistPad CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to execute a ...) NOT-FOR-US: Directus CVE-2021-29640 RESERVED CVE-2021-29639 RESERVED CVE-2021-29638 RESERVED CVE-2021-29637 RESERVED CVE-2021-29636 RESERVED CVE-2021-29635 RESERVED CVE-2021-29634 RESERVED CVE-2021-29633 RESERVED CVE-2021-29632 RESERVED CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...) NOT-FOR-US: FreeBSD CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...) NOT-FOR-US: FreeBSD CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...) - dacs (bug #989288; unimportant) [stretch] - dacs (Vulnerable module first bundled in 1.4.40) NOTE: RADIUS authentication not enabled in Debian packaging. CVE-2021-29628 (In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before ...) NOT-FOR-US: FreeBSD CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...) NOT-FOR-US: FreeBSD CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...) - kfreebsd-10 (unimportant) CVE-2021-29625 (Adminer is open-source database management software. A cross-site scri ...) - adminer 4.7.9-2 (bug #988886) [buster] - adminer (Minor issue) [stretch] - adminer (Minor issue) NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc NOTE: https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7 CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect their F ...) NOT-FOR-US: fastify-csrf CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) - exiv2 (bug #988481) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v NOTE: https://github.com/Exiv2/exiv2/pull/1627 CVE-2021-29622 (Prometheus is an open-source monitoring system and time series databas ...) - prometheus (Vulnerable code disabled in Debian packaging) NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/1 NOTE: https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7 NOTE: "Fixed" because the 2.15.2+ds-1 upload disabled codewise the functionality NOTE: (due to lack of React support in Debian) in 01-Do_not_embed_blobs.patch. NOTE: The vulnerability itself is introduced with 2.23.0 upstream. NOTE: See https://bugs.debian.org/988804 for details. CVE-2021-29621 (Flask-AppBuilder is a development framework, built on top of Flask. Us ...) NOT-FOR-US: Flask-AppBuilder CVE-2021-29620 (Report portal is an open source reporting and analysis framework. Star ...) NOT-FOR-US: Report portal CVE-2021-29619 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29618 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29617 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29616 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29615 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29614 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29613 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29612 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29611 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29610 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29609 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29608 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29607 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29606 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29605 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29604 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29603 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29602 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29601 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29600 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29599 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29598 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29597 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29596 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29595 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29594 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29593 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29592 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29591 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29590 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29589 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29588 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29587 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29586 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29585 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29584 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29583 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29582 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29581 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29580 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29579 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29578 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29577 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29576 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29575 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29574 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29573 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29572 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29571 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29570 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29569 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29568 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29567 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29566 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29565 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29564 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29563 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29562 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29561 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29560 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29559 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29558 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29557 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29556 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29555 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29554 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29553 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29552 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29551 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29550 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29549 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29548 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29547 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29546 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29545 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29544 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29543 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29542 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29541 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29540 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29539 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29538 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29537 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29536 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29535 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29534 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29533 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29532 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29531 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29530 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29529 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29528 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29527 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29526 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29525 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29524 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29523 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29522 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29521 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29520 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29519 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29518 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29517 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29516 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29515 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29514 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29513 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...) NOT-FOR-US: Rust crate evm CVE-2021-29510 (Pydantic is a data validation and settings management using Python typ ...) - pydantic 1.7.4-1 (bug #988480) NOTE: https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh NOTE: https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468 CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...) - puma 4.3.8-1 (bug #989054) [stretch] - puma (Incomplete fix for CVE-2019-16770 not applied) NOTE: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 NOTE: https://github.com/puma/puma/commit/df72887170c7ef3614c941c9bdefb4a1f3546ebf NOTE: CVE is related to an incomplete fix for CVE-2019-16770 CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...) NOT-FOR-US: Wire CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ...) - dlt-daemon (unimportant) NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only) NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4 NOTE: No security impact, config files need to be trusted CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...) NOT-FOR-US: GraphHopper CVE-2021-29505 (XStream is software for serializing Java objects to XML and back again ...) {DLA-2704-1} - libxstream-java 1.4.15-3 (bug #989491) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc NOTE: https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227 (v1.4.17) CVE-2021-29504 (WP-CLI is the command-line interface for WordPress. An improper error ...) NOT-FOR-US: WP-CLI CVE-2021-29503 (HedgeDoc is a platform to write and share markdown. HedgeDoc before ve ...) NOT-FOR-US: HedgeDoc CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability ...) NOT-FOR-US: Red discord bot addon CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the red dis ...) NOT-FOR-US: Red discord bot addon CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...) NOT-FOR-US: bubble fireworks CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...) - golang-github-sylabs-sif (bug #991664) [bullseye] - golang-github-sylabs-sif (Minor issue) NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg CVE-2021-29498 RESERVED CVE-2021-29497 RESERVED CVE-2021-29496 RESERVED CVE-2021-29495 (Nim is a statically typed compiled systems programming language. In Ni ...) - nim 1.4.2-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr CVE-2021-29494 RESERVED CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has ...) NOT-FOR-US: Kennnyshiwa-cogs CVE-2021-29492 (Envoy is a cloud-native edge/middle/service proxy. Envoy does not deco ...) - envoyproxy (bug #987544) CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...) NOT-FOR-US: mixme nodejs module CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...) NOT-FOR-US: Jellyfin CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...) NOT-FOR-US: Highcharts JS CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...) - sabnzbdplus 3.2.1+dfsg-1 [bullseye] - sabnzbdplus 3.1.1+dfsg-2+deb11u1 [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2 [stretch] - sabnzbdplus (Minor issue; contrib not supported) NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b CVE-2021-29487 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...) NOT-FOR-US: October CMS CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...) NOT-FOR-US: Node cumulative-distribution-function CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In versions prior ...) NOT-FOR-US: Ratpack CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...) NOT-FOR-US: Ghost CMS CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' ...) NOT-FOR-US: ManageWiki MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...) - golang-github-ulikunitz-xz 0.5.6-2 (bug #988243) NOTE: https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27 NOTE: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b CVE-2021-29481 (Ratpack is a toolkit for creating web applications. In versions prior ...) NOT-FOR-US: Ratpack CVE-2021-29480 (Ratpack is a toolkit for creating web applications. In versions prior ...) NOT-FOR-US: Ratpack CVE-2021-29479 (Ratpack is a toolkit for creating web applications. In versions prior ...) NOT-FOR-US: Ratpack CVE-2021-29478 (Redis is an open source (BSD licensed), in-memory data structure store ...) - redis 5:6.0.13-1 (bug #988045) [buster] - redis (Vulnerable code not present) [stretch] - redis (Vulnerable code not present) NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ NOTE: https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592 NOTE: https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 CVE-2021-29477 (Redis is an open source (BSD licensed), in-memory data structure store ...) - redis 5:6.0.13-1 (bug #988045) [buster] - redis (Vulnerable code not present) [stretch] - redis (Vulnerable code not present) NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ NOTE: https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9 NOTE: https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles deseria ...) - wordpress 5.5.3+dfsg1-1 [buster] - wordpress 5.0.11+dfsg1-0+deb10u1 [stretch] - wordpress 4.7.19+dfsg-1+deb9u1 NOTE: https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54 NOTE: https://github.com/rmccue/Requests/pull/421 NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 NOTE: The CVE directly correspond to CVE-2020-28032 for wordpress and we can track NOTE: same versions as fixed. Strictly speaking CVE-2021-29476 is for the PHP Requests NOTE: library directly. CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...) NOT-FOR-US: HedgeDoc CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...) NOT-FOR-US: HedgeDoc CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) {DSA-4958-1 DLA-2750-1} - exiv2 (bug #987736) [bullseye] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 NOTE: https://github.com/Exiv2/exiv2/pull/1587 NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1 CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...) {DSA-4907-1 DLA-2654-1} - composer 2.0.9-2 NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.33.2-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85 NOTE: https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2) CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #987450) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj NOTE: https://github.com/Exiv2/exiv2/pull/1581 NOTE: https://github.com/Exiv2/exiv2/commit/b3de96f4b4408347bed57e625963720e8d0dd2ea NOTE: https://github.com/Exiv2/exiv2/commit/c372f2677d6f7cf88a8f26ef6bc175561e406ee2 CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...) - node-redis 3.0.2+~cs5.18.1-3 [buster] - node-redis 2.8.0-1+deb10u1 NOTE: https://github.com/NodeRedis/node-redis/issues/1569 NOTE: https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3 NOTE: https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e CVE-2021-29468 (Cygwin Git is a patch set for the git command line tool for the cygwin ...) NOT-FOR-US: Cygwin Git CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...) NOT-FOR-US: Wrongthink CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions of Di ...) NOT-FOR-US: Discord-Recon CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...) NOT-FOR-US: Discord-Recon CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #988242) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Vulnerable code introduced later) [stretch] - exiv2 (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54 CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #988241) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (webp support introduced in 0.27) [stretch] - exiv2 (webp support introduced in 0.27) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr NOTE: https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...) - pupnp-1.8 (bug #987326) [bullseye] - pupnp-1.8 (Minor issue) [buster] - pupnp-1.8 (Minor issue) - libupnp [stretch] - libupnp (Minor issue) NOTE: https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg NOTE: https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4 NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4 CVE-2021-29461 (Discord Recon Server is a bot that allows one to do one's reconnaissan ...) NOT-FOR-US: Discord-Recon CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the Kirby ...) NOT-FOR-US: Kirby CMS CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 (bug #987277) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 NOTE: https://github.com/Exiv2/exiv2/issues/1530 NOTE: https://github.com/Exiv2/exiv2/pull/1536 NOTE: https://github.com/Exiv2/exiv2/commit/0a91b56616404f7b29ca28deb01ce18b767d1871 NOTE: https://github.com/Exiv2/exiv2/commit/c92ac88cb0ebe72a5a17654fe6cecf411ab1e572 NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0 NOTE: https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730 NOTE: https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) {DSA-4958-1 DLA-2750-1} - exiv2 0.27.3-3.1 (bug #991705) [bullseye] - exiv2 0.27.3-3+deb11u1 NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm NOTE: https://github.com/Exiv2/exiv2/issues/1529 NOTE: https://github.com/Exiv2/exiv2/pull/1534 NOTE: https://github.com/Exiv2/exiv2/commit/13e5a3e02339b746abcaee6408893ca2fd8e289d NOTE: buster-security and bullseye-security updates refer to CVE-2021-31291, which NOTE: was an addditional (and then rejected) CVE ID for the same issue as CVE-2021-29457 CVE-2021-29456 (Authelia is an open-source authentication and authorization server pro ...) NOT-FOR-US: Authelia CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...) NOT-FOR-US: Grassroot Platform CVE-2021-29454 RESERVED CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media repository for ...) NOT-FOR-US: matrix-media-repo CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...) NOT-FOR-US: Node a12n-server CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...) NOT-FOR-US: Portofino CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...) {DSA-4896-1 DLA-2630-1} - wordpress 5.7.1+dfsg1-1 (bug #987065) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...) NOT-FOR-US: Pi-hole CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...) NOT-FOR-US: Pi-hole CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...) {DSA-4896-1 DLA-2630-1} - wordpress 5.7.1+dfsg1-1 (unimportant) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh NOTE: Only an issue when installation runs under PHP8. CVE-2021-29446 (jose-node-cjs-runtime is an npm package which provides a number of cry ...) NOT-FOR-US: Node jose-node-cjs-runtime CVE-2021-29445 (jose-node-esm-runtime is an npm package which provides a number of cry ...) NOT-FOR-US: Node jose-esm-runtime CVE-2021-29444 (jose-browser-runtime is an npm package which provides a number of cryp ...) NOT-FOR-US: Node jose-browser-runtime CVE-2021-29443 (jose is an npm library providing a number of cryptographic operations. ...) NOT-FOR-US: Node jose CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and configu ...) NOT-FOR-US: Nacos CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and configu ...) NOT-FOR-US: Nacos CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static pages can ...) NOT-FOR-US: Grav CMS CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not correctly veri ...) NOT-FOR-US: Grav admin plugin CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) before ...) NOT-FOR-US: Node @nextcloud/dialogs CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...) NOT-FOR-US: ScratchOAuth2 CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...) NOT-FOR-US: trestle-auth CVE-2021-29434 (Wagtail is a Django content management system. In affected versions of ...) NOT-FOR-US: wagtail CVE-2021-29433 (Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 ...) NOT-FOR-US: Matrix Sydent CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...) NOT-FOR-US: Matrix Sydent CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be induced to ...) NOT-FOR-US: Matrix Sydent CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not limit th ...) NOT-FOR-US: Matrix Sydent CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...) - gradle (bug #987284) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) [stretch] - gradle (Minor issue) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system tempora ...) - gradle (bug #987284) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) [stretch] - gradle (Minor issue; sticky bit on /tmp is set by default) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 CVE-2021-29427 (In Gradle from version 5.1 and before version 7.0 there is a vulnerabi ...) - gradle (Vulnerable code introduced later) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 CVE-2021-29426 RESERVED CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...) {DLA-2741-1} - commons-io 2.8.0-1 [buster] - commons-io 2.6-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1 NOTE: https://issues.apache.org/jira/browse/IO-556 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...) {DLA-2701-1} - openexr 2.5.4-1 (bug #986796) [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9 CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...) {DLA-2701-1} - openexr 2.5.4-1 (bug #986796) [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753 CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...) {DLA-2701-1} - openexr 2.5.4-1 (bug #986796) [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not properly ...) - libdata-validate-ip-perl 0.30-1 (unimportant) NOTE: Documentation update: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ NOTE: Upstream only clarifies how to properly use the module with a documentation update CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...) - libnet-netmask-perl 1.9104-2 (bug #986135) [buster] - libnet-netmask-perl (Minor issue) [stretch] - libnet-netmask-perl (Minor issue) NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ NOTE: https://metacpan.org/changes/distribution/Net-Netmask#L11-22 NOTE: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163 NOTE: Fixed by: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163 NOTE: Improvements and add safe_new() method: NOTE: https://github.com/jmaslak/Net-Netmask/commit/6b60b4eb3e98ee7548c13ecb7cb02c626f948a40 NOTE: Remove warnings introduced in tests: NOTE: https://github.com/jmaslak/Net-Netmask/commit/30d82695e32bc3b1615c7cd08d34528252363436 CVE-2021-29423 RESERVED CVE-2021-3473 (An internal product security audit of Lenovo XClarity Controller (XCC) ...) NOT-FOR-US: Lenovo XClarity Controller (XCC) CVE-2021-3472 (A flaw was found in xorg-x11-server in versions before 1.20.11. An int ...) {DSA-4893-1 DLA-2627-1} - xorg-server 2:1.20.11-1 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd NOTE: https://lists.x.org/archives/xorg-announce/2021-April/003080.html CVE-2021-29422 RESERVED CVE-2021-29421 (models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Pyth ...) - pikepdf 1.17.3+dfsg-5 (bug #986274) [buster] - pikepdf (Minor issue) NOTE: https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a (v2.10.0) CVE-2021-29420 RESERVED CVE-2021-29419 RESERVED CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...) NOT-FOR-US: Node netmask CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: gitjacker CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...) NOT-FOR-US: Burp Suite (different from src:burp) CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator, part of th ...) NOT-FOR-US: NordicSemiconductor nRF52840 CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect p ...) NOT-FOR-US: STMicroelectronics STM32L4 devices CVE-2021-29413 RESERVED CVE-2021-29412 RESERVED CVE-2021-29411 RESERVED CVE-2021-29410 RESERVED CVE-2021-29409 RESERVED CVE-2021-29408 RESERVED CVE-2021-29407 RESERVED CVE-2021-29406 RESERVED CVE-2021-29405 RESERVED CVE-2021-29404 RESERVED CVE-2021-29403 RESERVED CVE-2021-29402 RESERVED CVE-2021-29401 RESERVED CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP Conta ...) NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...) NOT-FOR-US: XMB CVE-2021-29398 RESERVED CVE-2021-29397 RESERVED CVE-2021-29396 RESERVED CVE-2021-29395 RESERVED CVE-2021-29394 RESERVED CVE-2021-29393 RESERVED CVE-2021-29392 RESERVED CVE-2021-29391 RESERVED CVE-2021-29390 RESERVED CVE-2021-29389 RESERVED CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in SourceCodester Bu ...) NOT-FOR-US: SourceCodester Budget Management System CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sourceco ...) NOT-FOR-US: Sourcecodester Equipment Inventory System CVE-2021-29386 RESERVED CVE-2021-29385 RESERVED CVE-2021-29384 RESERVED CVE-2021-29383 RESERVED CVE-2021-29382 RESERVED CVE-2021-29381 RESERVED CVE-2021-29380 RESERVED CVE-2021-29379 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR- ...) NOT-FOR-US: D-Link CVE-2021-29378 RESERVED CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerabil ...) NOT-FOR-US: Pear Admin Think CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...) {DLA-2747-1 DLA-2746-1} - ircii-pana - ircii 20210314-1 (bug #986214) [buster] - ircii 20190117-1+deb10u1 - scrollz 2.2.3-2 (bug #986215) [buster] - scrollz 2.2.3-1+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2 NOTE: https://github.com/ScrollZ/ScrollZ/issues/25 CVE-2021-29375 RESERVED CVE-2021-29374 RESERVED CVE-2021-29373 RESERVED CVE-2021-29372 RESERVED CVE-2021-29371 RESERVED CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1. ...) NOT-FOR-US: Thanos-Soft Cheetah Browser in Android CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...) NOT-FOR-US: Node gnuplot CVE-2021-29368 RESERVED CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...) NOT-FOR-US: Irfanview CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...) NOT-FOR-US: Irfanview CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing a craft ...) NOT-FOR-US: Irfanview CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanvi ...) NOT-FOR-US: Irfanview CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanvie ...) NOT-FOR-US: Irfanview CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanvie ...) NOT-FOR-US: Irfanview CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfa ...) NOT-FOR-US: Irfanview CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfa ...) NOT-FOR-US: Irfanview CVE-2021-29359 RESERVED CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview ...) NOT-FOR-US: Irfanview CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...) NOT-FOR-US: OutSystems Platform Server CVE-2021-29356 RESERVED CVE-2021-29355 RESERVED CVE-2021-29354 RESERVED CVE-2021-29353 RESERVED CVE-2021-29352 RESERVED CVE-2021-29351 RESERVED CVE-2021-29350 (SQL injection in the getip function in conn/function.php in 发&# ...) NOT-FOR-US: Online video course CVE-2021-29349 (Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that all ...) - mahara CVE-2021-29348 RESERVED CVE-2021-29347 RESERVED CVE-2021-29346 RESERVED CVE-2021-29345 RESERVED CVE-2021-29344 RESERVED CVE-2021-29343 (Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" p ...) NOT-FOR-US: Ovidentia CMS CVE-2021-29342 RESERVED CVE-2021-29341 RESERVED CVE-2021-29340 RESERVED CVE-2021-29339 RESERVED CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...) - openjpeg2 (bug #987276) [bullseye] - openjpeg2 (Minor issue) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1338 CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users ...) NOT-FOR-US: MSI CVE-2021-29336 RESERVED CVE-2021-29335 RESERVED CVE-2021-29334 RESERVED CVE-2021-29333 RESERVED CVE-2021-29332 RESERVED CVE-2021-29331 RESERVED CVE-2021-29330 RESERVED CVE-2021-29329 RESERVED CVE-2021-29328 RESERVED CVE-2021-29327 RESERVED CVE-2021-29326 RESERVED CVE-2021-29325 RESERVED CVE-2021-29324 RESERVED CVE-2021-29323 RESERVED CVE-2021-29322 RESERVED CVE-2021-29321 RESERVED CVE-2021-29320 RESERVED CVE-2021-29319 RESERVED CVE-2021-29318 RESERVED CVE-2021-29317 RESERVED CVE-2021-29316 RESERVED CVE-2021-29315 RESERVED CVE-2021-29314 RESERVED CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...) NOT-FOR-US: SeaCMS CVE-2021-29312 RESERVED CVE-2021-29311 RESERVED CVE-2021-29310 RESERVED CVE-2021-29309 RESERVED CVE-2021-29308 RESERVED CVE-2021-29307 RESERVED CVE-2021-29306 RESERVED CVE-2021-29305 RESERVED CVE-2021-29304 RESERVED CVE-2021-29303 RESERVED CVE-2021-29302 (TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a ...) NOT-FOR-US: TP-Link CVE-2021-29301 RESERVED CVE-2021-29300 (The @ronomon/opened library before 1.5.2 is vulnerable to a command in ...) NOT-FOR-US: @ronomon/opened CVE-2021-29299 RESERVED CVE-2021-29298 (Improper Input Validation in Emerson GE Automation Proficy Machine Edi ...) NOT-FOR-US: Emerson GE Automation Proficy Machine Edition CVE-2021-29297 (Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 ...) NOT-FOR-US: Emerson GE Automation Proficy Machine Edition CVE-2021-29296 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...) NOT-FOR-US: D-Link CVE-2021-29295 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...) NOT-FOR-US: D-Link CVE-2021-29294 (** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability ...) NOT-FOR-US: D-Link CVE-2021-29293 RESERVED CVE-2021-29292 RESERVED CVE-2021-29291 RESERVED CVE-2021-29290 RESERVED CVE-2021-29289 RESERVED CVE-2021-29288 RESERVED CVE-2021-29287 RESERVED CVE-2021-29286 RESERVED CVE-2021-29285 RESERVED CVE-2021-29284 RESERVED CVE-2021-29283 RESERVED CVE-2021-29282 RESERVED CVE-2021-29281 RESERVED CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause ...) NOT-FOR-US: TP-Link CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b NOTE: https://github.com/gpac/gpac/issues/1718 CVE-2021-29278 RESERVED CVE-2021-29277 RESERVED CVE-2021-29276 RESERVED CVE-2021-29275 RESERVED CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mi ...) - redmine (Vulnerable code introduced in 4.1.0) NOTE: https://www.redmine.org/issues/33846 CVE-2021-XXXX [first_boot: Use session to verify first boot welcome step] - freedombox 21.4.2 - plinth [buster] - plinth 19.1+deb10u2 [stretch] - plinth (Minor issue) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2074 (not yet public) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/f2005f56aa44d15c0fb82c5211c548a575961b03 CVE-2021-29273 RESERVED CVE-2021-29272 (bluemonday before 1.0.5 allows XSS because certain Go lowercasing conv ...) NOT-FOR-US: bluemonday CVE-2021-29271 (remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator ...) NOT-FOR-US: remark42 CVE-2021-29270 RESERVED CVE-2021-29269 RESERVED CVE-2021-29268 RESERVED CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...) NOT-FOR-US: SherlockIM CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...) - linux 5.10.26-1 (unimportant) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9 CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip_sockf ...) {DLA-2689-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22 CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...) {DLA-2690-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible ...) - intellij-idea (bug #747616) CVE-2021-3471 REJECTED CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.10, be ...) - redis 5:6.0.9-1 (unimportant) NOTE: https://github.com/redis/redis/pull/7963 NOTE: https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95 NOTE: Only an issue if not using a heap allocator other than jemalloc or glibc's malloc CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...) - foreman (bug #663101) CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...) - avahi (bug #984938) [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue) [stretch] - avahi (Minor issue; can be fixed in next DLA) NOTE: https://github.com/lathiat/avahi/pull/330 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3 CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured with the ...) - lucene-solr (Vulnerable code not yet present) CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code ...) NOT-FOR-US: vscode extension Svelte CVE-2021-29260 RESERVED CVE-2021-29259 RESERVED CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exploitab ...) - envoyproxy (bug #987544) CVE-2021-29257 RESERVED CVE-2021-29256 (. The Arm Mali GPU kernel driver allows an unprivileged user to achiev ...) NOT-FOR-US: Arm Mali GPU kernel driver CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...) NOT-FOR-US: MicroSeven CVE-2021-29254 RESERVED CVE-2021-29253 (The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 ...) NOT-FOR-US: RSA CVE-2021-29252 (RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerabi ...) NOT-FOR-US: RSA CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...) NOT-FOR-US: BTCPay Server CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripti ...) NOT-FOR-US: BTCPay Server CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, has a p ...) NOT-FOR-US: BTCPay Server CVE-2021-29248 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...) NOT-FOR-US: BTCPay Server CVE-2021-29247 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...) NOT-FOR-US: BTCPay Server CVE-2021-29246 (BTCPay Server through 1.0.7.0 suffers from directory traversal, which ...) NOT-FOR-US: BTCPay Server CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseud ...) NOT-FOR-US: BTCPay Server CVE-2021-29244 RESERVED CVE-2021-29243 RESERVED CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...) NOT-FOR-US: CODESYS Control Runtime CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that ...) NOT-FOR-US: CODESYS Gateway 3 CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...) NOT-FOR-US: Package Manager of CODESYS Development System 3 CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...) NOT-FOR-US: CODESYS Development System 3 CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...) NOT-FOR-US: CODESYS Automation Server CVE-2021-29237 RESERVED CVE-2021-29236 RESERVED CVE-2021-29235 RESERVED CVE-2021-29234 RESERVED CVE-2021-29233 RESERVED CVE-2021-29232 RESERVED CVE-2021-29231 RESERVED CVE-2021-29230 RESERVED CVE-2021-29229 RESERVED CVE-2021-29228 RESERVED CVE-2021-29227 RESERVED CVE-2021-29226 RESERVED CVE-2021-29225 RESERVED CVE-2021-29224 RESERVED CVE-2021-29223 RESERVED CVE-2021-29222 RESERVED CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erlang/OT ...) - erlang (Windows-specific) CVE-2021-29220 RESERVED CVE-2021-29219 RESERVED CVE-2021-29218 RESERVED CVE-2021-29217 RESERVED CVE-2021-29216 RESERVED CVE-2021-29215 RESERVED CVE-2021-29214 RESERVED CVE-2021-29213 RESERVED CVE-2021-29212 RESERVED CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...) NOT-FOR-US: HPE CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE Integrated ...) NOT-FOR-US: HPE CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...) NOT-FOR-US: Apache OFBiz CVE-2021-29199 RESERVED CVE-2021-29198 RESERVED CVE-2021-29197 RESERVED CVE-2021-29196 RESERVED CVE-2021-29195 RESERVED CVE-2021-29194 RESERVED CVE-2021-29193 RESERVED CVE-2021-29192 RESERVED CVE-2021-29191 RESERVED CVE-2021-29190 RESERVED CVE-2021-29189 RESERVED CVE-2021-29188 RESERVED CVE-2021-29187 RESERVED CVE-2021-29186 RESERVED CVE-2021-29185 RESERVED CVE-2021-29184 RESERVED CVE-2021-29183 RESERVED CVE-2021-29182 RESERVED CVE-2021-29181 RESERVED CVE-2021-29180 RESERVED CVE-2021-29179 RESERVED CVE-2021-29178 RESERVED CVE-2021-29177 RESERVED CVE-2021-29176 RESERVED CVE-2021-29175 RESERVED CVE-2021-29174 RESERVED CVE-2021-29173 RESERVED CVE-2021-29172 RESERVED CVE-2021-29171 RESERVED CVE-2021-29170 RESERVED CVE-2021-29169 RESERVED CVE-2021-29168 RESERVED CVE-2021-29167 RESERVED CVE-2021-29166 RESERVED CVE-2021-29165 RESERVED CVE-2021-29164 RESERVED CVE-2021-29163 RESERVED CVE-2021-29162 RESERVED CVE-2021-29161 RESERVED CVE-2021-29160 RESERVED CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered in Nexu ...) NOT-FOR-US: Nexus Repository Manager CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2021-29157 (Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ...) - dovecot 1:2.3.13+dfsg1-2 (bug #990566) [buster] - dovecot (Vulnerable code introduced later) [stretch] - dovecot (Vulnerable code introduced later) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/1 CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger ...) NOT-FOR-US: ForgeRock OpenAM CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf ...) {DLA-2690-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4 NOTE: Fixes need to be made complete for older series to not open CVE-2021-33200, NOTE: cf. https://lore.kernel.org/stable/215e98bf-21c7-0074-129d-49a51526418b@iogearbox.net/ CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1 CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/268 NOTE: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b CVE-2021-3466 (A flaw was found in libmicrohttpd in versions before 0.9.71. A missing ...) - libmicrohttpd 0.9.71-1 [buster] - libmicrohttpd (Vulnerable code introduced later) [stretch] - libmicrohttpd (Vulnerable code introduced later) NOTE: Patch: https://git.gnunet.org/libmicrohttpd.git/commit/?id=a110ae6276660bee3caab30e9ff3f12f85cf3241 NOTE: Introduced in https://git.gnunet.org/libmicrohttpd.git/commit/?id=55f715e15e3ce66babc939b5a670bee02d4d9571 CVE-2021-3465 REJECTED CVE-2021-29153 RESERVED CVE-2021-29152 (A remote denial of service (DoS) vulnerability was discovered in Aruba ...) NOT-FOR-US: Aruba CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in Aruba C ...) NOT-FOR-US: Aruba CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered in Arub ...) NOT-FOR-US: Aruba CVE-2021-29149 (A local bypass security restrictions vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-29148 (A local cross-site scripting (XSS) vulnerability was discovered in Aru ...) NOT-FOR-US: Aruba CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) NOT-FOR-US: Aruba CVE-2021-29145 (A remote server side request forgery (SSRF) remote code execution vuln ...) NOT-FOR-US: Aruba CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...) NOT-FOR-US: Aruba CVE-2021-29143 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) NOT-FOR-US: Aruba CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...) NOT-FOR-US: Aruba CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was discovered in Aru ...) NOT-FOR-US: Aruba CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) NOT-FOR-US: Aruba CVE-2021-29138 (A remote disclosure of privileged information vulnerability was discov ...) NOT-FOR-US: Aruba CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba AirWave ...) NOT-FOR-US: Aruba CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...) - umoci 0.4.7+ds-1 [buster] - umoci (Minor issue) NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) CVE-2021-29135 RESERVED CVE-2021-3464 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...) NOT-FOR-US: Lenovo CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power Management Dr ...) NOT-FOR-US: Lenovo CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management Driver ...) NOT-FOR-US: Lenovo CVE-2021-29134 RESERVED CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux Configurat ...) NOT-FOR-US: haserl (Alpine), different from src:haserl CVE-2021-29132 RESERVED CVE-2021-29131 RESERVED CVE-2021-29130 RESERVED CVE-2021-29129 RESERVED CVE-2021-29128 RESERVED CVE-2021-29127 RESERVED CVE-2021-29126 RESERVED CVE-2021-29125 RESERVED CVE-2021-29124 RESERVED CVE-2021-29123 RESERVED CVE-2021-29122 RESERVED CVE-2021-29121 RESERVED CVE-2021-29120 RESERVED CVE-2021-29119 RESERVED CVE-2021-29118 RESERVED CVE-2021-29117 RESERVED CVE-2021-29116 RESERVED CVE-2021-29115 RESERVED CVE-2021-29114 RESERVED CVE-2021-29113 RESERVED CVE-2021-29112 RESERVED CVE-2021-29111 RESERVED CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may ...) NOT-FOR-US: Esri CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 a ...) NOT-FOR-US: Esri CVE-2021-29108 (There is an privilege escalation vulnerability in organization-specifi ...) NOT-FOR-US: Esri CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...) NOT-FOR-US: ArcGIS Server Manager CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...) NOT-FOR-US: ArcGIS Server CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...) NOT-FOR-US: ArcGIS Server Services Directory CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...) NOT-FOR-US: ArcGIS Server Manager CVE-2021-29103 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server ...) NOT-FOR-US: ArcGIS Server CVE-2021-29102 (A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Ma ...) NOT-FOR-US: ArcGIS Server Manager CVE-2021-29101 (ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only direc ...) NOT-FOR-US: ArcGIS GeoEvent Server CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...) NOT-FOR-US: Esri CVE-2021-29099 (A SQL injection vulnerability exists in some configurations of ArcGIS ...) NOT-FOR-US: Esri CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...) NOT-FOR-US: Esri (various ArcGIS products) CVE-2021-29097 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...) NOT-FOR-US: Esri (various ArcGIS products) CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...) NOT-FOR-US: Esri (various ArcGIS products) CVE-2021-29095 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...) NOT-FOR-US: Esri (various ArcGIS products) CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...) NOT-FOR-US: Esri (various ArcGIS products) CVE-2021-29093 (A use-after-free vulnerability when parsing a specially crafted file i ...) NOT-FOR-US: Esri (various ArcGIS products) CVE-2021-3461 RESERVED NOT-FOR-US: Keycloak CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability in file ...) NOT-FOR-US: Synology CVE-2021-29091 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2021-29090 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-29089 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-29088 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2021-29087 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2021-29086 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) NOT-FOR-US: Synology CVE-2021-29085 (Improper neutralization of special elements in output used by a downst ...) NOT-FOR-US: Synology CVE-2021-29084 (Improper neutralization of special elements in output used by a downst ...) NOT-FOR-US: Synology CVE-2021-29083 (Improper neutralization of special elements used in an OS command in S ...) NOT-FOR-US: Synology CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...) NOT-FOR-US: Motorola MH702x devices CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...) NOT-FOR-US: MM1000 device CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...) NOT-FOR-US: Motorola MM1000 device configuration portal CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: NETGEAR CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: NETGEAR CVE-2021-29080 (Certain NETGEAR devices are affected by password reset by an unauthent ...) NOT-FOR-US: NETGEAR CVE-2021-29079 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2021-29078 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2021-29077 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2021-29076 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2021-29075 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: NETGEAR CVE-2021-29074 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: NETGEAR CVE-2021-29073 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: NETGEAR CVE-2021-29072 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2021-29071 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2021-29070 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2021-29069 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2021-29068 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: NETGEAR CVE-2021-29067 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: NETGEAR CVE-2021-29066 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: NETGEAR CVE-2021-29065 (NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication ...) NOT-FOR-US: NETGEAR CVE-2021-29064 RESERVED CVE-2021-29063 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) - mpmath 1.2.1-2 (bug #990576) [bullseye] - mpmath (Minor issue) [buster] - mpmath (Minor issue) [stretch] - mpmath (Minor issue) NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md NOTE: https://github.com/fredrik-johansson/mpmath/issues/548 NOTE: https://github.com/fredrik-johansson/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833 NOTE: https://github.com/fredrik-johansson/mpmath/commit/2865c7d12b2a077d420427ad187eca831a48bff4 CVE-2021-29062 RESERVED CVE-2021-29061 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Vfsjfilechooser2 CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) - node-color-string 1.5.4-2 [buster] - node-color-string (Minor issue) NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md NOTE: https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and be ...) NOT-FOR-US: Node is-svg CVE-2021-29058 RESERVED CVE-2021-29057 RESERVED CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via ...) NOT-FOR-US: Pixelimity CVE-2021-29055 RESERVED CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...) NOT-FOR-US: Papoo CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...) NOT-FOR-US: Liferay CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...) NOT-FOR-US: Liferay CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...) NOT-FOR-US: Liferay CVE-2021-29050 RESERVED CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal Workflow module ...) NOT-FOR-US: Liferay CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...) NOT-FOR-US: Liferay CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...) NOT-FOR-US: Liferay CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...) NOT-FOR-US: Liferay CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...) NOT-FOR-US: Liferay CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...) NOT-FOR-US: Liferay CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...) NOT-FOR-US: Liferay CVE-2021-29042 RESERVED CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...) NOT-FOR-US: Liferay CVE-2021-29040 (The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay ...) NOT-FOR-US: Liferay CVE-2021-29039 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...) NOT-FOR-US: Liferay CVE-2021-29038 RESERVED CVE-2021-29037 RESERVED CVE-2021-29036 RESERVED CVE-2021-29035 RESERVED CVE-2021-29034 RESERVED CVE-2021-29033 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29032 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29031 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29030 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29029 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29028 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29027 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...) NOT-FOR-US: InvoicePlane CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset ...) NOT-FOR-US: InvoicePlane CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of ...) NOT-FOR-US: InvoicePlane CVE-2021-29021 RESERVED CVE-2021-29020 RESERVED CVE-2021-29019 RESERVED CVE-2021-29018 RESERVED CVE-2021-29017 RESERVED CVE-2021-29016 RESERVED CVE-2021-29015 RESERVED CVE-2021-29014 RESERVED CVE-2021-29013 RESERVED CVE-2021-29012 (DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to ev ...) NOT-FOR-US: DMA Softlab Radius Manager CVE-2021-29011 (DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting ( ...) NOT-FOR-US: DMA Softlab Radius Manager CVE-2021-29010 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...) NOT-FOR-US: SEO Panel CVE-2021-29009 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...) NOT-FOR-US: SEO Panel CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...) NOT-FOR-US: SEO Panel CVE-2021-29007 RESERVED CVE-2021-29006 (rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An ...) NOT-FOR-US: rConfig CVE-2021-29005 (Insecure permission of chmod command on rConfig server 3.9.6 exists. A ...) NOT-FOR-US: rConfig CVE-2021-29004 (rConfig 3.9.6 is affected by SQL Injection. A user must be authenticat ...) NOT-FOR-US: rConfig CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers ...) NOT-FOR-US: Genexis devices CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...) NOT-FOR-US: Plone CVE-2021-29001 RESERVED CVE-2021-29000 RESERVED CVE-2021-28999 RESERVED CVE-2021-28998 RESERVED CVE-2021-28997 RESERVED CVE-2021-28996 RESERVED CVE-2021-28995 RESERVED CVE-2021-28994 (kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8. ...) - kopanocore (bug #986272) [buster] - kopanocore (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/6 CVE-2021-28993 (Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is ...) NOT-FOR-US: Plixer Scrutinizer CVE-2021-28992 RESERVED CVE-2021-28991 RESERVED CVE-2021-28990 RESERVED CVE-2021-28989 RESERVED CVE-2021-28988 RESERVED CVE-2021-28987 RESERVED CVE-2021-28986 RESERVED CVE-2021-28985 RESERVED CVE-2021-28984 RESERVED CVE-2021-28983 RESERVED CVE-2021-28982 RESERVED CVE-2021-28981 RESERVED CVE-2021-28980 RESERVED CVE-2021-28979 (SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP resp ...) NOT-FOR-US: SafeNet KeySecure Management Console CVE-2021-28978 RESERVED CVE-2021-28977 (Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upl ...) NOT-FOR-US: GetSimpleCMS CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in a ...) NOT-FOR-US: GetSimpleCMS CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The Shel ...) - foreman (bug #663101) CVE-2021-3456 RESERVED - foreman (bug #663101) CVE-2021-28975 RESERVED CVE-2021-28974 RESERVED CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...) NOT-FOR-US: Helix ALM CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...) NOT-FOR-US: Central Management of FireEye EX 3500 devices CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...) NOT-FOR-US: Central Management of FireEye EX 3500 devices CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...) NOT-FOR-US: PunBB CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...) NOT-FOR-US: MATLAB extenstion for vscode CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a crafted ...) - ruby2.7 (Windows-specific) NOTE: https://hackerone.com/reports/1131465 CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...) - ruby2.7 2.7.3-1 (bug #986807) - ruby2.5 [buster] - ruby2.5 (Minor issue, can be fixed along with next update) - ruby2.3 [stretch] - ruby2.3 (Minor issue; can be fixed in next update) [experimental] - ruby-rexml 3.2.5-1 - ruby-rexml (bug #986806) NOTE: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...) {DLA-2690-1} - linux 5.10.26-1 [buster] - linux 4.19.194-1 [stretch] - linux (Driver is specific to IBM Power systems) NOTE: https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678 CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.26-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctree.c in ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.26-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 CVE-2021-28962 RESERVED CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...) NOT-FOR-US: DDNS package for OpenWrt CVE-2021-28960 (ManageEngine Desktop Central before build 10.0.683 allows Unauthentica ...) NOT-FOR-US: ManageEngine CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...) NOT-FOR-US: vscode-sass-lint CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...) NOT-FOR-US: git-bug CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...) NOT-FOR-US: Chris Walz bit CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...) NOT-FOR-US: unofficial C/C++ Advanced Lint extension for Visual Studio Code CVE-2021-3455 RESERVED CVE-2021-3454 RESERVED CVE-2021-3453 (Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS m ...) NOT-FOR-US: Lenovo CVE-2021-3452 (A potential vulnerability in the system shutdown SMI callback function ...) NOT-FOR-US: Lenovo CVE-2021-3451 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...) NOT-FOR-US: Lenovo CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...) - openssl 1.1.1k-1 [buster] - openssl (Vulnerable code introduced in 1.1.1h) [stretch] - openssl (Vulnerable code introduced in 1.1.1h) - openssl1.0 (Vulnerable code introduced in 1.1.1h) NOTE: https://www.openssl.org/news/secadv/20210325.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...) {DSA-4880-1 DLA-2606-1} - lxml 4.6.3-1 (bug #985643) NOTE: https://bugs.launchpad.net/lxml/+bug/1888153 NOTE: https://github.com/lxml/lxml/pull/316 NOTE: https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d CVE-2021-28952 (An issue was discovered in the Linux kernel through 5.11.8. The sound/ ...) - linux 5.10.26-1 (unimportant) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/1c668e1c0a0f74472469cd514f40c9012b324c31 CVE-2021-28951 (An issue was discovered in fs/io_uring.c in the Linux kernel through 5 ...) - linux 5.10.26-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49 CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before ...) {DLA-2689-1} - linux 5.10.24-1 NOTE: https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed CVE-2021-28949 RESERVED CVE-2021-28948 RESERVED CVE-2021-28947 RESERVED CVE-2021-28946 RESERVED CVE-2021-28945 RESERVED CVE-2021-28944 RESERVED CVE-2021-28943 RESERVED CVE-2021-28942 RESERVED CVE-2021-28941 (Because of no validation on a curl command in MagpieRSS 0.72 in the /e ...) NOT-FOR-US: MagpieRSS CVE-2021-28940 (Because of a incorrect escaped exec command in MagpieRSS in 0.72 in th ...) NOT-FOR-US: MagpieRSS CVE-2021-28939 RESERVED CVE-2021-28938 (Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2- ...) NOT-FOR-US: Siren Federate CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...) NOT-FOR-US: Acexy Wireless-N WiFi Repeater CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...) NOT-FOR-US: Acexy Wireless-N WiFi Repeater CVE-2021-28935 (CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin ...) NOT-FOR-US: CMS Made Simple (CMSMS) CVE-2021-28934 RESERVED CVE-2021-28933 RESERVED CVE-2021-28932 RESERVED CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers ...) NOT-FOR-US: Fork CMS CVE-2021-28930 RESERVED CVE-2021-28929 RESERVED CVE-2021-28928 RESERVED CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 1.9.0 pass ...) - retroarch (Windows-specific) CVE-2021-28926 RESERVED CVE-2021-28925 (SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 vi ...) NOT-FOR-US: Nagios Network Analyzer CVE-2021-28924 (Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the ...) NOT-FOR-US: Nagios Network Analyzer CVE-2021-28923 RESERVED CVE-2021-28922 RESERVED CVE-2021-28921 RESERVED CVE-2021-28920 RESERVED CVE-2021-28919 RESERVED CVE-2021-28918 (Improper input validation of octal strings in netmask npm package v1.0 ...) NOT-FOR-US: netmask nodejs module NOTE: https://sick.codes/sick-2021-011 NOTE: https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/ CVE-2021-28917 RESERVED CVE-2021-28916 RESERVED CVE-2021-28915 RESERVED CVE-2021-28914 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to ...) NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort CVE-2021-28913 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...) NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort CVE-2021-28912 (BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard c ...) NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort CVE-2021-28911 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...) NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort CVE-2021-28910 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSR ...) NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort CVE-2021-28909 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...) NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort CVE-2021-28908 RESERVED CVE-2021-28907 RESERVED CVE-2021-28906 (In function read_yin_leaf() in libyang <= v1.0.225, it doesn't chec ...) - libyang (bug #989060) [bullseye] - libyang (Minor issue) [buster] - libyang (Minor issue) NOTE: https://github.com/CESNET/libyang/issues/1455 CVE-2021-28905 (In function lys_node_free() in libyang <= v1.0.225, it asserts that ...) - libyang (bug #989060) [bullseye] - libyang (Minor issue) [buster] - libyang (Minor issue) NOTE: https://github.com/CESNET/libyang/issues/1452 CVE-2021-28904 (In function ext_get_plugin() in libyang <= v1.0.225, it doesn't che ...) - libyang (bug #989060) [bullseye] - libyang (Minor issue) [buster] - libyang (Minor issue) NOTE: https://github.com/CESNET/libyang/issues/1451 CVE-2021-28903 (A stack overflow in libyang <= v1.0.225 can cause a denial of servi ...) - libyang (bug #989060) [bullseye] - libyang (Minor issue) [buster] - libyang (Minor issue) NOTE: https://github.com/CESNET/libyang/issues/1453 CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it doesn't ...) - libyang (bug #989060) [bullseye] - libyang (Minor issue) [buster] - libyang (Minor issue) NOTE: https://github.com/CESNET/libyang/issues/1454 CVE-2021-28901 (Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Soft ...) NOT-FOR-US: Sita Software Azur CMS. CVE-2021-28900 RESERVED CVE-2021-28899 (Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileS ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-March/021891.html CVE-2021-28898 RESERVED CVE-2021-28897 RESERVED CVE-2021-28896 RESERVED CVE-2021-28895 RESERVED CVE-2021-28894 RESERVED CVE-2021-28893 RESERVED CVE-2021-28892 RESERVED CVE-2021-28891 RESERVED CVE-2021-28890 (J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via th ...) NOT-FOR-US: J2eeFAST CVE-2021-28889 RESERVED CVE-2021-28888 RESERVED CVE-2021-28887 RESERVED CVE-2021-28886 RESERVED CVE-2021-28885 RESERVED CVE-2021-28884 RESERVED CVE-2021-28883 RESERVED CVE-2021-28882 RESERVED CVE-2021-28881 RESERVED CVE-2021-28880 RESERVED CVE-2021-28879 (In the standard library in Rust before 1.52.0, the Zip implementation ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/82282 NOTE: https://github.com/rust-lang/rust/pull/82289 CVE-2021-28878 (In the standard library in Rust before 1.52.0, the Zip implementation ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/82291 NOTE: https://github.com/rust-lang/rust/pull/82292 CVE-2021-28877 (In the standard library in Rust before 1.51.0, the Zip implementation ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/pull/80670 CVE-2021-28876 (In the standard library in Rust before 1.52.0, the Zip implementation ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/81740 NOTE: https://github.com/rust-lang/rust/pull/81741 CVE-2021-28875 (In the standard library in Rust before 1.50.0, read_to_end() does not ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/80894 NOTE: https://github.com/rust-lang/rust/pull/80895 CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...) NOT-FOR-US: SerenityOS CVE-2021-28873 RESERVED CVE-2021-28872 RESERVED CVE-2021-28871 RESERVED CVE-2021-28870 RESERVED CVE-2021-28869 RESERVED CVE-2021-28868 RESERVED CVE-2021-28867 RESERVED CVE-2021-28866 RESERVED CVE-2021-28865 RESERVED CVE-2021-28864 RESERVED CVE-2021-28863 RESERVED CVE-2021-28862 RESERVED CVE-2021-28861 RESERVED CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...) NOT-FOR-US: Node mixme CVE-2021-28859 RESERVED CVE-2021-28858 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL b ...) NOT-FOR-US: TP-Link CVE-2021-28857 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and passw ...) NOT-FOR-US: TP-Link CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...) NOT-FOR-US: Deark CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...) NOT-FOR-US: Deark CVE-2021-28854 RESERVED CVE-2021-28853 RESERVED CVE-2021-28852 RESERVED CVE-2021-28851 RESERVED CVE-2021-28850 RESERVED CVE-2021-28849 RESERVED CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of service ...) NOT-FOR-US: Mintty CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...) NOT-FOR-US: MobaXterm CVE-2021-28846 (A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW ...) NOT-FOR-US: TRENDnet CVE-2021-28845 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...) NOT-FOR-US: TRENDnet CVE-2021-28844 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...) NOT-FOR-US: TRENDnet CVE-2021-28843 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...) NOT-FOR-US: TRENDnet CVE-2021-28842 (Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11 ...) NOT-FOR-US: TRENDnet CVE-2021-28841 (Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, ...) NOT-FOR-US: TRENDnet CVE-2021-28840 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...) NOT-FOR-US: D-Link CVE-2021-28839 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...) NOT-FOR-US: D-Link CVE-2021-28838 (Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, D ...) NOT-FOR-US: D-Link CVE-2021-28837 RESERVED CVE-2021-28836 RESERVED CVE-2021-28835 RESERVED CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge: ...) {DSA-4890-1} - ruby-kramdown 2.3.0-5 (bug #985569) [stretch] - ruby-kramdown (Vulnerable code introduced later) NOTE: https://github.com/gettalong/kramdown/pull/708 NOTE: Fixed by: https://github.com/gettalong/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b2422760 NOTE: Introduced by https://github.com/gettalong/kramdown/commit/ff0218aefcf00cd5a389e17e075d36cd46d011e2 (v1.16) CVE-2021-28833 (Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist ...) NOT-FOR-US: Increments Qiita::Markdown CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via ...) NOT-FOR-US: VSCodeVim CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...) {DLA-2614-1} - busybox (bug #985674) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd CVE-2021-27851 (A security vulnerability that can lead to local privilege escalation h ...) - guix 1.2.0-4 (bug #985467; unimportant) NOTE: https://issues.guix.gnu.org/47229 NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf NOTE: https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/ NOTE: Neutralised by kernel hardening (fs.protected_hardlinks = 1) CVE-2021-28830 (The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R component ...) NOT-FOR-US: TIBCO CVE-2021-28829 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...) NOT-FOR-US: TIBCO CVE-2021-28828 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...) NOT-FOR-US: TIBCO CVE-2021-28827 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...) NOT-FOR-US: TIBCO CVE-2021-28826 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...) NOT-FOR-US: TIBCO CVE-2021-28825 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...) NOT-FOR-US: TIBCO CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Acti ...) NOT-FOR-US: TIBCO CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL ...) NOT-FOR-US: TIBCO CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise Message Se ...) NOT-FOR-US: TIBCO CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...) NOT-FOR-US: TIBCO CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API ...) NOT-FOR-US: TIBCO CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL ...) NOT-FOR-US: TIBCO CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...) NOT-FOR-US: TIBCO CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...) NOT-FOR-US: TIBCO CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...) NOT-FOR-US: QNAP CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...) NOT-FOR-US: QNAP CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote ...) NOT-FOR-US: QNAP CVE-2021-28810 (If exploited, this vulnerability allows an attacker to access resource ...) NOT-FOR-US: QNAP CVE-2021-28809 (An improper access control vulnerability has been reported to affect c ...) NOT-FOR-US: QNAP CVE-2021-28808 RESERVED CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been reported to ...) NOT-FOR-US: QNAP CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...) NOT-FOR-US: QNAP CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...) NOT-FOR-US: QNAP CVE-2021-28804 (A command injection vulnerabilities have been reported to affect QTS a ...) NOT-FOR-US: QNAP CVE-2021-28803 (This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11. ...) NOT-FOR-US: QNAP CVE-2021-28802 (A command injection vulnerabilities have been reported to affect QTS a ...) NOT-FOR-US: QNAP CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...) NOT-FOR-US: QNAP CVE-2021-28800 (A command injection vulnerability has been reported to affect QNAP NAS ...) NOT-FOR-US: QNAP CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...) NOT-FOR-US: QNAP CVE-2021-28798 (A relative path traversal vulnerability has been reported to affect QN ...) NOT-FOR-US: QNAP CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...) NOT-FOR-US: QNAP NAS devices CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...) NOT-FOR-US: Increments Qiita::Markdown CVE-2021-28795 RESERVED CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...) NOT-FOR-US: ShellCheck extension for Visual Studio Code CVE-2021-28793 (vscode-restructuredtext before 146.0.0 contains an incorrect access co ...) NOT-FOR-US: vscode-restructuredtext CVE-2021-28792 (The unofficial Swift Development Environment extension before 2.12.1 f ...) NOT-FOR-US: Swift Development Environment extension for Visual Studio Code CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Co ...) NOT-FOR-US: SwiftFormat extension for Visual Studio Code CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code ...) NOT-FOR-US: SwiftLint extension for Visual Studio Code CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for Visual St ...) NOT-FOR-US: apple/swift-format extension for Visual Studio Code CVE-2021-28788 RESERVED CVE-2021-28787 RESERVED CVE-2021-28786 RESERVED CVE-2021-28785 RESERVED CVE-2021-28784 RESERVED CVE-2021-28783 RESERVED CVE-2021-28782 RESERVED CVE-2021-28781 RESERVED CVE-2021-28780 RESERVED CVE-2021-28779 RESERVED CVE-2021-28778 RESERVED CVE-2021-28777 RESERVED CVE-2021-28776 RESERVED CVE-2021-28775 RESERVED CVE-2021-28774 RESERVED CVE-2021-28773 RESERVED CVE-2021-28772 RESERVED CVE-2021-28771 RESERVED CVE-2021-28770 RESERVED CVE-2021-28769 RESERVED CVE-2021-28768 RESERVED CVE-2021-28767 RESERVED CVE-2021-28766 RESERVED CVE-2021-28765 RESERVED CVE-2021-28764 RESERVED CVE-2021-28763 RESERVED CVE-2021-28762 RESERVED CVE-2021-28761 RESERVED CVE-2021-28760 RESERVED CVE-2021-28759 RESERVED CVE-2021-28758 RESERVED CVE-2021-28757 RESERVED CVE-2021-28756 RESERVED CVE-2021-28755 RESERVED CVE-2021-28754 RESERVED CVE-2021-28753 RESERVED CVE-2021-28752 RESERVED CVE-2021-28751 RESERVED CVE-2021-28750 RESERVED CVE-2021-28749 RESERVED CVE-2021-28748 RESERVED CVE-2021-28747 RESERVED CVE-2021-28746 RESERVED CVE-2021-28745 RESERVED CVE-2021-28744 RESERVED CVE-2021-28743 RESERVED CVE-2021-28742 RESERVED CVE-2021-28741 RESERVED CVE-2021-28740 RESERVED CVE-2021-28739 RESERVED CVE-2021-28738 RESERVED CVE-2021-28737 RESERVED CVE-2021-28736 RESERVED CVE-2021-28735 RESERVED CVE-2021-28734 RESERVED CVE-2021-28733 RESERVED CVE-2021-28732 REJECTED CVE-2021-28731 RESERVED CVE-2021-28730 RESERVED CVE-2021-28729 RESERVED CVE-2021-28728 RESERVED CVE-2021-28727 RESERVED CVE-2021-28726 RESERVED CVE-2021-28725 RESERVED CVE-2021-28724 RESERVED CVE-2021-28723 RESERVED CVE-2021-28722 RESERVED CVE-2021-28721 RESERVED CVE-2021-28720 RESERVED CVE-2021-28719 RESERVED CVE-2021-28718 RESERVED CVE-2021-28717 RESERVED CVE-2021-28716 RESERVED CVE-2021-28715 RESERVED CVE-2021-28714 RESERVED CVE-2021-28713 RESERVED CVE-2021-28712 RESERVED CVE-2021-28711 RESERVED CVE-2021-28710 RESERVED CVE-2021-28709 RESERVED CVE-2021-28708 RESERVED CVE-2021-28707 RESERVED CVE-2021-28706 RESERVED CVE-2021-28705 RESERVED CVE-2021-28704 RESERVED CVE-2021-28703 RESERVED CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...) - xen [bullseye] - xen (Minor issue, fix along with next DSA) [buster] - xen (Vulnerable code introduced later) [stretch] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-386.html CVE-2021-28701 (Another race in XENMAPSPACE_grant_table handling Guests are permitted ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-384.html CVE-2021-28700 (xen/arm: No memory limit for dom0less domUs The dom0less feature allow ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (Only affects 4.12 and later) [stretch] - xen (Only affects 4.12 and later) NOTE: https://xenbits.xen.org/xsa/advisory-383.html CVE-2021-28699 (inadequate grant-v2 status frames array bounds check The v2 grant tabl ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (DSA 4677-1) [stretch] - xen (Only affects 4.10 and later) NOTE: https://xenbits.xen.org/xsa/advisory-382.html CVE-2021-28698 (long running loops in grant table handling In order to properly monito ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-380.html CVE-2021-28697 (grant table v2 status pages may remain accessible after de-allocation ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-379.html CVE-2021-28696 (IOMMU page mapping issues on x86 T[his CNA information record relates ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-378.html CVE-2021-28695 (IOMMU page mapping issues on x86 T[his CNA information record relates ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-378.html CVE-2021-28694 (IOMMU page mapping issues on x86 T[his CNA information record relates ...) {DSA-4977-1} - xen 4.14.3-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-378.html CVE-2021-28693 (xen/arm: Boot modules are not scrubbed The bootloader will load boot m ...) - xen 4.14.2+25-gb6a8c4f72d-1 [buster] - xen (Only affects 4.12 and later) [stretch] - xen (Only affects 4.12 and later) NOTE: https://xenbits.xen.org/xsa/advisory-372.html CVE-2021-28692 (inappropriate x86 IOMMU timeout detection / handling IOMMUs process co ...) {DSA-4931-1} - xen 4.14.2+25-gb6a8c4f72d-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-373.html CVE-2021-28691 (Guest triggered use-after-free in Linux xen-netback A malicious or bug ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-374.html CVE-2021-28690 (x86: TSX Async Abort protections not restored after S3 This issue rela ...) {DSA-4931-1} - xen 4.14.2+25-gb6a8c4f72d-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-377.html CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ...) - xen (unimportant) NOTE: https://xenbits.xen.org/xsa/advisory-370.html NOTE: Unfixable design/architecture limitation, no fix planned CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://xenbits.xen.org/xsa/advisory-371.html NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432 CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...) NOT-FOR-US: ASUS CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...) NOT-FOR-US: ASUS CVE-2021-28684 (The XML parser used in ConeXware PowerArchiver before 20.10.02 allows ...) NOT-FOR-US: ConeXware PowerArchiver CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...) - envoyproxy (bug #987544) CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...) - envoyproxy (bug #987544) CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...) NOT-FOR-US: Pion WebRTC CVE-2021-28680 RESERVED CVE-2021-28679 RESERVED CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos NOTE: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1 CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...) {DLA-2716-1} [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...) {DLA-2716-1} [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) [stretch] - pillow (Minor issue, too intrusive to backport) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin NOTE: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497 CVE-2021-28674 (The node management page in SolarWinds Orion Platform before 2020.2.5 ...) NOT-FOR-US: SolarWinds CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...) NOT-FOR-US: Xerox CVE-2021-28672 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...) NOT-FOR-US: Xerox CVE-2021-28671 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...) NOT-FOR-US: Xerox CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...) NOT-FOR-US: Xerox CVE-2021-28669 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...) NOT-FOR-US: Xerox CVE-2021-28668 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...) NOT-FOR-US: Xerox CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loop that ...) NOT-FOR-US: StackStorm CVE-2021-28666 RESERVED CVE-2021-28665 (Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a me ...) NOT-FOR-US: Stormshield SNS CVE-2021-28664 (The Arm Mali GPU kernel driver allows privilege escalation or a denial ...) NOT-FOR-US: ARM components for Android CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or informat ...) NOT-FOR-US: ARM components for Android CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...) {DSA-4924-1} - squid 4.13-10 (bug #988891) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...) NOT-FOR-US: ilverStripe GraphQL Server CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...) {DSA-4875-1} - openssl 1.1.1k-1 [stretch] - openssl (Vulnerable code introduced later) - openssl1.0 (Vulnerability does not impact 1.0.2 series) NOTE: https://www.openssl.org/news/secadv/20210325.txt NOTE: Introduced by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319 (OpenSSL_1_1_1-pre1) NOTE: Prerequisite: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7 NOTE: Prerequisite (test): https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70 NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148 (OpenSSL_1_1_1k) NOTE: Followup: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0 CVE-2021-28687 (HVM soft-reset crashes toolstack libxl requires all data structures pa ...) - xen 4.14.2+25-gb6a8c4f72d-1 [buster] - xen (Vulnerable code introduced later) [stretch] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-368.html CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...) {DLA-2689-1 DLA-2610-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7 CVE-2021-28659 RESERVED CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...) {DLA-2622-1} - python-django 2:2.2.20-1 (bug #986447) [buster] - python-django (Minor issue; can be fixed via point release) NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20) CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...) - tika (bug #986805) [bullseye] - tika (Minor issue) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3 CVE-2021-28656 RESERVED CVE-2021-28655 RESERVED CVE-2021-28654 RESERVED CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital G-Technolo ...) NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology ArmorLock NVMe SSD CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #988892) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #988893) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-a975fd5aedc866629214aaaccb38376855351899.patch CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injection beca ...) {DSA-4872-1 DLA-2599-1} - shibboleth-sp 3.2.1+dfsg1-1 (bug #985405) - shibboleth-sp2 NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-922 NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configured t ...) - dnsmasq 2.85-1 [buster] - dnsmasq (Revisit once upstream has backported to 2.80) [stretch] - dnsmasq (Probably easier to base the patch on a backported version) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939368 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2 CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349 NOTE: check, details on upstream status not yet clear CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonly use ...) - libtpms 0.8.2-1 (bug #986799) NOTE: https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...) [experimental] - gnome-autoar 0.3.1-1 - gnome-autoar (bug #985391) [bullseye] - gnome-autoar (Minor issue) [buster] - gnome-autoar (Incomplete fix for CVE-2020-36241 not applied) [stretch] - gnome-autoar (Incomplete fix for CVE-2020-36241 not applied) NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4 NOTE: Issue exists because of an incomplete fix for CVE-2020-36241. NOTE: Two followup/regression patches: NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/135053d5d3a0320891cf2e2ad4684b648bb46fc8 NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/b9590ab77b70e74e9deffd2af6c32908dc3c5aaf CVE-2021-28649 (An incorrect permission vulnerability in the product installer for Tre ...) NOT-FOR-US: Trend Micro CVE-2021-28648 (Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vu ...) NOT-FOR-US: Trend Micro CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...) NOT-FOR-US: Trend Micro CVE-2021-28646 (An insecure file permissions vulnerability in Trend Micro Apex One, Ap ...) NOT-FOR-US: Trend Micro CVE-2021-28645 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) NOT-FOR-US: Trend Micro CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality in v ...) - libdnf 0.55.2-6 (bug #986802) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079 NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de CVE-2021-28644 RESERVED CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28641 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28640 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28639 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28638 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28637 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28636 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28635 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28634 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-28633 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...) NOT-FOR-US: Adobe CVE-2021-28632 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28631 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28630 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28629 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...) NOT-FOR-US: Adobe CVE-2021-28628 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) NOT-FOR-US: Adobe CVE-2021-28627 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) NOT-FOR-US: Adobe CVE-2021-28626 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) NOT-FOR-US: Adobe CVE-2021-28625 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) NOT-FOR-US: Adobe CVE-2021-28624 (Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based ...) NOT-FOR-US: Adobe CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...) NOT-FOR-US: Adobe CVE-2021-28622 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28621 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28620 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...) NOT-FOR-US: Adobe CVE-2021-28619 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28618 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28617 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28616 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) NOT-FOR-US: Adobe CVE-2021-28615 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) NOT-FOR-US: Adobe CVE-2021-28614 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) NOT-FOR-US: Adobe CVE-2021-28613 (Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is ...) NOT-FOR-US: Adobe CVE-2021-28612 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) NOT-FOR-US: Adobe CVE-2021-28611 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) NOT-FOR-US: Adobe CVE-2021-28610 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) NOT-FOR-US: Adobe CVE-2021-28609 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-28608 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) NOT-FOR-US: Adobe CVE-2021-28607 (Adobe After Effects version 18.2 (and earlier) is affected by a heap c ...) NOT-FOR-US: Adobe CVE-2021-28606 (Adobe After Effects version 18.2 (and earlier) is affected by a Stack- ...) NOT-FOR-US: Adobe CVE-2021-28605 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-28604 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) NOT-FOR-US: Adobe CVE-2021-28603 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) NOT-FOR-US: Adobe CVE-2021-28602 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-28601 (Adobe After Effects version 18.2 (and earlier) is affected by a Null p ...) NOT-FOR-US: Adobe CVE-2021-28600 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-28599 RESERVED CVE-2021-28598 RESERVED CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected by an i ...) NOT-FOR-US: Adobe CVE-2021-28596 (Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earl ...) NOT-FOR-US: Adobe CVE-2021-28595 (Adobe Dimension version 3.4 (and earlier) is affected by an Uncontroll ...) NOT-FOR-US: Adobe CVE-2021-28594 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...) NOT-FOR-US: Adobe CVE-2021-28593 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use Af ...) NOT-FOR-US: Adobe CVE-2021-28592 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-28591 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-28590 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-28589 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-28582 RESERVED CVE-2021-28581 (Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncon ...) NOT-FOR-US: Adobe CVE-2021-28580 (Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffe ...) NOT-FOR-US: Adobe CVE-2021-28579 (Adobe Connect version 11.2.1 (and earlier) is affected by an Improper ...) NOT-FOR-US: Adobe CVE-2021-28578 RESERVED CVE-2021-28577 RESERVED CVE-2021-28576 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28575 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28574 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28573 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-28572 RESERVED CVE-2021-28571 (Adobe After Effects version 18.1 (and earlier) is affected by a potent ...) NOT-FOR-US: Adobe CVE-2021-28570 (Adobe After Effects version 18.1 (and earlier) is affected by an Uncon ...) NOT-FOR-US: Adobe CVE-2021-28569 (Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-28568 (Adobe Genuine Services version 7.1 (and earlier) is affected by an Ins ...) NOT-FOR-US: Adobe CVE-2021-28567 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-28566 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-28565 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28564 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28561 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28560 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28559 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28558 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28557 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-28555 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28554 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28553 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28552 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28551 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28550 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2021-28548 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2021-28547 (Adobe Creative Cloud Desktop Application for macOS version 5.3 (and ea ...) NOT-FOR-US: Adobe CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-28544 RESERVED CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...) - varnish-modules (Vulnerable code ot present; bug #985947) NOTE: https://varnish-cache.org/security/VSV00006.html NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/2c120e576ebb73bc247790184702ba58dc0afc39 (0.18.0) NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/71a1f1383158cc1c1cb3ab2b4d3ff93b044902f5 (0.17.1) NOTE: Introduced by: https://github.com/varnish/varnish-modules/commit/b4d5927a2fbba31b1213225138f8432572414a24 (0.17.0) CVE-2021-28542 RESERVED CVE-2021-28541 RESERVED CVE-2021-28540 RESERVED CVE-2021-28539 RESERVED CVE-2021-28538 RESERVED CVE-2021-28537 RESERVED CVE-2021-28536 RESERVED CVE-2021-28535 RESERVED CVE-2021-28534 RESERVED CVE-2021-28533 RESERVED CVE-2021-28532 RESERVED CVE-2021-28531 RESERVED CVE-2021-28530 RESERVED CVE-2021-28529 RESERVED CVE-2021-28528 RESERVED CVE-2021-28527 RESERVED CVE-2021-28526 RESERVED CVE-2021-28525 RESERVED CVE-2021-28524 RESERVED CVE-2021-28523 RESERVED CVE-2021-28522 RESERVED CVE-2021-28521 RESERVED CVE-2021-28520 RESERVED CVE-2021-28519 RESERVED CVE-2021-28518 RESERVED CVE-2021-28517 RESERVED CVE-2021-28516 RESERVED CVE-2021-28515 RESERVED CVE-2021-28514 RESERVED CVE-2021-28513 RESERVED CVE-2021-28512 RESERVED CVE-2021-28511 RESERVED CVE-2021-28510 RESERVED CVE-2021-28509 RESERVED CVE-2021-28508 RESERVED CVE-2021-28507 RESERVED CVE-2021-28506 RESERVED CVE-2021-28505 RESERVED CVE-2021-28504 RESERVED CVE-2021-28503 RESERVED CVE-2021-28502 RESERVED CVE-2021-28501 RESERVED CVE-2021-28500 RESERVED CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-28496 RESERVED CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...) {DLA-2785-1} - linux 5.10.19-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3 NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2 CVE-2021-28492 (Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, an ...) NOT-FOR-US: Unisys Stealth CVE-2021-28491 RESERVED CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cook ...) NOT-FOR-US: OWASP CSRFGuard CVE-2021-28489 RESERVED CVE-2021-28488 RESERVED CVE-2021-28487 RESERVED CVE-2021-28486 RESERVED CVE-2021-28485 RESERVED CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...) NOT-FOR-US: yubihsm-connector CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/269 NOTE: https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b CVE-2021-3442 RESERVED NOT-FOR-US: Red Hat OpenShift API Management CVE-2021-28483 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-28482 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-28481 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-28480 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-28479 (Windows CSC Service Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28478 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-28477 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28476 (Hyper-V Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28475 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28474 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28473 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28472 (Visual Studio Code Maven for Java Extension Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft CVE-2021-28471 (Remote Development Extension for Visual Studio Code Remote Code Execut ...) NOT-FOR-US: Microsoft CVE-2021-28470 (Visual Studio Code GitHub Pull Requests and Issues Extension Remote Co ...) NOT-FOR-US: Microsoft CVE-2021-28469 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28468 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28467 RESERVED CVE-2021-28466 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28465 (Web Media Extensions Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28464 (VP9 Video Extensions Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28463 RESERVED CVE-2021-28462 RESERVED CVE-2021-28461 (Dynamics Finance and Operations Cross-site Scripting Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28460 (Azure Sphere Unsigned Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28459 (Azure DevOps Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28458 (Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28457 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28456 (Microsoft Excel Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28455 (Microsoft Jet Red Database Engine and Access Connectivity Engine Remot ...) NOT-FOR-US: Microsoft CVE-2021-28454 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-28453 (Microsoft Word Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28452 (Microsoft Outlook Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28451 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-28450 (Microsoft SharePoint Denial of Service Update ...) NOT-FOR-US: Microsoft CVE-2021-28449 (Microsoft Office Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28448 (Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-28447 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...) NOT-FOR-US: Microsoft CVE-2021-28446 (Windows Portmapping Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28445 (Windows Network File System Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28444 (Windows Hyper-V Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28443 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28442 (Windows TCP/IP Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28441 (Windows Hyper-V Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28440 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28439 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) NOT-FOR-US: Microsoft CVE-2021-28438 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-28437 (Windows Installer Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28436 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...) NOT-FOR-US: Microsoft CVE-2021-28435 (Windows Event Tracing Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28434 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28433 RESERVED CVE-2021-28432 RESERVED CVE-2021-28431 RESERVED CVE-2021-28430 RESERVED CVE-2021-28429 RESERVED CVE-2021-28428 RESERVED CVE-2021-28427 RESERVED CVE-2021-28426 RESERVED CVE-2021-28425 RESERVED CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers Record M ...) NOT-FOR-US: Teachers Record Management CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record Management S ...) NOT-FOR-US: Teachers Record Management CVE-2021-28422 RESERVED CVE-2021-28421 REJECTED CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...) NOT-FOR-US: Seo Panel CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...) NOT-FOR-US: Seo Panel CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...) NOT-FOR-US: Seo Panel CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...) NOT-FOR-US: Seo Panel CVE-2021-28416 RESERVED CVE-2021-28415 RESERVED CVE-2021-28414 RESERVED CVE-2021-28413 RESERVED CVE-2021-28412 RESERVED CVE-2021-28411 RESERVED CVE-2021-28410 RESERVED CVE-2021-28409 RESERVED CVE-2021-28408 RESERVED CVE-2021-28407 RESERVED CVE-2021-28406 RESERVED CVE-2021-28405 RESERVED CVE-2021-28404 RESERVED CVE-2021-28403 RESERVED CVE-2021-28402 RESERVED CVE-2021-28401 RESERVED CVE-2021-28400 RESERVED CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...) NOT-FOR-US: OrangeHRM CVE-2021-28398 RESERVED CVE-2021-28397 RESERVED CVE-2021-28396 RESERVED CVE-2021-28395 RESERVED CVE-2021-28394 RESERVED CVE-2021-28393 RESERVED CVE-2021-28392 RESERVED CVE-2021-28391 RESERVED CVE-2021-28390 RESERVED CVE-2021-28389 RESERVED CVE-2021-28388 RESERVED CVE-2021-28387 RESERVED CVE-2021-28386 RESERVED CVE-2021-28385 RESERVED CVE-2021-28384 RESERVED CVE-2021-28383 RESERVED CVE-2021-28382 (Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on th ...) NOT-FOR-US: Zoho CVE-2021-28381 (The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 ...) NOT-FOR-US: vhs (aka VHS: Fluid ViewHelpers) extension for TYPO3 CVE-2021-28380 (The aimeos (aka Aimeos shop and e-commerce framework) extension before ...) NOT-FOR-US: aimeos (aka Aimeos shop and e-commerce framework) extension for TYPO3 CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) thro ...) NOT-FOR-US: Vesta Control Panel CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...) - gitea CVE-2021-28377 RESERVED CVE-2021-28376 RESERVED CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03- ...) - tt-rss (Vulnerable code introduced later) NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502 NOTE: Introduced by: https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32 NOTE: Fixed by: https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2 CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to imperson ...) NOT-FOR-US: ThroughTek CVE-2021-28371 RESERVED CVE-2021-28370 RESERVED CVE-2021-28369 RESERVED CVE-2021-28368 RESERVED CVE-2021-28367 RESERVED CVE-2021-28366 RESERVED CVE-2021-28365 RESERVED CVE-2021-28364 RESERVED CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...) - python-urllib3 1.26.4-1 [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 (1.26.4) NOTE: Support for HTTPS request via HTTPS proxies only introduced in 1.26.0. NOTE: In Debian urllib3 does require SSL certificate validation by default (since 1.3-3) NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872). CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending an ICMPv6 ...) NOT-FOR-US: Contiki CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK) ...) NOT-FOR-US: Storage Performance Development Kit CVE-2021-28360 RESERVED CVE-2021-28359 (The "origin" parameter passed to some of the endpoints like '/trigger' ...) - airflow (bug #819700) CVE-2021-28358 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28357 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28356 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28355 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28354 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28353 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28352 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28351 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...) NOT-FOR-US: Microsoft CVE-2021-28350 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-28349 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-28348 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-28347 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...) NOT-FOR-US: Microsoft CVE-2021-28346 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28345 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28344 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28343 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28342 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28341 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28340 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28339 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28338 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28337 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28336 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28335 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28334 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28333 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28332 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28331 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28330 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28329 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28328 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-28327 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-28326 (Windows AppX Deployment Server Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28325 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-28324 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-28323 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-28322 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2021-28321 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2021-28320 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2021-28319 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) NOT-FOR-US: Microsoft CVE-2021-28318 (Windows GDI+ Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28317 (Microsoft Windows Codecs Library Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28316 (Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28315 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-28314 (Windows Hyper-V Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28313 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2021-28312 (Windows NTFS Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-28311 (Windows Application Compatibility Cache Denial of Service Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-28310 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-28309 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...) NOT-FOR-US: Rust craste fltk CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...) NOT-FOR-US: Rust craste fltk CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...) NOT-FOR-US: Rust craste fltk CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...) - rust-diesel (bug #987275) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html CVE-2021-28304 RESERVED CVE-2021-28303 RESERVED CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the denial o ...) - pupnp-1.8 (bug #986833) [bullseye] - pupnp-1.8 (Minor issue) [buster] - pupnp-1.8 (Minor issue) - libupnp [stretch] - libupnp (Minor issue) NOTE: https://github.com/pupnp/pupnp/issues/249 CVE-2021-28301 RESERVED CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrac ...) - gpac 1.0.1+dfsg1-4 (bug #987020) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue; can be fixed in next update) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1702 NOTE: https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca CVE-2021-28299 RESERVED CVE-2021-28298 RESERVED CVE-2021-28297 RESERVED CVE-2021-28296 RESERVED CVE-2021-28295 (Online Ordering System 1.0 is vulnerable to unauthenticated SQL inject ...) NOT-FOR-US: Online Ordering System CVE-2021-28294 (Online Ordering System 1.0 is vulnerable to arbitrary file upload thro ...) NOT-FOR-US: Online Ordering System CVE-2021-28293 (Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated ...) NOT-FOR-US: Seceon aiSIEM CVE-2021-28292 RESERVED CVE-2021-28291 RESERVED CVE-2021-28290 RESERVED CVE-2021-28289 RESERVED CVE-2021-28288 RESERVED CVE-2021-28287 RESERVED CVE-2021-28286 RESERVED CVE-2021-28285 RESERVED CVE-2021-28284 RESERVED CVE-2021-28283 RESERVED CVE-2021-28282 RESERVED CVE-2021-28281 RESERVED CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFu ...) NOT-FOR-US: PHP-Fusion CVE-2021-28279 RESERVED CVE-2021-28278 RESERVED CVE-2021-28277 RESERVED CVE-2021-28276 RESERVED CVE-2021-28275 RESERVED CVE-2021-28274 RESERVED CVE-2021-28273 RESERVED CVE-2021-28272 RESERVED CVE-2021-28271 (Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of ...) NOT-FOR-US: Soyal Technologies SOYAL 701Server CVE-2021-28270 RESERVED CVE-2021-28269 (Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions ...) NOT-FOR-US: Soyal Technology 701Client CVE-2021-28268 RESERVED CVE-2021-28267 RESERVED CVE-2021-28266 RESERVED CVE-2021-28265 RESERVED CVE-2021-28264 RESERVED CVE-2021-28263 RESERVED CVE-2021-28262 RESERVED CVE-2021-28261 RESERVED CVE-2021-28260 RESERVED CVE-2021-28259 RESERVED CVE-2021-28258 RESERVED CVE-2021-28257 RESERVED CVE-2021-28256 RESERVED CVE-2021-28255 RESERVED CVE-2021-28254 RESERVED CVE-2021-28253 RESERVED CVE-2021-28252 RESERVED CVE-2021-28251 RESERVED CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28245 (PbootCMS 3.0.4 contains a SQL injection vulnerability through index.ph ...) NOT-FOR-US: PbootCMS CVE-2021-28244 RESERVED CVE-2021-28243 RESERVED CVE-2021-28242 (SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stab ...) NOT-FOR-US: b2evolution CMS CVE-2021-28241 RESERVED CVE-2021-28240 RESERVED CVE-2021-28239 RESERVED CVE-2021-28238 RESERVED CVE-2021-28237 RESERVED CVE-2021-28236 RESERVED CVE-2021-28235 RESERVED CVE-2021-28234 RESERVED CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 v ...) NOT-FOR-US: ok-file-formats CVE-2021-28232 RESERVED CVE-2021-28231 RESERVED CVE-2021-28230 RESERVED CVE-2021-28229 RESERVED CVE-2021-28228 RESERVED CVE-2021-28227 RESERVED CVE-2021-28226 RESERVED CVE-2021-28225 RESERVED CVE-2021-28224 RESERVED CVE-2021-28223 RESERVED CVE-2021-28222 RESERVED CVE-2021-28221 RESERVED CVE-2021-28220 RESERVED CVE-2021-28219 RESERVED CVE-2021-28218 RESERVED CVE-2021-28217 RESERVED CVE-2021-3441 RESERVED CVE-2021-3440 RESERVED CVE-2021-3439 RESERVED CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...) NOT-FOR-US: HP LaserJet products and Samsung product printers CVE-2021-3437 RESERVED CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distribution ph ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...) - edk2 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) [stretch] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957 CVE-2021-28215 RESERVED CVE-2021-28214 RESERVED CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...) - edk2 (bug #989988) [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) [stretch] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866 CVE-2021-28212 RESERVED CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...) {DLA-2645-1} - edk2 2020.11-1 [buster] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816 NOTE: https://github.com/tianocore/edk2/pull/1138 NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0 CVE-2021-28210 (An unlimited recursion in DxeCore in EDK II. ...) {DLA-2645-1} - edk2 2020.11-1 [buster] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 NOTE: https://github.com/tianocore/edk2/pull/1137 NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919 CVE-2021-28209 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28208 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28207 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28206 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28205 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28204 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28203 (The Web Set Media Image function in ASUS BMC’s firmware Web mana ...) NOT-FOR-US: ASUS CVE-2021-28202 (The Service configuration-2 function in ASUS BMC’s firmware Web ...) NOT-FOR-US: ASUS CVE-2021-28201 (The Service configuration-1 function in ASUS BMC’s firmware Web ...) NOT-FOR-US: ASUS CVE-2021-28200 (The CD media configuration function in ASUS BMC’s firmware Web m ...) NOT-FOR-US: ASUS CVE-2021-28199 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28198 (The Firmware protocol configuration function in ASUS BMC’s firmw ...) NOT-FOR-US: ASUS CVE-2021-28197 (The Active Directory configuration function in ASUS BMC’s firmwa ...) NOT-FOR-US: ASUS CVE-2021-28196 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28195 (The Radius configuration function in ASUS BMC’s firmware Web man ...) NOT-FOR-US: ASUS CVE-2021-28194 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28193 (The SMTP configuration function in ASUS BMC’s firmware Web manag ...) NOT-FOR-US: ASUS CVE-2021-28192 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28191 (The Firmware update function in ASUS BMC’s firmware Web manageme ...) NOT-FOR-US: ASUS CVE-2021-28190 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28189 (The SMTP configuration function in ASUS BMC’s firmware Web manag ...) NOT-FOR-US: ASUS CVE-2021-28188 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28187 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28186 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28185 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28184 (The Active Directory configuration function in ASUS BMC’s firmwa ...) NOT-FOR-US: ASUS CVE-2021-28183 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28182 (The Web Service configuration function in ASUS BMC’s firmware We ...) NOT-FOR-US: ASUS CVE-2021-28181 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28180 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28179 (The specific function in ASUS BMC’s firmware Web management page ...) NOT-FOR-US: ASUS CVE-2021-28178 (The UEFI configuration function in ASUS BMC’s firmware Web manag ...) NOT-FOR-US: ASUS CVE-2021-28177 (The LDAP configuration function in ASUS BMC’s firmware Web manag ...) NOT-FOR-US: ASUS CVE-2021-28176 (The DNS configuration function in ASUS BMC’s firmware Web manage ...) NOT-FOR-US: ASUS CVE-2021-28175 (The Radius configuration function in ASUS BMC’s firmware Web man ...) NOT-FOR-US: ASUS CVE-2021-28174 (Mitake smart stock selection system contains a broken authentication v ...) NOT-FOR-US: Mitake smart stock selection system CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...) NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...) NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...) NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...) - jakarta-el-api (unimportant; bug #989259) NOTE: https://github.com/eclipse-ee4j/el-ri/issues/155 NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/ NOTE: Only affects the EL reference implementation which isn't built into the binary packages CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...) {DSA-4949-1 DLA-2688-1} - jetty9 9.4.39-2 (bug #989999) - jetty8 - jetty NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq NOTE: https://github.com/eclipse/jetty.project/issues/6263 NOTE: https://github.com/eclipse/jetty.project/commit/1c05b0bcb181c759e98b060bded0b9376976b055 (v9.4.41) CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...) NOT-FOR-US: Eclipse Jersey CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...) - mosquitto 2.0.10-1 (bug #986701) [buster] - mosquitto (Vulnerable code introduced in 2.0) [stretch] - mosquitto (Vulnerable code introduced in 2.0) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608 CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...) {DSA-4949-1} - jetty9 9.4.39-1 [stretch] - jetty9 (Minor issue, cpu-spin DoS w/o service outage, no patch for 9.2 while 9.4 refactoring in core SSL code) NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w NOTE: https://github.com/eclipse/jetty.project/issues/6072 NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/af289dcaedcddcc6b23bc73ddc20363c34338412 (jetty-9.4.x) NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/705e5e9a6a00fd3a533695bae8915b0295a4f879 (jetty-9.4.x) CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...) - jetty9 9.4.39-1 [buster] - jetty9 (Vulnerable code introduced later) [stretch] - jetty9 (Vulnerable code introduced later) NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 NOTE: https://github.com/eclipse/jetty.project/commit/e412c8a15b3334b30193f40412c0fbc47e478e83 NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/20ef71fe5d709a90c2a5698834fff07b9b4e7ad7 (jetty-9.4.37.v20210219) CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) - jetty9 9.4.39-1 [buster] - jetty9 (Vulnerable code was introduced later) [stretch] - jetty9 (Vulnerable code introduced in 9.4.32 according to upstream advisory, reproducer no-op) NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq NOTE: https://github.com/eclipse/jetty.project/commit/37fffb1722604da1763d8a096ec5c5fb41ea0633 CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...) NOT-FOR-US: Eclipse Theia CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...) NOT-FOR-US: Eclipse Theia CVE-2021-28160 (Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected ...) NOT-FOR-US: Acexy (BoyaMicro) Wireless-N WiFi Repeater CVE-2021-28159 RESERVED CVE-2021-28158 RESERVED CVE-2021-28157 (An SQL Injection issue in Devolutions Server before 2021.1 and Devolut ...) NOT-FOR-US: Devolutions Server CVE-2021-28156 (HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be ...) - consul (Only affects Enterprise version) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950492 NOTE: https://github.com/hashicorp/consul/pull/10030 CVE-2021-28155 (The Bluetooth Classic implementation on JBL TUNE500BT devices does not ...) NOT-FOR-US: JBL TUNE500BT CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...) NOT-FOR-US: Camunda Modeler CVE-2021-28152 (Hongdian H8922 3.0.5 devices have an undocumented feature that allows ...) NOT-FOR-US: Hongdian H8922 3.0.5 devices CVE-2021-28151 (Hongdian H8922 3.0.5 devices allow OS command injection via shell meta ...) NOT-FOR-US: Hongdian H8922 3.0.5 devices CVE-2021-28150 (Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read ...) NOT-FOR-US: Hongdian H8922 3.0.5 devices CVE-2021-28149 (Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_downl ...) NOT-FOR-US: Hongdian H8922 3.0.5 devices CVE-2021-28148 (One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...) - grafana CVE-2021-28147 (The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x bef ...) - grafana CVE-2021-28146 (The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ...) - grafana CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...) - glib2.0 2.66.7-2 (bug #984969) [buster] - glib2.0 2.58.3-2+deb10u3 [stretch] - glib2.0 (Minor issue, directory traversal exploitable in file-roller) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325 CVE-2021-3435 RESERVED CVE-2021-3434 RESERVED CVE-2021-3433 RESERVED CVE-2021-3432 RESERVED CVE-2021-3431 RESERVED CVE-2021-3430 RESERVED CVE-2021-3429 RESERVED {DLA-2601-1} - cloud-init 20.4.1-2 (bug #985540) [buster] - cloud-init 20.2-2~deb10u2 NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668 CVE-2021-3428 [integer overflow in ext4_es_cache_extent] RESERVED {DLA-2689-1 DLA-2610-1} - linux 5.8.7-1 [buster] - linux 4.19.181-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786 NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485 CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote authentic ...) NOT-FOR-US: Concrete CMS CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...) NOT-FOR-US: D-Link CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...) NOT-FOR-US: D-Link CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...) NOT-FOR-US: CITSmart CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...) NOT-FOR-US: Telerik CVE-2021-28140 RESERVED CVE-2021-28139 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...) NOT-FOR-US: Espressif CVE-2021-28138 RESERVED CVE-2021-28137 RESERVED CVE-2021-28136 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...) NOT-FOR-US: Espressif CVE-2021-28135 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...) NOT-FOR-US: Espressif CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...) NOT-FOR-US: Clipper CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...) NOT-FOR-US: Zoom CVE-2021-3427 RESERVED CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated ...) NOT-FOR-US: LUCY Security Awareness Software CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session is not ...) NOT-FOR-US: Apache Impala CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applicati ...) NOT-FOR-US: Dr.Web Firewall CVE-2021-28129 (While working on Apache OpenOffice 4.1.8 a developer discovered that t ...) NOT-FOR-US: Apache OpenOffice CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...) NOT-FOR-US: Strapi CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...) NOT-FOR-US: Stormshield SNS CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...) NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG) CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of ...) NOT-FOR-US: Apache Superset CVE-2021-28124 (A man-in-the-middle vulnerability in Cohesity DataPlatform support cha ...) NOT-FOR-US: Cohesity DataPlatform support channel CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in Cohesity DataP ...) NOT-FOR-US: Cohesity DataPlatform CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...) NOT-FOR-US: Open5GS CVE-2021-28121 (Virtual Robots.txt before 1.10 does not block HTML tags in the robots. ...) NOT-FOR-US: Virtual Robots.txt CVE-2021-28120 RESERVED CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...) NOT-FOR-US: Twinkle Tray CVE-2021-28118 RESERVED CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before ...) - plasma-discover 5.20.5-3 [buster] - plasma-discover (Vulnerable code introduced later) [stretch] - plasma-discover (Vulnerable code introduced later) NOTE: https://kde.org/info/security/advisory-20210310-1.txt NOTE: Introduced in: https://invent.kde.org/plasma/discover/8bea95730eabb439b0528da01fb1e0cc6fe179b7 NOTE: Plasma 5.21: https://commits.kde.org/plasma/discover/94478827aab63d2e2321f0ca9ec5553718798e60 NOTE: Plasma 5.18: https://commits.kde.org/plasma/discover/fcd3b30552bf03a384b1a16f9bb8db029c111356 CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...) - squid 5.2-1 (bug #986804) [bullseye] - squid (Minor issue) [buster] - squid (Minor issue) - squid3 [stretch] - squid3 (Check later when information is public) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-11610/ NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=5131 NOTE: https://www.openwall.com/lists/oss-security/2021/10/04/1 NOTE: Squid4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_12.patch NOTE: Squid5: http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a73a54cefff6bb83c03de219a73276e42d183d0.patch CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...) NOT-FOR-US: MyBB addon CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...) NOT-FOR-US: Froala WYSIWYG Editor CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain ...) NOT-FOR-US: Okta Access Gateway CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...) NOT-FOR-US: Draeger X-Dock Firmware CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, le ...) NOT-FOR-US: Draeger X-Dock Firmware CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...) NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG) CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...) NOT-FOR-US: TranzWare (POI) FIMI CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier Authent ...) {DLA-2625-1} - courier-authlib 0.71.1-2 (bug #984810) [buster] - courier-authlib (Minor issue) NOTE: Re-introduction of #378571 while migrating from debian/permissions to NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2. CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...) {DLA-2619-1} [experimental] - python3.9 3.9.3-1 - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 [buster] - python3.7 (Minor issue) - python3.5 - python2.7 (Vulnerable code not present) - pypy3 7.3.3+dfsg-4 [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue42988 NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048 NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html NOTE: https://github.com/python/cpython/pull/24337 NOTE: https://github.com/python/cpython/pull/24285 CVE-2021-3425 (A flaw was found in the AMQ Broker that discloses JDBC encrypted usern ...) NOT-FOR-US: Red Hat AMQ Broker CVE-2021-28108 RESERVED CVE-2021-28107 RESERVED CVE-2021-28106 RESERVED CVE-2021-28105 RESERVED CVE-2021-28104 RESERVED CVE-2021-28103 RESERVED CVE-2021-28102 RESERVED CVE-2021-28101 RESERVED CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on that fi ...) NOT-FOR-US: Priam CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run before cr ...) NOT-FOR-US: Hollow CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...) NOT-FOR-US: Forescout CounterACT CVE-2021-28097 RESERVED CVE-2021-28096 RESERVED CVE-2021-28095 (OX Documents before 7.10.5-rev5 has Incorrect Access Control for docum ...) NOT-FOR-US: OX Documents CVE-2021-28094 (OX Documents before 7.10.5-rev7 has Incorrect Access Control for conve ...) NOT-FOR-US: OX Documents CVE-2021-28093 (OX Documents before 7.10.5-rev5 has Incorrect Access Control of conver ...) NOT-FOR-US: OX Documents CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expr ...) NOT-FOR-US: Node is-svg CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 ...) NOT-FOR-US: Keycloak CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of a crypt ...) {DSA-4926-1 DLA-2684-1} - lasso 2.6.1-3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089 NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html NOTE: https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a CVE-2021-28090 (Tor before 0.4.5.7 allows a remote attacker to cause Tor directory aut ...) {DSA-4871-1} - tor 0.4.5.7-1 [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2009 NOTE: https://bugs.torproject.org/tpo/core/tor/40316 CVE-2021-28089 (Tor before 0.4.5.7 allows a remote participant in the Tor directory pr ...) {DSA-4871-1} - tor 0.4.5.7-1 [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2009 NOTE: https://bugs.torproject.org/tpo/core/tor/40286 CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed ...) {DSA-4868-1} - flatpak 1.10.1-4 (bug #984859) [stretch] - flatpak (Vulnerable code introduced later) NOTE: https://github.com/flatpak/flatpak/issues/4146 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp CVE-2021-28088 (Cross-site scripting (XSS) in modules/content/admin/content.php in Imp ...) NOT-FOR-US: ImpressCMS CVE-2021-28087 RESERVED CVE-2021-28086 RESERVED CVE-2021-28085 RESERVED CVE-2021-28084 RESERVED CVE-2021-28083 RESERVED CVE-2021-28082 RESERVED CVE-2021-28081 RESERVED CVE-2021-28080 RESERVED CVE-2021-28079 (Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnera ...) NOT-FOR-US: Jamovi CVE-2021-28078 RESERVED CVE-2021-28077 RESERVED CVE-2021-28076 RESERVED CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...) NOT-FOR-US: iKuaiOS CVE-2021-28074 RESERVED CVE-2021-28073 RESERVED CVE-2021-28072 RESERVED CVE-2021-28071 RESERVED CVE-2021-28070 (Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0 ...) NOT-FOR-US: PopojiCMS CVE-2021-28069 RESERVED CVE-2021-28068 RESERVED CVE-2021-28067 RESERVED CVE-2021-28066 RESERVED CVE-2021-28065 RESERVED CVE-2021-28064 RESERVED CVE-2021-28063 RESERVED CVE-2021-28062 RESERVED CVE-2021-28061 RESERVED CVE-2021-28060 (A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4 ...) NOT-FOR-US: Group Office CVE-2021-28059 RESERVED CVE-2021-28058 RESERVED CVE-2021-28057 RESERVED CVE-2021-28056 RESERVED CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...) - centreon-web (bug #913903) CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...) - centreon-web (bug #913903) CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...) - centreon-web (bug #913903) CVE-2021-28052 RESERVED CVE-2021-28051 RESERVED CVE-2021-28050 RESERVED CVE-2021-28049 RESERVED CVE-2021-28048 (An overly permissive CORS policy in Devolutions Server before 2021.1 a ...) NOT-FOR-US: Devolutions Server CVE-2021-28047 (Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Re ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2021-28046 RESERVED CVE-2021-28045 RESERVED CVE-2021-28044 RESERVED CVE-2021-28043 RESERVED CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...) NOT-FOR-US: Deutsche Post Mailoptimizer CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...) NOT-FOR-US: Bitdefender CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...) - openssh 1:8.4p1-5 (bug #984940) [buster] - openssh (Vulnerable code introduced later) [stretch] - openssh (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/03/03/1 NOTE: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...) - ossec-hids (bug #361954) CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...) NOT-FOR-US: Rust crate internment CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...) NOT-FOR-US: Rust crate quinn CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) NOT-FOR-US: Rust crate stack_dst CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) NOT-FOR-US: Rust crate stack_dst CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...) NOT-FOR-US: Rust crate byte_struct CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...) NOT-FOR-US: Rust crate nano_arena CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...) NOT-FOR-US: Rust crate scratchpad CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust. ...) NOT-FOR-US: Rust crate truetype CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...) NOT-FOR-US: Rust crate toodee CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...) NOT-FOR-US: Rust crate toodee CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There ...) NOT-FOR-US: Rust crate bam CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...) - jpeg-xl (bug #948862) CVE-2021-28025 RESERVED CVE-2021-28024 RESERVED CVE-2021-28023 RESERVED CVE-2021-28022 RESERVED CVE-2021-28021 RESERVED CVE-2021-28020 RESERVED CVE-2021-28019 RESERVED CVE-2021-28018 RESERVED CVE-2021-28017 RESERVED CVE-2021-28016 RESERVED CVE-2021-28015 RESERVED CVE-2021-28014 RESERVED CVE-2021-28013 RESERVED CVE-2021-28012 RESERVED CVE-2021-28011 RESERVED CVE-2021-28010 RESERVED CVE-2021-28009 RESERVED CVE-2021-28008 RESERVED CVE-2021-28007 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...) NOT-FOR-US: Web Based Quiz System CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...) NOT-FOR-US: Web Based Quiz System CVE-2021-28005 RESERVED CVE-2021-28004 RESERVED CVE-2021-28003 RESERVED CVE-2021-28002 (A persistent cross-site scripting vulnerability was discovered in the ...) NOT-FOR-US: Textpattern CMS CVE-2021-28001 (A cross-site scripting vulnerability was discovered in the Comments pa ...) NOT-FOR-US: Textpattern CMS CVE-2021-28000 (A persistent cross-site scripting vulnerability was discovered in Loca ...) NOT-FOR-US: Local Services Search Engine Management System Project CVE-2021-27999 (A SQL injection vulnerability was discovered in the editid parameter i ...) NOT-FOR-US: Local Services Search Engine Management System Project CVE-2021-27998 RESERVED CVE-2021-27997 RESERVED CVE-2021-27996 RESERVED CVE-2021-27995 RESERVED CVE-2021-27994 RESERVED CVE-2021-27993 RESERVED CVE-2021-27992 RESERVED CVE-2021-27991 RESERVED CVE-2021-27990 (Appspace 6.2.4 is vulnerable to a broken authentication mechanism wher ...) NOT-FOR-US: Appspace CVE-2021-27989 (Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in m ...) NOT-FOR-US: Appspace CVE-2021-27988 RESERVED CVE-2021-27987 RESERVED CVE-2021-27986 RESERVED CVE-2021-27985 RESERVED CVE-2021-27984 RESERVED CVE-2021-27983 RESERVED CVE-2021-27982 RESERVED CVE-2021-27981 RESERVED CVE-2021-27980 RESERVED CVE-2021-27979 RESERVED CVE-2021-27978 RESERVED CVE-2021-27977 RESERVED CVE-2021-27976 RESERVED CVE-2021-27975 RESERVED CVE-2021-27974 RESERVED CVE-2021-27973 (SQL injection exists in Piwigo before 11.4.0 via the language paramete ...) - piwigo CVE-2021-27972 RESERVED CVE-2021-27971 RESERVED CVE-2021-27970 RESERVED CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...) NOT-FOR-US: Dolphin CMS CVE-2021-27968 RESERVED CVE-2021-27967 RESERVED CVE-2021-27966 RESERVED CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...) NOT-FOR-US: MSI Dragon Center CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...) NOT-FOR-US: SonLogger CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...) NOT-FOR-US: SonLogger CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...) - grafana CVE-2021-27961 RESERVED CVE-2021-27960 RESERVED CVE-2021-27959 RESERVED CVE-2021-27958 RESERVED CVE-2021-27957 RESERVED CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-27955 RESERVED CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the ecobee3 lite ...) NOT-FOR-US: ecobee3 CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3 lite 4. ...) NOT-FOR-US: ecobee3 CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.20 ...) NOT-FOR-US: ecobee3 CVE-2021-27951 RESERVED CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through ...) NOT-FOR-US: Sita AzurCMS CVE-2021-27949 (Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom mo ...) NOT-FOR-US: MyBB CVE-2021-27948 (SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (is ...) NOT-FOR-US: MyBB CVE-2021-27947 (SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum f ...) NOT-FOR-US: MyBB CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. ...) NOT-FOR-US: MyBB CVE-2021-27945 (The Squirro Insights Engine was affected by a Reflected Cross-Site Scr ...) NOT-FOR-US: Squirro Insights Engine CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...) - linux 5.10.24-1 (unimportant) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-369.html CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...) {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://xenbits.xen.org/xsa/advisory-367.html CVE-2021-3422 RESERVED CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...) - rpm 4.16.1.2+dfsg1-1 (bug #985308) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747 CVE-2021-27944 (Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E ...) NOT-FOR-US: Vizio CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 ...) NOT-FOR-US: Vizio CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...) NOT-FOR-US: Vizio CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...) NOT-FOR-US: eWeLink mobile application CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...) NOT-FOR-US: openark CVE-2021-27939 RESERVED CVE-2021-27938 (A vulnerability has been identified in the Silverstripe CMS 3 and 4 ve ...) NOT-FOR-US: Silverstripe CMS CVE-2021-27937 RESERVED CVE-2021-27936 RESERVED CVE-2021-27935 (An issue was discovered in AdGuard before 0.105.2. An attacker able to ...) NOT-FOR-US: AdGuard CVE-2021-27934 RESERVED CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...) NOT-FOR-US: pfSense CVE-2021-27932 RESERVED CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...) NOT-FOR-US: LumisXP (aka Lumis Experience Platform) CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which ...) NOT-FOR-US: IrisNext CVE-2021-27929 RESERVED CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10 ...) {DLA-2605-1} - mariadb-10.5 1:10.5.9-1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.29-0+deb10u1 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-25179 NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27 CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...) - zabbix 1:5.0.8+dfsg-1 [buster] - zabbix (Minor issue) [stretch] - zabbix (Vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-18942 NOTE: CControllerAuthenticationUpdate introduced by authentication revamp in https://support.zabbix.com/browse/ZBXNEXT-4573 (4.0) CVE-2021-27926 RESERVED CVE-2021-27925 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6. ...) NOT-FOR-US: Couchbase Server CVE-2021-27924 (An issue was discovered in Couchbase Server 6.x through 6.6.1. The Cou ...) NOT-FOR-US: Couchbase Server CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - pillow 8.1.2-1 [buster] - pillow (Minor issue) [stretch] - pillow (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973 CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - pillow 8.1.2-1 [buster] - pillow (Minor issue) [stretch] - pillow (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973 CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - pillow 8.1.2-1 [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973 NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/adaa70357662a11cd4b7c0beddaad4e92164c5d9 (5.1.0) CVE-2021-27920 RESERVED CVE-2021-27919 (archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a den ...) - golang-1.16 1.16.3-1 - golang-1.15 (Only affects 1.16) NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw NOTE: https://github.com/golang/go/issues/44916 CVE-2021-27918 (encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infin ...) - golang-1.16 1.16.3-1 - golang-1.15 1.15.9-1 - golang-1.11 - golang-1.8 [stretch] - golang-1.8 (Minor issue, DoS) - golang-1.7 [stretch] - golang-1.7 (Minor issue, DoS) NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw NOTE: https://github.com/golang/go/issues/44913 CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...) - newlib (bug #984446) [bullseye] - newlib (Minor issue) [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) - picolibc 1.5-1 - libnewlib-nano (bug #984424) [buster] - libnewlib-nano (Minor issue) NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e CVE-2021-27917 RESERVED CVE-2021-27916 RESERVED CVE-2021-27915 RESERVED CVE-2021-27914 RESERVED CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...) NOT-FOR-US: Mautic CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...) NOT-FOR-US: Mautic CVE-2021-27911 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...) NOT-FOR-US: Mautic CVE-2021-27910 (Insufficient sanitization / filtering allows for arbitrary JavaScript ...) NOT-FOR-US: Mautic CVE-2021-27909 (For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerabilit ...) NOT-FOR-US: Mautic CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...) NOT-FOR-US: Mautic CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...) NOT-FOR-US: Apache Superset CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exception whil ...) - libpdfbox2-java 2.0.23-1 (bug #986008) [buster] - libpdfbox2-java (Minor issue) - libpdfbox-java (Only affects 2.x) NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10 NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112 NOTE: https://github.com/apache/pdfbox/commit/8c47be1011c11dc47300faecffd8ab32fba3646f CVE-2021-27905 (The ReplicationHandler (normally registered at "/replication" under a ...) - lucene-solr 3.6.2+dfsg-23 [buster] - lucene-solr (Minor issue) [stretch] - lucene-solr (Minor issue; can be fixed in next update) NOTE: https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in MISP 2. ...) NOT-FOR-US: MISP CVE-2021-27903 (An issue was discovered in Craft CMS before 3.6.7. In some circumstanc ...) NOT-FOR-US: Craft CMS CVE-2021-27902 (An issue was discovered in Craft CMS before 3.6.0. In some circumstanc ...) NOT-FOR-US: Craft CMS CVE-2021-27901 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) NOT-FOR-US: LG mobile devices CVE-2021-27900 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2021-27899 (The Proofpoint Insider Threat Management Agents (formerly ObserveIT Ag ...) NOT-FOR-US: Proofpoint Insider Threat Management Agents CVE-2021-27898 RESERVED CVE-2021-27897 RESERVED CVE-2021-27896 RESERVED CVE-2021-27895 RESERVED CVE-2021-27894 RESERVED CVE-2021-27893 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...) NOT-FOR-US: SSH Tectia Client and Server CVE-2021-27892 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...) NOT-FOR-US: SSH Tectia Client and Server CVE-2021-27891 (SSH Tectia Client and Server before 6.4.19 on Windows have weak key ge ...) NOT-FOR-US: SSH Tectia Client and Server CVE-2021-27890 (SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties ...) NOT-FOR-US: MyBB CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nes ...) NOT-FOR-US: MyBB CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...) NOT-FOR-US: ZendTo CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...) NOT-FOR-US: Ellipse APM CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) NOT-FOR-US: rakibtg Docker Dashboard CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) NOT-FOR-US: e107 CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...) NOT-FOR-US: YMFE YApi CVE-2021-27883 RESERVED CVE-2021-27882 RESERVED CVE-2021-27881 RESERVED CVE-2021-27880 RESERVED CVE-2021-27879 RESERVED CVE-2021-27878 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...) NOT-FOR-US: Veritas CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It support ...) NOT-FOR-US: Veritas CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...) NOT-FOR-US: Veritas CVE-2021-3419 REJECTED CVE-2021-3418 (If certificates that signed grub are installed into db, grub can be bo ...) - grub2 (Vulnerability specific to distributions using shim_lock) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933757 CVE-2021-27875 RESERVED CVE-2021-27874 RESERVED CVE-2021-27873 RESERVED CVE-2021-27872 RESERVED CVE-2021-27871 RESERVED CVE-2021-27870 RESERVED CVE-2021-27869 RESERVED CVE-2021-27868 RESERVED CVE-2021-27867 RESERVED CVE-2021-27866 RESERVED CVE-2021-27865 RESERVED CVE-2021-27864 RESERVED CVE-2021-27863 RESERVED CVE-2021-27862 RESERVED CVE-2021-27861 RESERVED CVE-2021-27860 RESERVED CVE-2021-27859 RESERVED CVE-2021-27858 RESERVED CVE-2021-27857 RESERVED CVE-2021-27856 RESERVED CVE-2021-27855 RESERVED CVE-2021-27854 RESERVED CVE-2021-27853 RESERVED CVE-2021-27852 (Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of ...) NOT-FOR-US: Checkbox Survey CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability was fou ...) NOT-FOR-US: Apache Tapestry CVE-2021-27849 RESERVED CVE-2021-27848 RESERVED CVE-2021-27847 (Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_ ...) - vips 8.8.3-1 [buster] - vips (Minor issue) [stretch] - vips (Minor issue) NOTE: https://github.com/libvips/libvips/issues/1236 NOTE: https://github.com/libvips/libvips/commit/2fb81b8ed6a4a6b2385f3efbb0412f24f80163c4 (v8.8.0-rc1) NOTE: https://github.com/libvips/libvips/commit/65a259a0258b2036b168cdeff6e9db434471225a (v8.8.0-rc1) CVE-2021-27846 RESERVED CVE-2021-27845 (A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2 ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/194 CVE-2021-27844 RESERVED CVE-2021-27843 RESERVED CVE-2021-27842 RESERVED CVE-2021-27841 RESERVED CVE-2021-27840 RESERVED CVE-2021-27839 (A CSV injection vulnerability found in Online Invoicing System (OIS) 4 ...) NOT-FOR-US: Online Invoicing System (OIS) CVE-2021-27838 RESERVED CVE-2021-27837 RESERVED CVE-2021-27836 RESERVED CVE-2021-27835 RESERVED CVE-2021-27834 RESERVED CVE-2021-27833 RESERVED CVE-2021-27832 RESERVED CVE-2021-27831 RESERVED CVE-2021-27830 RESERVED CVE-2021-27829 RESERVED CVE-2021-27828 (SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify o ...) NOT-FOR-US: In4Suite ERP CVE-2021-27827 RESERVED CVE-2021-27826 RESERVED CVE-2021-27825 RESERVED CVE-2021-27824 RESERVED CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...) NOT-FOR-US: NetWave CVE-2021-27822 (A persistent cross site scripting (XSS) vulnerability in the Add Categ ...) NOT-FOR-US: Vehicle Parking Management System CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...) NOT-FOR-US: OpenWRT LuCI CVE-2021-27820 RESERVED CVE-2021-27819 RESERVED CVE-2021-27818 RESERVED CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows an att ...) NOT-FOR-US: shopxo CVE-2021-27816 RESERVED CVE-2021-27815 (NULL Pointer Deference in the exif command line tool, when printing ou ...) - exif (unimportant) NOTE: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c NOTE: https://github.com/libexif/exif/issues/4 CVE-2021-27814 RESERVED CVE-2021-27813 RESERVED CVE-2021-27812 RESERVED CVE-2021-27811 (A code injection vulnerability has been discovered in the Upgrade func ...) NOT-FOR-US: QibosoftX1 CVE-2021-27810 RESERVED CVE-2021-27809 RESERVED CVE-2021-27808 RESERVED CVE-2021-27807 (A carefully crafted PDF file can trigger an infinite loop while loadin ...) - libpdfbox2-java 2.0.23-1 (bug #986006) [buster] - libpdfbox2-java (Minor issue) - libpdfbox-java (Only affects 2.x) NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/9 CVE-2021-27806 RESERVED CVE-2021-27805 RESERVED CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...) - jpeg-xl (bug #948862) CVE-2021-27802 REJECTED CVE-2021-27801 RESERVED CVE-2021-27800 RESERVED CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 ...) - zint 2.9.1-1.1 (bug #983610) NOTE: https://sourceforge.net/p/zint/tickets/218/ NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/ CVE-2021-27798 RESERVED CVE-2021-27797 RESERVED CVE-2021-27796 RESERVED CVE-2021-27795 RESERVED CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...) NOT-FOR-US: Brocade Fabric OS CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade Fabric O ...) NOT-FOR-US: Brocade Fabric OS CVE-2021-27792 (The request handling functions in web management interface of Brocade ...) NOT-FOR-US: Brocade Fabric OS CVE-2021-27791 (The function that is used to parse the Authentication header in Brocad ...) NOT-FOR-US: Brocade Fabric OS CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9 ...) NOT-FOR-US: Brocade Fabric OS CVE-2021-27789 RESERVED CVE-2021-27788 RESERVED CVE-2021-27787 RESERVED CVE-2021-27786 RESERVED CVE-2021-27785 RESERVED CVE-2021-27784 RESERVED CVE-2021-27783 RESERVED CVE-2021-27782 RESERVED CVE-2021-27781 RESERVED CVE-2021-27780 RESERVED CVE-2021-27779 RESERVED CVE-2021-27778 RESERVED CVE-2021-27777 RESERVED CVE-2021-27776 RESERVED CVE-2021-27775 RESERVED CVE-2021-27774 RESERVED CVE-2021-27773 RESERVED CVE-2021-27772 RESERVED CVE-2021-27771 RESERVED CVE-2021-27770 RESERVED CVE-2021-27769 RESERVED CVE-2021-27768 RESERVED CVE-2021-27767 RESERVED CVE-2021-27766 RESERVED CVE-2021-27765 RESERVED CVE-2021-27764 RESERVED CVE-2021-27763 RESERVED CVE-2021-27762 RESERVED CVE-2021-27761 RESERVED CVE-2021-27760 RESERVED CVE-2021-27759 RESERVED CVE-2021-27758 RESERVED CVE-2021-27757 RESERVED CVE-2021-27756 RESERVED CVE-2021-27755 RESERVED CVE-2021-27754 RESERVED CVE-2021-27753 RESERVED CVE-2021-27752 RESERVED CVE-2021-27751 RESERVED CVE-2021-27750 RESERVED CVE-2021-27749 RESERVED CVE-2021-27748 RESERVED CVE-2021-27747 RESERVED CVE-2021-27746 RESERVED CVE-2021-27745 RESERVED CVE-2021-27744 RESERVED CVE-2021-27743 RESERVED CVE-2021-27742 RESERVED CVE-2021-27741 (" Security vulnerability in HCL Commerce Management Center allowing XM ...) NOT-FOR-US: HCL CVE-2021-27740 RESERVED CVE-2021-27739 RESERVED CVE-2021-27738 RESERVED CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...) - trafficserver (Only affects 9.x) CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...) {DSA-4898-1 DLA-2581-1} - wpa 2:2.9.0-21 NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3 NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt NOTE: https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch CVE-2021-3417 (An internal product security audit of LXCO, prior to version 1.2.2, di ...) NOT-FOR-US: Lenovo CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in variou ...) {DLA-2623-1} - qemu 1:5.2+dfsg-9 (bug #984448) [buster] - qemu (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=331d2ac9ea307c990dc86e6493e8f0c48d14bb33 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1caff0340f49c93d535c6558a5138d20d475315c NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=705df5466c98f3efdd2b68d3b31dad86858acad7 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=37cee01784ff0df13e5209517e1b3594a5e792d1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=26194a58f4eb83c5bdf4061a1628508084450ba1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73 CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a for ...) NOT-FOR-US: fusionauth-samlv2 CVE-2021-27735 RESERVED CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...) NOT-FOR-US: Hirschmann HiOS CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via ...) NOT-FOR-US: JetBrains CVE-2021-27732 RESERVED CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS via a cra ...) NOT-FOR-US: Accellion FTA CVE-2021-27730 (Accellion FTA 9_12_432 and earlier is affected by argument injection v ...) NOT-FOR-US: Accellion FTA CVE-2021-27729 RESERVED CVE-2021-27728 RESERVED CVE-2021-27727 RESERVED CVE-2021-27726 RESERVED CVE-2021-27725 RESERVED CVE-2021-27724 RESERVED CVE-2021-27723 RESERVED CVE-2021-27722 RESERVED CVE-2021-27721 RESERVED CVE-2021-27720 RESERVED CVE-2021-27719 RESERVED CVE-2021-27718 RESERVED CVE-2021-27717 RESERVED CVE-2021-27716 RESERVED CVE-2021-27715 RESERVED CVE-2021-27714 RESERVED CVE-2021-27713 RESERVED CVE-2021-27712 RESERVED CVE-2021-27711 RESERVED CVE-2021-27710 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...) NOT-FOR-US: TOTOLINK X5000R router CVE-2021-27709 RESERVED CVE-2021-27708 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...) NOT-FOR-US: TOTOLINK X5000R router CVE-2021-27707 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...) NOT-FOR-US: Tenda routers CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.1 ...) NOT-FOR-US: Tenda routers CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...) NOT-FOR-US: Tenda routers CVE-2021-27704 RESERVED CVE-2021-27703 RESERVED CVE-2021-27702 RESERVED CVE-2021-27701 RESERVED CVE-2021-27700 RESERVED CVE-2021-27699 RESERVED CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-27696 RESERVED CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...) NOT-FOR-US: openMAINT CVE-2021-27694 RESERVED CVE-2021-27693 RESERVED CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware versions v1 ...) NOT-FOR-US: Tenda CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions v15.11.0. ...) NOT-FOR-US: Tenda CVE-2021-27690 RESERVED CVE-2021-27689 RESERVED CVE-2021-27688 RESERVED CVE-2021-27687 RESERVED CVE-2021-27686 RESERVED CVE-2021-27685 RESERVED CVE-2021-27684 RESERVED CVE-2021-27683 RESERVED CVE-2021-27682 RESERVED CVE-2021-27681 RESERVED CVE-2021-27680 RESERVED CVE-2021-27679 (Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS ...) NOT-FOR-US: Batflat CMS CVE-2021-27678 (Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1. ...) NOT-FOR-US: Batflat CMS CVE-2021-27677 (Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1 ...) NOT-FOR-US: Batflat CMS CVE-2021-27676 (Centreon version 20.10.2 is affected by a cross-site scripting (XSS) v ...) - centreon-web (bug #913903) CVE-2021-27675 RESERVED CVE-2021-27674 RESERVED CVE-2021-27673 (Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of ...) NOT-FOR-US: Tribal Systems Zenario CMS CVE-2021-27672 (SQL Injection in the "admin_boxes.ajax.php" component of Tribal System ...) NOT-FOR-US: Tribal Systems Zenario CMS CVE-2021-27671 (An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS ...) NOT-FOR-US: comrak rust crate CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url ...) NOT-FOR-US: Appspace CVE-2021-27669 RESERVED CVE-2021-27668 (HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of lic ...) NOT-FOR-US: HashiCorp Vault CVE-2021-27667 RESERVED CVE-2021-27666 RESERVED NOT-FOR-US: Android CVE-2021-27665 (An unauthenticated remote user could exploit a potential integer overf ...) NOT-FOR-US: Johnson Controls CVE-2021-27664 (Under certain configurations an unauthenticated remote user could be g ...) NOT-FOR-US: exacqVision CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...) NOT-FOR-US: Johnson Controls CVE-2021-27662 (The KT-1 door controller is susceptible to replay or man-in-the-middle ...) NOT-FOR-US: KT-1 door controller CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...) NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...) NOT-FOR-US: C-CURE 9000 CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter, ...) NOT-FOR-US: exacqVision Web Service CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...) NOT-FOR-US: exacqVision Enterprise Manager CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...) NOT-FOR-US: Johnson Controls Metasys CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...) NOT-FOR-US: exacqVision Web Service CVE-2021-27655 RESERVED CVE-2021-27654 RESERVED CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...) NOT-FOR-US: Pega CVE-2021-27652 RESERVED CVE-2021-27651 (In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset f ...) NOT-FOR-US: Pega CVE-2021-3415 RESERVED CVE-2021-27650 RESERVED CVE-2021-27649 (Use after free vulnerability in file transfer protocol component in Sy ...) NOT-FOR-US: Synology CVE-2021-27648 (Externally controlled reference to a resource in another sphere in qua ...) NOT-FOR-US: Synology CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...) NOT-FOR-US: Synology CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...) NOT-FOR-US: Synology CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...) - glibc 2.31-10 (bug #983479) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27462 NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1 (glibc-2.29) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673 NOTE: Introducing commit present in Debian since 2.28-1 with addition of NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919 CVE-2021-27644 RESERVED CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27641 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27640 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27639 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27638 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27637 (Under certain conditions SAP Enable Now (SAP Workforce Performance Bui ...) NOT-FOR-US: SAP CVE-2021-27636 RESERVED CVE-2021-27635 (SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, al ...) NOT-FOR-US: SAP CVE-2021-27634 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...) NOT-FOR-US: SAP CVE-2021-27633 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...) NOT-FOR-US: SAP CVE-2021-27632 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) NOT-FOR-US: SAP CVE-2021-27631 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) NOT-FOR-US: SAP CVE-2021-27630 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) NOT-FOR-US: SAP CVE-2021-27629 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) NOT-FOR-US: SAP CVE-2021-27628 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...) NOT-FOR-US: SAP CVE-2021-27627 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) NOT-FOR-US: SAP CVE-2021-27626 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) NOT-FOR-US: SAP CVE-2021-27625 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) NOT-FOR-US: SAP CVE-2021-27624 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) NOT-FOR-US: SAP CVE-2021-27623 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) NOT-FOR-US: SAP CVE-2021-27622 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) NOT-FOR-US: SAP CVE-2021-27621 (Information Disclosure vulnerability in UserAdmin application in SAP N ...) NOT-FOR-US: SAP CVE-2021-27620 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) NOT-FOR-US: SAP CVE-2021-27619 (SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2 ...) NOT-FOR-US: SAP CVE-2021-27618 (The Integration Builder Framework of SAP Process Integration versions ...) NOT-FOR-US: SAP CVE-2021-27617 (The Integration Builder Framework of SAP Process Integration versions ...) NOT-FOR-US: SAP CVE-2021-27616 (Under certain conditions, SAP Business One Hana Chef Cookbook, version ...) NOT-FOR-US: SAP CVE-2021-27615 (SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does n ...) NOT-FOR-US: SAP CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9 ...) NOT-FOR-US: SAP CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...) NOT-FOR-US: SAP CVE-2021-27612 (In specific situations SAP GUI for Windows until and including 7.60 PL ...) NOT-FOR-US: SAP CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...) NOT-FOR-US: SAP CVE-2021-27610 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, ...) NOT-FOR-US: SAP CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...) NOT-FOR-US: SAP CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...) NOT-FOR-US: SAPSetup CVE-2021-27607 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...) NOT-FOR-US: SAP CVE-2021-27606 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) NOT-FOR-US: SAP CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...) NOT-FOR-US: SAP CVE-2021-27604 (In order to prevent XML External Entity vulnerability in SAP NetWeaver ...) NOT-FOR-US: SAP CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...) NOT-FOR-US: SAP CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...) NOT-FOR-US: SAP CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a ...) NOT-FOR-US: SAP CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...) NOT-FOR-US: SAP CVE-2021-27599 (SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Int ...) NOT-FOR-US: SAP CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...) NOT-FOR-US: SAP CVE-2021-27597 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...) NOT-FOR-US: SAP CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...) NOT-FOR-US: SAP CVE-2021-27595 (When a user opens manipulated Portable Document Format (.PDF) files re ...) NOT-FOR-US: SAP CVE-2021-27594 (When a user opens manipulated Windows Bitmap (.BMP) files received fro ...) NOT-FOR-US: SAP CVE-2021-27593 (When a user opens manipulated Graphics Interchange Format (.GIF) files ...) NOT-FOR-US: SAP CVE-2021-27592 (When a user opens manipulated Universal 3D (.U3D) files received from ...) NOT-FOR-US: SAP CVE-2021-27591 (When a user opens manipulated Portable Document Format (.PDF) format f ...) NOT-FOR-US: SAP CVE-2021-27590 (When a user opens manipulated Tag Image File Format (.TIFF) format fil ...) NOT-FOR-US: SAP CVE-2021-27589 (When a user opens manipulated Scalable Vector Graphics (.SVG) format f ...) NOT-FOR-US: SAP CVE-2021-27588 (When a user opens manipulated HPGL format files received from untruste ...) NOT-FOR-US: SAP CVE-2021-27587 (When a user opens manipulated Jupiter Tessellation (.JT) format files ...) NOT-FOR-US: SAP CVE-2021-27586 (When a user opens manipulated Interchange File Format (.IFF) format fi ...) NOT-FOR-US: SAP CVE-2021-27585 (When a user opens manipulated Computer Graphics Metafile (.CGM) format ...) NOT-FOR-US: SAP CVE-2021-27584 (When a user opens manipulated PhotoShop Document (.PSD) format files r ...) NOT-FOR-US: SAP CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) NOT-FOR-US: Directus CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...) NOT-FOR-US: OpenID Connect server implementation for MITREid Connect CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...) NOT-FOR-US: Kentico CMS CVE-2021-27580 RESERVED CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on ...) NOT-FOR-US: Snow Inventory Agent CVE-2021-27578 (Cross Site Scripting vulnerability in markdown interpreter of Apache Z ...) NOT-FOR-US: Apache Zeppelin CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache Traffic Ser ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/2b13eb33794574e62249997b4ba654d943a10f2d (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-27576 (If was found that the NetTest web service can be used to overload the ...) NOT-FOR-US: Apache OpenMeetings CVE-2021-27575 RESERVED CVE-2021-27574 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses ...) NOT-FOR-US: Emote Remote Mouse CVE-2021-27573 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote ...) NOT-FOR-US: Emote Remote Mouse CVE-2021-27572 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authent ...) NOT-FOR-US: Emote Remote Mouse CVE-2021-27571 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...) NOT-FOR-US: Emote Remote Mouse CVE-2021-27570 (An issue was discovered in Emote Remote Mouse through 3.015. Attackers ...) NOT-FOR-US: Emote Remote Mouse CVE-2021-27569 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...) NOT-FOR-US: Emote Remote Mouse CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...) NOT-FOR-US: netplex CVE-2021-27567 RESERVED CVE-2021-27566 RESERVED CVE-2021-3414 RESERVED NOT-FOR-US: Red Hat Satellite CVE-2021-27565 (The web server in InterNiche NicheStack through 4.0.1 allows remote at ...) NOT-FOR-US: InterNiche NicheStack CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is authentic ...) NOT-FOR-US: Appspace CVE-2021-27563 RESERVED CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...) NOT-FOR-US: Arm Trusted Firmware M CVE-2021-27561 RESERVED CVE-2021-27560 RESERVED CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...) NOT-FOR-US: Monica CVE-2021-27558 (A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows re ...) NOT-FOR-US: EasyCorp ZenTao CVE-2021-27557 (A cross-site request forgery (CSRF) vulnerability in the Cron job tab ...) NOT-FOR-US: EasyCorp ZenTao CVE-2021-27556 (The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (wh ...) NOT-FOR-US: EasyCorp ZenTao CVE-2021-27555 RESERVED CVE-2021-27554 RESERVED CVE-2021-27553 RESERVED CVE-2021-27552 RESERVED CVE-2021-27551 RESERVED CVE-2021-27550 (Polaris Office v9.102.66 is affected by a divide-by-zero error in Pola ...) NOT-FOR-US: Polaris Office CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...) NOT-FOR-US: Genymotion Desktop CVE-2021-27548 RESERVED CVE-2021-27547 RESERVED CVE-2021-27546 RESERVED CVE-2021-27545 (SQL Injection in the "add-services.php" component of PHPGurukul Beauty ...) NOT-FOR-US: PHPGurukul Beauty Parlour Management System CVE-2021-27544 (Cross Site Scripting (XSS) in the "add-services.php" component of PHPG ...) NOT-FOR-US: PHPGurukul Beauty Parlour Management System CVE-2021-27543 RESERVED CVE-2021-27542 RESERVED CVE-2021-27541 RESERVED CVE-2021-27540 RESERVED CVE-2021-27539 RESERVED CVE-2021-27538 RESERVED CVE-2021-27537 RESERVED CVE-2021-27536 RESERVED CVE-2021-27535 RESERVED CVE-2021-27534 RESERVED CVE-2021-27533 RESERVED CVE-2021-27532 RESERVED CVE-2021-27531 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) NOT-FOR-US: DynPG CVE-2021-27530 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) NOT-FOR-US: DynPG CVE-2021-27529 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) NOT-FOR-US: DynPG CVE-2021-27528 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) NOT-FOR-US: DynPG CVE-2021-27527 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) NOT-FOR-US: DynPG CVE-2021-27526 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) NOT-FOR-US: DynPG CVE-2021-27525 RESERVED CVE-2021-27524 RESERVED CVE-2021-27523 RESERVED CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability ...) NOT-FOR-US: Learnsite CVE-2021-27521 RESERVED CVE-2021-27520 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...) NOT-FOR-US: FUDForum CVE-2021-27519 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...) NOT-FOR-US: FUDForum CVE-2021-27518 RESERVED CVE-2021-27517 (Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary Jav ...) NOT-FOR-US: Foxit CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash ...) NOT-FOR-US: urijs CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...) - node-url-parse 1.5.1-1 (bug #985110) [buster] - node-url-parse (Minor issue) [stretch] - node-url-parse (Minor issue) NOTE: https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 (1.5.0) NOTE: https://github.com/unshiftio/url-parse/pull/197 CVE-2021-27514 (EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for th ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2021-27513 (The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authentica ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2021-27512 RESERVED CVE-2021-27511 RESERVED CVE-2021-27510 RESERVED CVE-2021-27509 (In Visualware MyConnection Server before 11.0b build 5382, each publis ...) NOT-FOR-US: Visualware MyConnection Server CVE-2021-27508 RESERVED CVE-2021-27507 RESERVED CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded in St ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2021-27505 RESERVED CVE-2021-27504 RESERVED CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...) NOT-FOR-US: Ypsomed CVE-2021-27502 RESERVED CVE-2021-27501 RESERVED CVE-2021-27500 RESERVED CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...) NOT-FOR-US: Ypsomed CVE-2021-27498 RESERVED CVE-2021-27497 RESERVED CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) NOT-FOR-US: Datakit CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...) NOT-FOR-US: Ypsomed CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) NOT-FOR-US: Datakit CVE-2021-27493 RESERVED CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...) NOT-FOR-US: Datakit CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...) NOT-FOR-US: Ypsomed CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) NOT-FOR-US: Datakit CVE-2021-27489 (ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allo ...) NOT-FOR-US: ZOLL Defibrillator Dashboard CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) NOT-FOR-US: Datakit CVE-2021-27487 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products co ...) NOT-FOR-US: ZOLL Defibrillator Dashboard CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...) NOT-FOR-US: Fatek Automation WinProladder CVE-2021-27485 (ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows us ...) NOT-FOR-US: ZOLL Defibrillator Dashboard CVE-2021-27484 RESERVED CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...) NOT-FOR-US: ZOLL Defibrillator Dashboard CVE-2021-27482 RESERVED CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...) NOT-FOR-US: ZOLL Defibrillator Dashboard CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...) NOT-FOR-US: Delta Industrial Automation COMMGR CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product̵ ...) NOT-FOR-US: ZOLL Defibrillator Dashboard CVE-2021-27478 RESERVED CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...) NOT-FOR-US: JTEKT CVE-2021-27476 RESERVED CVE-2021-27475 RESERVED CVE-2021-27474 RESERVED CVE-2021-27473 RESERVED CVE-2021-27472 RESERVED CVE-2021-27471 RESERVED CVE-2021-27470 RESERVED CVE-2021-27469 RESERVED CVE-2021-27468 RESERVED CVE-2021-27467 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) NOT-FOR-US: Emerson CVE-2021-27466 RESERVED CVE-2021-27465 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) NOT-FOR-US: Emerson CVE-2021-27464 RESERVED CVE-2021-27463 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) NOT-FOR-US: Emerson CVE-2021-27462 RESERVED CVE-2021-27461 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) NOT-FOR-US: Emerson CVE-2021-27460 RESERVED CVE-2021-27459 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) NOT-FOR-US: Emerson CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...) NOT-FOR-US: JTEKT Corporation TOYOPUC CVE-2021-27457 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) NOT-FOR-US: Emerson CVE-2021-27456 RESERVED CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...) NOT-FOR-US: GE CVE-2021-27453 RESERVED CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...) NOT-FOR-US: GE CVE-2021-27451 RESERVED CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...) NOT-FOR-US: GE CVE-2021-27449 RESERVED CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...) NOT-FOR-US: GE CVE-2021-27447 RESERVED CVE-2021-27446 RESERVED CVE-2021-27445 RESERVED CVE-2021-27444 RESERVED CVE-2021-27443 RESERVED CVE-2021-27442 RESERVED CVE-2021-27441 RESERVED CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...) NOT-FOR-US: GE CVE-2021-27439 RESERVED CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...) NOT-FOR-US: GE CVE-2021-27437 (The affected product allows attackers to obtain sensitive information ...) NOT-FOR-US: WISE-PaaS CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...) NOT-FOR-US: WebAccess/SCADA CVE-2021-27435 RESERVED CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...) NOT-FOR-US: Unified Automation .NET CVE-2021-27433 RESERVED CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...) NOT-FOR-US: OPC Foundation UA .NET CVE-2021-27431 RESERVED CVE-2021-27430 RESERVED CVE-2021-27429 RESERVED CVE-2021-27428 RESERVED CVE-2021-27427 RESERVED CVE-2021-27426 RESERVED CVE-2021-27425 RESERVED CVE-2021-27424 RESERVED CVE-2021-27423 RESERVED CVE-2021-27422 RESERVED CVE-2021-27421 RESERVED CVE-2021-27420 RESERVED CVE-2021-27419 RESERVED CVE-2021-27418 RESERVED CVE-2021-27417 RESERVED CVE-2021-27416 RESERVED CVE-2021-27415 RESERVED CVE-2021-27414 RESERVED CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...) NOT-FOR-US: Omron CX-One CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics CVE-2021-27411 RESERVED CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...) NOT-FOR-US: Welch Allyn CVE-2021-27409 RESERVED CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...) NOT-FOR-US: Welch Allyn CVE-2021-27407 RESERVED CVE-2021-27406 RESERVED CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...) NOT-FOR-US: Node scrapbox-parser CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...) NOT-FOR-US: Askey devices CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...) NOT-FOR-US: Askey devices CVE-2021-27402 (The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an u ...) NOT-FOR-US: Mitel CVE-2021-27401 (The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 coul ...) NOT-FOR-US: Mitel CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...) NOT-FOR-US: HashiCorp Vault and Vault Enterprise CVE-2021-3413 (A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm ...) NOT-FOR-US: Red Hat Satellite CVE-2021-3412 (It was found that all versions of 3Scale developer portal lacked brute ...) NOT-FOR-US: Red Hat 3scale API Management CVE-2021-27399 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...) NOT-FOR-US: Simcenter (Siemens) CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian 2013 ...) NOT-FOR-US: Siemens CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix Applications (Siemens) CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...) NOT-FOR-US: Nucleus (Siemens) CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network ...) NOT-FOR-US: Siveillance CVE-2021-27391 (A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) ...) NOT-FOR-US: Siemens CVE-2021-27390 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: Siemens CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All versions ...) NOT-FOR-US: Opcenter Quality CVE-2021-27388 (SINAMICS medium voltage routable products are affected by a vulnerabil ...) NOT-FOR-US: Siemens CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...) NOT-FOR-US: Simcenter (Siemens) CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) NOT-FOR-US: Solid Edge (Siemens) CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Solid Edge SE2020 CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) NOT-FOR-US: Solid Edge SE2020 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...) {DSA-4888-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (Incomplete fix for CVE-2020-15565 not applied) NOTE: https://xenbits.xen.org/xsa/advisory-366.html NOTE: Mark first version in 4.14.x which landed in unstable as fixed, though NOTE: the issue more precisely only affects Xen versions up to 4.11 with version NOTE: containing broken backport for XSA-321 / CVE-2020-15565 CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...) - rust-rand-core (0.5.1 not affected, see #985087) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...) NOT-FOR-US: Rust crate yottadb CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...) NOT-FOR-US: Rust crate nb-connect CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other ...) NOT-FOR-US: Traefik CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...) NOT-FOR-US: VertiGIS WebOffice CVE-2021-27373 RESERVED CVE-2021-27372 (Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may ...) NOT-FOR-US: Realtek xPON RTL9601D SDK CVE-2021-27371 (The Contact page in Monica 2.19.1 allows stored XSS via the Descriptio ...) NOT-FOR-US: Monica CVE-2021-27370 (The Contact page in Monica 2.19.1 allows stored XSS via the Last Name ...) NOT-FOR-US: Monica CVE-2021-27369 (The Contact page in Monica 2.19.1 allows stored XSS via the Middle Nam ...) NOT-FOR-US: Monica CVE-2021-27368 (The Contact page in Monica 2.19.1 allows stored XSS via the First Name ...) NOT-FOR-US: Monica CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend/Filem ...) NOT-FOR-US: Bolt CMS CVE-2021-27366 RESERVED CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...) {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5 CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...) {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...) {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...) NOT-FOR-US: WPG plugin for IrfanView CVE-2021-27361 RESERVED CVE-2021-27360 RESERVED CVE-2021-27359 RESERVED CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...) - grafana CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-27356 RESERVED CVE-2021-27355 RESERVED CVE-2021-27354 RESERVED CVE-2021-27353 RESERVED CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...) NOT-FOR-US: Ilch CMS CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...) - telegram-desktop 2.6.1-1 [buster] - telegram-desktop (Vulnerable code not present) NOTE: https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html NOTE: Probably fixed earlier than 2.6.1, but marking that fixed in absence of further details NOTE: (maintainer reached out to upstream for confirmation that 2.6.1 is fixed and buster NOTE: not affected) CVE-2021-27350 RESERVED CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a diffe ...) NOT-FOR-US: WooCommerce CVE-2021-27348 RESERVED CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...) - lrzip (unimportant; bug #990583) NOTE: https://github.com/ckolivas/lrzip/issues/165 NOTE: Crash in CLI tool, no security impact CVE-2021-27346 RESERVED CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...) - lrzip (unimportant) NOTE: https://github.com/ckolivas/lrzip/issues/164 NOTE: Crash in CLI tool, no security impact CVE-2021-27344 RESERVED CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) NOT-FOR-US: SerenityOS CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...) NOT-FOR-US: D-Link CVE-2021-27341 (OpenSIS Community Edition version <= 7.6 is affected by a local fil ...) NOT-FOR-US: OpenSIS CVE-2021-27340 (OpenSIS Community Edition version <= 7.6 is affected by a reflected ...) NOT-FOR-US: OpenSIS CVE-2021-27339 RESERVED CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ page and it ...) NOT-FOR-US: Faraday Edge CVE-2021-27337 RESERVED CVE-2021-27336 RESERVED CVE-2021-27335 (KollectApps before 4.8.16c is affected by insecure Java deserializatio ...) NOT-FOR-US: KollectApps CVE-2021-27334 RESERVED CVE-2021-27333 RESERVED CVE-2021-27332 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...) NOT-FOR-US: CASAP Automated Enrollment System CVE-2021-27331 RESERVED CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by cross-site scri ...) NOT-FOR-US: Triconsole Datepicker Calendar CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...) NOT-FOR-US: Friendica CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...) NOT-FOR-US: Yeastar NeoGate TG400 91.3.0.3 devices CVE-2021-27327 RESERVED CVE-2021-27326 RESERVED CVE-2021-27325 RESERVED CVE-2021-27324 RESERVED CVE-2021-27323 RESERVED CVE-2021-27322 RESERVED CVE-2021-27321 RESERVED CVE-2021-27320 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...) NOT-FOR-US: Doctor Appointment System CVE-2021-27319 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...) NOT-FOR-US: Doctor Appointment System CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...) NOT-FOR-US: Doctor Appointment System CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...) NOT-FOR-US: Doctor Appointment System CVE-2021-27316 (Blind SQL injection in contactus.php in doctor appointment system 1.0 ...) NOT-FOR-US: Doctor Appointment System CVE-2021-27315 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...) NOT-FOR-US: Doctor Appointment System CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...) NOT-FOR-US: doctor appointment system CVE-2021-27313 RESERVED CVE-2021-27312 RESERVED CVE-2021-27311 RESERVED CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...) NOT-FOR-US: Clansphere CMS CVE-2021-27309 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module ...) NOT-FOR-US: Clansphere CMS CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login panel in ...) NOT-FOR-US: 4images CVE-2021-27307 RESERVED CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in Kong Gat ...) NOT-FOR-US: Kong Gateway CVE-2021-27305 RESERVED CVE-2021-27304 RESERVED CVE-2021-27303 RESERVED CVE-2021-27302 RESERVED CVE-2021-27301 RESERVED CVE-2021-27300 RESERVED CVE-2021-27299 RESERVED CVE-2021-27298 RESERVED CVE-2021-27297 RESERVED CVE-2021-27296 RESERVED CVE-2021-27295 RESERVED CVE-2021-27294 RESERVED CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is ...) NOT-FOR-US: RestSharp CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression ...) - node-ua-parser-js 0.7.24+ds-1 (bug #985568) [buster] - node-ua-parser-js (Minor issue) NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76 NOTE: https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566 CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...) {DSA-4889-1 DSA-4878-1 DLA-2648-1 DLA-2600-1} - pygments 2.7.1+dfsg-2.1 (bug #985574) - mediawiki 1:1.35.2-1 NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce NOTE: https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14 CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...) - node-ssri 8.0.1-1 (bug #985841) [buster] - node-ssri (Minor issue) NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf NOTE: https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 (v8.0.1) CVE-2021-27289 RESERVED CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...) NOT-FOR-US: X2Engine X2CRM CVE-2021-27287 RESERVED CVE-2021-27286 RESERVED CVE-2021-27285 RESERVED CVE-2021-27284 RESERVED CVE-2021-27283 RESERVED CVE-2021-27282 RESERVED CVE-2021-27281 RESERVED CVE-2021-27280 RESERVED CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCo ...) NOT-FOR-US: MyBB CVE-2021-27278 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-27277 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: SolarWinds CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...) NOT-FOR-US: Netgear CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Netgear CVE-2021-27274 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgear CVE-2021-27273 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgear CVE-2021-27272 (This vulnerability allows remote attackers to delete arbitrary files o ...) NOT-FOR-US: Netgear CVE-2021-27271 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27270 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27269 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27268 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27267 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27266 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27265 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27264 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27263 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27262 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27261 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...) NOT-FOR-US: SolarWinds CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...) NOT-FOR-US: Netgear CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgear CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2021-27253 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-27252 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-27251 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-27250 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: D-Link CVE-2021-27249 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-27248 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-27247 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: WeChat CVE-2021-27246 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...) NOT-FOR-US: Avast CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: SolarWinds CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-27238 RESERVED CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...) NOT-FOR-US: BlackCat CMS CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfil ...) NOT-FOR-US: Mutare Voice (EVM) CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...) NOT-FOR-US: Mutare Voice (EVM) CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The we ...) NOT-FOR-US: Mutare Voice (EVM) CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...) NOT-FOR-US: Mutare Voice (EVM) CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...) NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27231 (Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, ...) NOT-FOR-US: Hestia Control Panel CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...) NOT-FOR-US: ExpressionEngine CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...) {DLA-2562-1} - mumble 1.3.4-1 (bug #982904) [buster] - mumble 1.3.0~git20190125.440b173+dfsg-2+deb10u1 NOTE: https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 NOTE: https://github.com/mumble-voip/mumble/pull/4733 CVE-2021-27228 (An issue was discovered in Shinobi through ocean version 1. lib/auth.j ...) NOT-FOR-US: Shinobi CVE-2021-27227 RESERVED CVE-2021-27226 RESERVED CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in the Jupyte ...) NOT-FOR-US: Dataiku DSS CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...) NOT-FOR-US: WPG plugin for IrfanView CVE-2021-27223 RESERVED CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...) NOT-FOR-US: "Time in Status" app CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...) NOT-FOR-US: MikroTik RouterOS CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1623. B ...) NOT-FOR-US: PRTG Network Monitor CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) NOT-FOR-US: YubiHSM 2 SDK CVE-2021-27216 (Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By lev ...) - exim4 4.94.2-1 [buster] - exim4 (Vulnerable code introduced later) [stretch] - exim4 (Vulnerable code introduced later) NOTE: Introduced by: https://git.exim.org/exim.git/commit/01446a56c76aa5ac3213a86f8992a2371a8301f3 (exim-4_94_RC0) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...) NOT-FOR-US: genua genugate CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...) NOT-FOR-US: pystemon CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion ...) {DSA-4860-1 DLA-2574-1} - openldap 2.4.57+dfsg-2 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454 NOTE: trunk: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0 NOTE: REL_ENG 2.4.x: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30 CVE-2021-27211 (steghide 0.5.1 relies on a certain 32-bit seed value, which makes it e ...) - steghide (bug #983267) [bullseye] - steghide (Minor issue) [buster] - steghide (Minor issue) [stretch] - steghide (Minor issue; can be fixed in next DLA) NOTE: https://github.com/b4shfire/stegcrack CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...) NOT-FOR-US: TP-Link CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221 devices, ...) NOT-FOR-US: TP-Link CVE-2021-27208 (When booting a Zync-7000 SOC device from nand flash memory, the nand d ...) NOT-FOR-US: Zync-7000 SOC device CVE-2021-27207 RESERVED CVE-2021-27206 RESERVED CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10. A viol ...) - linux 5.9.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) CVE-2021-3410 (A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in c ...) {DLA-2584-1} - libcaca 0.99.beta19-2.2 (bug #983686) [buster] - libcaca (Minor issue) NOTE: https://github.com/cacalabs/libcaca/issues/52 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928437 NOTE: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd NOTE: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015 CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local copy of ...) NOT-FOR-US: Telegram for MacOS CVE-2021-27204 (Telegram before 7.4 (212543) Stable on macOS stores the local passcode ...) NOT-FOR-US: Telegram for MacOS CVE-2021-27203 (In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for ...) NOT-FOR-US: Dekart Private Disk CVE-2021-27202 RESERVED CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file] - spip 3.2.9-1 [buster] - spip 3.2.4-1+deb10u4 [stretch] - spip 3.1.4-4~deb9u4+deb9u1 CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...) NOT-FOR-US: Endian Firewall Community (aka EFW) CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...) NOT-FOR-US: WoWonder CVE-2021-27199 RESERVED CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server before v11.1 ...) NOT-FOR-US: Visualware MyConnection Server CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...) NOT-FOR-US: Hitachi CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27193 (Incorrect default permissions vulnerability in the API of Netop Vision ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of Netop V ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...) NOT-FOR-US: Node get-ip-range CVE-2021-3408 RESERVED NOTE: Red Hat duplicate for CVE-2021-20233 CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...) NOT-FOR-US: PEEL Shopping cart CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...) NOT-FOR-US: CIRA Canadian Shield app CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...) NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...) NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...) NOT-FOR-US: Fluent Bit CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...) NOT-FOR-US: Node samba-client CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...) NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27183 (An issue was discovered in MDaemon before 20.0.4. Administrators can u ...) NOT-FOR-US: MDaemon CVE-2021-27182 (An issue was discovered in MDaemon before 20.0.4. There is an IFRAME i ...) NOT-FOR-US: MDaemon CVE-2021-27181 (An issue was discovered in MDaemon before 20.0.4. Remote Administratio ...) NOT-FOR-US: MDaemon CVE-2021-27180 (An issue was discovered in MDaemon before 20.0.4. There is Reflected X ...) NOT-FOR-US: MDaemon CVE-2021-27179 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) NOT-FOR-US: FiberHome devices CVE-2021-27178 (An issue was discovered on FiberHome HG6245D devices through RP2613. S ...) NOT-FOR-US: FiberHome devices CVE-2021-27177 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) NOT-FOR-US: FiberHome devices CVE-2021-27176 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) NOT-FOR-US: FiberHome devices CVE-2021-27175 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) NOT-FOR-US: FiberHome devices CVE-2021-27174 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) NOT-FOR-US: FiberHome devices CVE-2021-27173 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27172 (An issue was discovered on FiberHome HG6245D devices through RP2613. A ...) NOT-FOR-US: FiberHome devices CVE-2021-27171 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) NOT-FOR-US: FiberHome devices CVE-2021-27170 (An issue was discovered on FiberHome HG6245D devices through RP2613. B ...) NOT-FOR-US: FiberHome devices CVE-2021-27169 (An issue was discovered on FiberHome AN5506-04-FA devices with firmwar ...) NOT-FOR-US: FiberHome devices CVE-2021-27168 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27167 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27166 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27165 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27164 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27163 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27162 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27161 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27160 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27159 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27158 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27157 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27156 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27155 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27154 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27153 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27152 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27151 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27150 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27149 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27148 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27147 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27146 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27145 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27144 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27143 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27142 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) NOT-FOR-US: FiberHome devices CVE-2021-27141 (An issue was discovered on FiberHome HG6245D devices through RP2613. C ...) NOT-FOR-US: FiberHome devices CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) NOT-FOR-US: FiberHome devices CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) NOT-FOR-US: FiberHome devices CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...) [experimental] - u-boot 2021.04~rc3+dfsg-1 - u-boot 2021.07+dfsg-2 (bug #983269) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue; can be fixed in next DLA) NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917 NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 CVE-2021-27137 RESERVED CVE-2021-27136 RESERVED CVE-2021-27134 RESERVED CVE-2021-27133 RESERVED CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...) NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices CVE-2021-27131 RESERVED CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...) NOT-FOR-US: Online Reviewer System CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a cross-site sc ...) NOT-FOR-US: CASAP Automated Enrollment System CVE-2021-27128 RESERVED CVE-2021-27127 RESERVED CVE-2021-27126 RESERVED CVE-2021-27125 RESERVED CVE-2021-27124 (SQL injection in the expertise parameter in search_result.php in Docto ...) NOT-FOR-US: Doctor Appointment System CVE-2021-27123 RESERVED CVE-2021-27122 RESERVED CVE-2021-27121 RESERVED CVE-2021-27120 RESERVED CVE-2021-27119 RESERVED CVE-2021-27118 RESERVED CVE-2021-27117 RESERVED CVE-2021-27116 RESERVED CVE-2021-27115 RESERVED CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...) NOT-FOR-US: D-Link CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...) NOT-FOR-US: D-Link CVE-2021-27112 (LightCMS v1.3.5 contains a remote code execution vulnerability in /app ...) NOT-FOR-US: LightCMS CVE-2021-27111 RESERVED CVE-2021-27110 RESERVED CVE-2021-27109 RESERVED CVE-2021-27108 RESERVED CVE-2021-27107 RESERVED CVE-2021-27106 RESERVED CVE-2021-27105 RESERVED CVE-2021-3407 (A flaw was found in mupdf 1.18.0. Double free of object during lineari ...) {DLA-2589-1} - mupdf 1.17.0+ds1-1.3 (bug #983684) [buster] - mupdf 1.14.0+ds1-4+deb10u3 NOTE: http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703366 (not public yet) CVE-2021-3406 (A flaw was found in keylime 5.8.1 and older. The issue in the Keylime ...) NOT-FOR-US: Keylime NOTE: https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m CVE-2021-3405 (A flaw was found in libebml before 1.4.2. A heap overflow bug exists i ...) {DLA-2629-1} - libebml 1.4.2-1 (bug #982597) [buster] - libebml (Minor issue) NOTE: https://github.com/Matroska-Org/libebml/issues/74 CVE-2021-27104 (Accellion FTA 9_12_370 and earlier is affected by OS command execution ...) NOT-FOR-US: Accellion FTA CVE-2021-27103 (Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted P ...) NOT-FOR-US: Accellion FTA CVE-2021-27102 (Accellion FTA 9_12_411 and earlier is affected by OS command execution ...) NOT-FOR-US: Accellion FTA CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection via a ...) NOT-FOR-US: Accellion FTA CVE-2021-27100 RESERVED CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the ...) NOT-FOR-US: SPIRE (SPIFFE Runtime Environment) CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 ...) NOT-FOR-US: SPIRE (SPIFFE Runtime Environment) CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...) [experimental] - u-boot 2021.04~rc3+dfsg-1 - u-boot 2021.07+dfsg-2 (bug #983270) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue; can be fixed in next DLA) NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 CVE-2021-27096 (NTFS Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27095 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-27094 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...) NOT-FOR-US: Microsoft CVE-2021-27093 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-27092 (Azure AD Web Sign-in Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27091 (RPC Endpoint Mapper Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27090 (Windows Secure Kernel Mode Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27089 (Microsoft Internet Messaging API Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27088 (Windows Event Tracing Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27087 RESERVED CVE-2021-27086 (Windows Services and Controller App Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-27085 (Internet Explorer Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27084 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-27083 (Remote Development Extension for Visual Studio Code Remote Code Execut ...) NOT-FOR-US: Microsoft CVE-2021-27082 (Quantum Development Kit for Visual Studio Code Remote Code Execution V ...) NOT-FOR-US: Microsoft CVE-2021-27081 (Visual Studio Code ESLint Extension Remote Code Execution Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-27080 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-27079 (Windows Media Photo Codec Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27078 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-27077 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-27076 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27075 (Azure Virtual Machine Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27074 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-27073 RESERVED CVE-2021-27072 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-27071 RESERVED CVE-2021-27070 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27069 RESERVED CVE-2021-27068 (Visual Studio Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27067 (Azure DevOps Server and Team Foundation Server Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-27066 (Windows Admin Center Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27065 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-27064 (Visual Studio Installer Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27063 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-27062 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-27061 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-27060 (Visual Studio Code Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27059 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2021-27058 (Microsoft Office ClickToRun Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27057 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2021-27056 (Microsoft PowerPoint Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27055 (Microsoft Visio Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27054 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-27053 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-27052 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-27051 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-27050 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-27049 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-27048 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-27047 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-27046 (A Memory Corruption vulnerability for PDF files in Autodesk Navisworks ...) NOT-FOR-US: Autodesk CVE-2021-27045 (A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021 ...) NOT-FOR-US: Autodesk CVE-2021-27044 (A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review versio ...) NOT-FOR-US: Autodesk CVE-2021-27043 (An Arbitrary Address Write issue in the Autodesk DWG application can a ...) NOT-FOR-US: Autodesk CVE-2021-27042 (A maliciously crafted DWG file can be used to write beyond the allocat ...) NOT-FOR-US: Autodesk CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the allocat ...) NOT-FOR-US: Autodesk CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...) NOT-FOR-US: Autodesk CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 20 ...) NOT-FOR-US: Autodesk CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 201 ...) NOT-FOR-US: Autodesk CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 201 ...) NOT-FOR-US: Autodesk CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to write beyo ...) NOT-FOR-US: Autodesk CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2 ...) NOT-FOR-US: Autodesk CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or TIFF fi ...) NOT-FOR-US: Autodesk CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...) NOT-FOR-US: Autodesk CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to privilege e ...) NOT-FOR-US: Autodesk CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...) NOT-FOR-US: Autodesk CVE-2021-27030 (A user may be tricked into opening a malicious FBX file which may expl ...) NOT-FOR-US: Autodesk CVE-2021-27029 (The user may be tricked into opening a malicious FBX file which may ex ...) NOT-FOR-US: Autodesk CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 ...) NOT-FOR-US: Autodesk CVE-2021-27027 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...) NOT-FOR-US: Autodesk CVE-2021-27026 RESERVED CVE-2021-27025 RESERVED CVE-2021-27024 RESERVED CVE-2021-27023 RESERVED CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...) - puppet (Only affects Puppet Enterprise) NOTE: https://puppet.com/security/cve/CVE-2021-27022/ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...) - puppetdb (bug #990419) NOTE: https://puppet.com/security/cve/cve-2021-27021/ NOTE: https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2 NOTE: https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266 NOTE: https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb NOTE: https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170 CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing user inp ...) - puppet (Only affects Puppet Enterprise) CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...) - puppetdb [buster] - puppetdb (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2021-27019/ CVE-2021-27018 (The mechanism which performs certificate validation was discovered to ...) NOT-FOR-US: Puppet Remediate CVE-2021-27017 RESERVED - puppet (Specific to the Puppet 7.x stack) NOTE: https://puppet.com/security/cve/CVE-2021-27017/ CVE-2021-27016 RESERVED CVE-2021-27015 RESERVED CVE-2021-27014 RESERVED CVE-2021-27013 RESERVED CVE-2021-27012 RESERVED CVE-2021-27011 RESERVED CVE-2021-27010 RESERVED CVE-2021-27009 RESERVED CVE-2021-27008 RESERVED CVE-2021-27007 RESERVED CVE-2021-27006 RESERVED CVE-2021-27005 RESERVED CVE-2021-27004 RESERVED CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...) NOT-FOR-US: Clustered Data ONTAP (NetApp) CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...) NOT-FOR-US: NetApp Cloud Manager CVE-2021-27001 RESERVED CVE-2021-27000 RESERVED CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...) NOT-FOR-US: NetApp Cloud Manager CVE-2021-26998 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...) NOT-FOR-US: NetApp Cloud Manager CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...) NOT-FOR-US: Clustered Data ONTAP (NetApp) CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...) NOT-FOR-US: Cloud Manager (NetApp) CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...) NOT-FOR-US: Cloud Manager (NetApp) CVE-2021-26990 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...) NOT-FOR-US: Cloud Manager (NetApp) CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...) NOT-FOR-US: Clustered Data ONTAP CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...) NOT-FOR-US: Clustered Data ONTAP CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot Framework. ...) NOT-FOR-US: Element Plug-in for vCenter Server CVE-2021-26986 RESERVED CVE-2021-26985 RESERVED CVE-2021-26984 RESERVED CVE-2021-26983 RESERVED CVE-2021-26982 RESERVED CVE-2021-26981 RESERVED CVE-2021-26980 RESERVED CVE-2021-26979 RESERVED CVE-2021-26978 RESERVED CVE-2021-26977 RESERVED CVE-2021-26976 RESERVED CVE-2021-26975 RESERVED CVE-2021-26974 RESERVED CVE-2021-26973 RESERVED CVE-2021-26972 RESERVED CVE-2021-26971 (A remote authenticated arbitrary command execution vulnerability was d ...) NOT-FOR-US: Aruba CVE-2021-26970 (A remote authenticated arbitrary command execution vulnerability was d ...) NOT-FOR-US: Aruba CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) vulnera ...) NOT-FOR-US: Aruba CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) NOT-FOR-US: Aruba CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability was discov ...) NOT-FOR-US: Aruba CVE-2021-26966 (A remote authenticated sql injection vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-26965 (A remote authenticated sql injection vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-26964 (A remote authentication restriction bypass vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2021-26963 (A remote authenticated arbitrary command execution vulnerability was d ...) NOT-FOR-US: Aruba CVE-2021-26962 (A remote authenticated arbitrary command execution vulnerability was d ...) NOT-FOR-US: Aruba CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) NOT-FOR-US: Aruba CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) NOT-FOR-US: Aruba CVE-2021-26959 REJECTED CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) - rust-xcb NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) - rust-xcb NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) - rust-xcb NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) - rust-xcb NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...) NOT-FOR-US: Rust crate qwutils CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...) NOT-FOR-US: Rust crate postscript CVE-2021-26952 (An issue was discovered in the ms3d crate before 0.1.3 for Rust. It mi ...) NOT-FOR-US: Rust crate ms3d CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for Rust. ...) NOT-FOR-US: Rust crate calamine CVE-2021-26944 RESERVED CVE-2021-26943 (The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with t ...) NOT-FOR-US: UX360CA BIOS CVE-2021-26942 RESERVED CVE-2021-26941 RESERVED CVE-2021-26940 REJECTED CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...) NOT-FOR-US: henriquedornas CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via ...) NOT-FOR-US: henriquedornas CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...) {DLA-2558-1} - xterm 366-1 (bug #982439) [buster] - xterm 344-1+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7 NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366 NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...) {DSA-4861-1 DLA-2570-1} - screen 4.8.0-5 (bug #982435) NOTE: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3 NOTE: https://savannah.gnu.org/bugs/?60030 NOTE: First patch applied in -4, but revised patch applied in -5 which fixed regressions CVE-2021-23219 RESERVED CVE-2021-23217 RESERVED CVE-2021-23201 RESERVED CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...) - libytnef 1.9.3-3 (bug #982596) [buster] - libytnef (Minor issue) [stretch] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/86 NOTE: https://github.com/Yeraze/ytnef/pull/88 NOTE: https://github.com/Yeraze/ytnef/commit/f9ff4a203b8c155d51a208cadadb62f224fba715 CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows ...) - libytnef 1.9.3-3 (bug #982594) [buster] - libytnef (Minor issue) [stretch] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/85 NOTE: https://github.com/Yeraze/ytnef/pull/87 NOTE: https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7 CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...) NOT-FOR-US: ReplaySorcery CVE-2021-26935 (In WoWonder < 3.1, remote attackers can gain access to the database ...) NOT-FOR-US: WoWonder CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...) - linux (unimportant) [stretch] - linux (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-363.html NOTE: Driver never was meant to be supported and the patch in src:xen will only NOTE: update SUPPORT.md to explicitly document the fact. CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is ...) {DSA-4888-1} - xen 4.14.1+11-gb0b734a8b3-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-364.html CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...) {DLA-2610-1 DLA-2586-1} - linux 5.10.19-1 [buster] - linux 4.19.177-1 NOTE: https://xenbits.xen.org/xsa/advisory-361.html CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...) {DLA-2610-1 DLA-2586-1} - linux 5.10.19-1 [buster] - linux 4.19.177-1 NOTE: https://xenbits.xen.org/xsa/advisory-362.html CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...) {DLA-2610-1 DLA-2586-1} - linux 5.10.19-1 [buster] - linux 4.19.177-1 NOTE: https://xenbits.xen.org/xsa/advisory-365.html CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...) {DLA-2564-1} - php-horde-text-filter 2.3.7-1 (bug #982769) [buster] - php-horde-text-filter 2.3.5-3+deb10u2 NOTE: https://lists.horde.org/archives/announce/2021/001298.html NOTE: https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master) NOTE: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7) NOTE: https://www.alexbirnberg.com/horde-xss.html CVE-2021-26928 (** DISPUTED ** BIRD through 2.0.7 does not provide functionality for p ...) NOT-FOR-US: Disputed BIRD issue CVE-2021-26927 (A flaw was found in jasper before 2.0.25. A null pointer dereference i ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/265 NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b CVE-2021-26926 (A flaw was found in jasper before 2.0.25. An out of bounds read issue ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/264 NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...) - roundcube 1.4.11+dfsg.1-1 [buster] - roundcube (Vulnerable code introduced later) [stretch] - roundcube (Vulnerable code introduced later) NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11 NOTE: https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596 CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS protectio ...) NOT-FOR-US: Argo CD CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the endpoin ...) NOT-FOR-US: Argo CD CVE-2021-26922 RESERVED CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...) NOT-FOR-US: Argo CD CVE-2021-26920 (In the Druid ingestion system, the InputSource is used for reading dat ...) - druid (bug #825797) CVE-2021-26919 (Apache Druid allows users to read data from other database systems usi ...) - druid (bug #825797) CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might all ...) NOT-FOR-US: ProBot bot CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write ...) NOT-FOR-US: PyBitmessage CVE-2021-26916 (In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon comp ...) NOT-FOR-US: nopCommerce CVE-2021-26915 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) NOT-FOR-US: NetMotion Mobility CVE-2021-26914 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) NOT-FOR-US: NetMotion Mobility CVE-2021-26913 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) NOT-FOR-US: NetMotion Mobility CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) NOT-FOR-US: NetMotion Mobility CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...) NOT-FOR-US: Canary Mail CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently protected S3 ...) NOT-FOR-US: Automox Agent CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive informati ...) NOT-FOR-US: Automox Agent CVE-2021-26907 RESERVED CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...) - asterisk 1:16.16.1~dfsg-1 (bug #983159) [buster] - asterisk (Minor issue) [stretch] - asterisk (Minor issue) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29196 CVE-2021-3402 (An integer overflow and several buffer overflow reads in libyara/modul ...) - yara 4.0.4-1 [buster] - yara (Minor issue) [stretch] - yara (Minor issue; can be fixed with next DLA) NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/2 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/ CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...) NOT-FOR-US: 1Password SCIM Bridge CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...) NOT-FOR-US: LMA ISIDA Retriever CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...) NOT-FOR-US: LMA ISIDA Retriever CVE-2021-26902 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26901 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26900 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-26899 (Windows UPnP Device Host Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26898 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26897 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-26896 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-26895 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-26894 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-26893 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-26892 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-26891 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26890 (Application Virtualization Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26889 (Windows Update Stack Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26888 RESERVED CVE-2021-26887 (Microsoft Windows Folder Redirection Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-26886 (User Profile Service Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26885 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26884 (Windows Media Photo Codec Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26883 RESERVED CVE-2021-26882 (Remote Access API Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26881 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26880 (Storage Spaces Controller Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26879 (Windows NAT Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26878 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26877 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-26876 (OpenType Font Parsing Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26875 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-26874 (Windows Overlay Filter Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26873 (Windows User Profile Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26872 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26871 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26870 (Windows Projected File System Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26869 (Windows ActiveX Installer Service Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26868 (Windows Graphics Component Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26867 (Windows Hyper-V Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26866 (Windows Update Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26865 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26864 (Windows Virtual Registry Provider Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26863 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-26862 (Windows Installer Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26861 (Windows Graphics Component Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26860 (Windows App-V Overlay Filter Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26859 (Microsoft Power BI Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26858 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-26857 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-26856 RESERVED CVE-2021-26855 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-26854 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-26853 RESERVED CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...) {DSA-4849-1 DLA-2554-1} - firejail 0.9.64.4-1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5 NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...) {DSA-4859-1} - libzstd 1.4.8+dfsg-2 (bug #982519) [stretch] - libzstd (Incomplete fix for CVE-2021-24031 not applied) NOTE: https://github.com/facebook/zstd/issues/2491 CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...) {DSA-4850-1 DLA-2573-1} - libzstd 1.4.8+dfsg-1 (bug #981404) NOTE: https://github.com/facebook/zstd/issues/1630 CVE-2021-26852 RESERVED CVE-2021-26851 RESERVED CVE-2021-26850 RESERVED CVE-2021-26849 RESERVED CVE-2021-26848 RESERVED CVE-2021-26847 RESERVED CVE-2021-26846 RESERVED CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...) NOT-FOR-US: Hitachi CVE-2021-26844 RESERVED CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...) - thttpd CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...) - rust-hyper (bug #988729) NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before ...) - glib2.0 2.66.7-1 (bug #982779) [buster] - glib2.0 2.58.3-2+deb10u3 [stretch] - glib2.0 (fix along with CVE-2021-27219) NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 NOTE: Test case depends on CVE-2021-27219 fix CVE-2021-27219 (An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before ...) - glib2.0 2.66.6-1 (bug #982778) [buster] - glib2.0 2.58.3-2+deb10u3 [stretch] - glib2.0 (requires fixing vulnerable rdeps, follow buster strategy) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319 NOTE: Fix introduces new API 'g_memdup2' NOTE: Fix backport in 2.66.7 adds 'g_memdup2' for internal use but does not allow fixing reverse-dependencies using vulnerable 'g_memdup' CVE-2021-26842 RESERVED CVE-2021-26841 RESERVED CVE-2021-26840 RESERVED CVE-2021-26839 RESERVED CVE-2021-26838 RESERVED CVE-2021-26837 RESERVED CVE-2021-26836 RESERVED CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...) NOT-FOR-US: Zettlr CVE-2021-26834 (A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An a ...) NOT-FOR-US: Znote CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...) NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...) NOT-FOR-US: Priority Enterprise Management System CVE-2021-26831 RESERVED CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...) NOT-FOR-US: Tribalsystems Zenario CMS CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) NOT-FOR-US: OpenPLC ScadaBR CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) NOT-FOR-US: OpenPLC ScadaBR CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...) NOT-FOR-US: TP-Link CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...) - godot (bug #982593) [bullseye] - godot (Minor issue) [buster] - godot (Minor issue) NOTE: https://github.com/godotengine/godot/pull/45701 NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master) NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2) CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...) - godot (bug #982593) [bullseye] - godot (Minor issue) [buster] - godot (Minor issue) NOTE: https://github.com/godotengine/godot/pull/45701 NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master) NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2) CVE-2021-26824 (DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to impro ...) NOT-FOR-US: DM FingerTool CVE-2021-26823 RESERVED CVE-2021-26822 (Teachers Record Management System 1.0 is affected by a SQL injection v ...) NOT-FOR-US: Teachers Record Management System CVE-2021-26821 RESERVED CVE-2021-26820 RESERVED CVE-2021-26819 RESERVED CVE-2021-26818 RESERVED CVE-2021-26817 RESERVED CVE-2021-26816 RESERVED CVE-2021-26815 RESERVED CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...) NOT-FOR-US: Wazuh CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...) - python-markdown2 2.3.10-1.1 (bug #984668) [buster] - python-markdown2 (Minor issue) NOTE: https://github.com/trentm/python-markdown2/pull/387 NOTE: https://github.com/trentm/python-markdown2/commit/96dff22341489459c8cb832fdfd066a588ec23bf NOTE: https://github.com/trentm/python-markdown2/commit/e1954d3a345fc7a4ccc113bd58f7df81ad63b6ec NOTE: https://github.com/trentm/python-markdown2/commit/c4b4ccb3f9da33f29b013d6d765fd223a8277cfe CVE-2021-26812 (Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin ...) NOT-FOR-US: Moodle plugin CVE-2021-26811 RESERVED CVE-2021-26810 (D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnera ...) NOT-FOR-US: D-link CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote shell ...) NOT-FOR-US: PHPGurukul Car Rental Project CVE-2021-26808 RESERVED CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, l ...) NOT-FOR-US: GOG Galaxy client CVE-2021-26806 RESERVED CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...) NOT-FOR-US: tsMuxer CVE-2021-26804 (Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 2 ...) - centreon-web (bug #913903) CVE-2021-26803 RESERVED CVE-2021-26802 RESERVED CVE-2021-26801 RESERVED CVE-2021-26800 RESERVED CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka ...) NOT-FOR-US: Omeka CVE-2021-26798 RESERVED CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.2014 ...) NOT-FOR-US: Hame SD1 Wi-Fi firmware CVE-2021-26796 RESERVED CVE-2021-26795 RESERVED CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows ...) NOT-FOR-US: FrogCMS SentCMS CVE-2021-26793 RESERVED CVE-2021-26792 RESERVED CVE-2021-26791 RESERVED CVE-2021-26790 RESERVED CVE-2021-26789 RESERVED CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...) NOT-FOR-US: Oryx Embedded CycloneTCP CVE-2021-26787 RESERVED CVE-2021-26786 RESERVED CVE-2021-26785 RESERVED CVE-2021-26784 RESERVED CVE-2021-26783 RESERVED CVE-2021-26782 RESERVED CVE-2021-26781 RESERVED CVE-2021-26780 RESERVED CVE-2021-26779 RESERVED CVE-2021-26778 RESERVED CVE-2021-26777 RESERVED CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: CSZ CMS CVE-2021-26775 RESERVED CVE-2021-26774 RESERVED CVE-2021-26773 RESERVED CVE-2021-26772 RESERVED CVE-2021-26771 RESERVED CVE-2021-26770 RESERVED CVE-2021-26769 RESERVED CVE-2021-26768 RESERVED CVE-2021-26767 RESERVED CVE-2021-26766 RESERVED CVE-2021-26765 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...) NOT-FOR-US: PHPGurukul Student Record System CVE-2021-26764 (SQL injection vulnerability in PHPGurukul Student Record System v 4.0 ...) NOT-FOR-US: PHPGurukul Student Record System CVE-2021-26763 RESERVED CVE-2021-26762 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...) NOT-FOR-US: PHPGurukul Student Record System CVE-2021-26761 RESERVED CVE-2021-26760 RESERVED CVE-2021-26759 RESERVED CVE-2021-26758 (Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web serve ...) NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed CVE-2021-26757 RESERVED CVE-2021-26756 RESERVED CVE-2021-26755 RESERVED CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for server-side t ...) NOT-FOR-US: wpDataTables WordPress plugin CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in the Syste ...) NOT-FOR-US: NeDi CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating system com ...) NOT-FOR-US: NeDi CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...) NOT-FOR-US: NeDi CVE-2021-26750 (DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Pa ...) NOT-FOR-US: Panda Agent CVE-2021-26749 RESERVED CVE-2021-26748 RESERVED CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...) NOT-FOR-US: Netis devices CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...) NOT-FOR-US: Chamilo CVE-2021-26745 RESERVED CVE-2021-26744 RESERVED CVE-2021-26743 RESERVED CVE-2021-26742 RESERVED CVE-2021-26741 RESERVED CVE-2021-26740 RESERVED CVE-2021-26739 RESERVED CVE-2021-26738 RESERVED CVE-2021-26737 RESERVED CVE-2021-26736 RESERVED CVE-2021-26735 RESERVED CVE-2021-26734 RESERVED CVE-2021-26733 RESERVED CVE-2021-26732 RESERVED CVE-2021-26731 RESERVED CVE-2021-26730 RESERVED CVE-2021-26729 RESERVED CVE-2021-26728 RESERVED CVE-2021-26727 RESERVED CVE-2021-26726 RESERVED CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...) NOT-FOR-US: Nozomi Networks Guardian CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...) NOT-FOR-US: Nozomi Networks Guardian CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. ...) NOT-FOR-US: Jenzabar CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...) NOT-FOR-US: LinkedIn Oncall CVE-2021-26721 RESERVED CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...) - avahi 0.8-4 [buster] - avahi 0.7-4+deb10u1 [stretch] - avahi (fix in next DLA - removal of .sh script) NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2 NOTE: Fixed by removing the avahi-daemon-check-dns.sh script. CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...) NOT-FOR-US: gradle-enterprise-test-distribution-agent CVE-2021-26718 (KIS for macOS in some use cases was vulnerable to AV bypass that poten ...) NOT-FOR-US: KIS for macOS CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...) - asterisk 1:16.16.1~dfsg-1 (bug #983157) [buster] - asterisk (Introduced in 16.15.0) [stretch] - asterisk (Introduced in 16.15.0) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS ...) NOT-FOR-US: Emoncms CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...) NOT-FOR-US: MITREid Connect CVE-2021-26714 (The Enterprise License Manager portal in Mitel MiContact Center Enterp ...) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3 CVE-2021-26713 (A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...) - asterisk (Only affects 16.16.0 onwards) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-004.html CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...) - asterisk (Only affects 16.16) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-003.html CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...) NOT-FOR-US: Redwood Report2Web CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...) NOT-FOR-US: Redwood Report2Web CVE-2021-26709 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_ ...) NOT-FOR-US: D-Link CVE-2021-26707 (The merge-deep library before 3.0.3 for Node.js can be tricked into ov ...) NOT-FOR-US: Node deep-merge CVE-2021-26706 RESERVED CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...) NOT-FOR-US: SquareBox CatDV Server CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: EPrints CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) NOT-FOR-US: EPrints CVE-2021-26702 (EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset param ...) NOT-FOR-US: EPrints CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...) NOT-FOR-US: Microsoft CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-26699 (OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows S ...) NOT-FOR-US: OX App Suite CVE-2021-26698 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) NOT-FOR-US: OX App Suite CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel before ...) - linux 5.10.13-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5 NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446 CVE-2021-26697 (The lineage endpoint of the deprecated Experimental API was not protec ...) - airflow (bug #819700) CVE-2021-26696 RESERVED CVE-2021-26695 RESERVED CVE-2021-26694 RESERVED CVE-2021-26693 RESERVED CVE-2021-26692 RESERVED CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...) {DSA-4937-1 DLA-2706-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691 NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...) {DSA-4937-1 DLA-2706-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690 NOTE: https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 CVE-2021-26249 RESERVED CVE-2021-23202 RESERVED CVE-2021-23141 RESERVED CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execute arb ...) - bitcoin 0.20.1~dfsg-1 CVE-2021-3400 RESERVED CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2021-26688 (An issue was discovered on LG Wing mobile devices with Android OS 10 s ...) NOT-FOR-US: LG Wing mobile devices CVE-2021-26687 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2021-26686 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...) NOT-FOR-US: Aruba CVE-2021-26685 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...) NOT-FOR-US: Aruba CVE-2021-26684 (A remote authenticated command injection vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-26683 (A remote authenticated command injection vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-26682 (A remote reflected cross-site scripting (XSS) vulnerability was discov ...) NOT-FOR-US: Aruba CVE-2021-26681 (A remote authenticated command Injection vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-26680 (A remote authenticated command injection vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-26679 (A remote authenticated command injection vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-26678 (A remote unauthenticated stored cross-site scripting (XSS) vulnerabili ...) NOT-FOR-US: Aruba CVE-2021-26677 (A local authenticated escalation of privilege vulnerability was discov ...) NOT-FOR-US: Aruba CVE-2021-3399 RESERVED CVE-2021-3398 RESERVED CVE-2021-3397 RESERVED CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...) NOT-FOR-US: OpenNMS CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...) {DSA-4847-1 DLA-2552-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...) {DSA-4847-1 DLA-2552-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb CVE-2021-26674 RESERVED CVE-2021-26673 RESERVED CVE-2021-26672 RESERVED CVE-2021-26671 RESERVED CVE-2021-26670 RESERVED CVE-2021-26669 RESERVED CVE-2021-26668 RESERVED CVE-2021-26667 RESERVED CVE-2021-26666 RESERVED CVE-2021-26665 RESERVED CVE-2021-26664 RESERVED CVE-2021-26663 RESERVED CVE-2021-26662 RESERVED CVE-2021-26661 RESERVED CVE-2021-26660 RESERVED CVE-2021-26659 RESERVED CVE-2021-26658 RESERVED CVE-2021-26657 RESERVED CVE-2021-26656 RESERVED CVE-2021-26655 RESERVED CVE-2021-26654 RESERVED CVE-2021-26653 RESERVED CVE-2021-26652 RESERVED CVE-2021-26651 RESERVED CVE-2021-26650 RESERVED CVE-2021-26649 RESERVED CVE-2021-26648 RESERVED CVE-2021-26647 RESERVED CVE-2021-26646 RESERVED CVE-2021-26645 RESERVED CVE-2021-26644 RESERVED CVE-2021-26643 RESERVED CVE-2021-26642 RESERVED CVE-2021-26641 RESERVED CVE-2021-26640 RESERVED CVE-2021-26639 RESERVED CVE-2021-26638 RESERVED CVE-2021-26637 RESERVED CVE-2021-26636 RESERVED CVE-2021-26635 RESERVED CVE-2021-26634 RESERVED CVE-2021-26633 RESERVED CVE-2021-26632 RESERVED CVE-2021-26631 RESERVED CVE-2021-26630 RESERVED CVE-2021-26629 RESERVED CVE-2021-26628 RESERVED CVE-2021-26627 RESERVED CVE-2021-26626 RESERVED CVE-2021-26625 RESERVED CVE-2021-26624 RESERVED CVE-2021-26623 RESERVED CVE-2021-26622 RESERVED CVE-2021-26621 RESERVED CVE-2021-26620 RESERVED CVE-2021-26619 RESERVED CVE-2021-26618 RESERVED CVE-2021-26617 RESERVED CVE-2021-26616 RESERVED CVE-2021-26615 RESERVED CVE-2021-26614 RESERVED CVE-2021-26613 RESERVED CVE-2021-26612 RESERVED CVE-2021-26611 RESERVED CVE-2021-26610 RESERVED CVE-2021-26609 RESERVED CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...) NOT-FOR-US: handysoft CVE-2021-26607 RESERVED CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...) NOT-FOR-US: Dream Security CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...) NOT-FOR-US: ezPDFReader CVE-2021-26604 RESERVED CVE-2021-26603 (A heap overflow issue was found in ARK library of bandisoft Co., Ltd w ...) NOT-FOR-US: bandisoft CVE-2021-26602 RESERVED CVE-2021-26601 RESERVED CVE-2021-26600 RESERVED CVE-2021-26599 RESERVED CVE-2021-26598 RESERVED CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...) NOT-FOR-US: Pryaniki CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...) NOT-FOR-US: Millennium Millewin CVE-2021-3393 (An information leak was discovered in postgresql in versions before 13 ...) - postgresql-13 13.2-1 - postgresql-11 [buster] - postgresql-11 11.11-0+deb10u1 NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...) {DLA-2623-1} - qemu 1:5.2+dfsg-10 (bug #984449) [buster] - qemu (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html NOTE: https://bugs.launchpad.net/qemu/+bug/1914236 CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, authentica ...) NOT-FOR-US: Nokia NetAct 18A CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user can chan ...) NOT-FOR-US: Nokia NetAct 18A CVE-2021-26595 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) NOT-FOR-US: Directus CVE-2021-26594 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) NOT-FOR-US: Directus CVE-2021-26593 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) NOT-FOR-US: Directus CVE-2021-26592 RESERVED CVE-2021-26591 RESERVED CVE-2021-26590 RESERVED CVE-2021-26589 RESERVED CVE-2021-26588 (A potential security vulnerability has been identified in HPE 3PAR Sto ...) NOT-FOR-US: HPE CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...) NOT-FOR-US: HPE StoreOnce CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...) NOT-FOR-US: HPE CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...) NOT-FOR-US: HPE CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...) NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC) CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...) NOT-FOR-US: HPE CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...) NOT-FOR-US: HPE CVE-2021-26581 (A potential security vulnerability has been identified in HPE Superdom ...) NOT-FOR-US: HPE CVE-2021-26580 (A potential security vulnerability has been identified in HPE iLO Ampl ...) NOT-FOR-US: HPE CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...) NOT-FOR-US: HPE CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network ...) NOT-FOR-US: HPE Network Orchestrator (NetO) CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26576 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26575 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26574 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26573 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26572 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26571 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-26569 (Race Condition within a Thread vulnerability in iscsi_snapshot_comm_co ...) NOT-FOR-US: Synology CVE-2021-26568 RESERVED CVE-2021-26567 (Stack-based buffer overflow vulnerability in frontend/main.c in faad2 ...) NOT-FOR-US: Synology CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...) NOT-FOR-US: Synology CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in synor ...) NOT-FOR-US: Synology CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...) NOT-FOR-US: Synology CVE-2021-26563 (Incorrect authorization vulnerability in synoagentregisterd in Synolog ...) NOT-FOR-US: Synology CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...) NOT-FOR-US: Synology CVE-2021-26561 (Stack-based buffer overflow vulnerability in synoagentregisterd in Syn ...) NOT-FOR-US: Synology CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability in synoa ...) NOT-FOR-US: Synology CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API ...) - airflow (bug #819700) CVE-2021-26558 RESERVED CVE-2021-3391 (MobileIron Mobile@Work through 2021-03-22 allows attackers to distingu ...) NOT-FOR-US: MobileIron Mobile@Work CVE-2021-3390 RESERVED CVE-2021-3389 RESERVED CVE-2021-3388 RESERVED CVE-2021-3387 RESERVED CVE-2021-26557 (When Octopus Tentacle is installed using a custom folder location, fol ...) NOT-FOR-US: Octopus Tentacle CVE-2021-26556 (When Octopus Server is installed using a custom folder location, folde ...) NOT-FOR-US: Octopus Server CVE-2021-26555 RESERVED CVE-2021-26554 RESERVED CVE-2021-26553 RESERVED CVE-2021-26552 RESERVED CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...) NOT-FOR-US: SmartFoxServer CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...) NOT-FOR-US: SmartFoxServer CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to ...) NOT-FOR-US: SmartFoxServer CVE-2021-3386 RESERVED CVE-2021-3385 RESERVED CVE-2021-3384 (A vulnerability in Stormshield Network Security could allow an attacke ...) NOT-FOR-US: Stormshield Network Security CVE-2021-3383 RESERVED CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allo ...) - gitea CVE-2021-3381 RESERVED CVE-2021-3380 RESERVED CVE-2021-26548 RESERVED CVE-2021-26547 RESERVED CVE-2021-26546 RESERVED CVE-2021-26545 RESERVED CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...) NOT-FOR-US: Apache Livy CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command i ...) NOT-FOR-US: git-parse nodejs module CVE-2021-26542 RESERVED CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...) NOT-FOR-US: Node gitlog CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...) NOT-FOR-US: sanitize-html CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...) NOT-FOR-US: sanitize-html CVE-2021-3379 RESERVED CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...) NOT-FOR-US: FortiLogger CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...) - node-ansi-up 5.0.0+dfsg-1 (bug #984667) CVE-2021-3376 RESERVED CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...) NOT-FOR-US: ActivePresenter CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 allows attac ...) NOT-FOR-US: RStudio Shiny Server CVE-2021-3373 RESERVED CVE-2021-3372 RESERVED CVE-2021-3371 RESERVED CVE-2021-3370 RESERVED CVE-2021-3369 RESERVED CVE-2021-3368 RESERVED CVE-2021-3367 RESERVED CVE-2021-3366 RESERVED CVE-2021-3365 RESERVED CVE-2021-3364 RESERVED CVE-2021-3363 RESERVED CVE-2021-3362 RESERVED CVE-2021-3361 RESERVED CVE-2021-3360 RESERVED CVE-2021-3359 RESERVED CVE-2021-3358 RESERVED CVE-2021-3357 RESERVED CVE-2021-3356 RESERVED CVE-2021-3355 (A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to e ...) NOT-FOR-US: LightCMS CVE-2021-3354 RESERVED CVE-2021-3353 RESERVED CVE-2021-3352 (The Software Development Kit in Mitel MiContact Center Business from 8 ...) NOT-FOR-US: Mitel CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...) NOT-FOR-US: OpenPLC CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...) NOT-FOR-US: Delete Account plugin for MyBB CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...) - evolution (unimportant) NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is NOTE: needed to adress it on evolution's side. NOTE: https://dev.gnupg.org/T4735 NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299 NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html CVE-2021-26538 RESERVED CVE-2021-26537 RESERVED CVE-2021-26536 RESERVED CVE-2021-26535 RESERVED CVE-2021-26534 RESERVED CVE-2021-26533 RESERVED CVE-2021-26532 RESERVED CVE-2021-26531 RESERVED CVE-2021-26530 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compile ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2021-26529 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7- ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2021-26528 (The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2021-26527 RESERVED CVE-2021-26526 RESERVED CVE-2021-26525 RESERVED CVE-2021-26524 RESERVED CVE-2021-26523 RESERVED CVE-2021-26522 RESERVED CVE-2021-26521 RESERVED CVE-2021-26520 RESERVED CVE-2021-26519 RESERVED CVE-2021-26518 RESERVED CVE-2021-26517 RESERVED CVE-2021-26516 RESERVED CVE-2021-26515 RESERVED CVE-2021-26514 RESERVED CVE-2021-26513 RESERVED CVE-2021-26512 RESERVED CVE-2021-26511 RESERVED CVE-2021-26510 RESERVED CVE-2021-26509 RESERVED CVE-2021-26508 RESERVED CVE-2021-26507 RESERVED CVE-2021-26506 RESERVED CVE-2021-26505 RESERVED CVE-2021-26504 RESERVED CVE-2021-26503 RESERVED CVE-2021-26502 RESERVED CVE-2021-26501 RESERVED CVE-2021-26500 RESERVED CVE-2021-26499 RESERVED CVE-2021-26498 RESERVED CVE-2021-26497 RESERVED CVE-2021-26496 RESERVED CVE-2021-26495 RESERVED CVE-2021-26494 RESERVED CVE-2021-26493 RESERVED CVE-2021-26492 RESERVED CVE-2021-26491 RESERVED CVE-2021-26490 RESERVED CVE-2021-26489 RESERVED CVE-2021-26488 RESERVED CVE-2021-26487 RESERVED CVE-2021-26486 RESERVED CVE-2021-26485 RESERVED CVE-2021-26484 RESERVED CVE-2021-26483 RESERVED CVE-2021-26482 RESERVED CVE-2021-26481 RESERVED CVE-2021-26480 RESERVED CVE-2021-26479 RESERVED CVE-2021-26478 RESERVED CVE-2021-26477 RESERVED CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via craft ...) NOT-FOR-US: EPrints CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...) NOT-FOR-US: EPrints CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET req ...) NOT-FOR-US: Vembu BDR Suite CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a G ...) NOT-FOR-US: Vembu BDR Suite CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...) NOT-FOR-US: Vembu BDR Suite CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...) NOT-FOR-US: Vembu BDR Suite CVE-2021-26470 RESERVED CVE-2021-26469 RESERVED CVE-2021-26468 RESERVED CVE-2021-26467 RESERVED CVE-2021-26466 RESERVED CVE-2021-26465 RESERVED CVE-2021-26464 RESERVED CVE-2021-26463 RESERVED CVE-2021-26462 RESERVED CVE-2021-26461 (Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-a ...) NOT-FOR-US: Apache NuttX CVE-2021-26460 RESERVED CVE-2021-26459 RESERVED CVE-2021-26458 RESERVED CVE-2021-26457 RESERVED CVE-2021-26456 RESERVED CVE-2021-26455 RESERVED CVE-2021-26454 RESERVED CVE-2021-26453 RESERVED CVE-2021-26452 RESERVED CVE-2021-26451 RESERVED CVE-2021-26450 RESERVED CVE-2021-26449 RESERVED CVE-2021-26448 RESERVED CVE-2021-26447 RESERVED CVE-2021-26446 RESERVED CVE-2021-26445 RESERVED CVE-2021-26444 RESERVED CVE-2021-26443 RESERVED CVE-2021-26442 (Windows HTTP.sys Elevation of Privilege Vulnerability ...) NOT-FOR-US: Siemens CVE-2021-26441 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Siemens CVE-2021-26440 RESERVED CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26438 RESERVED CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) NOT-FOR-US: Microsoft CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26434 (Visual Studio Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...) NOT-FOR-US: Microsoft CVE-2021-26431 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-26430 (Azure Sphere Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability ...) NOT-FOR-US: Siemens CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26420 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) NOT-FOR-US: Microsoft CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-26417 (Windows Overlay Filter Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26415 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-26414 (Windows DCOM Server Security Feature Bypass ...) NOT-FOR-US: Microsoft CVE-2021-26413 (Windows Installer Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26410 RESERVED CVE-2021-26409 RESERVED CVE-2021-26408 RESERVED CVE-2021-26407 RESERVED CVE-2021-26406 RESERVED CVE-2021-26405 RESERVED CVE-2021-26404 RESERVED CVE-2021-26403 RESERVED CVE-2021-26402 RESERVED CVE-2021-26401 RESERVED CVE-2021-26400 RESERVED CVE-2021-26399 RESERVED CVE-2021-26398 RESERVED CVE-2021-26397 RESERVED CVE-2021-26396 RESERVED CVE-2021-26395 RESERVED CVE-2021-26394 RESERVED CVE-2021-26393 RESERVED CVE-2021-26392 RESERVED CVE-2021-26391 RESERVED CVE-2021-26390 RESERVED CVE-2021-26389 RESERVED CVE-2021-26388 RESERVED CVE-2021-26387 RESERVED CVE-2021-26386 RESERVED CVE-2021-26385 RESERVED CVE-2021-26384 RESERVED CVE-2021-26383 RESERVED CVE-2021-26382 RESERVED CVE-2021-26381 RESERVED CVE-2021-26380 RESERVED CVE-2021-26379 RESERVED CVE-2021-26378 RESERVED CVE-2021-26377 RESERVED CVE-2021-26376 RESERVED CVE-2021-26375 RESERVED CVE-2021-26374 RESERVED CVE-2021-26373 RESERVED CVE-2021-26372 RESERVED CVE-2021-26371 RESERVED CVE-2021-26370 RESERVED CVE-2021-26369 RESERVED CVE-2021-26368 RESERVED CVE-2021-26367 RESERVED CVE-2021-26366 RESERVED CVE-2021-26365 RESERVED CVE-2021-26364 RESERVED CVE-2021-26363 RESERVED CVE-2021-26362 RESERVED CVE-2021-26361 RESERVED CVE-2021-26360 RESERVED CVE-2021-26359 RESERVED CVE-2021-26358 RESERVED CVE-2021-26357 RESERVED CVE-2021-26356 RESERVED CVE-2021-26355 RESERVED CVE-2021-26354 RESERVED CVE-2021-26353 RESERVED CVE-2021-26352 RESERVED CVE-2021-26351 RESERVED CVE-2021-26350 RESERVED CVE-2021-26349 RESERVED CVE-2021-26348 RESERVED CVE-2021-26347 RESERVED CVE-2021-26346 RESERVED CVE-2021-26345 RESERVED CVE-2021-26344 RESERVED CVE-2021-26343 RESERVED CVE-2021-26342 RESERVED CVE-2021-26341 RESERVED CVE-2021-26340 RESERVED CVE-2021-26339 RESERVED CVE-2021-26338 RESERVED CVE-2021-26337 RESERVED CVE-2021-26336 RESERVED CVE-2021-26335 RESERVED CVE-2021-26334 RESERVED CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...) NOT-FOR-US: AMD CVE-2021-26332 RESERVED CVE-2021-26331 RESERVED CVE-2021-26330 RESERVED CVE-2021-26329 RESERVED CVE-2021-26328 RESERVED CVE-2021-26327 RESERVED CVE-2021-26326 RESERVED CVE-2021-26325 RESERVED CVE-2021-26324 RESERVED CVE-2021-26323 RESERVED CVE-2021-26322 RESERVED CVE-2021-26321 RESERVED CVE-2021-26320 RESERVED CVE-2021-26319 RESERVED CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...) NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017 TODO: check details and if mitigation in microcode/kernel exists CVE-2021-26317 RESERVED CVE-2021-26316 RESERVED CVE-2021-26315 RESERVED CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...) NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). TODO: check CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...) {DSA-4931-1} - xen 4.14.2+25-gb6a8c4f72d-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-375.html NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 CVE-2021-26312 RESERVED CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...) NOT-FOR-US: AMD CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...) NOT-FOR-US: Foris CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...) NOT-FOR-US: OpenShift CVE-2021-26310 (In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possibl ...) NOT-FOR-US: TeamCity IntelliJ plugin CVE-2021-26309 (Information disclosure in the TeamCity plugin for IntelliJ before 2020 ...) NOT-FOR-US: TeamCity IntelliJ plugin CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...) [experimental] - libgcrypt20 1.9.1-1 (bug #981370) - libgcrypt20 (Only affected 1.9) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2145 NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html NOTE: https://dev.gnupg.org/T5275 NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13 NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08 CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...) {DLA-2610-1} - linux 5.10.13-1 [buster] - linux 4.19.177-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6) CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.10.12-1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1 CVE-2021-3343 RESERVED CVE-2021-3342 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) NOT-FOR-US: EPrints CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...) NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...) NOT-FOR-US: Wikindx CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...) NOT-FOR-US: ModernFlow CVE-2021-3338 RESERVED CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...) NOT-FOR-US: MyBB CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...) - wolfssl 4.6.0-3 NOTE: https://github.com/wolfSSL/wolfssl/pull/3676 CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...) NOT-FOR-US: Rust marc CVE-2021-26307 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...) NOT-FOR-US: Rust raw-cpuid CVE-2021-26306 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...) NOT-FOR-US: Rust raw-cpuid CVE-2021-26305 (An issue was discovered in Deserializer::read_vec in the cdr crate bef ...) NOT-FOR-US: Rust Deserializer::read_vec CVE-2021-26304 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2021-26303 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2021-26302 RESERVED CVE-2021-26301 RESERVED CVE-2021-26300 RESERVED CVE-2021-26299 RESERVED CVE-2021-3335 RESERVED CVE-2021-3334 RESERVED CVE-2021-26298 RESERVED CVE-2021-26297 RESERVED CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...) NOT-FOR-US: Apache MyFaces CVE-2021-26295 (Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthen ...) NOT-FOR-US: Apache OFBiz CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...) NOT-FOR-US: Open-AudIT CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protection me ...) NOT-FOR-US: WPS Hide Logi CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...) NOT-FOR-US: WinSCP CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3329 RESERVED CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...) NOT-FOR-US: Aprelium Abyss Web Server CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...) NOT-FOR-US: Ovation Dynamic Content CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...) NOT-FOR-US: AfterLogic Aurora CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...) NOT-FOR-US: AfterLogic Aurora CVE-2021-26292 RESERVED CVE-2021-26291 (Apache Maven will follow repositories that are defined in a dependency ...) - maven (bug #988155) [bullseye] - maven (Minor issue) [buster] - maven (Minor issue) [stretch] - maven (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/04/23/5 NOTE: https://issues.apache.org/jira/browse/MNG-7118 NOTE: https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f (3.8.x) NOTE: https://github.com/apache/maven/commit/67125676eef313e592da6424a9be0c90c5e6bca5 (master) CVE-2021-26290 RESERVED CVE-2021-26289 RESERVED CVE-2021-26288 RESERVED CVE-2021-26287 RESERVED CVE-2021-26286 RESERVED CVE-2021-26285 RESERVED CVE-2021-26284 RESERVED CVE-2021-26283 RESERVED CVE-2021-26282 RESERVED CVE-2021-26281 RESERVED CVE-2021-26280 RESERVED CVE-2021-26279 RESERVED CVE-2021-26278 RESERVED CVE-2021-26277 RESERVED CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...) NOT-FOR-US: GoDaddy node-config-shield CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...) NOT-FOR-US: eslint-fixer CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...) NOT-FOR-US: Monitorix CVE-2021-3324 RESERVED CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...) NOT-FOR-US: DzzOffice CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...) NOT-FOR-US: NinjaRMM CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...) NOT-FOR-US: NinjaRMM CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) - glibc 2.31-10 (bug #981198) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2146 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27256 NOTE: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888 CVE-2021-3317 (KLog Server through 2.4.1 allows authenticated command injection. asyn ...) NOT-FOR-US: KLog Server CVE-2021-3316 RESERVED CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was ...) NOT-FOR-US: JetBrains CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and b ...) NOT-FOR-US: Oracle CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...) NOT-FOR-US: Plone CVE-2021-3312 (An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11 ...) NOT-FOR-US: Alkacon OpenCms CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...) NOT-FOR-US: October CMS CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...) NOT-FOR-US: Western Digital CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...) NOT-FOR-US: Wekan CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) - ckeditor 4.16.0+dfsg-1 (bug #982587) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Fix along next DLA) NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) - ckeditor 4.16.0+dfsg-1 (bug #982587) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Fix along next DLA) NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 CVE-2021-26270 RESERVED CVE-2021-3307 RESERVED CVE-2021-3306 RESERVED CVE-2021-3305 RESERVED CVE-2021-3304 (Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long ...) NOT-FOR-US: Sagemcom CVE-2021-3303 RESERVED CVE-2021-3302 RESERVED CVE-2021-3301 RESERVED CVE-2021-3300 RESERVED CVE-2021-3299 RESERVED CVE-2021-3298 (Collabtive 3.1 allows XSS when an authenticated user enters an XSS pay ...) - collabtive CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to ...) NOT-FOR-US: Zyxel CVE-2021-3296 RESERVED CVE-2021-3295 RESERVED CVE-2021-3294 (CASAP Automated Enrollment System 1.0 is affected by cross-site script ...) NOT-FOR-US: CASAP Automated Enrollment System CVE-2021-3293 (emlog v5.3.1 has full path disclosure vulnerability in t/index.php, wh ...) NOT-FOR-US: emlog CVE-2021-3292 RESERVED CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...) NOT-FOR-US: Zen Cart CVE-2021-3290 RESERVED CVE-2021-3289 RESERVED CVE-2021-3288 RESERVED CVE-2021-26269 RESERVED CVE-2021-26268 RESERVED CVE-2021-26267 (cPanel before 92.0.9 allows a MySQL user (who has an old-style passwor ...) NOT-FOR-US: cPanel CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension lock ( ...) NOT-FOR-US: cPanel CVE-2021-26246 RESERVED CVE-2021-26245 RESERVED CVE-2021-26244 RESERVED CVE-2021-26243 RESERVED CVE-2021-26242 RESERVED CVE-2021-26241 RESERVED CVE-2021-26240 RESERVED CVE-2021-26239 RESERVED CVE-2021-26238 RESERVED CVE-2021-26237 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) NOT-FOR-US: FastStone Image Viewer CVE-2021-26236 (FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer ...) NOT-FOR-US: FastStone Image Viewer CVE-2021-26235 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) NOT-FOR-US: FastStone Image Viewer CVE-2021-26234 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) NOT-FOR-US: FastStone Image Viewer CVE-2021-26233 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) NOT-FOR-US: FastStone Image Viewer CVE-2021-26232 (SQL injection vulnerability in SourceCodester Simple College Website v ...) NOT-FOR-US: SourceCodester Simple College Website CVE-2021-26231 (SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 ...) NOT-FOR-US: SourceCodester Fantastic Blog CMS CVE-2021-26230 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...) NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26229 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26228 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26227 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...) NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26226 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26225 RESERVED CVE-2021-26224 (Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-B ...) NOT-FOR-US: SourceCodester Fantastic-Blog-CMS CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/22/ CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/21/ CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/223/ CVE-2021-26219 RESERVED CVE-2021-26218 RESERVED CVE-2021-26217 RESERVED CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...) NOT-FOR-US: SeedDMS CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...) NOT-FOR-US: SeedDMS CVE-2021-26214 RESERVED CVE-2021-26213 RESERVED CVE-2021-26212 RESERVED CVE-2021-26211 RESERVED CVE-2021-26210 RESERVED CVE-2021-26209 RESERVED CVE-2021-26208 RESERVED CVE-2021-26207 RESERVED CVE-2021-26206 RESERVED CVE-2021-26205 RESERVED CVE-2021-26204 RESERVED CVE-2021-26203 RESERVED CVE-2021-26202 RESERVED CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable ...) NOT-FOR-US: Login Panel of CASAP Automated Enrollment System CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...) NOT-FOR-US: Library System CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056 CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402 CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403 CVE-2021-26196 RESERVED CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442 CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445 CVE-2021-26193 RESERVED CVE-2021-26192 RESERVED CVE-2021-26191 RESERVED CVE-2021-26190 RESERVED CVE-2021-26189 RESERVED CVE-2021-26188 RESERVED CVE-2021-26187 RESERVED CVE-2021-26186 RESERVED CVE-2021-26185 RESERVED CVE-2021-26184 RESERVED CVE-2021-26183 RESERVED CVE-2021-26182 RESERVED CVE-2021-26181 RESERVED CVE-2021-26180 RESERVED CVE-2021-26179 RESERVED CVE-2021-26178 RESERVED CVE-2021-26177 RESERVED CVE-2021-26176 RESERVED CVE-2021-26175 RESERVED CVE-2021-26174 RESERVED CVE-2021-26173 RESERVED CVE-2021-26172 RESERVED CVE-2021-26171 RESERVED CVE-2021-26170 RESERVED CVE-2021-26169 RESERVED CVE-2021-26168 RESERVED CVE-2021-26167 RESERVED CVE-2021-26166 RESERVED CVE-2021-26165 RESERVED CVE-2021-26164 RESERVED CVE-2021-26163 RESERVED CVE-2021-26162 RESERVED CVE-2021-26161 RESERVED CVE-2021-26160 RESERVED CVE-2021-26159 RESERVED CVE-2021-26158 RESERVED CVE-2021-26157 RESERVED CVE-2021-26156 RESERVED CVE-2021-26155 RESERVED CVE-2021-26154 RESERVED CVE-2021-26153 RESERVED CVE-2021-26152 RESERVED CVE-2021-26151 RESERVED CVE-2021-26150 RESERVED CVE-2021-26149 RESERVED CVE-2021-26148 RESERVED CVE-2021-26147 RESERVED CVE-2021-26146 RESERVED CVE-2021-26145 RESERVED CVE-2021-26144 RESERVED CVE-2021-26143 RESERVED CVE-2021-26142 RESERVED CVE-2021-26141 RESERVED CVE-2021-26140 RESERVED CVE-2021-26139 RESERVED CVE-2021-26138 RESERVED CVE-2021-26137 RESERVED CVE-2021-26136 RESERVED CVE-2021-26135 RESERVED CVE-2021-26134 RESERVED CVE-2021-26133 RESERVED CVE-2021-26132 RESERVED CVE-2021-26131 RESERVED CVE-2021-26130 RESERVED CVE-2021-26129 RESERVED CVE-2021-26128 RESERVED CVE-2021-26127 RESERVED CVE-2021-26126 RESERVED CVE-2021-26125 RESERVED CVE-2021-26124 RESERVED CVE-2021-23232 RESERVED CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23224 RESERVED CVE-2021-23220 RESERVED CVE-2021-23212 RESERVED CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23199 RESERVED CVE-2021-23197 RESERVED CVE-2021-23193 RESERVED CVE-2021-23185 RESERVED CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23167 RESERVED CVE-2021-23162 RESERVED CVE-2021-23155 RESERVED CVE-2021-23146 RESERVED CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...) NOT-FOR-US: LivingLogic XIST4C CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...) NOT-FOR-US: LivingLogic XIST4C CVE-2021-26121 RESERVED CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function ...) {DLA-2618-1} - smarty3 3.1.39-1 [buster] - smarty3 (Minor issue) NOTE: https://github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8 CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ...) {DLA-2618-1} - smarty3 3.1.39-1 [buster] - smarty3 (Minor issue) NOTE: https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...) NOT-FOR-US: Apache ActiveMQ Artemis CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...) {DLA-2583-1} - activemq 5.16.1-1 (bug #982590) [buster] - activemq (Minor issue) NOTE: https://issues.apache.org/jira/browse/AMQ-8035 NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6 NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b CVE-2021-26116 RESERVED CVE-2021-26115 RESERVED CVE-2021-26114 RESERVED CVE-2021-26113 RESERVED CVE-2021-26112 RESERVED CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in ...) NOT-FOR-US: Fortiguard CVE-2021-26110 RESERVED CVE-2021-26109 RESERVED CVE-2021-26108 RESERVED CVE-2021-26107 RESERVED CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...) NOT-FOR-US: Fortiguard CVE-2021-26105 RESERVED CVE-2021-26104 RESERVED CVE-2021-26103 RESERVED CVE-2021-26102 RESERVED CVE-2021-26101 RESERVED CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...) NOT-FOR-US: Fortiguard CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...) NOT-FOR-US: FortiMail CVE-2021-26098 (An instance of small space of random values in the RPC API of FortiSan ...) NOT-FOR-US: FortiSandbox CVE-2021-26097 (An improper neutralization of special elements used in an OS Command v ...) NOT-FOR-US: FortiSandbox CVE-2021-26096 (Multiple instances of heap-based buffer overflow in the command shell ...) NOT-FOR-US: FortiSandbox CVE-2021-26095 (The combination of various cryptographic issues in the session managem ...) NOT-FOR-US: FortiMail CVE-2021-26094 RESERVED CVE-2021-26093 RESERVED CVE-2021-26092 RESERVED CVE-2021-26091 RESERVED CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...) NOT-FOR-US: FortiMail CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...) NOT-FOR-US: FortiClient CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...) NOT-FOR-US: Fortinet CVE-2021-26087 RESERVED CVE-2021-26086 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-26085 (Affected versions of Atlassian Confluence Server allow remote attacker ...) NOT-FOR-US: Atlassian Confluence CVE-2021-26084 (In affected versions of Confluence Server and Data Center, an OGNL inj ...) NOT-FOR-US: Atlassian CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data Center befor ...) NOT-FOR-US: Atlassian CVE-2021-26082 (The XML Export in Atlassian Jira Server and Jira Data Center before ve ...) NOT-FOR-US: Atlassian CVE-2021-26081 (REST API in Atlassian Jira Server and Jira Data Center before version ...) NOT-FOR-US: Atlassian CVE-2021-26080 (EditworkflowScheme.jspa in Jira Server and Jira Data Center before ver ...) NOT-FOR-US: Atlassian CVE-2021-26079 (The CardLayoutConfigTable component in Jira Server and Jira Data Cente ...) NOT-FOR-US: Atlassian CVE-2021-26078 (The number range searcher component in Jira Server and Jira Data Cente ...) NOT-FOR-US: Atlassian CVE-2021-26077 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) in versi ...) NOT-FOR-US: Atlassian CVE-2021-26076 (The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira ...) NOT-FOR-US: Atlassian CVE-2021-26075 (The Jira importers plugin AttachTemporaryFile rest resource in Jira Se ...) NOT-FOR-US: Atlassian CVE-2021-26074 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) from ver ...) NOT-FOR-US: Atlassian CVE-2021-26073 (Broken Authentication in Atlassian Connect Express (ACE) from version ...) NOT-FOR-US: Atlassian CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence Data Ce ...) NOT-FOR-US: Atlassian CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...) NOT-FOR-US: Atlassian CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...) NOT-FOR-US: Atlassian CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...) NOT-FOR-US: Atlassian CVE-2021-26066 RESERVED CVE-2021-26065 RESERVED CVE-2021-26064 RESERVED CVE-2021-26063 RESERVED CVE-2021-26062 RESERVED CVE-2021-26061 RESERVED CVE-2021-26060 RESERVED CVE-2021-26059 RESERVED CVE-2021-26058 RESERVED CVE-2021-26057 RESERVED CVE-2021-26056 RESERVED CVE-2021-26055 RESERVED CVE-2021-26054 RESERVED CVE-2021-26053 RESERVED CVE-2021-26052 RESERVED CVE-2021-26051 RESERVED CVE-2021-26050 RESERVED CVE-2021-26049 RESERVED CVE-2021-26048 RESERVED CVE-2021-26047 RESERVED CVE-2021-26046 RESERVED CVE-2021-26045 RESERVED CVE-2021-26044 RESERVED CVE-2021-26043 RESERVED CVE-2021-26042 RESERVED CVE-2021-26041 RESERVED CVE-2021-26040 (An issue was discovered in Joomla! 4.0.0. The media manager does not c ...) NOT-FOR-US: Joomla! CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...) NOT-FOR-US: Joomla! CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install actio ...) NOT-FOR-US: Joomla! CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions ...) NOT-FOR-US: Joomla! CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing valid ...) NOT-FOR-US: Joomla! CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...) NOT-FOR-US: Joomla! CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...) NOT-FOR-US: Joomla! CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...) NOT-FOR-US: Joomla! CVE-2021-26032 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was miss ...) NOT-FOR-US: Joomla! CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...) NOT-FOR-US: Joomla! CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...) NOT-FOR-US: Joomla! CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...) NOT-FOR-US: Joomla! CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...) NOT-FOR-US: Joomla! CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...) NOT-FOR-US: Joomla! CVE-2021-3287 (Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Rem ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...) NOT-FOR-US: ACDSee Professional 2021 CVE-2021-26025 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...) NOT-FOR-US: ACDSee Professional 2021 CVE-2021-3286 (SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands p ...) - spotweb (Incomplete fix for CVE-2020-35545 not applied) NOTE: https://github.com/spotweb/spotweb/issues/653 CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1. ...) NOT-FOR-US: TI Code Composer Studio IDE CVE-2021-3284 RESERVED CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task d ...) - nomad 0.12.10+dfsg1-1 (bug #981889) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332 CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` ...) NOT-FOR-US: HashiCorp Vault CVE-2021-3281 (In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ...) {DLA-2540-1} - python-django 2:2.2.18-1 (bug #981562) [buster] - python-django (Minor issue) NOTE: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23 (master) NOTE: https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37 (2.2.18) CVE-2021-26024 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) NOT-FOR-US: Nagios XI CVE-2021-26023 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) NOT-FOR-US: Nagios XI CVE-2021-26022 RESERVED CVE-2021-26021 RESERVED CVE-2021-26020 RESERVED CVE-2021-26019 RESERVED CVE-2021-26018 RESERVED CVE-2021-26017 RESERVED CVE-2021-26016 RESERVED CVE-2021-26015 RESERVED CVE-2021-26014 RESERVED CVE-2021-26013 RESERVED CVE-2021-26012 RESERVED CVE-2021-26011 RESERVED CVE-2021-26010 RESERVED CVE-2021-26009 RESERVED CVE-2021-26008 RESERVED CVE-2021-26007 RESERVED CVE-2021-26006 RESERVED CVE-2021-26005 RESERVED CVE-2021-26004 RESERVED CVE-2021-26003 RESERVED CVE-2021-26002 RESERVED CVE-2021-26001 RESERVED CVE-2021-26000 RESERVED CVE-2021-25999 RESERVED CVE-2021-25998 RESERVED CVE-2021-25997 RESERVED CVE-2021-25996 RESERVED CVE-2021-25995 RESERVED CVE-2021-25994 RESERVED CVE-2021-25993 RESERVED CVE-2021-25992 RESERVED CVE-2021-25991 RESERVED CVE-2021-25990 RESERVED CVE-2021-25989 RESERVED CVE-2021-25988 RESERVED CVE-2021-25987 RESERVED CVE-2021-25986 RESERVED CVE-2021-25985 RESERVED CVE-2021-25984 RESERVED CVE-2021-25983 RESERVED CVE-2021-25982 RESERVED CVE-2021-25981 RESERVED CVE-2021-25980 RESERVED CVE-2021-25979 RESERVED CVE-2021-25978 RESERVED CVE-2021-25977 RESERVED CVE-2021-25976 RESERVED CVE-2021-25975 RESERVED CVE-2021-25974 RESERVED CVE-2021-25973 RESERVED CVE-2021-25972 RESERVED CVE-2021-25971 RESERVED CVE-2021-25970 RESERVED CVE-2021-25969 RESERVED CVE-2021-25968 RESERVED CVE-2021-25967 RESERVED CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...) NOT-FOR-US: Orchard CMS CVE-2021-25965 RESERVED CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...) TODO: check CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...) NOT-FOR-US: Shuup CVE-2021-25962 (“Shuup” application in versions 0.4.2 to 2.10.8 is affecte ...) NOT-FOR-US: Shuup CVE-2021-25961 (In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7. ...) NOT-FOR-US: SuiteCRM CVE-2021-25960 (In “SuiteCRM” application, v7.11.18 through v7.11.19 and v ...) NOT-FOR-US: SuiteCRM CVE-2021-25959 (In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected ...) NOT-FOR-US: OpenCRX CVE-2021-25958 (In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch ...) NOT-FOR-US: Apache Ofbiz CVE-2021-25957 (In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerabl ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377 CVE-2021-25956 (In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee CVE-2021-25955 (In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v1 ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e CVE-2021-25954 (In “Dolibarr” application, 2.8.1 to 13.0.4 don’t res ...) - dolibarr CVE-2021-25953 (Prototype pollution vulnerability in 'putil-merge' versions1.0.0 throu ...) NOT-FOR-US: Node putil-merge CVE-2021-25952 (Prototype pollution vulnerability in ‘just-safe-set’ versi ...) NOT-FOR-US: AngusC just-safe-set CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to ca ...) NOT-FOR-US: XML2Dict CVE-2021-25950 REJECTED CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows ...) NOT-FOR-US: Node set-getter CVE-2021-25948 (Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 thro ...) NOT-FOR-US: Node expand-hash CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...) NOT-FOR-US: Node nestie CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...) NOT-FOR-US: Node nconf-toml CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...) NOT-FOR-US: Node js-extend CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 th ...) NOT-FOR-US: Node deep-defaults CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...) NOT-FOR-US: Node 101 CVE-2021-25942 RESERVED CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...) NOT-FOR-US: Node deep-override CVE-2021-25940 RESERVED CVE-2021-25939 RESERVED CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...) - arangodb (bug #761817) CVE-2021-25937 RESERVED CVE-2021-25936 RESERVED CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...) NOT-FOR-US: OpenNMS CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...) NOT-FOR-US: OpenNMS CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) NOT-FOR-US: OpenNMS CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) NOT-FOR-US: OpenNMS CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) NOT-FOR-US: OpenNMS CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) NOT-FOR-US: OpenNMS CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) NOT-FOR-US: OpenNMS CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...) NOT-FOR-US: Node safe-obj CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...) NOT-FOR-US: Node safe-flat CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...) NOT-FOR-US: SiCKRAGE CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...) NOT-FOR-US: SiCKRAGE CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...) NOT-FOR-US: GoCD CVE-2021-25923 (In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password ...) NOT-FOR-US: OpenEMR CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...) NOT-FOR-US: OpenEMR CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross ...) NOT-FOR-US: OpenEMR CVE-2021-25920 (In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Ac ...) NOT-FOR-US: OpenEMR CVE-2021-25919 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...) NOT-FOR-US: OpenEMR CVE-2021-25918 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...) NOT-FOR-US: OpenEMR CVE-2021-25917 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...) NOT-FOR-US: OpenEMR CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...) NOT-FOR-US: Node patchmerge CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...) NOT-FOR-US: changeset CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...) NOT-FOR-US: object-collider CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...) NOT-FOR-US: Node set-or-get CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...) NOT-FOR-US: Node dotty CVE-2021-25911 RESERVED CVE-2021-25910 (Improper Authentication vulnerability in the cookie parameter of ZIV A ...) NOT-FOR-US: ZIV AUTOMATION 4CCT-EA6-334126BF CVE-2021-25909 (ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, al ...) NOT-FOR-US: ZIV Automation 4CCT-EA6-334126BF CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...) NOT-FOR-US: Rust crate fil-ocl CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...) NOT-FOR-US: Rust crate containers CVE-2021-25906 (An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for ...) NOT-FOR-US: Rust crate basic_dsp_matrix CVE-2021-25905 (An issue was discovered in the bra crate before 0.1.1 for Rust. It lac ...) NOT-FOR-US: Rust crate bra CVE-2021-25904 (An issue was discovered in the av-data crate before 0.3.0 for Rust. A ...) NOT-FOR-US: Rust crate av-data CVE-2021-25903 (An issue was discovered in the cache crate through 2021-01-01 for Rust ...) NOT-FOR-US: Rust crate cache CVE-2021-25902 (An issue was discovered in the glsl-layout crate before 0.4.0 for Rust ...) NOT-FOR-US: Rust crate glsl-layout CVE-2021-25901 (An issue was discovered in the lazy-init crate through 2021-01-17 for ...) NOT-FOR-US: Rust crate lazy-init CVE-2021-3280 RESERVED CVE-2021-3279 (sz.chat version 4 allows injection of web scripts and HTML in the mess ...) NOT-FOR-US: sz.chat CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a vulnerability ...) NOT-FOR-US: Local Service Search Engine Management System CVE-2021-3277 (Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbi ...) NOT-FOR-US: Nagios XI CVE-2021-3276 RESERVED CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...) NOT-FOR-US: TP-Link CVE-2021-3274 RESERVED CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...) NOT-FOR-US: Nagios XI CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/259 CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...) NOT-FOR-US: PressBooks CVE-2021-3270 RESERVED CVE-2021-3269 RESERVED CVE-2021-3268 RESERVED CVE-2021-3267 RESERVED CVE-2021-3266 RESERVED CVE-2021-3265 RESERVED CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in p ...) NOT-FOR-US: cxuucms CVE-2021-3263 RESERVED CVE-2021-3262 RESERVED CVE-2021-3261 RESERVED CVE-2021-3260 RESERVED CVE-2021-3259 RESERVED CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site ...) NOT-FOR-US: Question2Answer Q2A Ultimate SEO CVE-2021-3257 RESERVED CVE-2021-3256 (KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the h ...) NOT-FOR-US: KuaiFanCMS CVE-2021-3255 RESERVED CVE-2021-3254 RESERVED CVE-2021-3253 RESERVED CVE-2021-3252 (KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect acce ...) NOT-FOR-US: KACO New Energy XP100U Up to XP-JAVA CVE-2021-3251 RESERVED CVE-2021-3250 RESERVED CVE-2021-3249 RESERVED CVE-2021-3248 RESERVED CVE-2021-3247 RESERVED CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...) {DSA-4947-1 DLA-2722-1} - libsndfile 1.0.31-2 (bug #991496) NOTE: https://github.com/libsndfile/libsndfile/issues/687 NOTE: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32 CVE-2021-3245 RESERVED CVE-2021-3244 RESERVED CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: Wfilter ICF CVE-2021-3242 RESERVED CVE-2021-3241 RESERVED CVE-2021-3240 RESERVED CVE-2021-3239 (E-Learning System 1.0 suffers from an unauthenticated SQL injection vu ...) NOT-FOR-US: E-Learning System CVE-2021-3238 RESERVED CVE-2021-3237 RESERVED CVE-2021-3236 RESERVED CVE-2021-3235 RESERVED CVE-2021-3234 RESERVED CVE-2021-3233 RESERVED CVE-2021-3232 RESERVED CVE-2021-3231 RESERVED CVE-2021-3230 RESERVED CVE-2021-3229 (Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4. ...) NOT-FOR-US: ASUSWRT ASUS RT-AX3000 firmware CVE-2021-3228 RESERVED CVE-2021-3227 RESERVED CVE-2021-3226 RESERVED CVE-2021-3225 RESERVED CVE-2021-3224 (A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exis ...) NOT-FOR-US: cszcms CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...) NOT-FOR-US: Node-RED-Dashboard CVE-2021-3222 RESERVED CVE-2021-3221 RESERVED CVE-2021-3220 RESERVED CVE-2021-3219 RESERVED CVE-2021-3218 RESERVED CVE-2021-3217 RESERVED CVE-2021-3216 RESERVED CVE-2021-3215 RESERVED CVE-2021-3214 RESERVED CVE-2021-3213 RESERVED CVE-2021-3212 RESERVED CVE-2021-3211 RESERVED CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &l ...) NOT-FOR-US: Bloodhound CVE-2021-3209 RESERVED CVE-2021-3208 RESERVED CVE-2021-3207 RESERVED CVE-2021-3206 RESERVED CVE-2021-3205 RESERVED CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop 5.1.15 ...) NOT-FOR-US: Webware Webdesktop CVE-2021-3203 RESERVED CVE-2021-3202 RESERVED CVE-2021-3201 RESERVED CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...) - libsolv (unimportant) NOTE: https://github.com/openSUSE/libsolv/issues/416 NOTE: Crash in CLI tool, no security impact CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2021-3198 (By abusing the 'install rpm url' command, an attacker can escape the r ...) NOT-FOR-US: Ivanti MobileIron Core CVE-2021-25899 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...) NOT-FOR-US: Void Aural Rec Monitor CVE-2021-25898 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...) NOT-FOR-US: Void Aural Rec Monitor CVE-2021-25897 RESERVED CVE-2021-25896 RESERVED CVE-2021-25895 RESERVED CVE-2021-25894 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...) NOT-FOR-US: Magnolia CMS CVE-2021-25893 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...) NOT-FOR-US: Magnolia CMS CVE-2021-25892 RESERVED CVE-2021-25891 RESERVED CVE-2021-25890 RESERVED CVE-2021-25889 RESERVED CVE-2021-25888 RESERVED CVE-2021-25887 RESERVED CVE-2021-25886 RESERVED CVE-2021-25885 RESERVED CVE-2021-25884 RESERVED CVE-2021-25883 RESERVED CVE-2021-25882 RESERVED CVE-2021-25881 RESERVED CVE-2021-25880 RESERVED CVE-2021-25879 RESERVED CVE-2021-25878 RESERVED CVE-2021-25877 RESERVED CVE-2021-25876 RESERVED CVE-2021-25875 RESERVED CVE-2021-25874 RESERVED CVE-2021-25873 RESERVED CVE-2021-25872 RESERVED CVE-2021-25871 RESERVED CVE-2021-25870 RESERVED CVE-2021-25869 RESERVED CVE-2021-25868 RESERVED CVE-2021-25867 RESERVED CVE-2021-25866 RESERVED CVE-2021-25865 RESERVED CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Direct ...) NOT-FOR-US: node-red-contrib-huemagic CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...) NOT-FOR-US: Open5GS CVE-2021-25862 RESERVED CVE-2021-25861 RESERVED CVE-2021-25860 RESERVED CVE-2021-25859 RESERVED CVE-2021-25858 RESERVED CVE-2021-25857 RESERVED CVE-2021-25856 RESERVED CVE-2021-25855 RESERVED CVE-2021-25854 RESERVED CVE-2021-25853 RESERVED CVE-2021-25852 RESERVED CVE-2021-25851 RESERVED CVE-2021-25850 RESERVED CVE-2021-25849 (An integer underflow was discovered in userdisk/vport_lldpd in Moxa Ca ...) NOT-FOR-US: Moxa CVE-2021-25848 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...) NOT-FOR-US: Moxa CVE-2021-25847 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...) NOT-FOR-US: Moxa CVE-2021-25846 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...) NOT-FOR-US: Moxa CVE-2021-25845 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...) NOT-FOR-US: Moxa CVE-2021-25844 RESERVED CVE-2021-25843 RESERVED CVE-2021-25842 RESERVED CVE-2021-25841 RESERVED CVE-2021-25840 RESERVED CVE-2021-25839 (A weak password requirement vulnerability exists in the Create New Use ...) NOT-FOR-US: MintHCM CVE-2021-25838 (The Import function in MintHCM RELEASE 3.0.8 allows an attacker to exe ...) NOT-FOR-US: MintHCM CVE-2021-25837 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...) NOT-FOR-US: Cosmos Network Ethermint CVE-2021-25836 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...) NOT-FOR-US: Cosmos Network Ethermint CVE-2021-25835 (Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain tra ...) NOT-FOR-US: Cosmos Network Ethermint CVE-2021-25834 (Cosmos Network Ethermint <= v0.4.0 is affected by a transaction rep ...) NOT-FOR-US: Cosmos Network Ethermint CVE-2021-25833 (A file extension handling issue was found in [server] module of ONLYOF ...) NOT-FOR-US: ONLYOFFICE DocumentServer CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image processing wa ...) NOT-FOR-US: ONLYOFFICE DocumentServer CVE-2021-25831 (A file extension handling issue was found in [core] module of ONLYOFFI ...) NOT-FOR-US: ONLYOFFICE DocumentServer CVE-2021-25830 (A file extension handling issue was found in [core] module of ONLYOFFI ...) NOT-FOR-US: ONLYOFFICE DocumentServer CVE-2021-25829 (An improper binary stream data handling issue was found in the [core] ...) NOT-FOR-US: ONLYOFFICE DocumentServer CVE-2021-25828 RESERVED CVE-2021-25827 RESERVED CVE-2021-25826 RESERVED CVE-2021-25825 RESERVED CVE-2021-25824 RESERVED CVE-2021-25823 RESERVED CVE-2021-25822 RESERVED CVE-2021-25821 RESERVED CVE-2021-25820 RESERVED CVE-2021-25819 RESERVED CVE-2021-25818 RESERVED CVE-2021-25817 RESERVED CVE-2021-25816 RESERVED CVE-2021-25815 RESERVED CVE-2021-25814 RESERVED CVE-2021-25813 RESERVED CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 v ...) NOT-FOR-US: China Mobile An Lianbao WF-1 CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a craf ...) NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...) NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices CVE-2021-25809 (UCMS 1.5.0 was discovered to contain a physical path leakage via an er ...) NOT-FOR-US: UCMS CVE-2021-25808 (A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 a ...) NOT-FOR-US: Bludit CVE-2021-25807 RESERVED CVE-2021-25806 RESERVED CVE-2021-25805 RESERVED CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...) {DSA-4834-1 DLA-2728-1} - vlc 3.0.12-1 NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c (v3.0.12) CVE-2021-25803 (A buffer overflow vulnerability in the vlc_input_attachment_New compon ...) {DSA-4834-1 DLA-2728-1} - vlc 3.0.12-1 NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12) CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...) {DSA-4834-1 DLA-2728-1} - vlc 3.0.12-1 NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 (v3.0.12) CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component of Video ...) {DSA-4834-1 DLA-2728-1} - vlc 3.0.12-1 NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12) CVE-2021-25800 RESERVED CVE-2021-25799 RESERVED CVE-2021-25798 RESERVED CVE-2021-25797 RESERVED CVE-2021-25796 RESERVED CVE-2021-25795 RESERVED CVE-2021-25794 RESERVED CVE-2021-25793 RESERVED CVE-2021-25792 RESERVED CVE-2021-25791 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Upd ...) NOT-FOR-US: Online Doctor Appointment System CVE-2021-25790 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Reg ...) NOT-FOR-US: House Rental and Property Listing CVE-2021-25789 RESERVED CVE-2021-25788 RESERVED CVE-2021-25787 RESERVED CVE-2021-25786 RESERVED CVE-2021-25785 RESERVED CVE-2021-25784 RESERVED CVE-2021-25783 RESERVED CVE-2021-25782 RESERVED CVE-2021-25781 RESERVED CVE-2021-25780 (An arbitrary file upload vulnerability has been identified in posts.ph ...) NOT-FOR-US: Baby Care System CVE-2021-25779 (Baby Care System v1.0 is vulnerable to SQL injection via the 'id' para ...) NOT-FOR-US: Baby Care System CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be exposed in ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could create a ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access to the ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on se ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possibl ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information could be ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template injecti ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator w ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for attachments ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence could b ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource access che ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload w ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25764 (In JetBrains PhpStorm before 2020.3, source code could be added to deb ...) NOT-FOR-US: JetBrains PhpStorm CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by def ...) NOT-FOR-US: JetBrains Ktor CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. ...) NOT-FOR-US: JetBrains Ktor CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage ke ...) NOT-FOR-US: JetBrains Ktor CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure via the p ...) NOT-FOR-US: JetBrains Hub CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user can delete ...) NOT-FOR-US: JetBrains Hub CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deseria ...) - intellij-idea (bug #747616) CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was possible. ...) NOT-FOR-US: JetBrains Hub CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for sev ...) - intellij-idea (bug #747616) CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the local netw ...) NOT-FOR-US: JetBrains Code With Me CVE-2021-25754 RESERVED CVE-2021-25753 RESERVED CVE-2021-25752 RESERVED CVE-2021-25751 RESERVED CVE-2021-25750 RESERVED CVE-2021-25749 RESERVED CVE-2021-25748 RESERVED CVE-2021-25747 RESERVED CVE-2021-25746 RESERVED CVE-2021-25745 RESERVED CVE-2021-25744 RESERVED CVE-2021-25743 RESERVED CVE-2021-25742 RESERVED CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may be able ...) - kubernetes [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: Server components no longer built since 1.20.5+really1.20.2-1 NOTE: https://github.com/kubernetes/kubernetes/issues/104980 CVE-2021-25740 (A security issue was discovered with Kubernetes that could enable user ...) - kubernetes [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1 CVE-2021-25739 RESERVED CVE-2021-25738 (Loading specially-crafted yaml with the Kubernetes Java Client library ...) NOT-FOR-US: Kubernetes Java client CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may be able ...) - kubernetes (bug #990793) [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4 NOTE: Server components no longer built since 1.20.5+really1.20.2-1 CVE-2021-25736 RESERVED - kubernetes (Windows-specific) CVE-2021-25735 (A security issue was discovered in kube-apiserver that could allow nod ...) - kubernetes (bug #990793) [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1 NOTE: https://github.com/kubernetes/kubernetes/issues/100096 NOTE: Server components no longer built since 1.20.5+really1.20.2-1 CVE-2021-25734 RESERVED CVE-2021-25733 RESERVED CVE-2021-25732 RESERVED CVE-2021-25731 RESERVED CVE-2021-25730 RESERVED CVE-2021-25729 RESERVED CVE-2021-25728 RESERVED CVE-2021-25727 RESERVED CVE-2021-25726 RESERVED CVE-2021-25725 RESERVED CVE-2021-25724 RESERVED CVE-2021-25723 RESERVED CVE-2021-25722 RESERVED CVE-2021-25721 RESERVED CVE-2021-25720 RESERVED CVE-2021-25719 RESERVED CVE-2021-25718 RESERVED CVE-2021-25717 RESERVED CVE-2021-25716 RESERVED CVE-2021-25715 RESERVED CVE-2021-25714 RESERVED CVE-2021-25713 RESERVED CVE-2021-25712 RESERVED CVE-2021-25711 RESERVED CVE-2021-25710 RESERVED CVE-2021-25709 RESERVED CVE-2021-25708 RESERVED CVE-2021-25707 RESERVED CVE-2021-25706 RESERVED CVE-2021-25705 RESERVED CVE-2021-25704 RESERVED CVE-2021-25703 RESERVED CVE-2021-25702 RESERVED CVE-2021-25701 (The fUSBHub driver in the PCoIP Software Client prior to version 21.07 ...) NOT-FOR-US: Teradici CVE-2021-25700 RESERVED CVE-2021-25699 (The OpenSSL component of the Teradici PCoIP Software Client prior to v ...) NOT-FOR-US: Teradici CVE-2021-25698 (The OpenSSL component of the Teradici PCoIP Standard Agent prior to ve ...) NOT-FOR-US: Teradici CVE-2021-25697 RESERVED CVE-2021-25696 RESERVED CVE-2021-25695 (The USB vHub in the Teradici PCOIP Software Agent prior to version 21. ...) NOT-FOR-US: Teradici CVE-2021-25694 (Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not vali ...) NOT-FOR-US: Teradici PCoIP Graphics Agent for Windows CVE-2021-25693 (An attacker may cause a Denial of Service (DoS) in multiple versions o ...) NOT-FOR-US: Teradici PCoIP Agent CVE-2021-25692 (Sensitive smart card data is logged in default INFO logs by Teradici's ...) NOT-FOR-US: Teradici CVE-2021-25691 RESERVED CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...) NOT-FOR-US: Teradici PCoIP Soft Client CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...) NOT-FOR-US: Teradici PCoIP Soft Client CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...) NOT-FOR-US: Teradici PCoIP Agents CVE-2021-25687 RESERVED CVE-2021-25686 RESERVED CVE-2021-25685 RESERVED CVE-2021-25684 (It was discovered that apport in data/apport did not properly open a r ...) NOT-FOR-US: Apport CVE-2021-25683 (It was discovered that the get_starttime() function in data/apport did ...) NOT-FOR-US: Apport CVE-2021-25682 (It was discovered that the get_pid_info() function in data/apport did ...) NOT-FOR-US: Apport CVE-2021-25681 (** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 s ...) NOT-FOR-US: AdTran Personal Phone Manager CVE-2021-25680 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...) NOT-FOR-US: AdTran Personal Phone Manager CVE-2021-25679 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...) NOT-FOR-US: AdTran Personal Phone Manager CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...) NOT-FOR-US: Hitachi ID Bravura Security Fabric CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...) NOTE: Disputed Bitcoin issue NOTE: https://github.com/bitcoin/bitcoin/issues/20866 CVE-2021-3194 RESERVED CVE-2021-3193 (Improper access and command validation in the Nagios Docker Config Wiz ...) NOT-FOR-US: Nagios XI CVE-2021-3192 RESERVED CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...) NOT-FOR-US: Idelji Web ViewPoint CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...) NOT-FOR-US: Node async-git CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) NOT-FOR-US: Solid Edge (Siemens) CVE-2021-25677 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) NOT-FOR-US: Nucleus (Siemens) CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...) NOT-FOR-US: Siemens CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) NOT-FOR-US: Siemens CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) NOT-FOR-US: Siemens CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) NOT-FOR-US: Siemens CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) NOT-FOR-US: Mendix Forgot Password Appstore module CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions < V1. ...) NOT-FOR-US: Siemens CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...) NOT-FOR-US: Tecnomatix RobotExpert (Siemens) CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2021-25668 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All versions ...) NOT-FOR-US: Siemens CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...) NOT-FOR-US: Siemens CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) NOT-FOR-US: Siemens CVE-2021-25664 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) NOT-FOR-US: Nucleus (Siemens) CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...) NOT-FOR-US: Nucleus (Siemens) CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) NOT-FOR-US: Siemens CVE-2021-25659 (A vulnerability has been identified in Automation License Manager 5 (A ...) NOT-FOR-US: Automation License Manager CVE-2021-25658 RESERVED CVE-2021-25657 RESERVED CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...) NOT-FOR-US: Avaya CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...) NOT-FOR-US: Avaya CVE-2021-25654 (An arbitrary code execution vulnerability was discovered in Avaya Aura ...) NOT-FOR-US: Avaya CVE-2021-25653 (A privilege escalation vulnerability was discovered in Avaya Aura Appl ...) NOT-FOR-US: Avaya CVE-2021-25652 (An information disclosure vulnerability was discovered in the director ...) NOT-FOR-US: Avaya CVE-2021-25651 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...) NOT-FOR-US: Avaya CVE-2021-25650 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...) NOT-FOR-US: Avaya CVE-2021-25649 (** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerabilit ...) NOT-FOR-US: Avaya CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...) NOT-FOR-US: Mobile application "Testes de Codigo" CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...) NOT-FOR-US: Mobile application "Testes de Codigo" CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...) - druid (bug #825797) CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...) - xen 4.14.1+11-gb0b734a8b3-1 (bug #981052) [buster] - xen (Vulnerable code introduced later) [stretch] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-360.html NOTE: Introduced by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5b58dad089880127674d460494d1a9d68109b3d7 (4.14.0-rc1) NOTE: Issue backported to 4.12.3 and 4.13.1 NOTE: Fixed by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=58427889f5a420cc5226f88524b3228f90b72a58 CVE-2021-3189 (The slashify package 1.0.0 for Node.js allows open-redirect attacks, a ...) NOT-FOR-US: Node slashify CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email parameter, an ...) - phplist (bug #612288) CVE-2021-3187 RESERVED CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi S ...) NOT-FOR-US: Tenda AC5 CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x throug ...) NOT-FOR-US: Couchbase Server CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 ...) NOT-FOR-US: Couchbase Server CVE-2021-25643 (An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 a ...) NOT-FOR-US: Couchbase Server CVE-2021-25642 RESERVED CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell the clien ...) NOT-FOR-US: Apache Dubbo CVE-2021-25640 (In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method ...) NOT-FOR-US: Apache Dubbo CVE-2021-25639 RESERVED CVE-2021-25638 RESERVED CVE-2021-25637 RESERVED CVE-2021-25636 RESERVED CVE-2021-25635 RESERVED - libreoffice (Only affects Microsoft Crypto API back-end) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635 NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3 NOTE: Fixed by: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1) CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and macros wi ...) - libreoffice 1:7.2.0-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/2 NOTE: XAdES/xades:SigningTime support introduced in 5.3, but pre-requisite for CVE-2021-25633/25634 also introduces it NOTE: Pre-requisites (replacement for XSecParser): NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0) NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02 (7-0) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242 (7-0) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/89befefb98487a27bff1003084e1200320828b3f (7-1) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/b776cf1281660cf495e12824872576bb8e99d569 (7-1) CVE-2021-25633 (LibreOffice supports digital signatures of ODF documents and macros wi ...) - libreoffice 1:7.2.0-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633 NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/1 NOTE: Pre-requisites (replacement for XSecParser): NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0) NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f (7-0) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/be773bc5960def8c51de0e0e41db837e001aa8fd (7-1) CVE-2021-25632 RESERVED CVE-2021-25631 (In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7 ...) - libreoffice (Libreoffice on Windows) NOTE: https://positive.security/blog/url-open-rce#open-libreoffice CVE-2021-25630 ("loolforkit" is a privileged program that is supposed to be run by a s ...) NOT-FOR-US: libreoffice online CVE-2021-25629 RESERVED CVE-2021-25628 RESERVED CVE-2021-25627 RESERVED CVE-2021-25626 RESERVED CVE-2021-25625 RESERVED CVE-2021-25624 RESERVED CVE-2021-25623 RESERVED CVE-2021-25622 RESERVED CVE-2021-25621 RESERVED CVE-2021-25620 RESERVED CVE-2021-25619 RESERVED CVE-2021-25618 RESERVED CVE-2021-25617 RESERVED CVE-2021-25616 RESERVED CVE-2021-25615 RESERVED CVE-2021-25614 RESERVED CVE-2021-25613 RESERVED CVE-2021-25612 RESERVED CVE-2021-25611 RESERVED CVE-2021-25610 RESERVED CVE-2021-25609 RESERVED CVE-2021-25608 RESERVED CVE-2021-25607 RESERVED CVE-2021-25606 RESERVED CVE-2021-25605 RESERVED CVE-2021-25604 RESERVED CVE-2021-25603 RESERVED CVE-2021-25602 RESERVED CVE-2021-25601 RESERVED CVE-2021-25600 RESERVED CVE-2021-25599 RESERVED CVE-2021-25598 RESERVED CVE-2021-25597 RESERVED CVE-2021-25596 RESERVED CVE-2021-25595 RESERVED CVE-2021-25594 RESERVED CVE-2021-25593 RESERVED CVE-2021-25592 RESERVED CVE-2021-25591 RESERVED CVE-2021-25590 RESERVED CVE-2021-25589 RESERVED CVE-2021-25588 RESERVED CVE-2021-25587 RESERVED CVE-2021-25586 RESERVED CVE-2021-25585 RESERVED CVE-2021-25584 RESERVED CVE-2021-25583 RESERVED CVE-2021-25582 RESERVED CVE-2021-25581 RESERVED CVE-2021-25580 RESERVED CVE-2021-25579 RESERVED CVE-2021-25578 RESERVED CVE-2021-25577 RESERVED CVE-2021-25576 RESERVED CVE-2021-25575 RESERVED CVE-2021-25574 RESERVED CVE-2021-25573 RESERVED CVE-2021-25572 RESERVED CVE-2021-25571 RESERVED CVE-2021-25570 RESERVED CVE-2021-25569 RESERVED CVE-2021-25568 RESERVED CVE-2021-25567 RESERVED CVE-2021-25566 RESERVED CVE-2021-25565 RESERVED CVE-2021-25564 RESERVED CVE-2021-25563 RESERVED CVE-2021-25562 RESERVED CVE-2021-25561 RESERVED CVE-2021-25560 RESERVED CVE-2021-25559 RESERVED CVE-2021-25558 RESERVED CVE-2021-25557 RESERVED CVE-2021-25556 RESERVED CVE-2021-25555 RESERVED CVE-2021-25554 RESERVED CVE-2021-25553 RESERVED CVE-2021-25552 RESERVED CVE-2021-25551 RESERVED CVE-2021-25550 RESERVED CVE-2021-25549 RESERVED CVE-2021-25548 RESERVED CVE-2021-25547 RESERVED CVE-2021-25546 RESERVED CVE-2021-25545 RESERVED CVE-2021-25544 RESERVED CVE-2021-25543 RESERVED CVE-2021-25542 RESERVED CVE-2021-25541 RESERVED CVE-2021-25540 RESERVED CVE-2021-25539 RESERVED CVE-2021-25538 RESERVED CVE-2021-25537 RESERVED CVE-2021-25536 RESERVED CVE-2021-25535 RESERVED CVE-2021-25534 RESERVED CVE-2021-25533 RESERVED CVE-2021-25532 RESERVED CVE-2021-25531 RESERVED CVE-2021-25530 RESERVED CVE-2021-25529 RESERVED CVE-2021-25528 RESERVED CVE-2021-25527 RESERVED CVE-2021-25526 RESERVED CVE-2021-25525 RESERVED CVE-2021-25524 RESERVED CVE-2021-25523 RESERVED CVE-2021-25522 RESERVED CVE-2021-25521 RESERVED CVE-2021-25520 RESERVED CVE-2021-25519 RESERVED CVE-2021-25518 RESERVED CVE-2021-25517 RESERVED CVE-2021-25516 RESERVED CVE-2021-25515 RESERVED CVE-2021-25514 RESERVED CVE-2021-25513 RESERVED CVE-2021-25512 RESERVED CVE-2021-25511 RESERVED CVE-2021-25510 RESERVED CVE-2021-25509 RESERVED CVE-2021-25508 RESERVED CVE-2021-25507 RESERVED CVE-2021-25506 RESERVED CVE-2021-25505 RESERVED CVE-2021-25504 RESERVED CVE-2021-25503 RESERVED CVE-2021-25502 RESERVED CVE-2021-25501 RESERVED CVE-2021-25500 RESERVED CVE-2021-25499 (Intent redirection vulnerability in SamsungAccountSDKSigninActivity of ...) NOT-FOR-US: Samsung CVE-2021-25498 (A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSP ...) NOT-FOR-US: Samsung CVE-2021-25497 (A possible buffer overflow vulnerability in maetd_cpy_slice of libSPen ...) NOT-FOR-US: Samsung CVE-2021-25496 (A possible buffer overflow vulnerability in maetd_dec_slice of libSPen ...) NOT-FOR-US: Samsung CVE-2021-25495 (A possible heap buffer overflow vulnerability in libSPenBase library o ...) NOT-FOR-US: Samsung CVE-2021-25494 (A possible buffer overflow vulnerability in libSPenBase library of Sam ...) NOT-FOR-US: Samsung CVE-2021-25493 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...) NOT-FOR-US: Samsung CVE-2021-25492 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...) NOT-FOR-US: Samsung CVE-2021-25491 (A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows m ...) NOT-FOR-US: Samsung CVE-2021-25490 (A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release ...) NOT-FOR-US: Samsung CVE-2021-25489 (Assuming radio permission is gained, missing input validation in modem ...) NOT-FOR-US: Samsung CVE-2021-25488 (Lack of boundary checking of a buffer in recv_data() of modem interfac ...) NOT-FOR-US: Samsung CVE-2021-25487 (Lack of boundary checking of a buffer in set_skb_priv() of modem inter ...) NOT-FOR-US: Samsung CVE-2021-25486 (Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 ...) NOT-FOR-US: Samsung CVE-2021-25485 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR O ...) NOT-FOR-US: Samsung CVE-2021-25484 (Improper authentication in InputManagerService prior to SMR Oct-2021 R ...) NOT-FOR-US: Samsung CVE-2021-25483 (Lack of boundary checking of a buffer in livfivextractor library prior ...) NOT-FOR-US: Samsung CVE-2021-25482 (SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 ...) NOT-FOR-US: Samsung CVE-2021-25481 (An improper error handling in Exynos CP booting driver prior to SMR Oc ...) NOT-FOR-US: Samsung CVE-2021-25480 (A lack of replay attack protection in GUTI REALLOCATION COMMAND messag ...) NOT-FOR-US: Samsung CVE-2021-25479 (A possible heap-based buffer overflow vulnerability in Exynos CP Chips ...) NOT-FOR-US: Samsung CVE-2021-25478 (A possible stack-based buffer overflow vulnerability in Exynos CP Chip ...) NOT-FOR-US: Samsung CVE-2021-25477 (An improper error handling in Mediatek RRC Protocol stack prior to SMR ...) NOT-FOR-US: Mediatek CVE-2021-25476 (An information disclosure vulnerability in Widevine TA log prior to SM ...) NOT-FOR-US: Samsung CVE-2021-25475 (A possible heap-based buffer overflow vulnerability in DSP kernel driv ...) NOT-FOR-US: Samsung CVE-2021-25474 (Assuming a shell privilege is gained, an improper exception handling f ...) NOT-FOR-US: Samsung CVE-2021-25473 (Assuming a shell privilege is gained, an improper exception handling f ...) NOT-FOR-US: Samsung CVE-2021-25472 (An improper access control vulnerability in BluetoothSettingsProvider ...) NOT-FOR-US: Samsung CVE-2021-25471 (A lack of replay attack protection in Security Mode Command process pr ...) NOT-FOR-US: Samsung CVE-2021-25470 (An improper caller check logic of SMC call in TEEGRIS secure OS prior ...) NOT-FOR-US: Samsung CVE-2021-25469 (A possible stack-based buffer overflow vulnerability in Widevine trust ...) NOT-FOR-US: Samsung CVE-2021-25468 (A possible guessing and confirming a byte memory vulnerability in Wide ...) NOT-FOR-US: Samsung CVE-2021-25467 (Assuming system privilege is gained, possible buffer overflow vulnerab ...) NOT-FOR-US: Samsung CVE-2021-25466 (Improper scheme check vulnerability in Samsung Internet prior to versi ...) NOT-FOR-US: Samsung CVE-2021-25465 (An improper scheme check vulnerability in Samsung Themes prior to vers ...) NOT-FOR-US: Samsung CVE-2021-25464 (An improper file management vulnerability in SamsungCapture prior to v ...) NOT-FOR-US: Samsung CVE-2021-25463 (Improper access control vulnerability in PENUP prior to version 3.8.00 ...) NOT-FOR-US: Samsung CVE-2021-25462 (NULL pointer dereference vulnerability in NPU driver prior to SMR Sep- ...) NOT-FOR-US: Samsung CVE-2021-25461 (An improper length check in APAService prior to SMR Sep-2021 Release 1 ...) NOT-FOR-US: Samsung CVE-2021-25460 (An improper access control vulnerability in sspExit() in BlockchainTZS ...) NOT-FOR-US: Samsung CVE-2021-25459 (An improper access control vulnerability in sspInit() in BlockchainTZS ...) NOT-FOR-US: Samsung CVE-2021-25458 (NULL pointer dereference vulnerability in ION driver prior to SMR Sep- ...) NOT-FOR-US: Samsung CVE-2021-25457 (An improper input validation vulnerability in DSP driver prior to SMR ...) NOT-FOR-US: Samsung CVE-2021-25456 (OOB read vulnerability in libswmfextractor.so library prior to SMR Sep ...) NOT-FOR-US: Samsung CVE-2021-25455 (OOB read vulnerability in libsaviextractor.so library prior to SMR Sep ...) NOT-FOR-US: Samsung CVE-2021-25454 (OOB read vulnerability in libsaacextractor.so library prior to SMR Sep ...) NOT-FOR-US: Samsung CVE-2021-25453 (Some improper access control in Bluetooth APIs prior to SMR Sep-2021 R ...) NOT-FOR-US: Samsung CVE-2021-25452 (An improper input validation vulnerability in loading graph file in DS ...) NOT-FOR-US: Samsung CVE-2021-25451 (A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR ...) NOT-FOR-US: Samsung CVE-2021-25450 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR S ...) NOT-FOR-US: Samsung CVE-2021-25449 (An improper input validation vulnerability in libsapeextractor library ...) NOT-FOR-US: Samsung CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...) NOT-FOR-US: Samsung CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version ...) NOT-FOR-US: Samsung CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to version ...) NOT-FOR-US: Samsung CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior to versi ...) NOT-FOR-US: Samsung CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 ...) NOT-FOR-US: Samsung CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to SMR AUG- ...) NOT-FOR-US: Samsung CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...) NOT-FOR-US: Samsung (KME module) CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...) NOT-FOR-US: AR Emoji Editor CVE-2021-25440 (Improper access control vulnerability in FactoryCameraFB prior to vers ...) NOT-FOR-US: FactoryCameraFB CVE-2021-25439 (Improper access control vulnerability in Samsung Members prior to vers ...) NOT-FOR-US: Samsung Members CVE-2021-25438 (Improper access control vulnerability in Samsung Members prior to vers ...) NOT-FOR-US: Samsung Members CVE-2021-25437 (Improper access control vulnerability in Tizen FOTA service prior to F ...) NOT-FOR-US: Tizen FOTA service CVE-2021-25436 (Improper input validation vulnerability in Tizen FOTA service prior to ...) NOT-FOR-US: Tizen FOTA service CVE-2021-25435 (Improper input validation vulnerability in Tizen bootloader prior to F ...) NOT-FOR-US: Tizen bootloader CVE-2021-25434 (Improper input validation vulnerability in Tizen bootloader prior to F ...) NOT-FOR-US: Tizen bootloader CVE-2021-25433 (Improper authorization vulnerability in Tizen factory reset policy pri ...) NOT-FOR-US: Tizen factory reset policy CVE-2021-25432 (Information exposure vulnerability in Samsung Members prior to version ...) NOT-FOR-US: Samsung Members CVE-2021-25431 (Improper access control vulnerability in Cameralyzer prior to versions ...) NOT-FOR-US: Cameralyzer CVE-2021-25430 (Improper access control vulnerability in Bluetooth application prior t ...) NOT-FOR-US: Bluetooth application (Samsung) CVE-2021-25429 (Improper privilege management vulnerability in Bluetooth application p ...) NOT-FOR-US: Bluetooth application (Samsung) CVE-2021-25428 (Improper validation check vulnerability in PackageManager prior to SMR ...) NOT-FOR-US: PackageManager (Samsung) CVE-2021-25427 (SQL injection vulnerability in Bluetooth prior to SMR July-2021 Releas ...) NOT-FOR-US: Bluetooth (Samsung) CVE-2021-25426 (Improper component protection vulnerability in SmsViewerActivity of Sa ...) NOT-FOR-US: Samsung Message CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...) NOT-FOR-US: Samsung CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...) NOT-FOR-US: Samsung CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...) NOT-FOR-US: Watch Active2 PlugIn CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to ...) NOT-FOR-US: Watch Active2 PlugIn CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...) NOT-FOR-US: Galaxy Watch3 PlugIn CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to ...) NOT-FOR-US: Galaxy Watch PlugIn CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...) NOT-FOR-US: Samsung CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior ...) NOT-FOR-US: Samsung CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...) NOT-FOR-US: Samsung CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) NOT-FOR-US: Samsung CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) NOT-FOR-US: Samsung CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) NOT-FOR-US: Samsung CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) NOT-FOR-US: Samsung CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...) NOT-FOR-US: Samsung CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...) NOT-FOR-US: Samsung CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR ...) NOT-FOR-US: Samsung CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release ...) NOT-FOR-US: Samsung CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...) NOT-FOR-US: Samsung CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...) NOT-FOR-US: Samsung CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...) NOT-FOR-US: Samsung CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...) NOT-FOR-US: Samsung CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...) NOT-FOR-US: Samsung CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...) NOT-FOR-US: Samsung CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...) NOT-FOR-US: Samsung CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...) NOT-FOR-US: Samsung CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version ...) NOT-FOR-US: Samsung CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...) NOT-FOR-US: Samsung CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...) NOT-FOR-US: Samsung CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...) NOT-FOR-US: Samsung CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...) NOT-FOR-US: Samsung CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...) NOT-FOR-US: Samsung CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...) NOT-FOR-US: Samsung CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...) NOT-FOR-US: Samsung CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior ...) NOT-FOR-US: Samsung CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...) NOT-FOR-US: Samsung CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...) NOT-FOR-US: Samsung CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release ...) NOT-FOR-US: Samsung CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...) NOT-FOR-US: Samsung CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...) NOT-FOR-US: Samsung CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...) NOT-FOR-US: Samsung CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) NOT-FOR-US: Samsung CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) NOT-FOR-US: Samsung CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...) NOT-FOR-US: Samsung CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...) NOT-FOR-US: Samsung CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...) NOT-FOR-US: Samsung CVE-2021-25380 (Improper handling of exceptional conditions in Bixby prior to version ...) NOT-FOR-US: Bixby CVE-2021-25379 (Intent redirection vulnerability in Gallery prior to version 5.4.16.1 ...) NOT-FOR-US: Samsung CVE-2021-25378 (Improper access control of certain port in SmartThings prior to versio ...) NOT-FOR-US: Samsung CVE-2021-25377 (Intent redirection in Samsung Experience Service versions 10.8.0.4 in ...) NOT-FOR-US: Samsung CVE-2021-25376 (An improper synchronization logic in Samsung Email prior to version 6. ...) NOT-FOR-US: Samsung CVE-2021-25375 (Using predictable index for attachments in Samsung Email prior to vers ...) NOT-FOR-US: Samsung CVE-2021-25374 (An improper authorization vulnerability in Samsung Members "samsungrew ...) NOT-FOR-US: Samsung CVE-2021-25373 (Using unsafe PendingIntent in Customization Service prior to version 2 ...) NOT-FOR-US: PendingIntent in Customization Service (Samsung) CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...) NOT-FOR-US: Samsung CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...) NOT-FOR-US: Samsung CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...) NOT-FOR-US: Samsung CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...) NOT-FOR-US: Samsung CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...) NOT-FOR-US: Samsung CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...) NOT-FOR-US: Samsung CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...) NOT-FOR-US: Samsung CVE-2021-25365 (An improper exception control in softsimd prior to SMR APR-2021 Releas ...) NOT-FOR-US: Samsung CVE-2021-25364 (A pendingIntent hijacking vulnerability in Secure Folder prior to SMR ...) NOT-FOR-US: Samsung CVE-2021-25363 (An improper access control in ActivityManagerService prior to SMR APR- ...) NOT-FOR-US: Samsung CVE-2021-25362 (An improper permission management in CertInstaller prior to SMR APR-20 ...) NOT-FOR-US: Samsung CVE-2021-25361 (An improper access control vulnerability in stickerCenter prior to SMR ...) NOT-FOR-US: Samsung CVE-2021-25360 (An improper input validation vulnerability in libswmfextractor library ...) NOT-FOR-US: Samsung CVE-2021-25359 (An improper SELinux policy prior to SMR APR-2021 Release 1 allows loca ...) NOT-FOR-US: Samsung CVE-2021-25358 (A vulnerability that stores IMSI values in an improper path prior to S ...) NOT-FOR-US: Samsung CVE-2021-25357 (A pendingIntent hijacking vulnerability in Create Movie prior to SMR A ...) NOT-FOR-US: Samsung CVE-2021-25356 (An improper caller check vulnerability in Managed Provisioning prior t ...) NOT-FOR-US: Samsung CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...) NOT-FOR-US: Samsung CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...) NOT-FOR-US: Samsung CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.121 ...) NOT-FOR-US: Samsung CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior to versi ...) NOT-FOR-US: Samsung CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung Account prio ...) NOT-FOR-US: Samsung CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to version ...) NOT-FOR-US: Samsung CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5. ...) NOT-FOR-US: Samsung CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...) NOT-FOR-US: Samsung Internet CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...) NOT-FOR-US: Samsung Email application CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...) NOT-FOR-US: Samsung CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...) NOT-FOR-US: Samsung CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021 ...) NOT-FOR-US: Samsung CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...) NOT-FOR-US: Samsung CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...) NOT-FOR-US: Samsung CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...) NOT-FOR-US: Samsung CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...) NOT-FOR-US: Samsung CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...) NOT-FOR-US: Samsung mobile devices CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior ...) NOT-FOR-US: Samsung mobile devices CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...) NOT-FOR-US: Samsung mobile devices CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...) NOT-FOR-US: Samsung mobile devices CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...) NOT-FOR-US: Samsung mobile devices CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...) NOT-FOR-US: Samsung mobile devices CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...) NOT-FOR-US: Samsung Pay mini application CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...) NOT-FOR-US: Samsung Pay mini application CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...) NOT-FOR-US: Samsung Pay mini application CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...) NOT-FOR-US: MobileWips application CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) NOT-FOR-US: MISP CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...) NOT-FOR-US: Files.com Fat Client CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...) NOT-FOR-US: D-Link CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...) {DSA-4838-1 DLA-2529-1} - mutt 2.0.5-1 (bug #980326) NOTE: https://gitlab.com/muttmua/mutt/-/issues/323 NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 CVE-2021-3180 RESERVED CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...) {DSA-4891-1 DLA-2594-1} - tomcat9 9.0.43-1 - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/2 NOTE: https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453 (9.0.43) NOTE: https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35 (8.5.63) NOTE: https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5 (7.0.108) NOTE: CVE is for incomplete fix for CVE-2020-9484. CVE-2021-25328 (Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a ...) NOT-FOR-US: Skyworth Digital Technology RN510 CVE-2021-25327 (Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site requ ...) NOT-FOR-US: Skyworth Digital Technology RN510 CVE-2021-25326 (Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrec ...) NOT-FOR-US: Skyworth Digital Technology RN510 CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...) NOT-FOR-US: MISP CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...) NOT-FOR-US: MISP CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...) NOT-FOR-US: MISP CVE-2021-25322 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-Hyper ...) - hyperkitty (SuSE-specific packaging issue) CVE-2021-25321 (A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of ...) - arpwatch (SuSE specific packaging issue) NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does apply permissions NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows users in th ...) NOT-FOR-US: Rancher CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...) - virtualbox (openSUSE specific security issue in the openSUSE packaging) NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2 CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: Rancher CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...) - cups (In Debian /var/log/cups is owned by root:root) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119 CVE-2021-25316 (A Insecure Temporary File vulnerability in s390-tools of SUSE Linux En ...) NOT-FOR-US: SuSE (different from src:s390-tools in Debian) CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...) - salt (SuSE specific issue, cf #985085) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382 CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerability i ...) NOT-FOR-US: hawk2 as packaged by SuSE CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) NOT-FOR-US: Rancher CVE-2021-3179 RESERVED CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...) {DLA-2586-1} - linux 5.10.12-1 (unimportant) [buster] - linux 4.19.171-1 NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/ NOTE: Disputed/mild security relevance/impact CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...) {DLA-2619-1} - python3.9 3.9.1-3 - python3.8 - python3.7 [buster] - python3.7 3.7.3-2+deb10u3 [stretch] - python3.7 (Minor issue) - python3.5 - python2.7 2.7.18-2 [buster] - python2.7 (Minor issue) [stretch] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue42938 NOTE: https://github.com/python/cpython/pull/24239 NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html NOTE: https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7 (master) NOTE: https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 (3.9) NOTE: https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8) NOTE: https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7) NOTE: https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6) CVE-2021-3176 (The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for ...) NOT-FOR-US: Mitel CVE-2021-3175 RESERVED CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...) - condor (Only affects versions 8.9.2 through 8.9.10 inclusive) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversal outs ...) - condor (Only affects versions 8.9.7 through 8.9.10 inclusive) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Be ...) NOT-FOR-US: Belkin Linksys WRT160NL devices CVE-2021-25309 (The telnet administrator service running on port 650 on Gigaset DX600A ...) NOT-FOR-US: Gigaset devices CVE-2021-25308 RESERVED CVE-2021-25307 RESERVED CVE-2021-25306 (A buffer overflow vulnerability in the AT command interface of Gigaset ...) NOT-FOR-US: Gigaset devices CVE-2021-3174 RESERVED CVE-2021-25305 RESERVED CVE-2021-25304 RESERVED CVE-2021-25303 RESERVED CVE-2021-25302 RESERVED CVE-2021-3173 RESERVED CVE-2021-3172 RESERVED CVE-2021-3171 RESERVED CVE-2021-3170 RESERVED CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to create a co ...) NOT-FOR-US: Jumpserver CVE-2021-3168 RESERVED CVE-2021-3167 (In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens ar ...) NOT-FOR-US: Cloudera Data Engineering (CDE) CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An at ...) NOT-FOR-US: ASUS devices CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser acco ...) NOT-FOR-US: SmartAgent CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...) NOT-FOR-US: ChurchRota CVE-2021-3163 (A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attac ...) NOT-FOR-US: Slab Quill CVE-2021-25301 RESERVED CVE-2021-25300 RESERVED CVE-2021-25299 (Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). ...) NOT-FOR-US: Nagios XI CVE-2021-25298 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) NOT-FOR-US: Nagios XI CVE-2021-25297 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) NOT-FOR-US: Nagios XI CVE-2021-25296 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) NOT-FOR-US: Nagios XI CVE-2021-25295 (OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issue ...) NOT-FOR-US: OpenCATS CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity re ...) NOT-FOR-US: OpenCATS CVE-2021-25293 (An issue was discovered in Pillow before 8.1.1. There is an out-of-bou ...) - pillow 8.1.1-1 [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5 NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (v4.3.0) CVE-2021-25292 (An issue was discovered in Pillow before 8.1.1. The PDF parser allows ...) - pillow 8.1.1-1 [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4 (5.1.0) CVE-2021-25291 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...) - pillow 8.1.1-1 [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61 NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) CVE-2021-25290 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...) {DLA-2716-1} - pillow 8.1.1-1 [buster] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9 CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ...) - pillow 8.1.1-1 [buster] - pillow (Vulnerable code not present) [stretch] - pillow (Vulnerable code not present) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299 CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 NOTE: Debian packages are built without JPEG2000 support CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 NOTE: Debian packages are built without JPEG2000 support CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...) {DSA-4833-1 DLA-2528-1} - gst-plugins-bad1.0 1.18.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1917192 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc NOTE: https://www.openwall.com/lists/oss-security/2021/01/20/1 CVE-2021-25286 RESERVED CVE-2021-25285 RESERVED CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection] - php-laravel-framework 6.20.14+dfsg-2 (bug #987831) - php-illuminate-database (bug #987848) NOTE: https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j NOTE: https://blog.laravel.com/security-sql-injection-in-sql-server-limit-offset CVE-2021-XXXX [Unexpected database bindings via requests (follow-up)] - php-laravel-framework 6.20.14+dfsg-1 NOTE: https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg TODO: check php-illuminate-database and CVE assignment CVE-2021-21263 (Laravel is a web application framework. Versions of Laravel before 6.2 ...) - php-laravel-framework 6.20.11+dfsg-1 (bug #980095) - php-illuminate-database (bug #980899) NOTE: https://blog.laravel.com/security-laravel-62011-7302-8221-released NOTE: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x NOTE: https://github.com/laravel/framework/pull/35865 CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certificat ...) NOT-FOR-US: Docker Desktop on MacOS CVE-2021-3161 RESERVED CVE-2021-3160 (Deserialization of untrusted data in the login page of ASSUWEB 359.3 b ...) NOT-FOR-US: ACA CVE-2021-25280 RESERVED CVE-2021-25279 RESERVED CVE-2021-25278 (FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Backgroun ...) NOT-FOR-US: FTAPI CVE-2021-25277 (FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative ...) NOT-FOR-US: FTAPI CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory cont ...) NOT-FOR-US: SolarWinds CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various SolarWin ...) NOT-FOR-US: SolarWinds CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...) NOT-FOR-US: SolarWinds CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the /sys/attachme ...) NOT-FOR-US: Landray EKP CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email detail vi ...) NOT-FOR-US: Sophos CVE-2021-25272 RESERVED CVE-2021-25271 (A local attacker could read or write arbitrary files with administrato ...) NOT-FOR-US: HitmanPro CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...) NOT-FOR-US: HitmanPro CVE-2021-25269 RESERVED CVE-2021-25268 RESERVED CVE-2021-25267 RESERVED CVE-2021-25266 RESERVED CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...) NOT-FOR-US: Sophos Connect Client CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...) NOT-FOR-US: Sophos CVE-2021-25263 (Clickhouse prior to versions v20.8.18.32-lts, v21.1.9.41-stable, v21.2 ...) - clickhouse (Vulnerable code introduced later) NOTE: https://github.com/ClickHouse/ClickHouse/pull/22822 NOTE: Vulnerable code introduced at https://github.com/ClickHouse/ClickHouse/commit/ea8994b9e4fd4434b296ffccbfbf60c3c65a50d1 CVE-2021-25262 RESERVED CVE-2021-25261 RESERVED CVE-2021-25260 RESERVED CVE-2021-25259 RESERVED CVE-2021-25258 RESERVED CVE-2021-25257 RESERVED CVE-2021-25256 RESERVED CVE-2021-25255 RESERVED CVE-2021-25254 RESERVED CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...) NOT-FOR-US: Trend Micro CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...) NOT-FOR-US: Trend Micro CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...) NOT-FOR-US: Trend Micro CVE-2021-25250 (An improper access control vulnerability in Trend Micro Apex One, Tren ...) NOT-FOR-US: Trend Micro CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...) NOT-FOR-US: Trend Micro CVE-2021-25248 (An out-of-bounds read information disclosure vulnerability in Trend Mi ...) NOT-FOR-US: Trend Micro CVE-2021-25247 (A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks ...) NOT-FOR-US: Trend Micro CVE-2021-25246 (An improper access control information disclosure vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2021-25245 (An improper access control vulnerability in Worry-Free Business Securi ...) NOT-FOR-US: Worry-Free Business Security CVE-2021-25244 (An improper access control vulnerability in Worry-Free Business Securi ...) NOT-FOR-US: Worry-Free Business Security CVE-2021-25243 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25242 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25241 (A server-side request forgery (SSRF) information disclosure vulnerabil ...) NOT-FOR-US: Trend Micro CVE-2021-25240 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25239 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25238 (An improper access control information disclosure vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2021-25237 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25236 (A server-side request forgery (SSRF) information disclosure vulnerabil ...) NOT-FOR-US: Trend Micro CVE-2021-25235 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25234 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25233 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25232 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25231 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25230 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25229 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25228 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) NOT-FOR-US: Trend Micro CVE-2021-25227 (Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memor ...) NOT-FOR-US: Trend Micro CVE-2021-25226 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) NOT-FOR-US: Trend Micro CVE-2021-25225 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) NOT-FOR-US: Trend Micro CVE-2021-25224 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) NOT-FOR-US: Trend Micro CVE-2021-25223 RESERVED CVE-2021-25222 RESERVED CVE-2021-25221 RESERVED CVE-2021-25220 RESERVED CVE-2021-25219 RESERVED CVE-2021-25218 (In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ...) - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2021-25218 CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...) {DLA-2674-1} - isc-dhcp 4.4.1-2.3 (bug #989157) [buster] - isc-dhcp 4.4.1-2+deb10u1 NOTE: https://kb.isc.org/docs/cve-2021-25217 NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6 NOTE: https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches/4.4.2.CVE-2021-25217.patch CVE-2021-25216 (In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...) {DSA-4909-1 DLA-2647-1} - bind9 1:9.16.15-1 (bug #987743) NOTE: https://kb.isc.org/docs/cve-2021-25216 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/216a97188d86cb3edb307a40ff5ee61b030eb033 (v9_16_15) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/a875dcc66969ea3995eb6fc1545d39dafcb56b26 (v9_16_15) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6b0b0c6aba2488f8db5d6cdbc44162b98ffa5ed4 (v9_16_15) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3fd30e16340afd95ee8c7dca8a5ff7cc35d069bc (v9_16_15) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/565a6a56791b01b86e2fd1eaa1907bf985f2e997 (v9_16_15) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/99132eda0e006932fa5927d4ad81bced0d3b3042 (v9_16_15) NOTE: Issue can be mitigated configuring with --disable-isc-spnego and using the system library. CVE-2021-25215 (In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...) {DSA-4909-1 DLA-2647-1} - bind9 1:9.16.15-1 (bug #987742) NOTE: https://kb.isc.org/docs/cve-2021-25215 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/dde958717c9bfdc8679764c045c226e3a1468334 (v9_16_15) CVE-2021-25214 (In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, ...) {DSA-4909-1 DLA-2647-1} - bind9 1:9.16.15-1 (bug #987741) NOTE: https://kb.isc.org/docs/cve-2021-25214 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f68d4cba3321ed375bbc334e2333250893c4f587 (v9_16_15) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f092fcee10a7e8b391747dbdd7e58243bff4f75c (v9_16_15) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/01a916abac22f87a248a7525d3e7408acac0804b (v9_16_15) CVE-2021-25213 (SQL injection vulnerability in SourceCodester Travel Management System ...) NOT-FOR-US: SourceCodester CVE-2021-25212 (SQL injection vulnerability in SourceCodester Alumni Management System ...) NOT-FOR-US: SourceCodester Alumni Management System CVE-2021-25211 (Arbitrary file upload vulnerability in SourceCodester Ordering System ...) NOT-FOR-US: SourceCodester CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni Managemen ...) NOT-FOR-US: SourceCodester Alumni Management System CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park Ticketing Sys ...) NOT-FOR-US: SourceCodester Theme Park Ticketing System CVE-2021-25208 (Arbitrary file upload vulnerability in SourceCodester Travel Managemen ...) NOT-FOR-US: SourceCodester CVE-2021-25207 (Arbitrary file upload vulnerability in SourceCodester E-Commerce Websi ...) NOT-FOR-US: SourceCodester CVE-2021-25206 (Arbitrary file upload vulnerability in SourceCodester Responsive Order ...) NOT-FOR-US: SourceCodester CVE-2021-25205 (SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 ...) NOT-FOR-US: SourceCodester CVE-2021-25204 (Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce ...) NOT-FOR-US: SourceCodester CVE-2021-25203 (Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attacke ...) NOT-FOR-US: Victor CMS CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventory Syst ...) NOT-FOR-US: SourceCodester Sales and Inventory System CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 1.0 allows ...) NOT-FOR-US: Learning Management System CVE-2021-25200 (Arbitrary file upload vulnerability in SourceCodester Learning Managem ...) NOT-FOR-US: SourceCodester CVE-2021-25199 RESERVED CVE-2021-25198 RESERVED CVE-2021-25197 (Cross-site scripting (XSS) vulnerability in SourceCodester Content Man ...) NOT-FOR-US: SourceCodester Content Management System CVE-2021-3158 RESERVED CVE-2021-3157 RESERVED CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result in a ...) {DSA-4839-1 DLA-2534-1} - sudo 1.9.5p1-1.1 NOTE: https://www.sudo.ws/alerts/unescape_overflow.html NOTE: https://www.sudo.ws/repos/sudo/rev/9b97f1787804 NOTE: https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b NOTE: https://www.sudo.ws/repos/sudo/rev/049ad90590be NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89 NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783 NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3 CVE-2021-3155 RESERVED CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...) NOT-FOR-US: SolarWinds CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...) NOT-FOR-US: HashiCorp Terraform Enterprise CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...) NOT-FOR-US: Home Assistant CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...) NOT-FOR-US: i-doit CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal Data ...) NOT-FOR-US: Cryptshare Server CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...) NOT-FOR-US: Netshield NANO devices CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-3147 RESERVED CVE-2021-25196 RESERVED CVE-2021-25195 (Windows PKU2U Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-25194 RESERVED CVE-2021-25193 RESERVED CVE-2021-25192 RESERVED CVE-2021-25191 RESERVED CVE-2021-25190 RESERVED CVE-2021-25189 RESERVED CVE-2021-25188 RESERVED CVE-2021-25187 RESERVED CVE-2021-25186 RESERVED CVE-2021-25185 RESERVED CVE-2021-25184 RESERVED CVE-2021-25183 RESERVED CVE-2021-25182 RESERVED CVE-2021-25181 RESERVED CVE-2021-25180 RESERVED CVE-2021-25179 (SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS ...) NOT-FOR-US: SolarWinds CVE-2021-25178 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-25177 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-25176 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-25175 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-25174 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-25173 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-25172 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25171 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25170 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba CVE-2021-25163 (A remote XML external entity vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...) NOT-FOR-US: Aruba CVE-2021-25160 (A remote arbitrary file modification vulnerability was discovered in s ...) NOT-FOR-US: Aruba CVE-2021-25159 (A remote arbitrary file modification vulnerability was discovered in s ...) NOT-FOR-US: Aruba CVE-2021-25158 (A remote arbitrary file read vulnerability was discovered in some Arub ...) NOT-FOR-US: Aruba CVE-2021-25157 (A remote arbitrary file read vulnerability was discovered in some Arub ...) NOT-FOR-US: Aruba CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered in so ...) NOT-FOR-US: Aruba CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...) NOT-FOR-US: Aruba CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered in Aruba ...) NOT-FOR-US: Aruba CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba AirWave M ...) NOT-FOR-US: Aruba CVE-2021-25152 (A remote insecure deserialization vulnerability was discovered in Arub ...) NOT-FOR-US: Aruba CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered in Arub ...) NOT-FOR-US: Aruba CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) NOT-FOR-US: Aruba CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...) NOT-FOR-US: Aruba CVE-2021-25147 (A remote authentication restriction bypass vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...) NOT-FOR-US: Aruba CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) NOT-FOR-US: Aruba CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...) NOT-FOR-US: Aruba CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...) NOT-FOR-US: HPE CVE-2021-25140 (A potential security vulnerability has been identified in the HPE Moon ...) NOT-FOR-US: HPE CVE-2021-25139 (A potential security vulnerability has been identified in the HPE Moon ...) NOT-FOR-US: HPE CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25136 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25135 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25134 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25133 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25132 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25131 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25130 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25129 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25128 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25127 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25126 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25125 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...) {DSA-4891-1 DLA-2594-1} - tomcat9 9.0.43-1 - tomcat8 - tomcat7 [stretch] - tomcat7 (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1 NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43) NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63) CVE-2021-25121 RESERVED CVE-2021-25120 RESERVED CVE-2021-25119 RESERVED CVE-2021-25118 RESERVED CVE-2021-25117 RESERVED CVE-2021-25116 RESERVED CVE-2021-25115 RESERVED CVE-2021-25114 RESERVED CVE-2021-25113 RESERVED CVE-2021-25112 RESERVED CVE-2021-25111 RESERVED CVE-2021-25110 RESERVED CVE-2021-25109 RESERVED CVE-2021-25108 RESERVED CVE-2021-25107 RESERVED CVE-2021-25106 RESERVED CVE-2021-25105 RESERVED CVE-2021-25104 RESERVED CVE-2021-25103 RESERVED CVE-2021-25102 RESERVED CVE-2021-25101 RESERVED CVE-2021-25100 RESERVED CVE-2021-25099 RESERVED CVE-2021-25098 RESERVED CVE-2021-25097 RESERVED CVE-2021-25096 RESERVED CVE-2021-25095 RESERVED CVE-2021-25094 RESERVED CVE-2021-25093 RESERVED CVE-2021-25092 RESERVED CVE-2021-25091 RESERVED CVE-2021-25090 RESERVED CVE-2021-25089 RESERVED CVE-2021-25088 RESERVED CVE-2021-25087 RESERVED CVE-2021-25086 RESERVED CVE-2021-25085 RESERVED CVE-2021-25084 RESERVED CVE-2021-25083 RESERVED CVE-2021-25082 RESERVED CVE-2021-25081 RESERVED CVE-2021-25080 RESERVED CVE-2021-25079 RESERVED CVE-2021-25078 RESERVED CVE-2021-25077 RESERVED CVE-2021-25076 RESERVED CVE-2021-25075 RESERVED CVE-2021-25074 RESERVED CVE-2021-25073 RESERVED CVE-2021-25072 RESERVED CVE-2021-25071 RESERVED CVE-2021-25070 RESERVED CVE-2021-25069 RESERVED CVE-2021-25068 RESERVED CVE-2021-25067 RESERVED CVE-2021-25066 RESERVED CVE-2021-25065 RESERVED CVE-2021-25064 RESERVED CVE-2021-25063 RESERVED CVE-2021-25062 RESERVED CVE-2021-25061 RESERVED CVE-2021-25060 RESERVED CVE-2021-25059 RESERVED CVE-2021-25058 RESERVED CVE-2021-25057 RESERVED CVE-2021-25056 RESERVED CVE-2021-25055 RESERVED CVE-2021-25054 RESERVED CVE-2021-25053 RESERVED CVE-2021-25052 RESERVED CVE-2021-25051 RESERVED CVE-2021-25050 RESERVED CVE-2021-25049 RESERVED CVE-2021-25048 RESERVED CVE-2021-25047 RESERVED CVE-2021-25046 RESERVED CVE-2021-25045 RESERVED CVE-2021-25044 RESERVED CVE-2021-25043 RESERVED CVE-2021-25042 RESERVED CVE-2021-25041 RESERVED CVE-2021-25040 RESERVED CVE-2021-25039 RESERVED CVE-2021-25038 RESERVED CVE-2021-25037 RESERVED CVE-2021-25036 RESERVED CVE-2021-25035 RESERVED CVE-2021-25034 RESERVED CVE-2021-25033 RESERVED CVE-2021-25032 RESERVED CVE-2021-25031 RESERVED CVE-2021-25030 RESERVED CVE-2021-25029 RESERVED CVE-2021-25028 RESERVED CVE-2021-25027 RESERVED CVE-2021-25026 RESERVED CVE-2021-25025 RESERVED CVE-2021-25024 RESERVED CVE-2021-25023 RESERVED CVE-2021-25022 RESERVED CVE-2021-25021 RESERVED CVE-2021-25020 RESERVED CVE-2021-25019 RESERVED CVE-2021-25018 RESERVED CVE-2021-25017 RESERVED CVE-2021-25016 RESERVED CVE-2021-25015 RESERVED CVE-2021-25014 RESERVED CVE-2021-25013 RESERVED CVE-2021-25012 RESERVED CVE-2021-25011 RESERVED CVE-2021-25010 RESERVED CVE-2021-25009 RESERVED CVE-2021-25008 RESERVED CVE-2021-25007 RESERVED CVE-2021-25006 RESERVED CVE-2021-25005 RESERVED CVE-2021-25004 RESERVED CVE-2021-25003 RESERVED CVE-2021-25002 RESERVED CVE-2021-25001 RESERVED CVE-2021-25000 RESERVED CVE-2021-24999 RESERVED CVE-2021-24998 RESERVED CVE-2021-24997 RESERVED CVE-2021-24996 RESERVED CVE-2021-24995 RESERVED CVE-2021-24994 RESERVED CVE-2021-24993 RESERVED CVE-2021-24992 RESERVED CVE-2021-24991 RESERVED CVE-2021-24990 RESERVED CVE-2021-24989 RESERVED CVE-2021-24988 RESERVED CVE-2021-24987 RESERVED CVE-2021-24986 RESERVED CVE-2021-24985 RESERVED CVE-2021-24984 RESERVED CVE-2021-24983 RESERVED CVE-2021-24982 RESERVED CVE-2021-24981 RESERVED CVE-2021-24980 RESERVED CVE-2021-24979 RESERVED CVE-2021-24978 RESERVED CVE-2021-24977 RESERVED CVE-2021-24976 RESERVED CVE-2021-24975 RESERVED CVE-2021-24974 RESERVED CVE-2021-24973 RESERVED CVE-2021-24972 RESERVED CVE-2021-24971 RESERVED CVE-2021-24970 RESERVED CVE-2021-24969 RESERVED CVE-2021-24968 RESERVED CVE-2021-24967 RESERVED CVE-2021-24966 RESERVED CVE-2021-24965 RESERVED CVE-2021-24964 RESERVED CVE-2021-24963 RESERVED CVE-2021-24962 RESERVED CVE-2021-24961 RESERVED CVE-2021-24960 RESERVED CVE-2021-24959 RESERVED CVE-2021-24958 RESERVED CVE-2021-24957 RESERVED CVE-2021-24956 RESERVED CVE-2021-24955 RESERVED CVE-2021-24954 RESERVED CVE-2021-24953 RESERVED CVE-2021-24952 RESERVED CVE-2021-24951 RESERVED CVE-2021-24950 RESERVED CVE-2021-24949 RESERVED CVE-2021-24948 RESERVED CVE-2021-24947 RESERVED CVE-2021-24946 RESERVED CVE-2021-24945 RESERVED CVE-2021-24944 RESERVED CVE-2021-24943 RESERVED CVE-2021-24942 RESERVED CVE-2021-24941 RESERVED CVE-2021-24940 RESERVED CVE-2021-24939 RESERVED CVE-2021-24938 RESERVED CVE-2021-24937 RESERVED CVE-2021-24936 RESERVED CVE-2021-24935 RESERVED CVE-2021-24934 RESERVED CVE-2021-24933 RESERVED CVE-2021-24932 RESERVED CVE-2021-24931 RESERVED CVE-2021-24930 RESERVED CVE-2021-24929 RESERVED CVE-2021-24928 RESERVED CVE-2021-24927 RESERVED CVE-2021-24926 RESERVED CVE-2021-24925 RESERVED CVE-2021-24924 RESERVED CVE-2021-24923 RESERVED CVE-2021-24922 RESERVED CVE-2021-24921 RESERVED CVE-2021-24920 RESERVED CVE-2021-24919 RESERVED CVE-2021-24918 RESERVED CVE-2021-24917 RESERVED CVE-2021-24916 RESERVED CVE-2021-24915 RESERVED CVE-2021-24914 RESERVED CVE-2021-24913 RESERVED CVE-2021-24912 RESERVED CVE-2021-24911 RESERVED CVE-2021-24910 RESERVED CVE-2021-24909 RESERVED CVE-2021-24908 RESERVED CVE-2021-24907 RESERVED CVE-2021-24906 RESERVED CVE-2021-24905 RESERVED CVE-2021-24904 RESERVED CVE-2021-24903 RESERVED CVE-2021-24902 RESERVED CVE-2021-24901 RESERVED CVE-2021-24900 RESERVED CVE-2021-24899 RESERVED CVE-2021-24898 RESERVED CVE-2021-24897 RESERVED CVE-2021-24896 RESERVED CVE-2021-24895 RESERVED CVE-2021-24894 RESERVED CVE-2021-24893 RESERVED CVE-2021-24892 RESERVED CVE-2021-24891 RESERVED CVE-2021-24890 RESERVED CVE-2021-24889 RESERVED CVE-2021-24888 RESERVED CVE-2021-24887 RESERVED CVE-2021-24886 RESERVED CVE-2021-24885 RESERVED CVE-2021-24884 RESERVED CVE-2021-24883 RESERVED CVE-2021-24882 RESERVED CVE-2021-24881 RESERVED CVE-2021-24880 RESERVED CVE-2021-24879 RESERVED CVE-2021-24878 RESERVED CVE-2021-24877 RESERVED CVE-2021-24876 RESERVED CVE-2021-24875 RESERVED CVE-2021-24874 RESERVED CVE-2021-24873 RESERVED CVE-2021-24872 RESERVED CVE-2021-24871 RESERVED CVE-2021-24870 RESERVED CVE-2021-24869 RESERVED CVE-2021-24868 RESERVED CVE-2021-24867 RESERVED CVE-2021-24866 RESERVED CVE-2021-24865 RESERVED CVE-2021-24864 RESERVED CVE-2021-24863 RESERVED CVE-2021-24862 RESERVED CVE-2021-24861 RESERVED CVE-2021-24860 RESERVED CVE-2021-24859 RESERVED CVE-2021-24858 RESERVED CVE-2021-24857 RESERVED CVE-2021-24856 RESERVED CVE-2021-24855 RESERVED CVE-2021-24854 RESERVED CVE-2021-24853 RESERVED CVE-2021-24852 RESERVED CVE-2021-24851 RESERVED CVE-2021-24850 RESERVED CVE-2021-24849 RESERVED CVE-2021-24848 RESERVED CVE-2021-24847 RESERVED CVE-2021-24846 RESERVED CVE-2021-24845 RESERVED CVE-2021-24844 RESERVED CVE-2021-24843 RESERVED CVE-2021-24842 RESERVED CVE-2021-24841 RESERVED CVE-2021-24840 RESERVED CVE-2021-24839 RESERVED CVE-2021-24838 RESERVED CVE-2021-24837 RESERVED CVE-2021-24836 RESERVED CVE-2021-24835 RESERVED CVE-2021-24834 RESERVED CVE-2021-24833 RESERVED CVE-2021-24832 RESERVED CVE-2021-24831 RESERVED CVE-2021-24830 RESERVED CVE-2021-24829 RESERVED CVE-2021-24828 RESERVED CVE-2021-24827 RESERVED CVE-2021-24826 RESERVED CVE-2021-24825 RESERVED CVE-2021-24824 RESERVED CVE-2021-24823 RESERVED CVE-2021-24822 RESERVED CVE-2021-24821 RESERVED CVE-2021-24820 RESERVED CVE-2021-24819 RESERVED CVE-2021-24818 RESERVED CVE-2021-24817 RESERVED CVE-2021-24816 RESERVED CVE-2021-24815 RESERVED CVE-2021-24814 RESERVED CVE-2021-24813 RESERVED CVE-2021-24812 RESERVED CVE-2021-24811 RESERVED CVE-2021-24810 RESERVED CVE-2021-24809 RESERVED CVE-2021-24808 RESERVED CVE-2021-24807 RESERVED CVE-2021-24806 RESERVED CVE-2021-24805 RESERVED CVE-2021-24804 RESERVED CVE-2021-24803 RESERVED CVE-2021-24802 RESERVED CVE-2021-24801 RESERVED CVE-2021-24800 RESERVED CVE-2021-24799 RESERVED CVE-2021-24798 RESERVED CVE-2021-24797 RESERVED CVE-2021-24796 RESERVED CVE-2021-24795 RESERVED CVE-2021-24794 RESERVED CVE-2021-24793 RESERVED CVE-2021-24792 RESERVED CVE-2021-24791 RESERVED CVE-2021-24790 RESERVED CVE-2021-24789 RESERVED CVE-2021-24788 RESERVED CVE-2021-24787 RESERVED CVE-2021-24786 RESERVED CVE-2021-24785 RESERVED CVE-2021-24784 RESERVED CVE-2021-24783 RESERVED CVE-2021-24782 RESERVED CVE-2021-24781 RESERVED CVE-2021-24780 RESERVED CVE-2021-24779 RESERVED CVE-2021-24778 RESERVED CVE-2021-24777 RESERVED CVE-2021-24776 RESERVED CVE-2021-24775 RESERVED CVE-2021-24774 RESERVED CVE-2021-24773 RESERVED CVE-2021-24772 RESERVED CVE-2021-24771 RESERVED CVE-2021-24770 RESERVED CVE-2021-24769 RESERVED CVE-2021-24768 RESERVED CVE-2021-24767 RESERVED CVE-2021-24766 RESERVED CVE-2021-24765 RESERVED CVE-2021-24764 RESERVED CVE-2021-24763 RESERVED CVE-2021-24762 RESERVED CVE-2021-24761 RESERVED CVE-2021-24760 RESERVED CVE-2021-24759 RESERVED CVE-2021-24758 RESERVED CVE-2021-24757 RESERVED CVE-2021-24756 RESERVED CVE-2021-24755 RESERVED CVE-2021-24754 RESERVED CVE-2021-24753 RESERVED CVE-2021-24752 RESERVED CVE-2021-24751 RESERVED CVE-2021-24750 RESERVED CVE-2021-24749 RESERVED CVE-2021-24748 RESERVED CVE-2021-24747 RESERVED CVE-2021-24746 RESERVED CVE-2021-24745 RESERVED CVE-2021-24744 RESERVED CVE-2021-24743 RESERVED CVE-2021-24742 RESERVED CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...) NOT-FOR-US: WordPress plugin CVE-2021-24740 RESERVED CVE-2021-24739 RESERVED CVE-2021-24738 RESERVED CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24736 RESERVED CVE-2021-24735 RESERVED CVE-2021-24734 RESERVED CVE-2021-24733 RESERVED CVE-2021-24732 RESERVED CVE-2021-24731 RESERVED CVE-2021-24730 RESERVED CVE-2021-24729 RESERVED CVE-2021-24728 (The Membership & Content Restriction – Paid Member Subscript ...) NOT-FOR-US: WordPress plugin CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate or escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24726 (The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not e ...) NOT-FOR-US: WordPress plugin CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2021-24723 RESERVED CVE-2021-24722 RESERVED CVE-2021-24721 RESERVED CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...) NOT-FOR-US: WordPress plugin CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...) NOT-FOR-US: WordPress theme CVE-2021-24718 RESERVED CVE-2021-24717 RESERVED CVE-2021-24716 RESERVED CVE-2021-24715 RESERVED CVE-2021-24714 RESERVED CVE-2021-24713 RESERVED CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...) NOT-FOR-US: WordPress plugin CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...) NOT-FOR-US: WordPress plugin CVE-2021-24710 RESERVED CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...) NOT-FOR-US: WordPress plugin CVE-2021-24708 RESERVED CVE-2021-24707 RESERVED CVE-2021-24706 RESERVED CVE-2021-24705 RESERVED CVE-2021-24704 RESERVED CVE-2021-24703 RESERVED CVE-2021-24702 RESERVED CVE-2021-24701 RESERVED CVE-2021-24700 RESERVED CVE-2021-24699 RESERVED CVE-2021-24698 RESERVED CVE-2021-24697 RESERVED CVE-2021-24696 RESERVED CVE-2021-24695 RESERVED CVE-2021-24694 RESERVED CVE-2021-24693 RESERVED CVE-2021-24692 RESERVED CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...) NOT-FOR-US: WordPress plugin CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2021-24689 RESERVED CVE-2021-24688 RESERVED CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24686 RESERVED CVE-2021-24685 RESERVED CVE-2021-24684 RESERVED CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...) NOT-FOR-US: WordPress plugin CVE-2021-24682 RESERVED CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24680 RESERVED CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2021-24677 RESERVED CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24675 RESERVED CVE-2021-24674 RESERVED CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...) NOT-FOR-US: WordPress plugin CVE-2021-24672 RESERVED CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...) NOT-FOR-US: WordPress plugin CVE-2021-24669 RESERVED CVE-2021-24668 RESERVED CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...) NOT-FOR-US: FortiGuard CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ...) NOT-FOR-US: WordPress plugin CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...) NOT-FOR-US: WordPress plugin CVE-2021-24664 RESERVED CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...) NOT-FOR-US: WordPress plugin CVE-2021-24662 RESERVED CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24659 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 d ...) NOT-FOR-US: WordPress plugin CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 3.2.4 do ...) NOT-FOR-US: WordPress plugin CVE-2021-24655 RESERVED CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2021-24653 RESERVED CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...) NOT-FOR-US: WordPress plugin CVE-2021-24650 RESERVED CVE-2021-24649 RESERVED CVE-2021-24648 RESERVED CVE-2021-24647 RESERVED CVE-2021-24646 RESERVED CVE-2021-24645 RESERVED CVE-2021-24644 RESERVED CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...) NOT-FOR-US: WordPress plugin CVE-2021-24642 RESERVED CVE-2021-24641 RESERVED CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...) NOT-FOR-US: WordPress plugin CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path validatio ...) NOT-FOR-US: WordPress plugin CVE-2021-24638 (The OMGF WordPress plugin before 4.5.4 does not escape or validate the ...) NOT-FOR-US: WordPress plugin CVE-2021-24637 (The Google Fonts Typography WordPress plugin before 3.0.3 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24636 (The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce ...) NOT-FOR-US: WordPress plugin CVE-2021-24635 (The Visual Link Preview WordPress plugin before 2.2.3 does not enforce ...) NOT-FOR-US: WordPress plugin CVE-2021-24634 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24633 (The Countdown Block WordPress plugin before 1.1.2 does not have author ...) NOT-FOR-US: WordPress plugin CVE-2021-24632 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24631 RESERVED CVE-2021-24630 RESERVED CVE-2021-24629 RESERVED CVE-2021-24628 RESERVED CVE-2021-24627 RESERVED CVE-2021-24626 RESERVED CVE-2021-24625 RESERVED CVE-2021-24624 RESERVED CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-24622 RESERVED CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise it ...) NOT-FOR-US: WordPress plugin CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products thr ...) NOT-FOR-US: WordPress plugin CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24617 RESERVED CVE-2021-24616 RESERVED CVE-2021-24615 RESERVED CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24612 RESERVED CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implement a ...) NOT-FOR-US: WordPress plugin CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...) NOT-FOR-US: WordPress plugin CVE-2021-24608 RESERVED CVE-2021-24607 RESERVED CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24604 (The Availability Calendar WordPress plugin before 1.2.2 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2021-24603 (The Site Reviews WordPress plugin before 5.13.1 does not sanitise some ...) NOT-FOR-US: WordPress plugin CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not have any ac ...) NOT-FOR-US: WordPress plugin CVE-2021-24601 (The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24600 (The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2021-24599 (The Email Encoder – Protect Email Addresses WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2021-24598 RESERVED CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its qrcod ...) NOT-FOR-US: WordPress plugin CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...) NOT-FOR-US: WordPress plugin CVE-2021-24595 RESERVED CVE-2021-24594 RESERVED CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...) NOT-FOR-US: WordPress plugin CVE-2021-24591 (The Highlight WordPress plugin before 0.9.3 does not sanitise its Cust ...) NOT-FOR-US: WordPress plugin CVE-2021-24590 (The Cookie Notice & Consent Banner for GDPR & CCPA Compliance ...) NOT-FOR-US: WordPress plugin CVE-2021-24589 RESERVED CVE-2021-24588 (The SMS Alert Order Notifications WordPress plugin before 3.4.7 is aff ...) NOT-FOR-US: WordPress plugin CVE-2021-24587 (The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24586 (The Per page add to head WordPress plugin before 1.4.4 is lacking any ...) NOT-FOR-US: WordPress plugin CVE-2021-24585 (The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs ...) NOT-FOR-US: WordPress plugin CVE-2021-24584 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24583 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24582 (The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape ...) NOT-FOR-US: WordPress plugin CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise use ...) NOT-FOR-US: WordPress plugin CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...) NOT-FOR-US: WordPress plugin CVE-2021-24578 RESERVED CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...) NOT-FOR-US: WordPress plugin CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24575 RESERVED CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24573 RESERVED CVE-2021-24572 RESERVED CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its ...) NOT-FOR-US: WordPress plugin CVE-2021-24570 RESERVED CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...) NOT-FOR-US: WordPress plugin CVE-2021-24567 RESERVED CVE-2021-24566 RESERVED CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have ...) NOT-FOR-US: WordPress plugin CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24563 (The Frontend Uploader WordPress plugin through 1.3.2 does not prevent ...) NOT-FOR-US: WordPress plugin CVE-2021-24562 (The LMS by LifterLMS – Online Course, Membership & Learning ...) NOT-FOR-US: WordPress plugin CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...) NOT-FOR-US: WordPress plugin CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24559 RESERVED CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...) NOT-FOR-US: WordPress plugin CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...) NOT-FOR-US: Wordpress plugin CVE-2021-24556 (The kento_email_subscriber_ajax AJAX action of the Email Subscriber Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-24555 (The daac_delete_booking_callback function, hooked to the daac_delete_b ...) NOT-FOR-US: Wordpress plugin CVE-2021-24554 (The Paytm – Donation Plugin WordPress plugin through 1.3.2 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24553 (The Timeline Calendar WordPress plugin through 1.2 does not sanitise, ...) NOT-FOR-US: WordPress plugin CVE-2021-24552 (The Simple Events Calendar WordPress plugin through 1.4.0 does not san ...) NOT-FOR-US: WordPress plugin CVE-2021-24551 (The Edit Comments WordPress plugin through 0.3 does not sanitise, vali ...) NOT-FOR-US: WordPress plugin CVE-2021-24550 (The Broken Link Manager WordPress plugin through 0.6.5 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2021-24549 (The AceIDE WordPress plugin through 2.6.2 does not sanitise or validat ...) NOT-FOR-US: WordPress plugin CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Au ...) NOT-FOR-US: WordPress plugin CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2021-24544 RESERVED CVE-2021-24543 RESERVED CVE-2021-24542 RESERVED CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...) NOT-FOR-US: WordPress plugin CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...) NOT-FOR-US: WordPress plugin CVE-2021-24539 RESERVED CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...) NOT-FOR-US: WordPress plugin CVE-2021-24537 RESERVED CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...) NOT-FOR-US: WordPress plugin CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24533 (The Maintenance WordPress plugin before 4.03 does not sanitise or esca ...) NOT-FOR-US: WordPress plugin CVE-2021-24532 RESERVED CVE-2021-24531 (The Charitable – Donation Plugin WordPress plugin before 1.6.51 ...) NOT-FOR-US: WordPress plugin CVE-2021-24530 (The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly s ...) NOT-FOR-US: WordPress plugin CVE-2021-24529 (The Grid Gallery – Photo Image Grid Gallery WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize paramet ...) NOT-FOR-US: WordPress plugin CVE-2021-24527 (The User Registration & User Profile – Profile Builder WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contac ...) NOT-FOR-US: WordPress plugin CVE-2021-24525 (The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users wi ...) NOT-FOR-US: WordPress plugin CVE-2021-24524 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-24523 (The Daily Prayer Time WordPress plugin before 2021.08.10 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2021-24522 (The User Registration, User Profile, Login & Membership – Pr ...) NOT-FOR-US: Wordpress plugin CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress plugin b ...) NOT-FOR-US: Wordpress plugin CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks proper san ...) NOT-FOR-US: Wordpress plugin CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...) NOT-FOR-US: WordPress plugin CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) NOT-FOR-US: WordPress plugin CVE-2021-24516 RESERVED CVE-2021-24515 RESERVED CVE-2021-24514 RESERVED CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...) NOT-FOR-US: WordPress plugin CVE-2021-24511 (The fetch_product_ajax functionality in the Product Feed on WooCommerc ...) NOT-FOR-US: WordPress plugin CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...) NOT-FOR-US: Wordpress plugin CVE-2021-24508 (The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...) NOT-FOR-US: Wordpress plugin CVE-2021-24506 (The Slider Hero with Animation, Video Background & Intro Maker Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...) NOT-FOR-US: Wordpress plugin CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2021-24503 (The Popular Brand Icons – Simple Icons WordPress plugin before 2 ...) NOT-FOR-US: WordPress plugin CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not sanitise or es ...) NOT-FOR-US: Wordpress plugin CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX actions mis ...) NOT-FOR-US: Wordpress theme CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme before ...) NOT-FOR-US: Wordpress theme CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_ ...) NOT-FOR-US: Wordpress theme CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24497 (The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL In ...) NOT-FOR-US: WordPress plugin CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...) NOT-FOR-US: WordPress plugin CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...) NOT-FOR-US: Wordpress plugin CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...) NOT-FOR-US: Wordpress plugin CVE-2021-24493 (The shopp_upload_file AJAX action of the Shopp WordPress plugin throug ...) NOT-FOR-US: WordPress plugin CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome Testimon ...) NOT-FOR-US: WordPress plugin CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24489 RESERVED CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-24487 RESERVED CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...) NOT-FOR-US: WordPress plugin CVE-2021-24485 RESERVED CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...) NOT-FOR-US: WordPress plugin CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...) NOT-FOR-US: WordPress plugin CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24481 (The Any Hostname WordPress plugin through 1.0.6 does not sanitise or e ...) NOT-FOR-US: WordPress plugin CVE-2021-24480 (The Event Geek WordPress plugin through 2.5.2 does not sanitise or esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24479 (The DrawBlog WordPress plugin through 0.90 does not sanitise or valida ...) NOT-FOR-US: WordPress plugin CVE-2021-24478 (The Bookshelf WordPress plugin through 2.0.4 does not sanitise or esca ...) NOT-FOR-US: WordPress plugin CVE-2021-24477 (The Migrate Users WordPress plugin through 1.0.1 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24476 (The Steam Group Viewer WordPress plugin through 2.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24475 RESERVED CVE-2021-24474 (The Awesome Weather Widget WordPress plugin through 3.0.2 does not san ...) NOT-FOR-US: WordPress plugin CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was affected by ...) NOT-FOR-US: WordPress plugin CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress ...) NOT-FOR-US: WordPress theme CVE-2021-24471 (The YouTube Embed WordPress plugin before 5.2.2 does not validate, esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate ...) NOT-FOR-US: WordPress plugin CVE-2021-24469 RESERVED CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...) NOT-FOR-US: WordPress plugin CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...) NOT-FOR-US: Wordpress plugin CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...) NOT-FOR-US: WordPress plugin CVE-2021-24465 (The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, vali ...) NOT-FOR-US: WordPress plugin CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays- Responsive Slid ...) NOT-FOR-US: WordPress plugin CVE-2021-24462 (The get_gallery_categories() and get_galleries() functions in the Phot ...) NOT-FOR-US: WordPress plugin CVE-2021-24461 (The get_faqs() function in the FAQ Builder AYS WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2021-24460 (The get_fb_likeboxes() function in the Popup Like box – Page Plu ...) NOT-FOR-US: WordPress plugin CVE-2021-24459 (The get_results() and get_items() functions in the Survey Maker WordPr ...) NOT-FOR-US: WordPress plugin CVE-2021-24458 (The get_ays_popupboxes() and get_popup_categories() functions of the P ...) NOT-FOR-US: WordPress plugin CVE-2021-24457 (The get_portfolios() and get_portfolio_attributes() functions in the c ...) NOT-FOR-US: WordPress plugin CVE-2021-24456 (The Quiz Maker WordPress plugin before 6.2.0.9 did not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2021-24455 (The Tutor LMS – eLearning and online course solution WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...) NOT-FOR-US: Wordpress plugin CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...) NOT-FOR-US: WordPress plugin CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by a ref ...) NOT-FOR-US: WordPress plugin CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...) NOT-FOR-US: Wordpress plugin CVE-2021-24450 (The User Registration, User Profiles, Login & Membership – P ...) NOT-FOR-US: WordPress plugin CVE-2021-24449 RESERVED CVE-2021-24448 (The User Registration & User Profile – Profile Builder WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...) NOT-FOR-US: WordPress plugin CVE-2021-24446 RESERVED CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...) NOT-FOR-US: WordPress plugin CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress Community, User ...) NOT-FOR-US: WordPress plugin CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress plugin bef ...) NOT-FOR-US: Wordpress plugin CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitis ...) NOT-FOR-US: Wordpress plugin CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or ...) NOT-FOR-US: Wordpress plugin CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...) NOT-FOR-US: Wordpress plugin CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin before 2 ...) NOT-FOR-US: WordPress plugin CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 do ...) NOT-FOR-US: WordPress plugin CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...) NOT-FOR-US: WordPress plugin CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does not prope ...) NOT-FOR-US: WordPress plugin CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...) NOT-FOR-US: Wordpress plugin CVE-2021-24433 RESERVED CVE-2021-24432 RESERVED CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...) NOT-FOR-US: WordPress plugin CVE-2021-24430 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress ...) NOT-FOR-US: Wordpress plugin CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...) NOT-FOR-US: Wordpress plugin CVE-2021-24428 (The RSS for Yandex Turbo WordPress plugin through 1.30 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or e ...) NOT-FOR-US: Wordpress plugin CVE-2021-24426 (The Backup by 10Web – Backup and Restore Plugin WordPress plugin ...) NOT-FOR-US: Wordpress plugin CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Heade ...) NOT-FOR-US: WordPress plugin CVE-2021-24424 (The WP Reset – Most Advanced WordPress Reset Tool WordPress plug ...) NOT-FOR-US: Wordpress plugin CVE-2021-24423 RESERVED CVE-2021-24422 RESERVED CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...) NOT-FOR-US: Wordpress plugin CVE-2021-24420 (The Request a Quote WordPress plugin before 2.3.4 did not sanitise and ...) NOT-FOR-US: Wordpress plugin CVE-2021-24419 (The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or ...) NOT-FOR-US: Wordpress plugin CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 do ...) NOT-FOR-US: Wordpress plugin CVE-2021-24417 RESERVED CVE-2021-24416 RESERVED CVE-2021-24415 RESERVED CVE-2021-24414 RESERVED CVE-2021-24413 RESERVED CVE-2021-24412 RESERVED CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2021-24410 (The తెలుగు బైబ&# ...) NOT-FOR-US: WordPress plugin CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...) NOT-FOR-US: Wordpress plugin CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...) NOT-FOR-US: Wordpress plugin CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...) NOT-FOR-US: Wordpress theme CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...) NOT-FOR-US: Wordpress plugin CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...) NOT-FOR-US: Wordpress plugin CVE-2021-24404 (The options.php file of the WP-Board WordPress plugin through 1.1 beta ...) NOT-FOR-US: WordPress plugin CVE-2021-24403 (The Orders functionality in the WordPress Page Contact plugin through ...) NOT-FOR-US: WordPress plugin CVE-2021-24402 (The Orders functionality in the WP iCommerce WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2021-24401 (The Edit domain functionality in the WP Domain Redirect WordPress plug ...) NOT-FOR-US: WordPress plugin CVE-2021-24400 (The Edit Role functionality in the Display Users WordPress plugin thro ...) NOT-FOR-US: WordPress plugin CVE-2021-24399 (The check_order function of The Sorter WordPress plugin through 1.0 us ...) NOT-FOR-US: WordPress plugin CVE-2021-24398 (The Add new scene functionality in the Responsive 3D Slider WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-24397 (The edit functionality in the MicroCopy WordPress plugin through 1.1.0 ...) NOT-FOR-US: WordPress plugin CVE-2021-24396 (A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24395 (The editid GET parameter of the Embed Youtube Video WordPress plugin t ...) NOT-FOR-US: WordPress plugin CVE-2021-24394 (An id GET parameter of the Easy Testimonial Manager WordPress plugin t ...) NOT-FOR-US: WordPress plugin CVE-2021-24393 (A c GET parameter of the Comment Highlighter WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2021-24392 (An id GET parameter of the WordPress Membership SwiftCloud.io WordPres ...) NOT-FOR-US: WordPress plugin CVE-2021-24391 (An editid GET parameter of the Cashtomer WordPress plugin through 1.0. ...) NOT-FOR-US: WordPress plugin CVE-2021-24390 (A proid GET parameter of the WordPress支付宝Alipay|& ...) NOT-FOR-US: WordPress plugin CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery ...) NOT-FOR-US: Wordpress plugin CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress plugin before ...) NOT-FOR-US: Wordpress plugin CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly ...) NOT-FOR-US: Wordpress theme CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...) NOT-FOR-US: Wordpress plugin CVE-2021-24385 (The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as ...) NOT-FOR-US: Wordpress plugin CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...) NOT-FOR-US: Wordpress plugin CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...) NOT-FOR-US: WordPress plugin CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...) NOT-FOR-US: WordPress plugin CVE-2021-24381 RESERVED CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...) NOT-FOR-US: WordPress plugin CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...) NOT-FOR-US: WordPress plugin CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check for malic ...) NOT-FOR-US: WordPress plugin CVE-2021-24377 (The Autoptimize WordPress plugin before 2.7.8 attempts to remove poten ...) NOT-FOR-US: WordPress plugin CVE-2021-24376 (The Autoptimize WordPress plugin before 2.7.8 attempts to delete malic ...) NOT-FOR-US: WordPress plugin CVE-2021-24375 (Lack of authentication or validation in motor_load_more, motor_gallery ...) NOT-FOR-US: Wordpress theme CVE-2021-24374 (The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 ...) NOT-FOR-US: WordPress plugin CVE-2021-24373 (The WP Hardening – Fix Your WordPress Security WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24372 (The WP Hardening – Fix Your WordPress Security WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24371 (The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp ...) NOT-FOR-US: WordPress plugin CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9 allows unauth ...) NOT-FOR-US: WordPress plugin CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the contribut ...) NOT-FOR-US: WordPress plugin CVE-2021-24368 (The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin W ...) NOT-FOR-US: WordPress plugin CVE-2021-24367 (The WP Config File Editor WordPress plugin through 1.7.1 was affected ...) NOT-FOR-US: WordPress plugin CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin Columns P ...) NOT-FOR-US: WordPress plugin CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5. ...) NOT-FOR-US: WordPress plugin CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly sanitize the ...) NOT-FOR-US: WordPress theme CVE-2021-24363 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24362 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the AJAX act ...) NOT-FOR-US: WordPress plugin CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its s ...) NOT-FOR-US: WordPress plugin CVE-2021-24359 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...) NOT-FOR-US: WordPress plugin CVE-2021-24358 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...) NOT-FOR-US: WordPress plugin CVE-2021-24357 (In the Best Image Gallery & Responsive Photo Gallery – FooGa ...) NOT-FOR-US: WordPress plugin CVE-2021-24356 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...) NOT-FOR-US: WordPress plugin CVE-2021-24355 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...) NOT-FOR-US: WordPress plugin CVE-2021-24354 (A lack of capability checks and insufficient nonce check on the AJAX a ...) NOT-FOR-US: WordPress plugin CVE-2021-24353 (The import_data function of the Simple 301 Redirects by BetterLinks Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-24352 (The export_data function of the Simple 301 Redirects by BetterLinks Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-24351 (The theplus_more_post AJAX action of The Plus Addons for Elementor Pag ...) NOT-FOR-US: WordPress plugin CVE-2021-24350 (The Visitors WordPress plugin through 0.3 is affected by an Unauthenti ...) NOT-FOR-US: WordPress plugin CVE-2021-24349 (This Gallery from files WordPress plugin through 1.6.0 gives the funct ...) NOT-FOR-US: WordPress plugin CVE-2021-24348 (The menu delete functionality of the Side Menu – add fixed side ...) NOT-FOR-US: WordPress plugin CVE-2021-24347 (The SP Project & Document Manager WordPress plugin before 4.22 all ...) NOT-FOR-US: WordPress plugin CVE-2021-24346 (The Stock in & out WordPress plugin through 1.0.4 has a search fun ...) NOT-FOR-US: WordPress plugin CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter WordPres ...) NOT-FOR-US: WordPress plugin CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...) NOT-FOR-US: WordPress plugin CVE-2021-24343 (The iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise i ...) NOT-FOR-US: WordPress plugin CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...) NOT-FOR-US: WordPress theme CVE-2021-24341 (When deleting a date in the Xllentech English Islamic Calendar WordPre ...) NOT-FOR-US: WordPress plugin CVE-2021-24340 (The WP Statistics WordPress plugin before 13.0.8 relied on using the W ...) NOT-FOR-US: WordPress plugin CVE-2021-24339 (The Pods – Custom Content Types and Fields WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24338 (The Pods – Custom Content Types and Fields WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24337 (The id GET parameter of one of the Video Embed WordPress plugin throug ...) NOT-FOR-US: WordPress plugin CVE-2021-24336 (The FlightLog WordPress plugin through 3.0.2 does not sanitise, valida ...) NOT-FOR-US: WordPress plugin CVE-2021-24335 (The Car Repair Services & Auto Mechanic WordPress theme before 4.0 ...) NOT-FOR-US: WordPress theme CVE-2021-24334 (The Instant Images – One Click Unsplash Uploads WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24333 (The Content Copy Protection & Prevent Image Save WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24332 (The Autoptimize WordPress plugin before 2.8.4 was missing proper escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24331 (The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did ...) NOT-FOR-US: WordPress plugin CVE-2021-24330 (The Funnel Builder by CartFlows – Create High Converting Sales F ...) NOT-FOR-US: WordPress plugin CVE-2021-24329 (The WP Super Cache WordPress plugin before 1.7.3 did not properly sani ...) NOT-FOR-US: WordPress plugin CVE-2021-24328 (The WP Login Security and History WordPress plugin through 1.0 did not ...) NOT-FOR-US: WordPress plugin CVE-2021-24327 (The SEO Redirection Plugin – 301 Redirect Manager WordPress plug ...) NOT-FOR-US: WordPress plugin CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...) NOT-FOR-US: WordPress plugin CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...) NOT-FOR-US: WordPress plugin CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...) NOT-FOR-US: WordPress plugin CVE-2021-24322 (The Database Backup for WordPress plugin before 2.4 did not escape the ...) NOT-FOR-US: WordPress plugin CVE-2021-24321 (The Bello - Directory & Listing WordPress theme before 1.6.0 did n ...) NOT-FOR-US: WordPress theme CVE-2021-24320 (The Bello - Directory & Listing WordPress theme before 1.6.0 did n ...) NOT-FOR-US: WordPress theme CVE-2021-24319 (The Bello - Directory & Listing WordPress theme before 1.6.0 did n ...) NOT-FOR-US: WordPress theme CVE-2021-24318 (The Listeo WordPress theme before 1.6.11 did not ensure that the Post/ ...) NOT-FOR-US: WordPress theme CVE-2021-24317 (The Listeo WordPress theme before 1.6.11 did not properly sanitise som ...) NOT-FOR-US: WordPress theme CVE-2021-24316 (The search feature of the Mediumish WordPress theme through 1.0.47 doe ...) NOT-FOR-US: WordPress theme CVE-2021-24315 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...) NOT-FOR-US: WordPress theme CVE-2021-24313 (The WP Prayer WordPress plugin before 1.6.2 provides the functionality ...) NOT-FOR-US: WordPress plugin CVE-2021-24312 (The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_ ...) NOT-FOR-US: WordPress plugin CVE-2021-24311 (The wp_ajax_upload-remote-file AJAX action of the External Media WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24310 (The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2021-24309 (The "Schedule Name" input in the Weekly Schedule WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24308 (The 'State' field of the Edit profile page of the LMS by LifterLMS  ...) NOT-FOR-US: WordPress plugin CVE-2021-24307 (The All in One SEO – Best WordPress SEO Plugin – Easily Im ...) NOT-FOR-US: WordPress plugin CVE-2021-24306 (The Ultimate Member – User Profile, User Registration, Login &am ...) NOT-FOR-US: WordPress plugin CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known as Watch ...) NOT-FOR-US: WordPress plugin CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the td_block_ ...) NOT-FOR-US: Wordpress theme CVE-2021-24303 (The JiangQie Official Website Mini Program WordPress plugin before 1.1 ...) NOT-FOR-US: WordPress plugin CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an ...) NOT-FOR-US: WordPress plugin CVE-2021-24301 (The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2021-24300 (The slider import search feature of the PickPlugins Product Slider for ...) NOT-FOR-US: WordPress plugin CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...) NOT-FOR-US: WordPress plugin CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...) NOT-FOR-US: WordPress plugin CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...) NOT-FOR-US: Goto WordPress theme CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...) NOT-FOR-US: WordPress plugin CVE-2021-24294 (The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP Word ...) NOT-FOR-US: WordPress plugin CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...) NOT-FOR-US: NextGEN Gallery Pro WordPress plugin CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...) NOT-FOR-US: WordPress plugin CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...) NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...) NOT-FOR-US: WordPress plugin CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...) NOT-FOR-US: WordPress plugin CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...) NOT-FOR-US: WordPress plugin CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto Classified ...) NOT-FOR-US: WordPress plugin CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows una ...) NOT-FOR-US: WordPress plugin CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or escaped ...) NOT-FOR-US: WordPress plugin CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...) NOT-FOR-US: WordPress plugin CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...) NOT-FOR-US: WordPress plugin CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...) NOT-FOR-US: WordPress plugin CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, l ...) NOT-FOR-US: WordPress plugin CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, u ...) NOT-FOR-US: WordPress plugin CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly ...) NOT-FOR-US: WordPress plugin CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...) NOT-FOR-US: Supsystic WordPress plugin CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...) NOT-FOR-US: Supsystic WordPress plugin CVE-2021-24274 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not s ...) NOT-FOR-US: Supsystic WordPress plugin CVE-2021-24273 (The “Clever Addons for Elementor” WordPress Plugin before ...) NOT-FOR-US: WordPress Plugin CVE-2021-24272 (The fitness calculators WordPress plugin before 1.9.6 add calculators ...) NOT-FOR-US: WordPress plugin CVE-2021-24271 (The “Ultimate Addons for Elementor” WordPress Plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2021-24270 (The “DeTheme Kit for Elementor” WordPress Plugin before 1. ...) NOT-FOR-US: WordPress plugin CVE-2021-24269 (The “Sina Extension for Elementor” WordPress Plugin before ...) NOT-FOR-US: WordPress plugin CVE-2021-24268 (The “JetWidgets For Elementor” WordPress Plugin before 1.0 ...) NOT-FOR-US: WordPress plugin CVE-2021-24267 (The “All-in-One Addons for Elementor – WidgetKit” Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-24266 (The “The Plus Addons for Elementor Page Builder Lite” Word ...) NOT-FOR-US: WordPress plugin CVE-2021-24265 (The “Rife Elementor Extensions & Templates” WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-24264 (The “Image Hover Effects – Elementor Addon” WordPres ...) NOT-FOR-US: WordPress plugin CVE-2021-24263 (The “Elementor Addons – PowerPack Addons for ElementorR ...) NOT-FOR-US: WordPress plugin CVE-2021-24262 (The “WooLentor – WooCommerce Elementor Addons + Builder ...) NOT-FOR-US: WordPress plugin CVE-2021-24261 (The “HT Mega – Absolute Addons for Elementor Page Builder& ...) NOT-FOR-US: WordPress plugin CVE-2021-24260 (The “Livemesh Addons for Elementor” WordPress Plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2021-24259 (The “Elementor Addon Elements” WordPress Plugin before 1.1 ...) NOT-FOR-US: WordPress plugin CVE-2021-24258 (The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2. ...) NOT-FOR-US: WordPress plugin CVE-2021-24257 (The “Premium Addons for Elementor” WordPress Plugin before ...) NOT-FOR-US: WordPress plugin CVE-2021-24256 (The “Elementor – Header, Footer & Blocks Template̶ ...) NOT-FOR-US: WordPress plugin CVE-2021-24255 (The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 ...) NOT-FOR-US: WordPress plugin CVE-2021-24254 (The College publisher Import WordPress plugin through 0.1 does not che ...) NOT-FOR-US: WordPress plugin CVE-2021-24253 (The Classyfrieds WordPress plugin through 3.8 does not properly check ...) NOT-FOR-US: WordPress plugin CVE-2021-24252 (The Event Banner WordPress plugin through 1.3 does not verify the uplo ...) NOT-FOR-US: WordPress plugin CVE-2021-24251 (The Business Directory Plugin – Easy Listing Directories for Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24250 (The Business Directory Plugin – Easy Listing Directories for Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24249 (The Business Directory Plugin – Easy Listing Directories for Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24248 (The Business Directory Plugin – Easy Listing Directories for Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24247 (The Contact Form Check Tester WordPress plugin through 1.0.2 settings ...) NOT-FOR-US: WordPress plugin CVE-2021-24246 (The Workscout Core WordPress plugin before 1.3.4, used by the WorkScou ...) NOT-FOR-US: WordPress plugin CVE-2021-24245 (The Stop Spammers WordPress plugin before 2021.9 did not escape user i ...) NOT-FOR-US: WordPress plugin CVE-2021-24244 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...) NOT-FOR-US: WordPress plugin CVE-2021-24243 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...) NOT-FOR-US: WordPress plugin CVE-2021-24242 (The Tutor LMS – eLearning and online course solution WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2021-24241 (The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not p ...) NOT-FOR-US: WordPress plugin CVE-2021-24240 (The Business Hours Pro WordPress plugin through 5.5.0 allows a remote ...) NOT-FOR-US: WordPress plugin CVE-2021-24239 (The Pie Register – User Registration Forms. Invitation based reg ...) NOT-FOR-US: WordPress plugin CVE-2021-24238 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...) NOT-FOR-US: WordPress plugin CVE-2021-24237 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...) NOT-FOR-US: WordPress plugin CVE-2021-24236 (The Imagements WordPress plugin through 1.2.5 allows images to be uplo ...) NOT-FOR-US: WordPress plugin CVE-2021-24235 (The Goto WordPress theme before 2.0 does not sanitise the keywords and ...) NOT-FOR-US: WordPress theme CVE-2021-24234 (The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 ...) NOT-FOR-US: WordPress plugin CVE-2021-24233 (The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthe ...) NOT-FOR-US: WordPress plugin CVE-2021-24232 (The Advanced Booking Calendar WordPress plugin before 1.6.8 does not s ...) NOT-FOR-US: WordPress plugin CVE-2021-24231 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...) NOT-FOR-US: Jetpack CVE-2021-24230 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...) NOT-FOR-US: Patreon WordPress plugin CVE-2021-24229 (The Jetpack Scan team identified a Reflected Cross-Site Scripting via ...) NOT-FOR-US: Patreon WordPress plugin CVE-2021-24228 (The Jetpack Scan team identified a Reflected Cross-Site Scripting in t ...) NOT-FOR-US: Patreon WordPress plugin CVE-2021-24227 (The Jetpack Scan team identified a Local File Disclosure vulnerability ...) NOT-FOR-US: Patreon WordPress plugin CVE-2021-24226 (In the AccessAlly WordPress plugin before 3.5.7, the file "resource/fr ...) NOT-FOR-US: AccessAlly WordPress plugin CVE-2021-24225 (The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sa ...) NOT-FOR-US: Advanced Booking Calendar WordPress plugin CVE-2021-24224 (The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordP ...) NOT-FOR-US: Easy Form Builder WordPress plugin CVE-2021-24223 (The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitr ...) NOT-FOR-US: N5 Upload Form WordPress plugin CVE-2021-24222 (The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from ...) NOT-FOR-US: WP-Curriculo Vitae Free WordPress plugin CVE-2021-24221 (The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin f ...) NOT-FOR-US: Wordpress plugin CVE-2021-24220 (Thrive “Legacy” Rise by Thrive Themes WordPress theme befo ...) NOT-FOR-US: WordPress theme CVE-2021-24219 (The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments ...) NOT-FOR-US: WordPress plugin CVE-2021-24218 (The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX act ...) NOT-FOR-US: WordPress plugin CVE-2021-24217 (The run_action function of the Facebook for WordPress plugin before 3. ...) NOT-FOR-US: WordPress plugin CVE-2021-24216 RESERVED CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...) NOT-FOR-US: WordPress plugin CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did ...) NOT-FOR-US: WordPress plugin CVE-2021-24213 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...) NOT-FOR-US: Wordpress plugin CVE-2021-24211 (The WordPress Related Posts plugin through 3.6.4 contains an authentic ...) NOT-FOR-US: Wordpress plugin CVE-2021-24210 (There is an open redirect in the PhastPress WordPress plugin before 1. ...) NOT-FOR-US: Wordpress plugin CVE-2021-24209 (The WP Super Cache WordPress plugin before 1.7.2 was affected by an au ...) NOT-FOR-US: Wordpress plugin CVE-2021-24208 (The editor of the WP Page Builder WordPress plugin before 1.2.4 allows ...) NOT-FOR-US: Wordpress plugin CVE-2021-24207 (By default, the WP Page Builder WordPress plugin before 1.2.4 allows s ...) NOT-FOR-US: Wordpress plugin CVE-2021-24206 (In the Elementor Website Builder WordPress plugin before 3.1.4, the im ...) NOT-FOR-US: Wordpress plugin CVE-2021-24205 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ic ...) NOT-FOR-US: Wordpress plugin CVE-2021-24204 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ac ...) NOT-FOR-US: Wordpress plugin CVE-2021-24203 (In the Elementor Website Builder WordPress plugin before 3.1.4, the di ...) NOT-FOR-US: Wordpress plugin CVE-2021-24202 (In the Elementor Website Builder WordPress plugin before 3.1.4, the he ...) NOT-FOR-US: Wordpress plugin CVE-2021-24201 (In the Elementor Website Builder WordPress plugin before 3.1.4, the co ...) NOT-FOR-US: Wordpress plugin CVE-2021-24200 (The wpDataTables – Tables & Table Charts premium WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2021-24199 (The wpDataTables – Tables & Table Charts premium WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2021-24198 (The wpDataTables – Tables & Table Charts premium WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2021-24197 (The wpDataTables – Tables & Table Charts premium WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...) NOT-FOR-US: Wordpress plugin CVE-2021-24195 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24194 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24193 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24192 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24191 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24190 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24189 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24188 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) NOT-FOR-US: WordPress plugin CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect Manager ...) NOT-FOR-US: Wordpress plugin CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from ...) NOT-FOR-US: Wordpress plugin CVE-2021-24185 (The tutor_place_rating AJAX action from the Tutor LMS – eLearnin ...) NOT-FOR-US: Wordpress plugin CVE-2021-24184 (Several AJAX endpoints in the Tutor LMS – eLearning and online c ...) NOT-FOR-US: Wordpress plugin CVE-2021-24183 (The tutor_quiz_builder_get_question_form AJAX action from the Tutor LM ...) NOT-FOR-US: Wordpress plugin CVE-2021-24182 (The tutor_quiz_builder_get_answers_by_question AJAX action from the Tu ...) NOT-FOR-US: Wordpress plugin CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – ...) NOT-FOR-US: Wordpress plugin CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...) NOT-FOR-US: Wordpress plugin CVE-2021-24179 (The Business Directory Plugin – Easy Listing Directories for Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24178 (The Business Directory Plugin – Easy Listing Directories for Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...) NOT-FOR-US: Wordpress plugin CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...) NOT-FOR-US: Wordpress plugin CVE-2021-24175 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...) NOT-FOR-US: Wordpress plugin CVE-2021-24174 (The Database Backups WordPress plugin through 1.2.2.6 does not have CS ...) NOT-FOR-US: Wordpress plugin CVE-2021-24173 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...) NOT-FOR-US: Wordpress plugin CVE-2021-24172 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...) NOT-FOR-US: Wordpress plugin CVE-2021-24171 (The WooCommerce Upload Files WordPress plugin before 59.4 ran a single ...) NOT-FOR-US: Wordpress plugin CVE-2021-24170 (The REST API endpoint get_users in the User Profile Picture WordPress ...) NOT-FOR-US: Wordpress plugin CVE-2021-24169 (This Advanced Order Export For WooCommerce WordPress plugin before 3.1 ...) NOT-FOR-US: Wordpress plugin CVE-2021-24168 (The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not prop ...) NOT-FOR-US: Wordpress plugin CVE-2021-24167 (When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_lo ...) NOT-FOR-US: Wordpress plugin CVE-2021-24166 (The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form R ...) NOT-FOR-US: Wordpress plugin CVE-2021-24165 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp ...) NOT-FOR-US: Wordpress plugin CVE-2021-24164 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low- ...) NOT-FOR-US: Wordpress plugin CVE-2021-24163 (The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, di ...) NOT-FOR-US: Wordpress plugin CVE-2021-24162 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...) NOT-FOR-US: Wordpress plugin CVE-2021-24161 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...) NOT-FOR-US: Wordpress plugin CVE-2021-24160 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, s ...) NOT-FOR-US: Wordpress plugin CVE-2021-24159 (Due to the lack of sanitization and lack of nonce protection on the cu ...) NOT-FOR-US: Wordpress plugin CVE-2021-24158 (Orbit Fox by ThemeIsle has a feature to add a registration form to bot ...) NOT-FOR-US: Wordpress plugin CVE-2021-24157 (Orbit Fox by ThemeIsle has a feature to add custom scripts to the head ...) NOT-FOR-US: Wordpress plugin CVE-2021-24156 (Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0 ...) NOT-FOR-US: Wordpress plugin CVE-2021-24155 (The WordPress Backup and Migrate Plugin – Backup Guard WordPress ...) NOT-FOR-US: Wordpress plugin CVE-2021-24154 (The Theme Editor WordPress plugin before 2.6 did not validate the GET ...) NOT-FOR-US: Wordpress plugin CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in the Yoas ...) NOT-FOR-US: Wordpress plugin CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...) NOT-FOR-US: Wordpress plugin CVE-2021-24151 RESERVED CVE-2021-24150 (The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plu ...) NOT-FOR-US: Wordpress plugin CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...) NOT-FOR-US: Modern Events Calendar Lite WordPress plugin CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...) NOT-FOR-US: MStore API WordPress plugin CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern Events Cal ...) NOT-FOR-US: Modern Events Calendar Lite WordPress plugin CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar Lite WordPr ...) NOT-FOR-US: Modern Events Calendar Lite WordPress plugin CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite WordPress plu ...) NOT-FOR-US: Modern Events Calendar Lite WordPress plugin CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin, version ...) NOT-FOR-US: Contact Form 7 Database Addon plugin, CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin, versions bef ...) NOT-FOR-US: AccessPress Social Icons plugin CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPre ...) NOT-FOR-US: 301 Redirects - Easy Redirect Manager WordPress plugin CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin, versions be ...) NOT-FOR-US: Advanced Database Cleaner plugin CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin, versions bef ...) NOT-FOR-US: Ajax Load More WordPress plugin CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress ...) NOT-FOR-US: Photo Gallery (10Web Photo Gallery) WordPress plugin CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions before 5. ...) NOT-FOR-US: AdRotate WordPress plugin CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin, versions before ...) NOT-FOR-US: Blog2Social WordPress plugin CVE-2021-24136 (Unvalidated input and lack of output encoding in the Testimonials Widg ...) NOT-FOR-US: Testimonials Widget WordPress plugin CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP Customer Revie ...) NOT-FOR-US: WP Customer Reviews WordPress plugin CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant Contact ...) NOT-FOR-US: Constant Contact Forms WordPress plugin CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions b ...) NOT-FOR-US: ActiveCampaign WordPress plugin CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36, in the b ...) NOT-FOR-US: 10Web WordPress plugin CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, vers ...) NOT-FOR-US: Anti-Spam by CleanTalk WordPress plugin CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress plugin, versio ...) NOT-FOR-US: WP Google Map Plugin WordPress plugin CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify Portfolio ...) NOT-FOR-US: Themify Portfolio Post WordPress plugin CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team Members Word ...) NOT-FOR-US: Team Members WordPress plugin CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffiliates ...) NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...) NOT-FOR-US: Envira Gallery Lite WordPress plugin CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin bef ...) NOT-FOR-US: Contact Form Submissions WordPress plugin CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP Shieldon WordP ...) NOT-FOR-US: WP Shieldon WordPress plugin CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin, versions bef ...) NOT-FOR-US: PowerPress WordPress plugin CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...) {DLA-2594-1} - tomcat9 9.0.40-1 (unimportant) - tomcat8 (unimportant) - tomcat7 (unimportant) NOTE: https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533 (9.0.40) NOTE: https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9 (8.5.60) NOTE: https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177 (7.0.107) NOTE: Issue when erving resources from a network location using the NTFS file system. CVE-2021-21261 (Flatpak is a system for building, distributing, and running sandboxed ...) {DSA-4830-1} - flatpak 1.8.5-1 [stretch] - flatpak (app portal introduced in 0.11.4) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2 NOTE: Fixed by: NOTE: https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486 NOTE: https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b NOTE: https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4 NOTE: https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba NOTE: Automated tests: NOTE: https://github.com/flatpak/flatpak/commit/821249844bbb7e52cbf4508b4de18c05e8592220 NOTE: https://github.com/flatpak/flatpak/commit/39a5621e6941b9d27bf89b63e8fb6cad6e279e53 NOTE: https://github.com/flatpak/flatpak/commit/d19f6c330aa42e17df6dc36d12b6f4dfa507dbb3 NOTE: https://www.openwall.com/lists/oss-security/2021/01/21/4 CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allow ...) NOT-FOR-US: Dolby Audio X2 (DAX2) API service CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android ...) NOT-FOR-US: Ionic Identity Vault CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-3143 RESERVED CVE-2021-3142 REJECTED CVE-2021-3141 (In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is st ...) NOT-FOR-US: Unisys CVE-2021-24121 RESERVED CVE-2021-24120 RESERVED CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in b ...) - mbedtls [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: Fixed in 2.26.0: https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0 CVE-2021-24118 RESERVED CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...) NOT-FOR-US: Rust SGX CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...) - wolfssl (bug #991663) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used for ce ...) - botan 2.17.3+dfsg-1 [buster] - botan (Minor issue) - botan1.10 [stretch] - botan1.10 (Vulnerable code not present) NOTE: https://github.com/randombit/botan/pull/2549 CVE-2021-24114 (Microsoft Teams iOS Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24113 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24112 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...) NOT-FOR-US: Microsoft CVE-2021-24111 (.NET Framework Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24110 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-24108 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2021-24107 (Windows Event Tracing Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24104 (Microsoft SharePoint Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-24101 (Microsoft Dataverse Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24100 (Microsoft Edge for Android Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24099 (Skype for Business and Lync Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24097 RESERVED CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24095 (DirectX Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24090 (Windows Error Reporting Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24089 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24087 (Azure IoT CLI extension Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24086 (Windows TCP/IP Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24085 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-24084 (Windows Mobile Device Management Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24083 (Windows Address Book Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24082 (Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulne ...) NOT-FOR-US: Microsoft CVE-2021-24081 (Microsoft Windows Codecs Library Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24080 (Windows Trust Verification API Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24079 (Windows Backup Engine Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24078 (Windows DNS Server Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24077 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-24076 (Microsoft Windows VMSwitch Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24075 (Windows Network File System Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24074 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-24073 (Skype for Business and Lync Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24072 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24071 (Microsoft SharePoint Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24070 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-24069 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-24068 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-24067 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-24066 (Microsoft SharePoint Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-24065 RESERVED CVE-2021-24064 RESERVED CVE-2021-24063 RESERVED CVE-2021-24062 RESERVED CVE-2021-24061 RESERVED CVE-2021-24060 RESERVED CVE-2021-24059 RESERVED CVE-2021-24058 RESERVED CVE-2021-24057 RESERVED CVE-2021-24056 RESERVED CVE-2021-24055 RESERVED CVE-2021-24054 RESERVED CVE-2021-24053 RESERVED CVE-2021-24052 RESERVED CVE-2021-24051 RESERVED CVE-2021-24050 RESERVED CVE-2021-24049 RESERVED CVE-2021-24048 RESERVED CVE-2021-24047 RESERVED CVE-2021-24046 RESERVED CVE-2021-24045 RESERVED CVE-2021-24044 RESERVED CVE-2021-24043 RESERVED CVE-2021-24042 RESERVED CVE-2021-24041 RESERVED CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...) NOT-FOR-US: Facebook ParlAI CVE-2021-24039 RESERVED CVE-2021-24038 (Due to a bug with management of handles in OVRServiceLauncher.exe, an ...) NOT-FOR-US: Oculus Desktop CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...) NOT-FOR-US: Facebook Hermes CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf could cause ...) - hhvm CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...) NOT-FOR-US: WhatsApp CVE-2021-24034 RESERVED CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...) NOT-FOR-US: react-dev-utils CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...) NOT-FOR-US: Facebook Gameroom CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially crafte ...) NOT-FOR-US: mvfst CVE-2021-24028 (An invalid free in Thrift's table-based serialization can cause the ap ...) NOT-FOR-US: Facebook Thrift (Debian packages Apache Thrift) CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android v2.21.4.18 a ...) NOT-FOR-US: WhatsApp CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for WhatsApp ...) NOT-FOR-US: WhatsApp CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...) - hhvm CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...) NOT-FOR-US: FortiADCManager CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may allow a ...) NOT-FOR-US: FortiAI (FortiGuard) CVE-2021-24022 (A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, ...) NOT-FOR-US: Fortiguard CVE-2021-24021 (An improper neutralization of input vulnerability [CWE-79] in FortiAna ...) NOT-FOR-US: Fortiguard CVE-2021-24020 (A missing cryptographic step in the implementation of the hash digest ...) NOT-FOR-US: Fortiguard CVE-2021-24019 (An insufficient session expiration vulnerability [CWE- 613] in FortiCl ...) NOT-FOR-US: Fortiguard CVE-2021-24018 (A buffer underwrite vulnerability in the firmware verification routine ...) NOT-FOR-US: FortiOS CVE-2021-24017 (An improper authentication in Fortinet FortiManager version 6.4.3 and ...) NOT-FOR-US: Fortiguard CVE-2021-24016 (An improper neutralization of formula elements in a csv file in Fortin ...) NOT-FOR-US: Fortiguard CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...) NOT-FOR-US: Fortinet CVE-2021-24014 (Multiple instances of improper neutralization of input during web page ...) NOT-FOR-US: FortiSandbox CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...) NOT-FOR-US: Fortinet CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...) NOT-FOR-US: FortiGate CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...) NOT-FOR-US: Fortiguard CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...) NOT-FOR-US: FortiSandbox CVE-2021-24009 RESERVED CVE-2021-24008 RESERVED CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...) NOT-FOR-US: Fortiguard CVE-2021-24006 (An improper access control vulnerability in FortiManager versions 6.4. ...) NOT-FOR-US: FortiGuard CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...) NOT-FOR-US: FortiGuard CVE-2021-24004 RESERVED CVE-2021-24003 RESERVED CVE-2021-3140 RESERVED CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy ...) - tcmu 1.5.2-6 (bug #980007) NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12 NOTE: https://www.openwall.com/lists/oss-security/2021/01/13/5 NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645 NOTE: https://github.com/open-iscsi/tcmu-runner/pull/644 NOTE: Fixed by: https://github.com/open-iscsi/tcmu-runner/commit/2b16e96e6b63d0419d857f53e4cc67f0adb383fd NOTE: Some followup fixes: https://github.com/open-iscsi/tcmu-runner/pull/646 NOTE: https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663 NOTE: https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a NOTE: https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5 CVE-2021-24002 (When a user clicked on an FTP URL containing encoded newline character ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 88.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-24002 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-24002 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24002 CVE-2021-24001 (A compromised content process could have performed session history man ...) - firefox 88.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24001 CVE-2021-24000 (A race condition with requestPointerLock() and setTimeout() could have ...) - firefox 88.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000 CVE-2021-23999 (If a Blob URL was loaded through some unusual user interaction, it cou ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 88.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999 CVE-2021-23998 (Through complicated navigations with new windows, an HTTP page could h ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 88.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998 CVE-2021-23997 (Due to unexpected data type conversions, a use-after-free could have o ...) - firefox 88.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23997 CVE-2021-23996 (By utilizing 3D CSS in conjunction with Javascript, content could have ...) - firefox 88.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996 CVE-2021-23995 (When Responsive Design Mode was enabled, it used references to objects ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 88.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995 CVE-2021-23994 (A WebGL framebuffer was not initialized early enough, resulting in mem ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 88.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994 CVE-2021-23993 (An attacker may perform a DoS attack to prevent a user from sending en ...) {DSA-4897-1 DLA-2632-1} - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993 CVE-2021-23992 (Thunderbird did not check if the user ID associated with an OpenPGP ke ...) {DSA-4897-1 DLA-2632-1} - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992 CVE-2021-23991 (If a Thunderbird user has previously imported Alice's OpenPGP key, and ...) {DSA-4897-1 DLA-2632-1} - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991 CVE-2021-23990 RESERVED CVE-2021-23989 RESERVED CVE-2021-23988 (Mozilla developers reported memory safety bugs present in Firefox 86. ...) - firefox 87.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988 CVE-2021-23987 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23987 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23987 CVE-2021-23986 (A malicious extension with the 'search' permission could have installe ...) - firefox 87.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23986 CVE-2021-23985 (If an attacker is able to alter specific about:config values (for exam ...) - firefox 87.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985 CVE-2021-23984 (A malicious extension could have opened a popup window lacking an addr ...) {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984 CVE-2021-23983 (By causing a transition on a parent node by removing a CSS rule, an in ...) - firefox 87.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983 CVE-2021-23982 (Using techniques that built on the slipstream research, a malicious we ...) {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23982 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982 CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused the WebG ...) {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981 CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False] RESERVED {DSA-4892-1 DLA-2620-1} - python-bleach 3.2.1-2.1 (bug #986251) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399 NOTE: https://github.com/mozilla/bleach/commit/1334134d34397966a7f7cfebd38639e9ba2c680e NOTE: https://github.com/mozilla/bleach/commit/d398c89e54ced6b1039d3677689707456ba42dec CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85. ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979 CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...) {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23978 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23978 CVE-2021-23977 (Firefox for Android suffered from a time-of-check-time-of-use vulnerab ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23977 CVE-2021-23976 (When accepting a malicious intent from other installed apps, Firefox f ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23976 CVE-2021-23975 (The developer page about:memory has a Measure function for exploring w ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23975 CVE-2021-23974 (The DOMParser API did not properly process '<noscript>' elements ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974 CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video context ...) {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23973 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23973 CVE-2021-23972 (One phishing tactic on the web is to provide a link with HTTP Auth. Fo ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23972 CVE-2021-23971 (When processing a redirect with a conflicting Referrer-Policy, Firefox ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23971 CVE-2021-23970 (Context-specific code was included in a shared jump table; resulting i ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970 CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when creating a ...) {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969 CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full destinat ...) {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23968 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23968 CVE-2021-23967 RESERVED CVE-2021-23966 RESERVED CVE-2021-23965 (Mozilla developers reported memory safety bugs present in Firefox 84. ...) - firefox 85.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965 CVE-2021-23964 (Mozilla developers reported memory safety bugs present in Firefox 84 a ...) {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird 1:78.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23964 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23964 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23964 CVE-2021-23963 (When sharing geolocation during an active WebRTC share, Firefox could ...) - firefox 85.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23963 CVE-2021-23962 (Incorrect use of the '<RowCountChanged>' method could have led t ...) - firefox 85.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962 CVE-2021-23961 (Further techniques that built on the slipstream research combined with ...) {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} - firefox 85.0-1 - firefox-esr 78.10.0esr-1 - thunderbird 1:78.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23961 CVE-2021-23960 (Performing garbage collection on re-declared JavaScript variables resu ...) {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird 1:78.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23960 CVE-2021-23959 (An XSS bug in internal error pages could have led to various spoofing ...) - firefox (Only affects Firefox for Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23959 CVE-2021-23958 (The browser could have been confused into transferring a screen sharin ...) - firefox 85.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23958 CVE-2021-23957 (Navigations through the Android-specific `intent` URL scheme could hav ...) - firefox (Only affects Firefox for Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23957 CVE-2021-23956 (An ambiguous file picker design could have confused users who intended ...) - firefox 85.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23956 CVE-2021-23955 (The browser could have been confused into transferring a pointer lock ...) - firefox 85.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955 CVE-2021-23954 (Using the new logical assignment operators in a JavaScript switch stat ...) {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird 1:78.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23954 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23954 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954 CVE-2021-23953 (If a user clicked into a specifically crafted PDF, the PDF reader coul ...) {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird 1:78.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23953 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23953 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23953 CVE-2021-23952 RESERVED CVE-2021-23951 RESERVED CVE-2021-23950 RESERVED CVE-2021-23949 RESERVED CVE-2021-23948 RESERVED CVE-2021-23947 RESERVED CVE-2021-23946 RESERVED CVE-2021-23945 RESERVED CVE-2021-23944 RESERVED CVE-2021-23943 RESERVED CVE-2021-23942 RESERVED CVE-2021-23941 RESERVED CVE-2021-23940 RESERVED CVE-2021-23939 RESERVED CVE-2021-23938 RESERVED CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in WebClie ...) NOT-FOR-US: Apache Wicket CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...) NOT-FOR-US: Discourse CVE-2021-3137 (XWiki 12.10.2 allows XSS via an SVG document to the upload feature of ...) NOT-FOR-US: XWiki CVE-2021-3136 RESERVED CVE-2021-3135 (An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for Wor ...) NOT-FOR-US: tagDiv Newspaper theme for WordPress CVE-2021-23936 (OX App Suite through 7.10.4 allows XSS via the subject of a task. ...) NOT-FOR-US: OX App Suite CVE-2021-23935 (OX App Suite through 7.10.4 allows XSS via an appointment in which the ...) NOT-FOR-US: OX App Suite CVE-2021-23934 (OX App Suite through 7.10.4 allows XSS via a contact whose name contai ...) NOT-FOR-US: OX App Suite CVE-2021-23933 (OX App Suite through 7.10.4 allows XSS via JavaScript in a Note refere ...) NOT-FOR-US: OX App Suite CVE-2021-23932 (OX App Suite through 7.10.4 allows XSS via an inline image with a craf ...) NOT-FOR-US: OX App Suite CVE-2021-23931 (OX App Suite through 7.10.4 allows XSS via an inline binary file. ...) NOT-FOR-US: OX App Suite CVE-2021-23930 (OX App Suite through 7.10.4 allows XSS via use of the conversion API f ...) NOT-FOR-US: OX App Suite CVE-2021-23929 (OX App Suite through 7.10.4 allows XSS via a crafted Content-Dispositi ...) NOT-FOR-US: OX App Suite CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests que ...) NOT-FOR-US: OX App Suite CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ character ...) NOT-FOR-US: OX App Suite CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...) {DLA-2693-1} - xmlbeans 3.0.2-1 NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517 CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3. There is ...) NOT-FOR-US: Devolutions Server CVE-2021-23924 (An issue was discovered in Devolutions Server before 2020.3. There is ...) NOT-FOR-US: Devolutions Server CVE-2021-23923 (An issue was discovered in Devolutions Server before 2020.3. There is ...) NOT-FOR-US: Devolutions Server CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager before 2 ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. There is ...) NOT-FOR-US: Devolutions Server CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute commands, ...) NOT-FOR-US: Mubu CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress allows C ...) NOT-FOR-US: Elementor Contact Form DB plugin for WordPress CVE-2021-3132 RESERVED CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 enco ...) NOT-FOR-US: 1C:Enterprise CVE-2021-3130 (Within the Open-AudIT up to version 3.5.3 application, the web interfa ...) NOT-FOR-US: Open-AudIT CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, allows u ...) NOT-FOR-US: Ignition CVE-2021-3128 (In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers ...) NOT-FOR-US: ASUS CVE-2021-23920 RESERVED CVE-2021-23919 RESERVED CVE-2021-23918 RESERVED CVE-2021-23917 RESERVED CVE-2021-23916 RESERVED CVE-2021-23915 RESERVED CVE-2021-23914 RESERVED CVE-2021-23913 RESERVED CVE-2021-23912 RESERVED CVE-2021-23911 RESERVED CVE-2021-23910 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2021-23909 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2021-23908 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...) NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles CVE-2021-23907 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...) NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles CVE-2021-23906 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...) NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles CVE-2021-23905 RESERVED CVE-2021-23904 RESERVED CVE-2021-23903 RESERVED CVE-2021-23902 RESERVED CVE-2021-23901 (An XML external entity (XXE) injection vulnerability was discovered in ...) NOT-FOR-US: Apache Nutch CVE-2021-23900 (OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an ...) NOT-FOR-US: OWASP json-sanitizer CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDA ...) NOT-FOR-US: OWASP json-sanitizer CVE-2021-23898 RESERVED CVE-2021-23897 REJECTED CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...) - rust-smallvec 1.4.2-2 (bug #984665) [buster] - rust-smallvec (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html NOTE: https://github.com/servo/rust-smallvec/issues/252 CVE-2021-3127 (NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorre ...) NOT-FOR-US: nats-server CVE-2021-3126 RESERVED CVE-2021-23896 (Cleartext Transmission of Sensitive Information vulnerability in the a ...) NOT-FOR-US: McAfee CVE-2021-23895 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...) NOT-FOR-US: McAfee CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...) NOT-FOR-US: McAfee CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver of McAfe ...) NOT-FOR-US: McAfee CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...) NOT-FOR-US: McAfee CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...) NOT-FOR-US: McAfee CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...) NOT-FOR-US: McAfee CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) NOT-FOR-US: McAfee CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...) NOT-FOR-US: McAfee CVE-2021-23887 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2021-23886 (Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) E ...) NOT-FOR-US: McAfee CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2021-23884 (Cleartext Transmission of Sensitive Information vulnerability in the e ...) NOT-FOR-US: McAfee CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...) NOT-FOR-US: McAfee CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...) NOT-FOR-US: McAfee CVE-2021-23881 (A stored cross site scripting vulnerability in ePO extension of McAfee ...) NOT-FOR-US: McAfee CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint Security (ENS) ...) NOT-FOR-US: McAfee CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product Removal ...) NOT-FOR-US: McAfee CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...) NOT-FOR-US: McAfee CVE-2021-23877 RESERVED CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...) NOT-FOR-US: McAfee CVE-2021-23875 RESERVED CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protection ( ...) NOT-FOR-US: McAfee CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...) NOT-FOR-US: McAfee CVE-2021-23872 (Privilege Escalation vulnerability in the File Lock component of McAfe ...) NOT-FOR-US: McAfee CVE-2021-23871 RESERVED CVE-2021-23870 RESERVED CVE-2021-23869 RESERVED CVE-2021-23868 RESERVED CVE-2021-23867 RESERVED CVE-2021-23866 RESERVED CVE-2021-23865 RESERVED CVE-2021-23864 RESERVED CVE-2021-23863 RESERVED CVE-2021-23862 RESERVED CVE-2021-23861 RESERVED CVE-2021-23860 RESERVED CVE-2021-23859 RESERVED CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...) TODO: check CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the ...) TODO: check CVE-2021-23856 (The web server is vulnerable to reflected XSS and therefore an attacke ...) TODO: check CVE-2021-23855 (The user and password data base is exposed by an unprotected web serve ...) TODO: check CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...) NOT-FOR-US: Bosch CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an ...) NOT-FOR-US: Bosch CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP cameras c ...) NOT-FOR-US: Bosch CVE-2021-23851 RESERVED CVE-2021-23850 RESERVED CVE-2021-23849 (A vulnerability in the web-based interface allows an unauthenticated r ...) NOT-FOR-US: Bosch IP cameras CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...) NOT-FOR-US: Bosch CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...) NOT-FOR-US: Bosch CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear ...) NOT-FOR-US: Bosch CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...) NOT-FOR-US: Bosch CVE-2021-23844 RESERVED CVE-2021-23843 RESERVED CVE-2021-23842 RESERVED CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...) {DSA-4855-1 DLA-2565-1 DLA-2563-1} - openssl 1.1.1j-1 - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20210216.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j) CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...) {DSA-4855-1 DLA-2565-1 DLA-2563-1} - openssl 1.1.1j-1 - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20210216.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (OpenSSL_1_1_1j) CVE-2021-23839 (OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 ...) - openssl 1.0.0d-1 - openssl1.0 (SSL2 disabled before openssl1.0 was uploaded) NOTE: https://www.openssl.org/news/secadv/20210216.txt NOTE: SSL2 disabled since 1.0.0d-1 (1.0.0c-2 in experimental) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=901f1ef7dacb6b3bde63233a1f623e1fa2f0f058 (OpenSSL_1_1_1j) CVE-2021-23838 (An issue was discovered in flatCore before 2.0.0 build 139. A reflecte ...) NOT-FOR-US: flatCore CMS CVE-2021-23837 (An issue was discovered in flatCore before 2.0.0 build 139. A time-bas ...) NOT-FOR-US: flatCore CMS CVE-2021-23836 (An issue was discovered in flatCore before 2.0.0 build 139. A stored X ...) NOT-FOR-US: flatCore CMS CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A local fi ...) NOT-FOR-US: flatCore CMS CVE-2021-3125 (In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 & ...) NOT-FOR-US: TP-Link CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...) NOT-FOR-US: WordPress Plugin Custom Global Variables CVE-2021-3123 RESERVED CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...) NOT-FOR-US: CMCAgent in NCR Command Center Agent CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...) - golang-gogoprotobuf 1.3.2-1 [stretch] - golang-gogoprotobuf (Minor issue) NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...) NOT-FOR-US: YITH WooCommerce Gift Cards Premium plugin for WordPress CVE-2021-3119 (Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing is ...) - sqlcipher (Vulnerable code introduced later) NOTE: https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4 CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...) NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging) CVE-2021-3117 RESERVED CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py in prox ...) NOT-FOR-US: proxy.py CVE-2021-3115 (Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to ...) - golang-1.15 1.15.7-1 - golang-1.11 [buster] - golang-1.11 (Minor issue, only applies to inherently insecure setups) - golang-1.8 [stretch] - golang-1.8 (Minor issue, requires unsecure PATH and compiling a malicious dependency) - golang-1.7 [stretch] - golang-1.7 (Minor issue, requires unsecure PATH and compiling a malicious dependency) NOTE: https://github.com/golang/go/issues/43783 NOTE: https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0 (master) NOTE: https://github.com/golang/go/commit/e8e7facfaa47bf21007c0a1c679debba52ec3ea0 (1.15.7) NOTE: Mainly an issue on Windows but as well for Unix users who have '.' listed NOTE: explicitly in PATH and running 'go get' outside of a module or with module NOTE: mode disabled. CVE-2021-3114 (In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go ...) {DSA-4848-1 DLA-2592-1 DLA-2591-1} - golang-1.15 1.15.7-1 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/43786 NOTE: https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871 (master) NOTE: https://github.com/golang/go/commit/5c8fd727c41e31273923c32b33d4f25855f4e123 (1.15.7) CVE-2021-23834 RESERVED CVE-2021-23833 RESERVED CVE-2021-23832 RESERVED CVE-2021-23831 RESERVED CVE-2021-23830 RESERVED CVE-2021-23829 RESERVED CVE-2021-23828 RESERVED CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...) NOT-FOR-US: Keybase Desktop Client CVE-2021-23826 RESERVED CVE-2021-23825 RESERVED CVE-2021-23824 RESERVED CVE-2021-23823 RESERVED CVE-2021-23822 RESERVED CVE-2021-23821 RESERVED CVE-2021-23820 RESERVED CVE-2021-23819 RESERVED CVE-2021-23818 RESERVED CVE-2021-23817 RESERVED CVE-2021-23816 RESERVED CVE-2021-23815 RESERVED CVE-2021-23814 RESERVED CVE-2021-23813 RESERVED CVE-2021-23812 RESERVED CVE-2021-23811 RESERVED CVE-2021-23810 RESERVED CVE-2021-23809 RESERVED CVE-2021-23808 RESERVED CVE-2021-23807 RESERVED CVE-2021-23806 RESERVED CVE-2021-23805 RESERVED CVE-2021-23804 RESERVED CVE-2021-23803 RESERVED CVE-2021-23802 RESERVED CVE-2021-23801 RESERVED CVE-2021-23800 RESERVED CVE-2021-23799 RESERVED CVE-2021-23798 RESERVED CVE-2021-23797 RESERVED CVE-2021-23796 RESERVED CVE-2021-23795 RESERVED CVE-2021-23794 RESERVED CVE-2021-23793 RESERVED CVE-2021-23792 RESERVED CVE-2021-23791 RESERVED CVE-2021-23790 RESERVED CVE-2021-23789 RESERVED CVE-2021-23788 RESERVED CVE-2021-23787 RESERVED CVE-2021-23786 RESERVED CVE-2021-23785 RESERVED CVE-2021-23784 RESERVED CVE-2021-23783 RESERVED CVE-2021-23782 RESERVED CVE-2021-23781 RESERVED CVE-2021-23780 RESERVED CVE-2021-23779 RESERVED CVE-2021-23778 RESERVED CVE-2021-23777 RESERVED CVE-2021-23776 RESERVED CVE-2021-23775 RESERVED CVE-2021-23774 RESERVED CVE-2021-23773 RESERVED CVE-2021-23772 RESERVED CVE-2021-23771 RESERVED CVE-2021-23770 RESERVED CVE-2021-23769 RESERVED CVE-2021-23768 RESERVED CVE-2021-23767 RESERVED CVE-2021-23766 RESERVED CVE-2021-23765 RESERVED CVE-2021-23764 RESERVED CVE-2021-23763 RESERVED CVE-2021-23762 RESERVED CVE-2021-23761 RESERVED CVE-2021-23760 RESERVED CVE-2021-23759 RESERVED CVE-2021-23758 RESERVED CVE-2021-23757 RESERVED CVE-2021-23756 RESERVED CVE-2021-23755 RESERVED CVE-2021-23754 RESERVED CVE-2021-23753 RESERVED CVE-2021-23752 RESERVED CVE-2021-23751 RESERVED CVE-2021-23750 RESERVED CVE-2021-23749 RESERVED CVE-2021-23748 RESERVED CVE-2021-23747 RESERVED CVE-2021-23746 RESERVED CVE-2021-23745 RESERVED CVE-2021-23744 RESERVED CVE-2021-23743 RESERVED CVE-2021-23742 RESERVED CVE-2021-23741 RESERVED CVE-2021-23740 RESERVED CVE-2021-23739 RESERVED CVE-2021-23738 RESERVED CVE-2021-23737 RESERVED CVE-2021-23736 RESERVED CVE-2021-23735 RESERVED CVE-2021-23734 RESERVED CVE-2021-23733 RESERVED CVE-2021-23732 RESERVED CVE-2021-23731 RESERVED CVE-2021-23730 RESERVED CVE-2021-23729 RESERVED CVE-2021-23728 RESERVED CVE-2021-23727 RESERVED CVE-2021-23726 RESERVED CVE-2021-23725 RESERVED CVE-2021-23724 RESERVED CVE-2021-23723 RESERVED CVE-2021-23722 RESERVED CVE-2021-23721 RESERVED CVE-2021-23720 RESERVED CVE-2021-23719 RESERVED CVE-2021-23718 RESERVED CVE-2021-23717 RESERVED CVE-2021-23716 RESERVED CVE-2021-23715 RESERVED CVE-2021-23714 RESERVED CVE-2021-23713 RESERVED CVE-2021-23712 RESERVED CVE-2021-23711 RESERVED CVE-2021-23710 RESERVED CVE-2021-23709 RESERVED CVE-2021-23708 RESERVED CVE-2021-23707 RESERVED CVE-2021-23706 RESERVED CVE-2021-23705 RESERVED CVE-2021-23704 RESERVED CVE-2021-23703 RESERVED CVE-2021-23702 RESERVED CVE-2021-23701 RESERVED CVE-2021-23700 RESERVED CVE-2021-23699 RESERVED CVE-2021-23698 RESERVED CVE-2021-23697 RESERVED CVE-2021-23696 RESERVED CVE-2021-23695 RESERVED CVE-2021-23694 RESERVED CVE-2021-23693 RESERVED CVE-2021-23692 RESERVED CVE-2021-23691 RESERVED CVE-2021-23690 RESERVED CVE-2021-23689 RESERVED CVE-2021-23688 RESERVED CVE-2021-23687 RESERVED CVE-2021-23686 RESERVED CVE-2021-23685 RESERVED CVE-2021-23684 RESERVED CVE-2021-23683 RESERVED CVE-2021-23682 RESERVED CVE-2021-23681 RESERVED CVE-2021-23680 RESERVED CVE-2021-23679 RESERVED CVE-2021-23678 RESERVED CVE-2021-23677 RESERVED CVE-2021-23676 RESERVED CVE-2021-23675 RESERVED CVE-2021-23674 RESERVED CVE-2021-23673 RESERVED CVE-2021-23672 RESERVED CVE-2021-23671 RESERVED CVE-2021-23670 RESERVED CVE-2021-23669 RESERVED CVE-2021-23668 RESERVED CVE-2021-23667 RESERVED CVE-2021-23666 RESERVED CVE-2021-23665 RESERVED CVE-2021-23664 RESERVED CVE-2021-23663 RESERVED CVE-2021-23662 RESERVED CVE-2021-23661 RESERVED CVE-2021-23660 RESERVED CVE-2021-23659 RESERVED CVE-2021-23658 RESERVED CVE-2021-23657 RESERVED CVE-2021-23656 RESERVED CVE-2021-23655 RESERVED CVE-2021-23654 RESERVED CVE-2021-23653 RESERVED CVE-2021-23652 RESERVED CVE-2021-23651 RESERVED CVE-2021-23650 RESERVED CVE-2021-23649 RESERVED CVE-2021-23648 RESERVED CVE-2021-23647 RESERVED CVE-2021-23646 RESERVED CVE-2021-23645 RESERVED CVE-2021-23644 RESERVED CVE-2021-23643 RESERVED CVE-2021-23642 RESERVED CVE-2021-23641 RESERVED CVE-2021-23640 RESERVED CVE-2021-23639 RESERVED CVE-2021-23638 RESERVED CVE-2021-23637 RESERVED CVE-2021-23636 RESERVED CVE-2021-23635 RESERVED CVE-2021-23634 RESERVED CVE-2021-23633 RESERVED CVE-2021-23632 RESERVED CVE-2021-23631 RESERVED CVE-2021-23630 RESERVED CVE-2021-23629 RESERVED CVE-2021-23628 RESERVED CVE-2021-23627 RESERVED CVE-2021-23626 RESERVED CVE-2021-23625 RESERVED CVE-2021-23624 RESERVED CVE-2021-23623 RESERVED CVE-2021-23622 RESERVED CVE-2021-23621 RESERVED CVE-2021-23620 RESERVED CVE-2021-23619 RESERVED CVE-2021-23618 RESERVED CVE-2021-23617 RESERVED CVE-2021-23616 RESERVED CVE-2021-23615 RESERVED CVE-2021-23614 RESERVED CVE-2021-23613 RESERVED CVE-2021-23612 RESERVED CVE-2021-23611 RESERVED CVE-2021-23610 RESERVED CVE-2021-23609 RESERVED CVE-2021-23608 RESERVED CVE-2021-23607 RESERVED CVE-2021-23606 RESERVED CVE-2021-23605 RESERVED CVE-2021-23604 RESERVED CVE-2021-23603 RESERVED CVE-2021-23602 RESERVED CVE-2021-23601 RESERVED CVE-2021-23600 RESERVED CVE-2021-23599 RESERVED CVE-2021-23598 RESERVED CVE-2021-23597 RESERVED CVE-2021-23596 RESERVED CVE-2021-23595 RESERVED CVE-2021-23594 RESERVED CVE-2021-23593 RESERVED CVE-2021-23592 RESERVED CVE-2021-23591 RESERVED CVE-2021-23590 RESERVED CVE-2021-23589 RESERVED CVE-2021-23588 RESERVED CVE-2021-23587 RESERVED CVE-2021-23586 RESERVED CVE-2021-23585 RESERVED CVE-2021-23584 RESERVED CVE-2021-23583 RESERVED CVE-2021-23582 RESERVED CVE-2021-23581 RESERVED CVE-2021-23580 RESERVED CVE-2021-23579 RESERVED CVE-2021-23578 RESERVED CVE-2021-23577 RESERVED CVE-2021-23576 RESERVED CVE-2021-23575 RESERVED CVE-2021-23574 RESERVED CVE-2021-23573 RESERVED CVE-2021-23572 RESERVED CVE-2021-23571 RESERVED CVE-2021-23570 RESERVED CVE-2021-23569 RESERVED CVE-2021-23568 RESERVED CVE-2021-23567 RESERVED CVE-2021-23566 RESERVED CVE-2021-23565 RESERVED CVE-2021-23564 RESERVED CVE-2021-23563 RESERVED CVE-2021-23562 RESERVED CVE-2021-23561 RESERVED CVE-2021-23560 RESERVED CVE-2021-23559 RESERVED CVE-2021-23558 RESERVED CVE-2021-23557 RESERVED CVE-2021-23556 RESERVED CVE-2021-23555 RESERVED CVE-2021-23554 RESERVED CVE-2021-23553 RESERVED CVE-2021-23552 RESERVED CVE-2021-23551 RESERVED CVE-2021-23550 RESERVED CVE-2021-23549 RESERVED CVE-2021-23548 RESERVED CVE-2021-23547 RESERVED CVE-2021-23546 RESERVED CVE-2021-23545 RESERVED CVE-2021-23544 RESERVED CVE-2021-23543 RESERVED CVE-2021-23542 RESERVED CVE-2021-23541 RESERVED CVE-2021-23540 RESERVED CVE-2021-23539 RESERVED CVE-2021-23538 RESERVED CVE-2021-23537 RESERVED CVE-2021-23536 RESERVED CVE-2021-23535 RESERVED CVE-2021-23534 RESERVED CVE-2021-23533 RESERVED CVE-2021-23532 RESERVED CVE-2021-23531 RESERVED CVE-2021-23530 RESERVED CVE-2021-23529 RESERVED CVE-2021-23528 RESERVED CVE-2021-23527 RESERVED CVE-2021-23526 RESERVED CVE-2021-23525 RESERVED CVE-2021-23524 RESERVED CVE-2021-23523 RESERVED CVE-2021-23522 RESERVED CVE-2021-23521 RESERVED CVE-2021-23520 RESERVED CVE-2021-23519 RESERVED CVE-2021-23518 RESERVED CVE-2021-23517 RESERVED CVE-2021-23516 RESERVED CVE-2021-23515 RESERVED CVE-2021-23514 RESERVED CVE-2021-23513 RESERVED CVE-2021-23512 RESERVED CVE-2021-23511 RESERVED CVE-2021-23510 RESERVED CVE-2021-23509 RESERVED CVE-2021-23508 RESERVED CVE-2021-23507 RESERVED CVE-2021-23506 RESERVED CVE-2021-23505 RESERVED CVE-2021-23504 RESERVED CVE-2021-23503 RESERVED CVE-2021-23502 RESERVED CVE-2021-23501 RESERVED CVE-2021-23500 RESERVED CVE-2021-23499 RESERVED CVE-2021-23498 RESERVED CVE-2021-23497 RESERVED CVE-2021-23496 RESERVED CVE-2021-23495 RESERVED CVE-2021-23494 RESERVED CVE-2021-23493 RESERVED CVE-2021-23492 RESERVED CVE-2021-23491 RESERVED CVE-2021-23490 RESERVED CVE-2021-23489 RESERVED CVE-2021-23488 RESERVED CVE-2021-23487 RESERVED CVE-2021-23486 RESERVED CVE-2021-23485 RESERVED CVE-2021-23484 RESERVED CVE-2021-23483 RESERVED CVE-2021-23482 RESERVED CVE-2021-23481 RESERVED CVE-2021-23480 RESERVED CVE-2021-23479 RESERVED CVE-2021-23478 RESERVED CVE-2021-23477 RESERVED CVE-2021-23476 RESERVED CVE-2021-23475 RESERVED CVE-2021-23474 RESERVED CVE-2021-23473 RESERVED CVE-2021-23472 RESERVED CVE-2021-23471 RESERVED CVE-2021-23470 RESERVED CVE-2021-23469 RESERVED CVE-2021-23468 RESERVED CVE-2021-23467 RESERVED CVE-2021-23466 RESERVED CVE-2021-23465 RESERVED CVE-2021-23464 RESERVED CVE-2021-23463 RESERVED CVE-2021-23462 RESERVED CVE-2021-23461 RESERVED CVE-2021-23460 RESERVED CVE-2021-23459 RESERVED CVE-2021-23458 RESERVED CVE-2021-23457 RESERVED CVE-2021-23456 RESERVED CVE-2021-23455 RESERVED CVE-2021-23454 RESERVED CVE-2021-23453 RESERVED CVE-2021-23452 RESERVED CVE-2021-23451 RESERVED CVE-2021-23450 RESERVED CVE-2021-23449 RESERVED CVE-2021-23448 (All versions of package config-handler are vulnerable to Prototype Pol ...) TODO: check CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vulnerab ...) TODO: check CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from ...) NOT-FOR-US: Node handsontable CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...) - datatables.js 1.10.21+dfsg-3 (bug #995229) NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3) CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...) NOT-FOR-US: Node jointjs CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion vulner ...) NOT-FOR-US: Node edge.js CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...) NOT-FOR-US: Node @cookiex/deep CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable to Deseri ...) NOT-FOR-US: com.jsoniter:jsoniter CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusion vuln ...) - node-set-value 3.0.1-3 (bug #994448) [bullseye] - node-set-value 3.0.1-2+deb11u1 [buster] - node-set-value (Minor issue) [stretch] - node-set-value (Minor issue) NOTE: https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 (v4.0.1) NOTE: https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a NOTE: https://github.com/jonschlinkert/set-value/pull/33 CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0. A file ...) NOT-FOR-US: Node file-upload-with-preview CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...) NOT-FOR-US: Node mpath CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...) - pillow 8.3.2-1 [bullseye] - pillow (Minor issue) [buster] - pillow (Minor issue) [stretch] - pillow (Minor issue, can be fixed in the next DLA) NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion vulnerab ...) NOT-FOR-US: Node immer CVE-2021-23435 (This affects the package clearance before 2.5.0. The vulnerability can ...) NOT-FOR-US: Rails clearance gem CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...) - node-object-path 0.11.7-1 [bullseye] - node-object-path 0.11.5-3+deb11u1 [buster] - node-object-path (Minor issue) [stretch] - node-object-path (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453 NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb CVE-2021-23433 RESERVED CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...) NOT-FOR-US: Node mootools CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...) NOT-FOR-US: Node joplin CVE-2021-23430 (All versions of package startserver are vulnerable to Directory Traver ...) NOT-FOR-US: Node startserver CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of Service ...) NOT-FOR-US: Node transpile CVE-2021-23428 (This affects all versions of package elFinder.NetCore. The Path.Combin ...) NOT-FOR-US: elFinder.NetCore CVE-2021-23427 (This affects all versions of package elFinder.NetCore. The ExtractAsyn ...) NOT-FOR-US: elFinder.NetCore CVE-2021-23426 (This affects all versions of package Proto. It is possible to inject p ...) NOT-FOR-US: Node proto CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to Regular Ex ...) NOT-FOR-US: Node trim-off-newlines CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker provide ...) NOT-FOR-US: Node ansi-html CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur when an ...) NOT-FOR-US: Bikeshed CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur when an ...) NOT-FOR-US: Bikeshed CVE-2021-23421 (All versions of package merge-change are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node merge-change CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0 and before ...) NOT-FOR-US: codeception CVE-2021-23419 (This affects the package open-graph before 0.2.6. The function parse c ...) NOT-FOR-US: Node open-graph CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML External Entity ...) - glances [bullseye] - glances (Minor issue) [buster] - glances (Minor issue) [stretch] - glances (Minor issue) NOTE: https://github.com/nicolargo/glances/issues/1025 NOTE: https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 NOTE: https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a NOTE: https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32 CVE-2021-23417 (All versions of package deepmergefn are vulnerable to Prototype Pollut ...) NOT-FOR-US: Node deepmergefn CVE-2021-23416 (This affects all versions of package curly-bracket-parser. When used a ...) NOT-FOR-US: curly-bracket-parser CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The user-contro ...) NOT-FOR-US: elFinder.AspNet CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribute of ...) NOT-FOR-US: video.js CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...) - node-jszip 3.5.0+dfsg-2 [buster] - node-jszip 3.1.4+dfsg-1+deb10u1 NOTE: https://github.com/Stuk/jszip/pull/766 NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36 CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...) NOT-FOR-US: Node gitlogplus CVE-2021-23411 (Affected versions of this package are vulnerable to Cross-site Scripti ...) NOT-FOR-US: Node anchorme CVE-2021-23410 REJECTED CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ...) - golang-github-pires-go-proxyproto (bug #991498) [bullseye] - golang-github-pires-go-proxyproto (Minor issue) NOTE: https://github.com/pires/go-proxyproto/issues/65 NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439 NOTE: https://github.com/pires/go-proxyproto/pull/74 CVE-2021-23408 (This affects the package com.graphhopper:graphhopper-web-bundle before ...) NOT-FOR-US: com.graphhopper:graphhopper-web-bundle CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before 1.2.4. Th ...) NOT-FOR-US: elFinder.Net.Core CVE-2021-23406 (This affects the package pac-resolver before 5.0.0. This can occur whe ...) NOT-FOR-US: Node pac-resolver CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This issue exi ...) NOT-FOR-US: Pimcore CVE-2021-23404 (This affects all versions of package sqlite-web. The SQL dashboard are ...) NOT-FOR-US: sqlite-web CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node ts-nodash CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable to Prot ...) NOT-FOR-US: Node record-like-deep-assign CVE-2021-23401 (This affects all versions of package Flask-User. When using the make_s ...) NOT-FOR-US: Flask-User CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...) - node-nodemailer 6.4.17-3 (bug #990485) NOTE: https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f NOTE: https://github.com/nodemailer/nodemailer/issues/1289 NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 CVE-2021-23399 (This affects all versions of package wincred. If attacker-controlled u ...) NOT-FOR-US: wincred CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...) NOT-FOR-US: react-bootstrap-table CVE-2021-23397 RESERVED CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...) NOT-FOR-US: Node lutils CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...) NOT-FOR-US: Node nedb CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote ...) NOT-FOR-US: studio-42/elfinder CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the ...) NOT-FOR-US: Flask-unchained CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...) NOT-FOR-US: Node locutus CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...) NOT-FOR-US: Node calipso CVE-2021-23390 (The package total4 before 0.0.43 are vulnerable to Arbitrary Code Exec ...) NOT-FOR-US: Node total4 CVE-2021-23389 (The package total.js before 3.4.9 are vulnerable to Arbitrary Code Exe ...) NOT-FOR-US: Node total4 CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...) NOT-FOR-US: Node forms CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...) NOT-FOR-US: Node trailing-slash CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...) NOT-FOR-US: Node dns-packet CVE-2021-23385 RESERVED CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...) NOT-FOR-US: Node koa-remove-trailing-slashes before CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...) - node-handlebars 3:4.7.6+~4.1.0-2 [buster] - node-handlebars (Minor issue; can be fixed via point release) - libjs-handlebars [stretch] - libjs-handlebars (Minor issue; can be fixed in next update) NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 CVE-2021-23382 (The package postcss before 8.2.13 are vulnerable to Regular Expression ...) - node-postcss 8.2.1+~cs5.3.23-7 [buster] - node-postcss (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 NOTE: https://github.com/postcss/postcss/commit/2ad1ca9b965dde32223bee28dc259c339cbaaa05 (8.2.13) CVE-2021-23381 (This affects all versions of package killing. If attacker-controlled u ...) NOT-FOR-US: Node killing CVE-2021-23380 (This affects all versions of package roar-pidusage. If attacker-contro ...) NOT-FOR-US: Node roar-pidusage CVE-2021-23379 (This affects all versions of package portkiller. If (attacker-controll ...) NOT-FOR-US: Node portkiller CVE-2021-23378 (This affects all versions of package picotts. If attacker-controlled u ...) NOT-FOR-US: Node picotts CVE-2021-23377 (This affects all versions of package onion-oled-js. If attacker-contro ...) NOT-FOR-US: Node onion-oled-js CVE-2021-23376 (This affects all versions of package ffmpegdotjs. If attacker-controll ...) NOT-FOR-US: Node ffmpegdotjs CVE-2021-23375 (This affects all versions of package psnode. If attacker-controlled us ...) NOT-FOR-US: Node psnode CVE-2021-23374 (This affects all versions of package ps-visitor. If attacker-controlle ...) NOT-FOR-US: Node ps-visitor CVE-2021-23373 RESERVED CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...) NOT-FOR-US: mongo-express CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...) NOT-FOR-US: Node chrono-node CVE-2021-23370 (This affects the package swiper before 6.5.1. ...) NOT-FOR-US: swiper CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ...) - node-handlebars 3:4.7.6+~4.1.0-2 [buster] - node-handlebars 3:4.1.0-1+deb10u3 - libjs-handlebars [stretch] - libjs-handlebars (Minor issue and too intrusive to backport) NOTE: https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 CVE-2021-23368 (The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Reg ...) - node-postcss 8.2.1+~cs5.3.23-6 [buster] - node-postcss (Vulnerable code not present) NOTE: https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4 NOTE: https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5 NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595 CVE-2021-23367 RESERVED CVE-2021-23366 RESERVED CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker before 1.1. ...) NOT-FOR-US: tyk-identity-broker CVE-2021-23364 (The package browserslist from 4.0.0 and before 4.16.5 are vulnerable t ...) - node-browserslist 4.16.3+~cs5.4.72-2 (bug #987792) [buster] - node-browserslist (Minor issue; risky backport with regression potential) NOTE: https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98 NOTE: https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 NOTE: https://github.com/browserslist/browserslist/pull/593 CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker-contr ...) NOT-FOR-US: Node kill-by-port CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...) - node-hosted-git-info 3.0.8-1 [buster] - node-hosted-git-info 2.7.1-1+deb10u1 [stretch] - node-hosted-git-info (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3 NOTE: https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 CVE-2021-23361 REJECTED CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...) NOT-FOR-US: Node killport CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...) NOT-FOR-US: Node port-killer CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...) {DSA-4883-1 DLA-2613-1} - underscore 1.9.1~dfsg-2 (bug #986171) NOTE: https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...) NOT-FOR-US: tyk/gateway CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...) NOT-FOR-US: Node kill-process-by-name CVE-2021-23355 (This affects all versions of package ps-kill. If (attacker-controlled) ...) NOT-FOR-US: Node ps-kill CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular Expression D ...) NOT-FOR-US: Node printf CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...) NOT-FOR-US: Node jspdf CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to specify ...) NOT-FOR-US: Node madge CVE-2021-23351 (The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable ...) - golang-github-pires-go-proxyproto 0.4.2-1 (bug #985025) NOTE: https://github.com/pires/go-proxyproto/issues/69 NOTE: https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577 CVE-2021-23350 RESERVED CVE-2021-23349 RESERVED CVE-2021-23348 (This affects the package portprocesses before 1.0.5. If (attacker-cont ...) NOT-FOR-US: Node portprocesses CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 ...) NOT-FOR-US: argo-cd CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...) NOT-FOR-US: html-parse-stringify CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...) NOT-FOR-US: gotenberg CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...) NOT-FOR-US: total.js CVE-2021-23343 (All versions of package path-parse are vulnerable to Regular Expressio ...) NOT-FOR-US: Node path-parse CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...) NOT-FOR-US: docsify CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...) - node-prismjs 1.23.0+dfsg-1 (bug #985109) NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 (v1.23.0) NOTE: https://github.com/PrismJS/prism/pull/2584 NOTE: https://github.com/PrismJS/prism/issues/2583 CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...) NOT-FOR-US: Pimcore CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of ...) NOT-FOR-US: com.typesafe.akka:akka-http-core CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...) NOT-FOR-US: qlib CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ...) - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086) [buster] - node-lodash (Minor issue) [stretch] - node-lodash (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...) {DLA-2628-1 DLA-2619-1 DLA-2569-1} - python-django 2:2.2.19-1 (bug #983090) [buster] - python-django (Minor issue; can be fixed via point release) - python3.9 3.9.2-1 - python3.8 - python3.7 [buster] - python3.7 (Minor issue) - python3.5 - python2.7 [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) [buster] - python2.7 (Minor issue) - pypy3 7.3.3+dfsg-3 [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/pull/24297 NOTE: https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master) NOTE: https://github.com/python/cpython/commit/c9f07813ab8e664d8c34413c4fc2d4f86c061a92 (3.9) NOTE: https://github.com/python/cpython/commit/d0d4d30882fe3ab9b1badbecf5d15d94326fd13e (3.7) NOTE: https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...) NOT-FOR-US: Node is-user-valid CVE-2021-23334 REJECTED CVE-2021-23333 RESERVED CVE-2021-23332 RESERVED CVE-2021-23331 (This affects all versions of package com.squareup:connect. The method ...) NOT-FOR-US: com.squareup:connect CVE-2021-23330 (All versions of package launchpad are vulnerable to Command Injection ...) NOT-FOR-US: Node launchpad CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to Protot ...) NOT-FOR-US: Node nested-object-assign CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...) NOT-FOR-US: Node iniparserjs CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...) NOT-FOR-US: apexcharts CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...) NOT-FOR-US: graphql-tools/git-loader CVE-2021-23325 RESERVED CVE-2021-23324 RESERVED CVE-2021-23323 RESERVED CVE-2021-23322 RESERVED CVE-2021-23321 RESERVED CVE-2021-23320 RESERVED CVE-2021-23319 RESERVED CVE-2021-23318 RESERVED CVE-2021-23317 RESERVED CVE-2021-23316 RESERVED CVE-2021-23315 RESERVED CVE-2021-23314 RESERVED CVE-2021-23313 RESERVED CVE-2021-23312 RESERVED CVE-2021-23311 RESERVED CVE-2021-23310 RESERVED CVE-2021-23309 RESERVED CVE-2021-23308 RESERVED CVE-2021-23307 RESERVED CVE-2021-23306 RESERVED CVE-2021-23305 RESERVED CVE-2021-23304 RESERVED CVE-2021-23303 RESERVED CVE-2021-23302 RESERVED CVE-2021-23301 RESERVED CVE-2021-23300 RESERVED CVE-2021-23299 RESERVED CVE-2021-23298 RESERVED CVE-2021-23297 RESERVED CVE-2021-23296 RESERVED CVE-2021-23295 RESERVED CVE-2021-23294 RESERVED CVE-2021-23293 RESERVED CVE-2021-23292 RESERVED CVE-2021-23291 RESERVED CVE-2021-23290 RESERVED CVE-2021-23289 RESERVED CVE-2021-23288 RESERVED CVE-2021-23287 RESERVED CVE-2021-23286 RESERVED CVE-2021-23285 RESERVED CVE-2021-23284 RESERVED CVE-2021-23283 RESERVED CVE-2021-23282 RESERVED CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) NOT-FOR-US: Eaton Intelligent Power Manager (IPM) CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) NOT-FOR-US: Eaton Intelligent Power Manager (IPM) CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) NOT-FOR-US: Eaton Intelligent Power Manager (IPM) CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) NOT-FOR-US: Eaton Intelligent Power Manager (IPM) CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) NOT-FOR-US: Eaton Intelligent Power Manager (IPM) CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) NOT-FOR-US: Eaton Intelligent Power Manager (IPM) CVE-2021-23275 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...) NOT-FOR-US: TIBCO CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...) NOT-FOR-US: TIBCO CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...) NOT-FOR-US: TIBCO CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX ...) NOT-FOR-US: TIBCO CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers ...) NOT-FOR-US: Netsia SEBA+ CVE-2021-23270 (In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur tha ...) NOT-FOR-US: Gargoyle OS CVE-2021-23269 RESERVED CVE-2021-23268 RESERVED CVE-2021-23267 RESERVED CVE-2021-23266 RESERVED CVE-2021-23265 RESERVED CVE-2021-23264 RESERVED CVE-2021-23263 RESERVED CVE-2021-23262 RESERVED CVE-2021-23261 RESERVED CVE-2021-23260 RESERVED CVE-2021-23259 RESERVED CVE-2021-23258 RESERVED CVE-2021-23257 RESERVED CVE-2021-23256 RESERVED CVE-2021-23255 RESERVED CVE-2021-23254 RESERVED CVE-2021-23253 (Opera Mini for Android below 53.1 displays URL left-aligned in the add ...) NOT-FOR-US: Opera Mini for Android CVE-2021-23252 RESERVED CVE-2021-23251 RESERVED CVE-2021-23250 RESERVED CVE-2021-23249 RESERVED CVE-2021-23248 RESERVED CVE-2021-23247 RESERVED CVE-2021-23246 RESERVED CVE-2021-23245 RESERVED CVE-2021-23244 RESERVED CVE-2021-23243 (In Oppo's battery application, the third-party SDK provides the functi ...) NOT-FOR-US: OPPO Android Phone CVE-2021-3112 RESERVED CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via ...) NOT-FOR-US: Concrete5 CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...) NOT-FOR-US: PrestaShop CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...) NOT-FOR-US: SolarWinds CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) NOT-FOR-US: MERCUSYS Mercury X18G devices CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) NOT-FOR-US: MERCUSYS Mercury X18G devices CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a loc ...) - sudo 1.9.5-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2 NOTE: https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a NOTE: https://www.sudo.ws/alerts/sudoedit_selinux.html NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1) CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ...) - sudo 1.9.5-1 [buster] - sudo (Minor issue) [stretch] - sudo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2 NOTE: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02 CVE-2021-3108 RESERVED CVE-2021-3107 RESERVED CVE-2021-3106 RESERVED CVE-2021-23238 RESERVED CVE-2021-23237 RESERVED CVE-2021-3105 RESERVED CVE-2021-3104 RESERVED CVE-2021-3103 RESERVED CVE-2021-3102 RESERVED CVE-2021-3101 RESERVED CVE-2021-3100 RESERVED CVE-2021-3099 RESERVED CVE-2021-3098 RESERVED CVE-2021-3097 RESERVED CVE-2021-3096 RESERVED CVE-2021-3095 RESERVED CVE-2021-3094 RESERVED CVE-2021-3093 RESERVED CVE-2021-3092 RESERVED CVE-2021-3091 RESERVED CVE-2021-3090 RESERVED CVE-2021-3089 RESERVED CVE-2021-3088 RESERVED CVE-2021-3087 RESERVED CVE-2021-3086 RESERVED CVE-2021-3085 RESERVED CVE-2021-3084 RESERVED CVE-2021-3083 RESERVED CVE-2021-3082 RESERVED CVE-2021-3081 RESERVED CVE-2021-3080 RESERVED CVE-2021-3079 RESERVED CVE-2021-3078 RESERVED CVE-2021-3077 RESERVED CVE-2021-3076 RESERVED CVE-2021-3075 RESERVED CVE-2021-3074 RESERVED CVE-2021-3073 RESERVED CVE-2021-3072 RESERVED CVE-2021-3071 RESERVED CVE-2021-3070 RESERVED CVE-2021-3069 RESERVED CVE-2021-3068 RESERVED CVE-2021-3067 RESERVED CVE-2021-3066 RESERVED CVE-2021-3065 RESERVED CVE-2021-3064 RESERVED CVE-2021-3063 RESERVED CVE-2021-3062 RESERVED CVE-2021-3061 RESERVED CVE-2021-3060 RESERVED CVE-2021-3059 RESERVED CVE-2021-3058 RESERVED CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3056 RESERVED CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3053 (An improper handling of exceptional conditions vulnerability exists in ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3052 (A reflected cross-site scripting (XSS) vulnerability in the Palo Alto ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3051 (An improper verification of cryptographic signature vulnerability exis ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3050 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2021-3049 (An improper authorization vulnerability in the Palo Alto Networks Cort ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3048 (Certain invalid URL entries contained in an External Dynamic List (EDL ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3047 (A cryptographically weak pseudo-random number generator (PRNG) is used ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3046 (An improper authentication vulnerability exists in Palo Alto Networks ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3045 (An OS command argument injection vulnerability in the Palo Alto Networ ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...) NOT-FOR-US: Prisma Cloud Compute web console (Palo Alto Networks) CVE-2021-3042 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3039 (An information exposure through log file vulnerability exists in the P ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3036 (An information exposure through log file vulnerability exists in Palo ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3035 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...) NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks) CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3030 RESERVED CVE-2021-23234 RESERVED CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere vulnerabilit ...) NOT-FOR-US: Argo CD CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux Kernel before ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4 CVE-2021-23133 (A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) befo ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2 CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...) NOT-FOR-US: Joomla! CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...) NOT-FOR-US: Joomla! CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...) NOT-FOR-US: Joomla! CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...) NOT-FOR-US: Joomla! CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...) NOT-FOR-US: Joomla! CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...) NOT-FOR-US: Joomla! CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the ...) NOT-FOR-US: Joomla! CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...) NOT-FOR-US: Joomla! CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...) NOT-FOR-US: Joomla! CVE-2021-23123 (An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of A ...) NOT-FOR-US: Joomla! CVE-2021-23122 RESERVED CVE-2021-23121 RESERVED CVE-2021-23120 RESERVED CVE-2021-23119 RESERVED CVE-2021-23118 RESERVED CVE-2021-23117 RESERVED CVE-2021-23116 RESERVED CVE-2021-23115 RESERVED CVE-2021-23114 RESERVED CVE-2021-23113 RESERVED CVE-2021-23112 RESERVED CVE-2021-23111 RESERVED CVE-2021-23110 RESERVED CVE-2021-23109 RESERVED CVE-2021-23108 RESERVED CVE-2021-23107 RESERVED CVE-2021-23106 RESERVED CVE-2021-23105 RESERVED CVE-2021-23104 RESERVED CVE-2021-23103 RESERVED CVE-2021-23102 RESERVED CVE-2021-23101 RESERVED CVE-2021-23100 RESERVED CVE-2021-23099 RESERVED CVE-2021-23098 RESERVED CVE-2021-23097 RESERVED CVE-2021-23096 RESERVED CVE-2021-23095 RESERVED CVE-2021-23094 RESERVED CVE-2021-23093 RESERVED CVE-2021-23092 RESERVED CVE-2021-23091 RESERVED CVE-2021-23090 RESERVED CVE-2021-23089 RESERVED CVE-2021-23088 RESERVED CVE-2021-23087 RESERVED CVE-2021-23086 RESERVED CVE-2021-23085 RESERVED CVE-2021-23084 RESERVED CVE-2021-23083 RESERVED CVE-2021-23082 RESERVED CVE-2021-23081 RESERVED CVE-2021-23080 RESERVED CVE-2021-23079 RESERVED CVE-2021-23078 RESERVED CVE-2021-23077 RESERVED CVE-2021-23076 RESERVED CVE-2021-23075 RESERVED CVE-2021-23074 RESERVED CVE-2021-23073 RESERVED CVE-2021-23072 RESERVED CVE-2021-23071 RESERVED CVE-2021-23070 RESERVED CVE-2021-23069 RESERVED CVE-2021-23068 RESERVED CVE-2021-23067 RESERVED CVE-2021-23066 RESERVED CVE-2021-23065 RESERVED CVE-2021-23064 RESERVED CVE-2021-23063 RESERVED CVE-2021-23062 RESERVED CVE-2021-23061 RESERVED CVE-2021-23060 RESERVED CVE-2021-23059 RESERVED CVE-2021-23058 RESERVED CVE-2021-23057 RESERVED CVE-2021-23056 RESERVED CVE-2021-23055 RESERVED CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23052 (On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23051 (On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Develo ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23050 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 a ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23049 (On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, whe ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23048 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23047 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23046 (On all versions of Guided Configuration before 8.0.0, when a configura ...) NOT-FOR-US: F5 CVE-2021-23045 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23044 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23043 (On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23042 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23041 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23040 (On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14 ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23039 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23038 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23037 (On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23036 (On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe prof ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23035 (On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured o ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23034 (On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23033 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23032 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23031 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23030 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23029 (On version 16.0.x before 16.0.1.2, insufficient permission checks may ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23028 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23027 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23026 (BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x be ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23025 (On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x befo ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23024 (On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG ...) NOT-FOR-US: F5 CVE-2021-23023 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23022 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, t ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/co ...) NOT-FOR-US: NGINX Controller CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an insecure p ...) NOT-FOR-US: NGINX Controller CVE-2021-23019 (The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administra ...) NOT-FOR-US: NGINX Controller CVE-2021-23018 (Intra-cluster communication does not use TLS. The services within the ...) NOT-FOR-US: NGINX Controller CVE-2021-23017 (A security issue in nginx resolver was identified, which might allow a ...) {DSA-4921-1 DLA-2670-1} - nginx 1.18.0-6.1 (bug #989095) NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/5 NOTE: Patch: http://nginx.org/download/patch.2021.resolver.txt NOTE: Fixed by: https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf (1.20.1) CVE-2021-23016 (On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23015 (On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 throu ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23014 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23013 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23012 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23011 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x befor ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23010 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x befor ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23009 (On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, mal ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23008 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23007 (On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Mi ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23006 (On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23005 (On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum devi ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23004 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23003 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23002 (When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23001 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x bef ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23000 (On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22999 (On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22998 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22997 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22996 (On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22995 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22994 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22993 (On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22992 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22991 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22990 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22989 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22988 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22987 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22986 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22981 (On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, a ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22978 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22977 (On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation betwe ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22974 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22973 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22972 RESERVED CVE-2021-22971 RESERVED CVE-2021-22970 RESERVED CVE-2021-22969 RESERVED CVE-2021-22968 RESERVED CVE-2021-22967 RESERVED CVE-2021-22966 RESERVED CVE-2021-22965 RESERVED CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version >= ...) TODO: check CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2 ...) TODO: check CVE-2021-22962 RESERVED CVE-2021-22961 RESERVED CVE-2021-22960 [HTTP Request Smuggling when parsing the body] RESERVED - nodejs 12.22.7~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960 CVE-2021-22959 [HTTP Request Smuggling due to spaced in headers] RESERVED - nodejs 12.22.7~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959 CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concrete5 < ...) NOT-FOR-US: Concrete CMS CVE-2021-22957 RESERVED CVE-2021-22956 RESERVED CVE-2021-22955 RESERVED CVE-2021-22954 RESERVED CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...) NOT-FOR-US: Concrete CMS CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...) NOT-FOR-US: UniFI Talk CVE-2021-22951 RESERVED CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...) NOT-FOR-US: Concrete CMS CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...) NOT-FOR-US: Concrete CMS CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver < ...) NOT-FOR-US: revive-adserver CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 se ...) {DLA-2773-1} - curl [bullseye] - curl (Minor issue) [buster] - curl (Minor issue) NOTE: https://curl.se/docs/CVE-2021-22947.html NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0) CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...) {DLA-2773-1} - curl [bullseye] - curl (Minor issue) [buster] - curl (Minor issue) NOTE: https://curl.se/docs/CVE-2021-22946.html NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0) CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 c ...) - curl [bullseye] - curl (Minor issue) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2021-22945.html NOTE: Fixed by: https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49 (curl-7_79_0) CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...) NOT-FOR-US: UniFi Protect application CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...) NOT-FOR-US: UniFi Protect application CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware] RESERVED [experimental] - rails 2:6.1.4.1+dfsg-1 - rails (bug #992586) [buster] - rails (Vulnerable code not present) [stretch] - rails (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1 CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones controller b ...) NOT-FOR-US: Citrix CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...) - nodejs 12.22.5~dfsg-1 [bullseye] - nodejs (Incomplete fix for CVE-2021-22930 not applied) [buster] - nodejs (Incomplete fix for CVE-2021-22930 not applied) [stretch] - nodejs (Incomplete fix for CVE-2021-22930 not applied) NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940 CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" was in p ...) - nodejs 12.22.5~dfsg-1 [bullseye] - nodejs 12.22.5~dfsg-2~11u1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939 CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22937 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22936 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow a th ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22935 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22934 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool for Citr ...) NOT-FOR-US: Citrix CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...) - nodejs (Debian builds nodejs against src:c-ares) NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931 CVE-2021-22930 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use aft ...) - nodejs 12.22.4~dfsg-1 [bullseye] - nodejs 12.22.5~dfsg-2~11u1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://github.com/nodejs/node/commit/b263f2585ab53f56e0e22b46cf1f8519a8af8a05 NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930 NOTE: Possible incomplete fix (at least for v12): https://github.com/nodejs/node/issues/38964#issuecomment-889936936 NOTE: CVE for the incomplete fix tracked as CVE-2021-22940 CVE-2021-22929 (An information disclosure exists in Brave Browser Desktop prior to ver ...) - brave-browser (bug #864795) CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and Desktop ...) NOT-FOR-US: Citrix CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...) NOT-FOR-US: Citrix CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...) NOT-FOR-US: curl builds on MacOS CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...) - curl (Incomplete fix for CVE-2021-22898 not applied) NOTE: https://curl.se/docs/CVE-2021-22925.html NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2) NOTE: Fixed by: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0) NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/4 NOTE: CVE is assigned because previous attempt to address CVE-2021-22898 resulted to be NOTE: insufficient and the security vulnerability remained. CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...) {DLA-2734-1} - curl (bug #991492) [bullseye] - curl (Minor issue) [buster] - curl (Minor issue) NOTE: https://curl.se/docs/CVE-2021-22924.html NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4) NOTE: Fixed by: https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 (curl-7_78_0) NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/3 CVE-2021-22923 (When curl is instructed to get content using the metalink feature, and ...) - curl (unimportant) NOTE: https://curl.se/docs/CVE-2021-22923.html NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/2 NOTE: The fix for earlier versions is to rebuild curl with the metalink support NOTE: switched off. NOTE: Metalink support not enabled in Debian builds. CVE-2021-22922 (When curl is instructed to download content using the metalink feature ...) - curl (unimportant) NOTE: https://curl.se/docs/CVE-2021-22922.html NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/1 NOTE: The fix for earlier versions is to rebuild curl with the metalink support NOTE: switched off. NOTE: Metalink support not enabled in Debian builds. CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...) - nodejs (Only affects Windows installer) CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...) NOT-FOR-US: Citrix CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...) NOT-FOR-US: Citrix CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...) {DSA-4936-1} - libuv1 1.40.0-2 (bug #990561) [stretch] - libuv1 (Vulnerable code added later) NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ NOTE: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829 CVE-2021-22917 (Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to ...) - brave-browser (bug #864795) CVE-2021-22916 (In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is ...) - brave-browser (bug #864795) CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...) - nextcloud-server (bug #941708) CVE-2021-22914 (Citrix Cloud Connector before 6.31.0.62192 suffers from insecure stora ...) NOT-FOR-US: Citrix CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...) NOT-FOR-US: Nextcloud Deck CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...) NOT-FOR-US: Nextcloud iOS CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...) NOT-FOR-US: Rocket.Chat CVE-2021-22910 (A sanitization vulnerability exists in Rocket.Chat server versions < ...) NOT-FOR-US: Rocket.Chat CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...) NOT-FOR-US: EdgeMAX EdgeRouter CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...) NOT-FOR-US: Windows File Resource Profiles CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...) NOT-FOR-US: Citrix CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers ...) - nextcloud-server (bug #941708) CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...) NOT-FOR-US: Nextcloud Android App (com.nextcloud.client) CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...) {DSA-4929-1 DLA-2655-1} - rails 2:6.0.3.7+dfsg-1 (bug #988214) NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main) NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7) NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6) CVE-2021-22903 (The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...) - rails (Vulnerable code introduced in 6.1.0.rc2) NOTE: Introduced by: https://github.com/rails/rails/commit/9bc7ea5dab34c8657c91d0258bb5afd8bfcd3a8f (main) NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main) CVE-2021-22902 (The actionpack ruby gem (a framework for handling and responding to we ...) - rails 2:6.0.3.7+dfsg-1 (bug #988214) [buster] - rails (Vulnerable code introduced later) [stretch] - rails (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main) NOTE: Fixed by: https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a (v6.0.3.7) CVE-2021-22901 (curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability ...) - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2021-22901.html NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0) NOTE: Fixed by: https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (7.77.0) CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse Connect ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...) {DLA-2734-1} - curl (bug #989228) [bullseye] - curl (Minor issue) [buster] - curl (Minor issue) NOTE: https://curl.se/docs/CVE-2021-22898.html NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7) NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0) NOTE: Followup to not make curl vulnerable to CVE-2021-22925: NOTE: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0) CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element to wr ...) - curl (Windows only) NOTE: https://curl.se/docs/CVE-2021-22897.html NOTE: Introduced by: https://github.com/curl/curl/commit/9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28 (7.61.0) NOTE: Fixed by: https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 (7.77.0) NOTE: Only affect builds with schannel support (which is Windows only) CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...) NOT-FOR-US: Nextcloud Mail CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...) {DSA-4974-1} - nextcloud-desktop 3.3.1-1 (bug #989846) NOTE: https://github.com/nextcloud/desktop/pull/2926 NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...) NOT-FOR-US: Pulse Connect Secure CVE-2021-22892 (An information disclosure vulnerability exists in the Rocket.Chat serv ...) NOT-FOR-US: Rocket.Chat CVE-2021-22891 (A missing authorization vulnerability exists in Citrix ShareFile Stora ...) NOT-FOR-US: Citrix CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...) {DSA-4881-1} - curl 7.74.0-1.2 (bug #986270) [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2021-22890.html NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844 CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...) NOT-FOR-US: Revive Adserver CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...) NOT-FOR-US: Revive Adserver CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...) NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...) NOT-FOR-US: Rocket.Chat CVE-2021-22885 (A possible information disclosure / unintended method execution vulner ...) {DSA-4929-1 DLA-2655-1} - rails 2:6.0.3.7+dfsg-1 (bug #988214) NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main) NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7) NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6) CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...) {DSA-4863-1} - nodejs 12.21.0~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ CVE-2021-22883 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...) {DSA-4863-1} - nodejs 12.21.0~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ CVE-2021-22882 (UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras ...) NOT-FOR-US: UniFi Protect CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...) - rails 2:6.0.3.5+dfsg-1 [buster] - rails (Vulnerable code not present) [stretch] - rails (host_authorization.rb added later) NOTE: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130 NOTE: https://hackerone.com/reports/1047447 NOTE: https://github.com/rails/rails/commit/83a6ac3fee8fd538ce7e0088913ff54f0f9bcb6f (main) NOTE: https://github.com/rails/rails/commit/e33092740b3cc05f5abee197a5982eac31947e92 (v6.0.3.5) CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...) {DSA-4929-1} - rails 2:6.0.3.5+dfsg-1 [stretch] - rails (Vulnerable asterisk in regex added later) NOTE: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129 NOTE: https://hackerone.com/reports/1023899 NOTE: https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main) NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5) NOTE: https://github.com/rails/rails/commit/bf0ef9df1793046241c26b3fb92fac551d1628b4 (5.2-stable) CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...) - nextcloud-desktop 3.1.1-2 (bug #987274) [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2021-008 NOTE: https://github.com/nextcloud/desktop/pull/2906 CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...) - nextcloud-server (bug #941708) CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...) - nextcloud-server (bug #941708) CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...) {DSA-4881-1 DLA-2664-1} - curl 7.74.0-1.2 (bug #986269) NOTE: https://curl.se/docs/CVE-2021-22876.html NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...) NOT-FOR-US: Revive Adserver CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...) NOT-FOR-US: Revive Adserver CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...) NOT-FOR-US: Revive Adserver CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...) NOT-FOR-US: Revive Adserver CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager account t ...) NOT-FOR-US: Revive Adserver CVE-2021-22870 RESERVED CVE-2021-22869 (An improper access control vulnerability in GitHub Enterprise Server a ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-22868 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-22867 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-22865 (An improper access control vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub ...) NOT-FOR-US: GitHub Enterprise CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise CVE-2021-22860 (EIC e-document system does not perform completed identity verification ...) NOT-FOR-US: EIC e-document system CVE-2021-22859 (The users’ data querying function of EIC e-document system does ...) NOT-FOR-US: EIC e-document system CVE-2021-22858 (Attackers can access the CGE account management function without privi ...) NOT-FOR-US: CGE CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...) NOT-FOR-US: CGE CVE-2021-22856 (The CGE property management system contains SQL Injection vulnerabilit ...) NOT-FOR-US: CGE CVE-2021-22855 (The specific function of HR Portal of Soar Cloud System accepts any ty ...) NOT-FOR-US: HR Portal of Soar Cloud System CVE-2021-22854 (The HR Portal of Soar Cloud System fails to filter specific parameters ...) NOT-FOR-US: HR Portal of Soar Cloud System CVE-2021-22853 (The HR Portal of Soar Cloud System fails to manage access control. Whi ...) NOT-FOR-US: HR Portal of Soar Cloud System CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) NOT-FOR-US: HGiga EIP CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) NOT-FOR-US: HGiga EIP CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...) NOT-FOR-US: HGiga EIP CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...) NOT-FOR-US: Hyweb HyCMS-J1 CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers can inje ...) NOT-FOR-US: HGiga MailSherlock CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...) NOT-FOR-US: Hyweb HyCMS-J1 CVE-2021-22846 RESERVED CVE-2021-22845 RESERVED CVE-2021-22844 RESERVED CVE-2021-22843 RESERVED CVE-2021-22842 RESERVED CVE-2021-22841 RESERVED CVE-2021-22840 RESERVED CVE-2021-22839 RESERVED CVE-2021-22838 RESERVED CVE-2021-22837 RESERVED CVE-2021-22836 RESERVED CVE-2021-22835 RESERVED CVE-2021-22834 RESERVED CVE-2021-22833 RESERVED CVE-2021-22832 RESERVED CVE-2021-22831 RESERVED CVE-2021-22830 RESERVED CVE-2021-22829 RESERVED CVE-2021-22828 RESERVED CVE-2021-22827 RESERVED CVE-2021-22826 RESERVED CVE-2021-22825 RESERVED CVE-2021-22824 RESERVED CVE-2021-22823 RESERVED CVE-2021-22822 RESERVED CVE-2021-22821 RESERVED CVE-2021-22820 RESERVED CVE-2021-22819 RESERVED CVE-2021-22818 RESERVED CVE-2021-22817 RESERVED CVE-2021-22816 RESERVED CVE-2021-22815 RESERVED CVE-2021-22814 RESERVED CVE-2021-22813 RESERVED CVE-2021-22812 RESERVED CVE-2021-22811 RESERVED CVE-2021-22810 RESERVED CVE-2021-22809 RESERVED CVE-2021-22808 RESERVED CVE-2021-22807 RESERVED CVE-2021-22806 RESERVED CVE-2021-22805 RESERVED CVE-2021-22804 RESERVED CVE-2021-22803 RESERVED CVE-2021-22802 RESERVED CVE-2021-22801 RESERVED CVE-2021-22800 RESERVED CVE-2021-22799 RESERVED CVE-2021-22798 RESERVED CVE-2021-22797 RESERVED CVE-2021-22796 RESERVED CVE-2021-22795 RESERVED CVE-2021-22794 RESERVED CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Schneider Electric CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...) NOT-FOR-US: Schneider Electric CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial ...) NOT-FOR-US: Schneider Electric CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial ...) NOT-FOR-US: Schneider Electric CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: Schneider Electric CVE-2021-22788 RESERVED CVE-2021-22787 RESERVED CVE-2021-22786 RESERVED CVE-2021-22785 RESERVED CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2021-22783 RESERVED CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in EcoStruxu ...) NOT-FOR-US: Schneider Electric CVE-2021-22781 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...) NOT-FOR-US: Schneider Electric CVE-2021-22780 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...) NOT-FOR-US: Schneider Electric CVE-2021-22779 (Authentication Bypass by Spoofing vulnerability exists in EcoStruxure ...) NOT-FOR-US: Schneider Electric CVE-2021-22778 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...) NOT-FOR-US: Schneider Electric CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability exists that ...) NOT-FOR-US: Schneider Electric CVE-2021-22776 RESERVED CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP ...) NOT-FOR-US: Schneider Electric CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists i ...) NOT-FOR-US: Schneider Electric CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in EVlink C ...) NOT-FOR-US: Schneider Electric CVE-2021-22772 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2021-22771 (A CWE-1236: Improper Neutralization of Formula Elements in a CSV File ...) NOT-FOR-US: Schneider Electric CVE-2021-22770 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 w ...) NOT-FOR-US: Schneider Electric CVE-2021-22769 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...) NOT-FOR-US: Schneider Electric CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) NOT-FOR-US: PowerLogic EGX300 CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) NOT-FOR-US: PowerLogic EGX300 CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) NOT-FOR-US: PowerLogic EGX300 CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) NOT-FOR-US: PowerLogic CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic ...) NOT-FOR-US: PowerLogic CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...) NOT-FOR-US: PowerLogic CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: Schneider CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...) NOT-FOR-US: Schneider CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...) NOT-FOR-US: Schneider CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...) NOT-FOR-US: Schneider CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) NOT-FOR-US: Schneider CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) NOT-FOR-US: Schneider CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) NOT-FOR-US: Schneider CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) NOT-FOR-US: Schneider CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) NOT-FOR-US: Schneider CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) NOT-FOR-US: Schneider CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) NOT-FOR-US: Schneider CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) NOT-FOR-US: Schneider CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Schneider CVE-2021-22748 RESERVED CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) NOT-FOR-US: Tricon CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) NOT-FOR-US: Tricon CVE-2021-22745 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) NOT-FOR-US: Tricon CVE-2021-22744 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) NOT-FOR-US: Tricon CVE-2021-22743 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) NOT-FOR-US: Tricon CVE-2021-22742 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) NOT-FOR-US: Tricon CVE-2021-22741 (Use of Password Hash with Insufficient Computational Effort vulnerabil ...) NOT-FOR-US: Schneider CVE-2021-22740 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...) NOT-FOR-US: Schneider CVE-2021-22739 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...) NOT-FOR-US: Schneider CVE-2021-22738 (Use of a Broken or Risky Cryptographic Algorithm vulnerability exists ...) NOT-FOR-US: Schneider CVE-2021-22737 (Insufficiently Protected Credentials vulnerability exists in homeLYnk ...) NOT-FOR-US: Schneider CVE-2021-22736 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Schneider CVE-2021-22735 (Improper Verification of Cryptographic Signature vulnerability exists ...) NOT-FOR-US: Schneider CVE-2021-22734 (Improper Verification of Cryptographic Signature vulnerability exists ...) NOT-FOR-US: Schneider CVE-2021-22733 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...) NOT-FOR-US: Schneider CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...) NOT-FOR-US: Schneider CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...) NOT-FOR-US: Modicon CVE-2021-22730 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...) NOT-FOR-US: Schneider Electric CVE-2021-22729 (A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink C ...) NOT-FOR-US: Schneider Electric CVE-2021-22728 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...) NOT-FOR-US: Schneider Electric CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (E ...) NOT-FOR-US: Schneider Electric CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...) NOT-FOR-US: Schneider Electric CVE-2021-22725 RESERVED CVE-2021-22724 RESERVED CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2021-22721 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...) NOT-FOR-US: Schneider Electric CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2021-22718 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2021-22717 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2021-22716 (A CWE-269: Improper Privilege Management vulnerability exists in C-Bus ...) NOT-FOR-US: Schneider Electric CVE-2021-22715 RESERVED CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...) NOT-FOR-US: Schneider CVE-2021-22713 (A CWE-119:Improper restriction of operations within the bounds of a me ...) NOT-FOR-US: Schneider CVE-2021-22712 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) NOT-FOR-US: Schneider CVE-2021-22711 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) NOT-FOR-US: Schneider CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) NOT-FOR-US: Schneider CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) NOT-FOR-US: Schneider CVE-2021-22708 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...) NOT-FOR-US: Schneider Electric CVE-2021-22707 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...) NOT-FOR-US: Schneider Electric CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) NOT-FOR-US: Schneider CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) NOT-FOR-US: PowerLogic CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) NOT-FOR-US: PowerLogic CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLog ...) NOT-FOR-US: PowerLogic CVE-2021-22700 RESERVED CVE-2021-22699 (Improper Input Validation vulnerability exists in Modicon M241/M251 lo ...) NOT-FOR-US: Modicon CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) NOT-FOR-US: EcoStruxure Power Build CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) NOT-FOR-US: EcoStruxure Power Build CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...) NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging) CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a branch name, ...) - git-big-picture 1.0.0-1 [buster] - git-big-picture (Minor issue) [stretch] - git-big-picture (Minor issue) NOTE: https://github.com/git-big-picture/git-big-picture/pull/62 CVE-2021-22696 (CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via ...) NOT-FOR-US: Apache CXF CVE-2021-3027 (app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected ...) NOT-FOR-US: LibrIT PaSSHport CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...) NOT-FOR-US: Invision Community IPS Community Suite CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...) NOT-FOR-US: Invision Community IPS Community CVE-2021-22695 RESERVED CVE-2021-22694 RESERVED CVE-2021-22693 RESERVED CVE-2021-22692 RESERVED CVE-2021-22691 RESERVED CVE-2021-22690 RESERVED CVE-2021-22689 RESERVED CVE-2021-22688 RESERVED CVE-2021-22687 RESERVED CVE-2021-22686 RESERVED CVE-2021-3024 (HashiCorp Vault and Vault Enterprise disclosed the internal IP address ...) NOT-FOR-US: HashiCorp Vault CVE-2021-3023 RESERVED CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...) NOT-FOR-US: ISPConfig CVE-2021-3020 RESERVED CVE-2021-22685 RESERVED CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in ...) NOT-FOR-US: Tizen RT RTOS CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...) NOT-FOR-US: Fatek FvDesigner CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...) NOT-FOR-US: Cscape CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...) NOT-FOR-US: Rockwell Automation CVE-2021-22680 RESERVED CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...) NOT-FOR-US: SimpleLink CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...) NOT-FOR-US: SimpleLink CVE-2021-22676 (UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site sc ...) NOT-FOR-US: WebAccess/SCADA CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...) NOT-FOR-US: SimpleLink CVE-2021-22674 (The affected product is vulnerable to a relative path traversal condit ...) NOT-FOR-US: WebAccess/SCADA CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...) NOT-FOR-US: SimpleLink CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 ...) NOT-FOR-US: Delta Electronics CVE-2021-22671 (Multiple integer overflow issues exist while processing long domain na ...) NOT-FOR-US: SimpleLink CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...) NOT-FOR-US: Fatek FvDesigner CVE-2021-22669 (Incorrect permissions are set to default on the ‘Project Managem ...) NOT-FOR-US: WebAccess/SCADA CVE-2021-22668 (Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (wit ...) NOT-FOR-US: Delta Industrial Automation CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...) NOT-FOR-US: BB-ESWGP506-2SFP-T CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...) NOT-FOR-US: Fatek FvDesigner CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 ...) NOT-FOR-US: Rockwell Automation CVE-2021-22664 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...) NOT-FOR-US: CNCSoft-B CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...) NOT-FOR-US: Cscape CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...) NOT-FOR-US: Fatek FvDesigner CVE-2021-22661 (Changing the password on the module webpage does not require the user ...) NOT-FOR-US: ProSoft Technology CVE-2021-22660 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...) NOT-FOR-US: CNCSoft-B CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a ...) NOT-FOR-US: Rockwell Automation CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) NOT-FOR-US: Advantech iView CVE-2021-22657 RESERVED CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...) NOT-FOR-US: Advantech iView CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...) NOT-FOR-US: Fuji Electric CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) NOT-FOR-US: Advantech iView CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...) NOT-FOR-US: Fuji Electric CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...) NOT-FOR-US: Advantech iView CVE-2021-22651 (When loading a specially crafted file, Luxion KeyShot versions prior t ...) NOT-FOR-US: Luxion CVE-2021-22650 RESERVED CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) NOT-FOR-US: Luxion KeyShot CVE-2021-22648 RESERVED CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) NOT-FOR-US: Luxion KeyShot CVE-2021-22646 RESERVED CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) NOT-FOR-US: Luxion KeyShot CVE-2021-22644 RESERVED CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) NOT-FOR-US: Luxion KeyShot CVE-2021-22642 RESERVED CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the ...) NOT-FOR-US: Fuji Electric CVE-2021-22640 RESERVED CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...) NOT-FOR-US: Fuji Electric CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...) NOT-FOR-US: Fatek FvDesigner CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...) NOT-FOR-US: Fuji Electric CVE-2021-22636 RESERVED CVE-2021-22635 RESERVED CVE-2021-22634 RESERVED CVE-2021-22633 RESERVED CVE-2021-22632 RESERVED CVE-2021-22631 RESERVED CVE-2021-22630 RESERVED CVE-2021-22629 RESERVED CVE-2021-22628 RESERVED CVE-2021-22627 RESERVED CVE-2021-22626 RESERVED CVE-2021-22625 RESERVED CVE-2021-22624 RESERVED CVE-2021-22623 RESERVED CVE-2021-22622 RESERVED CVE-2021-22621 RESERVED CVE-2021-22620 RESERVED CVE-2021-22619 RESERVED CVE-2021-22618 RESERVED CVE-2021-22617 RESERVED CVE-2021-22616 RESERVED CVE-2021-22615 RESERVED CVE-2021-22614 RESERVED CVE-2021-22613 RESERVED CVE-2021-22612 RESERVED CVE-2021-22611 RESERVED CVE-2021-22610 RESERVED CVE-2021-22609 RESERVED CVE-2021-22608 RESERVED CVE-2021-22607 RESERVED CVE-2021-22606 RESERVED CVE-2021-22605 RESERVED CVE-2021-22604 RESERVED CVE-2021-22603 RESERVED CVE-2021-22602 RESERVED CVE-2021-22601 RESERVED CVE-2021-22600 RESERVED CVE-2021-22599 RESERVED CVE-2021-22598 RESERVED CVE-2021-22597 RESERVED CVE-2021-22596 RESERVED CVE-2021-22595 RESERVED CVE-2021-22594 RESERVED CVE-2021-22593 RESERVED CVE-2021-22592 RESERVED CVE-2021-22591 RESERVED CVE-2021-22590 RESERVED CVE-2021-22589 RESERVED CVE-2021-22588 RESERVED CVE-2021-22587 RESERVED CVE-2021-22586 RESERVED CVE-2021-22585 RESERVED CVE-2021-22584 RESERVED CVE-2021-22583 RESERVED CVE-2021-22582 RESERVED CVE-2021-22581 RESERVED CVE-2021-22580 RESERVED CVE-2021-22579 RESERVED CVE-2021-22578 RESERVED CVE-2021-22577 RESERVED CVE-2021-22576 RESERVED CVE-2021-22575 RESERVED CVE-2021-22574 RESERVED CVE-2021-22573 RESERVED CVE-2021-22572 RESERVED CVE-2021-22571 RESERVED CVE-2021-22570 RESERVED CVE-2021-22569 RESERVED CVE-2021-22568 RESERVED CVE-2021-22567 RESERVED CVE-2021-22566 RESERVED CVE-2021-22565 RESERVED CVE-2021-22564 RESERVED CVE-2021-22563 RESERVED CVE-2021-22562 RESERVED CVE-2021-22561 RESERVED CVE-2021-22560 RESERVED CVE-2021-22559 RESERVED CVE-2021-22558 RESERVED CVE-2021-22557 (SLO generator allows for loading of YAML files that if crafted in a sp ...) TODO: check CVE-2021-22556 RESERVED CVE-2021-22555 (A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was disco ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528 NOTE: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html CVE-2021-22554 RESERVED CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...) - gerrit (bug #589436) CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to 0.6.1 a ...) NOT-FOR-US: Asylo CVE-2021-22551 RESERVED CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...) NOT-FOR-US: Asylo CVE-2021-22549 (An attacker can modify the address to point to trusted memory to overw ...) NOT-FOR-US: Asylo CVE-2021-22548 (An attacker can change the pointer to untrusted memory to point to tru ...) NOT-FOR-US: Asylo CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...) NOT-FOR-US: Google Cloud IoT Device SDK CVE-2021-22546 RESERVED CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cause the ...) NOT-FOR-US: IDA Pro CVE-2021-22544 RESERVED CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...) {DLA-2785-1} - linux 5.10.46-2 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3 NOTE: https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 NOTE: https://git.kernel.org/linus/f8be156be163a052a067306417cd0ff679068c97 CVE-2021-22542 RESERVED CVE-2021-22541 RESERVED CVE-2021-22540 (Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an ...) NOT-FOR-US: Dart SDK CVE-2021-22539 (An attacker can place a crafted JSON config file into the project fold ...) NOT-FOR-US: VScode-bazel CVE-2021-22538 (A privilege escalation vulnerability impacting the Google Exposure Not ...) NOT-FOR-US: Google Exposure Notification Verification Server CVE-2021-22537 RESERVED CVE-2021-22536 RESERVED CVE-2021-22535 (Unauthorized information security disclosure vulnerability on Micro Fo ...) NOT-FOR-US: Micro Focus CVE-2021-22534 RESERVED CVE-2021-22533 RESERVED CVE-2021-22532 RESERVED CVE-2021-22531 RESERVED CVE-2021-22530 RESERVED CVE-2021-22529 RESERVED CVE-2021-22528 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...) NOT-FOR-US: NetIQ Access Manager CVE-2021-22527 (Information leakage vulnerability in NetIQ Access Manager prior to 5.0 ...) NOT-FOR-US: NetIQ Access Manager CVE-2021-22526 (Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 ...) NOT-FOR-US: NetIQ Access Manager CVE-2021-22525 (This release addresses a potential information leakage vulnerability i ...) NOT-FOR-US: Microfocus CVE-2021-22524 (Injection attack caused the denial of service vulnerability in NetIQ A ...) NOT-FOR-US: NetIQ Access Manager CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...) NOT-FOR-US: Micro Focus CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream ...) NOT-FOR-US: Micro Focus CVE-2021-22521 (A privileged escalation vulnerability has been identified in Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2021-22520 RESERVED CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope product, ...) NOT-FOR-US: Micro Focus CVE-2021-22518 RESERVED CVE-2021-22517 (A potential unauthorized privilege escalation vulnerability has been i ...) NOT-FOR-US: Micro Focus CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...) NOT-FOR-US: Micro Focus Secure API Manager CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...) NOT-FOR-US: NetIQ CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...) NOT-FOR-US: Micro Focus CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...) NOT-FOR-US: Jenkins plugin CVE-2021-22512 (Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Applica ...) NOT-FOR-US: Jenkins plugin CVE-2021-22511 (Improper Certificate Validation vulnerability in Micro Focus Applicati ...) NOT-FOR-US: Jenkins plugin CVE-2021-22510 (Reflected XSS vulnerability in Micro Focus Application Automation Tool ...) NOT-FOR-US: Jenkins plugin CVE-2021-22509 RESERVED CVE-2021-22508 RESERVED CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Bridge M ...) NOT-FOR-US: Micro Focus CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...) NOT-FOR-US: Micro Focus CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations Agent ...) NOT-FOR-US: Micro Focus CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...) NOT-FOR-US: Micro Focus CVE-2021-22503 RESERVED CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...) NOT-FOR-US: Micro Focus CVE-2021-22501 RESERVED CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...) NOT-FOR-US: Micro Focus CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...) NOT-FOR-US: Micro Focus CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...) NOT-FOR-US: Micro Focus CVE-2021-22497 (Advanced Authentication versions prior to 6.3 SP4 have a potential bro ...) NOT-FOR-US: NetIQ CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access Manager Prod ...) NOT-FOR-US: Micro Focus CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...) NOT-FOR-US: Samsung Note20 mobile devices CVE-2021-22493 REJECTED CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2021-22491 RESERVED CVE-2021-22490 RESERVED CVE-2021-22489 RESERVED CVE-2021-22488 RESERVED CVE-2021-22487 RESERVED CVE-2021-22486 RESERVED CVE-2021-22485 RESERVED CVE-2021-22484 RESERVED CVE-2021-22483 RESERVED CVE-2021-22482 RESERVED CVE-2021-22481 RESERVED CVE-2021-22480 RESERVED CVE-2021-22479 RESERVED CVE-2021-22478 RESERVED CVE-2021-22477 RESERVED CVE-2021-22476 RESERVED CVE-2021-22475 RESERVED CVE-2021-22474 RESERVED CVE-2021-22473 RESERVED CVE-2021-22472 RESERVED CVE-2021-22471 RESERVED CVE-2021-22470 RESERVED CVE-2021-22469 RESERVED CVE-2021-22468 RESERVED CVE-2021-22467 RESERVED CVE-2021-22466 RESERVED CVE-2021-22465 RESERVED CVE-2021-22464 RESERVED CVE-2021-22463 RESERVED CVE-2021-22462 RESERVED CVE-2021-22461 RESERVED CVE-2021-22460 RESERVED CVE-2021-22459 RESERVED CVE-2021-22458 RESERVED CVE-2021-22457 RESERVED CVE-2021-22456 RESERVED CVE-2021-22455 RESERVED CVE-2021-22454 RESERVED CVE-2021-22453 RESERVED CVE-2021-22452 RESERVED CVE-2021-22451 RESERVED CVE-2021-22450 RESERVED CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...) NOT-FOR-US: Elf-G10HN (Huawei) CVE-2021-22448 RESERVED CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional Conditions Vulne ...) NOT-FOR-US: Huawei CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22445 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-22444 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-22443 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-22442 (There is an Improper Validation of Integrity Check Value Vulnerability ...) NOT-FOR-US: Huawei CVE-2021-22441 RESERVED CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...) NOT-FOR-US: Huawei CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...) NOT-FOR-US: Huawei CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) NOT-FOR-US: Huawei CVE-2021-22437 RESERVED CVE-2021-22436 RESERVED CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...) NOT-FOR-US: Huawei CVE-2021-22434 RESERVED CVE-2021-22433 RESERVED CVE-2021-22432 RESERVED CVE-2021-22431 RESERVED CVE-2021-22430 RESERVED CVE-2021-22429 RESERVED CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartpho ...) NOT-FOR-US: Huawei CVE-2021-22426 RESERVED CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...) NOT-FOR-US: HarmonyOS CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...) NOT-FOR-US: HarmonyOS CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. ...) NOT-FOR-US: HarmonyOS CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...) NOT-FOR-US: HarmonyOS CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege Management vulne ...) NOT-FOR-US: HarmonyOS CVE-2021-22420 (A component of the HarmonyOS has a External Control of System or Confi ...) NOT-FOR-US: HarmonyOS CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification of Data A ...) NOT-FOR-US: HarmonyOS CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...) NOT-FOR-US: HarmonyOS CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...) NOT-FOR-US: HarmonyOS CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...) NOT-FOR-US: HarmonyOS CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability in Huaw ...) NOT-FOR-US: Huawei CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Suc ...) NOT-FOR-US: Huawei CVE-2021-22413 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...) NOT-FOR-US: Huawei CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...) NOT-FOR-US: Huawei CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2021-22410 RESERVED CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...) NOT-FOR-US: Huawei CVE-2021-22408 RESERVED CVE-2021-22407 RESERVED CVE-2021-22406 RESERVED CVE-2021-22405 RESERVED CVE-2021-22404 RESERVED CVE-2021-22403 RESERVED CVE-2021-22402 RESERVED CVE-2021-22401 RESERVED CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...) NOT-FOR-US: Huawei CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...) NOT-FOR-US: Huawei CVE-2021-22398 (There is a logic error vulnerability in several smartphones. The softw ...) NOT-FOR-US: Huawei CVE-2021-22397 (There is a privilege escalation vulnerability in Huawei ManageOne 8.0. ...) NOT-FOR-US: Huawei CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2021-22395 RESERVED CVE-2021-22394 RESERVED CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...) NOT-FOR-US: CloudEngine (Huawei) CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22391 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22390 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) NOT-FOR-US: Huawei CVE-2021-22389 (There is a Permission Control Vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-22388 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...) NOT-FOR-US: Huawei CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code Resources Vu ...) NOT-FOR-US: Huawei CVE-2021-22386 (A component of the Huawei smartphone has a Double Free vulnerability. ...) NOT-FOR-US: Huawei / HarmonyOS CVE-2021-22385 (A component of the Huawei smartphone has a External Control of System ...) NOT-FOR-US: Huawei / HarmonyOS CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 ...) NOT-FOR-US: Huawei CVE-2021-22382 (Huawei LTE USB Dongle products have an improper permission assignment ...) NOT-FOR-US: Huawei CVE-2021-22381 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-22380 (There is a Cleartext Transmission of Sensitive Information Vulnerabili ...) NOT-FOR-US: Huawei CVE-2021-22379 (There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Hu ...) NOT-FOR-US: Huawei CVE-2021-22378 (There is a race condition vulnerability in eCNS280_TD V100R005C00 and ...) NOT-FOR-US: Huawei CVE-2021-22377 (There is a command injection vulnerability in S12700 V200R019C00SPC500 ...) NOT-FOR-US: Huawei CVE-2021-22376 (There is an Improper Permission Management Vulnerability in Huawei Sma ...) NOT-FOR-US: Huawei CVE-2021-22375 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...) NOT-FOR-US: Huawei CVE-2021-22374 (There is an Improper Validation of Array Index Vulnerability in Huawei ...) NOT-FOR-US: Huawei CVE-2021-22373 (There is a Defects Introduced in the Design Process Vulnerability in H ...) NOT-FOR-US: Huawei CVE-2021-22372 (There is a Security Features Vulnerability in Huawei Smartphone. Succe ...) NOT-FOR-US: Huawei CVE-2021-22371 (There is an Improper Permission Management Vulnerability in Huawei Sma ...) NOT-FOR-US: Huawei CVE-2021-22370 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...) NOT-FOR-US: Huawei CVE-2021-22369 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...) NOT-FOR-US: Huawei CVE-2021-22368 (There is a Permission Control Vulnerability in Huawei Smartphone. Succ ...) NOT-FOR-US: Huawei CVE-2021-22367 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...) NOT-FOR-US: Huawei CVE-2021-22366 (There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C ...) NOT-FOR-US: Huawei CVE-2021-22365 (There is an out of bounds read vulnerability in eSE620X vESS V100R001C ...) NOT-FOR-US: Huawei CVE-2021-22364 (There is a denial of service vulnerability in the versions 10.1.0.126( ...) NOT-FOR-US: Huawei CVE-2021-22363 (There is a resource management error vulnerability in eCNS280_TD V100R ...) NOT-FOR-US: Huawei CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2021-22361 (There is an improper authorization vulnerability in eCNS280 V100R005C0 ...) NOT-FOR-US: Huawei CVE-2021-22360 (There is a resource management error vulnerability in the verisions V5 ...) NOT-FOR-US: Huawei CVE-2021-22359 (There is a denial of service vulnerability in the verisions V200R005C0 ...) NOT-FOR-US: Huawei CVE-2021-22358 (There is an insufficient input validation vulnerability in FusionCompu ...) NOT-FOR-US: Huawei CVE-2021-22357 (There is a denial of service vulnerability in Huawei products. A modul ...) NOT-FOR-US: Huawei CVE-2021-22356 RESERVED CVE-2021-22355 RESERVED CVE-2021-22354 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22353 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) NOT-FOR-US: Huawei CVE-2021-22352 (There is a Configuration Defect Vulnerability in Huawei Smartphone. Su ...) NOT-FOR-US: Huawei CVE-2021-22351 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...) NOT-FOR-US: Huawei CVE-2021-22350 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) NOT-FOR-US: Huawei CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...) NOT-FOR-US: Huawei CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) NOT-FOR-US: Huawei CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) NOT-FOR-US: Huawei CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...) NOT-FOR-US: Huawei CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...) NOT-FOR-US: Huawei CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) NOT-FOR-US: Huawei CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei Smartphone. Su ...) NOT-FOR-US: Huawei CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A modul ...) NOT-FOR-US: Huawei CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A resource ma ...) NOT-FOR-US: Huawei CVE-2021-22340 (There is a multiple threads race condition vulnerability in Huawei pro ...) NOT-FOR-US: Huawei CVE-2021-22339 (There is a denial of service vulnerability in some versions of ManageO ...) NOT-FOR-US: Huawei CVE-2021-22338 (There is an XXE injection vulnerability in eCNS280 V100R005C00 and V10 ...) NOT-FOR-US: Huawei CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...) NOT-FOR-US: Huawei CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit vulnerability in Hua ...) NOT-FOR-US: Huawei CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) NOT-FOR-US: Huawei CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability in Huawei ...) NOT-FOR-US: Huawei CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...) NOT-FOR-US: CloudEngine (Huawei) CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...) NOT-FOR-US: Huawei CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei Smartphone HUA ...) NOT-FOR-US: Huawei CVE-2021-22329 (There has a license management vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2021-22328 (There is a denial of service vulnerability in some huawei products. In ...) NOT-FOR-US: Huawei CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...) NOT-FOR-US: Huawei CVE-2021-22326 (There is an Incorrect Privilege Assignment Vulnerability in Huawei Sma ...) NOT-FOR-US: Huawei CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22324 (There is a Credentials Management Errors vulnerability in Huawei Smart ...) NOT-FOR-US: Huawei CVE-2021-22323 (There is an Integer Overflow Vulnerability in Huawei Smartphone. Succe ...) NOT-FOR-US: Huawei CVE-2021-22322 (There is a Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Huawei CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A module ...) NOT-FOR-US: Huawei CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...) NOT-FOR-US: Huawei CVE-2021-22319 RESERVED CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulner ...) NOT-FOR-US: HarmonyOS CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-22316 (There is a Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Huawei CVE-2021-22315 RESERVED CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...) NOT-FOR-US: Huawei CVE-2021-22313 (There is a Security Function vulnerability in Huawei Smartphone. Succe ...) NOT-FOR-US: Huawei CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...) NOT-FOR-US: Huawei CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...) NOT-FOR-US: Huawei CVE-2021-22310 (There is an information leakage vulnerability in some huawei products. ...) NOT-FOR-US: Huawei CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. A module ...) NOT-FOR-US: Huawei CVE-2021-22308 (There is a Business Logic Errors vulnerability in Huawei Smartphone. T ...) NOT-FOR-US: Huawei CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...) NOT-FOR-US: Huawei CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...) NOT-FOR-US: Huawei CVE-2021-22305 (There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125 ...) NOT-FOR-US: Huawei CVE-2021-22304 (There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1 ...) NOT-FOR-US: Huawei CVE-2021-22303 (There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1( ...) NOT-FOR-US: Huawei CVE-2021-22302 (There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C ...) NOT-FOR-US: Huawei CVE-2021-22301 (Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. ...) NOT-FOR-US: Huawei CVE-2021-22300 (There is an information leak vulnerability in eCNS280_TD versions V100 ...) NOT-FOR-US: Huawei CVE-2021-22299 (There is a local privilege escalation vulnerability in some Huawei pro ...) NOT-FOR-US: Huawei CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. An att ...) NOT-FOR-US: Huawei CVE-2021-22297 RESERVED CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...) NOT-FOR-US: HarmonyOS CVE-2021-22295 (A component of the HarmonyOS has a permission bypass vulnerability. Lo ...) NOT-FOR-US: HarmonyOS CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...) NOT-FOR-US: HarmonyOS CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...) NOT-FOR-US: Huawei CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 versions V ...) NOT-FOR-US: Huawei CVE-2021-22291 RESERVED CVE-2021-22290 RESERVED CVE-2021-22289 RESERVED CVE-2021-22288 RESERVED CVE-2021-22287 RESERVED CVE-2021-22286 RESERVED CVE-2021-22285 RESERVED CVE-2021-22284 RESERVED CVE-2021-22283 RESERVED CVE-2021-22282 RESERVED CVE-2021-22281 RESERVED CVE-2021-22280 RESERVED CVE-2021-22279 RESERVED CVE-2021-22278 RESERVED CVE-2021-22277 RESERVED CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...) NOT-FOR-US: ABB CVE-2021-22275 RESERVED CVE-2021-22274 RESERVED CVE-2021-22273 RESERVED CVE-2021-22272 (The vulnerability origins in the commissioning process where an attack ...) NOT-FOR-US: ABB CVE-2021-22271 RESERVED CVE-2021-22270 RESERVED CVE-2021-22269 RESERVED CVE-2021-22268 RESERVED CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...) NOT-FOR-US: Idelji Web ViewPoint Suite CVE-2021-22266 RESERVED CVE-2021-22265 RESERVED CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...) - gitlab CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...) - gitlab CVE-2021-22260 RESERVED CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...) - gitlab (Specific to EE) CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...) - gitlab CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...) - gitlab CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authenticat ...) NOT-FOR-US: Baserow CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...) - gitlab CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since 13.4 ...) - gitlab (Specific to EE) CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...) - gitlab (Vulnerable code introduced later) CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...) - gitlab (Specific to EE) CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...) - gitlab CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...) - gitlab (Specific to EE) CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...) - gitlab (Vulnerable code intrododuced later) CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...) - gitlab CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...) - gitlab CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...) - gitlab CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...) - gitlab (Specific to EE) CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may ...) - gitlab CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...) - gitlab CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...) - gitlab (Specific to EE) CVE-2021-22239 (An unauthorized user was able to insert metadata when creating new iss ...) - gitlab NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an imperson ...) - gitlab NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions genera ...) - gitlab NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...) [experimental] - wireshark 3.4.7-1~exp1 - wireshark 3.4.7-1 [bullseye] - wireshark (Minor issue, can be fixed along in future update) [buster] - wireshark (Minor issue, can be fixed along in future update) [stretch] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462 NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616 CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...) - gitlab (Specific to EE) CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...) - gitlab CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...) - gitlab CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...) - gitlab CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions. Imprope ...) - gitlab CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...) - gitlab CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...) - gitlab CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...) - gitlab CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...) - gitlab CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...) - gitlab CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...) [experimental] - wireshark 3.4.6-1~exp1 - wireshark 3.4.7-1 [bullseye] - wireshark (Minor issue, can be fixed along in future update) [buster] - wireshark (Vulnerability introduced in 3.4) [stretch] - wireshark (Vulnerability introduced in 3.4) NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html NOTE: Caused by https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain ...) - gitlab CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...) - gitlab CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...) - gitlab CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...) - gitlab CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...) - gitlab (Specific to EE) CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...) - gitlab CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...) - gitlab CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...) - ntpsec 1.2.0+dfsg1-4 (bug #989847) [buster] - ntpsec (Only affects 1.2.0) NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699 NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8 CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...) - gitlab CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...) [experimental] - wireshark 3.4.6-1~exp1 - wireshark 3.4.7-1 (bug #987853) [bullseye] - wireshark (Minor issue, can be fixed along in future update) [buster] - wireshark (Minor issue, can be fixed along in future update) [stretch] - wireshark (Minor issue, can be fixed along in future update) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...) {DSA-4910-1 DLA-2663-1} - libimage-exiftool-perl 12.16+dfsg-2 (bug #987505) NOTE: https://bugs.launchpad.net/bugs/1925985 NOTE: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 NOTE: https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...) - gitlab CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22199 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...) NOT-FOR-US: gitlab-vscode-extension CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...) - gitlab CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...) - wireshark 3.4.4-1 [buster] - wireshark (Minor issue, can be fixed along in future update) [stretch] - wireshark (Minor issue, can be fixed along in future update) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232 CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...) - gitlab CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...) [experimental] - gitlab 13.6.7-1 - gitlab CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.6.7-1 - gitlab CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...) - gitlab 13.2.3-2 CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...) [experimental] - gitlab 13.7.8+ds1-1 - gitlab NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...) - gitlab (Only affects 13.8) NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...) - gitlab CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.6.6-1 - gitlab CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.7.7-1 - gitlab (Affected version never uploaded to unstable) CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...) - gitlab CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...) - gitlab CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...) - gitlab CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark (Affected code not present) [stretch] - wireshark (Affected code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17165 CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows de ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark (Affected code not present) [stretch] - wireshark (Affected code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-01.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124 CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...) [experimental] - gitlab 13.6.6-1 - gitlab NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) [experimental] - gitlab 13.6.6-1 - gitlab CVE-2021-22170 RESERVED CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...) - gitlab (Specific to EE) NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...) [experimental] - gitlab 13.6.6-1 - gitlab CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.6.6-1 - gitlab CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...) - gitlab (Only affects Gitlab 13.7.x) NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ CVE-2021-22165 RESERVED CVE-2021-22164 RESERVED CVE-2021-22163 RESERVED CVE-2021-22162 RESERVED CVE-2021-22161 (In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop c ...) NOT-FOR-US: OpenWrt CVE-2021-22160 (If Apache Pulsar is configured to authenticate clients using tokens ba ...) NOT-FOR-US: Apache Pulsar CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...) NOT-FOR-US: ffay lanproxy CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...) NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS) CVE-2021-3017 (The web interface on Intelbras WIN 300 and WRN 342 devices through 202 ...) NOT-FOR-US: Intelbras CVE-2021-3016 RESERVED CVE-2021-3015 RESERVED CVE-2021-22159 (Insider Threat Management Windows Agent Local Privilege Escalation Vul ...) NOT-FOR-US: The Proofpoint Insider Threat Management CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2021-22156 (An integer overflow vulnerability in the calloc() function of the C ru ...) NOT-FOR-US: BlackBerry CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...) NOT-FOR-US: BlackBerry Workspaces Server CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...) NOT-FOR-US: BlackBerry UEM CVE-2021-22153 (A Remote Code Execution vulnerability in the Management Console compon ...) NOT-FOR-US: BlackBerry UEM CVE-2021-22152 (A Denial of Service due to Improper Input Validation vulnerability in ...) NOT-FOR-US: BlackBerry UEM CVE-2021-22151 RESERVED CVE-2021-22150 RESERVED CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0 are vulner ...) NOT-FOR-US: Elastic Enterprise Search CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0 was vulner ...) NOT-FOR-US: Elastic Enterprise Search CVE-2021-22147 (Elasticsearch before 7.14.0 did not apply document and field level sec ...) - elasticsearch CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch “ ...) NOT-FOR-US: Elastic Cloud CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...) - elasticsearch CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...) - elasticsearch CVE-2021-22143 RESERVED CVE-2021-22142 RESERVED - kibana (bug #700337) CVE-2021-22141 RESERVED - kibana (bug #700337) CVE-2021-22140 (Elastic App Search versions after 7.11.0 and before 7.12.0 contain an ...) NOT-FOR-US: Elastic App Search web crawler CVE-2021-22139 (Kibana versions before 7.12.1 contain a denial of service vulnerabilit ...) - kibana (bug #700337) CVE-2021-22138 (In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS ce ...) - logstash (bug #664841) CVE-2021-22137 (In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosu ...) - elasticsearch CVE-2021-22136 (In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session time ...) - kibana (bug #700337) CVE-2021-22135 (Elasticsearch versions before 7.11.2 and 6.8.15 contain a document dis ...) - elasticsearch CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...) - elasticsearch CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...) NOT-FOR-US: Elastic APM agent CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...) - elasticsearch CVE-2021-22131 RESERVED CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...) NOT-FOR-US: FortiProxy (FortiGuard) CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in the Webm ...) NOT-FOR-US: Fortiguard CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...) NOT-FOR-US: FortiProxy SSL VPN portal CVE-2021-22127 RESERVED CVE-2021-22126 RESERVED CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...) NOT-FOR-US: FortiSandbox CVE-2021-22124 (An uncontrolled resource consumption (denial of service) vulnerability ...) NOT-FOR-US: FortiSandbox CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...) NOT-FOR-US: FortiGuard CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...) NOT-FOR-US: FortiGuard CVE-2021-22121 RESERVED CVE-2021-22120 RESERVED CVE-2021-22119 (Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5 ...) - libspring-security-2.0-java CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ...) - libspring-java (Introduced in v5.0.0.RC1) NOTE: https://tanzu.vmware.com/security/cve-2021-22118 NOTE: https://github.com/spring-projects/spring-framework/issues/26931 NOTE: https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1 CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...) - rabbitmq-server (Windows-specific) CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...) {DLA-2710-1} - rabbitmq-server (bug #989056) [bullseye] - rabbitmq-server (Minor issue) [buster] - rabbitmq-server (Minor issue) NOTE: https://tanzu.vmware.com/security/cve-2021-22116 NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/2953 CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...) NOT-FOR-US: Cloud Controller API CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...) NOT-FOR-US: Spring-integration-zip CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...) NOT-FOR-US: Spring Cloud Netflix Zuul CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...) - jenkins CVE-2021-22111 RESERVED CVE-2021-22110 RESERVED CVE-2021-22109 RESERVED CVE-2021-22108 RESERVED CVE-2021-22107 RESERVED CVE-2021-22106 RESERVED CVE-2021-22105 RESERVED CVE-2021-22104 RESERVED CVE-2021-22103 RESERVED CVE-2021-22102 RESERVED CVE-2021-22101 RESERVED CVE-2021-22100 RESERVED CVE-2021-22099 RESERVED CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...) NOT-FOR-US: UAA server CVE-2021-22097 RESERVED CVE-2021-22096 RESERVED CVE-2021-22095 RESERVED CVE-2021-22094 RESERVED CVE-2021-22093 RESERVED CVE-2021-22092 RESERVED CVE-2021-22091 RESERVED CVE-2021-22090 RESERVED CVE-2021-22089 RESERVED CVE-2021-22088 RESERVED CVE-2021-22087 RESERVED CVE-2021-22086 RESERVED CVE-2021-22085 RESERVED CVE-2021-22084 RESERVED CVE-2021-22083 RESERVED CVE-2021-22082 RESERVED CVE-2021-22081 RESERVED CVE-2021-22080 RESERVED CVE-2021-22079 RESERVED CVE-2021-22078 RESERVED CVE-2021-22077 RESERVED CVE-2021-22076 RESERVED CVE-2021-22075 RESERVED CVE-2021-22074 RESERVED CVE-2021-22073 RESERVED CVE-2021-22072 RESERVED CVE-2021-22071 RESERVED CVE-2021-22070 RESERVED CVE-2021-22069 RESERVED CVE-2021-22068 RESERVED CVE-2021-22067 RESERVED CVE-2021-22066 RESERVED CVE-2021-22065 RESERVED CVE-2021-22064 RESERVED CVE-2021-22063 RESERVED CVE-2021-22062 RESERVED CVE-2021-22061 RESERVED CVE-2021-22060 RESERVED CVE-2021-22059 RESERVED CVE-2021-22058 RESERVED CVE-2021-22057 RESERVED CVE-2021-22056 RESERVED CVE-2021-22055 RESERVED CVE-2021-22054 RESERVED CVE-2021-22053 RESERVED CVE-2021-22052 RESERVED CVE-2021-22051 RESERVED CVE-2021-22050 RESERVED CVE-2021-22049 RESERVED CVE-2021-22048 RESERVED CVE-2021-22047 RESERVED CVE-2021-22046 RESERVED CVE-2021-22045 RESERVED CVE-2021-22044 RESERVED CVE-2021-22043 RESERVED CVE-2021-22042 RESERVED CVE-2021-22041 RESERVED CVE-2021-22040 RESERVED CVE-2021-22039 RESERVED CVE-2021-22038 RESERVED CVE-2021-22037 RESERVED CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...) NOT-FOR-US: VMware CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...) NOT-FOR-US: VMware CVE-2021-22034 RESERVED CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...) NOT-FOR-US: VMware CVE-2021-22032 RESERVED CVE-2021-22031 RESERVED CVE-2021-22030 RESERVED CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...) NOT-FOR-US: VMware CVE-2021-22028 RESERVED CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) NOT-FOR-US: VMware CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) NOT-FOR-US: VMware CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) contains a brok ...) NOT-FOR-US: VMware CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...) NOT-FOR-US: VMware CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has insecure ob ...) NOT-FOR-US: VMware CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...) NOT-FOR-US: VMware CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...) NOT-FOR-US: VMware CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...) NOT-FOR-US: VMware CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...) NOT-FOR-US: VMware CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...) NOT-FOR-US: VMware CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...) NOT-FOR-US: VMware CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...) NOT-FOR-US: VMware CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...) NOT-FOR-US: VMware CVE-2021-22014 (The vCenter Server contains an authenticated code execution vulnerabil ...) NOT-FOR-US: VMware CVE-2021-22013 (The vCenter Server contains a file path traversal vulnerability leadin ...) NOT-FOR-US: VMware CVE-2021-22012 (The vCenter Server contains an information disclosure vulnerability du ...) NOT-FOR-US: VMware CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint vulnerability ...) NOT-FOR-US: VMware CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability in VPXD ...) NOT-FOR-US: VMware CVE-2021-22009 (The vCenter Server contains multiple denial-of-service vulnerabilities ...) NOT-FOR-US: VMware CVE-2021-22008 (The vCenter Server contains an information disclosure vulnerability in ...) NOT-FOR-US: VMware CVE-2021-22007 (The vCenter Server contains a local information disclosure vulnerabili ...) NOT-FOR-US: VMware CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass vulnerability due t ...) NOT-FOR-US: VMware CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerability in ...) NOT-FOR-US: VMware CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...) - salt 3002.7+dfsg1-1 (bug #994016) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ CVE-2021-22003 (VMware Workspace ONE Access and Identity Manager, unintentionally prov ...) NOT-FOR-US: VMware CVE-2021-22002 (VMware Workspace ONE Access and Identity Manager, allow the /cfg web a ...) NOT-FOR-US: VMware CVE-2021-22001 (In UAA versions prior to 75.3.0, sensitive information like relaying s ...) NOT-FOR-US: CloudFoundry CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vul ...) NOT-FOR-US: VMware CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...) NOT-FOR-US: VMware CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 ...) NOT-FOR-US: VMware CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...) NOT-FOR-US: VMware CVE-2021-21996 (An issue was discovered in SaltStack Salt before 3003.3. A user who ha ...) - salt 3002.7+dfsg1-1 (bug #994016) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability due a he ...) NOT-FOR-US: VMware CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...) NOT-FOR-US: VMware CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request Forgery) vuln ...) NOT-FOR-US: VMware CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...) NOT-FOR-US: VMware CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...) NOT-FOR-US: VMware CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior t ...) NOT-FOR-US: VMware CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...) NOT-FOR-US: VMware CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...) NOT-FOR-US: VMware CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...) NOT-FOR-US: VMware CVE-2021-21986 (The vSphere Client (HTML5) contains a vulnerability in a vSphere authe ...) NOT-FOR-US: VMware CVE-2021-21985 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...) NOT-FOR-US: VMware CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...) NOT-FOR-US: VMware CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API ...) NOT-FOR-US: vRealize Operations Manager API (Vmware) CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...) NOT-FOR-US: VMware Carbon Black Cloud Workload appliance CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due to an i ...) NOT-FOR-US: VMware CVE-2021-21980 RESERVED CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...) NOT-FOR-US: Bitnami Containers CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...) NOT-FOR-US: VMware View Planner CVE-2021-21977 RESERVED CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...) NOT-FOR-US: vSphere Replication CVE-2021-21975 (Server Side Request Forgery in vRealize Operations Manager API (CVE-20 ...) NOT-FOR-US: vRealize Operations Manager API (Vmware) CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...) NOT-FOR-US: VMware NOTE: Might affect src:openslp-dfsg, but removed years ago CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side Request Forge ...) NOT-FOR-US: VMware CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...) NOT-FOR-US: VMware CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...) NOT-FOR-US: MikroTik RouterOS CVE-2021-3013 (ripgrep before 13 on Windows allows attackers to trigger execution of ...) - rust-ripgrep (Only affects ripgrep on Windows) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0071.html CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...) NOT-FOR-US: ESRI ArcGIS Online CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...) NOT-FOR-US: NXP CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...) NOT-FOR-US: OpenText Content Server CVE-2021-3009 RESERVED CVE-2021-3008 RESERVED CVE-2021-21971 RESERVED CVE-2021-21970 RESERVED CVE-2021-21969 RESERVED CVE-2021-21968 RESERVED CVE-2021-21967 RESERVED CVE-2021-21966 RESERVED CVE-2021-21965 RESERVED CVE-2021-21964 RESERVED CVE-2021-21963 RESERVED CVE-2021-21962 RESERVED CVE-2021-21961 RESERVED CVE-2021-21960 RESERVED CVE-2021-21959 RESERVED CVE-2021-21958 RESERVED CVE-2021-21957 RESERVED CVE-2021-21956 RESERVED CVE-2021-21955 RESERVED CVE-2021-21954 RESERVED CVE-2021-21953 RESERVED CVE-2021-21952 RESERVED CVE-2021-21951 RESERVED CVE-2021-21950 RESERVED CVE-2021-21949 RESERVED CVE-2021-21948 RESERVED CVE-2021-21947 RESERVED CVE-2021-21946 RESERVED CVE-2021-21945 RESERVED CVE-2021-21944 RESERVED CVE-2021-21943 RESERVED CVE-2021-21942 RESERVED CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...) NOT-FOR-US: Anker Eufy Homebase CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...) NOT-FOR-US: Anker Eufy Homebase CVE-2021-21939 RESERVED CVE-2021-21938 RESERVED CVE-2021-21937 RESERVED CVE-2021-21936 RESERVED CVE-2021-21935 RESERVED CVE-2021-21934 RESERVED CVE-2021-21933 RESERVED CVE-2021-21932 RESERVED CVE-2021-21931 RESERVED CVE-2021-21930 RESERVED CVE-2021-21929 RESERVED CVE-2021-21928 RESERVED CVE-2021-21927 RESERVED CVE-2021-21926 RESERVED CVE-2021-21925 RESERVED CVE-2021-21924 RESERVED CVE-2021-21923 RESERVED CVE-2021-21922 RESERVED CVE-2021-21921 RESERVED CVE-2021-21920 RESERVED CVE-2021-21919 RESERVED CVE-2021-21918 RESERVED CVE-2021-21917 RESERVED CVE-2021-21916 RESERVED CVE-2021-21915 RESERVED CVE-2021-21914 RESERVED CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...) NOT-FOR-US: D-LINK CVE-2021-21912 RESERVED CVE-2021-21911 RESERVED CVE-2021-21910 RESERVED CVE-2021-21909 RESERVED CVE-2021-21908 RESERVED CVE-2021-21907 RESERVED CVE-2021-21906 RESERVED CVE-2021-21905 RESERVED CVE-2021-21904 RESERVED CVE-2021-21903 RESERVED CVE-2021-21902 RESERVED CVE-2021-21901 RESERVED CVE-2021-21900 RESERVED CVE-2021-21899 RESERVED CVE-2021-21898 RESERVED CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...) - dxflib 3.26.4-1 [bullseye] - dxflib (Minor issue) [buster] - dxflib (Minor issue) [stretch] - dxflib (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346 NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8 TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those CVE-2021-21896 RESERVED CVE-2021-21895 RESERVED CVE-2021-21894 RESERVED CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-21892 RESERVED CVE-2021-21891 RESERVED CVE-2021-21890 RESERVED CVE-2021-21889 RESERVED CVE-2021-21888 RESERVED CVE-2021-21887 RESERVED CVE-2021-21886 RESERVED CVE-2021-21885 RESERVED CVE-2021-21884 RESERVED CVE-2021-21883 RESERVED CVE-2021-21882 RESERVED CVE-2021-21881 RESERVED CVE-2021-21880 RESERVED CVE-2021-21879 RESERVED CVE-2021-21878 RESERVED CVE-2021-21877 RESERVED CVE-2021-21876 RESERVED CVE-2021-21875 RESERVED CVE-2021-21874 RESERVED CVE-2021-21873 RESERVED CVE-2021-21872 RESERVED CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...) NOT-FOR-US: PowerISO CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-21869 (An unsafe deserialization vulnerability exists in the Engine.plugin Pr ...) NOT-FOR-US: CODESYS CVE-2021-21868 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...) NOT-FOR-US: CODESYS CVE-2021-21867 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...) NOT-FOR-US: CODESYS CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...) NOT-FOR-US: CODESYS CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...) NOT-FOR-US: CODESYS CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...) NOT-FOR-US: CODESYS CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...) NOT-FOR-US: CODESYS CVE-2021-21862 (Multiple exploitable integer truncation vulnerabilities exist within t ...) - gpac (Vulnerable code not present) NOTE: Introduced in https://github.com/gpac/gpac/commit/69ae9059fc NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21861 (An exploitable integer truncation vulnerability exists within the MPEG ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21860 (An exploitable integer truncation vulnerability exists within the MPEG ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21859 (An exploitable integer truncation vulnerability exists within the MPEG ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21858 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21857 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21856 (Multiple exploitable integer overflow vulnerabilities exist within the ...) - gpac (Vulnerable code not present) NOTE: Introduced in https://github.com/gpac/gpac/commit/35c4644cb5 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21855 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21854 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist within the ...) - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21851 (Multiple exploitable integer overflow vulnerabilities exist within the ...) - gpac (Vulnerable code not present) NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21850 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21849 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21848 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21847 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21846 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21845 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21844 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21842 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21841 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21840 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21839 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21838 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist within the ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21836 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21835 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) - gpac (Vulnerable code not present) NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21834 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) {DSA-4966-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21832 (A memory corruption vulnerability exists in the ISO Parsing functional ...) NOT-FOR-US: Disc Soft Ltd Deamon Tools Pro CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) NOT-FOR-US: Xmill (AT&T Labs) CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) NOT-FOR-US: Xmill (AT&T Labs) CVE-2021-21828 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) NOT-FOR-US: AT&T Labs Xmill CVE-2021-21827 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) NOT-FOR-US: AT&T Labs Xmill CVE-2021-21826 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) NOT-FOR-US: AT&T Labs Xmill CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) NOT-FOR-US: AT&T Labs Xmill CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21823 (An information disclosure vulnerability exists in the Friend finder fu ...) NOT-FOR-US: GmbH Komoot CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF process_ ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21820 (A hard-coded password vulnerability exists in the Libcli Test Environm ...) NOT-FOR-US: D-LINK CVE-2021-21819 (A code execution vulnerability exists in the Libcli Test Environment f ...) NOT-FOR-US: D-LINK CVE-2021-21818 (A hard-coded password vulnerability exists in the Zebra IP Routing Man ...) NOT-FOR-US: D-LINK CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP Routing ...) NOT-FOR-US: D-LINK CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...) NOT-FOR-US: D-LINK CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...) NOT-FOR-US: Xmill (AT&T Labs) CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...) NOT-FOR-US: Xmill (AT&T Labs) CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...) NOT-FOR-US: Xmill (AT&T Labs) CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...) NOT-FOR-US: Xmill (AT&T Labs) CVE-2021-21811 (A memory corruption vulnerability exists in the XML-parsing CreateLabe ...) NOT-FOR-US: Xmill (AT&T Labs) CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...) NOT-FOR-US: AT&T Labs Xmill CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...) NOT-FOR-US: Moodle plugin CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214 CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php script fu ...) NOT-FOR-US: Advantech R-SeeNet CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...) NOT-FOR-US: Advantech R-SeeNet CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...) NOT-FOR-US: Advantech R-SeeNet CVE-2021-21802 (This vulnerability is present in device_graph_page.php script, which i ...) NOT-FOR-US: Advantech R-SeeNet CVE-2021-21801 (This vulnerability is present in device_graph_page.php script, which i ...) NOT-FOR-US: Advantech R-SeeNet CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php script ...) NOT-FOR-US: Advantech R-SeeNet CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.php scri ...) NOT-FOR-US: Advantech R-SeeNet CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...) NOT-FOR-US: Nitro Pro PDF CVE-2021-21797 RESERVED CVE-2021-21796 RESERVED CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_sample ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21793 (An out-of-bounds write vulnerability exists in the JPG sof_nb_comp hea ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21792 (An information disclosure vulnerability exists in the the way IOBit Ad ...) NOT-FOR-US: IOBit CVE-2021-21791 (An information disclosure vulnerability exists in the the way IOBit Ad ...) NOT-FOR-US: IOBit CVE-2021-21790 (An information disclosure vulnerability exists in the the way IOBit Ad ...) NOT-FOR-US: IOBit CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) NOT-FOR-US: IOBit CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) NOT-FOR-US: IOBit CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) NOT-FOR-US: IOBit CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 0x9c406144 ha ...) NOT-FOR-US: IOBit CVE-2021-21785 (An information disclosure vulnerability exists in the IOCTL 0x9c40a148 ...) NOT-FOR-US: IOBit CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...) - gsoap (unimportant) NOTE: Mis-assignment/report, see #987273. Should be rejected NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245 CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...) NOT-FOR-US: ImageGear CVE-2021-21781 (An information disclosure vulnerability exists in the ARM SIGPAGE func ...) {DLA-2713-1} - linux 5.10.19-1 [buster] - linux 4.19.177-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243 NOTE: https://git.kernel.org/linus/9c698bff66ab4914bb3d71da7dc6112519bde23e CVE-2021-21780 RESERVED CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit’s Graphi ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [bullseye] - webkit2gtk (Fix along with next update round) [buster] - webkit2gtk (Fix along with next update round) [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 [bullseye] - wpewebkit (Minor issue, fix along with next update) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238 CVE-2021-21778 (A denial of service vulnerability exists in the ASDU message processin ...) NOT-FOR-US: MZ Automation GmbH lib60870.NET CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...) NOT-FOR-US: ImageGear CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events are pr ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [bullseye] - webkit2gtk (Fix along with next update round) [buster] - webkit2gtk (Fix along with next update round) [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 [bullseye] - wpewebkit (Minor issue, fix along with next update) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 CVE-2021-21774 REJECTED CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...) NOT-FOR-US: ImageGear CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...) {DSA-4887-1} - lib3mf 1.8.1+ds-4 (bug #985092) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226 CVE-2021-21771 RESERVED CVE-2021-21770 RESERVED CVE-2021-21769 RESERVED CVE-2021-21768 RESERVED CVE-2021-21767 RESERVED CVE-2021-21766 RESERVED CVE-2021-21765 RESERVED CVE-2021-21764 RESERVED CVE-2021-21763 RESERVED CVE-2021-21762 RESERVED CVE-2021-21761 RESERVED CVE-2021-21760 RESERVED CVE-2021-21759 RESERVED CVE-2021-21758 RESERVED CVE-2021-21757 RESERVED CVE-2021-21756 RESERVED CVE-2021-21755 RESERVED CVE-2021-21754 RESERVED CVE-2021-21753 RESERVED CVE-2021-21752 RESERVED CVE-2021-21751 RESERVED CVE-2021-21750 RESERVED CVE-2021-21749 RESERVED CVE-2021-21748 RESERVED CVE-2021-21747 RESERVED CVE-2021-21746 RESERVED CVE-2021-21745 RESERVED CVE-2021-21744 RESERVED CVE-2021-21743 RESERVED CVE-2021-21742 (There is an information leak vulnerability in the message service app ...) NOT-FOR-US: ZTE CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...) NOT-FOR-US: ZTE CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...) NOT-FOR-US: ZTE CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...) NOT-FOR-US: ZTE CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...) NOT-FOR-US: ZTE CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...) NOT-FOR-US: ZTE CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...) NOT-FOR-US: ZTE CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...) NOT-FOR-US: ZTE CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...) NOT-FOR-US: ZTE CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...) NOT-FOR-US: ZXCDN CVE-2021-21732 (A mobile phone of ZTE is impacted by improper access control vulnerabi ...) NOT-FOR-US: ZTE CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...) NOT-FOR-US: ZTE CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...) NOT-FOR-US: ZTE CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages lack CSR ...) NOT-FOR-US: ZTE CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...) NOT-FOR-US: ZTE CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...) NOT-FOR-US: ZTE CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...) NOT-FOR-US: ZTE CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...) NOT-FOR-US: ZTE CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...) NOT-FOR-US: ZTE CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...) NOT-FOR-US: ZTE CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The ...) NOT-FOR-US: ZTE CVE-2021-21721 RESERVED CVE-2021-21720 RESERVED CVE-2021-21719 RESERVED CVE-2021-21718 RESERVED CVE-2021-21717 RESERVED CVE-2021-21716 RESERVED CVE-2021-21715 RESERVED CVE-2021-21714 RESERVED CVE-2021-21713 RESERVED CVE-2021-21712 RESERVED CVE-2021-21711 RESERVED CVE-2021-21710 RESERVED CVE-2021-21709 RESERVED CVE-2021-21708 RESERVED CVE-2021-21707 RESERVED CVE-2021-21706 (In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ...) - php8.0 (Windows specific issue) - php7.4 (Windows specific issue) - php7.3 (Windows specific issue) - php7.0 (Windows specific issue) NOTE: Fixed in 8.0.11, 7.4.24, 7.3.31 NOTE: PHP Bug: https://bugs.php.net/81420 CVE-2021-21705 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...) {DSA-4935-1 DLA-2708-1} - php8.0 8.0.8-1 (bug #990575) - php7.4 7.4.21-1+deb11u1 - php7.3 - php7.0 NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29 NOTE: PHP Bug: https://bugs.php.net/81122 CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...) {DSA-4935-1 DLA-2708-1} - php8.0 8.0.8-1 (bug #990575) - php7.4 7.4.21-1+deb11u1 - php7.3 - php7.0 NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29 NOTE: PHP Bug: https://bugs.php.net/76448 NOTE: PHP Bug: https://bugs.php.net/76449 NOTE: PHP Bug: https://bugs.php.net/76450 NOTE: PHP Bug: https://bugs.php.net/76452 CVE-2021-21703 RESERVED CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...) {DSA-4856-1 DLA-2708-1} - php8.0 8.0.2-1 - php7.4 7.4.15-1 - php7.3 - php7.0 NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27 NOTE: PHP Bug: https://bugs.php.net/80672 CVE-2021-21701 RESERVED CVE-2021-21700 RESERVED CVE-2021-21699 RESERVED CVE-2021-21698 RESERVED CVE-2021-21697 RESERVED CVE-2021-21696 RESERVED CVE-2021-21695 RESERVED CVE-2021-21694 RESERVED CVE-2021-21693 RESERVED CVE-2021-21692 RESERVED CVE-2021-21691 RESERVED CVE-2021-21690 RESERVED CVE-2021-21689 RESERVED CVE-2021-21688 RESERVED CVE-2021-21687 RESERVED CVE-2021-21686 RESERVED CVE-2021-21685 RESERVED CVE-2021-21684 (Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 che ...) NOT-FOR-US: Jenkins plugin CVE-2021-21683 (The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier ...) - jenkins CVE-2021-21682 (Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jo ...) - jenkins CVE-2021-21681 (Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencry ...) NOT-FOR-US: Jenkins plugin CVE-2021-21680 (Jenkins Nested View Plugin 1.20 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin CVE-2021-21679 (Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers ...) NOT-FOR-US: Jenkins plugin CVE-2021-21678 (Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs t ...) NOT-FOR-US: Jenkins plugin CVE-2021-21677 (Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenk ...) NOT-FOR-US: Jenkins plugin CVE-2021-21676 (Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a pe ...) NOT-FOR-US: Jenkins plugin CVE-2021-21675 (A cross-site request forgery (CSRF) vulnerability in Jenkins requests- ...) NOT-FOR-US: Jenkins plugin CVE-2021-21674 (A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and ...) NOT-FOR-US: Jenkins plugin CVE-2021-21673 (Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redi ...) NOT-FOR-US: Jenkins plugin CVE-2021-21672 (Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2021-21671 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate ...) - jenkins CVE-2021-21670 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to can ...) - jenkins CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...) NOT-FOR-US: Jenkins Generic Webhook Trigger Plugin CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...) NOT-FOR-US: Jenkins plugin CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...) NOT-FOR-US: Jenkins plugin CVE-2021-21666 (Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query paramete ...) NOT-FOR-US: Jenkins plugin CVE-2021-21665 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...) NOT-FOR-US: Jenkins plugin CVE-2021-21664 (An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10 ...) NOT-FOR-US: Jenkins plugin CVE-2021-21663 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 ...) NOT-FOR-US: Jenkins plugin CVE-2021-21662 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0. ...) NOT-FOR-US: Jenkins plugin CVE-2021-21661 (Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform perm ...) NOT-FOR-US: Jenkins plugin CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...) NOT-FOR-US: Jenkins plugin CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser ...) NOT-FOR-US: Jenkins plugin CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2021-21654 (Jenkins P4 Plugin 1.11.4 and earlier does not perform permission check ...) NOT-FOR-US: Jenkins plugin CVE-2021-21653 (Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2021-21652 (A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Te ...) NOT-FOR-US: Jenkins plugin CVE-2021-21651 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a perm ...) NOT-FOR-US: Jenkins plugin CVE-2021-21650 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Ar ...) NOT-FOR-US: Jenkins plugin CVE-2021-21649 (Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs re ...) NOT-FOR-US: Jenkins plugin CVE-2021-21648 (Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-con ...) NOT-FOR-US: Jenkins plugin CVE-2021-21647 (Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a perm ...) NOT-FOR-US: Jenkins plugin CVE-2021-21646 (Jenkins Templating Engine Plugin 2.1 and earlier does not protect its ...) NOT-FOR-US: Jenkins plugin CVE-2021-21645 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform ...) NOT-FOR-US: Jenkins plugin CVE-2021-21644 (A cross-site request forgery (CSRF) vulnerability in Jenkins Config Fi ...) NOT-FOR-US: Jenkins plugin CVE-2021-21643 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not correct ...) NOT-FOR-US: Jenkins plugin CVE-2021-21642 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not configu ...) NOT-FOR-US: Jenkins plugin CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins promoted ...) NOT-FOR-US: Jenkins plugin CVE-2021-21640 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly c ...) - jenkins CVE-2021-21639 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate t ...) - jenkins CVE-2021-21638 (A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foun ...) NOT-FOR-US: Jenkins plugin CVE-2021-21637 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...) NOT-FOR-US: Jenkins plugin CVE-2021-21636 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...) NOT-FOR-US: Jenkins plugin CVE-2021-21635 (Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a ...) NOT-FOR-US: Jenkins plugin CVE-2021-21634 (Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier sto ...) NOT-FOR-US: Jenkins plugin CVE-2021-21633 (A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dep ...) NOT-FOR-US: Jenkins plugin CVE-2021-21632 (A missing permission check in Jenkins OWASP Dependency-Track Plugin 3. ...) NOT-FOR-US: Jenkins plugin CVE-2021-21631 (Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a pe ...) NOT-FOR-US: Jenkins plugin CVE-2021-21630 (Jenkins Extra Columns Plugin 1.22 and earlier does not escape paramete ...) NOT-FOR-US: Jenkins plugin CVE-2021-21629 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Wit ...) NOT-FOR-US: Jenkins plugin CVE-2021-21628 (Jenkins Build With Parameters Plugin 1.5 and earlier does not escape p ...) NOT-FOR-US: Jenkins plugin CVE-2021-21627 (A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt A ...) NOT-FOR-US: Jenkins plugin CVE-2021-21626 (Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not per ...) NOT-FOR-US: Jenkins plugin CVE-2021-21625 (Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not per ...) NOT-FOR-US: Jenkins plugin CVE-2021-21624 (An incorrect permission check in Jenkins Role-based Authorization Stra ...) NOT-FOR-US: Jenkins plugin CVE-2021-21623 (An incorrect permission check in Jenkins Matrix Authorization Strategy ...) NOT-FOR-US: Jenkins plugin CVE-2021-21622 (Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does no ...) NOT-FOR-US: Jenkins plugin CVE-2021-21621 (Jenkins Support Core Plugin 2.72 and earlier provides the serialized u ...) NOT-FOR-US: Jenkins plugin CVE-2021-21620 (A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plu ...) NOT-FOR-US: Jenkins plugin CVE-2021-21619 (Jenkins Claim Plugin 2.18.1 and earlier does not escape the user displ ...) NOT-FOR-US: Jenkins plugin CVE-2021-21618 (Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2021-21617 (A cross-site request forgery (CSRF) vulnerability in Jenkins Configura ...) NOT-FOR-US: Jenkins plugin CVE-2021-21616 (Jenkins Active Choices Plugin 2.5.2 and earlier does not escape refere ...) NOT-FOR-US: Jenkins plugin CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...) - jenkins CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials u ...) NOT-FOR-US: Jenkins plugin CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS servic ...) NOT-FOR-US: Jenkins plugin CVE-2021-21612 (Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credenti ...) NOT-FOR-US: Jenkins plugin CVE-2021-21611 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape dis ...) - jenkins CVE-2021-21610 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement ...) - jenkins CVE-2021-21609 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly ...) - jenkins CVE-2021-21608 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape but ...) - jenkins CVE-2021-21607 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit size ...) - jenkins CVE-2021-21606 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validate ...) - jenkins CVE-2021-21605 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with A ...) - jenkins CVE-2021-21604 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers wi ...) - jenkins CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape not ...) - jenkins CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...) - jenkins CVE-2021-21601 (Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and p ...) NOT-FOR-US: EMC CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource co ...) NOT-FOR-US: EMC CVE-2021-21599 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS comma ...) NOT-FOR-US: EMC CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive ...) NOT-FOR-US: Dell Wyse ThinOS CVE-2021-21597 (Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclo ...) NOT-FOR-US: Dell Wyse ThinOS CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenMan ...) NOT-FOR-US: Dell OpenManage Enterprise CVE-2021-21595 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper ...) NOT-FOR-US: EMC CVE-2021-21594 (Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get re ...) NOT-FOR-US: Dell CVE-2021-21593 RESERVED CVE-2021-21592 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an ...) NOT-FOR-US: EMC CVE-2021-21591 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...) NOT-FOR-US: EMC CVE-2021-21590 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...) NOT-FOR-US: EMC CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...) NOT-FOR-US: EMC CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...) NOT-FOR-US: EMC CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a full pat ...) NOT-FOR-US: Dell CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...) NOT-FOR-US: Dell CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS comma ...) NOT-FOR-US: Dell OpenManage Enterprise CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modul ...) NOT-FOR-US: Dell OpenManage Enterprise CVE-2021-21583 RESERVED CVE-2021-21582 RESERVED CVE-2021-21581 (Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scri ...) NOT-FOR-US: EMC CVE-2021-21580 (Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 ver ...) NOT-FOR-US: EMC CVE-2021-21579 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...) NOT-FOR-US: EMC CVE-2021-21578 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...) NOT-FOR-US: EMC CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...) NOT-FOR-US: EMC CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...) NOT-FOR-US: EMC CVE-2021-21575 RESERVED CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...) NOT-FOR-US: Dell CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...) NOT-FOR-US: Dell CVE-2021-21572 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...) NOT-FOR-US: Dell CVE-2021-21571 (Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature a ...) NOT-FOR-US: Dell CVE-2021-21570 (Dell NetWorker, versions 18.x and 19.x contain an Information disclosu ...) NOT-FOR-US: Dell CVE-2021-21569 (Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulner ...) NOT-FOR-US: Dell CVE-2021-21568 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficie ...) NOT-FOR-US: EMC CVE-2021-21567 (Dell PowerScale OneFS 9.1.0.x contains an improper privilege managemen ...) NOT-FOR-US: Dell CVE-2021-21566 RESERVED CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...) NOT-FOR-US: Dell CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper ...) NOT-FOR-US: Dell CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...) NOT-FOR-US: EMC CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...) NOT-FOR-US: EMC CVE-2021-21561 RESERVED CVE-2021-21560 RESERVED CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19 ...) NOT-FOR-US: EMC CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...) NOT-FOR-US: EMC CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...) NOT-FOR-US: Dell CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) NOT-FOR-US: Dell CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) NOT-FOR-US: Dell CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) NOT-FOR-US: Dell CVE-2021-21553 (Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User M ...) NOT-FOR-US: Dell CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...) NOT-FOR-US: Dell CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...) NOT-FOR-US: Dell CVE-2021-21550 (Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralizati ...) NOT-FOR-US: EMC CVE-2021-21549 (Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Reque ...) NOT-FOR-US: EMC CVE-2021-21548 RESERVED CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 ...) NOT-FOR-US: EMC CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 c ...) NOT-FOR-US: EMC CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation for a lo ...) NOT-FOR-US: Dell CVE-2021-21544 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authe ...) NOT-FOR-US: EMC CVE-2021-21543 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored c ...) NOT-FOR-US: EMC CVE-2021-21542 (Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored c ...) NOT-FOR-US: EMC CVE-2021-21541 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross ...) NOT-FOR-US: EMC CVE-2021-21540 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based ove ...) NOT-FOR-US: EMC CVE-2021-21539 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check T ...) NOT-FOR-US: EMC CVE-2021-21538 (Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00 ...) NOT-FOR-US: EMC CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...) NOT-FOR-US: Dell Hybrid Client CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...) NOT-FOR-US: Dell Hybrid Client CVE-2021-21535 (Dell Hybrid Client versions prior to 1.5 contain a missing authenticat ...) NOT-FOR-US: Dell Hybrid Client CVE-2021-21534 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...) NOT-FOR-US: Dell Hybrid Client CVE-2021-21533 (Wyse Management Suite versions up to 3.2 contains a vulnerability wher ...) NOT-FOR-US: Wyse Management Suite CVE-2021-21532 (Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper manageme ...) NOT-FOR-US: Dell Wyse ThinOS CVE-2021-21531 (Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Autho ...) NOT-FOR-US: Dell CVE-2021-21530 (Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 c ...) NOT-FOR-US: Dell CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a denial of ...) NOT-FOR-US: Dell System Update (DSU) CVE-2021-21528 RESERVED CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization o ...) NOT-FOR-US: Dell CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2021-21525 RESERVED CVE-2021-21524 (Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5. ...) NOT-FOR-US: Dell CVE-2021-21523 RESERVED CVE-2021-21522 (Dell BIOS contains a Credentials Management issue. A local authenticat ...) NOT-FOR-US: Dell CVE-2021-21521 RESERVED CVE-2021-21520 RESERVED CVE-2021-21519 RESERVED CVE-2021-21518 (Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4. ...) NOT-FOR-US: Dell SupportAssist Client for Consumer PCs CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity Injection ...) NOT-FOR-US: SRS Policy Manager CVE-2021-21516 RESERVED CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross ...) NOT-FOR-US: EMC CVE-2021-21514 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior ...) NOT-FOR-US: EMC CVE-2021-21513 (Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft ...) NOT-FOR-US: EMC CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...) NOT-FOR-US: EMC CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...) NOT-FOR-US: EMC Avamar Server CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host header inject ...) NOT-FOR-US: Dell iDRAC8 CVE-2021-21509 RESERVED CVE-2021-21508 RESERVED CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and De ...) NOT-FOR-US: EMC CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...) NOT-FOR-US: PowerScale OneFS CVE-2021-21505 (Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 190 ...) NOT-FOR-US: EMC CVE-2021-21504 RESERVED CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...) NOT-FOR-US: PowerScale OneFS CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of S ...) NOT-FOR-US: Dell CVE-2021-21501 (Improper configuration will cause ServiceComb ServiceCenter Directory ...) NOT-FOR-US: Apache ServiceComb CVE-2021-21500 RESERVED CVE-2021-21499 RESERVED CVE-2021-21498 RESERVED CVE-2021-21497 RESERVED CVE-2021-21496 RESERVED CVE-2021-3007 (** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Fr ...) NOT-FOR-US: laminas-http CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the ce ...) NOT-FOR-US: MK-AUTH CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo ...) NOT-FOR-US: MK-AUTH CVE-2021-3006 (The breed function in the smart contract implementation for Farm in Se ...) NOT-FOR-US: Farm in Seal Finance (Seal) Ethereum token CVE-2021-3005 (MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive ...) NOT-FOR-US: MK-AUTH CVE-2021-3004 (The _deposit function in the smart contract implementation for Stable ...) NOT-FOR-US: Stable Yield Credit (yCREDIT) Ethereum token CVE-2021-3003 (Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenzi ...) NOT-FOR-US: Agenzia delle Entrate Desktop Telematico CVE-2021-3002 (Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?se ...) NOT-FOR-US: Seo Panel CVE-2021-3001 RESERVED CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...) NOT-FOR-US: SAP CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, ...) NOT-FOR-US: SAP CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...) NOT-FOR-US: SAP CVE-2021-21490 (SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, ...) NOT-FOR-US: SAP CVE-2021-21489 (SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allow ...) NOT-FOR-US: Knowledge Management CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary authorizati ...) NOT-FOR-US: SAP CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...) NOT-FOR-US: SAP CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator to inv ...) NOT-FOR-US: SAP CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...) NOT-FOR-US: SAP CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...) NOT-FOR-US: SAP CVE-2021-21482 (SAP NetWeaver Master Data Management, versions - 710, 710.750, allows ...) NOT-FOR-US: SAP CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...) NOT-FOR-US: SAP CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...) NOT-FOR-US: SAP CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...) NOT-FOR-US: SAP CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...) NOT-FOR-US: SAP CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...) NOT-FOR-US: SAP CVE-2021-21476 (SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1 ...) NOT-FOR-US: SAP CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...) NOT-FOR-US: SAP CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...) NOT-FOR-US: SAP CVE-2021-21473 (SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711 ...) NOT-FOR-US: SAP CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...) NOT-FOR-US: SAP CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...) NOT-FOR-US: CLA-Assistant CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in ...) NOT-FOR-US: SAP CVE-2021-21469 (When security guidelines for SAP NetWeaver Master Data Management runn ...) NOT-FOR-US: SAP CVE-2021-21468 (The BW Database Interface does not perform necessary authorization che ...) NOT-FOR-US: SAP CVE-2021-21467 (SAP Banking Services (Generic Market Data) does not perform necessary ...) NOT-FOR-US: SAP CVE-2021-21466 (SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 75 ...) NOT-FOR-US: SAP CVE-2021-21465 (The BW Database Interface allows an attacker with low privileges to ex ...) NOT-FOR-US: SAP CVE-2021-21464 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21463 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21462 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21461 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21460 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21459 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21458 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21457 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21456 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21455 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21454 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21453 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21452 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21451 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21450 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21449 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-21448 (SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon ...) NOT-FOR-US: SAP CVE-2021-21447 (SAP BusinessObjects Business Intelligence platform, versions 410, 420, ...) NOT-FOR-US: SAP CVE-2021-21446 (SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, all ...) NOT-FOR-US: SAP CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an ...) NOT-FOR-US: SAP CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...) NOT-FOR-US: SAP CVE-2021-21443 (Agents are able to list customer user emails without required permissi ...) - otrs2 6.0.32-6 (bug #991593) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/ NOTE: https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072 NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...) NOT-FOR-US: OTRS TimeAccounting module CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...) - otrs2 6.0.32-5 (bug #989992) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye NOTE: src:otrs2 is the znuny fork) CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...) - otrs2 6.0.32-6 (bug #991593) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/ NOTE: https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934 NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...) - otrs2 6.0.32-5 (bug #989992) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye NOTE: src:otrs2 is the znuny fork) CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...) NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary) CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which ...) NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon) CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...) NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon) CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...) - otrs2 (Doesn't affect OTRS as packaged in Debian, see bug #982586) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/ CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...) NOT-FOR-US: OTRS Survey addon CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your reconnaissanc ...) NOT-FOR-US: Discord Recon Server CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) NOT-FOR-US: Vela CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior ...) NOT-FOR-US: sopel-channelmgnt CVE-2021-21430 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) NOT-FOR-US: OpenAPI Generator CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries, server st ...) NOT-FOR-US: OpenAPI Generator CVE-2021-21428 (Openapi generator is a java tool which allows generation of API client ...) NOT-FOR-US: OpenAPI Generator CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...) NOT-FOR-US: Magento LTS (alternative to Magento Community Edition) CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Community Ed ...) NOT-FOR-US: Magento LTS (alternative to Magento Community Edition) CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...) NOT-FOR-US: Grav Admin Plugin CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...) - symfony 4.4.19+dfsg-2 [buster] - symfony (Minor issue; can be fixed via point release) [stretch] - symfony (Minor issue) NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms NOTE: https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...) NOT-FOR-US: projen CVE-2021-21422 (mongo-express is a web-based MongoDB admin interface, written with Nod ...) NOT-FOR-US: mongo-express CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...) NOT-FOR-US: node-etsy-client CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...) NOT-FOR-US: vscode-stripe Visual Studio Code extension CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websocket pe ...) - python-eventlet 0.26.1-7 (bug #988342) [buster] - python-eventlet (Minor issue) [stretch] - python-eventlet (Minor issue) NOTE: https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2 NOTE: Fixed by: https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07 NOTE: Issue present as well in versions before introduction of per-message-defalte extension NOTE: or compression extension support. NOTE: Patch for 0.20 by SuSE: https://bugzilla.suse.com/attachment.cgi?id=849402&action=diff CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...) NOT-FOR-US: PrestaShop CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...) {DLA-2697-1} - fluidsynth 2.1.7-1.1 [buster] - fluidsynth 1.1.11-1+deb10u1 NOTE: https://github.com/FluidSynth/fluidsynth/issues/808 NOTE: https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9 CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...) - python-django-registration (bug #987366) [stretch] - python-django-registration (Minor issue) NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files. This is a R ...) NOT-FOR-US: Prisma VS Code a VSCode extension CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As of today ...) NOT-FOR-US: Prisma CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...) NOT-FOR-US: Node isolated-vm CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...) NOT-FOR-US: Node @thi.ng/egf CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...) - oauth2-proxy (bug #982891) CVE-2021-21410 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...) {DSA-4885-1} - netty 1:4.1.48-4 (bug #986217) [stretch] - netty (Minor issue, fix requires major changes of HTTP2 module) NOTE: Fixed by: https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432 NOTE: https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32 NOTE: Is a followup to: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj CVE-2021-21408 RESERVED CVE-2021-21407 (Combodo iTop is an open source, web based IT Service Management tool. ...) NOT-FOR-US: Combodo iTop CVE-2021-21406 (Combodo iTop is an open source, web based IT Service Management tool. ...) NOT-FOR-US: Combodo iTop CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in Go. BLS ...) NOT-FOR-US: Lotus CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Syncthing b ...) - syncthing 1.12.1~ds1-3 (bug #986593) [buster] - syncthing (Minor issue) [stretch] - syncthing (Minor issue; can be fixed in next update) NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h NOTE: https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97 CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...) NOT-FOR-US: kongchuanhujiao CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...) NOT-FOR-US: Jellyfin CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...) - nanopb 0.4.4-2 (bug #985844) NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88 NOTE: https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261 CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure collaborati ...) NOT-FOR-US: wire-webapp CVE-2021-21399 (Ampache is a web based audio/video streaming application and file mana ...) - ampache CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) NOT-FOR-US: PrestaShop CVE-2021-21397 RESERVED CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...) NOT-FOR-US: wire-server CVE-2021-21395 RESERVED CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.28.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362 CVE-2021-21393 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.28.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88 CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.28.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78 CVE-2021-21391 (CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the f ...) - ckeditor [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Introduced in ckeditor5 rewrite) NOTE: https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...) NOT-FOR-US: MinIO CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...) NOT-FOR-US: BuddyPress WordPress plugin CVE-2021-21388 (systeminformation is an open source system and OS information library ...) NOT-FOR-US: Node systeminformation CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...) NOT-FOR-US: Wrongthink CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...) NOT-FOR-US: APKLeaks CVE-2021-21385 (Mifos-Mobile Android Application for MifosX is an Android Application ...) NOT-FOR-US: Mifos-Mobile Android Application CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In shescape ...) NOT-FOR-US: shescape CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...) NOT-FOR-US: Wiki.js CVE-2021-21382 (Restund is an open source NAT traversal server. The restund TURN serve ...) - restund (bug #804846) CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...) - envoyproxy (bug #987544) CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...) NOT-FOR-US: OMERO.web CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...) NOT-FOR-US: OMERO.web CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...) {DLA-2665-1 DLA-2636-1} - pjproject - ring 20210112.2.b757bac~ds1-1 (bug #986815) [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1 NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365 CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...) - nim 1.4.6+really1.4.2-1 (bug #987272) [buster] - nim (Minor issue) [stretch] - nim (Minor issue; can be fixed in next update) NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze CVE-2021-21373 (Nimble is a package manager for the Nim programming language. In Nim r ...) - nim 1.4.6+really1.4.2-1 (bug #987272) [buster] - nim (Minor issue) [stretch] - nim (Minor issue; can be fixed in next update) NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze CVE-2021-21372 (Nimble is a package manager for the Nim programming language. In Nim r ...) - nim 1.4.6+really1.4.2-1 (bug #987272) [buster] - nim (Minor issue) [stretch] - nim (Minor issue; can be fixed in next update) NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...) NOT-FOR-US: Tenable for Jira Cloud CVE-2021-21370 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...) NOT-FOR-US: Hyperledger Besu CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...) NOT-FOR-US: Node msgpack5 CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and be ...) NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...) - node-xmldom 0.5.0-1 [buster] - node-xmldom (Minor issue) NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135 CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered that re ...) NOT-FOR-US: Typo3 theme CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...) - swagger-codegen (bug #950318) CVE-2021-21363 (swagger-codegen is an open-source project which contains a template-dr ...) - swagger-codegen (bug #950318) CVE-2021-21362 (MinIO is an open-source high performance object storage service and it ...) NOT-FOR-US: MinIO CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an inf ...) NOT-FOR-US: gradle-vagrant-plugin CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...) NOT-FOR-US: Products.GenericSetup CVE-2021-21359 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21358 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21357 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21356 RESERVED CVE-2021-21355 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21354 (Pollbot is open source software which "frees its human masters from th ...) NOT-FOR-US: Pollbot CVE-2021-21353 (Pug is an npm package which is a high-performance template engine. In ...) NOT-FOR-US: Node pug CVE-2021-21352 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-21351 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c CVE-2021-21350 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq CVE-2021-21349 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv CVE-2021-21348 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq CVE-2021-21347 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f CVE-2021-21346 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr CVE-2021-21345 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4 CVE-2021-21344 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3 CVE-2021-21343 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-74cv-f58x-f9wf CVE-2021-21342 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m CVE-2021-21341 (XStream is a Java library to serialize objects to XML and back again. ...) {DLA-2616-1} - libxstream-java 1.4.15-2 (bug #985843) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh CVE-2021-21340 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21339 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21338 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication and a ...) NOT-FOR-US: Products.PluggableAuthService CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...) NOT-FOR-US: Products.PluggableAuthService CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-n ...) NOT-FOR-US: Nginx addon for SPNEGO auth CVE-2021-21334 (In containerd (an industry-standard container runtime) before versions ...) - containerd 1.4.4~ds1-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4 CVE-2021-21333 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.27.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm CVE-2021-21332 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.27.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899 CVE-2021-21331 (The Java client for the Datadog API before version 1.0.0-beta.9 has a ...) NOT-FOR-US: Java client for Datadog API CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) {DSA-4864-1} - python-aiohttp 3.7.4-1 [stretch] - python-aiohttp (Vulnerable code introduced later) NOTE: https://github.com/aio-libs/aiohttp/issues/5497 NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg NOTE: https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 NOTE: https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security Capture t ...) NOT-FOR-US: RATCF CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version 4.40.1, th ...) NOT-FOR-US: Vapor CVE-2021-21327 (GLPI is an open-source asset and IT management software package that p ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw7-w2m4-rjwp CVE-2021-21326 (GLPI is an open-source asset and IT management software package that p ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh CVE-2021-21325 (GLPI is an open-source asset and IT management software package that p ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-m574-f3jw-pwrf CVE-2021-21324 (GLPI is an open-source asset and IT management software package that p ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-jvwm-gq36-3v7v CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...) - brave-browser (bug #864795) CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin for pro ...) NOT-FOR-US: fastify-http-proxy CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin to forw ...) NOT-FOR-US: Node fastify-reply-from CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...) NOT-FOR-US: Node matrix-react-sdk CVE-2021-21319 RESERVED CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...) NOT-FOR-US: Opencast CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...) NOT-FOR-US: Node uap-core CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...) NOT-FOR-US: less-openui5 npm package CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...) NOT-FOR-US: Node systeminformation CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg CVE-2021-21313 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-h4hj-mrpg-xfgx CVE-2021-21312 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2 CVE-2021-21311 (Adminer is an open-source database management in a single PHP file. In ...) {DLA-2580-1} - adminer 4.7.9-1 [buster] - adminer (Minor issue) NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 NOTE: https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 (v4.7.9) CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solution for ...) NOT-FOR-US: NextAuth.js CVE-2021-21309 (Redis is an open-source, in-memory database that persists on disk. In ...) {DLA-2576-1} - redis 5:6.0.11-1 (bug #983446) [buster] - redis 5:5.0.3-4+deb10u3 NOTE: https://github.com/redis/redis/pull/8522 NOTE: https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) NOT-FOR-US: PrestaShop CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...) NOT-FOR-US: Lucee Server CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...) - node-marked (Vulnerable code introduced later) NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96 NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - ruby-carrierwave (bug #982551) [stretch] - ruby-carrierwave (No reverse dependencies) NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4 NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7 CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...) NOT-FOR-US: Dynamoose CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...) - helm-kubernetes (bug #910799) CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) NOT-FOR-US: PrestaShop CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...) NOT-FOR-US: Wire CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...) - git 1:2.30.2-1 (bug #985120) [buster] - git (Minor issue) [stretch] - git (Minor issue) NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/ NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?h=v2.30.2&id=684dd4c2b414bcf648505e74498a608f28de4592 CVE-2021-21298 (Node-Red is a low-code programming for event-driven applications built ...) NOT-FOR-US: Node-Red CVE-2021-21297 (Node-Red is a low-code programming for event-driven applications built ...) NOT-FOR-US: Node-Red CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...) NOT-FOR-US: Fleet CVE-2021-21295 (Netty is an open-source, asynchronous event-driven network application ...) {DSA-4885-1} - netty 1:4.1.48-3 (bug #984948) [stretch] - netty (Minor issue, fix requires major changes of HTTP2 module) NOTE: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj NOTE: https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...) NOT-FOR-US: Http4s CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...) NOT-FOR-US: blaez CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...) NOT-FOR-US: Traccar CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...) - oauth2-proxy (bug #982891) CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...) {DSA-4885-1 DLA-2555-1} - netty 1:4.1.48-2 (bug #982580) NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...) {DLA-2561-1} - ruby-mechanize 2.7.7-1 [buster] - ruby-mechanize 2.7.6-1+deb10u1 NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g NOTE: https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7) NOTE: https://github.com/sparklemotion/mechanize/commit/2ac906b26f4a565a0af92df5fb9c8a36c2b75375 (v2.7.7) NOTE: https://github.com/sparklemotion/mechanize/commit/f43a3952ab39341136656b0a8b2c8597ba1b4adc (v2.7.7) NOTE: https://github.com/sparklemotion/mechanize/commit/b48b12f5db33c5a94a14dfcab8adf3e73cfa0388 (v2.7.7) NOTE: https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7) NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7) CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - ruby-carrierwave 1.3.2-1 (bug #982552) [stretch] - ruby-carrierwave (No reverse dependencies) NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5 NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0 CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...) - minio (bug #859207) CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...) NOT-FOR-US: AVideo Platform CVE-2021-21285 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...) {DSA-4865-1} - docker.io 20.10.3+dfsg1-1 NOTE: https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8 NOTE: https://github.com/moby/moby/commit/420b1d36250f9cfdc561f086f25a213ecb669b6f (v19.03) CVE-2021-21284 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...) {DSA-4865-1} - docker.io 20.10.3+dfsg1-1 NOTE: https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc NOTE: https://github.com/moby/moby/commit/1342c51d5e809d2994e6f7e490c8d2b3b12c28ae (v19.03) NOTE: https://github.com/moby/moby/commit/5eff67a2c294b7e72607e0949ebc0de21710e4d3 (v19.03) NOTE: https://github.com/moby/moby/commit/67de83e70bca92ae6a08e28a03b3fc8fcca9f3f1 (v19.03) CVE-2021-21283 (Flarum is an open source discussion platform for websites. The "Flarum ...) NOT-FOR-US: Flarum CVE-2021-21282 (Contiki-NG is an open-source, cross-platform operating system for inte ...) NOT-FOR-US: Contiki-NG CVE-2021-21281 (Contiki-NG is an open-source, cross-platform operating system for inte ...) NOT-FOR-US: Contiki-NG CVE-2021-21280 (Contiki-NG is an open-source, cross-platform operating system for inte ...) NOT-FOR-US: Contiki-NG CVE-2021-21279 (Contiki-NG is an open-source, cross-platform operating system for inte ...) NOT-FOR-US: Contiki-NG CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed generat ...) NOT-FOR-US: RSSHub CVE-2021-21277 (angular-expressions is "angular's nicest part extracted as a standalon ...) NOT-FOR-US: angular-expressions CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3.0, a ...) NOT-FOR-US: Polr CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...) NOT-FOR-US: MediaWiki Report extention CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.25.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8 NOTE: https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6 CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.25.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p NOTE: https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746 CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...) NOT-FOR-US: ORAS CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...) NOT-FOR-US: Tendermint CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...) NOT-FOR-US: OctopusDSC CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...) NOT-FOR-US: Keymaker CVE-2021-21268 RESERVED CVE-2021-21267 (Schema-Inspector is an open-source tool to sanitize and validate JS ob ...) NOT-FOR-US: Node schema-inspector CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automation sof ...) NOT-FOR-US: openHAB CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2021-21264 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2021-21262 RESERVED CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean ...) NOT-FOR-US: Online Invoicing System (OIS) CVE-2021-21259 (HedgeDoc is open source software which lets you create real-time colla ...) NOT-FOR-US: HedgeDoc CVE-2021-21258 (GLPI is an open-source asset and IT management software package that p ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx NOTE: https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15 CVE-2021-21257 (Contiki-NG is an open-source, cross-platform operating system for inte ...) NOT-FOR-US: Contiki-NG CVE-2021-21256 RESERVED CVE-2021-21255 (GLPI is an open-source asset and IT management software package that p ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j NOTE: https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a modular ...) NOT-FOR-US: CKEditor 5 Markdown plugin CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...) NOT-FOR-US: OnlineVotingSystem CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...) - civicrm (bug #980892) [bullseye] - civicrm (Minor issue) - otrs2 6.0.32-4 (bug #980891) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) - phpmyadmin 4:5.0.4+dfsg2-2 [stretch] - phpmyadmin (Minor issue; barely an issue in the phpmyadmin package) NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm NOTE: not packaged, but civicrm, otrs2, and phpmyadmin embed a copy NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171 CVE-2021-21251 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21250 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21249 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21248 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21247 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21246 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21245 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21244 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21243 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21242 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding security fe ...) - flask-security 4.0.0-1 (bug #980189) [buster] - flask-security (Vulnerable code introduced later) NOTE: https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv NOTE: https://github.com/Flask-Middleware/flask-security/issues/421 NOTE: https://github.com/Flask-Middleware/flask-security/pull/422 NOTE: https://github.com/Flask-Middleware/flask-security/commit/c05afe837e83f20f59c0fb409ce1240341d1ec41 (master) NOTE: https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f (3.4.5) CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In httplib ...) - python-httplib2 (bug #982738) [bullseye] - python-httplib2 (Minor issue) [buster] - python-httplib2 (Minor issue) [stretch] - python-httplib2 (Minor issue) NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m NOTE: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc (v0.19.0) NOTE: https://github.com/httplib2/httplib2/pull/182 CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...) {DLA-2577-1} - python-pysaml2 6.5.1-1 (bug #980772) NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737 CVE-2021-21238 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...) - python-pysaml2 6.5.1-1 (bug #980773) [stretch] - python-pysaml2 (python3-xmlschema not available in stretch for fix) NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 NOTE: https://github.com/IdentityPython/pysaml2/commit/3b707723dcf1bf60677b424aac398c0c3557641d CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...) - git-lfs (Windows-specific) NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5 CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...) - cairosvg 2.5.0-1.1 (bug #979597) [buster] - cairosvg (Vulnerable code introduced in 2.0.0rc6) [stretch] - cairosvg (Vulnerable code introduced in 2.0.0rc6) NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf NOTE: Introduced by: https://github.com/Kozea/CairoSVG/commit/4f14d2e8f2d7f9b534c5342e26519b7c27386a81 NOTE: Fixed by: https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1) CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...) - rust-kamadak-exif (bug #985309) NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2 CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple logfile v ...) NOT-FOR-US: Spring actuator logview CVE-2021-21233 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90. ...) {DSA-4911-1} - chromium 90.0.4430.93-1 (bug #987715) [stretch] - chromium (see DSA 4562) CVE-2021-21232 (Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 all ...) {DSA-4911-1} - chromium 90.0.4430.93-1 (bug #987715) [stretch] - chromium (see DSA 4562) CVE-2021-21231 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...) {DSA-4911-1} - chromium 90.0.4430.93-1 (bug #987715) [stretch] - chromium (see DSA 4562) CVE-2021-21230 (Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a ...) {DSA-4911-1} - chromium 90.0.4430.93-1 (bug #987715) [stretch] - chromium (see DSA 4562) CVE-2021-21229 (Incorrect security UI in downloads in Google Chrome on Android prior t ...) {DSA-4911-1} - chromium 90.0.4430.93-1 (bug #987715) [stretch] - chromium (see DSA 4562) CVE-2021-21228 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4911-1} - chromium 90.0.4430.93-1 (bug #987715) [stretch] - chromium (see DSA 4562) CVE-2021-21227 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...) {DSA-4911-1} - chromium 90.0.4430.93-1 (bug #987715) [stretch] - chromium (see DSA 4562) CVE-2021-21226 (Use after free in navigation in Google Chrome prior to 90.0.4430.85 al ...) {DSA-4906-1} - chromium 90.0.4430.85-1 (bug #987358) [stretch] - chromium (see DSA 4562) CVE-2021-21225 (Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430. ...) {DSA-4906-1} - chromium 90.0.4430.85-1 (bug #987358) [stretch] - chromium (see DSA 4562) CVE-2021-21224 (Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a ...) {DSA-4906-1} - chromium 90.0.4430.85-1 (bug #987358) [stretch] - chromium (see DSA 4562) CVE-2021-21223 (Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowe ...) {DSA-4906-1} - chromium 90.0.4430.85-1 (bug #987358) [stretch] - chromium (see DSA 4562) CVE-2021-21222 (Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allo ...) {DSA-4906-1} - chromium 90.0.4430.85-1 (bug #987358) [stretch] - chromium (see DSA 4562) CVE-2021-21221 (Insufficient validation of untrusted input in Mojo in Google Chrome pr ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21220 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21219 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21218 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21217 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21216 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21215 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21214 (Use after free in Network API in Google Chrome prior to 90.0.4430.72 a ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21213 (Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allow ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21212 (Incorrect security UI in Network Config UI in Google Chrome on ChromeO ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21211 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21210 (Inappropriate implementation in Network in Google Chrome prior to 90.0 ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21209 (Inappropriate implementation in storage in Google Chrome prior to 90.0 ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21208 (Insufficient data validation in QR scanner in Google Chrome on iOS pri ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21207 (Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 all ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21206 (Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowe ...) - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21205 (Insufficient policy enforcement in navigation in Google Chrome on iOS ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21204 (Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21203 (Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21202 (Use after free in extensions in Google Chrome prior to 90.0.4430.72 al ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21201 (Use after free in permissions in Google Chrome prior to 90.0.4430.72 a ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-21200 RESERVED CVE-2021-21199 (Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.11 ...) {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium (see DSA 4562) CVE-2021-21198 (Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allo ...) {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium (see DSA 4562) CVE-2021-21197 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.1 ...) {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium (see DSA 4562) CVE-2021-21196 (Heap buffer overflow in TabStrip in Google Chrome on Windows prior to ...) {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium (see DSA 4562) CVE-2021-21195 (Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a ...) {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium (see DSA 4562) CVE-2021-21194 (Use after free in screen sharing in Google Chrome prior to 89.0.4389.1 ...) {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium (see DSA 4562) CVE-2021-21193 (Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed ...) {DSA-4886-1} - chromium 89.0.4389.90-1 (bug #985142) [stretch] - chromium (see DSA 4562) CVE-2021-21192 (Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389 ...) {DSA-4886-1} - chromium 89.0.4389.90-1 [stretch] - chromium (see DSA 4562) CVE-2021-21191 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowe ...) {DSA-4886-1} - chromium 89.0.4389.90-1 [stretch] - chromium (see DSA 4562) CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome prior to ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21187 (Insufficient data validation in URL formatting in Google Chrome prior ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google Chrome on iOS ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21184 (Inappropriate implementation in performance APIs in Google Chrome prio ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21183 (Inappropriate implementation in performance APIs in Google Chrome prio ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21182 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome prior to ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21180 (Use after free in tab search in Google Chrome prior to 89.0.4389.72 al ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux prior to ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome on Linux ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21176 (Inappropriate implementation in full screen mode in Google Chrome prio ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21175 (Inappropriate implementation in Site isolation in Google Chrome prior ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome prior to 89. ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21173 (Side-channel information leakage in Network Internals in Google Chrome ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21172 (Insufficient policy enforcement in File System API in Google Chrome on ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google Chrome on A ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389. ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome prior to ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 all ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome on iOS ...) - chromium (MacOS specific) CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome on iOS pr ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowe ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.7 ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-21158 RESERVED - chromium (MacOS specific) CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior to 88.0. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 all ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux prior t ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21151 (Use after free in Payments in Google Chrome prior to 88.0.4324.182 all ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior to 88.0. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on Linux prior ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium (see DSA 4562) CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 all ...) {DSA-4858-1} - chromium 88.0.4324.150-1 [stretch] - chromium (see DSA 4562) CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to 88.0.43 ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium (see DSA 4562) CVE-2021-21146 (Use after free in Navigation in Google Chrome prior to 88.0.4324.146 a ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium (see DSA 4562) CVE-2021-21145 (Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowe ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium (see DSA 4562) CVE-2021-21144 (Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium (see DSA 4562) CVE-2021-21143 (Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium (see DSA 4562) CVE-2021-21142 (Use after free in Payments in Google Chrome on Mac prior to 88.0.4324. ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium (see DSA 4562) CVE-2021-21141 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21140 (Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowe ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21139 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21138 (Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allo ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21137 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21136 (Insufficient policy enforcement in WebView in Google Chrome on Android ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21135 (Inappropriate implementation in Performance API in Google Chrome prior ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21134 (Incorrect security UI in Page Info in Google Chrome on iOS prior to 88 ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21133 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21132 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21131 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21130 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21129 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21128 (Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 a ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21127 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21126 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21125 (Insufficient policy enforcement in File System API in Google Chrome on ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21124 (Potential user after free in Speech Recognizer in Google Chrome on And ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21123 (Insufficient data validation in File System API in Google Chrome prior ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21122 (Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21121 (Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21120 (Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowe ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21119 (Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21118 (Insufficient data validation in V8 in Google Chrome prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21117 (Insufficient policy enforcement in Cryptohome in Google Chrome prior t ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium (see DSA 4562) CVE-2021-21116 (Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21115 (User after free in safe browsing in Google Chrome prior to 87.0.4280.1 ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21114 (Use after free in audio in Google Chrome prior to 87.0.4280.141 allowe ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21113 (Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 a ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21112 (Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowe ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21111 (Insufficient policy enforcement in WebUI in Google Chrome prior to 87. ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21110 (Use after free in safe browsing in Google Chrome prior to 87.0.4280.14 ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21109 (Use after free in payments in Google Chrome prior to 87.0.4280.141 all ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21108 (Use after free in media in Google Chrome prior to 87.0.4280.141 allowe ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21107 (Use after free in drag and drop in Google Chrome on Linux prior to 87. ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21106 (Use after free in autofill in Google Chrome prior to 87.0.4280.141 all ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2021-21105 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...) NOT-FOR-US: Adobe CVE-2021-21104 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...) NOT-FOR-US: Adobe CVE-2021-21103 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...) NOT-FOR-US: Adobe CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a Path Tra ...) NOT-FOR-US: Adobe CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of- ...) NOT-FOR-US: Adobe CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-21099 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-21098 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-21097 RESERVED CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2021-21095 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2021-21094 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2021-21093 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path travers ...) NOT-FOR-US: Adobe CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Acrobat CVE-2021-21088 RESERVED CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...) NOT-FOR-US: Adobe CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...) NOT-FOR-US: Adobe CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) NOT-FOR-US: Adobe CVE-2021-21083 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) NOT-FOR-US: Adobe CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2021-21081 RESERVED CVE-2021-21080 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...) NOT-FOR-US: Adobe CVE-2021-21079 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...) NOT-FOR-US: Adobe CVE-2021-21078 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...) NOT-FOR-US: Adobe CVE-2021-21077 (Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based ...) NOT-FOR-US: Adobe CVE-2021-21076 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-21075 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-21074 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-21073 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-21072 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-21071 (Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Cor ...) NOT-FOR-US: Adobe CVE-2021-21070 (Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncont ...) NOT-FOR-US: Adobe CVE-2021-21069 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...) NOT-FOR-US: Adobe CVE-2021-21068 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...) NOT-FOR-US: Adobe CVE-2021-21067 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...) NOT-FOR-US: Adobe CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...) NOT-FOR-US: Adobe CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path t ...) NOT-FOR-US: Magento CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21061 (Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.00 ...) NOT-FOR-US: Adobe CVE-2021-21060 (Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.3 ...) NOT-FOR-US: Adobe CVE-2021-21059 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21058 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21057 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21056 (Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out- ...) NOT-FOR-US: Adobe CVE-2021-21055 (Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) i ...) NOT-FOR-US: Adobe CVE-2021-21054 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...) NOT-FOR-US: Adobe CVE-2021-21053 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...) NOT-FOR-US: Adobe CVE-2021-21052 (Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-21051 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-21050 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-21049 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-21048 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-21047 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-21046 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21045 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...) NOT-FOR-US: Adobe CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...) NOT-FOR-US: Adobe CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21040 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21039 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21038 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21037 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21036 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21035 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21034 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21033 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21032 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21031 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21030 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21029 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21028 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21027 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21026 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21025 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21024 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21023 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21022 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21021 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21020 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21019 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21018 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21017 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21016 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21015 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21014 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Magento CVE-2021-21013 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Adobe CVE-2021-21012 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) NOT-FOR-US: Adobe CVE-2021-21011 (Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2021-21010 (InCopy version 15.1.1 (and earlier) for Windows is affected by an unco ...) NOT-FOR-US: Adobe CVE-2021-21009 (Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and ear ...) NOT-FOR-US: Adobe CVE-2021-21008 (Adobe Animate version 21.0 (and earlier) is affected by an uncontrolle ...) NOT-FOR-US: Adobe CVE-2021-21007 (Adobe Illustrator version 25.0 (and earlier) is affected by an uncontr ...) NOT-FOR-US: Adobe CVE-2021-21006 (Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffe ...) NOT-FOR-US: Adobe CVE-2021-21005 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...) NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products CVE-2021-21004 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...) NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products CVE-2021-21003 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...) NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products CVE-2021-21002 (In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Mo ...) NOT-FOR-US: Phoenix Contact FL COMSERVER UNI CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with special cra ...) NOT-FOR-US: WAGO CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with special cra ...) NOT-FOR-US: WAGO CVE-2021-20999 (In Weidmüller u-controls and IoT-Gateways in versions up to 1.12. ...) NOT-FOR-US: Weidmueller u-controls and IoT Gateways CVE-2021-20998 (In multiple managed switches by WAGO in different versions without aut ...) NOT-FOR-US: WAGO CVE-2021-20997 (In multiple managed switches by WAGO in different versions it is possi ...) NOT-FOR-US: WAGO CVE-2021-20996 (In multiple managed switches by WAGO in different versions special cra ...) NOT-FOR-US: WAGO CVE-2021-20995 (In multiple managed switches by WAGO in different versions the webserv ...) NOT-FOR-US: WAGO CVE-2021-20994 (In multiple managed switches by WAGO in different versions an attacker ...) NOT-FOR-US: WAGO CVE-2021-20993 (In multiple managed switches by WAGO in different versions the activat ...) NOT-FOR-US: WAGO CVE-2021-20992 (In Fibaro Home Center 2 and Lite devices in all versions provide a web ...) NOT-FOR-US: Fibaro Home Center CVE-2021-20991 (In Fibaro Home Center 2 and Lite devices with firmware version 4.540 a ...) NOT-FOR-US: Fibaro Home Center CVE-2021-20990 (In Fibaro Home Center 2 and Lite devices with firmware version 4.600 a ...) NOT-FOR-US: Fibaro Home Center CVE-2021-20989 (Fibaro Home Center 2 and Lite devices with firmware version 4.600 and ...) NOT-FOR-US: Fibaro Home Center CVE-2021-20988 (In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet ...) NOT-FOR-US: Hilscher rcX RTOS CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...) NOT-FOR-US: Hilscher EtherNet/IP Core CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...) NOT-FOR-US: Hilscher CVE-2021-20985 RESERVED CVE-2021-20984 RESERVED CVE-2021-20983 RESERVED CVE-2021-20982 RESERVED CVE-2021-20981 RESERVED CVE-2021-20980 RESERVED CVE-2021-20979 RESERVED CVE-2021-20978 RESERVED CVE-2021-20977 RESERVED CVE-2021-20976 RESERVED CVE-2021-20975 RESERVED CVE-2021-20974 RESERVED CVE-2021-20973 RESERVED CVE-2021-20972 RESERVED CVE-2021-20971 RESERVED CVE-2021-20970 RESERVED CVE-2021-20969 RESERVED CVE-2021-20968 RESERVED CVE-2021-20967 RESERVED CVE-2021-20966 RESERVED CVE-2021-20965 RESERVED CVE-2021-20964 RESERVED CVE-2021-20963 RESERVED CVE-2021-20962 RESERVED CVE-2021-20961 RESERVED CVE-2021-20960 RESERVED CVE-2021-20959 RESERVED CVE-2021-20958 RESERVED CVE-2021-20957 RESERVED CVE-2021-20956 RESERVED CVE-2021-20955 RESERVED CVE-2021-20954 RESERVED CVE-2021-20953 RESERVED CVE-2021-20952 RESERVED CVE-2021-20951 RESERVED CVE-2021-20950 RESERVED CVE-2021-20949 RESERVED CVE-2021-20948 RESERVED CVE-2021-20947 RESERVED CVE-2021-20946 RESERVED CVE-2021-20945 RESERVED CVE-2021-20944 RESERVED CVE-2021-20943 RESERVED CVE-2021-20942 RESERVED CVE-2021-20941 RESERVED CVE-2021-20940 RESERVED CVE-2021-20939 RESERVED CVE-2021-20938 RESERVED CVE-2021-20937 RESERVED CVE-2021-20936 RESERVED CVE-2021-20935 RESERVED CVE-2021-20934 RESERVED CVE-2021-20933 RESERVED CVE-2021-20932 RESERVED CVE-2021-20931 RESERVED CVE-2021-20930 RESERVED CVE-2021-20929 RESERVED CVE-2021-20928 RESERVED CVE-2021-20927 RESERVED CVE-2021-20926 RESERVED CVE-2021-20925 RESERVED CVE-2021-20924 RESERVED CVE-2021-20923 RESERVED CVE-2021-20922 RESERVED CVE-2021-20921 RESERVED CVE-2021-20920 RESERVED CVE-2021-20919 RESERVED CVE-2021-20918 RESERVED CVE-2021-20917 RESERVED CVE-2021-20916 RESERVED CVE-2021-20915 RESERVED CVE-2021-20914 RESERVED CVE-2021-20913 RESERVED CVE-2021-20912 RESERVED CVE-2021-20911 RESERVED CVE-2021-20910 RESERVED CVE-2021-20909 RESERVED CVE-2021-20908 RESERVED CVE-2021-20907 RESERVED CVE-2021-20906 RESERVED CVE-2021-20905 RESERVED CVE-2021-20904 RESERVED CVE-2021-20903 RESERVED CVE-2021-20902 RESERVED CVE-2021-20901 RESERVED CVE-2021-20900 RESERVED CVE-2021-20899 RESERVED CVE-2021-20898 RESERVED CVE-2021-20897 RESERVED CVE-2021-20896 RESERVED CVE-2021-20895 RESERVED CVE-2021-20894 RESERVED CVE-2021-20893 RESERVED CVE-2021-20892 RESERVED CVE-2021-20891 RESERVED CVE-2021-20890 RESERVED CVE-2021-20889 RESERVED CVE-2021-20888 RESERVED CVE-2021-20887 RESERVED CVE-2021-20886 RESERVED CVE-2021-20885 RESERVED CVE-2021-20884 RESERVED CVE-2021-20883 RESERVED CVE-2021-20882 RESERVED CVE-2021-20881 RESERVED CVE-2021-20880 RESERVED CVE-2021-20879 RESERVED CVE-2021-20878 RESERVED CVE-2021-20877 RESERVED CVE-2021-20876 RESERVED CVE-2021-20875 RESERVED CVE-2021-20874 RESERVED CVE-2021-20873 RESERVED CVE-2021-20872 RESERVED CVE-2021-20871 RESERVED CVE-2021-20870 RESERVED CVE-2021-20869 RESERVED CVE-2021-20868 RESERVED CVE-2021-20867 RESERVED CVE-2021-20866 RESERVED CVE-2021-20865 RESERVED CVE-2021-20864 RESERVED CVE-2021-20863 RESERVED CVE-2021-20862 RESERVED CVE-2021-20861 RESERVED CVE-2021-20860 RESERVED CVE-2021-20859 RESERVED CVE-2021-20858 RESERVED CVE-2021-20857 RESERVED CVE-2021-20856 RESERVED CVE-2021-20855 RESERVED CVE-2021-20854 RESERVED CVE-2021-20853 RESERVED CVE-2021-20852 RESERVED CVE-2021-20851 RESERVED CVE-2021-20850 RESERVED CVE-2021-20849 RESERVED CVE-2021-20848 RESERVED CVE-2021-20847 RESERVED CVE-2021-20846 RESERVED CVE-2021-20845 RESERVED CVE-2021-20844 RESERVED CVE-2021-20843 RESERVED CVE-2021-20842 RESERVED CVE-2021-20841 RESERVED CVE-2021-20840 RESERVED CVE-2021-20839 RESERVED CVE-2021-20838 RESERVED CVE-2021-20837 RESERVED CVE-2021-20836 RESERVED CVE-2021-20835 RESERVED CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) NOT-FOR-US: Nike App CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...) NOT-FOR-US: SNKRDUNK Market Place App CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...) NOT-FOR-US: InBody App CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...) NOT-FOR-US: OG Tags (WordPress plugin) CVE-2021-20830 RESERVED CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...) NOT-FOR-US: GROWI CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...) NOT-FOR-US: EC-CUBE plugin CVE-2021-20827 RESERVED CVE-2021-20826 RESERVED CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...) NOT-FOR-US: EC-CUBE plugin CVE-2021-20824 RESERVED CVE-2021-20823 RESERVED CVE-2021-20822 RESERVED CVE-2021-20821 RESERVED CVE-2021-20820 RESERVED CVE-2021-20819 RESERVED CVE-2021-20818 RESERVED CVE-2021-20817 RESERVED CVE-2021-20816 RESERVED CVE-2021-20815 (Cross-site scripting vulnerability in Edit Boilerplate screen of Movab ...) - movabletype-opensource CVE-2021-20814 (Cross-site scripting vulnerability in Setting screen of ContentType In ...) - movabletype-opensource CVE-2021-20813 (Cross-site scripting vulnerability in Edit screen of Content Data of M ...) - movabletype-opensource CVE-2021-20812 (Cross-site scripting vulnerability in Setting screen of Server Sync of ...) - movabletype-opensource CVE-2021-20811 (Cross-site scripting vulnerability in List of Assets screen of Movable ...) - movabletype-opensource CVE-2021-20810 (Cross-site scripting vulnerability in Website Management screen of Mov ...) - movabletype-opensource CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, Page, a ...) - movabletype-opensource CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...) - movabletype-opensource CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu ...) NOT-FOR-US: Cybozu CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...) NOT-FOR-US: Cybozu CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu ...) NOT-FOR-US: Cybozu CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) NOT-FOR-US: Cybozu CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...) NOT-FOR-US: Cybozu CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to ...) NOT-FOR-US: Cybozu CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) NOT-FOR-US: Cybozu CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu ...) NOT-FOR-US: Cybozu CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu ...) NOT-FOR-US: Cybozu CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu ...) NOT-FOR-US: Cybozu CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of ...) NOT-FOR-US: Cybozu CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...) NOT-FOR-US: Cybozu CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...) NOT-FOR-US: Cybozu CVE-2021-20794 RESERVED CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...) NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP Music Transfer CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions ...) NOT-FOR-US: Quiz And Survey Master CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...) NOT-FOR-US: RevoWorks Browser CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...) NOT-FOR-US: RevoWorks Browser CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...) NOT-FOR-US: GroupSession CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...) NOT-FOR-US: GroupSession CVE-2021-20787 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...) NOT-FOR-US: GroupSession CVE-2021-20786 (Cross-site request forgery (CSRF) vulnerability in GroupSession (Group ...) NOT-FOR-US: GroupSession CVE-2021-20785 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...) NOT-FOR-US: GroupSession CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions except ...) NOT-FOR-US: Everything CVE-2021-20783 (Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-W ...) NOT-FOR-US: Optical BB unit E-WMTA2.3 CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...) NOT-FOR-US: Wordpress plugin CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...) NOT-FOR-US: Wordpress plugin CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Cu ...) NOT-FOR-US: Wordpress plugin CVE-2021-20779 (Cross-site request forgery (CSRF) vulnerability in WordPress Email Tem ...) NOT-FOR-US: Wordpress plugin CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 seri ...) NOT-FOR-US: EC-CUBE CVE-2021-20777 (Improper authorization in handler for custom URL scheme vulnerability ...) NOT-FOR-US: GU App for Android CVE-2021-20776 (Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR ...) NOT-FOR-US: SCT-40CM01SR and AT-40CM01SR CVE-2021-20775 (Improper input validation vulnerability in Bulletin of Cybozu Garoon 4 ...) NOT-FOR-US: Cybozu CVE-2021-20774 (Cross-site scripting vulnerability in some functions of E-mail of Cybo ...) NOT-FOR-US: Cybozu CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, ...) NOT-FOR-US: Cybozu CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...) NOT-FOR-US: Cybozu CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of ...) NOT-FOR-US: Cybozu CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...) NOT-FOR-US: Cybozu CVE-2021-20769 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 ...) NOT-FOR-US: Cybozu CVE-2021-20768 (Operational restrictions bypass vulnerability in Scheduler and MultiRe ...) NOT-FOR-US: Cybozu CVE-2021-20767 (Cross-site scripting vulnerability in Full Text Search of Cybozu Garoo ...) NOT-FOR-US: Cybozu CVE-2021-20766 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 t ...) NOT-FOR-US: Cybozu CVE-2021-20765 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 ...) NOT-FOR-US: Cybozu CVE-2021-20764 (Improper input validation vulnerability in Attaching Files of Cybozu G ...) NOT-FOR-US: Cybozu CVE-2021-20763 (Operational restrictions bypass vulnerability in Portal of Cybozu Garo ...) NOT-FOR-US: Cybozu CVE-2021-20762 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...) NOT-FOR-US: Cybozu CVE-2021-20761 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...) NOT-FOR-US: Cybozu CVE-2021-20760 (Improper input validation vulnerability in User Profile of Cybozu Garo ...) NOT-FOR-US: Cybozu CVE-2021-20759 (Operational restrictions bypass vulnerability in Bulletin of Cybozu Ga ...) NOT-FOR-US: Cybozu CVE-2021-20758 (Cross-site request forgery (CSRF) vulnerability in Message of Cybozu G ...) NOT-FOR-US: Cybozu CVE-2021-20757 (Operational restrictions bypass vulnerability in E-mail of Cybozu Garo ...) NOT-FOR-US: Cybozu CVE-2021-20756 (Viewing restrictions bypass vulnerability in Address of Cybozu Garoon ...) NOT-FOR-US: Cybozu CVE-2021-20755 (Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4 ...) NOT-FOR-US: Cybozu CVE-2021-20754 (Improper input validation vulnerability in Workflow of Cybozu Garoon 4 ...) NOT-FOR-US: Cybozu CVE-2021-20753 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 ...) NOT-FOR-US: Cybozu CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...) NOT-FOR-US: IkaIka RSS Reader CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...) NOT-FOR-US: EC-CUBE CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...) NOT-FOR-US: EC-CUBE CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and ear ...) NOT-FOR-US: Fudousan plugin CVE-2021-20748 (Retty App for Android versions prior to 4.8.13 and Retty App for iOS v ...) NOT-FOR-US: Retty CVE-2021-20747 (Improper authorization in handler for custom URL scheme vulnerability ...) NOT-FOR-US: Retty App CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...) NOT-FOR-US: Wordpress plugin CVE-2021-20745 (Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitra ...) NOT-FOR-US: Inkdrop CVE-2021-20744 (Cross-site scripting vulnerability in EC-CUBE Category contents plugin ...) NOT-FOR-US: EC-CUBE Category contents plugin CVE-2021-20743 (Cross-site scripting vulnerability in EC-CUBE Email newsletters manage ...) NOT-FOR-US: EC-CUBE Email newsletters management plugin CVE-2021-20742 (Cross-site scripting vulnerability in EC-CUBE Business form output plu ...) NOT-FOR-US: EC-CUBE Business form output plugin CVE-2021-20741 (Cross-site scripting vulnerability in Hitachi Application Server Help ...) NOT-FOR-US: Hitachi CVE-2021-20740 (Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions ...) NOT-FOR-US: Hitachi CVE-2021-20739 (WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, ...) NOT-FOR-US: Elecom CVE-2021-20738 (WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unau ...) NOT-FOR-US: Elecom CVE-2021-20737 (Improper authentication vulnerability in GROWI versions prior to v4.2. ...) NOT-FOR-US: GROWI CVE-2021-20736 (NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allow ...) NOT-FOR-US: GROWI CVE-2021-20735 (Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery ...) NOT-FOR-US: ETUNA EC-CUBE plugins CVE-2021-20734 (Cross-site scripting vulnerability in Welcart e-Commerce versions prio ...) NOT-FOR-US: Welcart e-Commerce CVE-2021-20733 (Improper authorization in handler for custom URL scheme vulnerability ...) NOT-FOR-US: Some Android app CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...) NOT-FOR-US: ATOM (ATOM - Smart life App) CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...) NOT-FOR-US: WSR-1166DHP3 firmware CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...) NOT-FOR-US: WSR-1166DHP3 firmware CVE-2021-20729 RESERVED CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...) NOT-FOR-US: goo blog App CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...) NOT-FOR-US: Zettlr CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...) NOT-FOR-US: Overwolf CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...) NOT-FOR-US: Calendar01 CVE-2021-20724 (Reflected cross-site scripting vulnerability in the admin page of [Tel ...) NOT-FOR-US: Telop01 CVE-2021-20723 (Reflected cross-site scripting vulnerability in [MailForm01] free edit ...) NOT-FOR-US: MailForm01 CVE-2021-20722 (Untrusted search path vulnerability in the installers of ScanSnap Mana ...) NOT-FOR-US: ScanSnap Manager CVE-2021-20721 (KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload a ...) NOT-FOR-US: KonaWiki2 CVE-2021-20720 (SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 a ...) NOT-FOR-US: KonaWiki2 CVE-2021-20719 (RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 ...) NOT-FOR-US: RFNTPS firmware CVE-2021-20718 (mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a de ...) - libapache2-mod-auth-openidc 2.4.4.1-2 (bug #989055) [buster] - libapache2-mod-auth-openidc (Vulnerable code introduced later) [stretch] - libapache2-mod-auth-openidc (Vulnerable code introduced later) NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120 CVE-2021-20717 (Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a ...) NOT-FOR-US: EC-CUBE CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices (BHR-4RV firm ...) NOT-FOR-US: Buffalo CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...) NOT-FOR-US: Hot Pepper Gourmet App CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...) NOT-FOR-US: WP fastest cache CVE-2021-20713 (Privilege escalation vulnerability in QND Advance/Premium/Standard Ver ...) NOT-FOR-US: QND Advance/Premium/Standard CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS firmware V ...) NOT-FOR-US: Aterm firmware CVE-2021-20711 (Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to exe ...) NOT-FOR-US: Aterm firmware CVE-2021-20710 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 ...) NOT-FOR-US: Aterm firmware CVE-2021-20709 (Improper validation of integrity check value vulnerability in NEC Ater ...) NOT-FOR-US: Aterm firmware CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...) NOT-FOR-US: Aterm firmware CVE-2021-20707 RESERVED CVE-2021-20706 RESERVED CVE-2021-20705 RESERVED CVE-2021-20704 RESERVED CVE-2021-20703 RESERVED CVE-2021-20702 RESERVED CVE-2021-20701 RESERVED CVE-2021-20700 RESERVED CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...) NOT-FOR-US: SHARP CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...) NOT-FOR-US: SHARP CVE-2021-20697 (Missing authentication for critical function in DAP-1880AC firmware ve ...) NOT-FOR-US: DAP-1880AC firmware CVE-2021-20696 (DAP-1880AC firmware version 1.21 and earlier allows a remote authentic ...) NOT-FOR-US: DAP-1880AC firmware CVE-2021-20695 (Improper following of a certificate's chain of trust vulnerability in ...) NOT-FOR-US: DAP-1880AC firmware CVE-2021-20694 (Improper access control vulnerability in DAP-1880AC firmware version 1 ...) NOT-FOR-US: DAP-1880AC firmware CVE-2021-20693 (Improper access control vulnerability in Gurunavi App for Android ver. ...) NOT-FOR-US: Gurunavi App for Android and iOS CVE-2021-20692 (Directory traversal vulnerability in Archive collectively operation ut ...) NOT-FOR-US: Enkisoft CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) NOT-FOR-US: Yomi-Search CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) NOT-FOR-US: Yomi-Search CVE-2021-20689 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) NOT-FOR-US: Yomi-Search CVE-2021-20688 (Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remo ...) NOT-FOR-US: Click Ranker CVE-2021-20687 (Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allow ...) NOT-FOR-US: Kagemai CVE-2021-20686 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...) NOT-FOR-US: Kagemai CVE-2021-20685 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...) NOT-FOR-US: Kagemai CVE-2021-20684 (Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remot ...) NOT-FOR-US: MagazinegerZ CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...) NOT-FOR-US: baserCMS CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...) NOT-FOR-US: baserCMS CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...) NOT-FOR-US: baserCMS CVE-2021-20680 (Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900H ...) NOT-FOR-US: Aterm firmware CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...) NOT-FOR-US: Fuji CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...) NOT-FOR-US: Paid Memberships Pro CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...) NOT-FOR-US: UNIVERGE CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) NOT-FOR-US: M-System CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) NOT-FOR-US: M-System CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...) NOT-FOR-US: MagicConnect client CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...) NOT-FOR-US: GROWI CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...) NOT-FOR-US: GROWI CVE-2021-20671 (Invalid file validation on the upload feature in GROWI versions v4.2.2 ...) NOT-FOR-US: GROWI CVE-2021-20670 (Improper access control vulnerability in GROWI versions v4.2.2 and ear ...) NOT-FOR-US: GROWI CVE-2021-20669 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...) NOT-FOR-US: GROWI CVE-2021-20668 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...) NOT-FOR-US: GROWI CVE-2021-20667 (Stored cross-site scripting vulnerability due to inadequate CSP (Conte ...) NOT-FOR-US: GROWI CVE-2021-20666 RESERVED CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents ...) - movabletype-opensource CVE-2021-20664 (Cross-site scripting vulnerability in in Asset registration screen of ...) - movabletype-opensource CVE-2021-20663 (Cross-site scripting vulnerability in in Role authority setting screen ...) - movabletype-opensource CVE-2021-20662 (Missing authentication for critical function in SolarView Compact SV-C ...) NOT-FOR-US: SolarView Compact CVE-2021-20661 (Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 pr ...) NOT-FOR-US: SolarView Compact CVE-2021-20660 (Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 p ...) NOT-FOR-US: SolarView Compact CVE-2021-20659 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticate ...) NOT-FOR-US: SolarView Compact CVE-2021-20658 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to ...) NOT-FOR-US: SolarView Compact CVE-2021-20657 (Improper access control vulnerability in SolarView Compact SV-CPT-MC31 ...) NOT-FOR-US: SolarView Compact CVE-2021-20656 (Exposure of information through directory listing in SolarView Compact ...) NOT-FOR-US: SolarView Compact CVE-2021-20655 (FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attack ...) NOT-FOR-US: FileZen CVE-2021-20654 (Wekan, open source kanban board system, between version 3.12 and 4.11, ...) NOT-FOR-US: Wekan CVE-2021-20653 (Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, ...) NOT-FOR-US: Calsos CSDJ CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...) NOT-FOR-US: Name Directory CVE-2021-20651 (Directory traversal vulnerability in ELECOM File Manager all versions ...) NOT-FOR-US: ELECOM CVE-2021-20650 (Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RM ...) NOT-FOR-US: ELECOM CVE-2021-20649 (ELECOM WRC-300FEBK-S contains an improper certificate validation vulne ...) NOT-FOR-US: ELECOM CVE-2021-20648 (ELECOM WRC-300FEBK-S allows an attacker with administrator rights to e ...) NOT-FOR-US: ELECOM CVE-2021-20647 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...) NOT-FOR-US: ELECOM CVE-2021-20646 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...) NOT-FOR-US: ELECOM CVE-2021-20645 (Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remo ...) NOT-FOR-US: ELECOM CVE-2021-20644 (ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the u ...) NOT-FOR-US: ELECOM CVE-2021-20643 (Improper access control vulnerability in ELECOM LD-PS/U1 allows remote ...) NOT-FOR-US: ELECOM CVE-2021-20642 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...) NOT-FOR-US: LOGITEC CVE-2021-20641 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/R ...) NOT-FOR-US: LOGITEC CVE-2021-20640 (Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an atta ...) NOT-FOR-US: LOGITEC CVE-2021-20639 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...) NOT-FOR-US: LOGITEC CVE-2021-20638 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...) NOT-FOR-US: LOGITEC CVE-2021-20637 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...) NOT-FOR-US: LOGITEC CVE-2021-20636 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/P ...) NOT-FOR-US: LOGITEC CVE-2021-20635 (Improper restriction of excessive authentication attempts in LOGITEC L ...) NOT-FOR-US: LOGITEC CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu Office 1 ...) NOT-FOR-US: Custom App of Cybozu Office CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu Office 10.0 ...) NOT-FOR-US: Cybozu Office CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...) NOT-FOR-US: Cybozu Office CVE-2021-20631 (Improper input validation vulnerability in Custom App of Cybozu Office ...) NOT-FOR-US: Cybozu Office CVE-2021-20630 (Improper access control vulnerability in Phone Messages of Cybozu Offi ...) NOT-FOR-US: Cybozu Office CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 t ...) NOT-FOR-US: Cybozu Office CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...) NOT-FOR-US: Cybozu Office CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...) NOT-FOR-US: Cybozu Office CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu Office 10. ...) NOT-FOR-US: Cybozu Office CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...) NOT-FOR-US: Cybozu Office CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu Office 10 ...) NOT-FOR-US: Cybozu Office CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...) NOT-FOR-US: Video Insight VMS CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...) NOT-FOR-US: Aterm WG2600HP firmware CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...) NOT-FOR-US: Aterm WG2600HP firmware CVE-2021-20620 (Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 ...) NOT-FOR-US: Aterm WF800HP firmware CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...) NOT-FOR-US: GROWI CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...) NOT-FOR-US: acmailer CVE-2021-20617 (Improper access control vulnerability in acmailer ver. 4.0.1 and earli ...) NOT-FOR-US: acmailer CVE-2021-20616 (Untrusted search path vulnerability in the installer of SKYSEA Client ...) NOT-FOR-US: SKYSEA Client View CVE-2021-20615 RESERVED CVE-2021-20614 RESERVED CVE-2021-20613 RESERVED CVE-2021-20612 RESERVED CVE-2021-20611 RESERVED CVE-2021-20610 RESERVED CVE-2021-20609 RESERVED CVE-2021-20608 RESERVED CVE-2021-20607 RESERVED CVE-2021-20606 RESERVED CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...) NOT-FOR-US: Mitsubishi CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...) NOT-FOR-US: Mitsubishi CVE-2021-20603 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...) NOT-FOR-US: Mitsubishi CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT2000 s ...) NOT-FOR-US: Mitsubishi CVE-2021-20601 RESERVED CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...) NOT-FOR-US: Mitsubishi CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...) NOT-FOR-US: Mitsubishi CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...) NOT-FOR-US: Mitsubishi CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...) NOT-FOR-US: Mitsubishi CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version ...) NOT-FOR-US: Mitsubishi CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...) NOT-FOR-US: Mitsubishi CVE-2021-20594 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Mitsubishi CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...) NOT-FOR-US: Mitsubishi CVE-2021-20592 (Missing synchronization vulnerability in GOT2000 series GT27 model com ...) NOT-FOR-US: Mitsubishi CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...) NOT-FOR-US: Mitsubishi CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model VNC ...) NOT-FOR-US: Mitsubishi CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...) NOT-FOR-US: Mitsubishi CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...) NOT-FOR-US: Mitsubishi CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...) NOT-FOR-US: Mitsubishi CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...) NOT-FOR-US: Mitsubishi CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive information ...) NOT-FOR-US: IBM CVE-2021-20584 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...) NOT-FOR-US: IBM CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in ...) NOT-FOR-US: IBM CVE-2021-20581 RESERVED CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site request f ...) NOT-FOR-US: IBM CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2021-20578 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...) NOT-FOR-US: IBM CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...) NOT-FOR-US: IBM CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker to send ...) NOT-FOR-US: IBM CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored locally ...) NOT-FOR-US: IBM CVE-2021-20574 (IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remot ...) NOT-FOR-US: IBM CVE-2021-20573 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...) NOT-FOR-US: IBM CVE-2021-20572 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...) NOT-FOR-US: IBM CVE-2021-20571 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...) NOT-FOR-US: IBM CVE-2021-20570 RESERVED CVE-2021-20569 (IBM Security Secret Server up to 11.0 could allow an attacker to enume ...) NOT-FOR-US: IBM CVE-2021-20568 RESERVED CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged attacker to ob ...) NOT-FOR-US: IBM CVE-2021-20566 (IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algor ...) NOT-FOR-US: IBM CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...) NOT-FOR-US: IBM CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...) NOT-FOR-US: IBM CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) NOT-FOR-US: IBM CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...) NOT-FOR-US: IBM CVE-2021-20561 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-20560 (IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 ...) NOT-FOR-US: IBM CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2021-20558 RESERVED CVE-2021-20557 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM CVE-2021-20556 RESERVED CVE-2021-20555 RESERVED CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2021-20553 RESERVED CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2021-20551 RESERVED CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2021-20548 RESERVED CVE-2021-20547 RESERVED CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2021-20545 RESERVED CVE-2021-20544 RESERVED CVE-2021-20543 RESERVED CVE-2021-20542 RESERVED CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) NOT-FOR-US: IBM CVE-2021-20540 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) NOT-FOR-US: IBM CVE-2021-20539 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) NOT-FOR-US: IBM CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a us ...) NOT-FOR-US: IBM CVE-2021-20537 (IBM Security Verify Access Docker 10.0.0 contains hard-coded credentia ...) NOT-FOR-US: IBM CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores ...) NOT-FOR-US: IBM CVE-2021-20535 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...) NOT-FOR-US: IBM CVE-2021-20534 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2021-20533 (IBM Security Verify Access Docker 10.0.0 could allow a remote authenti ...) NOT-FOR-US: IBM CVE-2021-20532 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a loc ...) NOT-FOR-US: IBM CVE-2021-20531 RESERVED CVE-2021-20530 RESERVED CVE-2021-20529 (IBM Control Center 6.2.0.0 could allow a user to obtain sensitive vers ...) NOT-FOR-US: IBM CVE-2021-20528 (IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-20527 (IBM Resilient SOAR V38.0 could allow a privileged user to create creat ...) NOT-FOR-US: IBM CVE-2021-20526 RESERVED CVE-2021-20525 RESERVED CVE-2021-20524 (IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2021-20523 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2021-20522 RESERVED CVE-2021-20521 RESERVED CVE-2021-20520 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2021-20519 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2021-20518 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2021-20517 (IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could ...) NOT-FOR-US: IBM CVE-2021-20516 RESERVED CVE-2021-20515 (IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffe ...) NOT-FOR-US: IBM CVE-2021-20514 RESERVED CVE-2021-20513 RESERVED CVE-2021-20512 RESERVED CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...) NOT-FOR-US: IBM CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable ...) NOT-FOR-US: IBM CVE-2021-20508 (IBM Security Secret Server up to 11.0 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2021-20505 (The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, ...) NOT-FOR-US: IBM CVE-2021-20504 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External Entity ...) NOT-FOR-US: IBM CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send em ...) NOT-FOR-US: IBM CVE-2021-20500 (IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive ...) NOT-FOR-US: IBM CVE-2021-20499 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2021-20498 (IBM Security Verify Access Docker 10.0.0 reveals version information i ...) NOT-FOR-US: IBM CVE-2021-20497 (IBM Security Verify Access Docker 10.0.0 uses weaker than expected cry ...) NOT-FOR-US: IBM CVE-2021-20496 (IBM Security Verify Access Docker 10.0.0 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2021-20495 RESERVED CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...) NOT-FOR-US: IBM CVE-2021-20493 RESERVED CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...) NOT-FOR-US: IBM CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based bu ...) NOT-FOR-US: IBM CVE-2021-20490 (IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local us ...) NOT-FOR-US: IBM CVE-2021-20489 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-20488 (IBM Security Identity Manager 6.0.2 could allow an authenticated malic ...) NOT-FOR-US: IBM CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...) NOT-FOR-US: IBM CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...) NOT-FOR-US: IBM CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) NOT-FOR-US: IBM CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...) NOT-FOR-US: IBM CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...) NOT-FOR-US: IBM CVE-2021-20481 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...) NOT-FOR-US: IBM CVE-2021-20479 RESERVED CVE-2021-20478 (IBM Cloud Pak System 2.3 could allow a local user in some situations t ...) NOT-FOR-US: IBM CVE-2021-20477 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-20476 RESERVED CVE-2021-20475 RESERVED CVE-2021-20474 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perfor ...) NOT-FOR-US: IBM CVE-2021-20473 (IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does ...) NOT-FOR-US: IBM CVE-2021-20472 RESERVED CVE-2021-20471 RESERVED CVE-2021-20470 RESERVED CVE-2021-20469 RESERVED CVE-2021-20468 RESERVED CVE-2021-20467 RESERVED CVE-2021-20466 RESERVED CVE-2021-20465 RESERVED CVE-2021-20464 RESERVED CVE-2021-20463 RESERVED CVE-2021-20462 RESERVED CVE-2021-20461 (IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the ...) NOT-FOR-US: IBM CVE-2021-20460 RESERVED CVE-2021-20459 RESERVED CVE-2021-20458 RESERVED CVE-2021-20457 RESERVED CVE-2021-20456 RESERVED CVE-2021-20455 RESERVED CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a ...) NOT-FOR-US: IBM CVE-2021-20452 RESERVED CVE-2021-20451 RESERVED CVE-2021-20450 RESERVED CVE-2021-20449 RESERVED CVE-2021-20448 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2021-20447 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2021-20445 (IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain ...) NOT-FOR-US: IBM CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...) NOT-FOR-US: IBM CVE-2021-20442 (IBM Security Verify Bridge contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptographic alg ...) NOT-FOR-US: IBM CVE-2021-20440 (IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not ...) NOT-FOR-US: IBM CVE-2021-20439 (IBM Security Access Manager 9.0 and IBM Security Verify Access Docker ...) NOT-FOR-US: IBM CVE-2021-20438 RESERVED CVE-2021-20437 RESERVED CVE-2021-20436 RESERVED CVE-2021-20435 (IBM Security Verify Bridge 1.0.5.0 does not properly validate a certif ...) NOT-FOR-US: IBM CVE-2021-20434 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) NOT-FOR-US: IBM CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...) NOT-FOR-US: IBM CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...) NOT-FOR-US: IBM CVE-2021-20431 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not inv ...) NOT-FOR-US: IBM CVE-2021-20430 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) NOT-FOR-US: IBM CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose ...) NOT-FOR-US: IBM CVE-2021-20428 (IBM Security Guardium 11.2 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2021-20427 (IBM Security Guardium 11.2 uses an inadequate account lockout setting ...) NOT-FOR-US: IBM CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM CVE-2021-20425 RESERVED CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated user g ...) NOT-FOR-US: IBM CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...) NOT-FOR-US: IBM CVE-2021-20421 RESERVED CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive information due to ...) NOT-FOR-US: IBM CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...) NOT-FOR-US: IBM CVE-2021-20418 (IBM Security Guardium 11.2 does not require that users should have str ...) NOT-FOR-US: IBM CVE-2021-20417 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a r ...) NOT-FOR-US: IBM CVE-2021-20415 (IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account ...) NOT-FOR-US: IBM CVE-2021-20414 (IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce ...) NOT-FOR-US: IBM CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...) NOT-FOR-US: IBM CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) NOT-FOR-US: IBM CVE-2021-20410 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user crede ...) NOT-FOR-US: IBM CVE-2021-20409 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...) NOT-FOR-US: IBM CVE-2021-20408 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose h ...) NOT-FOR-US: IBM CVE-2021-20407 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensit ...) NOT-FOR-US: IBM CVE-2021-20406 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than ...) NOT-FOR-US: IBM CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) NOT-FOR-US: IBM CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) NOT-FOR-US: IBM CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to ...) NOT-FOR-US: IBM CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...) NOT-FOR-US: IBM CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM CVE-2021-20400 RESERVED CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...) NOT-FOR-US: IBM CVE-2021-20398 RESERVED CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2021-20396 (IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM ...) NOT-FOR-US: IBM CVE-2021-20395 RESERVED CVE-2021-20394 RESERVED CVE-2021-20393 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a r ...) NOT-FOR-US: IBM CVE-2021-20392 (IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable t ...) NOT-FOR-US: IBM CVE-2021-20391 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web page ...) NOT-FOR-US: IBM CVE-2021-20390 RESERVED CVE-2021-20389 (IBM Security Guardium 11.2 stores user credentials in plain clear text ...) NOT-FOR-US: IBM CVE-2021-20388 RESERVED CVE-2021-20387 RESERVED CVE-2021-20386 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-20385 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM CVE-2021-20384 RESERVED CVE-2021-20383 RESERVED CVE-2021-20382 RESERVED CVE-2021-20381 RESERVED CVE-2021-20380 (IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRad ...) NOT-FOR-US: IBM CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker tha ...) NOT-FOR-US: IBM CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invali ...) NOT-FOR-US: IBM CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2021-20376 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...) NOT-FOR-US: IBM CVE-2021-20375 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...) NOT-FOR-US: IBM CVE-2021-20374 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...) NOT-FOR-US: IBM CVE-2021-20373 RESERVED CVE-2021-20372 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...) NOT-FOR-US: IBM CVE-2021-20370 RESERVED CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-20367 RESERVED CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...) NOT-FOR-US: IBM CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...) NOT-FOR-US: IBM CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2021-20356 RESERVED CVE-2021-20355 RESERVED CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...) NOT-FOR-US: IBM CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2021-20352 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-bas ...) NOT-FOR-US: IBM CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) NOT-FOR-US: IBM CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) NOT-FOR-US: IBM CVE-2021-20346 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) NOT-FOR-US: IBM CVE-2021-20345 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) NOT-FOR-US: IBM CVE-2021-20344 RESERVED CVE-2021-20343 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) NOT-FOR-US: IBM CVE-2021-20342 RESERVED CVE-2021-20341 (IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potenti ...) NOT-FOR-US: IBM CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-20339 RESERVED CVE-2021-20338 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-20337 (IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weak ...) NOT-FOR-US: IBM CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) NOT-FOR-US: IBM CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24 with multiple OM application serv ...) NOT-FOR-US: MongoDB Ops Manager CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...) NOT-FOR-US: MongoDB Compass CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may result in a ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-50605 CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials used by ...) NOT-FOR-US: MongoDB rust driver CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...) NOT-FOR-US: MongoDB C# Driver CVE-2021-20330 RESERVED CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...) NOT-FOR-US: mongo-driver NOTE: https://jira.mongodb.org/browse/GODRIVER-1923 NOTE: https://github.com/mongodb/mongo-go-driver/pull/622 NOTE: https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118 (v1.5.1) CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...) - mongo-java-driver (Vulnerable code introduce later) NOTE: https://jira.mongodb.org/browse/JAVA-4017 NOTE: Fixed by: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234 CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...) NOT-FOR-US: Node mongodb-client-encryption CVE-2021-20326 (A user authorized to performing a specific type of find query may trig ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-53929 CVE-2021-20325 RESERVED CVE-2021-20324 RESERVED CVE-2021-20323 RESERVED CVE-2021-20322 RESERVED CVE-2021-20321 RESERVED - linux 5.14.12-1 NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5) CVE-2021-20320 RESERVED - linux 5.14.9-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux (s390x not supported in LTS) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010090 CVE-2021-20319 RESERVED NOT-FOR-US: coreos-installer CVE-2021-20318 RESERVED NOT-FOR-US: Red Hat JBoss Enterprise Application Platform CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...) - linux 5.4.6-1 NOTE: https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1) CVE-2021-20316 RESERVED CVE-2021-20315 [locking protection bypass allow unauthorized user to kill existing applications or start new ones] RESERVED - gnome-shell NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285 TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when processing ...) {DSA-4955-1 DLA-2739-1} - libspf2 1.2.10-7.1 [bullseye] - libspf2 1.2.10-7.1~deb11u1 NOTE: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef NOTE: https://www.openwall.com/lists/oss-security/2021/08/11/6 CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A potential ...) {DLA-2672-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...) {DLA-2672-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...) - imagemagick (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 CVE-2021-20310 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...) - imagemagick (Specific to IM7) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3295 NOTE: https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5 CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and before 6 ...) {DLA-2672-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...) {DLA-2700-1} - htmldoc 1.9.11-3 (unimportant; bug #984765) [buster] - htmldoc 1.9.3-1+deb10u1 NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 NOTE: Crash in CLI tool, no security impact CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...) {DLA-2624-1} - libpano13 2.9.20~rc3+dfsg-1 (bug #985249) [buster] - libpano13 2.9.19+dfsg-3+deb10u1 NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/ CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any ...) NOT-FOR-US: Red Hat Business Central CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...) {DSA-4933-1 DLA-2760-1} - nettle 3.7.2-1 (bug #985652) NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe NOTE: Use ecc_mod_mul_canonical for point comparison: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5 NOTE: Fix bug in ecc_ecdsa_verify: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2 NOTE: Ensure ecdsa_sign output is canonically reduced: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce NOTE: Analogous fix to ecc_gostdsa_verify: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14 NOTE: Similar fix for eddsa: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b NOTE: Fix canonical reduction in gostdsa_vko: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9 CVE-2021-20304 [Undefined-shift in Imf_2_5::hufDecode] RESERVED - openexr 2.5.4-1 (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/849 NOTE: Negligible security impact CVE-2021-20303 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer] RESERVED {DLA-2732-1} - openexr 2.5.4-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/831 CVE-2021-20302 [Floating-point-exception in Imf_2_5::precalculateTileInfot] RESERVED {DLA-2732-1} - openexr 2.5.4-1 [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/842 CVE-2021-20301 RESERVED CVE-2021-20300 [Integer-overflow in Imf_2_5::hufUncompress] RESERVED {DLA-2732-1} - openexr 2.5.4-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0 (master) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5.x) CVE-2021-20299 [Null-dereference READ in Imf_2_5::Header::operator] RESERVED {DLA-2732-1} - openexr 2.5.4-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/840 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f CVE-2021-20298 [Out-of-memory in B44Compressor] RESERVED - openexr 2.5.4-1 [buster] - openexr (Minor issue) [stretch] - openexr (Minor issue, OOM, revisit when there's a full fix upstream) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97 (master) (partial fix) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5.x) (partial fix) CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Setting ...) - network-manager 1.30.0-2 (bug #986809) [buster] - network-manager (Vulnerable code introduced later) [stretch] - network-manager (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942741 (not yet public) NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2) NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27 CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...) {DLA-2701-1} - openexr 2.5.4-1 (bug #986796) [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3] RESERVED - qemu (RHEL 8.3 specific security regression) CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is ...) - binutils 2.35.2-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=372dd157272e0674d13372655cc60eaca9c06926 NOTE: binutils not covered by security support CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...) - resteasy - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819 CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions before 5.9 in ...) {DLA-2689-1} - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686 NOTE: https://git.kernel.org/linus/5de5b6ecf97a021f29403aa272cb4e03318ef586 CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/storage' ...) [experimental] - golang-github-containers-storage 1.29.0+ds1-1 - golang-github-containers-storage 1.34.1+ds1-1 (bug #988942) NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1 NOTE: golang-github-containers-buildah uses golang-github-containers-storage compression support. NOTE: docker.io already uses the same library as the fix for golang-github-containers-storage. CVE-2021-20290 RESERVED - foreman (bug #663101) CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...) NOT-FOR-US: Keycloak CVE-2021-20288 (An authentication flaw was found in ceph in versions before 14.2.20. W ...) - ceph 14.2.20-1 (bug #986974) [buster] - ceph (Minor issue) [stretch] - ceph (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/2 NOTE: https://github.com/ceph/ceph/commit/059eabcc0ada81078a898cdc25cf72bf3d506ad0 NOTE: https://github.com/ceph/ceph/commit/05b3b6a305ddbb56cc53bbeadf5866db4d785f49 CVE-2021-20287 RESERVED CVE-2021-20286 (A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked ...) - libnbd 1.6.2-1 [bullseye] - libnbd (Minor issue) NOTE: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/2216190ecbbd853648df6a3280c17b345b0907a0 (v1.6.2) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 (v1.7.3) CVE-2021-20285 (A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ...) - upx-ucl (unimportant) NOTE: https://github.com/upx/upx/issues/421 NOTE: https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c CVE-2021-20284 (A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...) - binutils 2.37-3 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f60742b2a1988d276c77d5c1011143f320d9b4cb NOTE: binutils not covered by security support CVE-2021-20283 (The web service responsible for fetching other users' enrolled courses ...) - moodle CVE-2021-20282 (When creating a user account, it was possible to verify the account wi ...) - moodle CVE-2021-20281 (It was possible for some users without permission to view other users' ...) - moodle CVE-2021-20280 (Text-based feedback answers required additional sanitizing to prevent ...) - moodle CVE-2021-20279 (The ID number user profile field required additional sanitizing to pre ...) - moodle CVE-2021-20278 (An authentication bypass vulnerability was found in Kiali in versions ...) NOT-FOR-US: Kiali CVE-2021-20277 (A flaw was found in Samba's libldb. Multiple, consecutive leading spac ...) {DSA-4884-1 DLA-2611-1} - ldb 2:2.2.0-3.1 (bug #985935) - samba (unimportant) NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14655 NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=ea4bd2c437fbb5801fb82e2a038d9cdb5abea4c0 NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=1fe8c790b2294fd10fe9c9c6254ecf2b6c00b709 NOTE: Samba uses the System ldb library CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory access with ...) {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of size two ...) {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521 CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due a NUL ...) - privoxy 3.0.32-1 [buster] - privoxy (Vulnerable code introduced later) [stretch] - privoxy (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=85817cc55b9829e6c20db40d3a93b8380618463d CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur via a cra ...) {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058 CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure could ...) {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...) - rpm 4.16.1.2+dfsg1-1 (bug #985308) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125 CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...) {DSA-4889-1 DSA-4870-1 DLA-2648-1 DLA-2590-1} - pygments 2.7.1+dfsg-2 (bug #984664) - mediawiki 1:1.35.2-1 NOTE: https://github.com/pygments/pygments/issues/1625 NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333 CVE-2021-20269 [incorrect permissions on kdump dmesg file] RESERVED - kexec-tools (bug #985105) [bullseye] - kexec-tools (Minor issue) [buster] - kexec-tools (Minor issue) [stretch] - kexec-tools (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/11/2 CVE-2021-20268 (An out-of-bounds access flaw was found in the Linux kernel's implement ...) - linux 5.10.12-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/ NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b CVE-2021-20267 (A flaw was found in openstack-neutron's default Open vSwitch firewall ...) - neutron 2:17.1.1-5 (bug #985104) [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 [stretch] - neutron (Minor issue) NOTE: https://bugs.launchpad.net/neutron/+bug/1902917 NOTE: https://review.opendev.org/c/openstack/neutron/+/776599 NOTE: Followup: https://review.opendev.org/c/openstack/neutron/+/783743 NOTE: https://www.openwall.com/lists/oss-security/2021/07/12/2 CVE-2021-20266 (A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...) - rpm 4.16.1.2+dfsg1-1 (bug #985308) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927741 CVE-2021-20265 (A flaw was found in the way memory resources were freed in the unix_st ...) - linux 4.4.4-1 NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3) CVE-2021-20264 (An insecure modification flaw in the /etc/passwd file was found in the ...) NOT-FOR-US: Container configuration of some Red Hat products CVE-2021-20263 (A flaw was found in the virtio-fs shared file system daemon (virtiofsd ...) - qemu 1:5.2+dfsg-9 (bug #985083) [buster] - qemu (Introduced in 5.2.0) [stretch] - qemu (Introduced in 5.2.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933668 NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1e08f164e9fdc9528ad6990012301b9a04b0bc90 CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication does not o ...) NOT-FOR-US: Keycloak CVE-2021-20261 (A race condition was found in the Linux kernels implementation of the ...) - linux 4.5.1-1 NOTE: https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932150 CVE-2021-20260 RESERVED - foreman (bug #663101) CVE-2021-20259 (A flaw was found in the Foreman project. The Proxmox compute resource ...) - foreman (bug #663101) CVE-2021-20258 RESERVED CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors] RESERVED {DLA-2623-1} - qemu 1:5.2+dfsg-9 (bug #984450) [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3de46e6fc489c52c9431a8a832ad8170a7569bd8 CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...) NOT-FOR-US: Red Hat Satellite CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...) {DLA-2623-1} - qemu (bug #984451) [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...) {DLA-2668-1} - samba 2:4.13.5+dfsg-2 (bug #987811) [buster] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14571 NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=75ad84167f5d2379557ec078d17c9a1c244402fc (master) CVE-2021-20253 (A flaw was found in ansible-tower. The default installation is vulnera ...) NOT-FOR-US: Ansible Tower CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2. The 3sca ...) NOT-FOR-US: Red Hat 3scale API Management CVE-2021-20251 RESERVED CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...) - wildfly (bug #752018) CVE-2021-20249 REJECTED CVE-2021-20248 REJECTED CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...) - isync 1.3.0-2.1 (bug #983351) [buster] - isync 1.3.0-2.2~deb10u1 [stretch] - isync (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1 CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...) {DLA-2602-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74 CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...) {DLA-2672-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...) {DLA-2602-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02 CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...) {DLA-2672-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 (resize.c hunk) CVE-2021-20242 REJECTED CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...) {DLA-2602-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 CVE-2021-20240 (A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer w ...) - gdk-pixbuf 2.42.2+dfsg-1 [buster] - gdk-pixbuf (Vulnerable code introduced later) [stretch] - gdk-pixbuf (Vulnerable code added later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926787 NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132 NOTE: Vulnerable code introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f (2.39.2) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e (2.42.0) CVE-2021-20239 (A flaw was found in the Linux kernel in versions before 5.4.92 in the ...) - linux 5.10.4-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-100/ NOTE: https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec CVE-2021-20238 RESERVED NOT-FOR-US: OpenShift CVE-2021-20237 (An uncontrolled resource consumption (memory leak) flaw was found in Z ...) - zeromq3 4.3.3-1 [buster] - zeromq3 (Minor issue) [stretch] - zeromq3 (Minor issue) NOTE: https://github.com/zeromq/libzmq/pull/3935 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22344 CVE-2021-20236 (A flaw was found in the ZeroMQ server in versions before 4.3.3. This f ...) - zeromq3 4.3.3-1 [buster] - zeromq3 (Minor issue) [stretch] - zeromq3 (Minor issue, too intrusive to backport) NOTE: https://github.com/zeromq/libzmq/pull/3959 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488 CVE-2021-20235 (There's a flaw in the zeromq server in versions before 4.3.3 in src/de ...) {DLA-2588-1} - zeromq3 4.3.3-1 [buster] - zeromq3 (Minor issue) NOTE: https://github.com/zeromq/libzmq/pull/3902 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984 CVE-2021-20234 (An uncontrolled resource consumption (memory leak) flaw was found in t ...) {DLA-2588-1} - zeromq3 4.3.3-1 [buster] - zeromq3 (Minor issue) NOTE: https://github.com/zeromq/libzmq/pull/3918 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123 CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2021-20232 (A flaw was found in gnutls. A use after free issue in client_send_para ...) - gnutls28 3.7.1-1 [buster] - gnutls28 3.6.7-4+deb10u7 [stretch] - gnutls28 (Vulnerable code introduced later) NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151 CVE-2021-20231 (A flaw was found in gnutls. A use after free issue in client sending k ...) - gnutls28 3.7.1-1 [buster] - gnutls28 3.6.7-4+deb10u7 [stretch] - gnutls28 (Vulnerable code introduced later) NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151 CVE-2021-20230 (A flaw was found in stunnel before 5.57, where it improperly validates ...) - stunnel4 3:5.56+dfsg-8 (bug #982578) [buster] - stunnel4 (Minor issue) [stretch] - stunnel4 (Re-ordering of redirect/accept/reject checks performed in stunnel 5.41b8) NOTE: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 NOTE: Isolated fix only the changes in src/verify.c: NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177580#c2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925226 CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ...) - postgresql-13 13.2-1 NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...) {DSA-4950-1} - ansible 2.10.7+merged+base+2.10.8+dfsg-1 - ansible-base NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002 NOTE: https://github.com/ansible/ansible/pull/73487 CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...) - sqlite3 3.34.1-1 [buster] - sqlite3 (Introduced in 3.33) [stretch] - sqlite3 (Introduced in 3.33) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1924886 NOTE: https://sqlite.org/src/info/30a4c323650cc949 NOTE: Patch: https://github.com/sqlite/sqlite/commit/f39168e468af3b1d6b6d37efdcb081eced6724b2 NOTE: Introduced in https://github.com/sqlite/sqlite/commit/896366282dae3789fb277c2dad8660784a0895a3 CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel, where ...) - linux 5.10.4-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/ CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2021-20224 RESERVED CVE-2021-20223 RESERVED CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can ...) NOT-FOR-US: Keycloak CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM Generic ...) {DLA-2560-1} - qemu 1:5.2+dfsg-4 [buster] - qemu (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...) - undertow 2.2.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133 NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_char_spec ...) - linux (Red Hat specific issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10 NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16 CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and ...) NOT-FOR-US: fabric8io / kubernetes-client CVE-2021-20217 (A flaw was found in Privoxy in versions before 3.0.31. An assertion fa ...) {DLA-2548-1} - privoxy 3.0.31-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31) CVE-2021-20216 (A flaw was found in Privoxy in versions before 3.0.31. A memory leak t ...) {DLA-2548-1} - privoxy 3.0.31-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31) CVE-2021-20215 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...) {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0f693e94ec8b3a64d1d91e8fb7e8e66 (3.0.29) NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3e2dbd7722ddc45e9ed912f02a2136 (3.0.29) CVE-2021-20214 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...) - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 [stretch] - privoxy (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a57197717758e225ad6e11cbaab1d6c (3.0.29) CVE-2021-20213 (A flaw was found in Privoxy in versions before 3.0.29. Dereference of ...) {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=75301323495579ff27bdaaea67e31e2df83475fc (3.0.29) CVE-2021-20212 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak if ...) {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8feecc82eb161450faa572abf9be19cbb (3.0.29) CVE-2021-20211 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak whe ...) {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf325bc957df6226c745b7ac3f67a97ea07 (3.0.29) CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak in ...) {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a9cc5434d3e0e54dd620df1e70c873 (3.0.29) CVE-2021-20209 (A memory leak vulnerability was found in Privoxy before 3.0.29 in the ...) {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29) CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user when mo ...) - cifs-utils 2:6.11-3 (bug #987308) [buster] - cifs-utils (Minor issue) [stretch] - cifs-utils (Minor issue) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651 NOTE: https://lists.samba.org/archive/samba-technical/2021-April/136467.html NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=e461afd8cfa6d0781ae0c5c10e89b6ef1ca6da32 NOTE: Fix causes regression: https://bugs.debian.org/989080 CVE-2021-20207 REJECTED CVE-2021-20206 (An improper limitation of path name flaw was found in containernetwork ...) - golang-github-appc-cni 0.8.1-1 (bug #983659) [buster] - golang-github-appc-cni (Minor issue; can be fixed via point release) [stretch] - golang-github-appc-cni (Minor issue) NOTE: https://github.com/containernetworking/cni/pull/808 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391 CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of ...) - libjpeg-turbo (Vulnerable code introduced later) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c CVE-2021-20204 (A heap memory corruption problem (use after free) can be triggered in ...) {DLA-2660-1} - libgetdata 0.10.0-10 (bug #988239) [buster] - libgetdata 0.10.0-5+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956348 NOTE: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050 NOTE: Debian patch applied causes functional regressions: https://bugs.debian.org/992437 CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...) {DLA-2623-1} - qemu (bug #984452) [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) NOTE: https://bugs.launchpad.net/qemu/+bug/1913873 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/308 NOTE: https://bugs.launchpad.net/qemu/+bug/1890152 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior to the ...) NOT-FOR-US: Keycloak CVE-2021-20201 (A flaw was found in spice in versions before 0.14.92. A DoS tool might ...) - spice 0.14.3-2.1 (bug #983698) [buster] - spice (Minor issue) [stretch] - spice (Minor issue) NOTE: https://gitlab.freedesktop.org/spice/spice/-/issues/49 NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749 NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9 NOTE: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks CVE-2021-20200 REJECTED CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a source ...) - libpod 3.0.0~rc2+dfsg1-2 - rootlesskit 0.12.0-1 NOTE: https://github.com/containers/podman/issues/5138 NOTE: https://github.com/containers/podman/pull/9052 NOTE: https://github.com/rootless-containers/rootlesskit/pull/206 NOTE: For Podman v3.0: https://github.com/containers/podman/pull/9225 (v3.0.0-rc3) NOTE: Issue in podman was fixed by linking against rootlesskit 0.12, and Debian updated NOTE: ahead of time CVE-2021-20198 (A flaw was found in the OpenShift Installer before version v0.9.0-mast ...) NOT-FOR-US: OpenShift CVE-2021-20197 (There is an open race window when writing output in the following util ...) [experimental] - binutils 2.35.50.20201209-1 - binutils 2.37-3 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26945 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=014cc7f849e8209623fc99264814bce7b3b6faf2 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04 NOTE: binutils not covered by security support CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...) - qemu (bug #984453) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210 NOTE: https://bugs.launchpad.net/qemu/+bug/1912780 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/338 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html CVE-2021-20195 (A flaw was found in keycloak in versions before 13.0.0. A Self Stored ...) NOT-FOR-US: Keycloak CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher than 5.2 ...) - linux 5.10.19-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1912683 NOTE: https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223 CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...) - tar 1.34+dfsg-1 (unimportant; bug #980525) NOTE: https://savannah.gnu.org/bugs/?59897 NOTE: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 NOTE: Memory leak in CLI tool, no security impact CVE-2021-20192 RESERVED CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...) - ansible (bug #985753) [bullseye] - ansible (Minor issue) [buster] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813 NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227 NOTE: https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2854 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a CVE-2021-20189 REJECTED CVE-2021-20188 (A flaw was found in podman before 1.7.0. File permissions for non-root ...) - libpod 2.0.2+dfsg1-3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915734 NOTE: https://github.com/containers/podman/commit/2c7b579fe7328dc6db48bdaf60d0ddd9136b1e24 NOTE: https://github.com/containers/podman/commit/c8bd4746151e6ae37d49c4688f2f64e03db429fc NOTE: Fixed as part of https://github.com/containers/podman/commit/dcf3c742b1ac4d641d66810113f3d17441a412f4 (v1.7.0-rc1) CVE-2021-20187 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...) - moodle CVE-2021-20186 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...) - moodle CVE-2021-20185 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...) - moodle CVE-2021-20184 (It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a i ...) - moodle CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search inputs w ...) - moodle CVE-2021-20182 (A privilege escalation flaw was found in openshift4/ose-docker-builder ...) NOT-FOR-US: OpenShift CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementation of Q ...) {DLA-2560-1} - qemu 1:5.2+dfsg-4 [buster] - qemu (Minor issue) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305 CVE-2021-20180 RESERVED - ansible (bug #985753) [bullseye] - ansible (Minor issue) [buster] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808 NOTE: https://github.com/ansible-collections/community.general/pull/1635 NOTE: https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully comprom ...) - dogtag-pki 10.10.2-2 NOTE: https://github.com/dogtagpki/pki/pull/3475 CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...) - ansible (bug #985753) [bullseye] - ansible (Minor issue) [buster] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774 NOTE: https://github.com/ansible-collections/community.general/pull/1621 NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3 CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string matchi ...) {DSA-4843-1 DLA-2557-1} - linux 5.5.13-1 [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823 NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1 CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...) {DLA-2602-1} - imagemagick 8:6.9.11.57+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f CVE-2021-20175 RESERVED CVE-2021-20174 RESERVED CVE-2021-20173 RESERVED CVE-2021-20172 RESERVED CVE-2021-20171 RESERVED CVE-2021-20170 RESERVED CVE-2021-20169 RESERVED CVE-2021-20168 RESERVED CVE-2021-20167 RESERVED CVE-2021-20166 RESERVED CVE-2021-20165 RESERVED CVE-2021-20164 RESERVED CVE-2021-20163 RESERVED CVE-2021-20162 RESERVED CVE-2021-20161 RESERVED CVE-2021-20160 RESERVED CVE-2021-20159 RESERVED CVE-2021-20158 RESERVED CVE-2021-20157 RESERVED CVE-2021-20156 RESERVED CVE-2021-20155 RESERVED CVE-2021-20154 RESERVED CVE-2021-20153 RESERVED CVE-2021-20152 RESERVED CVE-2021-20151 RESERVED CVE-2021-20150 RESERVED CVE-2021-20149 RESERVED CVE-2021-20148 RESERVED CVE-2021-20147 RESERVED CVE-2021-20146 RESERVED CVE-2021-20145 RESERVED CVE-2021-20144 RESERVED CVE-2021-20143 RESERVED CVE-2021-20142 RESERVED CVE-2021-20141 RESERVED CVE-2021-20140 RESERVED CVE-2021-20139 RESERVED CVE-2021-20138 RESERVED CVE-2021-20137 RESERVED CVE-2021-20136 RESERVED CVE-2021-20135 RESERVED CVE-2021-20134 RESERVED CVE-2021-20133 RESERVED CVE-2021-20132 RESERVED CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) NOT-FOR-US: ManageEngine ADManager Plus CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) NOT-FOR-US: ManageEngine ADManager Plus CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...) NOT-FOR-US: Draytek CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...) NOT-FOR-US: Draytek CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...) NOT-FOR-US: Draytek CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...) NOT-FOR-US: Draytek CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists ...) NOT-FOR-US: Draytek CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) NOT-FOR-US: Draytek CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) NOT-FOR-US: Draytek CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) NOT-FOR-US: Telus Wi-Fi Hub CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) NOT-FOR-US: Telus Wi-Fi Hub CVE-2021-20120 RESERVED CVE-2021-20119 RESERVED CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...) NOT-FOR-US: Nessus Agent CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...) NOT-FOR-US: Nessus Agent CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam <= ...) NOT-FOR-US: TCExam CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam <= ...) NOT-FOR-US: TCExam CVE-2021-20114 (When installed following the default/recommended settings, TCExam < ...) NOT-FOR-US: TCExam CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...) NOT-FOR-US: TCExam CVE-2021-20112 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...) NOT-FOR-US: TCExam CVE-2021-20111 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...) NOT-FOR-US: TCExam CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS ...) NOT-FOR-US: Manage Engine Asset Explorer Agent CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an ...) NOT-FOR-US: Asset Explorer agent CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for inc ...) NOT-FOR-US: Manage Engine Asset Explorer Agent CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...) NOT-FOR-US: Sloan CVE-2021-20106 (Nessus Agent versions 8.2.5 and earlier were found to contain a privil ...) NOT-FOR-US: Nessus Agent CVE-2021-20105 (Machform prior to version 16 is vulnerable to an open redirect in Safa ...) NOT-FOR-US: Machform CVE-2021-20104 (Machform prior to version 16 is vulnerable to unauthenticated remote c ...) NOT-FOR-US: Machform CVE-2021-20103 (Machform prior to version 16 is vulnerable to stored cross-site script ...) NOT-FOR-US: Machform CVE-2021-20102 (Machform prior to version 16 is vulnerable to cross-site request forge ...) NOT-FOR-US: Machform CVE-2021-20101 (Machform prior to version 16 is vulnerable to HTTP host header injecti ...) NOT-FOR-US: Machform CVE-2021-20100 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...) NOT-FOR-US: Nessus Agent CVE-2021-20099 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...) NOT-FOR-US: Nessus Agent CVE-2021-20098 RESERVED CVE-2021-20097 RESERVED CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remote atta ...) NOT-FOR-US: OpenOversight CVE-2021-20095 REJECTED CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems CodeMeter ver ...) NOT-FOR-US: Wibu-Systems CodeMeter CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems CodeMeter vers ...) NOT-FOR-US: Wibu-Systems CodeMeter CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...) NOT-FOR-US: Buffalo CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...) NOT-FOR-US: Buffalo CVE-2021-20090 (A path traversal vulnerability in the web interfaces of Buffalo WSR-25 ...) NOT-FOR-US: Buffalo CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: purl javascript URL parser (different from src:purl) CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: mootools-more CVE-2021-20087 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: jquery-deparam CVE-2021-20086 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: jquery-bbq CVE-2021-20085 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: backbone-query-parameters CVE-2021-20084 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: jquery-sparkle CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: jquery-plugin-query-object CVE-2021-20082 RESERVED CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2021-20079 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...) NOT-FOR-US: Nessus CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...) NOT-FOR-US: Manage Engine OpManager CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...) NOT-FOR-US: Nessus Agent CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...) NOT-FOR-US: Tenable CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20073 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cr ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20072 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20071 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20070 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20069 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20068 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20067 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20066 (JSDom improperly allows the loading of local resources, which allows f ...) NOTE: Disputed by upstream: https://github.com/jsdom/jsdom/issues/3124#issuecomment-783502951 NOTE: https://www.tenable.com/security/research/tra-2021-05 NOTE: https://github.com/jsdom/jsdom/issues/3124 CVE-2021-20065 RESERVED CVE-2021-20064 RESERVED CVE-2021-20063 RESERVED CVE-2021-20062 RESERVED CVE-2021-20061 RESERVED CVE-2021-20060 RESERVED CVE-2021-20059 RESERVED CVE-2021-20058 RESERVED CVE-2021-20057 RESERVED CVE-2021-20056 RESERVED CVE-2021-20055 RESERVED CVE-2021-20054 RESERVED CVE-2021-20053 RESERVED CVE-2021-20052 RESERVED CVE-2021-20051 RESERVED CVE-2021-20050 RESERVED CVE-2021-20049 RESERVED CVE-2021-20048 RESERVED CVE-2021-20047 RESERVED CVE-2021-20046 RESERVED CVE-2021-20045 RESERVED CVE-2021-20044 RESERVED CVE-2021-20043 RESERVED CVE-2021-20042 RESERVED CVE-2021-20041 RESERVED CVE-2021-20040 RESERVED CVE-2021-20039 RESERVED CVE-2021-20038 RESERVED CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incor ...) NOT-FOR-US: SonicWall CVE-2021-20036 RESERVED CVE-2021-20035 (Improper neutralization of special elements in the SMA100 management i ...) NOT-FOR-US: SonicWall CVE-2021-20034 (An improper access control vulnerability in SMA100 allows a remote una ...) NOT-FOR-US: SonicWall CVE-2021-20033 RESERVED CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...) NOT-FOR-US: SonicWall CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...) NOT-FOR-US: SonicWall CVE-2021-20030 RESERVED CVE-2021-20029 RESERVED CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...) NOT-FOR-US: Sonicwall CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...) NOT-FOR-US: SonicWall CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...) NOT-FOR-US: SonicWall CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...) NOT-FOR-US: SonicWall CVE-2021-20024 (Multiple Out-of-Bound read vulnerability in SonicWall Switch when hand ...) NOT-FOR-US: SonicWall CVE-2021-20023 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...) NOT-FOR-US: SonicWall CVE-2021-20022 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...) NOT-FOR-US: SonicWall CVE-2021-20021 (A vulnerability in the SonicWall Email Security version 10.0.9.x allow ...) NOT-FOR-US: SonicWall CVE-2021-20020 (A command execution vulnerability in SonicWall GMS 9.3 allows a remote ...) NOT-FOR-US: SonicWall CVE-2021-20019 (A vulnerability in SonicOS where the HTTP server response leaks partia ...) NOT-FOR-US: SonicOS CVE-2021-20018 (A post-authenticated vulnerability in SonicWall SMA100 allows an attac ...) NOT-FOR-US: SonicWall CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWall SMA1 ...) NOT-FOR-US: SonicWall CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...) NOT-FOR-US: SonicWall CVE-2021-20015 RESERVED CVE-2021-20014 RESERVED CVE-2021-20013 RESERVED CVE-2021-20012 RESERVED CVE-2021-20011 RESERVED CVE-2021-20010 RESERVED CVE-2021-20009 RESERVED CVE-2021-20008 RESERVED CVE-2021-20007 RESERVED CVE-2021-20006 RESERVED CVE-2021-20005 RESERVED CVE-2021-20004 RESERVED CVE-2021-20003 RESERVED CVE-2021-20002 RESERVED CVE-2021-20001 RESERVED CVE-2021-2485 RESERVED CVE-2021-2484 RESERVED CVE-2021-2483 RESERVED CVE-2021-2482 RESERVED CVE-2021-2481 RESERVED CVE-2021-2480 RESERVED CVE-2021-2479 RESERVED CVE-2021-2478 RESERVED CVE-2021-2477 RESERVED CVE-2021-2476 RESERVED CVE-2021-2475 RESERVED CVE-2021-2474 RESERVED CVE-2021-2473 RESERVED CVE-2021-2472 RESERVED CVE-2021-2471 RESERVED CVE-2021-2470 RESERVED CVE-2021-2469 RESERVED CVE-2021-2468 RESERVED CVE-2021-2467 RESERVED CVE-2021-2466 RESERVED CVE-2021-2465 RESERVED CVE-2021-2464 (Vulnerability in Oracle Linux (component: OSwatcher). Supported versio ...) NOT-FOR-US: Oracle Linux CVE-2021-2463 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2021-2462 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2461 RESERVED CVE-2021-2460 (Vulnerability in the Oracle Application Express Data Reporter componen ...) NOT-FOR-US: Oracle CVE-2021-2459 RESERVED CVE-2021-2458 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2021-2457 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2021-2456 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2021-2455 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components produ ...) NOT-FOR-US: Oracle CVE-2021-2454 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.26-dfsg-1 CVE-2021-2453 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2452 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2451 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2450 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2449 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2448 (Vulnerability in the Oracle Financial Services Crime and Compliance In ...) NOT-FOR-US: Oracle CVE-2021-2447 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) NOT-FOR-US: Oracle CVE-2021-2446 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) NOT-FOR-US: Oracle CVE-2021-2445 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...) NOT-FOR-US: Oracle CVE-2021-2444 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2443 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.26-dfsg-1 CVE-2021-2442 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.26-dfsg-1 CVE-2021-2441 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2440 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2439 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...) NOT-FOR-US: Oracle CVE-2021-2438 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2021-2437 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2436 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2021-2435 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...) NOT-FOR-US: Oracle CVE-2021-2434 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2021-2433 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...) NOT-FOR-US: Oracle CVE-2021-2432 (Vulnerability in the Java SE product of Oracle Java SE (component: JND ...) - openjdk-11 (Only affects Java 7) - openjdk-8 (Only affects Java 7) CVE-2021-2431 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2430 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2429 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2428 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2021-2427 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2426 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2425 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2424 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2423 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2422 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2421 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) NOT-FOR-US: Oracle CVE-2021-2420 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2419 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2418 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2417 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2416 RESERVED CVE-2021-2415 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2021-2414 RESERVED CVE-2021-2413 RESERVED CVE-2021-2412 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2411 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-cluster (bug #833356) CVE-2021-2410 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2409 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.26-dfsg-1 CVE-2021-2408 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...) NOT-FOR-US: Oracle CVE-2021-2407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2406 (Vulnerability in the Oracle Collaborative Planning product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2405 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2021-2404 (Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway produ ...) NOT-FOR-US: Oracle CVE-2021-2403 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2402 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2401 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2400 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2399 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2398 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2021-2397 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2396 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2395 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2021-2394 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2393 (Vulnerability in the Oracle E-Records product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2392 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2391 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2390 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.12-1 [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 - mysql-5.7 - mysql-8.0 NOTE: Fixed in MariaDB 10.5.12, 10.3.31 CVE-2021-2388 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-4946-1 DLA-2737-1} - openjdk-11 11.0.12+7-1 - openjdk-8 8u302-b08-1 CVE-2021-2387 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2386 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2021-2385 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2021-2384 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2383 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2382 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2381 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2021-2380 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2379 RESERVED CVE-2021-2378 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2377 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2376 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2375 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2373 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.12-1 [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 - mysql-5.7 - mysql-8.0 NOTE: Fixed in MariaDB 10.5.12, 10.3.31 CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2021-2370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2369 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-4946-1 DLA-2737-1} - openjdk-11 11.0.12+7-1 - openjdk-8 8u302-b08-1 CVE-2021-2368 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...) NOT-FOR-US: Oracle CVE-2021-2367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2366 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2021-2365 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2021-2364 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2021-2363 (Vulnerability in the Oracle Public Sector Financials (International) p ...) NOT-FOR-US: Oracle CVE-2021-2362 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2361 (Vulnerability in the Oracle Advanced Inbound Telephony product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2360 (Vulnerability in the Oracle Approvals Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-2359 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2358 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2021-2357 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2356 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2021-2355 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2354 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2353 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2351 (Vulnerability in the Advanced Networking Option component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2021-2350 (Vulnerability in the Hyperion Essbase Administration Services product ...) NOT-FOR-US: Oracle CVE-2021-2349 (Vulnerability in the Hyperion Essbase Administration Services product ...) NOT-FOR-US: Oracle CVE-2021-2348 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) NOT-FOR-US: Oracle CVE-2021-2347 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...) NOT-FOR-US: Oracle CVE-2021-2346 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) NOT-FOR-US: Oracle CVE-2021-2345 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) NOT-FOR-US: Oracle CVE-2021-2344 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2021-2343 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2021-2341 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-4946-1 DLA-2737-1} - openjdk-11 11.0.12+7-1 - openjdk-8 8u302-b08-1 CVE-2021-2340 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-2338 (Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel ...) NOT-FOR-US: Oracle CVE-2021-2337 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2021-2336 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...) NOT-FOR-US: Oracle CVE-2021-2335 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...) NOT-FOR-US: Oracle CVE-2021-2334 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...) NOT-FOR-US: Oracle CVE-2021-2333 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2021-2332 RESERVED CVE-2021-2331 RESERVED CVE-2021-2330 (Vulnerability in the Core RDBMS component of Oracle Database Server. T ...) NOT-FOR-US: Oracle CVE-2021-2329 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2021-2328 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2021-2327 RESERVED CVE-2021-2326 (Vulnerability in the Database Vault component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2021-2325 RESERVED CVE-2021-2324 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2323 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2322 (Vulnerability in OpenGrok (component: Web App). Versions that are affe ...) NOT-FOR-US: OpenGrok CVE-2021-2321 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2320 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) NOT-FOR-US: Oracle CVE-2021-2319 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) NOT-FOR-US: Oracle CVE-2021-2318 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) NOT-FOR-US: Oracle CVE-2021-2317 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) NOT-FOR-US: Oracle CVE-2021-2316 (Vulnerability in the Oracle HRMS (France) product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2315 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2021-2314 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2313 RESERVED CVE-2021-2312 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2311 (Vulnerability in the Oracle Hospitality Inventory Management product o ...) NOT-FOR-US: Oracle CVE-2021-2310 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2309 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2308 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2307 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2306 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2305 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2303 (Vulnerability in the OSS Support Tools product of Oracle Support Tools ...) NOT-FOR-US: Oracle CVE-2021-2302 (Vulnerability in the Oracle Platform Security for Java product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2300 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2299 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2298 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2297 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2296 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2295 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...) NOT-FOR-US: Oracle CVE-2021-2294 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2293 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2292 (Vulnerability in the Oracle Document Management and Collaboration prod ...) NOT-FOR-US: Oracle CVE-2021-2291 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2290 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2021-2289 (Vulnerability in the Oracle Product Hub product of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2021-2288 (Vulnerability in the Oracle Bills of Material product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2021-2287 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2286 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2285 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2284 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2283 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2282 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2281 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2280 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2279 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2277 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2021-2276 (Vulnerability in the Oracle iSetup product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2275 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-2274 (Vulnerability in the Oracle E-Business Tax product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2021-2273 (Vulnerability in the Oracle Legal Entity Configurator product of Oracl ...) NOT-FOR-US: Oracle CVE-2021-2272 (Vulnerability in the Oracle Subledger Accounting product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-2271 (Vulnerability in the Oracle Work in Process product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2021-2270 (Vulnerability in the Oracle Site Hub product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2269 (Vulnerability in the Oracle Advanced Pricing product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2021-2268 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2267 (Vulnerability in the Oracle Labor Distribution product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2021-2266 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2265 RESERVED CVE-2021-2264 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/1 CVE-2021-2263 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2262 (Vulnerability in the Oracle Purchasing product of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2021-2261 (Vulnerability in the Oracle Lease and Finance Management product of Or ...) NOT-FOR-US: Oracle CVE-2021-2260 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2021-2259 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2258 (Vulnerability in the Oracle Projects product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2257 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...) NOT-FOR-US: Oracle CVE-2021-2256 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...) NOT-FOR-US: Oracle CVE-2021-2255 (Vulnerability in the Oracle Service Contracts product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2021-2254 (Vulnerability in the Oracle Project Contracts product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2021-2253 (Vulnerability in the Oracle Advanced Supply Chain Planning product of ...) NOT-FOR-US: Oracle CVE-2021-2252 (Vulnerability in the Oracle Loans product of Oracle E-Business Suite ( ...) NOT-FOR-US: Oracle CVE-2021-2251 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2250 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2249 (Vulnerability in the Oracle Landed Cost Management product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2248 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) NOT-FOR-US: Oracle CVE-2021-2247 (Vulnerability in the Oracle Advanced Collections product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-2246 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-2245 (Vulnerability in the Oracle Database - Enterprise Edition Unified Audi ...) NOT-FOR-US: Oracle CVE-2021-2244 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...) NOT-FOR-US: Oracle CVE-2021-2243 RESERVED CVE-2021-2242 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2241 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2240 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2239 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2021-2238 (Vulnerability in the Oracle MES for Process Manufacturing product of O ...) NOT-FOR-US: Oracle CVE-2021-2237 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2021-2236 (Vulnerability in the Oracle Financials Common Modules product of Oracl ...) NOT-FOR-US: Oracle CVE-2021-2235 (Vulnerability in the Oracle Transportation Execution product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2234 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2021-2233 (Vulnerability in the Oracle Enterprise Asset Management product of Ora ...) NOT-FOR-US: Oracle CVE-2021-2232 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2231 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2021-2230 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2229 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2228 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2227 (Vulnerability in the Oracle Cash Management product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2021-2226 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2225 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2224 (Vulnerability in the Oracle Compensation Workbench product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2223 (Vulnerability in the Oracle Receivables product of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2021-2222 (Vulnerability in the Oracle Bill Presentment Architecture product of O ...) NOT-FOR-US: Oracle CVE-2021-2221 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) NOT-FOR-US: Oracle CVE-2021-2220 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...) NOT-FOR-US: Oracle CVE-2021-2219 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2218 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...) NOT-FOR-US: Oracle CVE-2021-2217 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2216 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2215 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2214 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2213 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2212 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2211 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2210 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2021-2209 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2208 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2207 (Vulnerability in the Oracle Database - Enterprise Edition component of ...) NOT-FOR-US: Oracle CVE-2021-2206 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2021-2205 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2204 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2203 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2202 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2201 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2200 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2199 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2198 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-2197 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2196 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2195 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2021-2194 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.8-1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mysql-5.7 - mysql-8.0 (bug #987325) NOTE: Fixed in MariaDB 10.5.7, 10.4.16, 10.3.26, 10.2.35 CVE-2021-2193 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2192 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2021-2191 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2021-2190 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2189 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2188 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2187 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2186 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2185 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2184 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2183 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2182 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2181 (Vulnerability in the Oracle Document Management and Collaboration prod ...) NOT-FOR-US: Oracle CVE-2021-2180 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2179 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2178 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2177 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) NOT-FOR-US: Oracle CVE-2021-2176 RESERVED CVE-2021-2175 (Vulnerability in the Database Vault component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2021-2174 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2173 (Vulnerability in the Recovery component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2021-2172 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2171 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2170 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2169 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2168 RESERVED CVE-2021-2167 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2021-2166 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.10-1 (bug #988428) - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.29-0+deb10u1 - mysql-8.0 (bug #987325) - mysql-5.7 NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38 CVE-2021-2165 RESERVED CVE-2021-2164 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) CVE-2021-2163 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...) {DSA-4899-1 DLA-2634-1} - openjdk-17 17~19-1 - openjdk-11 11.0.11+9-1 - openjdk-8 8u292-b10-1 NOTE: OpenJDK-11: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256 NOTE: OpenJDK-8: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4 CVE-2021-2162 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2161 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...) - openjdk-17 (Windows-specific) - openjdk-11 (Windows-specific) - openjdk-8 (Windows-specific) CVE-2021-2160 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 (bug #987325) CVE-2021-2159 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) NOT-FOR-US: Oracle CVE-2021-2158 (Vulnerability in the Hyperion Financial Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2021-2157 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2156 (Vulnerability in the Oracle Customers Online product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2021-2155 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2154 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.10-1 (bug #988428) - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.29-0+deb10u1 - mysql-5.7 NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38 CVE-2021-2153 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2021-2152 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2021-2151 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2150 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2149 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2021-2148 RESERVED CVE-2021-2147 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2021-2146 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) - mysql-5.7 CVE-2021-2145 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.20-dfsg-1 CVE-2021-2144 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #987325) - mysql-5.7 CVE-2021-2143 RESERVED CVE-2021-2142 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2141 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2140 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2021-2139 RESERVED CVE-2021-2138 (Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook ...) NOT-FOR-US: Oracle CVE-2021-2137 RESERVED CVE-2021-2136 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2135 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2134 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) NOT-FOR-US: Oracle CVE-2021-2133 RESERVED CVE-2021-2132 RESERVED CVE-2021-2131 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2130 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2129 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2128 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2127 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2126 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2125 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2124 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2123 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2122 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2120 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2119 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2118 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2117 (Vulnerability in the Oracle Application Express Survey Builder compone ...) NOT-FOR-US: Oracle CVE-2021-2116 (Vulnerability in the Oracle Application Express Opportunity Tracker co ...) NOT-FOR-US: Oracle CVE-2021-2115 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2021-2114 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2021-2113 (Vulnerability in the Oracle Financial Services Revenue Management and ...) NOT-FOR-US: Oracle CVE-2021-2112 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2111 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2110 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...) NOT-FOR-US: Oracle CVE-2021-2109 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2107 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2021-2106 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2021-2105 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2021-2104 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2021-2103 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2021-2102 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2021-2101 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2100 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2099 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2098 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2097 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2096 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2095 RESERVED CVE-2021-2094 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-2093 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2021-2092 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2091 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2090 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-2089 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2088 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2086 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2085 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2084 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2083 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2082 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2081 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2080 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2021-2079 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2021-2078 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2021-2077 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2076 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2075 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2074 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2073 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.18-dfsg-1 CVE-2021-2072 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2071 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2069 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2068 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2067 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2066 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-2065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2064 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2063 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2062 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2061 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2060 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) - mysql-5.7 (bug #981194) CVE-2021-2059 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2021-2058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2057 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2021-2056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2055 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 CVE-2021-2054 (Vulnerability in the RDBMS Sharding component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2021-2053 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2021-2052 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...) NOT-FOR-US: Oracle CVE-2021-2051 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2050 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2049 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2047 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2045 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2021-2044 (Vulnerability in the PeopleSoft Enterprise FIN Payables product of Ora ...) NOT-FOR-US: Oracle CVE-2021-2043 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-2042 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 CVE-2021-2041 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2021-2040 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...) NOT-FOR-US: Oracle CVE-2021-2039 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-2038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2037 RESERVED CVE-2021-2036 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2035 (Vulnerability in the RDBMS Scheduler component of Oracle Database Serv ...) NOT-FOR-US: Oracle CVE-2021-2034 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2021-2033 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-2032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) - mysql-5.7 (bug #981194) CVE-2021-2031 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2030 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 CVE-2021-2029 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 CVE-2021-2027 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2026 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2021-2025 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2021-2024 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2023 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2021-2022 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.5-1 - mariadb-10.3 1:10.3.24-1 [buster] - mariadb-10.3 1:10.3.25-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.47-0+deb9u1 - mysql-8.0 8.0.23-1 (bug #980795) - mysql-5.7 (bug #981194) NOTE: Fixed in MariaDB 10.5.5, 10.4.14, 10.3.24, 10.2.33, 10.1.46 CVE-2021-2021 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2020 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.21-1 CVE-2021-2019 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Fixed before initial upload) CVE-2021-2018 (Vulnerability in the Advanced Networking Option component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2021-2017 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2021-2016 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Fixed before initial upload) CVE-2021-2015 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2021-2014 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #981194) CVE-2021-2013 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2021-2012 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.21-1 CVE-2021-2011 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) - mysql-5.7 (bug #981194) CVE-2021-2010 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) - mysql-5.7 (bug #981194) CVE-2021-2009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Fixed before initial upload) CVE-2021-2008 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) NOT-FOR-US: Oracle CVE-2021-2007 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-8.0 (Fixed before initial upload) - mysql-5.7 (bug #981194) CVE-2021-2006 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-8.0 8.0.21-1 CVE-2021-2005 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2021-2004 (Vulnerability in the Siebel Core - Server BizLogic Script product of O ...) NOT-FOR-US: Oracle CVE-2021-2003 (Vulnerability in the Business Intelligence Enterprise Edition product ...) NOT-FOR-US: Oracle CVE-2021-2002 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-2001 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Fixed before initial upload) - mysql-5.7 (bug #981194) CVE-2021-2000 (Vulnerability in the Unified Audit component of Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2021-1999 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2021-1998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.23-1 (bug #980795) CVE-2021-1997 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2021-1996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-1995 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-1994 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-1993 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2021-1992 RESERVED CVE-2021-1991 RESERVED CVE-2021-1990 RESERVED CVE-2021-1989 RESERVED CVE-2021-1988 RESERVED CVE-2021-1987 RESERVED CVE-2021-1986 RESERVED CVE-2021-1985 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1984 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1983 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1982 RESERVED CVE-2021-1981 RESERVED CVE-2021-1980 RESERVED CVE-2021-1979 RESERVED CVE-2021-1978 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1977 RESERVED CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1975 RESERVED CVE-2021-1974 (Possible buffer over read due to lack of alignment between map or unma ...) NOT-FOR-US: Snapdragon CVE-2021-1973 RESERVED CVE-2021-1972 (Possible buffer overflow due to improper validation of device types du ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1971 (Possible assertion due to lack of physical layer state validation in S ...) NOT-FOR-US: Snapdragon CVE-2021-1970 (Possible out of bound read due to lack of length check of FT sub-eleme ...) NOT-FOR-US: Snapdragon CVE-2021-1969 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1968 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1967 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1966 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1965 (Possible buffer overflow due to lack of parameter length check during ...) NOT-FOR-US: Snapdragon CVE-2021-1964 (Possible buffer over read due to improper validation of IE size while ...) NOT-FOR-US: Snapdragon CVE-2021-1963 (Possible use-after-free due to lack of validation for the rule count i ...) NOT-FOR-US: Snapdragon CVE-2021-1962 (Buffer Overflow while processing IOCTL for getting peripheral endpoint ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1961 (Possible buffer overflow due to lack of offset length check while upda ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted opcode in LM ...) NOT-FOR-US: Snapdragon CVE-2021-1959 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1958 (A race condition in fastrpc kernel driver for dynamic process creation ...) NOT-FOR-US: Snapdragon CVE-2021-1957 (Improper Access Control when ACL link encryption is failed and ACL lin ...) NOT-FOR-US: Snapdragon CVE-2021-1956 (Improper handling of ASB-U packet with L2CAP channel ID by slave host ...) NOT-FOR-US: Snapdragon CVE-2021-1955 (Denial of service in SAP case due to improper handling of connections ...) NOT-FOR-US: SAP CVE-2021-1954 (Possible buffer over read due to improper validation of data pointer w ...) NOT-FOR-US: Snapdragon CVE-2021-1953 (Improper handling of received malformed FTMR request frame can lead to ...) NOT-FOR-US: Snapdragon CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of reques ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1951 RESERVED CVE-2021-1950 RESERVED CVE-2021-1949 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1947 (Use-after-free vulnerability in kernel graphics driver because of stor ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation while pr ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1945 (Possible out of bound read due to lack of length check of Bandwidth-NS ...) NOT-FOR-US: Snapdragon CVE-2021-1944 RESERVED CVE-2021-1943 (Possible buffer out of bound read can occur due to improper validation ...) NOT-FOR-US: Snapdragon CVE-2021-1942 RESERVED CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...) NOT-FOR-US: Snapdragon CVE-2021-1939 (Null pointer dereference occurs due to improper validation when the pr ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1938 (Possible assertion due to improper verification while creating and del ...) NOT-FOR-US: Snapdragon CVE-2021-1937 (Reachable assertion is possible while processing peer association WLAN ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1936 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1935 (Possible null pointer dereference due to lack of validation check for ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1934 (Possible memory corruption due to improper check when application load ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1933 (UE assertion is possible due to improper validation of invite message ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1932 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer length w ...) NOT-FOR-US: Snapdragon CVE-2021-1930 (Possible out of bounds read due to incorrect validation of incoming bu ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1929 (Lack of strict validation of bootmode can lead to information disclosu ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1928 (Buffer over read could occur due to incorrect check of buffer size whi ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1927 (Possible use after free due to lack of null check while memory is bein ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1926 RESERVED CVE-2021-1925 (Possible denial of service scenario due to improper handling of group ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1924 RESERVED CVE-2021-1923 (Incorrect pointer argument passed to trusted application TA could resu ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1922 RESERVED CVE-2021-1921 RESERVED CVE-2021-1920 (Integer underflow can occur due to improper handling of incoming RTCP ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1919 (Integer underflow can occur when the RTCP length is lesser than than t ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1918 RESERVED CVE-2021-1917 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1916 (Possible buffer underflow due to lack of check for negative indices va ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1915 (Buffer overflow can occur due to improper validation of NDP applicatio ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper handlin ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1913 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2021-1912 RESERVED CVE-2021-1911 RESERVED CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1909 (Buffer overflow occurs in trusted applications due to lack of length c ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1908 RESERVED CVE-2021-1907 (Possible buffer overflow due to lack of length check in BA request in ...) NOT-FOR-US: Snapdragon CVE-2021-1906 (Improper handling of address deregistration on failure can lead to new ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1905 (Possible use after free due to improper handling of memory mapping of ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1904 (Child process can leak information from parent process due to numeric ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1903 RESERVED CVE-2021-1902 RESERVED CVE-2021-1901 (Possible buffer over-read due to lack of length check while flashing m ...) NOT-FOR-US: Snapdragon CVE-2021-1900 (Possible use after free in Display due to race condition while creatin ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1899 (Possible buffer over read due to lack of length check while flashing m ...) NOT-FOR-US: Snapdragon CVE-2021-1898 (Possible buffer over-read due to incorrect overflow check when loading ...) NOT-FOR-US: Snapdragon CVE-2021-1897 (Possible Buffer Over-read due to lack of validation of boundary checks ...) NOT-FOR-US: Snapdragon CVE-2021-1896 (Weak configuration in WLAN could cause forwarding of unencrypted packe ...) NOT-FOR-US: Snapdragon CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...) NOT-FOR-US: Snapdragon CVE-2021-1894 RESERVED CVE-2021-1893 RESERVED CVE-2021-1892 (Memory corruption due to improper input validation while processing IO ...) NOT-FOR-US: Snapdragon CVE-2021-1891 (A possible use-after-free occurrence in audio driver can happen when p ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1890 (Improper length check of public exponent in RSA import key function co ...) NOT-FOR-US: Snapdragon CVE-2021-1889 (Possible buffer overflow due to lack of length check in Trusted Applic ...) NOT-FOR-US: Snapdragon CVE-2021-1888 (Memory corruption in key parsing and import function due to double fre ...) NOT-FOR-US: Snapdragon CVE-2021-1887 (An assertion can be reached in the WLAN subsystem while using the Wi-F ...) NOT-FOR-US: Snapdragon CVE-2021-1886 (Incorrect handling of pointers in trusted application key import mecha ...) NOT-FOR-US: Snapdragon CVE-2021-1885 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1884 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-1883 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1882 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2021-1881 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1880 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1879 (This issue was addressed by improved management of object lifetimes. T ...) NOT-FOR-US: Apple CVE-2021-1878 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2021-1877 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1876 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-1875 (A double free issue was addressed with improved memory management. Thi ...) NOT-FOR-US: Apple CVE-2021-1874 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1873 (An API issue in Accessibility TCC permissions was addressed with impro ...) NOT-FOR-US: Apple CVE-2021-1872 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1871 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4923-1} - webkit2gtk 2.32.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.0-2 NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1870 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2021-1869 RESERVED CVE-2021-1868 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1867 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1866 RESERVED CVE-2021-1865 (An issue obscuring passwords in screenshots was addressed with improve ...) NOT-FOR-US: Apple CVE-2021-1864 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-1863 (An issue existed with authenticating the action triggered by an NFC ta ...) NOT-FOR-US: Apple CVE-2021-1862 (Description: A person with physical access may be able to access conta ...) NOT-FOR-US: Apple CVE-2021-1861 (An issue existed in determining cache occupancy. The issue was address ...) NOT-FOR-US: Apple CVE-2021-1860 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2021-1859 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1858 (Processing a maliciously crafted image may lead to arbitrary code exec ...) NOT-FOR-US: Apple CVE-2021-1857 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2021-1856 RESERVED CVE-2021-1855 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1854 (A call termination issue with was addressed with improved logic. This ...) NOT-FOR-US: Apple CVE-2021-1853 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1852 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1851 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1850 RESERVED CVE-2021-1849 (An issue in code signature validation was addressed with improved chec ...) NOT-FOR-US: Apple CVE-2021-1848 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2021-1847 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2021-1846 (Processing a maliciously crafted audio file may disclose restricted me ...) NOT-FOR-US: Apple CVE-2021-1845 RESERVED CVE-2021-1844 (A memory corruption issue was addressed with improved validation. This ...) {DSA-4923-1} - webkit2gtk 2.32.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.0-2 NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1843 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1842 RESERVED CVE-2021-1841 (A malicious application may be able to execute arbitrary code with ker ...) NOT-FOR-US: Apple CVE-2021-1840 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2021-1839 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-1838 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1837 (A certificate validation issue was addressed. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2021-1836 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-1835 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1834 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-1833 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1832 (Copied files may not have the expected file permissions. This issue is ...) NOT-FOR-US: Apple CVE-2021-1831 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-1830 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1829 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2021-1828 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2021-1827 RESERVED CVE-2021-1826 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1825 (An input validation issue was addressed with improved input validation ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1824 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2021-1823 RESERVED CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-1821 RESERVED CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1819 RESERVED CVE-2021-1818 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1817 (A memory corruption issue was addressed with improved state management ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1816 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2021-1815 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2021-1814 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1813 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-1812 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-1811 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1810 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1809 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2021-1808 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2021-1807 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2021-1806 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2021-1805 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1804 RESERVED CVE-2021-1803 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-1802 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1801 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2021-1800 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2021-1799 (A port redirection issue was addressed with additional port validation ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2021-1798 RESERVED CVE-2021-1797 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-1796 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1795 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1794 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1793 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1792 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1791 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2021-1790 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1789 (A type confusion issue was addressed with improved state handling. Thi ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2021-1788 (A use after free issue was addressed with improved memory management. ...) {DSA-4923-1} - webkit2gtk 2.32.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.0-2 NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1787 (Multiple issues were addressed with improved logic. This issue is fixe ...) NOT-FOR-US: Apple CVE-2021-1786 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1785 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1784 (A permissions issue existed in DiskArbitration. This was addressed wit ...) NOT-FOR-US: Apple CVE-2021-1783 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2021-1782 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-1781 (A privacy issue existed in the handling of Contact cards. This was add ...) NOT-FOR-US: Apple CVE-2021-1780 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2021-1779 (A logic error in kext loading was addressed with improved state handli ...) NOT-FOR-US: Apple CVE-2021-1778 (An out-of-bounds read issue existed in the curl. This issue was addres ...) NOT-FOR-US: Apple CVE-2021-1777 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1776 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-1775 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2021-1774 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1773 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1772 (A stack overflow was addressed with improved input validation. This is ...) NOT-FOR-US: Apple CVE-2021-1771 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1770 (A buffer overflow may result in arbitrary code execution. This issue i ...) NOT-FOR-US: Apple CVE-2021-1769 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-1768 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1767 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1766 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1765 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2021-1764 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-1763 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2021-1762 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1761 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1760 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-1759 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1758 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1757 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1756 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2021-1755 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2021-1754 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1753 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1752 RESERVED CVE-2021-1751 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1750 (Multiple issues were addressed with improved logic. This issue is fixe ...) NOT-FOR-US: Apple CVE-2021-1749 RESERVED CVE-2021-1748 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2021-1747 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1746 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1745 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1744 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1743 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1742 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-1741 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-1740 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2021-1739 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2021-1738 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1737 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-1736 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-1735 RESERVED CVE-2021-1734 (Windows Remote Procedure Call Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-1731 (PFX Encryption Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1730 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-1729 (Windows Update Stack Setup Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1728 (System Center Operations Manager Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1726 (Microsoft SharePoint Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...) NOT-FOR-US: Bot Framework SDK CVE-2021-1724 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...) NOT-FOR-US: ASP.NET Core and Visual Studio CVE-2021-1722 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-1721 (.NET Core and Visual Studio Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft .NET CVE-2021-1720 RESERVED CVE-2021-1719 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1718 (Microsoft SharePoint Server Tampering Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1717 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-1716 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-1715 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2021-1714 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-1713 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-1712 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1711 (Microsoft Office Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1710 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1709 (Windows Win32k Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1708 (Windows GDI+ Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1707 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1706 (Windows LUAFV Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1705 (Microsoft Edge (HTML-based) Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1704 (Windows Hyper-V Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1703 (Windows Event Logging Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1702 (Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-1701 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1698 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1695 (Windows Print Spooler Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1694 (Windows Update Stack Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1693 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2021-1692 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...) NOT-FOR-US: Microsoft CVE-2021-1691 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...) NOT-FOR-US: Microsoft CVE-2021-1690 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1689 (Windows Multipoint Management Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1688 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2021-1687 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1686 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1685 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-1684 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-1683 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-1682 (Windows Kernel Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1681 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1680 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-1679 (Windows CryptoAPI Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1678 (NTLM Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1677 (Azure Active Directory Pod Identity Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-1675 (Windows Print Spooler Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1672 (Windows Projected File System FS Filter Driver Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-1671 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1670 (Windows Projected File System FS Filter Driver Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-1669 (Windows Remote Desktop Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1668 (Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1667 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1666 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1665 (GDI+ Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1664 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1663 (Windows Projected File System FS Filter Driver Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-1662 (Windows Event Tracing Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1661 (Windows Installer Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1660 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1659 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2021-1658 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) NOT-FOR-US: Microsoft CVE-2021-1657 (Windows Fax Compose Form Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1656 (TPM Device Driver Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1655 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2021-1654 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2021-1653 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2021-1652 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2021-1651 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-1650 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-1649 (Active Template Library Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1648 (Microsoft splwow64 Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1647 (Microsoft Defender Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1646 (Windows WLAN Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1645 (Windows Docker Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1644 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1643 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1642 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2021-1640 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1636 (Microsoft SQL Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1635 RESERVED CVE-2021-1634 RESERVED CVE-2021-1633 RESERVED CVE-2021-1632 RESERVED CVE-2021-1631 RESERVED CVE-2021-1630 (XML external entity (XXE) vulnerability affecting certain versions of ...) NOT-FOR-US: Salesforce CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...) NOT-FOR-US: Tableau Server CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...) NOT-FOR-US: Tableau Server CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...) NOT-FOR-US: MuleSoft CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...) NOT-FOR-US: MuleSoft CVE-2021-1625 (A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2021-1624 (A vulnerability in the Rate Limiting Network Address Translation (NAT) ...) NOT-FOR-US: Cisco CVE-2021-1623 (A vulnerability in the Simple Network Management Protocol (SNMP) punt ...) NOT-FOR-US: Cisco CVE-2021-1622 (A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2021-1621 (A vulnerability in the Layer 2 punt code of Cisco IOS XE Software coul ...) NOT-FOR-US: Cisco CVE-2021-1620 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support ...) NOT-FOR-US: Cisco CVE-2021-1619 (A vulnerability in the authentication, authorization, and accounting ( ...) NOT-FOR-US: Cisco CVE-2021-1618 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1617 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1616 (A vulnerability in the H.323 application level gateway (ALG) used by t ...) NOT-FOR-US: Cisco CVE-2021-1615 (A vulnerability in the packet processing functionality of Cisco Embedd ...) NOT-FOR-US: Cisco CVE-2021-1614 (A vulnerability in the Multiprotocol Label Switching (MPLS) packet han ...) NOT-FOR-US: Cisco CVE-2021-1613 RESERVED CVE-2021-1612 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...) NOT-FOR-US: Cisco CVE-2021-1611 (A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1610 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2021-1609 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2021-1608 RESERVED CVE-2021-1607 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1606 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1605 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1604 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1603 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1602 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2021-1601 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...) NOT-FOR-US: Cisco CVE-2021-1600 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...) NOT-FOR-US: Cisco CVE-2021-1599 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2021-1598 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) NOT-FOR-US: Cisco CVE-2021-1597 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) NOT-FOR-US: Cisco CVE-2021-1596 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) NOT-FOR-US: Cisco CVE-2021-1595 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) NOT-FOR-US: Cisco CVE-2021-1594 (A vulnerability in the REST API of Cisco Identity Services Engine (ISE ...) NOT-FOR-US: Cisco CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...) NOT-FOR-US: Cisco CVE-2021-1592 (A vulnerability in the way Cisco UCS Manager software handles SSH sess ...) NOT-FOR-US: Cisco CVE-2021-1591 (A vulnerability in the EtherChannel port subscription logic of Cisco N ...) NOT-FOR-US: Cisco CVE-2021-1590 (A vulnerability in the implementation of the system login block-for co ...) NOT-FOR-US: Cisco CVE-2021-1589 (A vulnerability in the disaster recovery feature of Cisco SD-WAN vMana ...) NOT-FOR-US: Cisco CVE-2021-1588 (A vulnerability in the MPLS Operation, Administration, and Maintenance ...) NOT-FOR-US: Cisco CVE-2021-1587 (A vulnerability in the VXLAN Operation, Administration, and Maintenanc ...) NOT-FOR-US: Cisco CVE-2021-1586 (A vulnerability in the Multi-Pod or Multi-Site network configurations ...) NOT-FOR-US: Cisco CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) L ...) NOT-FOR-US: Cisco CVE-2021-1584 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...) NOT-FOR-US: Cisco CVE-2021-1583 (A vulnerability in the fabric infrastructure file system access contro ...) NOT-FOR-US: Cisco CVE-2021-1582 (A vulnerability in the web UI of Cisco Application Policy Infrastructu ...) NOT-FOR-US: Cisco CVE-2021-1581 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...) NOT-FOR-US: Cisco CVE-2021-1580 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...) NOT-FOR-US: Cisco CVE-2021-1579 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...) NOT-FOR-US: Cisco CVE-2021-1578 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...) NOT-FOR-US: Cisco CVE-2021-1577 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...) NOT-FOR-US: Cisco CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Virtual ...) NOT-FOR-US: Cisco CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1573 RESERVED CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...) NOT-FOR-US: Cisco CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) NOT-FOR-US: Cisco CVE-2021-1569 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) NOT-FOR-US: Cisco CVE-2021-1568 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...) NOT-FOR-US: Cisco CVE-2021-1567 (A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secur ...) NOT-FOR-US: Cisco CVE-2021-1566 (A vulnerability in the Cisco Advanced Malware Protection (AMP) for End ...) NOT-FOR-US: Cisco CVE-2021-1565 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...) NOT-FOR-US: Cisco CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...) NOT-FOR-US: Cisco CVE-2021-1562 (A vulnerability in the XSI-Actions interface of Cisco BroadWorks Appli ...) NOT-FOR-US: Cisco CVE-2021-1561 (A vulnerability in the spam quarantine feature of Cisco Secure Email a ...) NOT-FOR-US: Cisco CVE-2021-1560 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) NOT-FOR-US: Cisco CVE-2021-1559 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) NOT-FOR-US: Cisco CVE-2021-1558 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) NOT-FOR-US: Cisco CVE-2021-1557 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) NOT-FOR-US: Cisco CVE-2021-1556 RESERVED CVE-2021-1555 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1554 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1553 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1552 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1551 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1550 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1549 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1548 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1547 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1546 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-1545 RESERVED CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...) NOT-FOR-US: Cisco CVE-2021-1543 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1542 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1541 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...) NOT-FOR-US: Cisco CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...) NOT-FOR-US: Cisco CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common Service ...) NOT-FOR-US: Cisco CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes Record ...) NOT-FOR-US: Cisco CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco ...) NOT-FOR-US: Cisco CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...) NOT-FOR-US: Cisco CVE-2021-1534 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2021-1533 RESERVED CVE-2021-1532 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2021-1531 (A vulnerability in the web UI of Cisco Modeling Labs could allow an au ...) NOT-FOR-US: Cisco CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2021-1529 RESERVED CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...) NOT-FOR-US: Cisco CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...) NOT-FOR-US: Cisco CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) NOT-FOR-US: Cisco CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...) NOT-FOR-US: Cisco CVE-2021-1523 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...) NOT-FOR-US: Cisco CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...) NOT-FOR-US: Cisco CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...) NOT-FOR-US: Cisco CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2021-1518 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...) NOT-FOR-US: Cisco CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex Meetin ...) NOT-FOR-US: Cisco CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...) NOT-FOR-US: Cisco CVE-2021-1514 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-1513 (A vulnerability in the vDaemon process of Cisco SD-WAN Software could ...) NOT-FOR-US: Cisco CVE-2021-1512 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-1511 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...) NOT-FOR-US: Cisco CVE-2021-1510 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...) NOT-FOR-US: Cisco CVE-2021-1509 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...) NOT-FOR-US: Cisco CVE-2021-1508 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1507 (A vulnerability in an API of Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1506 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...) NOT-FOR-US: Cisco CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...) NOT-FOR-US: Cisco CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...) NOT-FOR-US: Cisco CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2021-1500 RESERVED CVE-2021-1499 (A vulnerability in the web-based management interface of Cisco HyperFl ...) NOT-FOR-US: Cisco CVE-2021-1498 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) NOT-FOR-US: Cisco CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) NOT-FOR-US: Cisco CVE-2021-1494 RESERVED CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...) NOT-FOR-US: Duo Authentication Proxy CVE-2021-1491 RESERVED CVE-2021-1490 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...) NOT-FOR-US: Cisco CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...) NOT-FOR-US: Cisco CVE-2021-1487 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2021-1486 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...) NOT-FOR-US: Cisco CVE-2021-1485 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-1484 RESERVED CVE-2021-1483 RESERVED CVE-2021-1482 RESERVED CVE-2021-1481 RESERVED CVE-2021-1480 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1478 (A vulnerability in the Java Management Extensions (JMX) component of C ...) NOT-FOR-US: Cisco CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...) NOT-FOR-US: Cisco CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...) NOT-FOR-US: Cisco CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...) NOT-FOR-US: Cisco CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...) NOT-FOR-US: Cisco CVE-2021-1473 (Multiple vulnerabilities exist in the web-based management interface o ...) NOT-FOR-US: Cisco CVE-2021-1472 (Multiple vulnerabilities exist in the web-based management interface o ...) NOT-FOR-US: Cisco CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) NOT-FOR-US: Cisco CVE-2021-1470 RESERVED CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) NOT-FOR-US: Cisco CVE-2021-1468 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-1466 RESERVED CVE-2021-1465 RESERVED CVE-2021-1464 RESERVED CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2021-1462 RESERVED CVE-2021-1461 RESERVED CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 809 In ...) NOT-FOR-US: Cisco CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...) NOT-FOR-US: Cisco CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...) NOT-FOR-US: Cisco CVE-2021-1452 (A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software f ...) NOT-FOR-US: Cisco CVE-2021-1451 (A vulnerability in the Easy Virtual Switching System (VSS) feature of ...) NOT-FOR-US: Cisco CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...) NOT-FOR-US: Cisco CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) NOT-FOR-US: Cisco CVE-2021-1447 (A vulnerability in the user account management system of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...) NOT-FOR-US: Cisco CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...) NOT-FOR-US: Cisco CVE-2021-1444 RESERVED CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play (PnP) su ...) NOT-FOR-US: Cisco CVE-2021-1441 (A vulnerability in the hardware initialization routines of Cisco IOS X ...) NOT-FOR-US: Cisco CVE-2021-1440 RESERVED CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco A ...) NOT-FOR-US: Cisco CVE-2021-1438 (A vulnerability in Cisco Wide Area Application Services (WAAS) Softwar ...) NOT-FOR-US: Cisco CVE-2021-1437 (A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Se ...) NOT-FOR-US: Cisco CVE-2021-1436 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1435 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2021-1434 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1433 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...) NOT-FOR-US: Cisco CVE-2021-1432 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1431 (A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software ...) NOT-FOR-US: Cisco CVE-2021-1430 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) NOT-FOR-US: Cisco CVE-2021-1429 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) NOT-FOR-US: Cisco CVE-2021-1428 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) NOT-FOR-US: Cisco CVE-2021-1427 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) NOT-FOR-US: Cisco CVE-2021-1426 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) NOT-FOR-US: Cisco CVE-2021-1425 RESERVED CVE-2021-1424 RESERVED CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco Airone ...) NOT-FOR-US: Cisco CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2021-1421 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...) NOT-FOR-US: Cisco CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings could all ...) NOT-FOR-US: Cisco CVE-2021-1419 (A vulnerability in the SSH management feature of multiple Cisco Access ...) NOT-FOR-US: Cisco CVE-2021-1418 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) NOT-FOR-US: Cisco CVE-2021-1417 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) NOT-FOR-US: Cisco CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...) NOT-FOR-US: Cisco CVE-2021-1415 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1414 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1413 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...) NOT-FOR-US: Cisco CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) NOT-FOR-US: Cisco CVE-2021-1410 RESERVED CVE-2021-1409 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1408 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...) NOT-FOR-US: Cisco CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...) {DLA-2626-1} - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) [buster] - clamav 0.103.2+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...) - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) [buster] - clamav (Affects only 0.103.0 and 0.103.1) [stretch] - clamav (Affects only 0.103.0 and 0.103.1) NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) NOT-FOR-US: Cisco CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...) NOT-FOR-US: Cisco CVE-2021-1401 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1400 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2021-1399 (A vulnerability in the Self Care Portal of Cisco Unified Communication ...) NOT-FOR-US: Cisco CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1397 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...) NOT-FOR-US: Cisco CVE-2021-1395 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE Softwar ...) NOT-FOR-US: Cisco CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...) NOT-FOR-US: Cisco CVE-2021-1392 (A vulnerability in the CLI command permissions of Cisco IOS and Cisco ...) NOT-FOR-US: Cisco CVE-2021-1391 (A vulnerability in the dragonite debugger of Cisco IOS XE Software cou ...) NOT-FOR-US: Cisco CVE-2021-1390 (A vulnerability in one of the diagnostic test CLI commands of Cisco IO ...) NOT-FOR-US: Cisco CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...) NOT-FOR-US: Cisco CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrato ...) NOT-FOR-US: Cisco CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software could all ...) NOT-FOR-US: Cisco CVE-2021-1386 (A vulnerability in the dynamic link library (DLL) loading mechanism in ...) NOT-FOR-US: Cisco CVE-2021-1385 (A vulnerability in the Cisco IOx application hosting environment of mu ...) NOT-FOR-US: Cisco CVE-2021-1384 (A vulnerability in Cisco IOx application hosting environment of Cisco ...) NOT-FOR-US: Cisco CVE-2021-1383 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...) NOT-FOR-US: Cisco CVE-2021-1382 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2021-1380 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1379 RESERVED CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...) NOT-FOR-US: Cisco CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management of Cis ...) NOT-FOR-US: Cisco CVE-2021-1376 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...) NOT-FOR-US: Cisco CVE-2021-1375 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...) NOT-FOR-US: Cisco CVE-2021-1374 (A vulnerability in the web-based management interface of Cisco IOS XE ...) NOT-FOR-US: Cisco CVE-2021-1373 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...) NOT-FOR-US: Cisco CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE SD-WA ...) NOT-FOR-US: Cisco CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...) NOT-FOR-US: Cisco CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...) NOT-FOR-US: Cisco CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) NOT-FOR-US: Cisco CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...) NOT-FOR-US: Cisco CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2021-1365 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) NOT-FOR-US: Cisco CVE-2021-1363 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1362 (A vulnerability in the SOAP API endpoint of Cisco Unified Communicatio ...) NOT-FOR-US: Cisco CVE-2021-1361 (A vulnerability in the implementation of an internal file management s ...) NOT-FOR-US: Cisco CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1359 (A vulnerability in the configuration management of Cisco AsyncOS for C ...) NOT-FOR-US: Cisco CVE-2021-1358 (A vulnerability in the web-based management interface of Cisco Finesse ...) NOT-FOR-US: Cisco CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) NOT-FOR-US: Cisco CVE-2021-1356 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...) NOT-FOR-US: Cisco CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) NOT-FOR-US: Cisco CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco Unifi ...) NOT-FOR-US: Cisco CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...) NOT-FOR-US: Cisco CVE-2021-1352 (A vulnerability in the DECnet Phase IV and DECnet/OSI protocol process ...) NOT-FOR-US: Cisco CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...) NOT-FOR-US: Cisco CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...) NOT-FOR-US: Cisco CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2021-1348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1347 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1346 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1345 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1344 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1343 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1342 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1341 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1340 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1339 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1338 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1337 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1336 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1335 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1334 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1333 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1332 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1331 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1330 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1329 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1328 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1327 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1326 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1325 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1324 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1323 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1322 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1321 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1320 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1319 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1318 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1317 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1316 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1315 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1314 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1313 (Multiple vulnerabilities in the ingress packet processing function of ...) NOT-FOR-US: Cisco CVE-2021-1312 (A vulnerability in the system resource management of Cisco Elastic Ser ...) NOT-FOR-US: Cisco CVE-2021-1311 (A vulnerability in the reclaim host role feature of Cisco Webex Meetin ...) NOT-FOR-US: Cisco CVE-2021-1310 (A vulnerability in the web-based management interface of Cisco Webex M ...) NOT-FOR-US: Cisco CVE-2021-1309 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-1308 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-1307 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1306 (A vulnerability in the restricted shell of Cisco Evolved Programmable ...) NOT-FOR-US: Cisco CVE-2021-1305 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1304 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1303 (A vulnerability in the user management roles of Cisco DNA Center could ...) NOT-FOR-US: Cisco CVE-2021-1302 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1301 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) NOT-FOR-US: Cisco CVE-2021-1300 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) NOT-FOR-US: Cisco CVE-2021-1299 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) NOT-FOR-US: Cisco CVE-2021-1298 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) NOT-FOR-US: Cisco CVE-2021-1297 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1296 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1295 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1294 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1293 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1292 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1291 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1290 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1289 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1288 (Multiple vulnerabilities in the ingress packet processing function of ...) NOT-FOR-US: Cisco CVE-2021-1287 (A vulnerability in the web-based management interface of Cisco RV132W ...) NOT-FOR-US: Cisco CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1285 RESERVED CVE-2021-1284 (A vulnerability in the web-based messaging service interface of Cisco ...) NOT-FOR-US: Cisco CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Network ...) NOT-FOR-US: Cisco CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) NOT-FOR-US: Cisco CVE-2021-1281 (A vulnerability in CLI management in Cisco IOS XE SD-WAN Software coul ...) NOT-FOR-US: Cisco CVE-2021-1280 (A vulnerability in the loading mechanism of specific DLLs of Cisco Adv ...) NOT-FOR-US: Cisco CVE-2021-1279 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) NOT-FOR-US: Cisco CVE-2021-1278 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) NOT-FOR-US: Cisco CVE-2021-1277 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...) NOT-FOR-US: Cisco CVE-2021-1276 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...) NOT-FOR-US: Cisco CVE-2021-1275 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1274 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) NOT-FOR-US: Cisco CVE-2021-1273 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) NOT-FOR-US: Cisco CVE-2021-1272 (A vulnerability in the session validation feature of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2021-1271 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2021-1270 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1269 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1268 (A vulnerability in the IPv6 protocol handling of the management interf ...) NOT-FOR-US: Cisco CVE-2021-1267 (A vulnerability in the dashboard widget of Cisco Firepower Management ...) NOT-FOR-US: Cisco CVE-2021-1266 (A vulnerability in the REST API of Cisco Managed Services Accelerator ...) NOT-FOR-US: Cisco CVE-2021-1265 (A vulnerability in the configuration archive functionality of Cisco DN ...) NOT-FOR-US: Cisco CVE-2021-1264 (A vulnerability in the Command Runner tool of Cisco DNA Center could a ...) NOT-FOR-US: Cisco CVE-2021-1263 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) NOT-FOR-US: Cisco CVE-2021-1262 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) NOT-FOR-US: Cisco CVE-2021-1261 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) NOT-FOR-US: Cisco CVE-2021-1260 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) NOT-FOR-US: Cisco CVE-2021-1259 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secure Mo ...) NOT-FOR-US: Cisco CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...) NOT-FOR-US: Cisco CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) NOT-FOR-US: Cisco CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2021-1254 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1253 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1252 (A vulnerability in the Excel XLM macro parsing module in Clam AntiViru ...) - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) [buster] - clamav (Affects ony 0.103.0 and 0.103.1) [stretch] - clamav (Affects ony 0.103.0 and 0.103.1) NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html CVE-2021-1251 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-1250 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1249 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1248 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...) NOT-FOR-US: Cisco CVE-2021-1247 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...) NOT-FOR-US: Cisco CVE-2021-1246 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1245 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1244 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...) NOT-FOR-US: Cisco CVE-2021-1243 (A vulnerability in the Local Packet Transport Services (LPTS) programm ...) NOT-FOR-US: Cisco CVE-2021-1242 (A vulnerability in Cisco Webex Teams could allow an unauthenticated, r ...) NOT-FOR-US: Cisco CVE-2021-1241 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) NOT-FOR-US: Cisco CVE-2021-1240 (A vulnerability in the loading process of specific DLLs in Cisco Proxi ...) NOT-FOR-US: Cisco CVE-2021-1239 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1238 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security Agent c ...) NOT-FOR-US: Cisco CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Snort a ...) NOT-FOR-US: Cisco CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...) NOT-FOR-US: Cisco CVE-2021-1234 RESERVED CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-1232 RESERVED CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus ...) NOT-FOR-US: Cisco CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus ...) NOT-FOR-US: Cisco CVE-2021-1229 (A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS S ...) NOT-FOR-US: Cisco CVE-2021-1228 (A vulnerability in the fabric infrastructure VLAN connection establish ...) NOT-FOR-US: Cisco CVE-2021-1227 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified Commun ...) NOT-FOR-US: Cisco CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...) NOT-FOR-US: Cisco CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) NOT-FOR-US: Cisco CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...) NOT-FOR-US: Cisco CVE-2021-1221 (A vulnerability in the user interface of Cisco Webex Meetings and Cisc ...) NOT-FOR-US: Cisco CVE-2021-1220 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...) NOT-FOR-US: Cisco CVE-2021-1219 (A vulnerability in Cisco Smart Software Manager Satellite could allow ...) NOT-FOR-US: Cisco CVE-2021-1218 (A vulnerability in the web management interface of Cisco Smart Softwar ...) NOT-FOR-US: Cisco CVE-2021-1217 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1216 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1215 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1214 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1213 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1212 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1211 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1210 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1209 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1208 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1207 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1206 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1205 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1204 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1203 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1202 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1201 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1200 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1199 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1198 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1197 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1196 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1195 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1194 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1193 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1192 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1191 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1190 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1189 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1188 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1187 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1186 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1185 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1184 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1183 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1182 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1181 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1180 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1179 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1178 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1177 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1176 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1175 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1174 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1173 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1172 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1171 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1170 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1169 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1168 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1167 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1166 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1165 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1164 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1163 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1162 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1161 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1160 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1159 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1158 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1157 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1156 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1155 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1154 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1153 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1152 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1151 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1150 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1149 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1148 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1147 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1146 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-1145 (A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR ...) NOT-FOR-US: Cisco CVE-2021-1144 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...) NOT-FOR-US: Cisco CVE-2021-1143 (A vulnerability in Cisco Connected Mobile Experiences (CMX) API author ...) NOT-FOR-US: Cisco CVE-2021-1142 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) NOT-FOR-US: Cisco CVE-2021-1141 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) NOT-FOR-US: Cisco CVE-2021-1140 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) NOT-FOR-US: Cisco CVE-2021-1139 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) NOT-FOR-US: Cisco CVE-2021-1138 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) NOT-FOR-US: Cisco CVE-2021-1137 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1136 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...) NOT-FOR-US: Cisco CVE-2021-1135 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2021-1134 (A vulnerability in the Cisco Identity Services Engine (ISE) integratio ...) NOT-FOR-US: Cisco CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2021-1132 RESERVED CVE-2021-1131 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2021-1130 (A vulnerability in the web-based management interface of Cisco DNA Cen ...) NOT-FOR-US: Cisco CVE-2021-1129 (A vulnerability in the authentication for the general purpose APIs imp ...) NOT-FOR-US: Cisco CVE-2021-1128 (A vulnerability in the CLI parser of Cisco IOS XR Software could allow ...) NOT-FOR-US: Cisco CVE-2021-1127 (A vulnerability in the web-based management interface of Cisco Enterpr ...) NOT-FOR-US: Cisco CVE-2021-1126 (A vulnerability in the storage of proxy server credentials of Cisco Fi ...) NOT-FOR-US: Cisco CVE-2021-1125 RESERVED CVE-2021-1124 RESERVED CVE-2021-1123 RESERVED CVE-2021-1122 RESERVED CVE-2021-1121 RESERVED CVE-2021-1120 RESERVED CVE-2021-1119 RESERVED CVE-2021-1118 RESERVED CVE-2021-1117 RESERVED CVE-2021-1116 RESERVED CVE-2021-1115 RESERVED CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...) NOT-FOR-US: NVIDIA CVE-2021-1113 (NVIDIA camera firmware contains a vulnerability where an unauthorized ...) NOT-FOR-US: NVIDIA CVE-2021-1112 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...) NOT-FOR-US: NVIDIA CVE-2021-1111 (Bootloader contains a vulnerability in the NV3P server where any user ...) NOT-FOR-US: NVIDIA CVE-2021-1110 (NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerabi ...) NOT-FOR-US: NVIDIA CVE-2021-1109 (NVIDIA camera firmware contains a multistep, timing-related vulnerabil ...) NOT-FOR-US: NVIDIA CVE-2021-1108 (NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capt ...) NOT-FOR-US: NVIDIA CVE-2021-1107 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVM ...) NOT-FOR-US: NVIDIA CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...) NOT-FOR-US: NVIDIA CVE-2021-1105 RESERVED CVE-2021-1104 (The RISC-V Instruction Set Manual contains a documented ambiguity for ...) NOT-FOR-US: RISC-V CVE-2021-1103 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1102 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1101 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1100 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1099 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1098 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1097 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerability ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 460.91.03-1 (bug #991351) [buster] - nvidia-graphics-drivers 418.211.00-1 - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx (bug #991352) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357) - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356) - nvidia-graphics-drivers-tesla-440 (bug #991355) - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 460.91.03-1 (bug #991351) [buster] - nvidia-graphics-drivers 418.211.00-1 - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx (bug #991352) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357) - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356) - nvidia-graphics-drivers-tesla-440 (bug #991355) - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 460.91.03-1 (bug #991351) [buster] - nvidia-graphics-drivers 418.211.00-1 - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx (bug #991352) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357) - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356) - nvidia-graphics-drivers-tesla-440 (bug #991355) - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1092 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1091 (NVIDIA GPU Display driver for Windows contains a vulnerability where a ...) NOT-FOR-US: NVIDIA GPU Display driver for Windows CVE-2021-1090 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) NOT-FOR-US: NVIDIA GPU Display driver for Windows NOTE: CVE description is wrong, per https://nvidia.custhelp.com/app/answers/detail/a_id/5211 only for Windows CVE-2021-1089 (NVIDIA GPU Display Driver for Windows contains a vulnerability in nvid ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1088 RESERVED CVE-2021-1087 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) NOT-FOR-US: NVIDIA vGPU driver CVE-2021-1086 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) NOT-FOR-US: NVIDIA vGPU driver CVE-2021-1085 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) NOT-FOR-US: NVIDIA vGPU driver CVE-2021-1084 (NVIDIA vGPU driver contains a vulnerability in the guest kernel mode d ...) NOT-FOR-US: NVIDIA vGPU driver CVE-2021-1083 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1082 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1081 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1080 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...) NOT-FOR-US: NVIDIA CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver ...) - nvidia-graphics-drivers 460.73.01-1 (bug #987216) [buster] - nvidia-graphics-drivers (Non-free not supported) [stretch] - nvidia-graphics-drivers (R390 not affected) - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221) - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222) CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) - nvidia-graphics-drivers 460.73.01-1 (bug #987216) [buster] - nvidia-graphics-drivers 418.197.02-1 - nvidia-graphics-drivers-legacy-340xx (bug #987217) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.143-1 (bug #987218) [buster] - nvidia-graphics-drivers-legacy-390xx 390.143-1~deb10u1 - nvidia-graphics-drivers-tesla-418 418.197.02-1 (bug #987219) - nvidia-graphics-drivers-tesla-440 (bug #987220) - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221) - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222) CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows CVE-2021-1074 (NVIDIA GPU Display Driver for Windows installer contains a vulnerabili ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows CVE-2021-1073 (NVIDIA GeForce Experience, all versions prior to 3.23, contains a vuln ...) NOT-FOR-US: NVIDIA CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...) NOT-FOR-US: NVIDIA CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and ...) NOT-FOR-US: NVIDIA CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...) NOT-FOR-US: NVIDIA CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...) NOT-FOR-US: NVIDIA CVE-2021-1067 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...) NOT-FOR-US: NVIDIA CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) NOT-FOR-US: NVIDIA vGPU manager CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) NOT-FOR-US: NVIDIA vGPU manager CVE-2021-1064 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) NOT-FOR-US: NVIDIA vGPU manager CVE-2021-1063 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) NOT-FOR-US: NVIDIA vGPU manager CVE-2021-1062 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) NOT-FOR-US: NVIDIA vGPU manager CVE-2021-1061 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) NOT-FOR-US: NVIDIA vGPU manager CVE-2021-1060 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1059 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) NOT-FOR-US: NVIDIA vGPU manager CVE-2021-1058 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerabilit ...) NOT-FOR-US: NVIDIA Virtual GPU Manager NVIDIA vGPU manager CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...) - nvidia-graphics-drivers 460.32.03-1 (bug #979670) [buster] - nvidia-graphics-drivers 418.181.07-1 [stretch] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #979671) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672) [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1 - nvidia-graphics-drivers-tesla-418 418.181.07-1 (bug #979673) - nvidia-graphics-drivers-tesla-440 (bug #979674) - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675) CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) - nvidia-graphics-drivers 460.32.03-1 (bug #979670) [buster] - nvidia-graphics-drivers (Non-free not supported) [stretch] - nvidia-graphics-drivers (R390 not affected) - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675) CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) - nvidia-graphics-drivers 460.32.03-1 (bug #979670) [buster] - nvidia-graphics-drivers (Non-free not supported) [stretch] - nvidia-graphics-drivers (R390 not affected) - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675) CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2021-1050 RESERVED CVE-2021-1049 RESERVED CVE-2021-1048 RESERVED CVE-2021-1047 RESERVED CVE-2021-1046 RESERVED CVE-2021-1045 RESERVED CVE-2021-1044 RESERVED CVE-2021-1043 RESERVED CVE-2021-1042 RESERVED CVE-2021-1041 RESERVED CVE-2021-1040 RESERVED CVE-2021-1039 RESERVED CVE-2021-1038 RESERVED CVE-2021-1037 RESERVED CVE-2021-1036 RESERVED CVE-2021-1035 RESERVED CVE-2021-1034 RESERVED CVE-2021-1033 RESERVED CVE-2021-1032 RESERVED CVE-2021-1031 RESERVED CVE-2021-1030 RESERVED CVE-2021-1029 RESERVED CVE-2021-1028 RESERVED CVE-2021-1027 RESERVED CVE-2021-1026 RESERVED CVE-2021-1025 RESERVED CVE-2021-1024 RESERVED CVE-2021-1023 RESERVED CVE-2021-1022 RESERVED CVE-2021-1021 RESERVED CVE-2021-1020 RESERVED CVE-2021-1019 RESERVED CVE-2021-1018 RESERVED CVE-2021-1017 RESERVED CVE-2021-1016 RESERVED CVE-2021-1015 RESERVED CVE-2021-1014 RESERVED CVE-2021-1013 RESERVED CVE-2021-1012 RESERVED CVE-2021-1011 RESERVED CVE-2021-1010 RESERVED CVE-2021-1009 RESERVED CVE-2021-1008 RESERVED CVE-2021-1007 RESERVED CVE-2021-1006 RESERVED CVE-2021-1005 RESERVED CVE-2021-1004 RESERVED CVE-2021-1003 RESERVED CVE-2021-1002 RESERVED CVE-2021-1001 RESERVED CVE-2021-1000 RESERVED CVE-2021-0999 RESERVED CVE-2021-0998 RESERVED CVE-2021-0997 RESERVED CVE-2021-0996 RESERVED CVE-2021-0995 RESERVED CVE-2021-0994 RESERVED CVE-2021-0993 RESERVED CVE-2021-0992 RESERVED CVE-2021-0991 RESERVED CVE-2021-0990 RESERVED CVE-2021-0989 RESERVED CVE-2021-0988 RESERVED CVE-2021-0987 RESERVED CVE-2021-0986 RESERVED CVE-2021-0985 RESERVED CVE-2021-0984 RESERVED CVE-2021-0983 RESERVED CVE-2021-0982 RESERVED CVE-2021-0981 RESERVED CVE-2021-0980 RESERVED CVE-2021-0979 RESERVED CVE-2021-0978 RESERVED CVE-2021-0977 RESERVED CVE-2021-0976 RESERVED CVE-2021-0975 RESERVED CVE-2021-0974 RESERVED CVE-2021-0973 RESERVED CVE-2021-0972 RESERVED CVE-2021-0971 RESERVED CVE-2021-0970 RESERVED CVE-2021-0969 RESERVED CVE-2021-0968 RESERVED CVE-2021-0967 RESERVED CVE-2021-0966 RESERVED CVE-2021-0965 RESERVED CVE-2021-0964 RESERVED CVE-2021-0963 RESERVED CVE-2021-0962 RESERVED CVE-2021-0961 RESERVED CVE-2021-0960 RESERVED CVE-2021-0959 RESERVED CVE-2021-0958 RESERVED CVE-2021-0957 RESERVED CVE-2021-0956 RESERVED CVE-2021-0955 RESERVED CVE-2021-0954 RESERVED CVE-2021-0953 RESERVED CVE-2021-0952 RESERVED CVE-2021-0951 RESERVED CVE-2021-0950 RESERVED CVE-2021-0949 RESERVED CVE-2021-0948 RESERVED CVE-2021-0947 RESERVED CVE-2021-0946 RESERVED CVE-2021-0945 RESERVED CVE-2021-0944 RESERVED CVE-2021-0943 RESERVED CVE-2021-0942 RESERVED CVE-2021-0941 [bpf: Remove MTU check in __bpf_skb_max_len] RESERVED - linux 5.10.28-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae CVE-2021-0940 RESERVED NOT-FOR-US: Pixel components CVE-2021-0939 RESERVED NOT-FOR-US: Pixel components CVE-2021-0938 RESERVED - linux 5.9.15-1 (unimportant) [buster] - linux 4.19.171-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 NOTE: https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329 CVE-2021-0937 RESERVED - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 NOTE: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d NOTE: Duplicate of CVE-2021-22555 CVE-2021-0936 RESERVED - linux (Pixel or Android-specific driver) NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 CVE-2021-0935 RESERVED - linux 4.15.17-1 [stretch] - linux 4.9.258-1 NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4 NOTE: https://git.kernel.org/linus/b954f94023dcc61388c8384f0f14eb8e42c863c5 NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 CVE-2021-0934 RESERVED CVE-2021-0933 RESERVED CVE-2021-0932 RESERVED CVE-2021-0931 RESERVED CVE-2021-0930 RESERVED CVE-2021-0929 RESERVED CVE-2021-0928 RESERVED CVE-2021-0927 RESERVED CVE-2021-0926 RESERVED CVE-2021-0925 RESERVED CVE-2021-0924 RESERVED CVE-2021-0923 RESERVED CVE-2021-0922 RESERVED CVE-2021-0921 RESERVED CVE-2021-0920 RESERVED CVE-2021-0919 RESERVED CVE-2021-0918 RESERVED CVE-2021-0917 RESERVED CVE-2021-0916 RESERVED CVE-2021-0915 RESERVED CVE-2021-0914 RESERVED CVE-2021-0913 RESERVED CVE-2021-0912 RESERVED CVE-2021-0911 RESERVED CVE-2021-0910 RESERVED CVE-2021-0909 RESERVED CVE-2021-0908 RESERVED CVE-2021-0907 RESERVED CVE-2021-0906 RESERVED CVE-2021-0905 RESERVED CVE-2021-0904 RESERVED CVE-2021-0903 RESERVED CVE-2021-0902 RESERVED CVE-2021-0901 RESERVED CVE-2021-0900 RESERVED CVE-2021-0899 RESERVED CVE-2021-0898 RESERVED CVE-2021-0897 RESERVED CVE-2021-0896 RESERVED CVE-2021-0895 RESERVED CVE-2021-0894 RESERVED CVE-2021-0893 RESERVED CVE-2021-0892 RESERVED CVE-2021-0891 RESERVED CVE-2021-0890 RESERVED CVE-2021-0889 RESERVED CVE-2021-0888 RESERVED CVE-2021-0887 RESERVED CVE-2021-0886 RESERVED CVE-2021-0885 RESERVED CVE-2021-0884 RESERVED CVE-2021-0883 RESERVED CVE-2021-0882 RESERVED CVE-2021-0881 RESERVED CVE-2021-0880 RESERVED CVE-2021-0879 RESERVED CVE-2021-0878 RESERVED CVE-2021-0877 RESERVED CVE-2021-0876 RESERVED CVE-2021-0875 RESERVED CVE-2021-0874 RESERVED CVE-2021-0873 RESERVED CVE-2021-0872 RESERVED CVE-2021-0871 RESERVED CVE-2021-0870 RESERVED NOT-FOR-US: Android CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2021-0868 RESERVED CVE-2021-0867 RESERVED CVE-2021-0866 RESERVED CVE-2021-0865 RESERVED CVE-2021-0864 RESERVED CVE-2021-0863 RESERVED CVE-2021-0862 RESERVED CVE-2021-0861 RESERVED CVE-2021-0860 RESERVED CVE-2021-0859 RESERVED CVE-2021-0858 RESERVED CVE-2021-0857 RESERVED CVE-2021-0856 RESERVED CVE-2021-0855 RESERVED CVE-2021-0854 RESERVED CVE-2021-0853 RESERVED CVE-2021-0852 RESERVED CVE-2021-0851 RESERVED CVE-2021-0850 RESERVED CVE-2021-0849 RESERVED CVE-2021-0848 RESERVED CVE-2021-0847 RESERVED CVE-2021-0846 RESERVED CVE-2021-0845 RESERVED CVE-2021-0844 RESERVED CVE-2021-0843 RESERVED CVE-2021-0842 RESERVED CVE-2021-0841 RESERVED CVE-2021-0840 RESERVED CVE-2021-0839 RESERVED CVE-2021-0838 RESERVED CVE-2021-0837 RESERVED CVE-2021-0836 RESERVED CVE-2021-0835 RESERVED CVE-2021-0834 RESERVED CVE-2021-0833 RESERVED CVE-2021-0832 RESERVED CVE-2021-0831 RESERVED CVE-2021-0830 RESERVED CVE-2021-0829 RESERVED CVE-2021-0828 RESERVED CVE-2021-0827 RESERVED CVE-2021-0826 RESERVED CVE-2021-0825 RESERVED CVE-2021-0824 RESERVED CVE-2021-0823 RESERVED CVE-2021-0822 RESERVED CVE-2021-0821 RESERVED CVE-2021-0820 RESERVED CVE-2021-0819 RESERVED CVE-2021-0818 RESERVED CVE-2021-0817 RESERVED CVE-2021-0816 RESERVED CVE-2021-0815 RESERVED CVE-2021-0814 RESERVED CVE-2021-0813 RESERVED CVE-2021-0812 RESERVED CVE-2021-0811 RESERVED CVE-2021-0810 RESERVED CVE-2021-0809 RESERVED CVE-2021-0808 RESERVED CVE-2021-0807 RESERVED CVE-2021-0806 RESERVED CVE-2021-0805 RESERVED CVE-2021-0804 RESERVED CVE-2021-0803 RESERVED CVE-2021-0802 RESERVED CVE-2021-0801 RESERVED CVE-2021-0800 RESERVED CVE-2021-0799 RESERVED CVE-2021-0798 RESERVED CVE-2021-0797 RESERVED CVE-2021-0796 RESERVED CVE-2021-0795 RESERVED CVE-2021-0794 RESERVED CVE-2021-0793 RESERVED CVE-2021-0792 RESERVED CVE-2021-0791 RESERVED CVE-2021-0790 RESERVED CVE-2021-0789 RESERVED CVE-2021-0788 RESERVED CVE-2021-0787 RESERVED CVE-2021-0786 RESERVED CVE-2021-0785 RESERVED CVE-2021-0784 RESERVED CVE-2021-0783 RESERVED CVE-2021-0782 RESERVED CVE-2021-0781 RESERVED CVE-2021-0780 RESERVED CVE-2021-0779 RESERVED CVE-2021-0778 RESERVED CVE-2021-0777 RESERVED CVE-2021-0776 RESERVED CVE-2021-0775 RESERVED CVE-2021-0774 RESERVED CVE-2021-0773 RESERVED CVE-2021-0772 RESERVED CVE-2021-0771 RESERVED CVE-2021-0770 RESERVED CVE-2021-0769 RESERVED CVE-2021-0768 RESERVED CVE-2021-0767 RESERVED CVE-2021-0766 RESERVED CVE-2021-0765 RESERVED CVE-2021-0764 RESERVED CVE-2021-0763 RESERVED CVE-2021-0762 RESERVED CVE-2021-0761 RESERVED CVE-2021-0760 RESERVED CVE-2021-0759 RESERVED CVE-2021-0758 RESERVED CVE-2021-0757 RESERVED CVE-2021-0756 RESERVED CVE-2021-0755 RESERVED CVE-2021-0754 RESERVED CVE-2021-0753 RESERVED CVE-2021-0752 RESERVED CVE-2021-0751 RESERVED CVE-2021-0750 RESERVED CVE-2021-0749 RESERVED CVE-2021-0748 RESERVED CVE-2021-0747 RESERVED CVE-2021-0746 RESERVED CVE-2021-0745 RESERVED CVE-2021-0744 RESERVED CVE-2021-0743 RESERVED CVE-2021-0742 RESERVED CVE-2021-0741 RESERVED CVE-2021-0740 RESERVED CVE-2021-0739 RESERVED CVE-2021-0738 RESERVED CVE-2021-0737 RESERVED CVE-2021-0736 RESERVED CVE-2021-0735 RESERVED CVE-2021-0734 RESERVED CVE-2021-0733 RESERVED CVE-2021-0732 RESERVED CVE-2021-0731 RESERVED CVE-2021-0730 RESERVED CVE-2021-0729 RESERVED CVE-2021-0728 RESERVED CVE-2021-0727 RESERVED CVE-2021-0726 RESERVED CVE-2021-0725 RESERVED CVE-2021-0724 RESERVED CVE-2021-0723 RESERVED CVE-2021-0722 RESERVED CVE-2021-0721 RESERVED CVE-2021-0720 RESERVED CVE-2021-0719 RESERVED CVE-2021-0718 RESERVED CVE-2021-0717 RESERVED CVE-2021-0716 RESERVED CVE-2021-0715 RESERVED CVE-2021-0714 RESERVED CVE-2021-0713 RESERVED CVE-2021-0712 RESERVED CVE-2021-0711 RESERVED CVE-2021-0710 RESERVED CVE-2021-0709 RESERVED CVE-2021-0708 RESERVED NOT-FOR-US: Android CVE-2021-0707 RESERVED CVE-2021-0706 RESERVED NOT-FOR-US: Android CVE-2021-0705 RESERVED NOT-FOR-US: Android CVE-2021-0704 RESERVED CVE-2021-0703 RESERVED NOT-FOR-US: Android CVE-2021-0702 RESERVED NOT-FOR-US: Android CVE-2021-0701 RESERVED CVE-2021-0700 RESERVED CVE-2021-0699 RESERVED CVE-2021-0698 RESERVED CVE-2021-0697 RESERVED CVE-2021-0696 RESERVED CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...) - linux (Android-specific xt_qtaguid code) NOTE: https://source.android.com/security/bulletin/2021-09-01 CVE-2021-0694 RESERVED CVE-2021-0693 (In openFile of HeapDumpProvider.java, there is a possible way to retri ...) NOT-FOR-US: Android CVE-2021-0692 (In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a p ...) NOT-FOR-US: Android CVE-2021-0691 (In the SELinux policy configured in system_app.te, there is a possible ...) NOT-FOR-US: Android CVE-2021-0690 (In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a pos ...) NOT-FOR-US: Android media framework CVE-2021-0689 (In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2021-0688 (In lockNow of PhoneWindowManager.java, there is a possible lock screen ...) NOT-FOR-US: Android CVE-2021-0687 (In ellipsize of Layout.java, there is a possible ANR due to improper i ...) NOT-FOR-US: Android CVE-2021-0686 (In getDefaultSmsPackage of RoleManagerService.java, there is a possibl ...) NOT-FOR-US: Android CVE-2021-0685 (In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parc ...) NOT-FOR-US: Android CVE-2021-0684 (In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2021-0683 (In runTraceIpcStop of ActivityManagerShellCommand.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-0682 (In sendAccessibilityEvent of NotificationManagerService.java, there is ...) NOT-FOR-US: Android CVE-2021-0681 (In system properties, there is a possible information disclosure due t ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0679 RESERVED CVE-2021-0678 RESERVED CVE-2021-0677 RESERVED CVE-2021-0676 RESERVED CVE-2021-0675 RESERVED CVE-2021-0674 RESERVED CVE-2021-0673 RESERVED CVE-2021-0672 RESERVED CVE-2021-0671 RESERVED CVE-2021-0670 RESERVED CVE-2021-0669 RESERVED CVE-2021-0668 RESERVED CVE-2021-0667 RESERVED CVE-2021-0666 RESERVED CVE-2021-0665 RESERVED CVE-2021-0664 RESERVED CVE-2021-0663 RESERVED CVE-2021-0662 RESERVED CVE-2021-0661 RESERVED CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...) NOT-FOR-US: Mediatek CVE-2021-0659 RESERVED CVE-2021-0658 RESERVED CVE-2021-0657 RESERVED CVE-2021-0656 RESERVED CVE-2021-0655 RESERVED CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...) NOT-FOR-US: Android CVE-2021-0653 RESERVED CVE-2021-0652 RESERVED NOT-FOR-US: Android CVE-2021-0651 RESERVED NOT-FOR-US: Android CVE-2021-0650 RESERVED CVE-2021-0649 RESERVED CVE-2021-0648 RESERVED CVE-2021-0647 RESERVED CVE-2021-0646 (In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-0644 (In conditionallyRemoveIdentifiers of SubscriptionController.java, ther ...) NOT-FOR-US: Android CVE-2021-0643 RESERVED NOT-FOR-US: Android CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...) NOT-FOR-US: Android CVE-2021-0641 (In getAvailableSubscriptionInfoList of SubscriptionController.java, th ...) NOT-FOR-US: Android CVE-2021-0640 (In noteAtomLogged of StatsdStats.cpp, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2021-0639 (In multiple functions of libl3oemcrypto.cpp, there is a possible weakn ...) NOT-FOR-US: Widevine CVE-2021-0638 RESERVED CVE-2021-0637 RESERVED CVE-2021-0636 (When extracting the incorrectly formatted avi file, the memory is dama ...) NOT-FOR-US: UniSoc components for Android CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory is dama ...) NOT-FOR-US: UniSoc components for Android CVE-2021-0634 RESERVED CVE-2021-0633 RESERVED CVE-2021-0632 RESERVED CVE-2021-0631 RESERVED CVE-2021-0630 RESERVED CVE-2021-0629 RESERVED CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...) NOT-FOR-US: Mediatek CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integer ov ...) NOT-FOR-US: Mediatek CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2021-0625 RESERVED CVE-2021-0624 RESERVED CVE-2021-0623 RESERVED CVE-2021-0622 RESERVED CVE-2021-0621 RESERVED CVE-2021-0620 RESERVED CVE-2021-0619 RESERVED CVE-2021-0618 RESERVED CVE-2021-0617 RESERVED CVE-2021-0616 RESERVED CVE-2021-0615 RESERVED CVE-2021-0614 RESERVED CVE-2021-0613 RESERVED CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...) NOT-FOR-US: Mediatek CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...) NOT-FOR-US: Mediatek CVE-2021-0610 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: Mediatek CVE-2021-0609 RESERVED CVE-2021-0608 (In handleAppLaunch of AppLaunchActivity.java, there is a possible arbi ...) NOT-FOR-US: Pixel CVE-2021-0607 (In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware p ...) NOT-FOR-US: Pixel CVE-2021-0606 (In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use ...) - linux (Vulnerability specific to 4.14.y backporting) NOTE: https://source.android.com/security/bulletin/pixel/2021-06-01 CVE-2021-0605 (In pfkey_dump of af_key.c, there is a possible out-of-bounds read due ...) - linux 5.8.7-1 [buster] - linux 4.19.152-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac CVE-2021-0604 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possi ...) NOT-FOR-US: Android CVE-2021-0603 (In onCreate of ContactSelectionActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2021-0602 (In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a ...) NOT-FOR-US: Android CVE-2021-0601 (In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of boun ...) NOT-FOR-US: Android media framework CVE-2021-0600 (In onCreate of DeviceAdminAdd.java, there is a possible way to mislead ...) NOT-FOR-US: Android CVE-2021-0599 (In scheduleTimeoutLocked of NotificationRecord.java, there is a possib ...) NOT-FOR-US: Android CVE-2021-0598 (In onCreate of ConfirmConnectActivity.java, there is a possible pairin ...) NOT-FOR-US: Android CVE-2021-0597 (In notifyProfileAdded and notifyProfileRemoved of SipService.java, the ...) NOT-FOR-US: Android CVE-2021-0596 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...) NOT-FOR-US: Android CVE-2021-0595 (In lockAllProfileTasks of RootWindowContainer.java, there is a possibl ...) NOT-FOR-US: Android CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...) NOT-FOR-US: Android CVE-2021-0593 (In sendDevicePickedIntent of DevicePickerFragment.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...) NOT-FOR-US: Widevine CVE-2021-0591 (In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, ther ...) NOT-FOR-US: Android CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...) NOT-FOR-US: Android CVE-2021-0589 (In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2021-0588 (In processInboundMessage of MceStateMachine.java, there is a possible ...) NOT-FOR-US: Android CVE-2021-0587 (In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible ...) NOT-FOR-US: Android media framework CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way to t ...) NOT-FOR-US: Android CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...) NOT-FOR-US: Android CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2021-0583 (In onCreate of BluetoothPairingDialog, there is a possible way to enab ...) NOT-FOR-US: Android CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0580 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0579 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0578 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0576 (In flv extractor, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0575 RESERVED CVE-2021-0574 (In asf extractor, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0573 (In asf extractor, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0572 (In doNotification of AccountManagerService.java, there is a possible p ...) NOT-FOR-US: Android CVE-2021-0571 (In ActivityTaskManagerService.startActivity() and AppTaskImpl.startAct ...) NOT-FOR-US: Android CVE-2021-0570 (In sendBugreportNotification of BugreportProgressService.java, there i ...) NOT-FOR-US: Android CVE-2021-0569 (In onStart of ContactsDumpActivity.java, there is possible access to c ...) NOT-FOR-US: Android CVE-2021-0568 (In onReceive of DevicePolicyManagerService.java, there is a possible e ...) NOT-FOR-US: Android CVE-2021-0567 (In isRestricted of RemoteViews.java, there is a possible way to inject ...) NOT-FOR-US: Android CVE-2021-0566 (In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of ...) NOT-FOR-US: Android media framework CVE-2021-0565 (In wrapUserThread of AudioStream.cpp, there is a possible use after fr ...) NOT-FOR-US: Android media framework CVE-2021-0564 (In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due ...) NOT-FOR-US: Android media framework CVE-2021-0563 (In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a poss ...) NOT-FOR-US: Android media framework CVE-2021-0562 (In RasterIntraUpdate of motion_est.cpp, there is a possible out of bou ...) NOT-FOR-US: Android media framework CVE-2021-0561 (In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a ...) NOT-FOR-US: Android media framework CVE-2021-0560 RESERVED CVE-2021-0559 (In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android media framework CVE-2021-0558 (In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2021-0557 (In setRange of ABuffer.cpp, there is a possible out of bounds write du ...) NOT-FOR-US: Android media framework CVE-2021-0556 (In getBlockSum of fastcodemb.cpp, there is a possible out of bounds re ...) NOT-FOR-US: Android media framework CVE-2021-0555 (In RenderStruct of protostream_objectsource.cc, there is a possible cr ...) NOT-FOR-US: Android CVE-2021-0554 (In isBackupServiceActive of BackupManagerService.java, there is a miss ...) NOT-FOR-US: Android CVE-2021-0553 (In onBindViewHolder of AppSwitchPreference.java, there is a possible b ...) NOT-FOR-US: Android CVE-2021-0552 (In getEndItemSliceAction of MediaOutputSlice.java, there is a possible ...) NOT-FOR-US: Android CVE-2021-0551 (In bind of MediaControlPanel.java, there is a possible way to lock up ...) NOT-FOR-US: Android CVE-2021-0550 (In onLoadFailed of AnnotateActivity.java, there is a possible way to g ...) NOT-FOR-US: Android CVE-2021-0549 (In sspRequestCallback of BondStateMachine.java, there is a possible le ...) NOT-FOR-US: Android CVE-2021-0548 (In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2021-0547 (In onReceive of NetInitiatedActivity.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2021-0546 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...) NOT-FOR-US: Android CVE-2021-0545 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...) NOT-FOR-US: Android CVE-2021-0544 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...) NOT-FOR-US: Android CVE-2021-0543 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...) NOT-FOR-US: Android CVE-2021-0542 (In updateNotification of BeamTransferManager.java, there is a missing ...) NOT-FOR-US: Android CVE-2021-0541 (In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there i ...) NOT-FOR-US: Android CVE-2021-0540 (In halWrapperDataCallback of hal_wrapper.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2021-0539 (In archiveStoredConversation of MmsService.java, there is a possible w ...) NOT-FOR-US: Android CVE-2021-0538 (In onCreate of EmergencyCallbackModeExitDialog.java, there is a possib ...) NOT-FOR-US: Android CVE-2021-0537 (In onCreate of WiFiInstaller.java, there is a possible way to install ...) NOT-FOR-US: Android CVE-2021-0536 (In dropFile of WiFiInstaller, there is a way to delete files accessibl ...) NOT-FOR-US: Android CVE-2021-0535 (In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possib ...) NOT-FOR-US: Android CVE-2021-0534 (In permission declarations of DeviceAdminReceiver.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-0533 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0532 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0531 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0530 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0529 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0528 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0527 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0526 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0524 RESERVED CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...) NOT-FOR-US: Android CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...) NOT-FOR-US: Android CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible inform ...) NOT-FOR-US: Android CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there ...) NOT-FOR-US: Android media framework CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...) NOT-FOR-US: Google Play CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...) NOT-FOR-US: Android CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a possible ...) NOT-FOR-US: Android CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of b ...) NOT-FOR-US: Android CVE-2021-0515 (In Factory::CreateStrictFunctionMap of factory.cc, there is a possible ...) NOT-FOR-US: Android CVE-2021-0514 (In several functions of the V8 library, there is a possible use after ...) NOT-FOR-US: Android CVE-2021-0513 (In deleteNotificationChannel and related functions of NotificationMana ...) NOT-FOR-US: Android CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c, there is a ...) {DLA-2689-1} - linux 5.10.19-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f CVE-2021-0511 (In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode i ...) NOT-FOR-US: Android CVE-2021-0510 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android media framework CVE-2021-0509 (In various functions of CryptoPlugin.cpp, there is a possible use afte ...) NOT-FOR-US: Android media framework CVE-2021-0508 (In various functions of DrmPlugin.cpp, there is a possible use after f ...) NOT-FOR-US: Android media framework CVE-2021-0507 (In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2021-0506 (In ActivityPicker.java, there is a possible bypass of user interaction ...) NOT-FOR-US: Android CVE-2021-0505 (In the Settings app, there is a possible way to disable an always-on V ...) NOT-FOR-US: Android CVE-2021-0504 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2021-0503 RESERVED CVE-2021-0502 RESERVED CVE-2021-0501 RESERVED CVE-2021-0500 RESERVED CVE-2021-0499 RESERVED CVE-2021-0498 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0497 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0496 (In memory management driver, there is a possible memory corruption due ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0495 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0494 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0493 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0492 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0491 (In memory management driver, there is a possible escalation of privile ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0490 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0489 (In memory management driver, there is a possible out of bounds write d ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2021-0486 (In onPackageAddedInternal of PermissionManagerService.java, there is p ...) NOT-FOR-US: Android CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypa ...) NOT-FOR-US: Android CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...) NOT-FOR-US: Android media framework CVE-2021-0483 RESERVED NOT-FOR-US: Android media framework CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible memory co ...) NOT-FOR-US: Android media framework CVE-2021-0481 (In onActivityResult of EditUserPhotoController.java, there is a possib ...) NOT-FOR-US: Android CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a possible broad ...) NOT-FOR-US: Android CVE-2021-0479 RESERVED CVE-2021-0478 (In updateDrawable of StatusBarIconView.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2021-0477 (In notifyScreenshotError of ScreenshotNotificationsController.java, th ...) NOT-FOR-US: Android CVE-2021-0476 (In FindOrCreatePeer of btif_av.cc, there is a possible use after free ...) NOT-FOR-US: Android CVE-2021-0475 (In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory c ...) NOT-FOR-US: Android CVE-2021-0474 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2021-0473 (In rw_t3t_process_error of rw_t3t.cc, there is a possible double free ...) NOT-FOR-US: Android CVE-2021-0472 (In shouldLockKeyguard of LockTaskController.java, there is a possible ...) NOT-FOR-US: Android CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android media framework CVE-2021-0470 RESERVED CVE-2021-0469 RESERVED CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0467 (In Chromecast bootROM, there is a possible out of bounds write due to ...) NOT-FOR-US: AMLogic CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...) NOT-FOR-US: Android CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of bounds writ ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0464 (In sound_trigger_event_alloc of platform.h, there is a possible out of ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0463 (In convertToHidl of convert.cpp, there is a possible out of bounds rea ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0462 (In the NXP NFC firmware, there is a possible insecure firmware update ...) NOT-FOR-US: NXP NFC firmware as used in Android/Pixel CVE-2021-0461 (In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possib ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0460 (In the FingerTipS touch screen driver, there is a possible out of boun ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0459 (In fts_driver_test_write of fts_proc.c, there is a possible out of bou ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0458 (In the FingerTipS touch screen driver, there is a possible out of boun ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0457 (In the FingerTipS touch screen driver, there is a possible out of boun ...) NOT-FOR-US: Android/Pixel kernel component not in mainline CVE-2021-0456 (In the Citadel chip firmware, there is a possible out of bounds write ...) NOT-FOR-US: Citadel chip firmware as used in Android/Pixel CVE-2021-0455 (In the Citadel chip firmware, there is a possible out of bounds write ...) NOT-FOR-US: Citadel chip firmware as used in Android/Pixel CVE-2021-0454 (In the Citadel chip firmware, there is a possible out of bounds write ...) NOT-FOR-US: Citadel chip firmware as used in Android/Pixel CVE-2021-0453 (In the Titan-M chip firmware, there is a possible disclosure of stack ...) NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel CVE-2021-0452 (In the Titan M chip firmware, there is a possible disclosure of stack ...) NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel CVE-2021-0451 (In the Titan M chip firmware, there is a possible disclosure of stack ...) NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel CVE-2021-0450 (In the Titan M chip firmware, there is a possible disclosure of stack ...) NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel CVE-2021-0449 (In the Titan M chip firmware, there is a possible disclosure of stack ...) NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel CVE-2021-0448 RESERVED CVE-2021-0447 RESERVED - linux 4.15.4-1 [stretch] - linux 4.9.228-1 CVE-2021-0446 (In ImportVCardActivity, there is a possible way to bypass user consent ...) NOT-FOR-US: Android CVE-2021-0445 (In start of WelcomeActivity.java, there is a possible residual profile ...) NOT-FOR-US: Android CVE-2021-0444 (In onActivityResult of QuickContactActivity.java, there is an unnecess ...) NOT-FOR-US: Android CVE-2021-0443 (In several functions of ScreenshotHelper.java and related files, there ...) NOT-FOR-US: Android CVE-2021-0442 (In updateInfo of android_hardware_input_InputApplicationHandle.cpp, th ...) NOT-FOR-US: Android CVE-2021-0441 (In onCreate of PermissionActivity.java, there is a possible permission ...) NOT-FOR-US: Android CVE-2021-0440 RESERVED CVE-2021-0439 (In setPowerModeWithHandle of com_android_server_power_PowerManagerServ ...) NOT-FOR-US: Android CVE-2021-0438 (In several functions of InputDispatcher.cpp, WindowManagerService.java ...) NOT-FOR-US: Android CVE-2021-0437 (In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. Th ...) NOT-FOR-US: Android media framework CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...) NOT-FOR-US: Android CVE-2021-0434 RESERVED CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2021-0432 (In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPulle ...) NOT-FOR-US: Android CVE-2021-0431 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2021-0430 (In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2021-0429 (In pollOnce of ALooper.cpp, there is possible memory corruption due to ...) NOT-FOR-US: Android CVE-2021-0428 (In getSimSerialNumber of TelephonyManager.java, there is a possible wa ...) NOT-FOR-US: Android CVE-2021-0427 (In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2021-0426 (In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a pos ...) NOT-FOR-US: Android CVE-2021-0425 (In memory management driver, there is a possible side channel informat ...) NOT-FOR-US: Mediatek CVE-2021-0424 (In memory management driver, there is a possible system crash due to a ...) NOT-FOR-US: Mediatek CVE-2021-0423 (In memory management driver, there is a possible information disclosur ...) NOT-FOR-US: Mediatek CVE-2021-0422 (In memory management driver, there is a possible system crash due to a ...) NOT-FOR-US: Mediatek CVE-2021-0421 (In memory management driver, there is a possible information disclosur ...) NOT-FOR-US: Mediatek CVE-2021-0420 (In memory management driver, there is a possible system crash due to a ...) NOT-FOR-US: Mediatek CVE-2021-0419 (In memory management driver, there is a possible system crash due to i ...) NOT-FOR-US: Mediatek CVE-2021-0418 (In memory management driver, there is a possible system crash due to i ...) NOT-FOR-US: Mediatek CVE-2021-0417 (In memory management driver, there is a possible system crash due to i ...) NOT-FOR-US: Mediatek CVE-2021-0416 (In memory management driver, there is a possible system crash due to i ...) NOT-FOR-US: Mediatek CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...) NOT-FOR-US: Mediatek CVE-2021-0414 RESERVED CVE-2021-0413 RESERVED CVE-2021-0412 RESERVED CVE-2021-0411 RESERVED CVE-2021-0410 RESERVED CVE-2021-0409 RESERVED CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...) NOT-FOR-US: Mediatek CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...) NOT-FOR-US: Mediatek CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...) NOT-FOR-US: MediaTek CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due to imp ...) NOT-FOR-US: MediaTek CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a missin ...) NOT-FOR-US: MediaTek CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper input ...) NOT-FOR-US: MediaTek CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek CVE-2021-0400 (In injectBestLocation and handleUpdateLocation of GnssLocationProvider ...) NOT-FOR-US: Android CVE-2021-0399 (In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruptio ...) - linux (Android-specific xt_qtaguid code) NOTE: https://source.android.com/security/bulletin/2021-03-01 CVE-2021-0398 (In bindServiceLocked of ActiveServices.java, there is a possible foreg ...) NOT-FOR-US: Android CVE-2021-0397 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system c ...) NOT-FOR-US: Android CVE-2021-0396 (In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc an ...) NOT-FOR-US: Android CVE-2021-0395 (In StopServicesAndLogViolations of reboot.cpp, there is possible memor ...) NOT-FOR-US: Android CVE-2021-0394 (In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a ...) NOT-FOR-US: Android CVE-2021-0393 (In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possi ...) NOT-FOR-US: Android CVE-2021-0392 (In main of main.cpp, there is a possible memory corruption due to a do ...) NOT-FOR-US: Android CVE-2021-0391 (In onCreate() of ChooseTypeAndAccountActivity.java, there is a possibl ...) NOT-FOR-US: Android CVE-2021-0390 (In various methods of WifiNetworkSuggestionsManager.java, there is a p ...) NOT-FOR-US: Android CVE-2021-0389 (In setNightModeActivated of UiModeManagerService.java, there is a miss ...) NOT-FOR-US: Android CVE-2021-0388 (In onReceive of ImsPhoneCallTracker.java, there is a possible misattri ...) NOT-FOR-US: Android CVE-2021-0387 (In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-a ...) NOT-FOR-US: Android CVE-2021-0386 (In onCreate of UsbConfirmActivity, there is a possible tapjacking vect ...) NOT-FOR-US: Android CVE-2021-0385 (In createConnectToAvailableNetworkNotification of ConnectToNetworkNoti ...) NOT-FOR-US: Android CVE-2021-0384 REJECTED CVE-2021-0383 (In done of CaptivePortalLoginActivity.java, there is a confused deputy ...) NOT-FOR-US: Android CVE-2021-0382 (In checkSlicePermission of SliceManagerService.java, there is a possib ...) NOT-FOR-US: Android CVE-2021-0381 (In updateNotifications of DeviceStorageMonitorService.java, there is a ...) NOT-FOR-US: Android CVE-2021-0380 (In onReceive of DcTracker.java, there is a possible way to trigger a p ...) NOT-FOR-US: Android CVE-2021-0379 (In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of boun ...) NOT-FOR-US: Android media framework CVE-2021-0378 (In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds re ...) NOT-FOR-US: Android media framework CVE-2021-0377 (In DeltaPerformer::Write of delta_performer.cc, there is a possible us ...) NOT-FOR-US: Android CVE-2021-0376 (In checkUriPermission and related functions of MediaProvider.java, the ...) NOT-FOR-US: Android CVE-2021-0375 (In onPackageModified of VoiceInteractionManagerService.java, there is ...) NOT-FOR-US: Android CVE-2021-0374 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there ...) NOT-FOR-US: Android media framework CVE-2021-0373 RESERVED CVE-2021-0372 (In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a poss ...) NOT-FOR-US: Android CVE-2021-0371 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2021-0370 (In Write of NxpMfcReader.cc, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2021-0369 (In CrossProfileAppsServiceImpl.java, there is the possibility of an ap ...) NOT-FOR-US: Android CVE-2021-0368 (In oggpack_look of bitwise.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android media framework CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0363 (In mobile_log_d, there is a possible command injection due to a missin ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0362 (In aee, there is a possible memory corruption due to a stack buffer ov ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0361 (In kisd, there is a possible out of bounds read due to improper input ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0360 (In netdiag, there is a possible out of bounds write due to an incorrec ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0359 (In netdiag, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0358 (In netdiag, there is a possible command injection due to improper inpu ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0357 (In netdiag, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0356 (In netdiag, there is a possible command injection due to improper inpu ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0355 (In kisd, there is a possible out of bounds write due to an integer ove ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0354 (In ged, there is a possible out of bounds write due to an integer over ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0353 (In kisd, there is a possible memory corruption due to a heap buffer ov ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0352 (In RT regmap driver, there is a possible memory corruption due to type ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0351 (In wlan driver, there is a possible system crash due to a missing boun ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0350 (In ged, there is a possible system crash due to an improper input vali ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0349 (In display driver, there is a possible memory corruption due to a use ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0348 (In vpu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0347 (In ccu, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0346 (In vpu, there is a possible out of bounds write due to an incorrect bo ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0345 (In mobile_log_d, there is a possible escalation of privilege due to im ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0344 (In mtkpower, there is a possible memory corruption due to a missing bo ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0343 (In kisd, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0342 (In tun_get_user of tun.c, there is possible memory corruption due to a ...) - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f CVE-2021-0341 (In verifyHostName of OkHostnameVerifier.java, there is a possible way ...) NOT-FOR-US: Android CVE-2021-0340 (In parseNextBox of IsoInterface.java, there is a possible leak of unre ...) NOT-FOR-US: Android CVE-2021-0339 (In loadAnimation of WindowContainer.java, there is a possible way to k ...) NOT-FOR-US: Android CVE-2021-0338 (In SystemSettingsValidators, there is a possible permanent denial of s ...) NOT-FOR-US: Android CVE-2021-0337 (In moveInMediaStore of FileSystemProvider.java, there is a possible fi ...) NOT-FOR-US: Android CVE-2021-0336 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...) NOT-FOR-US: Android CVE-2021-0335 (In process of C2SoftHevcDec.cpp, there is a possible out of bounds wri ...) NOT-FOR-US: Android media framework CVE-2021-0334 (In onTargetSelected of ResolverActivity.java, there is a possible sett ...) NOT-FOR-US: Android CVE-2021-0333 (In onCreate of BluetoothPermissionActivity.java, there is a possible p ...) NOT-FOR-US: Android CVE-2021-0332 (In bootFinished of SurfaceFlinger.cpp, there is a possible memory corr ...) NOT-FOR-US: Android media framework CVE-2021-0331 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...) NOT-FOR-US: Android CVE-2021-0330 (In add_user_ce and remove_user_ce of storaged.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2021-0329 (In several native functions called by AdvertiseManager.java, there is ...) NOT-FOR-US: Android CVE-2021-0328 (In onBatchScanReports and deliverBatchScan of GattService.java, there ...) NOT-FOR-US: Android CVE-2021-0327 (In getContentProviderImpl of ActivityManagerService.java, there is a p ...) NOT-FOR-US: Android CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of bounds wr ...) {DSA-4898-1 DLA-2572-1} - wpa 2:2.9.0-17 (bug #981971) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4 NOTE: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt NOTE: https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch NOTE: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e CVE-2021-0325 (In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible o ...) NOT-FOR-US: Android media framework CVE-2021-0324 (Product: AndroidVersions: Android SoCAndroid ID: A-175402462 ...) NOT-FOR-US: UniSoc components for Android CVE-2021-0323 RESERVED NOTE: Duplicate for CVE-2020-10767, clarification with Android security team pending CVE-2021-0322 (In onCreate of SlicePermissionActivity.java, there is a possible misle ...) NOT-FOR-US: Android CVE-2021-0321 (In enforceDumpPermissionForPackage of ActivityManagerService.java, the ...) NOT-FOR-US: Android CVE-2021-0320 (In is_device_locked and set_device_locked of keystore_keymaster_enforc ...) NOT-FOR-US: Android CVE-2021-0319 (In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there ...) NOT-FOR-US: Android CVE-2021-0318 (In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a ...) NOT-FOR-US: Android CVE-2021-0317 (In createOrUpdate of Permission.java and related code, there is possib ...) NOT-FOR-US: Android CVE-2021-0316 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2021-0315 (In onCreate of GrantCredentialsPermissionActivity.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-0314 (In onCreate of UninstallerActivity, there is a possible way to uninsta ...) NOT-FOR-US: Android CVE-2021-0313 (In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slo ...) NOT-FOR-US: Android CVE-2021-0312 (In WAVSource::read of WAVExtractor.cpp, there is a possible out of bou ...) NOT-FOR-US: Android media framework CVE-2021-0311 (In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, ther ...) NOT-FOR-US: Android media framework CVE-2021-0310 (In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possib ...) NOT-FOR-US: Android CVE-2021-0309 (In onCreate of grantCredentialsPermissionActivity, there is a confused ...) NOT-FOR-US: Android CVE-2021-0308 (In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds ...) {DLA-2549-1} - gdisk 1.0.6-1 [buster] - gdisk (Minor issue) NOTE: https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29 NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5 CVE-2021-0307 (In updatePermissionSourcePackage of PermissionManagerService.java, the ...) NOT-FOR-US: Android CVE-2021-0306 (In addAllPermissions of PermissionManagerService.java, there is a poss ...) NOT-FOR-US: Android CVE-2021-0305 (In PackageInstaller, there is a possible tapjacking attack due to an i ...) NOT-FOR-US: Android CVE-2021-0304 (In several functions of GlobalScreenshot.java, there is a possible per ...) NOT-FOR-US: Android CVE-2021-0303 (In dispatchGraphTerminationMessage() of packages/services/Car/computep ...) NOT-FOR-US: Android CVE-2021-0302 (In PackageInstaller, there is a possible tapjacking attack due to an i ...) NOT-FOR-US: Android CVE-2021-0301 (In ged, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0300 RESERVED CVE-2021-0299 RESERVED NOT-FOR-US: Juniper CVE-2021-0298 RESERVED CVE-2021-0297 RESERVED NOT-FOR-US: Juniper CVE-2021-0296 RESERVED NOT-FOR-US: Juniper CVE-2021-0295 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...) NOT-FOR-US: Juniper CVE-2021-0294 (A vulnerability in Juniper Networks Junos OS, which only affects the r ...) NOT-FOR-US: Juniper CVE-2021-0293 (A vulnerability in Juniper Networks Junos OS caused by Missing Release ...) NOT-FOR-US: Juniper CVE-2021-0292 (An Uncontrolled Resource Consumption vulnerability in the ARP daemon ( ...) NOT-FOR-US: Juniper CVE-2021-0291 (An Exposure of System Data vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2021-0290 (Improper Handling of Exceptional Conditions in Ethernet interface fram ...) NOT-FOR-US: Juniper CVE-2021-0289 (When user-defined ARP Policer is configured and applied on one or more ...) NOT-FOR-US: Juniper CVE-2021-0288 (A vulnerability in the processing of specific MPLS packets in Juniper ...) NOT-FOR-US: Juniper CVE-2021-0287 (In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Netwo ...) NOT-FOR-US: Juniper CVE-2021-0286 (A vulnerability in the handling of exceptional conditions in Juniper N ...) NOT-FOR-US: Juniper CVE-2021-0285 (An uncontrolled resource consumption vulnerability in Juniper Networks ...) NOT-FOR-US: Juniper CVE-2021-0284 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...) NOT-FOR-US: Juniper CVE-2021-0283 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...) NOT-FOR-US: Juniper CVE-2021-0282 (On Juniper Networks Junos OS devices with Multipath or add-path featur ...) NOT-FOR-US: Juniper CVE-2021-0281 (On Juniper Networks Junos OS devices configured with BGP origin valida ...) NOT-FOR-US: Juniper CVE-2021-0280 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...) NOT-FOR-US: Juniper CVE-2021-0279 (Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have Rab ...) NOT-FOR-US: Juniper CVE-2021-0278 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...) NOT-FOR-US: Juniper CVE-2021-0277 (An Out-of-bounds Read vulnerability in the processing of specially cra ...) NOT-FOR-US: Juniper CVE-2021-0276 (A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Ca ...) NOT-FOR-US: Juniper CVE-2021-0275 (A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Network ...) NOT-FOR-US: Juniper CVE-2021-0274 RESERVED CVE-2021-0273 (An always-incorrect control flow implementation in the implicit filter ...) NOT-FOR-US: Juniper CVE-2021-0272 (A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX1 ...) NOT-FOR-US: Juniper CVE-2021-0271 (A Double Free vulnerability in the software forwarding interface daemo ...) NOT-FOR-US: Juniper CVE-2021-0270 (On PTX Series and QFX10k Series devices with the "inline-jflow" featur ...) NOT-FOR-US: Juniper CVE-2021-0269 (The improper handling of client-side parameters in J-Web of Juniper Ne ...) NOT-FOR-US: Juniper CVE-2021-0268 (An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Re ...) NOT-FOR-US: Juniper CVE-2021-0267 (An Improper Input Validation vulnerability in the active-lease query p ...) NOT-FOR-US: Juniper CVE-2021-0266 (The use of multiple hard-coded cryptographic keys in cSRX Series softw ...) NOT-FOR-US: Juniper CVE-2021-0265 (An unvalidated REST API in the AppFormix Agent of Juniper Networks App ...) NOT-FOR-US: Juniper CVE-2021-0264 (A vulnerability in the processing of traffic matching a firewall filte ...) NOT-FOR-US: Juniper CVE-2021-0263 (A Data Processing vulnerability in the Multi-Service process (multi-sv ...) NOT-FOR-US: Juniper CVE-2021-0262 (Through routine static code analysis of the Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2021-0261 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...) NOT-FOR-US: Juniper CVE-2021-0260 (An improper authorization vulnerability in the Simple Network Manageme ...) NOT-FOR-US: Juniper CVE-2021-0259 (Due to a vulnerability in DDoS protection in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2021-0258 (A vulnerability in the forwarding of transit TCPv6 packets received on ...) NOT-FOR-US: Juniper CVE-2021-0257 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...) NOT-FOR-US: Juniper CVE-2021-0256 (A sensitive information disclosure vulnerability in the mosquitto mess ...) NOT-FOR-US: Juniper CVE-2021-0255 (A local privilege escalation vulnerability in ethtraceroute of Juniper ...) NOT-FOR-US: Juniper CVE-2021-0254 (A buffer size validation vulnerability in the overlayd service of Juni ...) NOT-FOR-US: Juniper CVE-2021-0253 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...) NOT-FOR-US: Juniper CVE-2021-0252 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...) NOT-FOR-US: Juniper CVE-2021-0251 (A NULL Pointer Dereference vulnerability in the Captive Portal Content ...) NOT-FOR-US: Juniper CVE-2021-0250 (In segment routing traffic engineering (SRTE) environments where the B ...) NOT-FOR-US: Juniper CVE-2021-0249 (On SRX Series devices configured with UTM services a buffer overflow v ...) NOT-FOR-US: Juniper CVE-2021-0248 (This issue is not applicable to NFX NextGen Software. On NFX Series de ...) NOT-FOR-US: Juniper CVE-2021-0247 (A Race Condition (Concurrent Execution using Shared Resource with Impr ...) NOT-FOR-US: Juniper CVE-2021-0246 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...) NOT-FOR-US: Juniper CVE-2021-0245 (A Use of Hard-coded Credentials vulnerability in Juniper Networks Juno ...) NOT-FOR-US: Juniper CVE-2021-0244 (A signal handler race condition exists in the Layer 2 Address Learning ...) NOT-FOR-US: Juniper CVE-2021-0243 (Improper Handling of Unexpected Data in the firewall policer of Junipe ...) NOT-FOR-US: Juniper CVE-2021-0242 (A vulnerability due to the improper handling of direct memory access ( ...) NOT-FOR-US: Juniper CVE-2021-0241 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...) NOT-FOR-US: Juniper CVE-2021-0240 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...) NOT-FOR-US: Juniper CVE-2021-0239 (In Juniper Networks Junos OS Evolved, receipt of a stream of specific ...) NOT-FOR-US: Juniper CVE-2021-0238 (When a MX Series is configured as a Broadband Network Gateway (BNG) ba ...) NOT-FOR-US: Juniper CVE-2021-0237 (On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QF ...) NOT-FOR-US: Juniper CVE-2021-0236 (Due to an improper check for unusual or exceptional conditions in Juni ...) NOT-FOR-US: Juniper CVE-2021-0235 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...) NOT-FOR-US: Juniper CVE-2021-0234 (Due to an improper Initialization vulnerability on Juniper Networks Ju ...) NOT-FOR-US: Juniper CVE-2021-0233 (A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Se ...) NOT-FOR-US: Juniper CVE-2021-0232 (An authentication bypass vulnerability in the Juniper Networks Paragon ...) NOT-FOR-US: Juniper CVE-2021-0231 (A path traversal vulnerability in the Juniper Networks SRX and vSRX Se ...) NOT-FOR-US: Juniper CVE-2021-0230 (On Juniper Networks SRX Series devices with link aggregation (lag) con ...) NOT-FOR-US: Juniper CVE-2021-0229 (An uncontrolled resource consumption vulnerability in Message Queue Te ...) NOT-FOR-US: Juniper CVE-2021-0228 (An improper check for unusual or exceptional conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2021-0227 (An improper restriction of operations within the bounds of a memory bu ...) NOT-FOR-US: Juniper CVE-2021-0226 (On Juniper Networks Junos OS Evolved devices, receipt of a specific IP ...) NOT-FOR-US: Juniper CVE-2021-0225 (An Improper Check for Unusual or Exceptional Conditions in Juniper Net ...) NOT-FOR-US: Juniper CVE-2021-0224 (A vulnerability in the handling of internal resources necessary to bri ...) NOT-FOR-US: Juniper CVE-2021-0223 (A local privilege escalation vulnerability in telnetd.real of Juniper ...) NOT-FOR-US: Juniper CVE-2021-0222 (A vulnerability in Juniper Networks Junos OS allows an attacker to cau ...) NOT-FOR-US: Juniper CVE-2021-0221 (In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway ...) NOT-FOR-US: Juniper CVE-2021-0220 (The Junos Space Network Management Platform has been found to store sh ...) NOT-FOR-US: Junos Space Network Management Platform CVE-2021-0219 (A command injection vulnerability in install package validation subsys ...) NOT-FOR-US: Juniper CVE-2021-0218 (A command injection vulnerability in the license-check daemon of Junip ...) NOT-FOR-US: Juniper CVE-2021-0217 (A vulnerability in processing of certain DHCP packets from adjacent cl ...) NOT-FOR-US: Juniper CVE-2021-0216 (A vulnerability in Juniper Networks Junos OS running on the ACX5448 an ...) NOT-FOR-US: Juniper CVE-2021-0215 (On Juniper Networks Junos EX series, QFX Series, MX Series and SRX bra ...) NOT-FOR-US: Juniper CVE-2021-0214 (A vulnerability in the distributed or centralized periodic packet mana ...) NOT-FOR-US: Juniper CVE-2021-0213 RESERVED CVE-2021-0212 (An Information Exposure vulnerability in Juniper Networks Contrail Net ...) NOT-FOR-US: Juniper CVE-2021-0211 (An improper check for unusual or exceptional conditions in Juniper Net ...) NOT-FOR-US: Juniper CVE-2021-0210 (An Information Exposure vulnerability in J-Web of Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2021-0209 (In Juniper Networks Junos OS Evolved an attacker sending certain valid ...) NOT-FOR-US: Juniper CVE-2021-0208 (An improper input validation vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper CVE-2021-0207 (An improper interpretation conflict of certain data between certain so ...) NOT-FOR-US: Juniper CVE-2021-0206 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2021-0205 (When the "Intrusion Detection Service" (IDS) feature is configured on ...) NOT-FOR-US: Juniper CVE-2021-0204 (A sensitive information disclosure vulnerability in delta-export confi ...) NOT-FOR-US: Juniper CVE-2021-0203 (On Juniper Networks EX and QFX5K Series platforms configured with Redu ...) NOT-FOR-US: Juniper CVE-2021-0202 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...) NOT-FOR-US: Juniper CVE-2021-0201 RESERVED CVE-2021-0200 RESERVED CVE-2021-0199 RESERVED CVE-2021-0198 RESERVED CVE-2021-0197 RESERVED CVE-2021-0196 (Improper access control in kernel mode driver for some Intel(R) NUC 9 ...) NOT-FOR-US: Intel CVE-2021-0195 RESERVED CVE-2021-0194 RESERVED CVE-2021-0193 RESERVED CVE-2021-0192 RESERVED CVE-2021-0191 RESERVED CVE-2021-0190 RESERVED CVE-2021-0189 RESERVED CVE-2021-0188 RESERVED CVE-2021-0187 RESERVED CVE-2021-0186 RESERVED CVE-2021-0185 RESERVED CVE-2021-0184 RESERVED CVE-2021-0183 RESERVED CVE-2021-0182 RESERVED CVE-2021-0181 RESERVED CVE-2021-0180 RESERVED CVE-2021-0179 RESERVED CVE-2021-0178 RESERVED CVE-2021-0177 RESERVED CVE-2021-0176 RESERVED CVE-2021-0175 RESERVED CVE-2021-0174 RESERVED CVE-2021-0173 RESERVED CVE-2021-0172 RESERVED CVE-2021-0171 RESERVED CVE-2021-0170 RESERVED CVE-2021-0169 RESERVED CVE-2021-0168 RESERVED CVE-2021-0167 RESERVED CVE-2021-0166 RESERVED CVE-2021-0165 RESERVED CVE-2021-0164 RESERVED CVE-2021-0163 RESERVED CVE-2021-0162 RESERVED CVE-2021-0161 RESERVED CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...) NOT-FOR-US: Intel CVE-2021-0159 RESERVED CVE-2021-0158 RESERVED CVE-2021-0157 RESERVED CVE-2021-0156 RESERVED CVE-2021-0155 RESERVED CVE-2021-0154 RESERVED CVE-2021-0153 RESERVED CVE-2021-0152 RESERVED CVE-2021-0151 RESERVED CVE-2021-0150 RESERVED CVE-2021-0149 RESERVED CVE-2021-0148 RESERVED CVE-2021-0147 RESERVED CVE-2021-0146 RESERVED CVE-2021-0145 RESERVED CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...) NOT-FOR-US: Intel CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...) NOT-FOR-US: Intel CVE-2021-0142 RESERVED CVE-2021-0141 RESERVED CVE-2021-0140 RESERVED CVE-2021-0139 RESERVED CVE-2021-0138 RESERVED CVE-2021-0137 RESERVED CVE-2021-0136 RESERVED CVE-2021-0135 RESERVED CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security Library ...) NOT-FOR-US: Intel CVE-2021-0133 (Key exchange without entity authentication in the Intel(R) Security Li ...) NOT-FOR-US: Intel CVE-2021-0132 (Missing release of resource after effective lifetime in an API for the ...) NOT-FOR-US: Intel CVE-2021-0131 (Use of cryptographically weak pseudo-random number generator (PRNG) in ...) NOT-FOR-US: Intel CVE-2021-0130 RESERVED CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user to po ...) {DSA-4951-1 DLA-2692-1 DLA-2690-1 DLA-2689-1} - bluez 5.55-3.1 (bug #989614) - linux 5.10.40-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738 NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html CVE-2021-0128 RESERVED CVE-2021-0127 RESERVED CVE-2021-0126 RESERVED CVE-2021-0125 RESERVED CVE-2021-0124 RESERVED CVE-2021-0123 RESERVED CVE-2021-0122 RESERVED CVE-2021-0121 RESERVED CVE-2021-0120 RESERVED CVE-2021-0119 RESERVED CVE-2021-0118 RESERVED CVE-2021-0117 RESERVED CVE-2021-0116 RESERVED CVE-2021-0115 RESERVED CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT featur ...) NOT-FOR-US: Intel CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...) NOT-FOR-US: Intel CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...) NOT-FOR-US: Intel CVE-2021-0111 RESERVED CVE-2021-0110 RESERVED CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...) NOT-FOR-US: Intel CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...) NOT-FOR-US: Intel CVE-2021-0107 RESERVED CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...) NOT-FOR-US: Intel CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...) NOT-FOR-US: Intel CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...) NOT-FOR-US: Intel CVE-2021-0103 RESERVED CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...) NOT-FOR-US: Intel CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...) NOT-FOR-US: Intel CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...) NOT-FOR-US: Intel CVE-2021-0099 RESERVED CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...) NOT-FOR-US: Intel CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...) NOT-FOR-US: Intel CVE-2021-0096 RESERVED CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...) NOT-FOR-US: Intel CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...) NOT-FOR-US: Intel CVE-2021-0093 RESERVED CVE-2021-0092 RESERVED CVE-2021-0091 RESERVED CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...) NOT-FOR-US: Intel CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...) {DSA-4931-1} - xen 4.14.2+25-gb6a8c4f72d-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-375.html NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html CVE-2021-0088 RESERVED CVE-2021-0087 RESERVED CVE-2021-0086 (Observable response discrepancy in floating-point operations for some ...) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). NOT-FOR-US: Intel CVE-2021-0085 RESERVED CVE-2021-0084 (Improper input validation in the Intel(R) Ethernet Controllers X722 an ...) NOT-FOR-US: Intel CVE-2021-0083 (Improper input validation in some Intel(R) Optane(TM) PMem versions be ...) NOT-FOR-US: Intel CVE-2021-0082 RESERVED CVE-2021-0081 RESERVED CVE-2021-0080 RESERVED CVE-2021-0079 RESERVED CVE-2021-0078 RESERVED CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...) NOT-FOR-US: Intel CVE-2021-0076 RESERVED CVE-2021-0075 RESERVED CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...) NOT-FOR-US: Intel CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...) NOT-FOR-US: Intel CVE-2021-0072 RESERVED CVE-2021-0071 RESERVED CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...) NOT-FOR-US: Intel CVE-2021-0069 RESERVED CVE-2021-0068 RESERVED CVE-2021-0067 (&nbsp;Improper access control in system firmware for some Intel(R) ...) NOT-FOR-US: Intel CVE-2021-0066 RESERVED CVE-2021-0065 RESERVED CVE-2021-0064 RESERVED CVE-2021-0063 RESERVED CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers before ver ...) NOT-FOR-US: Intel drivers for Windows CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...) NOT-FOR-US: Intel drivers for Windows CVE-2021-0060 RESERVED CVE-2021-0059 RESERVED CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...) NOT-FOR-US: Intel CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...) NOT-FOR-US: Intel CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...) NOT-FOR-US: Intel CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop ...) NOT-FOR-US: Intel CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...) NOT-FOR-US: Intel CVE-2021-0053 RESERVED CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...) NOT-FOR-US: Intel CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...) NOT-FOR-US: Intel CVE-2021-0050 RESERVED CVE-2021-0049 RESERVED CVE-2021-0048 RESERVED CVE-2021-0047 RESERVED CVE-2021-0046 RESERVED CVE-2021-0045 RESERVED CVE-2021-0044 RESERVED CVE-2021-0043 RESERVED CVE-2021-0042 RESERVED CVE-2021-0041 RESERVED CVE-2021-0040 RESERVED CVE-2021-0039 RESERVED CVE-2021-0038 RESERVED CVE-2021-0037 RESERVED CVE-2021-0036 RESERVED CVE-2021-0035 RESERVED CVE-2021-0034 RESERVED CVE-2021-0033 RESERVED CVE-2021-0032 RESERVED CVE-2021-0031 RESERVED CVE-2021-0030 RESERVED CVE-2021-0029 RESERVED CVE-2021-0028 RESERVED CVE-2021-0027 RESERVED CVE-2021-0026 RESERVED CVE-2021-0025 RESERVED CVE-2021-0024 RESERVED CVE-2021-0023 RESERVED CVE-2021-0022 RESERVED CVE-2021-0021 RESERVED CVE-2021-0020 RESERVED CVE-2021-0019 RESERVED CVE-2021-0018 RESERVED CVE-2021-0017 RESERVED CVE-2021-0016 RESERVED CVE-2021-0015 RESERVED CVE-2021-0014 RESERVED CVE-2021-0013 RESERVED CVE-2021-0012 (Use after free in some Intel(R) Graphics Driver before version 27.20.1 ...) NOT-FOR-US: Intel drivers for Windows CVE-2021-0011 RESERVED CVE-2021-0010 RESERVED CVE-2021-0009 (Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 ...) NOT-FOR-US: Intel CVE-2021-0008 (Uncontrolled resource consumption in firmware for Intel(R) Ethernet Ad ...) NOT-FOR-US: Intel CVE-2021-0007 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...) NOT-FOR-US: Intel CVE-2021-0006 (Improper conditions check in firmware for Intel(R) Ethernet Adapters 8 ...) NOT-FOR-US: Intel CVE-2021-0005 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...) NOT-FOR-US: Intel CVE-2021-0004 (Improper buffer restrictions in the firmware of Intel(R) Ethernet Adap ...) NOT-FOR-US: Intel CVE-2021-0003 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...) NOT-FOR-US: Intel CVE-2021-0002 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...) NOT-FOR-US: Intel CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...) NOT-FOR-US: Intel CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...) {DLA-2623-1} - qemu 1:5.2+dfsg-10 (bug #986795) [buster] - qemu (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 NOTE: https://www.openwall.com/lists/oss-security/2021/03/09/1 NOTE: New patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00949.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8be45cc947832b3c02144c9d52921f499f2d77fe NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9 CVE-2021-28375 (An issue was discovered in the Linux kernel through 5.11.6. fastrpc_in ...) - linux 5.10.24-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6 (5.12-rc3) NOTE: https://lore.kernel.org/stable/YD03ew7+6v0XPh6l@kroah.com