summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xbin/gen-DSA13
-rwxr-xr-xbin/grab-cve-in-fix414
-rwxr-xr-xbin/merge-cve-files58
-rwxr-xr-xbin/remove-cve-dist-tags6
-rwxr-xr-xbin/tracker_service.py5
-rwxr-xr-xbin/update-vuln369
-rw-r--r--conf/cvelist.el2
-rw-r--r--data/CVE/2000.list2
-rw-r--r--data/CVE/2003.list6
-rw-r--r--data/CVE/2004.list6
-rw-r--r--data/CVE/2005.list5
-rw-r--r--data/CVE/2007.list6
-rw-r--r--data/CVE/2008.list6
-rw-r--r--data/CVE/2010.list6
-rw-r--r--data/CVE/2012.list11
-rw-r--r--data/CVE/2013.list8
-rw-r--r--data/CVE/2014.list6
-rw-r--r--data/CVE/2015.list8
-rw-r--r--data/CVE/2016.list51
-rw-r--r--data/CVE/2017.list147
-rw-r--r--data/CVE/2018.list228
-rw-r--r--data/CVE/2019.list439
-rw-r--r--data/CVE/2020.list1805
-rw-r--r--data/CVE/2021.list19001
-rw-r--r--data/CVE/2022.list11863
-rw-r--r--data/DLA/list296
-rw-r--r--data/DSA/list265
-rw-r--r--data/dla-needed.txt97
-rw-r--r--data/dsa-needed.txt33
-rw-r--r--data/embedded-code-copies183
-rw-r--r--data/next-oldstable-point-update.txt142
-rw-r--r--data/next-point-update.txt150
-rw-r--r--data/packages/removed-packages3
-rw-r--r--doc/security-team.d.o/glossary17
-rw-r--r--doc/security-team.d.o/security_tracker154
-rw-r--r--org/lts-frontdesk.2022.txt88
36 files changed, 28215 insertions, 7684 deletions
diff --git a/bin/gen-DSA b/bin/gen-DSA
index f909ca504d..346214c2ff 100755
--- a/bin/gen-DSA
+++ b/bin/gen-DSA
@@ -195,7 +195,7 @@ while [ $# -gt 0 ]; do
[cC][vV][eE]-*)
CVE="$CVE $(toupper "$1")"
;;
- [0-9][0-9][0-9][0-9][0-9][0-9]|[#][0-9]*)
+ [0-9][0-9][0-9][0-9][0-9][0-9][0-9]|[#][0-9]*)
BUGNUM="$BUGNUM ${1#\#}"
;;
*)
@@ -372,8 +372,10 @@ for dist in $CODENAMES; do
[ -z "$version" ] || DISTS="${DISTS},${dist}"
done
+DISTS="${DISTS#,}"
+
if [ -n "${DISTS}" ]; then
- bin/remove-cve-dist-tags "${DISTS#,}" "${PACKAGE}" ${CVE}
+ bin/remove-cve-dist-tags "${DISTS}" "${PACKAGE}" ${CVE}
fi
if ! $save; then
@@ -412,9 +414,12 @@ EOF
echo "$IDMODE text written to ./$IDMODE-$DAID"
if [ "$IDMODE" = "DLA" ] || [ "$IDMODE" = "ELA" ]; then
idmode=$(echo "$IDMODE" | tr A-Z a-z)
+ if [ -n "${DISTS}" ]; then
+ extracvefile=`jq -r ".distributions.${DISTS}.maincvefile // empty" data/config.json`
+ fi
if [ -d .git ]; then
echo "Made the following changes:"
- git diff -- data/$IDMODE/list data/CVE/list $needed_file
+ git diff -- data/$IDMODE/list data/CVE/list $extracvefile $needed_file
if ! git diff-index --name-only HEAD -- $needed_file | grep -qs . && [ $TYPE = security ]; then
warn "did not make any changes to $needed_file - this may indicate duplicate work or misspelled package name"
fi
@@ -424,7 +429,7 @@ EOF
echo -n "Do you want to commit and push them now ? [Yn] "
read reply
if [ "$reply" = "Y" ] || [ "$reply" = "" ] || [ "$reply" = "y" ]; then
- git add data/$IDMODE/list data/CVE/list $needed_file
+ git add data/$IDMODE/list data/CVE/list $extracvefile $needed_file
git commit -m "Reserve $IDMODE-$DAID for $PACKAGE"
git push origin master
fi
diff --git a/bin/grab-cve-in-fix b/bin/grab-cve-in-fix
new file mode 100755
index 0000000000..98ea9cd476
--- /dev/null
+++ b/bin/grab-cve-in-fix
@@ -0,0 +1,414 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+"""
+grab-cve-in-fix - #1001451
+
+- queries the latest version of source:<package_name> in unstable
+- extracts all mentioned CVE IDs from the change
+- creates a correctly formatted CVE snippet with the recorded fixes that
+ can be reviewed and merged into the main data/CVE/list
+"""
+
+#
+# Copyright 2021-2022 Neil Williams <codehelp@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+#
+
+# pylint: disable=too-few-public-methods,line-too-long,too-many-instance-attributes,too-many-branches
+
+# Examples:
+# --archive https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html
+# --tracker https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/
+
+import argparse
+import os
+import glob
+import logging
+import re
+import sys
+import requests
+
+# depends on python3-apt
+import apt_pkg
+
+# depends on python3-debian
+from debian.deb822 import Changes
+
+import setup_paths # noqa # pylint: disable=unused-import
+from sectracker.parsers import (
+ sourcepackages,
+ FlagAnnotation,
+ StringAnnotation,
+ PackageAnnotation,
+ Bug,
+ cvelist,
+ writecvelist,
+)
+
+
+class ParseChanges:
+ """Base for parsing DEB822 content into a CVE list"""
+
+ def __init__(self, url):
+ self.url = url
+ self.source_package = None
+ self.cves = []
+ self.bugs = {}
+ self.parsed = []
+ self.unstable_version = None
+ self.tracker_base = "https://security-tracker.debian.org/tracker/source-package/"
+ self.logger = logging.getLogger("grab-cve-in-fix")
+ self.logger.setLevel(logging.DEBUG)
+ # console logging
+ ch_log = logging.StreamHandler()
+ ch_log.setLevel(logging.DEBUG)
+ formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s")
+ ch_log.setFormatter(formatter)
+ self.logger.addHandler(ch_log)
+ apt_pkg.init_system() # pylint: disable=c-extension-no-member
+
+ def _read_cvelist(self):
+ os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
+ data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ for cve in self.cves:
+ for bug in data:
+ if bug.header.name == cve:
+ self.bugs[cve] = bug
+ package_checks = {}
+ cve_notes = {}
+ for cve, bug in self.bugs.items():
+ self.logger.info("%s: %s", bug.header.name, bug.header.description)
+ for line in bug.annotations:
+ if isinstance(line, PackageAnnotation):
+ package_checks.setdefault(cve, [])
+ package_checks[cve].append(line.package)
+ if isinstance(line, StringAnnotation) or isinstance(line, FlagAnnotation):
+ cve_notes.setdefault(cve, [])
+ cve_notes[cve].append(line.type)
+ if cve not in package_checks:
+ self.logger.error("CVE %s is not attributed to a Debian package: %s", cve, cve_notes.get(cve, ""))
+ elif self.source_package not in package_checks[cve]:
+ self.logger.warning(
+ "%s is listed against %s, not %s", cve, list(set(package_checks[cve])), self.source_package
+ )
+ if not self.cves:
+ self.logger.warning(
+ "no CVEs found in the changes output " "for %s %s",
+ self.source_package,
+ self.unstable_version,
+ )
+
+ def parse(self):
+ """Parser-specific code to pick out the DEB822 content"""
+ raise NotImplementedError
+
+ def _read_changes(self):
+ if not self.parsed:
+ return
+ rel = Changes(self.parsed)
+ changes = rel.get("Changes")
+ if not changes:
+ self.logger.error("%s %s\n", rel, self.parsed)
+ return
+ self.source_package = rel.get("Source")
+ self.unstable_version = rel.get("Version")
+ match = None
+ for log in changes.splitlines():
+ match = re.findall(r"(CVE-[0-9]{4}-[0-9]+)", log)
+ if match:
+ self.cves += match
+
+ def add_unstable_version(self):
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<src_package>.list
+ Fails if the file already exists.
+
+ Prints error if any of the listed CVEs are not found
+ for the specified source_package.
+
+ If a new version is set, the fixed version for the CVE will
+ be updated to that version. Uses python3-apt to only update
+ if the version is declared, by apt, to be newer.
+
+ A typo in the CVE ID *may* cause a CVE to be declared as
+ fixed in the wrong source package. This is complicated by
+ the need to allow for embedded copies and removed packages.
+ """
+ modified = []
+ cve_file = f"{self.source_package}.list"
+ cves = sorted(set(self.cves))
+ cves.reverse()
+ for cve in cves:
+ if cve not in self.bugs:
+ self.logger.error(
+ "%s was not found in the Security Tracker CVE list! Check %s%s - "
+ "possible typo in the package changelog? Check the list of CVEs "
+ "in the security tracker and use this script again, in offline mode."
+ " ./bin grab-cve-in-fix --src %s --cves corrected-cve",
+ cve,
+ self.tracker_base,
+ self.source_package,
+ self.source_package,
+ )
+ continue
+ for line in self.bugs[cve].annotations:
+ if not isinstance(line, PackageAnnotation):
+ continue # skip notes etc.
+ if line.release: # only update unstable
+ continue
+ if line.package != self.source_package:
+ self.logger.info(
+ "Ignoring %s annotation for %s",
+ cve,
+ line.package,
+ )
+ continue # allow for removed, old or alternate pkg names
+ if line.version:
+ vcompare = apt_pkg.version_compare( # pylint: disable=c-extension-no-member
+ line.version, self.unstable_version
+ )
+ if vcompare < 0:
+ self.logger.info("Updating %s to %s", line.version, self.unstable_version)
+ mod_line = line._replace(version=self.unstable_version)
+ index = self.bugs[cve].annotations.index(line)
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list[index] = mod_line
+ mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+ modified.append(mod_bug)
+ elif vcompare > 0:
+ self.logger.error(
+ "%s is listed as fixed in %s which is newer than %s",
+ cve,
+ line.version,
+ self.unstable_version,
+ )
+ else:
+ self.logger.info(
+ "%s already has annotation for - %s %s",
+ cve,
+ self.source_package,
+ line.version,
+ )
+ else:
+ mod_line = line._replace(version=self.unstable_version)
+ index = self.bugs[cve].annotations.index(line)
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list[index] = mod_line
+ mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+ modified.append(mod_bug)
+ if not modified:
+ return 0
+ if os.path.exists(cve_file):
+ self.logger.critical("%s already exists", cve_file)
+ return -1
+ for cve in modified:
+ self.logger.info(
+ "Writing to ./%s with update for %s - %s %s",
+ cve_file,
+ cve.header.name,
+ self.source_package,
+ self.unstable_version,
+ )
+ with open(cve_file, "a") as snippet:
+ writecvelist(modified, snippet)
+ return 0
+
+
+class ParseSources(ParseChanges):
+ """Read latest version in unstable from updated local Sources files"""
+
+ def parse(self):
+ """
+ Support to pick up unstable_version from the local packages cache.
+
+ Also supports explicitly setting the version for times when
+ the package has received an unrelated update in unstable.
+ """
+ if self.unstable_version:
+ self.logger.info("Using forced version: %s", self.unstable_version)
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+ self.logger.info("Retrieving data from local packages data...")
+ if not self.source_package or not self.cves:
+ self.logger.error("for offline use, specify both --src and --cves options")
+ return 1
+ # self.url contains pkgdir which needs to contain Sources files
+ os.chdir(self.url)
+ for srcs_file in glob.glob("sid*Sources"):
+ srcs = sourcepackages(srcs_file) # pylint: disable=no-value-for-parameter
+ if srcs.get(self.source_package):
+ self.unstable_version = srcs[self.source_package].version
+ # src package is only listed in one Sources file
+ break
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+class ParseTrackerAccepted(ParseChanges):
+ """
+ Download and parse Accepted tracker NEWS
+
+ e.g. https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/
+ """
+
+ MARKER = '<div class="email-news-body">'
+
+ def parse(self):
+ self.logger.info("Retrieving data from distro-tracker...")
+ req = requests.get(self.url)
+ if req.status_code != requests.codes.ok: # pylint: disable=no-member
+ return 2
+ self.parsed = []
+ for line in req.text.splitlines():
+ if not self.parsed and not line.startswith(self.MARKER):
+ continue
+ if self.MARKER in line:
+ line = line.replace(self.MARKER, "")
+ if "<pre>" in line:
+ line = line.replace("<pre>", "")
+ if line.startswith("\t"):
+ line = line.replace("\t", "")
+ self.parsed.append(line)
+ if line.startswith("</pre>"):
+ break
+ self._read_changes()
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+class ParseDDChanges(ParseChanges):
+ """
+ Download and parse an email in the debian-devel-changes archive
+
+ e.g. https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html
+ """
+
+ def parse(self):
+ self.logger.info("Retrieving data from debian-devel-changes archive...")
+ req = requests.get(self.url)
+ if req.status_code != requests.codes.ok: # pylint: disable=no-member
+ return 3
+ for line in req.text.splitlines():
+ if not self.parsed and not line.startswith("<pre>"):
+ continue
+ pars = line.replace("<pre>", "")
+ self.parsed.append(pars)
+ if line.startswith("</pre>"):
+ break
+ self._read_changes()
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+class ParseDDStdIn(ParseChanges):
+ """
+ Parse an email originating from debian-devel-changes passed
+ on STDIN
+ """
+
+ MARKER = "-----BEGIN PGP SIGNED MESSAGE-----"
+
+ def parse(self):
+ self.logger.info("Retrieving data STDIN ...")
+ content = sys.stdin.read()
+ for line in content.splitlines():
+ if not self.parsed and not line.startswith(self.MARKER):
+ continue
+ self.parsed.append(line)
+ if not self.parsed:
+ self.logger.warning("Unable to find PGP marker - unsigned content?")
+ return 1
+ self._read_changes()
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+def main():
+ """
+ 1: Provide an option to parse the email from debian-devel-changes
+ 2: Provide an option to lookup the information using tracker.d.o
+ 3: Provide an option to read an email from debian-devel-changes on stdin
+ 4: Fallback to lookup the information in the local apt-cache
+ data populated by 'make update-packages'
+ data/packages/sid__main_Sources
+ data/packages/sid__contrib_Sources
+ data/packages/sid__non-free_Sources
+ """
+ parser = argparse.ArgumentParser(
+ description="Grab CVE data from a package upload for manual review",
+ usage="%(prog)s [-h] [[--input] | [--archive URL] | [--tracker TRACKER]] | "
+ "[[--src SRC] & [--cves [CVES ...]]]",
+ epilog="Data is written to a new <source_package>.list " "file which can be used with './bin/merge-cve-files'",
+ )
+ online = parser.add_argument_group(
+ "Online - query one of distro-tracker or " "debian-devel-changes mail archive or debian-devel-changes email"
+ )
+ online.add_argument(
+ "--input",
+ action="store_true",
+ help="Read from a debian-devel-changes email on STDIN",
+ )
+ online.add_argument(
+ "--archive",
+ help="URL of debian-devel-changes " "announcement in the list archive",
+ )
+ online.add_argument(
+ "--tracker",
+ help="URL of tracker.debian.org 'Accepted NEWS' page for unstable",
+ )
+ offline = parser.add_argument_group(
+ "Offline - run 'make update-packages' first & specify source package and CVE list"
+ )
+ offline.add_argument("--src", help="Source package name to look up version in local packages files")
+ offline.add_argument(
+ "--force-version",
+ help="Explicitly set the fixed version, in case sid has moved ahead.",
+ )
+ offline.add_argument("--cves", nargs="*", help="CVE ID tag with version from local packages files")
+ args = parser.parse_args()
+ if args.input:
+ data = ParseDDStdIn(args.input)
+ return data.parse()
+ if args.archive:
+ data = ParseDDChanges(args.archive)
+ return data.parse()
+ if args.tracker:
+ data = ParseTrackerAccepted(args.tracker)
+ return data.parse()
+ pkg_dir = os.path.join(".", "data", "packages")
+ if os.path.exists(pkg_dir):
+ data = ParseSources(pkg_dir)
+ data.source_package = args.src
+ data.cves = args.cves
+ if args.force_version:
+ data.unstable_version = args.force_version
+ return data.parse()
+ logger = logging.getLogger("grab-cve-in-fix")
+ logger.error("Unable to parse package data!")
+ return -1
+
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/bin/merge-cve-files b/bin/merge-cve-files
index a26e38ab68..36dee7acd5 100755
--- a/bin/merge-cve-files
+++ b/bin/merge-cve-files
@@ -4,13 +4,53 @@
# the main one.
#
# Copyright © 2020 Emilio Pozuelo Monfort <pochu@debian.org>
+# Copyright (c) 2021-2022 Neil Williams <codehelp@debian.org>
-import os.path
+import os
import sys
import setup_paths # noqa
from debian_support import internRelease
-from sectracker.parsers import cvelist, writecvelist, PackageAnnotation, FlagAnnotation, XrefAnnotation
+from sectracker.parsers import (
+ Bug,
+ cvelist,
+ writecvelist,
+ PackageAnnotation,
+ FlagAnnotation,
+ StringAnnotation,
+ XrefAnnotation
+)
+
+def merge_notes(bug, notes):
+ """
+ Special support for StringAnnotations.
+
+ notes is a dict containing a list of string annotations for
+ each CVE in the file being merged. Pick out the string annotations
+ for this bug, ignore if already exist, append if new.
+ """
+ new_notes = []
+ cve = bug.header.name
+ merge_list = notes.get(cve) # list of notes to merge
+ if not merge_list:
+ # nothing to merge
+ return bug
+ tagged_notes = [note.description for note in merge_list]
+ bug_notes = [ann.description for ann in bug.annotations if isinstance(ann, StringAnnotation)]
+ # get the list items in tagged_notes which are not in bug_notes
+ new_strings = list(set(tagged_notes) - set(bug_notes))
+ if not new_strings:
+ return bug
+ for new_ann in merge_list:
+ if new_ann.description in new_strings:
+ new_notes.append(new_ann)
+ bug_list = list(bug.annotations)
+ bug_list.extend(new_notes)
+ mod_bug = Bug(
+ bug.file, bug.header, tuple(bug_list)
+ )
+ return mod_bug
+
def merge_annotations(annotations, new_annotation):
if not isinstance(new_annotation, PackageAnnotation):
@@ -86,12 +126,26 @@ extra_data = parse_list(extra_list)
for extra_bug in extra_data:
bug = next(bug for bug in data if bug.header.name == extra_bug.header.name)
+ notes = {}
new_annotations = bug.annotations
for extra_annotation in extra_bug.annotations:
+ if isinstance(extra_annotation, FlagAnnotation):
+ continue
+ if isinstance(extra_annotation, StringAnnotation):
+ cve = f"{extra_bug.header.name}"
+ note_tag = notes.setdefault(cve, [])
+ note_tag.append(extra_annotation)
+ continue
new_annotations = merge_annotations(new_annotations, extra_annotation)
bug = bug._replace(annotations=new_annotations)
+ bug = merge_notes(bug, notes)
data = [bug if bug.header.name == old_bug.header.name else old_bug for old_bug in data]
with open(main_list, 'w') as f:
writecvelist(data, f)
+
+# check for and erase an .xpck file built from the merge
+xpck = f"{extra_list}.xpck"
+if os.path.exists(xpck):
+ os.unlink(xpck)
diff --git a/bin/remove-cve-dist-tags b/bin/remove-cve-dist-tags
index 6e8d7214eb..18db2a0257 100755
--- a/bin/remove-cve-dist-tags
+++ b/bin/remove-cve-dist-tags
@@ -56,6 +56,12 @@ for cve in data:
if keep_annotation(cve, annotation)
)
cve = cve._replace(annotations=annotations)
+ if not cve.annotations:
+ # this shouldn't happen on a normal CVE file as we're only removing
+ # the dist specific tags, but it may happen in an ExtendFile, in
+ # which case we don't want to keep an empty CVE entry
+ continue
+
new_data.append(cve)
with open(main_list, 'w') as f:
diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index 4fe311c92e..4092a58bd9 100755
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -458,7 +458,7 @@ data source.""")],
def gen_source():
old_pkg = ''
- for (package, releases, version, vulnerable) \
+ for (package, release, version, vulnerable) \
in self.db.getSourcePackages(cursor, bug.name):
if package == old_pkg:
package = ''
@@ -476,8 +476,7 @@ data source.""")],
else:
vuln = 'fixed'
- releases = sorted(releases, key = debian_support.internRelease)
- yield package, ', '.join(releases), version, vuln
+ yield package, ', '.join(release), version, vuln
page.append(make_table(gen_source(),
title=H2('Vulnerable and fixed packages'),
diff --git a/bin/update-vuln b/bin/update-vuln
new file mode 100755
index 0000000000..f6f93f2e46
--- /dev/null
+++ b/bin/update-vuln
@@ -0,0 +1,369 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+ update-vuln - #1001453
+
+ - mark a given released suite (stable/oldstable/LTS) as <not-affected>
+ for a specific CVE ID
+ - add a bug number to an existing CVE entry
+ - add a NOTE: entry to an existing CVE
+
+Only make one change to one CVE at a time. Review and merge that
+change and delete the merged file before updating the same CVE.
+
+The workflow would be:
+./bin/update-vuln --cve CVE-YYYY-NNNNN ...
+# on exit zero:
+./bin/merge-cve-files ./CVE-YYYY-NNNNN.list
+# review change to data/CVE/list
+git diff data/CVE/list
+rm ./CVE-YYYY-NNNNN.list
+# .. repeat
+git add data/CVE/list
+git commit
+
+"""
+# Copyright 2021-2022 Neil Williams <codehelp@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+import os
+import argparse
+import bisect
+import logging
+import sys
+
+import setup_paths # noqa # pylint: disable=unused-import
+from sectracker.parsers import (
+ PackageAnnotation,
+ PackageBugAnnotation,
+ StringAnnotation,
+ Bug,
+ cvelist,
+ writecvelist,
+)
+
+# pylint: disable=line-too-long
+
+
+class ParseUpdates:
+ """
+ Update a CVE with requested changes and produce a file for
+ manual review and use with merge-cve-files.
+ """
+
+ def __init__(self):
+ self.cves = []
+ self.bugs = {}
+ self.marker = "aaaaaaaaaaaaa" # replacement for NoneType to always sort first
+ self.logger = logging.getLogger("update-vuln")
+ self.logger.setLevel(logging.DEBUG)
+ # console logging
+ ch_log = logging.StreamHandler()
+ ch_log.setLevel(logging.DEBUG)
+ formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s")
+ ch_log.setFormatter(formatter)
+ self.logger.addHandler(ch_log)
+
+ def _read_cvelist(self):
+ """Build a list of Bug items for the CVE from data/CVE/list"""
+ os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
+ data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ for cve in self.cves:
+ for bug in data:
+ if bug.header.name == cve:
+ self.bugs[cve] = bug
+
+ def _add_annotation_to_cve(self, cve, annotation):
+ """
+ Adds an annotation to a CVE entry.
+
+ StringAnnotation - appended to the end
+ PackageAnnotation - inserted in alphabetical order by release
+
+ Accounts for PackageAnnotation.release == None for unstable.
+ """
+ if isinstance(annotation, PackageAnnotation):
+ store = {ann.release: ann for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)}
+ store[annotation.release] = annotation
+ # this is needed despite python3 >= 3.7 having ordered dicts
+ # because using the dict.keys() would need a copy of that list anyway.
+ existing = [ann.release for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)]
+ if None in existing:
+ # release == None for unstable
+ index = existing.index(None)
+ existing[index] = self.marker
+ insertion = annotation.release if annotation.release else self.marker
+
+ # bisect cannot work with NoneType
+ bisect.insort(existing, insertion)
+
+ if self.marker in existing:
+ index = existing.index(self.marker)
+ existing[index] = None
+
+ bug_list = []
+ for item in existing:
+ bug_list.append(store[item])
+
+ elif isinstance(annotation, StringAnnotation):
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list.append(annotation)
+ else:
+ raise ValueError(f"Unsupported annotation type: {type(annotation)}")
+
+ return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+
+ def _replace_annotation_on_line(self, cve, line, mod_line):
+ index = self.bugs[cve].annotations.index(line)
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list[index] = mod_line
+ return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+
+ def write_modified(self, modified, cve_file):
+ """
+ Write out a CVE snippet for review and merge
+
+ Fails if the file already exists.
+ """
+ if not modified:
+ return 0
+ if not isinstance(modified, list):
+ return 0
+ if os.path.exists(cve_file):
+ self.logger.critical(
+ "%s already exists - merge the update and remove the file first.",
+ cve_file,
+ )
+ return -1
+ for cve in modified:
+ self.logger.info("Writing to ./%s with update for %s", cve_file, cve.header.name)
+ with open(cve_file, "a") as snippet:
+ writecvelist(modified, snippet)
+ return 0
+
+ def mark_not_affected(self, suite, src, description):
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<cve>.list
+ Fails if the file already exists.
+ """
+ release = suite
+ if suite in ("unstable", "sid"):
+ # special handling for unstable
+ suite = None
+ release = "unstable"
+ modified = []
+ cve = self.cves[0]
+ cve_file = f"{cve}.list"
+ existing = [line.release for line in self.bugs[cve].annotations if isinstance(line, PackageAnnotation)]
+ if suite not in existing:
+ # line type release package kind version description flags
+ line = PackageAnnotation(0, "package", suite, src, "not-affected", None, description, [])
+ mod_bug = self._add_annotation_to_cve(cve, line)
+ modified.append(mod_bug)
+ for line in self.bugs[cve].annotations:
+ if not isinstance(line, PackageAnnotation):
+ continue # skip notes etc.
+ if line.release != suite:
+ continue
+ if line.package != src:
+ continue
+ # need to define the allowed changes
+ # if fixed, version would need to be undone too.
+ if line.kind == "not-affected":
+ self.logger.info("Nothing to do for %s in %s.", cve, suite)
+ return
+ mod_line = line._replace(kind="not-affected")
+ self.logger.info("Modified %s for %s in %s to <not-affected>", cve, src, release)
+ if mod_line.version:
+ self.logger.info("Removing version %s", line.version)
+ ver_line = mod_line
+ mod_line = ver_line._replace(version=None)
+ if description:
+ self.logger.info("Replacing description %s", line.description)
+ desc_line = mod_line
+ mod_line = desc_line._replace(description=description)
+ elif mod_line.description:
+ self.logger.info("Removing description %s", line.description)
+ desc_line = mod_line
+ mod_line = desc_line._replace(description=None)
+ # removing a bug annotation is not covered, yet.
+ mod_bug = self._replace_annotation_on_line(cve, line, mod_line)
+ modified.append(mod_bug)
+ self.write_modified(modified, cve_file)
+
+ def add_note(self, note):
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<cve>.list
+ Fails if the file already exists.
+ """
+ # use _add_annotation_to_cve to add the note
+ modified = []
+ cve = self.cves[0]
+ cve_file = f"{cve}.list"
+ existing = [note.description for note in self.bugs[cve].annotations if isinstance(note, StringAnnotation)]
+ if note in existing:
+ self.logger.info("Note already exists, ignoring")
+ return
+ new_note = StringAnnotation(line=0, type="NOTE", description=note)
+ mod_bug = self._add_annotation_to_cve(cve, new_note)
+ modified.append(mod_bug)
+ self.write_modified(modified, cve_file)
+
+ def add_bug_number(self, bug, itp=False): # pylint: disable=too-many-locals
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<cve>.list
+ Fails if the file already exists.
+ """
+ # bugs only apply to unstable (or itp)
+ modified = []
+ cve = self.cves[0]
+ cve_file = f"{cve}.list"
+ existing = [
+ pkg.flags
+ for pkg in self.bugs[cve].annotations
+ if isinstance(pkg, PackageAnnotation)
+ if not pkg.release and pkg.kind != "removed"
+ ]
+ bugs = [bug for sublist in existing for bug in sublist]
+ if bugs:
+ self.logger.warning("%s already has a bug annotation for unstable: %s", cve, bugs[0].bug)
+ return -1
+ pkgs = [
+ pkg
+ for pkg in self.bugs[cve].annotations
+ if isinstance(pkg, PackageAnnotation)
+ if not pkg.release and pkg.kind != "removed"
+ ]
+ if itp:
+ # no useful entry will exist in pkgs
+ new_flags = [PackageBugAnnotation(bug)]
+ new_pkg = PackageAnnotation(
+ 0,
+ "package",
+ None,
+ itp,
+ "itp",
+ None,
+ None,
+ new_flags,
+ )
+ others = []
+ else:
+ if not pkgs:
+ self.logger.error("%s does not have a package annotation.", cve)
+ return -1
+ old_pkg = pkgs[0]
+ if itp and old_pkg.kind == "fixed":
+ self.logger.error("%s is already marked as <fixed> but --itp flag was set.", cve)
+ return -3
+ new_flags = [PackageBugAnnotation(bug)]
+ new_pkg = PackageAnnotation(
+ old_pkg.line,
+ old_pkg.type,
+ old_pkg.release,
+ old_pkg.package,
+ old_pkg.kind,
+ old_pkg.version,
+ old_pkg.description,
+ new_flags,
+ )
+ bug_list = list(self.bugs[cve].annotations)
+ others = [pkg for pkg in bug_list if pkg.line != old_pkg.line]
+ bug_list = list(self.bugs[cve].annotations)
+ # may need to retain the original order.
+ new_list = [new_pkg] + others
+ mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(new_list))
+ modified.append(mod_bug)
+ self.write_modified(modified, cve_file)
+ return 0
+
+ def load_cve(self, cve):
+ """Load all data for the specified CVE"""
+ self.logger.info("Loading data for %s...", cve)
+ self.cves.append(cve)
+ self._read_cvelist()
+
+
+def main():
+ """
+ This script does NOT reparse the output file - create, review and
+ merge ONE update at a time.
+ (For some operations, check-new-issues may be more suitable).
+
+ For example, --bug 100 --itp intended_pkg_name
+ then, merge-cve-list, then:
+ --note "URL:"
+ """
+ parser = argparse.ArgumentParser(
+ description="Make a single update to specified CVE data as not-affected, add bug number or add a note",
+ usage="%(prog)s [-h] --cve CVE [--src SRC --suite SUITE "
+ "[--description DESCRIPTION]] | [[--number NUMBER] [--itp SRC]] | [--note NOTE]",
+ epilog="Data is written to a new <cve_number>.list "
+ "file which can be used with './bin/merge-cve-files'. "
+ "Make sure the output file is merged and removed before "
+ "updating the same CVE again.",
+ )
+
+ required = parser.add_argument_group("Required arguments")
+ required.add_argument("--cve", required=True, help="The CVE ID to update")
+
+ affected = parser.add_argument_group(
+ "Marking a CVE as not-affected - must use --src and --suite "
+ "Optionally add a description or omit to remove the current description"
+ )
+ # needs to specify the src_package as well as suite to cope with removed etc.
+ affected.add_argument("--src", help="Source package name in SUITE")
+ affected.add_argument("--suite", default="unstable", help="Mark the CVE as <not-affected> in SUITE")
+ affected.add_argument(
+ "--description",
+ help="Optional description of why the SRC is unaffected in SUITE",
+ )
+
+ buggy = parser.add_argument_group("Add a bug number to the CVE")
+ buggy.add_argument("--number", help="Debian BTS bug number")
+ buggy.add_argument(
+ "--itp",
+ metavar="SRC",
+ help="Mark as an ITP bug for the specified source package name",
+ )
+
+ notes = parser.add_argument_group("Add a NOTE: entry to the CVE")
+ notes.add_argument("--note", help="Content of the NOTE: entry to add to the CVE")
+
+ args = parser.parse_args()
+ parser = ParseUpdates()
+ parser.load_cve(args.cve)
+
+ logger = logging.getLogger("update-vuln")
+ if not parser.bugs:
+ logger.critical("Unable to parse CVE ID %s", args.cve)
+ return -1
+ if args.src and args.suite:
+ parser.mark_not_affected(args.suite, args.src, args.description)
+ if args.note:
+ parser.add_note(args.note)
+ if args.number:
+ # to set itp properly, the source package name also needs to be set.
+ parser.add_bug_number(args.number, args.itp)
+ return 0
+
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/conf/cvelist.el b/conf/cvelist.el
index d35874980e..0242d4fca5 100644
--- a/conf/cvelist.el
+++ b/conf/cvelist.el
@@ -81,7 +81,7 @@
(defun debian-cvelist-cvesearch ()
"Look up a CVE ID at the MITRE website."
(interactive)
- (browse-url (concat "https://cve.mitre.org/cgi-bin/cvename.cgi?name=" (thing-at-point 'symbol))))
+ (browse-url (concat "https://www.cve.org/CVERecord?id=" (thing-at-point 'symbol))))
(defun debian-cvelist-ptslookup ()
"Look up a package name in Debian Package Tracker."
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index 4d09587612..d795255720 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1022,7 +1022,7 @@ CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote at
NOT-FOR-US: Cisco
CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords v ...)
NOT-FOR-US: Microsoft
-CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...)
+CVE-2000-0484 (Small HTTP Server ver 3.06 contains a memory corruption bug causing a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 9b08fd165b..ad61892565 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,9 @@
+CVE-2003-5003
+ RESERVED
+CVE-2003-5002
+ RESERVED
+CVE-2003-5001
+ RESERVED
CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote s ...)
- curl 7.10.7-1
NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index a3b1af215a..3a95f73424 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1809,11 +1809,11 @@ CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to
CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
- clamav 0.68.1
CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows rem ...)
- NOT-FOR-US: Mcafee FreeScan
+ NOT-FOR-US: McAfee FreeScan
CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.1 ...)
NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service a ...)
- NOT-FOR-US: Mcafee FreeScan
+ NOT-FOR-US: McAfee FreeScan
CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
NOT-FOR-US: Panda ActiveScan
CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
@@ -6187,7 +6187,7 @@ CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag whe
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to c ...)
- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a d ...)
- NOT-FOR-US: mcafee
+ NOT-FOR-US: McAfee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to c ...)
{DSA-443}
- xfree86 4.2.1-6
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index e655115ee8..d5b0e08cad 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,3 +1,5 @@
+CVE-2005-10001
+ RESERVED
CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version ...)
- glibc 2.3.5-3
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=661
@@ -30,7 +32,8 @@ CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and
[lenny] - shadow <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
- sudo 1.7.4p4 (low; bug #657784)
- NOTE: sudo might be fixed earlier, use_pty present in stable
+ NOTE: sudo might be fixed earlier, use_pty present in stable. Only since 1.9.6-1~exp2
+ NOTE: use_pty is added to default configuration.
CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...)
- rpm 4.7.0-1 (bug #584257; unimportant)
NOTE: Marking as unimportant since rpm isn't used as a package manager
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 0f12a169a0..3a8985e71a 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,5 @@
+CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustio ...)
+ NOT-FOR-US: StarWind
CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...)
NOT-FOR-US: SAS Drug Development (SDD)
CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...)
@@ -7663,7 +7665,7 @@ CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1
- wordpress 2.2.1-1
[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...)
- NOT-FOR-US: Pluxml
+ - pluxml <undetermined>
CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...)
NOT-FOR-US: Kurinton sHTTPd
CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...)
@@ -7927,7 +7929,7 @@ CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attacker
CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...)
NOT-FOR-US: Pharmacy System
CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...)
- NOT-FOR-US: Pluxml
+ - pluxml <undetermined>
CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...)
NOT-FOR-US: Dagger
CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index f6a7b9e8ab..605b8fb349 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,3 +1,5 @@
+CVE-2008-10001
+ RESERVED
CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...)
NOT-FOR-US: tubepress plugin for WordPress
CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...)
@@ -2630,7 +2632,7 @@ CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog b
CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...)
NOT-FOR-US: Juniper NetScreen ScreenOS
CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in Op ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technol ...)
NOT-FOR-US: Celoxis Technologies Celoxis
CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when magic ...)
@@ -6890,7 +6892,7 @@ CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin
CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FT ...)
NOT-FOR-US: FlashGet FTP
CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...)
NOT-FOR-US: Libra File Manager
CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute arbitr ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 8f778de65a..9ff03ef468 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,5 @@
+CVE-2010-10001
+ RESERVED
CVE-2010-5340 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
NOT-FOR-US: IceWarp Webclient
CVE-2010-5339 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
@@ -75,11 +77,13 @@ CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1)
CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
- {DSA-3249-1 DLA-258-1}
+ {DSA-3249-1 DLA-2889-1 DLA-258-1}
+ - drupal7 <removed>
- jqueryui 1.10.1+dfsg-1
- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
NOTE: http://bugs.jqueryui.com/ticket/6016
NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
+ NOTE: https://www.drupal.org/sa-core-2022-002
CVE-2010-5311
RESERVED
CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index aaccf05cff..d986dec88d 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,3 +1,5 @@
+CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the "&lt;object data='data:text ...)
+ NOT-FOR-US: PrestaShop
CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress does not cl ...)
NOT-FOR-US: Limit Login Attempts plugin for WordPress
CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
@@ -4969,9 +4971,9 @@ CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain priv
CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and e ...)
NOT-FOR-US: Tunnelblick
CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
- NOT-FOR-US: PluXml
+ - pluxml <undetermined>
CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
- NOT-FOR-US: PluXml
+ - pluxml <undetermined>
CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...)
NOT-FOR-US: Neoinvoice
CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...)
@@ -5608,10 +5610,11 @@ CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerabili
[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
[wheezy] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
- - gnome-shell <unfixed> (unimportant)
+ - gnome-shell 3.34.0-2 (unimportant)
NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
- NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
+ NOTE: Problem with GNOME Shell's NPAPI browser extension which is not shipped
+ NOTE: anymore since GNOME 3.32.
CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...)
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index bc0f675557..9fc3286a3f 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,3 +1,7 @@
+CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...)
+ NOT-FOR-US: StarWind
+CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...)
+ NOT-FOR-US: Z-Wave devices
CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...)
NOT-FOR-US: Elemin
CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
@@ -156,7 +160,7 @@ CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux k
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
- - linux <unfixed>
+ - linux <unfixed> (bug #1000886)
[bullseye] - linux <ignored> (Minor issue, requires invasive changes)
[buster] - linux <ignored> (Minor issue, requires invasive changes)
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
@@ -19122,7 +19126,7 @@ CVE-2013-0341 [external entity expansion]
REJECTED
CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion un ...)
[experimental] - expat 2.4.1-1
- - expat <unfixed> (unimportant)
+ - expat 2.4.1-2 (unimportant; bug #1001864)
NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
NOTE: https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0340.html
CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities expan ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index ab8fd028d0..2a1783abae 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -5195,8 +5195,8 @@ CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtim
NOTE: webkit not covered by security support
CVE-2014-8599
RESERVED
-CVE-2014-8597
- RESERVED
+CVE-2014-8597 (A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.0 ...)
+ NOT-FOR-US: PHP-Fusion
CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...)
NOT-FOR-US: PHP-Fusion
CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
@@ -16519,7 +16519,7 @@ CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow r
CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the Participants ...)
NOT-FOR-US: WordPress plugin Participants Database
CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...)
- libfep <itp> (bug #658575)
CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the Configurat ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 787b5a0494..4456217dd6 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,3 +1,9 @@
+CVE-2015-10002
+ RESERVED
+CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...)
+ NOT-FOR-US: WordPress plugin
CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
NOT-FOR-US: WordPress plugin
CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
@@ -5271,7 +5277,7 @@ CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows re
CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in administra ...)
NOT-FOR-US: Joomla!
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 3e6f99b8d6..d7e669870d 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,8 @@
+CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...)
+ NOTE: https://akkadia.org/drepper/SHA-crypt.txt
+ NOTE: https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
+ NOTE: https://twitter.com/solardiz/status/795601240151457793
+ TODO: check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact
CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...)
- openssh <unfixed> (unimportant)
NOTE: https://github.com/openssh/openssh-portable/pull/270
@@ -8522,7 +8527,7 @@ CVE-2016-1000239
CVE-2016-1000238
RESERVED
CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing attack due ...)
- node-cookie-signature 1.1.0-1 (unimportant; bug #838618)
NOTE: https://nodesecurity.io/advisories/134
@@ -11733,6 +11738,8 @@ CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Con
NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
NOTE: https://mantisbt.org/bugs/view.php?id=21263
CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
- jqueryui 1.12.1+dfsg-1
[jessie] - jqueryui <no-dsa> (Minor issue)
[wheezy] - jqueryui <no-dsa> (Minor issue)
@@ -11740,6 +11747,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12
NOTE: https://github.com/jquery/jquery-ui/pull/1622
NOTE: https://github.com/jquery/jquery-ui/pull/1632
NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
+ NOTE: https://www.drupal.org/sa-core-2022-002
CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
{DSA-3663-1 DLA-614-1}
- xen 4.8.0~rc3-1
@@ -14002,21 +14010,26 @@ CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.
CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...)
NOT-FOR-US: Cloudera
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://github.com/resteasy/Resteasy/commit/7cc46c65b11de69b87ef8850dc68cca3de8cd7c6 (3.1.0.CR1)
CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception hand ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372124
CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://issues.jboss.org/browse/RESTEASY-1484 (not public)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372120
CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive informa ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372117
CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a ...)
NOT-FOR-US: Red Hat JBoss bpm Suite
CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Re ...)
@@ -14732,7 +14745,7 @@ CVE-2016-1000103
REJECTED
CVE-2016-1000102
REJECTED
-CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
+CVE-2016-1000027 (Pivotal Spring Framework through 5.3.16 suffers from a potential remot ...)
- libspring-java 4.2.7-1 (unimportant)
NOTE: https://www.tenable.com/security/research/tra-2016-20
NOTE: This is not a vulnerability in Spring itself, just how applications are using it
@@ -22027,9 +22040,9 @@ CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict acces
CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allo ...)
NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
- RESERVED
-CVE-2016-3735
- RESERVED
+ REJECTED
+CVE-2016-3735 (Piwigo is image gallery software written in PHP. When a criteria is no ...)
+ - piwigo <removed>
CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...)
- moodle 2.7.14+dfsg-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
@@ -23610,7 +23623,7 @@ CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow
NOTE: MongoDB 2.4 installation with authentication enabled, upgraded
NOTE: to 2.6, and did not complete a full upgrade
CVE-2016-3103
- RESERVED
+ REJECTED
CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow remote ...)
- jenkins <removed>
CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns plugin b ...)
@@ -25803,7 +25816,7 @@ CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 a
NOT-FOR-US: Android
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before 20 ...)
NOT-FOR-US: Android
-CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client be ...)
+CVE-2016-2408 (Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service b ...)
NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
REJECTED
@@ -26864,8 +26877,7 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
- samba 2:4.5.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
-CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext authentication]
- RESERVED
+CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
@@ -29774,11 +29786,10 @@ CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb
- tomcat7 7.0.70-3
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
-CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
- RESERVED
+CVE-2016-1239 (duck before 0.10 did not properly handle loading of untrusted code fro ...)
- duck 0.10
[jessie] - duck 0.7+deb8u1
- NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
+ NOTE: https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) ...)
{DSA-3628-1 DLA-1578-1 DLA-584-1 DLA-565-1}
- perl 5.22.2-3
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index bafc5c83b0..dcb1defe6c 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,5 +1,23 @@
-CVE-2017-20008
+CVE-2017-20016
RESERVED
+CVE-2017-20015
+ RESERVED
+CVE-2017-20014
+ RESERVED
+CVE-2017-20013
+ RESERVED
+CVE-2017-20012
+ RESERVED
+CVE-2017-20011
+ RESERVED
+CVE-2017-20010
+ RESERVED
+ NOT-FOR-US: MODX Revolution
+CVE-2017-20009
+ RESERVED
+ NOT-FOR-US: MODX Revolution
+CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...)
NOT-FOR-US: Ingeteam INGEPAC DA AU
CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...)
@@ -630,9 +648,8 @@ CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion duri
CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...)
NOT-FOR-US: Progress Sitefinity CMS
CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using user input ...)
- {DLA-1986-1}
+ {DLA-2864-1 DLA-1986-1}
- ruby-haml 5.0.4-1
- [stretch] - ruby-haml <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
CVE-2017-18638 (send_email in graphite-web/webapp/graphite/composer/views.py in Graphi ...)
@@ -647,9 +664,8 @@ CVE-2017-18637
CVE-2017-18636 (CDG through 2017-01-01 allows downloadDocument.jsp?command=download&am ...)
NOT-FOR-US: CDG
CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
- {DLA-1946-1}
+ {DLA-2854-1 DLA-1946-1}
- novnc 1:1.0.0-1
- [stretch] - novnc <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
NOTE: https://github.com/novnc/noVNC/issues/748
@@ -1246,9 +1262,8 @@ CVE-2017-18360 (In change_port_settings in drivers/usb/serial/io_ti.c in the Lin
[jessie] - linux 3.16.48-1
NOTE: Fixed by: https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b
CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attac ...)
- {DLA-1653-1}
+ {DLA-2857-1 DLA-1653-1}
- postgis 2.3.3+dfsg-1 (low)
- [stretch] - postgis <no-dsa> (Minor issue)
NOTE: https://trac.osgeo.org/postgis/ticket/3704
NOTE: https://trac.osgeo.org/postgis/changeset/15444
NOTE: https://trac.osgeo.org/postgis/changeset/15445
@@ -5204,9 +5219,8 @@ CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attack
CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected b ...)
NOT-FOR-US: SyncBreeze
CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ...)
- {DLA-1871-1}
+ {DLA-2876-1 DLA-1871-1}
- vim 2:8.0.1401-1
- [stretch] - vim <no-dsa> (Minor issue)
[wheezy] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (8.0.1263)
CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "&lt;/script&gt;" substring in ...)
@@ -5720,15 +5734,15 @@ CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 an
[stretch] - linux 4.9.80-1
NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...)
+ {DLA-2903-1}
- libraw 0.18.6-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...)
+ {DLA-2903-1}
- libraw 0.18.6-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
@@ -5785,7 +5799,7 @@ CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass
CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...)
NOT-FOR-US: Arq
CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...)
- NOT-FOR-US: Laravel framework
+ - php-laravel-framework <undetermined>
CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...)
- piwigo <removed>
CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...)
@@ -6019,19 +6033,18 @@ CVE-2017-1000235 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to OS Co
CVE-2017-1000234 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Directory Enu ...)
- i-librarian <itp> (bug #649291)
CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecifi ...)
+ {DLA-2910-1}
- ldns 1.7.0-4 (bug #882014)
- [stretch] - ldns <no-dsa> (Minor issue)
[jessie] - ldns <no-dsa> (Minor issue)
[wheezy] - ldns <not-affected> (Vulnerable code not present)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
- NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
+ NOTE: https://github.com/NLnetLabs/ldns/commit/3bdeed02505c9bbacb3b64a97ddcb1de967153b7
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...)
- {DLA-1182-1}
+ {DLA-2910-1 DLA-1182-1}
- ldns 1.7.0-4 (bug #882015)
- [stretch] - ldns <no-dsa> (Minor issue)
[jessie] - ldns <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
- NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
+ NOTE: https://github.com/NLnetLabs/ldns/commit/c8391790c96d4c8a2c10f9ab1460fda83b509fc2
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
{DSA-4058-1 DLA-1184-1}
- optipng 0.7.6-1.1 (bug #882032)
@@ -6865,8 +6878,8 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul
NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload
NOTE: did not merge in the 1.14.0-2 upload.
CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...)
+ {DLA-2901-1}
- libxfont 1:2.0.3-1 (low; bug #883929)
- [stretch] - libxfont <no-dsa> (Minor issue)
[jessie] - libxfont <no-dsa> (Minor issue)
[wheezy] - libxfont <postponed> (Minor issue)
- libxfont1 <removed> (unimportant)
@@ -8330,9 +8343,9 @@ CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for buildin
CVE-2017-16018 (Restify is a framework for building REST APIs. Restify &gt;=2.0.0 &lt; ...)
NOT-FOR-US: Restify
CVE-2017-16017 (sanitize-html is a library for scrubbing html input for malicious valu ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of malicious value ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions before 1.3 ...)
NOT-FOR-US: Forms
CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are handle ...)
@@ -11984,7 +11997,8 @@ CVE-2017-14777
CVE-2017-14776
REJECTED
CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/laravel/framework/pull/21320
CVE-2017-14774
RESERVED
CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...)
@@ -12505,7 +12519,7 @@ CVE-2017-14612 ("Shpock Boot Sale &amp; Classifieds" app before 3.17.0 -- aka sh
CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote att ...)
NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 a ...)
- - bareos <unfixed> (low; bug #877334)
+ - bareos <removed> (low; bug #877334)
[buster] - bareos <ignored> (Minor issue)
[stretch] - bareos <ignored> (Minor issue)
[jessie] - bareos <no-dsa> (Minor issue)
@@ -12514,9 +12528,8 @@ CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file
- kannel <not-affected> (No real security issue in combination with start-stop-daemon from dpkg, see #877361)
NOTE: https://redmine.kannel.org/issues/771
CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...)
- {DLA-1109-1}
+ {DLA-2903-1 DLA-1109-1}
- libraw 0.18.5-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
NOTE: https://github.com/LibRaw/LibRaw/issues/101
@@ -13281,8 +13294,8 @@ CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGIma
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...)
+ {DLA-2903-1}
- libraw 0.18.5-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/100
@@ -13491,8 +13504,8 @@ CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow v
NOTE: are addressed with the same patch:
NOTE: Patch enforce-maxpacket.patch addresses the issue
CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...)
+ {DLA-2903-1}
- libraw 0.18.5-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/99
@@ -14034,9 +14047,9 @@ CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037
NOTE: negligible security impact
CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...)
+ {DLA-2858-1}
[experimental] - libzip 1.3.0+dfsg.1-1
- libzip 1.5.1-3 (low; bug #874010)
- [stretch] - libzip <no-dsa> (Minor issue)
[jessie] - libzip <no-dsa> (Minor issue)
[wheezy] - libzip <no-dsa> (Minor issue)
- php5 <removed> (unimportant)
@@ -14508,18 +14521,18 @@ CVE-2017-13912
RESERVED
CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...)
NOT-FOR-US: Apple
-CVE-2017-13910
- RESERVED
-CVE-2017-13909
- RESERVED
-CVE-2017-13908
- RESERVED
-CVE-2017-13907
- RESERVED
-CVE-2017-13906
- RESERVED
-CVE-2017-13905
- RESERVED
+CVE-2017-13910 (An access issue was addressed with additional sandbox restrictions on ...)
+ NOT-FOR-US: Apple
+CVE-2017-13909 (An issue existed in the storage of sensitive tokens. This issue was ad ...)
+ NOT-FOR-US: Apple
+CVE-2017-13908 (An issue in handling file permissions was addressed with improved vali ...)
+ NOT-FOR-US: Apple
+CVE-2017-13907 (A state management issue was addressed with improved state validation. ...)
+ NOT-FOR-US: Apple
+CVE-2017-13906 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2017-13905 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...)
@@ -14544,8 +14557,8 @@ CVE-2017-13894
RESERVED
CVE-2017-13893
RESERVED
-CVE-2017-13892
- RESERVED
+CVE-2017-13892 (An issue existed in the handling of Contact sharing. This issue was ad ...)
+ NOT-FOR-US: Apple
CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...)
NOT-FOR-US: Apple
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -14574,8 +14587,8 @@ CVE-2017-13882
RESERVED
CVE-2017-13881
RESERVED
-CVE-2017-13880
- RESERVED
+CVE-2017-13880 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -14670,8 +14683,8 @@ CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before
NOT-FOR-US: Apple
CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
-CVE-2017-13835
- RESERVED
+CVE-2017-13835 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -15012,8 +15025,8 @@ CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magi
- graphicsmagick <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192
CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...)
+ {DLA-2903-1}
- libraw 0.18.5-1 (low; bug #874729)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/96
@@ -18079,9 +18092,8 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP
CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...)
- airflow <itp> (bug #819700)
CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...)
- {DLA-1162-1}
+ {DLA-2897-1 DLA-1162-1}
- apr 1.6.3-1 (low; bug #879708)
- [stretch] - apr <no-dsa> (Minor issue)
[jessie] - apr <no-dsa> (Minor issue)
NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a
@@ -21192,9 +21204,8 @@ CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...)
- {DLA-1439-1 DLA-1040-1}
+ {DLA-2865-1 DLA-1439-1 DLA-1040-1}
- resiprocate <removed> (low; bug #869404)
- [stretch] - resiprocate <no-dsa> (Minor issue)
NOTE: https://github.com/resiprocate/resiprocate/pull/88
NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8
CVE-2017-11520
@@ -22715,7 +22726,7 @@ CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: HTC component for Android
CVE-2017-11071
- RESERVED
+ REJECTED
CVE-2017-11070
RESERVED
CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -22817,7 +22828,7 @@ CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11021
RESERVED
CVE-2017-11020
- RESERVED
+ REJECTED
CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -27676,7 +27687,7 @@ CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulati
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77
CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...)
NOT-FOR-US: RealPlayer
CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)
@@ -27762,9 +27773,12 @@ CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositori
- libzypp 17.3.1-1 (bug #899065)
[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...)
- - open-build-service <unfixed> (low)
+ - open-build-service 2.9.4-1 (low)
[stretch] - open-build-service <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519
+ NOTE: https://github.com/openSUSE/open-build-service/pull/3267
+ NOTE: https://github.com/openSUSE/open-build-service/pull/3269
+ NOTE: https://github.com/openSUSE/open-build-service/commit/b43efe6be46387b16c0b27cf8ee7b9ca53f905ef
CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictl ...)
NOT-FOR-US: Novell eDirectory
CVE-2017-9266
@@ -32391,8 +32405,8 @@ CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlie
NOTE: https://github.com/matthiaskramm/swftools/pull/19
NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload
CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_o ...)
+ {DLA-2845-1}
- libsamplerate 0.1.9-1 (bug #860159)
- [stretch] - libsamplerate <no-dsa> (Minor issue)
[jessie] - libsamplerate <no-dsa> (Minor issue)
[wheezy] - libsamplerate <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsamplerate/issues/11
@@ -34776,19 +34790,18 @@ CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and
CVE-2017-6963
RESERVED
CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...)
+ {DLA-2911-1}
- apng2gif 1.8-0.1 (bug #854447)
- [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...)
+ {DLA-2911-1}
- apng2gif 1.8-0.1 (bug #854441)
- [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...)
- {DLA-2165-1 DLA-981-1}
+ {DLA-2911-1 DLA-2165-1 DLA-981-1}
- apng2gif 1.8-0.1 (bug #854367)
- [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
CVE-2017-6959
REJECTED
CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...)
@@ -36568,6 +36581,7 @@ CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-depende
NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d
CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...)
- gdk-pixbuf 2.36.10-1 (bug #858491; unimportant)
+ [stretch] - gdk-pixbuf <ignored> (thumbnailer not installed before 2.36.5-3)
[jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
[wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
@@ -45562,6 +45576,7 @@ CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used
CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the tiff_image ...)
{DLA-2043-1}
- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
+ [stretch] - gdk-pixbuf <ignored> (Built with GCC in Debian)
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
@@ -46031,7 +46046,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS &lt; V1.2 on port 8080/
NOT-FOR-US: Siemens
CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a Denial- ...)
+CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial ...)
NOT-FOR-US: Siemens
CVE-2017-2679
REJECTED
@@ -46601,8 +46616,8 @@ CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.
NOT-FOR-US: Apple involving Kernel component
CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
NOT-FOR-US: Apple involving Intel Graphics Driver
-CVE-2017-2488
- RESERVED
+CVE-2017-2488 (A cryptographic weakness existed in the authentication protocol of Rem ...)
+ NOT-FOR-US: Apple
CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
NOT-FOR-US: Apple involving FontParser component
CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
@@ -46859,8 +46874,8 @@ CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.
CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: Not covered by security support
-CVE-2017-2375
- RESERVED
+CVE-2017-2375 (An issue existed in preventing the uploading of CallKit call history t ...)
+ NOT-FOR-US: Apple
CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...)
NOT-FOR-US: Apple
CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
@@ -51082,10 +51097,10 @@ CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawik
NOTE: https://phabricator.wikimedia.org/T158689
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
-CVE-2017-0371
- RESERVED
+CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.2 ...)
- mediawiki 1:1.27.2-1
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
+ NOTE: https://phabricator.wikimedia.org/T140591
NOTE: https://phabricator.wikimedia.org/T68404
CVE-2017-0370 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam b ...)
- mediawiki 1:1.27.2-1
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 03cbe090b0..8d31324b2a 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,9 +1,39 @@
+CVE-2018-25030
+ RESERVED
+CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...)
+ NOT-FOR-US: Z-Wave specification
+CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
+ NOT-FOR-US: Rust crate libpulse-binding
+CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
+ NOT-FOR-US: Rust crate libpulse-binding
+CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+ NOT-FOR-US: Rust crate actix-web
+CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+ NOT-FOR-US: Rust crate actix-web
+CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+ NOT-FOR-US: Rust crate actix-web
+CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust. ...)
+ - rust-smallvec 1.1.0-1
+ [buster] - rust-smallvec <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html
+ NOTE: https://github.com/servo/rust-smallvec/issues/126
+CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...)
+ - libtoxcore 0.2.2-1
+ NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release
+ NOTE: https://github.com/TokTok/c-toxcore/issues/873
+ NOTE: https://github.com/TokTok/c-toxcore/pull/872
+CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the TCP pri ...)
+ - libtoxcore 0.2.8-1
+ NOTE: https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/
+ NOTE: https://github.com/TokTok/c-toxcore/issues/1214
+ NOTE: https://github.com/TokTok/c-toxcore/pull/1216
+CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...)
+ - linux 4.17.3-1
+ NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7)
CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
NOT-FOR-US: WordPress plugin
CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
- - unrar-nonfree <unfixed> (bug #990541)
- [bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
- [buster] - unrar-nonfree <no-dsa> (Non-free not supported)
+ - unrar-nonfree 1:5.6.6-1 (bug #990541)
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
@@ -1420,9 +1450,8 @@ CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templ
CVE-2018-20722
RESERVED
CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...)
- {DLA-1682-1}
+ {DLA-2834-1 DLA-1682-1}
- uriparser 0.9.1-1 (low)
- [stretch] - uriparser <no-dsa> (Minor issue)
NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
NOT-FOR-US: ABB Relion 630 devices
@@ -2525,24 +2554,24 @@ CVE-2018-20367 (The "mall some commodity details: commodity consultation" compon
CVE-2018-20366
RESERVED
CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917111)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/195
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL point ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917112)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/194
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointe ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917113)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/193
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
@@ -2641,7 +2670,7 @@ CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...)
- libraw 0.19.2-1 (bug #917080)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
@@ -5347,13 +5376,12 @@ CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153
CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...)
- {DSA-4353-1 DLA-1700-1 DLA-1608-1}
+ {DSA-4353-1 DLA-2866-1 DLA-1700-1 DLA-1608-1}
- php7.3 7.3.0-1 (bug #913775)
- php7.2 <removed> (bug #913835)
- php7.0 <removed> (bug #913836)
- php5 <removed>
- uw-imap 8:2007f~dfsg-6 (bug #914632)
- [stretch] - uw-imap <no-dsa> (Minor issue)
NOTE: Fixed in 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76428
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77153
@@ -6409,8 +6437,8 @@ CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword la
CVE-2018-19049
RESERVED
CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...)
+ {DLA-2887-1}
- lighttpd 1.4.52-1 (bug #913528)
- [stretch] - lighttpd <no-dsa> (Minor issue)
[jessie] - lighttpd <no-dsa> (Minor issue)
NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute within ...)
@@ -6982,7 +7010,7 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during
NOTE: Squid in Debian builds without TLS support
CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the lo ...)
NOT-FOR-US: School Equipment Monitoring System
-CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
+CVE-2018-18805 (Point Of Sales 1.0 allows SQL injection via the login screen, related ...)
NOT-FOR-US: PointOfSales
CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen, ...)
NOT-FOR-US: Bakeshop Inventory System
@@ -8931,9 +8959,8 @@ CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to vers
NOTE: https://github.com/pyca/pyopenssl/pull/723
NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...)
- {DLA-1556-1}
+ {DLA-2860-1 DLA-1556-1}
- paramiko 2.4.2-0.1 (bug #910760)
- [stretch] - paramiko <no-dsa> (Minor issue)
NOTE: https://github.com/paramiko/paramiko/issues/1283
NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce
CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ( ...)
@@ -9393,8 +9420,8 @@ CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ether
NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
NOT-FOR-US: Coaster CMS
-CVE-2018-17875
- RESERVED
+CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio 8800 5. ...)
+ NOT-FOR-US: Poly Trio 8800 devices
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
NOT-FOR-US: ExpressionEngine
CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of ...)
@@ -11440,7 +11467,7 @@ CVE-2018-17038
RESERVED
CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escala ...)
NOT-FOR-US: UCMS
-CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection du ...)
+CVE-2018-17036 (An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code inje ...)
NOT-FOR-US: UCMS
CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the install/index ...)
NOT-FOR-US: UCMS
@@ -13037,7 +13064,11 @@ CVE-2018-16474 (A stored xss in tianma-static module versions &lt;=1.0.4 allows
CVE-2018-16473 (A path traversal in takeapeek module versions &lt;=0.2.2 allows an att ...)
NOT-FOR-US: takeapeek
CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions &lt;=1.0 ...)
- NOT-FOR-US: cached-path-relative
+ - node-cached-path-relative 1.0.2-1
+ [buster] - node-cached-path-relative <no-dsa> (Minor issue)
+ NOTE: https://hackerone.com/reports/390847
+ NOTE: https://github.com/ashaffer/cached-path-relative/issues/3
+ NOTE: Fixed by: https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0
CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...)
{DLA-1585-1}
- ruby-rack 1.6.4-6 (bug #913005)
@@ -13535,8 +13566,14 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
NOT-FOR-US: PDF-XChange Editor
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
NOT-FOR-US: MediaComm Zip-n-Go
-CVE-2018-16301
- REJECTED
+CVE-2018-16301 (The command-line argument parser in tcpdump before 4.99.0 has a buffer ...)
+ - tcpdump 4.99.0-1 (unimportant)
+ NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd
+ NOTE: https://www.tcpdump.org/public-cve-list.txt
+ NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/faf8fb70af3a013e5d662b8283dec742fd6b1a77 (tcpdump-4.99-bp)
+ NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 (tcpdump-4.9)
+ NOTE: Negligible security impact
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
{DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
@@ -16380,7 +16417,7 @@ CVE-2018-15135
CVE-2018-15134
RESERVED
CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote c ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...)
- php7.2 <not-affected> (Windows-specific)
- php7.1 <not-affected> (Windows-specific)
@@ -19639,25 +19676,25 @@ CVE-2018-13981 (The websites that were built from Zeta Producer Desktop CMS befo
CVE-2018-13980 (The websites that were built from Zeta Producer Desktop CMS before 14. ...)
NOT-FOR-US: Zeta Producer Desktop CMS
CVE-2018-13979
- RESERVED
+ REJECTED
CVE-2018-13978
- RESERVED
+ REJECTED
CVE-2018-13977
- RESERVED
+ REJECTED
CVE-2018-13976
- RESERVED
+ REJECTED
CVE-2018-13975
- RESERVED
+ REJECTED
CVE-2018-13974
- RESERVED
+ REJECTED
CVE-2018-13973
- RESERVED
+ REJECTED
CVE-2018-13972
- RESERVED
+ REJECTED
CVE-2018-13971
- RESERVED
+ REJECTED
CVE-2018-13970
- RESERVED
+ REJECTED
CVE-2018-13969
REJECTED
CVE-2018-13968
@@ -22524,12 +22561,8 @@ CVE-2018-12702 (The approveAndCallcode function of a smart contract implementati
NOT-FOR-US: Globalvillage ecosystem
CVE-2018-12701
RESERVED
-CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...)
- - binutils 2.32.51.20190707-1 (unimportant)
- NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
- NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
- NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
- NOTE: binutils not covered by security support
+CVE-2018-12700
+ REJECTED
CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause ...)
- binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
@@ -22993,9 +23026,8 @@ CVE-2018-12586
CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allo ...)
NOT-FOR-US: OPC UA Java and .NET Legacy Stack
CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in resip/stack/Connectio ...)
- {DLA-1439-1}
+ {DLA-2865-1 DLA-1439-1}
- resiprocate <removed> (bug #905495)
- [stretch] - resiprocate <no-dsa> (Minor issue)
NOTE: http://joachimdezutter.webredirect.org/advisory.html
NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via a ...)
@@ -24656,7 +24688,7 @@ CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect acce
- singularity-container 2.5.2-1
NOTE: https://github.com/singularityware/singularity/releases/tag/2.5.2
CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...)
- {DSA-4224-1 DSA-4223-1 DSA-4222-1}
+ {DSA-4224-1 DSA-4223-1 DSA-4222-1 DLA-2862-1}
- enigmail 2:2.0.7-1
[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
- gnupg2 2.2.8-1
@@ -24804,7 +24836,7 @@ CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
CVE-2018-11955 (Lack of check on length of reason-code fetched from payload may lead d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11954
- RESERVED
+ REJECTED
CVE-2018-11953 (While processing ssid IE length from remote AP, possible out-of-bounds ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11952
@@ -25039,7 +25071,7 @@ CVE-2018-11839
CVE-2018-11838 (Possible double free issue in WLAN due to lack of checking memory free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11837
- RESERVED
+ REJECTED
CVE-2018-11836 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11835
@@ -25463,11 +25495,17 @@ CVE-2018-11727 (** DISPUTED ** The libfsntfs_attribute_read_from_mft function in
NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
NOTE: Negligable/questionable security impact
CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/6904ebc247f01b5fe27d58c5dbb27e38af8449fb (v0.4)
CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows r ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/c625698e297ac877eb4bc0d35cd0e605253c33e5 (v0.4)
CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows re ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/b5657d7e2357782147a80a4d63a4b5fb7c05305f (v0.4)
CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff ...)
- libpff 20180714-1 (low; bug #901967)
[stretch] - libpff <no-dsa> (Minor issue)
@@ -25579,7 +25617,7 @@ CVE-2018-11691 (Emerson DeltaV Smart Switch Command Center application, availabl
NOT-FOR-US: Emerson devices
CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for ...)
NOT-FOR-US: Balbooa Gridbox extension for Joomla!
-CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cr ...)
+CVE-2018-11689 (Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer ...)
NOT-FOR-US: Smart Viewer in Samsung Web Viewer for Samsung DVR
CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scri ...)
NOT-FOR-US: Ignite Realtime Openfire
@@ -26237,19 +26275,26 @@ CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in
NOTE: Pull request: https://github.com/taglib/taglib/pull/869
NOTE: Upstream fix: https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in Libm ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11431
RESERVED
CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...)
@@ -28824,14 +28869,14 @@ CVE-2018-10530
RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...)
- libraw 0.18.11-1 (low; bug #897186)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffe ...)
- libraw 0.18.11-1 (low; bug #897185)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
@@ -29530,8 +29575,8 @@ CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
NOT-FOR-US: Zend Server
CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to acc ...)
NOT-FOR-US: GPU memory hardware issue
-CVE-2018-10228
- RESERVED
+CVE-2018-10228 (Cross-site scripting (XSS) vulnerability in /application/controller/ad ...)
+ - limesurvey <itp> (bug #472802)
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...)
NOT-FOR-US: MiniCMS
CVE-2018-10226
@@ -29604,8 +29649,8 @@ CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists fun
NOTE: https://gitlab.com/graphviz/graphviz/issues/1367
NOTE: https://issuetracker.google.com/issues/77810342
CVE-2018-10195 (lrzsz before version 0.12.21~rc can leak information to the receiving ...)
+ {DLA-2900-1}
- lrzsz 0.12.21-10 (low; bug #897010)
- [stretch] - lrzsz <no-dsa> (Minor issue)
[jessie] - lrzsz <no-dsa> (Minor issue)
[wheezy] - lrzsz <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1090051
@@ -35592,9 +35637,8 @@ CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through
- libav <not-affected> (Vulnerable code not present)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...)
- {DLA-1556-1}
+ {DLA-2860-1 DLA-1556-1}
- paramiko 2.4.2-0.1 (bug #892859)
- [stretch] - paramiko <no-dsa> (Minor issue)
[wheezy] - paramiko <no-dsa> (Minor issue)
NOTE: https://github.com/paramiko/paramiko/issues/1175
NOTE: https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
@@ -39801,7 +39845,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
NOT-FOR-US: Buck parser-cache
CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ...)
- NOT-FOR-US: Laravel Framework
+ - php-laravel-framework <undetermined>
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
@@ -41360,21 +41404,18 @@ CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5816 (An integer overflow error within the "identify()" function (internal/d ...)
@@ -41384,8 +41425,8 @@ CVE-2018-5816 (An integer overflow error within the "identify()" function (inter
NOTE: http://seclists.org/bugtraq/2018/Jul/58
NOTE: Issue caused by an incomplete fix for CVE-2018-5804
CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...)
+ {DLA-2903-1}
- libraw 0.18.13-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2018/Jul/58
CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4. ...)
@@ -41395,55 +41436,54 @@ CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and
NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7
NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...)
+ {DLA-2903-1}
- libraw 0.18.11-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcraw_co ...)
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5804 (A type confusion error within the "identify()" function (internal/dcra ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4 ...)
@@ -41451,23 +41491,20 @@ CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.1
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
@@ -41581,9 +41618,8 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe
CVE-2018-5765
RESERVED
CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...)
- {DLA-1725-1 DLA-1247-1}
+ {DLA-2833-1 DLA-1725-1 DLA-1247-1}
- rsync 3.1.2-2.2 (bug #887588)
- [stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...)
NOT-FOR-US: OXID eShop Enterprise Edition
@@ -44792,8 +44828,8 @@ CVE-2018-4480
RESERVED
CVE-2018-4479
RESERVED
-CVE-2018-4478
- RESERVED
+CVE-2018-4478 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2018-4477
RESERVED
CVE-2018-4476
@@ -45206,8 +45242,8 @@ CVE-2018-4304 (A denial of service issue was addressed with improved validation.
NOT-FOR-US: Apple
CVE-2018-4303 (An input validation issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
-CVE-2018-4302
- RESERVED
+CVE-2018-4302 (A null pointer dereference was addressed with improved validation. Thi ...)
+ NOT-FOR-US: Apple
CVE-2018-4301
RESERVED
NOT-FOR-US: Apple
@@ -52261,7 +52297,10 @@ CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which
CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains ...)
NOT-FOR-US: Pivotal
CVE-2018-1279 (Pivotal RabbitMQ for PCF, all versions, uses a deterministically gener ...)
- - rabbitmq-server <not-affected> (Specific to RabbitMQ setup in Pivotal, see bug #924768)
+ - rabbitmq-server 3.9.8-5 (bug #924768)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <postponed> (Minor issue; documentation-only fix)
NOTE: https://pivotal.io/security/cve-2018-1279
CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x ...)
NOT-FOR-US: Pivotal
@@ -52996,9 +53035,8 @@ CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from
NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html
NOTE: https://wiki.samba.org/index.php/CVE-2018-1057
CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way advancecom ...)
- {DLA-1702-1 DLA-1281-1}
+ {DLA-2868-1 DLA-1702-1 DLA-1281-1}
- advancecomp 2.1-1 (bug #889270)
- [stretch] - advancecomp <no-dsa> (Minor issue, can be fixed via point release)
NOTE: https://sourceforge.net/p/advancemame/bugs/259/
NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
CVE-2018-1055
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 3353b738b3..5458ea22b4 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,13 @@
+CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...)
+ NOT-FOR-US: Corda
+CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
+ NOT-FOR-US: Bromite
+CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...)
+ NOT-FOR-US: Rust crate libpulse-binding
+CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...)
+ NOT-FOR-US: Rust crate pnet
+CVE-2019-25053
+ RESERVED
CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...)
NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...)
@@ -545,9 +555,9 @@ CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI V
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 (v4.2.0-rc0)
CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode ...)
+ {DLA-2876-1}
- vim 2:8.1.2136-1
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
[jessie] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075
CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
@@ -972,11 +982,12 @@ CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as de
NOTE: https://github.com/gpac/gpac/issues/1268
CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- gpac 1.0.1+dfsg1-2 (bug #972053)
- [buster] - gpac <no-dsa> (Minor issue)
- [stretch] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[jessie] - gpac <ignored> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
NOTE: https://github.com/gpac/gpac/issues/1264
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0)
+ NOTE: Fixed by: qhttps://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview)
CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
@@ -2190,10 +2201,11 @@ CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- gpac 1.0.1+dfsg1-2 (bug #972053)
- [buster] - gpac <no-dsa> (Minor issue)
- [stretch] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
NOTE: https://github.com/gpac/gpac/issues/1338
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)
+ NOTE: Introduced by https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf
CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
NOTE: https://github.com/gpac/gpac/issues/1332
@@ -2427,8 +2439,8 @@ CVE-2019-20084
RESERVED
CVE-2019-20083
RESERVED
-CVE-2019-20082
- RESERVED
+CVE-2019-20082 (ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long ...)
+ NOT-FOR-US: ASUS
CVE-2019-20081
RESERVED
CVE-2019-20080
@@ -3497,11 +3509,14 @@ CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid)
CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
{DSA-4841-1}
- slurm-llnl 19.05.5-1
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
+ [stretch] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
[jessie] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
NOTE: https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
+ NOTE: https://bugs.schedmd.com/show_bug.cgi?id=8084
NOTE: Fixed upstream in 18.08.9, 19.05.5
+ NOTE: regression: running 'srun --uid ...' can lock the node 'alloc' state, requiring manually reset
+ NOTE: (with 'nobody' in stretch, with all users in jessie)
CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...)
- slurm-llnl 19.05.5-1 (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784
@@ -4209,10 +4224,9 @@ CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro
NOTE: fixes are not related "directly" to the CVE assignment for the incorrect
NOTE: free operation in sc_pkcs15_decode_prkdf_entry.
CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...)
- {DLA-2046-1}
+ {DLA-2832-1 DLA-2046-1}
- opensc 0.20.0-1 (bug #947383)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
NOTE: https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
CVE-2019-19478
@@ -4407,7 +4421,7 @@ CVE-2019-19393 (The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
NOT-FOR-US: forDNN.UsersExportImport module for DNN
CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...)
- - luajit <unfixed> (bug #946053; unimportant)
+ - luajit 2.1.0~beta3+git20210112+dfsg-2 (bug #946053; unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
NOTE: Negligible security impact. The debug library is unsafe per se and one is
NOTE: not supposed to release an application with the debug library.
@@ -5065,8 +5079,8 @@ CVE-2019-19140
RESERVED
CVE-2019-19139
RESERVED
-CVE-2019-19138
- RESERVED
+CVE-2019-19138 (Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade ...)
+ NOT-FOR-US: Ivanti
CVE-2019-19137
RESERVED
CVE-2019-19136
@@ -6043,9 +6057,8 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
- {DLA-2667-1 DLA-1985-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1985-1}
- djvulibre 3.5.27.1-14 (bug #945114)
- [buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/309/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
CVE-2019-18803
@@ -8985,10 +8998,9 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug
NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)
- {DLA-1984-1}
+ {DLA-2877-1 DLA-1984-1}
- gdal 2.4.2+dfsg-2 (low)
[buster] - gdal <no-dsa> (Minor issue)
- [stretch] - gdal <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over- ...)
@@ -9133,12 +9145,11 @@ CVE-2019-17500
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
NOT-FOR-US: Compal CH7465LG devices
CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...)
- {DLA-1991-1}
+ {DLA-2848-1 DLA-1991-1}
- libssh2 1.9.0-1 (low; bug #943562)
[buster] - libssh2 <no-dsa> (Minor issue)
- [stretch] - libssh2 <no-dsa> (Minor issue)
NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
- NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
+ NOTE: https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/
NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf,
NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and
NOTE: libssh2_get_string(), forming part of the fix):
@@ -10176,16 +10187,14 @@ CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execut
CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
NOT-FOR-US: BMC Patrol Agent
CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
- {DLA-1952-1}
+ {DLA-2835-1 DLA-1952-1}
- rsyslog 8.1910.0-1 (bug #942065)
[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
- [stretch] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
NOTE: https://github.com/rsyslog/rsyslog/pull/3883
CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
- {DLA-1952-1}
+ {DLA-2835-1 DLA-1952-1}
- rsyslog 8.1910.0-1 (bug #942067)
[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
- [stretch] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
NOTE: https://github.com/rsyslog/rsyslog/pull/3884
CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...)
- rsyslog 8.1910.0-1 (unimportant)
@@ -10726,8 +10735,8 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe
NOTE: https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a
NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5
NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
-CVE-2019-16864
- RESERVED
+CVE-2019-16864 (CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP befor ...)
+ NOT-FOR-US: EnterpriseDT CompleteFTP
CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...)
NOT-FOR-US: STMicroelectronics
CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)
@@ -11964,7 +11973,9 @@ CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site
CVE-2019-16329
RESERVED
CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...)
- - rpyc <removed>
+ - rpyc <not-affected> (Vulnerable code newer in a released Debian version)
+ NOTE: Issue only affected 4.1.0 and 4.1.1 upstream and fixed in 4.1.2
+ NOTE: https://rpyc.readthedocs.io/en/latest/docs/security.html#security
CVE-2019-16327 (D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypa ...)
NOT-FOR-US: D-Link
CVE-2019-16326 (D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token ...)
@@ -12410,12 +12421,14 @@ CVE-2019-16167 (sysstat before 12.1.6 has memory corruption due to an Integer Ov
NOTE: Introduced after: https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c (v11.7.1)
NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/edbf507678bf10914e9804ff8a06737fdcb2e781
CVE-2019-16166 (GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...)
- - cflow <unfixed> (unimportant; bug #939916)
+ - cflow 1:1.6-6 (unimportant; bug #939916)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html
+ NOTE: https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
NOTE: Crash in CLI tool, no security impact
CVE-2019-16165 (GNU cflow through 1.6 has a use-after-free in the reference function i ...)
- - cflow <unfixed> (unimportant; bug #939915)
+ - cflow 1:1.6-6 (unimportant; bug #939915)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html
+ NOTE: https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
NOTE: Crash in CLI tool, no security impact
CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_nod ...)
NOT-FOR-US: MyHTML
@@ -12910,16 +12923,14 @@ CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth controll
CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted ...)
- bitcoin 0.20.1~dfsg-1 (bug #939608)
CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
- {DLA-1916-1}
+ {DLA-2832-1 DLA-1916-1}
- opensc 0.20.0-1 (bug #939669)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
- {DLA-1916-1}
+ {DLA-2832-1 DLA-1916-1}
- opensc 0.20.0-1 (bug #939668)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
NOT-FOR-US: Counter-Strike: Global Offensive
@@ -14076,10 +14087,9 @@ CVE-2019-15533 (XENFCoreSharp before 2019-07-16 allows SQL injection in web/veri
CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBrut ...)
NOT-FOR-US: CyberChef
CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...)
- {DLA-1904-1}
+ {DLA-2851-1 DLA-1904-1}
- libextractor 1:1.9-2 (bug #935553)
[buster] - libextractor <no-dsa> (Minor issue)
- [stretch] - libextractor <no-dsa> (Minor issue)
NOTE: https://bugs.gnunet.org/view.php?id=5846
NOTE: https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a
CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
@@ -14900,10 +14910,9 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
- {DLA-1967-1}
+ {DLA-2850-1 DLA-1967-1}
- libpcap 1.9.1-1 (low; bug #941697)
[buster] - libpcap <ignored> (Minor issue)
- [stretch] - libpcap <ignored> (Minor issue)
NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
NOTE: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
CVE-2019-15164 (rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may ...)
@@ -14970,27 +14979,23 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GP
CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
NOT-FOR-US: gpmf-parser
CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/298/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate&lt; ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/299/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/297/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/296/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)
@@ -15206,7 +15211,7 @@ CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router with
CVE-2019-15059 (In Liberty lisPBX 2.0-4, configuration backup files can be retrieved r ...)
NOT-FOR-US: Liberty lisPBX
CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...)
- - libstb <unfixed> (bug #934973)
+ - libstb 0.0~git20210910.af1a5bc+ds-1 (bug #934973)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/790
@@ -16465,7 +16470,7 @@ CVE-2019-14666 (GLPI through 9.4.3 is prone to account takeover by abusing the a
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q
NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
- - brandy <unfixed> (unimportant; bug #933996)
+ - brandy 1.22.13-1 (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/8/
NOTE: Negligible security impact
CVE-2019-14664 (In Enigmail below 2.1, an attacker in possession of PGP encrypted emai ...)
@@ -16473,11 +16478,11 @@ CVE-2019-14664 (In Enigmail below 2.1, an attacker in possession of PGP encrypte
[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
NOTE: https://sourceforge.net/p/enigmail/bugs/984/
CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...)
- - brandy <unfixed> (unimportant; bug #933996)
+ - brandy 1.22.13-1 (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/6/
NOTE: Negligible security impact
CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...)
- - brandy <unfixed> (unimportant; bug #933996)
+ - brandy 1.22.13-1 (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/7/
NOTE: Negligible security impact
CVE-2019-14661
@@ -16874,7 +16879,7 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack
CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...)
- limesurvey <itp> (bug #472802)
CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...)
- - sphinxsearch <unfixed> (unimportant; bug #939762)
+ - sphinxsearch 2.2.11-4 (unimportant; bug #939762)
NOTE: Issue is just with the default configuration, but can be easily reconfigured
NOTE: to listen on localhost only. sphinxsearch will not be started automatically
NOTE: and an admin needs first to create anyway a /etc/sphinxsearch/sphinx.conf
@@ -17867,123 +17872,123 @@ CVE-2019-14192 (An issue was discovered in Das U-Boot through 2019.07. There is
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14191
- RESERVED
+ REJECTED
CVE-2019-14190
- RESERVED
+ REJECTED
CVE-2019-14189
- RESERVED
+ REJECTED
CVE-2019-14188
- RESERVED
+ REJECTED
CVE-2019-14187
- RESERVED
+ REJECTED
CVE-2019-14186
- RESERVED
+ REJECTED
CVE-2019-14185
- RESERVED
+ REJECTED
CVE-2019-14184
- RESERVED
+ REJECTED
CVE-2019-14183
- RESERVED
+ REJECTED
CVE-2019-14182
- RESERVED
+ REJECTED
CVE-2019-14181
- RESERVED
+ REJECTED
CVE-2019-14180
- RESERVED
+ REJECTED
CVE-2019-14179
- RESERVED
+ REJECTED
CVE-2019-14178
- RESERVED
+ REJECTED
CVE-2019-14177
- RESERVED
+ REJECTED
CVE-2019-14176
- RESERVED
+ REJECTED
CVE-2019-14175
- RESERVED
+ REJECTED
CVE-2019-14174
- RESERVED
+ REJECTED
CVE-2019-14173
- RESERVED
+ REJECTED
CVE-2019-14172
- RESERVED
+ REJECTED
CVE-2019-14171
- RESERVED
+ REJECTED
CVE-2019-14170
- RESERVED
+ REJECTED
CVE-2019-14169
- RESERVED
+ REJECTED
CVE-2019-14168
- RESERVED
+ REJECTED
CVE-2019-14167
- RESERVED
+ REJECTED
CVE-2019-14166
- RESERVED
+ REJECTED
CVE-2019-14165
- RESERVED
+ REJECTED
CVE-2019-14164
- RESERVED
+ REJECTED
CVE-2019-14163
- RESERVED
+ REJECTED
CVE-2019-14162
- RESERVED
+ REJECTED
CVE-2019-14161
- RESERVED
+ REJECTED
CVE-2019-14160
- RESERVED
+ REJECTED
CVE-2019-14159
- RESERVED
+ REJECTED
CVE-2019-14158
- RESERVED
+ REJECTED
CVE-2019-14157
- RESERVED
+ REJECTED
CVE-2019-14156
- RESERVED
+ REJECTED
CVE-2019-14155
- RESERVED
+ REJECTED
CVE-2019-14154
- RESERVED
+ REJECTED
CVE-2019-14153
- RESERVED
+ REJECTED
CVE-2019-14152
- RESERVED
+ REJECTED
CVE-2019-14151
- RESERVED
+ REJECTED
CVE-2019-14150
- RESERVED
+ REJECTED
CVE-2019-14149
- RESERVED
+ REJECTED
CVE-2019-14148
- RESERVED
+ REJECTED
CVE-2019-14147
- RESERVED
+ REJECTED
CVE-2019-14146
- RESERVED
+ REJECTED
CVE-2019-14145
- RESERVED
+ REJECTED
CVE-2019-14144
- RESERVED
+ REJECTED
CVE-2019-14143
- RESERVED
+ REJECTED
CVE-2019-14142
- RESERVED
+ REJECTED
CVE-2019-14141
- RESERVED
+ REJECTED
CVE-2019-14140
- RESERVED
+ REJECTED
CVE-2019-14139
- RESERVED
+ REJECTED
CVE-2019-14138
- RESERVED
+ REJECTED
CVE-2019-14137
- RESERVED
+ REJECTED
CVE-2019-14136
- RESERVED
+ REJECTED
CVE-2019-14135 (Possible integer overflow to buffer overflow in WLAN while parsing non ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14134 (Possible out of bound access in WLAN handler when the received value o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14133
- RESERVED
+ REJECTED
CVE-2019-14132 (Buffer over-write when this 0-byte buffer is typecasted to some other ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14131 (Out of bound write can occur in radio measurement request if STA recei ...)
@@ -17993,13 +17998,13 @@ CVE-2019-14130 (Memory corruption can occurs in trusted application if offset si
CVE-2019-14129
RESERVED
CVE-2019-14128
- RESERVED
+ REJECTED
CVE-2019-14127 (Possible buffer overflow while playing mkv clip due to lack of validat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14126
- RESERVED
+ REJECTED
CVE-2019-14125
- RESERVED
+ REJECTED
CVE-2019-14124 (Memory failure in content protection module due to not having pointer ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14123 (Possible buffer overflow and over read possible due to missing bounds ...)
@@ -18013,7 +18018,7 @@ CVE-2019-14120
CVE-2019-14119 (u'While processing SMCInvoke asynchronous message header, message coun ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14118
- RESERVED
+ REJECTED
CVE-2019-14117 (u'Whenever the page list is updated via privileged user, the previous ...)
NOT-FOR-US: Snapdragon
CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur ...)
@@ -18031,21 +18036,21 @@ CVE-2019-14111 (Possible buffer overflow while handling NAN reception of NMF in
CVE-2019-14110 (Buffer overflow can occur in function wlan firmware while copying asso ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14109
- RESERVED
+ REJECTED
CVE-2019-14108
RESERVED
CVE-2019-14107
- RESERVED
+ REJECTED
CVE-2019-14106
- RESERVED
+ REJECTED
CVE-2019-14105 (Kernel was reading the CSL defined reserved field as uint16 instead of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14104 (Slab-out-of-bounds access can occur if the context pointer is invalid ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14103
- RESERVED
+ REJECTED
CVE-2019-14102
- RESERVED
+ REJECTED
CVE-2019-14101 (Out of bounds read can happen in diag event set mask command handler w ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14100 (Register write via debugfs is disabled by default to prevent register ...)
@@ -18057,7 +18062,7 @@ CVE-2019-14098 (Possible buffer overflow in data offload handler due to lack of
CVE-2019-14097 (Possible buffer overflow in WLAN Parser due to lack of length check wh ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14096
- RESERVED
+ REJECTED
CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
@@ -18081,7 +18086,7 @@ CVE-2019-14086 (Possible integer overflow while checking the length of frame whi
CVE-2019-14085 (Possible Integer underflow in WLAN function due to lack of check of da ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14084
- RESERVED
+ REJECTED
CVE-2019-14083 (While parsing Service Descriptor Extended Attribute received as part o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory offset ...)
@@ -18121,7 +18126,7 @@ CVE-2019-14066 (Integer overflow in calculating estimated output buffer size whe
CVE-2019-14065 (u'Pointer double free in HavenSvc due to not setting the pointer to NU ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14064
- RESERVED
+ REJECTED
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
NOT-FOR-US: Snapdragon
CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...)
@@ -18133,7 +18138,7 @@ CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated fo
CVE-2019-14059
RESERVED
CVE-2019-14058
- RESERVED
+ REJECTED
CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...)
NOT-FOR-US: Snapdragon
CVE-2019-14056 (u'Possible integer overflow in API due to lack of check on large oid r ...)
@@ -18255,15 +18260,15 @@ CVE-2019-13999 (u'Lack of check for integer overflow for round up and addition o
CVE-2019-13998 (u'Lack of check that the TX FIFO write and read indices that are read ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-13997
- RESERVED
+ REJECTED
CVE-2019-13996
- RESERVED
+ REJECTED
CVE-2019-13995 (u'Lack of integer overflow check for addition of fragment size and rem ...)
NOT-FOR-US: Snapdragon
CVE-2019-13994 (u'Lack of check that the current received data fragment size of a part ...)
NOT-FOR-US: Snapdragon
CVE-2019-13993
- RESERVED
+ REJECTED
CVE-2019-13992 (u'Out of bound memory access if stack push and pop operation are perfo ...)
NOT-FOR-US: Snapdragon
CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attackers t ...)
@@ -18405,7 +18410,7 @@ CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: Siemens
CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Siemens
-CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...)
+CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions &lt; V6.0.0.2 ...)
NOT-FOR-US: Siemens
@@ -20672,11 +20677,10 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 allows r ...)
NOT-FOR-US: MuleSoft Mule
CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
- {DLA-1730-3}
+ {DLA-2848-1 DLA-1730-3}
- libssh2 1.9.0-1 (bug #932329)
[buster] - libssh2 <no-dsa> (Minor issue)
- [stretch] - libssh2 <no-dsa> (Minor issue)
- NOTE: https://blog.semmle.com/libssh2-integer-overflow/
+ NOTE: https://securitylab.github.com/research/libssh2-integer-overflow/
NOTE: https://github.com/libssh2/libssh2/pull/350
NOTE: https://github.com/libssh2/libssh2/commit/ff1b155731ff8f790f12d980911d9fd84d0e1598
CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...)
@@ -21440,9 +21444,8 @@ CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Upd
CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...)
NOT-FOR-US: OrangeHRM
CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
- {DSA-4572-1 DLA-2143-1}
+ {DSA-4572-1 DLA-2886-1 DLA-2143-1}
- slurm-llnl 19.05.3.2-1 (bug #931880)
- [stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...)
@@ -23522,6 +23525,7 @@ CVE-2019-12067 (The ahci_commit_buf function in ide/ahci.c in QEMU allows attack
NOTE: patch not sanctioned as of 20210202
NOTE: patched function introduced in 2014/2.1.50 but affected code pre-existed
NOTE: https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
+ NOTE: No upstream patch as of 2022-01-28
CVE-2019-12066
RESERVED
CVE-2019-12065
@@ -25270,14 +25274,12 @@ CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...)
- {DLA-1767-1}
+ {DLA-2855-1 DLA-1767-1}
- monit 1:5.25.3-1 (bug #927775)
- [stretch] - monit <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash ...)
- {DLA-1767-1}
+ {DLA-2855-1 DLA-1767-1}
- monit 1:5.25.3-1 (bug #927775)
- [stretch] - monit <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
NOTE: https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
CVE-2019-11453
@@ -26157,7 +26159,7 @@ CVE-2019-11099
CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...)
[experimental] - edk2 2021.02-1
- edk2 2020.11-5 (bug #991495)
- [bullseye] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 2020.11-2+deb11u1
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE: https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability
@@ -26681,7 +26683,7 @@ CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Ki
NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
-CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions &l ...)
+CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions), ...)
NOT-FOR-US: Siemens
CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corporate Use ...)
NOT-FOR-US: Siemens
@@ -27611,7 +27613,7 @@ CVE-2019-10621 (Use after free issue when MAP and UNMAP calls at same time as da
CVE-2019-10620 (Kernel memory error in debug module due to improper check of user data ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10619
- RESERVED
+ REJECTED
CVE-2019-10618 (Driver may access an invalid address while processing IO control due t ...)
NOT-FOR-US: Snapdragon
CVE-2019-10617 (Low privilege users can access service configuration which contains re ...)
@@ -27623,7 +27625,7 @@ CVE-2019-10615 (u'Possibility of integer overflow in keymaster 4 while allocatin
CVE-2019-10614 (Out of boundary access is possible as there is no validation of data a ...)
NOT-FOR-US: Snapdragon
CVE-2019-10613
- RESERVED
+ REJECTED
CVE-2019-10612 (UTCB object has a function pointer called by the reaper to deallocate ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of check o ...)
@@ -27651,7 +27653,7 @@ CVE-2019-10601 (Out of bound access can occur while processing firmware event du
CVE-2019-10600 (Use of local variable as argument to netlink CB callback goes out of i ...)
NOT-FOR-US: Snapdragon
CVE-2019-10599
- RESERVED
+ REJECTED
CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
@@ -27703,7 +27705,7 @@ CVE-2019-10575 (Wlan binary which is not signed with OEMs RoT is working on secu
CVE-2019-10574 (Lack of boundary checks for data offsets received from HLOS can lead t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10573
- RESERVED
+ REJECTED
CVE-2019-10572 (Improper check in video driver while processing data from video firmwa ...)
NOT-FOR-US: Snapdragon
CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to missing check ...)
@@ -27713,7 +27715,7 @@ CVE-2019-10570
CVE-2019-10569 (Stack buffer overflow due to instance id is misplaced inside definitio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10568
- RESERVED
+ REJECTED
CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...)
NOT-FOR-US: Snapdragon
CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...)
@@ -27729,7 +27731,7 @@ CVE-2019-10562 (u'Improper authentication and signature verification of debug po
CVE-2019-10561 (Improper initialization of local variables which are parameters to sfs ...)
NOT-FOR-US: Snapdragon
CVE-2019-10560
- RESERVED
+ REJECTED
CVE-2019-10559 (Accessing data buffer beyond the available data while parsing ogg clip ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10558 (While transferring data from APPS to DSP, Out of bound in FastRPC HLOS ...)
@@ -32424,9 +32426,8 @@ CVE-2019-9211 (There is a reachable assertion abort in the function write_long_s
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683499
NOTE: Crash in CLI tool, no security impact
CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer ...)
- {DLA-1702-1}
+ {DLA-2868-1 DLA-1702-1}
- advancecomp 2.1-2 (low; bug #923416)
- [stretch] - advancecomp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/277/
NOTE: Fixed by https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and rel ...)
@@ -32768,7 +32769,7 @@ CVE-2019-9083 (SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitem
CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
NOT-FOR-US: ThinkPHP
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
- NOT-FOR-US: Laravel Framework
+ - php-laravel-framework <undetermined>
CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
NOT-FOR-US: DomainMOD
CVE-2019-9079
@@ -33280,16 +33281,16 @@ CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or
NOT-FOR-US: XAMPP
CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...)
NOT-FOR-US: XAMPP
-CVE-2019-8922
- RESERVED
+CVE-2019-8922 (A heap-based buffer overflow was discovered in bluetoothd in BlueZ thr ...)
{DLA-2827-1}
- bluez 5.54-1
+ [buster] - bluez <no-dsa> (Minor issue)
NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f (5.51)
-CVE-2019-8921
- RESERVED
+CVE-2019-8921 (An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ...)
{DLA-2827-1}
- bluez 5.54-1
+ [buster] - bluez <no-dsa> (Minor issue)
NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93 (5.51)
CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. ...)
@@ -33876,10 +33877,10 @@ CVE-2019-8705 (A memory corruption issue was addressed with improved validation.
NOT-FOR-US: Apple
CVE-2019-8704 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
-CVE-2019-8703
- RESERVED
-CVE-2019-8702
- RESERVED
+CVE-2019-8703 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2019-8702 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ NOT-FOR-US: Apple
CVE-2019-8701 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8700
@@ -34092,8 +34093,8 @@ CVE-2019-8644 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
-CVE-2019-8643
- RESERVED
+CVE-2019-8643 (CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Moja ...)
+ NOT-FOR-US: Apple
CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This issue wa ...)
NOT-FOR-US: Apple
CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...)
@@ -34744,8 +34745,8 @@ CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 1.9
CVE-2019-8384
RESERVED
CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory ...)
+ {DLA-2868-1}
- advancecomp 2.1-2.1 (bug #928730)
- [stretch] - advancecomp <no-dsa> (Minor issue)
[jessie] - advancecomp <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/272/
NOTE: https://github.com/amadvance/advancecomp/commit/78a56b21340157775be2462a19276b4d31d2bd01
@@ -34758,8 +34759,8 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory acc
CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...)
NOT-FOR-US: Bento4
CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...)
+ {DLA-2868-1}
- advancecomp 2.1-2.1 (bug #928729)
- [stretch] - advancecomp <no-dsa> (Minor issue)
[jessie] - advancecomp <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/271/
NOTE: https://github.com/amadvance/advancecomp/commit/7894a6e684ce68ddff9f4f4919ab8e3911ac8040
@@ -36357,9 +36358,8 @@ CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows
CVE-2019-7650
RESERVED
CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...)
- {DLA-1717-1}
+ {DLA-2861-1 DLA-1717-1}
- rdflib 4.2.2-2 (low; bug #921751)
- [stretch] - rdflib <no-dsa> (Minor issue)
NOTE: Debian specific issue as respective scripts are overwritten in Debian
NOTE: packaging as wrappers invoking python -m.
CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies ...)
@@ -37156,7 +37156,7 @@ CVE-2019-1000019 (libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a7
NOTE: https://github.com/libarchive/libarchive/pull/1120
NOTE: https://github.com/libarchive/libarchive/commit/65a23f5dbee4497064e9bb467f81138a62b0dae1
CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect A ...)
- NOT-FOR-US: Chamilo Chamilo-lms
+ NOT-FOR-US: Chamilo LMS
CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array In ...)
- ffmpeg 7:4.1.1-1 (low; bug #922066)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -37164,10 +37164,10 @@ CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site S ...)
- NOT-FOR-US: Chamilo Chamilo-lms
+ NOT-FOR-US: Chamilo LMS
CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracl ...)
- rebar <not-affected> (vulnerable code is not present)
- - rebar3 <itp> (bug #824773)
+ - rebar3 <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/erlang/rebar3/pull/1986
CVE-2019-1000013 (Hex package manager hex_core version 0.3.0 and earlier contains a Sign ...)
NOT-FOR-US: Hex package manager
@@ -38824,9 +38824,8 @@ CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for
CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...)
NOT-FOR-US: phpwind
CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg t ...)
- {DLA-1675-1}
+ {DLA-2862-1 DLA-1675-1}
- python-gnupg 0.4.4-1
- [stretch] - python-gnupg <no-dsa> (Minor issue)
NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
@@ -39072,7 +39071,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv
NOT-FOR-US: Siemens
CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...)
NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...)
+CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, S ...)
NOT-FOR-US: Siemens
CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
@@ -39867,9 +39866,8 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling
- svgpp 1.2.3+dfsg1-5 (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
- {DLA-1656-1}
+ {DLA-2872-1 DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
- [stretch] - agg <no-dsa> (Minor issue)
- svgpp <unfixed> (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
@@ -42706,7 +42704,7 @@ CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in
{DLA-1993-1}
- mesa 19.2.6-1 (low; bug #944298)
[buster] - mesa 18.3.6-2+deb10u1
- [stretch] - mesa <no-dsa> (Minor issue)
+ [stretch] - mesa <ignored> (Affected code is not built in stretch)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
NOTE: https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
@@ -44243,10 +44241,10 @@ CVE-2019-4354
RESERVED
CVE-2019-4353
RESERVED
-CVE-2019-4352
- RESERVED
-CVE-2019-4351
- RESERVED
+CVE-2019-4352 (IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of th ...)
+ NOT-FOR-US: IBM
+CVE-2019-4351 (IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive info ...)
+ NOT-FOR-US: IBM
CVE-2019-4350
RESERVED
CVE-2019-4349 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 application ...)
@@ -44365,8 +44363,8 @@ CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an
NOT-FOR-US: IBM
CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
NOT-FOR-US: IBM
-CVE-2019-4291
- RESERVED
+CVE-2019-4291 (IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse enginee ...)
+ NOT-FOR-US: IBM
CVE-2019-4290
RESERVED
CVE-2019-4289
@@ -46032,7 +46030,7 @@ CVE-2019-3614
CVE-2019-3613 (DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to ...)
NOT-FOR-US: McAfee
CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
- NOT-FOR-US: McAFee
+ NOT-FOR-US: McAfee
CVE-2019-3611
RESERVED
CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...)
@@ -46267,9 +46265,8 @@ CVE-2019-3502
CVE-2019-3501 (The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted ...)
NOT-FOR-US: OUGC Awards plugin for MyBB
CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...)
- {DLA-1636-1}
+ {DLA-2873-1 DLA-1636-1}
- aria2 1.34.0-4 (low; bug #918058)
- [stretch] - aria2 <no-dsa> (Minor issue)
NOTE: https://github.com/aria2/aria2/issues/1329
NOTE: Masking of all authorization and cookie header fields (but not userinfo in URL):
NOTE: https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a
@@ -48801,95 +48798,95 @@ CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation o
CVE-2019-2385
RESERVED
CVE-2019-2384
- RESERVED
+ REJECTED
CVE-2019-2383
- RESERVED
+ REJECTED
CVE-2019-2382
- RESERVED
+ REJECTED
CVE-2019-2381
- RESERVED
+ REJECTED
CVE-2019-2380
- RESERVED
+ REJECTED
CVE-2019-2379
- RESERVED
+ REJECTED
CVE-2019-2378
- RESERVED
+ REJECTED
CVE-2019-2377
- RESERVED
+ REJECTED
CVE-2019-2376
- RESERVED
+ REJECTED
CVE-2019-2375
- RESERVED
+ REJECTED
CVE-2019-2374
- RESERVED
+ REJECTED
CVE-2019-2373
- RESERVED
+ REJECTED
CVE-2019-2372
- RESERVED
+ REJECTED
CVE-2019-2371
- RESERVED
+ REJECTED
CVE-2019-2370
- RESERVED
+ REJECTED
CVE-2019-2369
- RESERVED
+ REJECTED
CVE-2019-2368
- RESERVED
+ REJECTED
CVE-2019-2367
- RESERVED
+ REJECTED
CVE-2019-2366
- RESERVED
+ REJECTED
CVE-2019-2365
- RESERVED
+ REJECTED
CVE-2019-2364
- RESERVED
+ REJECTED
CVE-2019-2363
- RESERVED
+ REJECTED
CVE-2019-2362
- RESERVED
+ REJECTED
CVE-2019-2361
- RESERVED
+ REJECTED
CVE-2019-2360
- RESERVED
+ REJECTED
CVE-2019-2359
- RESERVED
+ REJECTED
CVE-2019-2358
- RESERVED
+ REJECTED
CVE-2019-2357
- RESERVED
+ REJECTED
CVE-2019-2356
- RESERVED
+ REJECTED
CVE-2019-2355
- RESERVED
+ REJECTED
CVE-2019-2354
- RESERVED
+ REJECTED
CVE-2019-2353
- RESERVED
+ REJECTED
CVE-2019-2352
- RESERVED
+ REJECTED
CVE-2019-2351
- RESERVED
+ REJECTED
CVE-2019-2350
- RESERVED
+ REJECTED
CVE-2019-2349
- RESERVED
+ REJECTED
CVE-2019-2348
- RESERVED
+ REJECTED
CVE-2019-2347
- RESERVED
+ REJECTED
CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan command ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in Snapdragon ...)
NOT-FOR-US: Snapdragon
CVE-2019-2344
- RESERVED
+ REJECTED
CVE-2019-2343 (Out of bound read and information disclosure in firmware due to insuff ...)
NOT-FOR-US: Snapdragon
CVE-2019-2342
- RESERVED
+ REJECTED
CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is larger ...)
NOT-FOR-US: Snapdragon
CVE-2019-2340
- RESERVED
+ REJECTED
CVE-2019-2339 (Out of bound access due to lack of check of whiltelist array size whil ...)
NOT-FOR-US: Snapdragon
CVE-2019-2338 (Crafted image that has a valid signature from a non-QC entity can be l ...)
@@ -48997,7 +48994,7 @@ CVE-2019-2288 (Out of bound write in TZ while copying the secure dump structure
CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...)
NOT-FOR-US: Snapdragon
CVE-2019-2286
- RESERVED
+ REJECTED
CVE-2019-2285 (Out of bound write issue is observed while giving information about pr ...)
NOT-FOR-US: Snapdragon
CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...)
@@ -49005,11 +49002,11 @@ CVE-2019-2284 (Possible use-after-free issue due to a race condition while calli
CVE-2019-2283 (Improper validation of read and write index of tx and rx fifo`s before ...)
NOT-FOR-US: Snapdragon
CVE-2019-2282
- RESERVED
+ REJECTED
CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...)
NOT-FOR-US: Snapdragon
CVE-2019-2280
- RESERVED
+ REJECTED
CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...)
NOT-FOR-US: Snapdragon
CVE-2019-2278 (User keystore signature is ignored in boot and can lead to bypass boot ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 7da43405f5..654068a6d0 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,17 @@
+CVE-2020-22592
+ RESERVED
+CVE-2020-36515
+ RESERVED
+CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
+ NOT-FOR-US: Rust crate acc_reader
+CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
+ NOT-FOR-US: Rust crate acc_reader
+CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...)
+ NOT-FOR-US: Rust crate buffoon
+CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...)
+ NOT-FOR-US: Rust crate bite
+CVE-2020-36510
+ RESERVED
CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
NOT-FOR-US: WordPress plugin
CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
@@ -58,7 +72,8 @@ CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.
NOTE: https://github.com/ARMmbed/mbedtls/issues/3629
NOTE: https://github.com/ARMmbed/mbedtls/commit/ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (development)
CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verification of ...)
- - mbedtls <unfixed>
+ [experimental] - mbedtls 2.28.0-0.1
+ - mbedtls 2.28.0-0.3
[stretch] - mbedtls <not-affected> (2.4 not affected)
NOTE: https://github.com/ARMmbed/mbedtls/issues/3498
NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development)
@@ -93,6 +108,7 @@ CVE-2020-36466 (An issue was discovered in the cgc crate through 2020-12-10 for
NOT-FOR-US: Rust crate cgc
CVE-2020-36465 (An issue was discovered in the generic-array crate before 0.13.3 for R ...)
- rust-generic-array 0.14.4-1
+ [buster] - rust-generic-array <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0146.html
CVE-2020-36464 (An issue was discovered in the heapless crate before 0.6.1 for Rust. T ...)
NOT-FOR-US: Rust crate heapless
@@ -246,7 +262,7 @@ CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecode
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811
NOTE: https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml
-CVE-2020-36406 (uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in u ...)
+CVE-2020-36406 (** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffe ...)
NOT-FOR-US: uWebSockets
CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...)
NOT-FOR-US: keystone engine
@@ -460,8 +476,7 @@ CVE-2020-36325 (** DISPUTED ** An issue was discovered in Jansson through 2.13.1
- jansson <unfixed> (unimportant)
NOTE: https://github.com/akheron/jansson/issues/548
NOTE: Disputed security impact (only if programmer fails to follow API specifications)
-CVE-2020-13672 [SA-CORE-2021-002]
- RESERVED
+CVE-2020-13672 (Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization ...)
{DLA-2637-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2021-002
@@ -1057,20 +1072,45 @@ CVE-2020-36137
RESERVED
CVE-2020-36136
RESERVED
-CVE-2020-36135
- RESERVED
-CVE-2020-36134
- RESERVED
-CVE-2020-36133
- RESERVED
+CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911
+CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation via the ...)
+ - aom <not-affected> (Vulnerable code never in a Debian released version)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2914
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2940
+ NOTE: Introduced by: https://aomedia.googlesource.com/aom/+/4567c355bf55a7430819e9d30df259bcb83cfe0d (v2.1.0-rc1)
+ NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.1.0-rc1)
+CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1
+ NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.2.0-rc1)
CVE-2020-36132
RESERVED
-CVE-2020-36131
- RESERVED
-CVE-2020-36130
- RESERVED
-CVE-2020-36129
- RESERVED
+CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
+CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.1.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1
+CVE-2020-36129 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <not-affected> (Vulnerable code introduced later)
+ [buster] - aom <not-affected> (Vulnerable code introduced later)
+ NOTE: https://aomedia.googlesource.com/aom/+/7a20d10027fd91fbe11e38182a1d45238e102c4a%5E%21/#F0 (v3.2.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1
CVE-2020-36128 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
NOT-FOR-US: Pax Technology PAXSTORE
CVE-2020-36127 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
@@ -1210,12 +1250,12 @@ CVE-2020-36066 (GJSON &lt;1.6.5 allows attackers to cause a denial of service (r
NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3
CVE-2020-36065
RESERVED
-CVE-2020-36064
- RESERVED
+CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardcoded cr ...)
+ NOT-FOR-US: Online Course Registration
CVE-2020-36063
RESERVED
-CVE-2020-36062
- RESERVED
+CVE-2020-36062 (Dairy Farm Shop Management System v1.0 was discovered to contain hardc ...)
+ NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
CVE-2020-36061
RESERVED
CVE-2020-36060
@@ -1226,8 +1266,8 @@ CVE-2020-36058
RESERVED
CVE-2020-36057
RESERVED
-CVE-2020-36056
- RESERVED
+CVE-2020-36056 (Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_ ...)
+ NOT-FOR-US: Beetel
CVE-2020-36055
RESERVED
CVE-2020-36054
@@ -2522,7 +2562,7 @@ CVE-2020-35506 (A use-after-free vulnerability was found in the am53c974 SCSI ho
[experimental] - qemu 1:6.0+dfsg-1~exp0
- qemu 1:6.0+dfsg-3 (bug #984454)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
- [buster] - qemu <postponed> (Fix along in future DSA)
+ [buster] - qemu <not-affected> (Vulnerable code not present, FIFO support added later)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
NOTE: https://bugs.launchpad.net/qemu/+bug/1909247
@@ -2560,6 +2600,7 @@ CVE-2020-35503 (A NULL pointer dereference flaw was found in the megasas-gen2 SC
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
+ NOTE: No upstream patch as of 2022-01-28
CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...)
{DLA-2548-1}
- privoxy 3.0.29-1
@@ -2856,8 +2897,8 @@ CVE-2020-35400
RESERVED
CVE-2020-35399
RESERVED
-CVE-2020-35398
- RESERVED
+CVE-2020-35398 (An issue was discovered in UTI Mutual fund Android application 5.4.18 ...)
+ NOT-FOR-US: UTI Mutual fund Android application
CVE-2020-35397
RESERVED
CVE-2020-35396 (EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting ( ...)
@@ -3228,22 +3269,22 @@ CVE-2020-35218
RESERVED
CVE-2020-35217 (Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSR ...)
NOT-FOR-US: Vert.x-Web framework
-CVE-2020-35216
- RESERVED
-CVE-2020-35215
- RESERVED
-CVE-2020-35214
- RESERVED
-CVE-2020-35213
- RESERVED
+CVE-2020-35216 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35215 (An issue in Atomix v3.1.5 allows attackers to access sensitive informa ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35214 (An issue in Atomix v3.1.5 allows a malicious Atomix node to remove sta ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35213 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+ NOT-FOR-US: Atomix
CVE-2020-35212
RESERVED
-CVE-2020-35211
- RESERVED
-CVE-2020-35210
- RESERVED
-CVE-2020-35209
- RESERVED
+CVE-2020-35211 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become t ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35210 (A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35209 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a t ...)
+ NOT-FOR-US: Atomix
CVE-2020-35208 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS
CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
@@ -3405,7 +3446,8 @@ CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2
NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
NOTE: https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2
NOTE: https://github.com/leenooks/phpLDAPadmin/issues/130
- NOTE: unclear whether the issue is completely fixed, cf. https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
+ NOTE: Fix is incomplete: https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
+ NOTE: https://github.com/leenooks/phpLDAPadmin/issues/137
CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP code and ...)
NOT-FOR-US: Agentejo Cockpit
CVE-2020-35130
@@ -3484,10 +3526,14 @@ CVE-2020-35076
REJECTED
CVE-2020-35061
RESERVED
+CVE-2020-35037 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin events-manager
CVE-2020-35030
RESERVED
CVE-2020-35017
RESERVED
+CVE-2020-35012 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin events-manager
CVE-2020-35001
RESERVED
CVE-2020-29670
@@ -3744,7 +3790,8 @@ CVE-2020-29584
CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an undocumented ac ...)
NOT-FOR-US: Zyxel
CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for ...)
- - kotlin <unfixed>
+ - kotlin <unfixed> (bug #1001037)
+ NOTE: https://youtrack.jetbrains.com/issue/KT-42181 (not public)
CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a blank pa ...)
NOT-FOR-US: spiped Docker images
CVE-2020-29580 (The official storm Docker images before 1.2.1 contain a blank password ...)
@@ -3847,7 +3894,7 @@ CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.
NOT-FOR-US: SmarterTools
CVE-2020-29547
RESERVED
- - citadel <unfixed>
+ - citadel <removed>
[buster] - citadel <ignored> (Minor issue)
[stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259
@@ -3931,9 +3978,9 @@ CVE-2020-29512
CVE-2020-29511 (The encoding/xml package in Go (all versions) does not correctly prese ...)
- golang-1.15 <unfixed> (unimportant)
- golang-1.11 <removed> (unimportant)
- - golang-1.8 <removed>
+ - golang-1.8 <removed> (unimportant)
[stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
- - golang-1.7 <removed>
+ - golang-1.7 <removed> (unimportant)
[stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
NOTE: https://github.com/golang/go/issues/43168
NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
@@ -3941,9 +3988,9 @@ CVE-2020-29511 (The encoding/xml package in Go (all versions) does not correctly
CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does not corr ...)
- golang-1.15 <unfixed> (unimportant)
- golang-1.11 <removed> (unimportant)
- - golang-1.8 <removed>
+ - golang-1.8 <removed> (unimportant)
[stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
- - golang-1.7 <removed>
+ - golang-1.7 <removed> (unimportant)
[stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
NOTE: https://github.com/golang/go/issues/43168
NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
@@ -4474,8 +4521,8 @@ CVE-2020-29294
RESERVED
CVE-2020-29293
RESERVED
-CVE-2020-29292
- RESERVED
+CVE-2020-29292 (iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) at ...)
+ NOT-FOR-US: iBall WRD12EN
CVE-2020-29291
RESERVED
CVE-2020-29290
@@ -4704,10 +4751,10 @@ CVE-2020-29179
RESERVED
CVE-2020-29178
RESERVED
-CVE-2020-29177
- RESERVED
-CVE-2020-29176
- RESERVED
+CVE-2020-29177 (Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file dele ...)
+ NOT-FOR-US: Z-BlogPHP
+CVE-2020-29176 (An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows ...)
+ NOT-FOR-US: Z-BlogPHP
CVE-2020-29175
RESERVED
CVE-2020-29174
@@ -4973,8 +5020,12 @@ CVE-2020-29052
RESERVED
CVE-2020-29051
RESERVED
-CVE-2020-29050
- RESERVED
+CVE-2020-29050 (SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows direct ...)
+ {DSA-5036-1 DLA-2882-1}
+ - sphinxsearch 2.2.11-3
+ NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
+ NOTE: and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa
+ NOTE: Backported patch: https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch
CVE-2020-29049
RESERVED
CVE-2020-29048
@@ -5330,8 +5381,8 @@ CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through
NOT-FOR-US: Devid Espenschied PC Analyser
CVE-2020-28920
RESERVED
-CVE-2020-28919
- RESERVED
+CVE-2020-28919 (A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x pr ...)
+ - check-mk <removed>
CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...)
NOT-FOR-US: DualShield
CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
@@ -5418,10 +5469,10 @@ CVE-2020-28887
RESERVED
CVE-2020-28886
RESERVED
-CVE-2020-28885
- RESERVED
-CVE-2020-28884
- RESERVED
+CVE-2020-28885 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is ...)
+ NOT-FOR-US: Liferay
+CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
+ NOT-FOR-US: Liferay
CVE-2020-28883
RESERVED
CVE-2020-28882
@@ -5487,12 +5538,14 @@ CVE-2020-28853
CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...)
- golang-golang-x-text 0.3.5-1 (bug #980002)
- golang-x-text <removed>
+ [buster] - golang-x-text <no-dsa> (Minor issue)
[stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.)
NOTE: https://github.com/golang/go/issues/42536
NOTE: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5)
CVE-2020-28851 (In x/text in Go 1.15.4, an "index out of range" panic occurs in langua ...)
- golang-golang-x-text 0.3.6-1 (bug #980001)
- golang-x-text <removed>
+ [buster] - golang-x-text <no-dsa> (Minor issue)
[stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.)
NOTE: https://github.com/golang/go/issues/42535
CVE-2020-28850
@@ -5839,8 +5892,8 @@ CVE-2020-28681
RESERVED
CVE-2020-28680
RESERVED
-CVE-2020-28679
- RESERVED
+CVE-2020-28679 (A vulnerability in the showReports module of Zoho ManageEngine Applica ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-28678
RESERVED
CVE-2020-28677
@@ -6471,7 +6524,7 @@ CVE-2020-28408 (The server in Dundas BI through 8.0.0.1001 allows XSS via an HTM
NOT-FOR-US: Dundas BI
CVE-2020-28407
RESERVED
- - swtpm <itp> (bug #941199)
+ - swtpm <not-affected> (Fixed before initial upload to the archive)
CVE-2020-28406 (An improper authorization vulnerability exists in Star Practice Manage ...)
NOT-FOR-US: Star Practice Management Web
CVE-2020-28405 (An improper authorization vulnerability exists in Star Practice Manage ...)
@@ -6764,7 +6817,7 @@ CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0
NOT-FOR-US: libnested
CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows ...)
- node-getobject 1.0.2-1
- [bullseye] - node-getobject <no-dsa> (Minor issue)
+ [bullseye] - node-getobject 0.1.0-2+deb11u1
[buster] - node-getobject <no-dsa> (Minor issue)
[stretch] - node-getobject <no-dsa> (Minor issue)
NOTE: https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0)
@@ -6849,6 +6902,10 @@ CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The min
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/e02df6fd3ceb605a58e4ac75c06077f52963187a (v2016.3)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/61dd6d178b1dae0a1bf884bcd1149003281f8194 (v3002.3)
+ NOTE: Follow-up: https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2 (v3002.6)
+ NOTE: Follow-up doc: https://github.com/saltstack/salt/commit/903cfdcf6863b288fa41549bd991da6049962f54 (next commit)
CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
- asterisk 1:16.15.0~dfsg-1 (bug #974713)
[buster] - asterisk <no-dsa> (Minor issue)
@@ -6943,6 +7000,7 @@ CVE-2020-28201
RESERVED
CVE-2020-28200 (The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource ...)
- dovecot 1:2.3.16+dfsg1-1 (bug #990566; bug #991323)
+ [bullseye] - dovecot <postponed> (Minor issue, fix along with next update)
[buster] - dovecot <postponed> (Minor issue, fix along with next update)
[stretch] - dovecot <no-dsa> (Minor issue)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html
@@ -7026,6 +7084,11 @@ CVE-2020-28164
RESERVED
CVE-2020-28163
RESERVED
+ - dwarfutils 20201201-1
+ [buster] - dwarfutils <ignored> (Minor issue)
+ [stretch] - dwarfutils <ignored> (Minor issue)
+ NOTE: https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3
+ NOTE: https://www.prevanders.net/dwarfbug.html#DW202010-003
CVE-2020-28162
RESERVED
CVE-2020-28161
@@ -7144,10 +7207,10 @@ CVE-2020-28105
RESERVED
CVE-2020-28104
RESERVED
-CVE-2020-28103
- RESERVED
-CVE-2020-28102
- RESERVED
+CVE-2020-28103 (cscms v4.1 allows for SQL injection via the "page_del" function. ...)
+ NOT-FOR-US: cscms
+CVE-2020-28102 (cscms v4.1 allows for SQL injection via the "js_del" function. ...)
+ NOT-FOR-US: cscms
CVE-2020-28101
RESERVED
CVE-2020-28100
@@ -7905,6 +7968,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the
NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7 (v3.0)
CVE-2020-27820 (A vulnerability was found in Linux kernel, where a use-after-frees in ...)
- linux 5.15.5-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
NOTE: No security impact, requires physical access to the computer
CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...)
- r-cran-readxl <not-affected> (Embeds libxls, but not affected)
@@ -8248,16 +8312,16 @@ CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive I
{DSA-4841-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
- slurm-llnl <removed> (bug #974722)
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
+ [stretch] - slurm-llnl <not-affected> (Vulnerable code introduced later)
NOTE: https://www.schedmd.com/news.php?id=240
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c
NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix
+ NOTE: Introduced by: https://github.com/SchedMD/slurm/commit/e3140b7f8d96ced9dc85089caa65dd7c6be396fd (slurm-17-11-0-0rc1)
CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...)
- {DSA-4841-1}
+ {DSA-4841-1 DLA-2886-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
- slurm-llnl <removed> (bug #974721)
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
NOTE: https://www.schedmd.com/news.php?id=240
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
NOTE: https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81
@@ -8287,11 +8351,11 @@ CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit throug
- webcit <removed> (bug #973385)
[buster] - webcit <ignored> (Minor issue)
[stretch] - webcit <ignored> (Minor issue)
-CVE-2020-27738 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27738 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27737 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27737 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27736 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27736 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...)
NOT-FOR-US: Wing FTP
@@ -8431,10 +8495,11 @@ CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct O
- glpi <removed>
CVE-2020-27661 (A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-d ...)
- qemu 1:5.2+dfsg-1 (bug #972864)
- [buster] - qemu <postponed> (Fix along in future DSA)
+ [buster] - qemu <not-affected> (Vulnerable code not present)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03 (v5.2.0-rc0)
+ NOTE: Introduced in v5.1.0-rc0
CVE-2020-27660 (SQL injection vulnerability in request.cgi in Synology SafeAccess befo ...)
NOT-FOR-US: Synology
CVE-2020-27659 (Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAc ...)
@@ -8729,6 +8794,11 @@ CVE-2020-27546
RESERVED
CVE-2020-27545
RESERVED
+ - dwarfutils 20201201-1
+ [buster] - dwarfutils <ignored> (Minor issue)
+ [stretch] - dwarfutils <ignored> (Minor issue)
+ NOTE: https://www.prevanders.net/dwarfbug.html#DW202010-001
+ NOTE: https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea
CVE-2020-27544
RESERVED
CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote attackers ...)
@@ -8798,6 +8868,7 @@ CVE-2020-27512
CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...)
- prototypejs <unfixed> (bug #991898)
[bullseye] - prototypejs <no-dsa> (Minor issue)
+ [buster] - prototypejs <no-dsa> (Minor issue)
[stretch] - prototypejs <no-dsa> (Minor issue)
NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
@@ -8967,8 +9038,8 @@ CVE-2020-27430
RESERVED
CVE-2020-27429
RESERVED
-CVE-2020-27428
- RESERVED
+CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...)
+ NOT-FOR-US: Scratch-Svg-Renderer
CVE-2020-27427
RESERVED
CVE-2020-27426
@@ -8991,14 +9062,14 @@ CVE-2020-27418
RESERVED
CVE-2020-27417
RESERVED
-CVE-2020-27416
- RESERVED
+CVE-2020-27416 (Mahavitaran android application 7.50 and prior are affected by account ...)
+ NOT-FOR-US: Mahavitaran android application
CVE-2020-27415
RESERVED
-CVE-2020-27414
- RESERVED
-CVE-2020-27413
- RESERVED
+CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...)
+ NOT-FOR-US: Mahavitaran android application
+CVE-2020-27413 (An issue was discovered in Mahavitaran android application 7.50 and be ...)
+ NOT-FOR-US: Mahavitaran android application
CVE-2020-27412
RESERVED
CVE-2020-27411
@@ -9113,8 +9184,8 @@ CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10.
NOT-FOR-US: REDCap
CVE-2020-27357
RESERVED
-CVE-2020-27356
- RESERVED
+CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...)
+ NOT-FOR-US: debug-meta-data plugin for WordPress
CVE-2020-27355
RESERVED
CVE-2020-27354
@@ -9874,7 +9945,7 @@ CVE-2020-27011
RESERVED
CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
NOT-FOR-US: Trend Micro
-CVE-2020-27009 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All versions &lt; ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
NOT-FOR-US: JT2Go
@@ -10574,8 +10645,8 @@ CVE-2020-26730
RESERVED
CVE-2020-26729
RESERVED
-CVE-2020-26728
- RESERVED
+CVE-2020-26728 (A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi an ...)
+ NOT-FOR-US: Tenda AC9 Router
CVE-2020-26727
RESERVED
CVE-2020-26726
@@ -10904,21 +10975,21 @@ CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.
CVE-2020-26573
RESERVED
CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...)
+ {DLA-2832-1}
- opensc 0.21.0-1 (bug #972035)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1)
CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...)
+ {DLA-2832-1}
- opensc 0.21.0-1 (bug #972036)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1)
CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...)
+ {DLA-2832-1}
- opensc 0.21.0-1 (bug #972037)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e (0.21.0-rc1)
CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets can lea ...)
@@ -11761,8 +11832,12 @@ CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to e
NOT-FOR-US: BookStack app
CVE-2020-26209
RESERVED
-CVE-2020-26208
- RESERVED
+CVE-2020-26208 (JHEAD is a simple command line tool for displaying and some manipulati ...)
+ - jhead 1:3.04-6 (bug #972617; unimportant)
+ NOTE: https://github.com/Matthias-Wandel/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4
+ NOTE: https://github.com/Matthias-Wandel/jhead/issues/7
+ NOTE: https://sources.debian.org/src/jhead/1%3A3.04-6/debian/patches/allocate-extra.patch/
+ NOTE: Crash in CLI tool, no security impact
CVE-2020-26207 (DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary ...)
NOT-FOR-US: DatabaseSchemaViewer
CVE-2020-26206
@@ -12449,8 +12524,8 @@ CVE-2020-25907
RESERVED
CVE-2020-25906
RESERVED
-CVE-2020-25905
- RESERVED
+CVE-2020-25905 (An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop Sys ...)
+ NOT-FOR-US: Sourcecodester
CVE-2020-25904
RESERVED
CVE-2020-25903
@@ -12851,6 +12926,7 @@ CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer der
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
+ NOTE: No upstream patch as of 2022-01-28
CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
- qemu <unfixed> (bug #971390)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
@@ -12858,6 +12934,7 @@ CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
+ NOTE: No upstream patch as of 2022-01-28
CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
- qemu <unfixed> (bug #970939)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
@@ -12865,6 +12942,7 @@ CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL poi
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
+ NOTE: No upstream patch as of 2022-01-28
CVE-2020-25740
RESERVED
CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
@@ -12914,8 +12992,7 @@ CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation
- qemu 1:5.2+dfsg-1 (bug #975276)
[buster] - qemu <postponed> (Fix along in future DSA)
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0)
-CVE-2020-25722 [AD DC UPN vs samAccountName not checked]
- RESERVED
+CVE-2020-25722 (Multiple flaws were found in the way samba AD DC implemented access an ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
@@ -12932,27 +13009,23 @@ CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (e
NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html
CVE-2020-25720
RESERVED
-CVE-2020-25719 [AD DC Username based races when no PAC is given]
- RESERVED
+CVE-2020-25719 (A flaw was found in the way Samba, as an Active Directory Domain Contr ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html
-CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers]
- RESERVED
+CVE-2020-25718 (A flaw was found in the way samba, as an Active Directory Domain Contr ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
-CVE-2020-25717 [A user on the domain can become root on domain members]
- RESERVED
- {DSA-5003-1}
+CVE-2020-25717 (A flaw was found in the way Samba maps domain users to local users. An ...)
+ {DSA-5015-1 DSA-5003-1}
- samba 2:4.13.14+dfsg-1
- [buster] - samba <ignored> (Intrusive backport; backport only 'min domain uid' parameter)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25717.html
@@ -12968,10 +13041,10 @@ CVE-2020-25715 (A flaw was found in pki-core 10.9.0. A specially crafted POST re
CVE-2020-25714
RESERVED
CVE-2020-25713 (A malformed input file can lead to a segfault due to an out of bounds ...)
+ {DLA-2846-1}
- raptor <removed>
- raptor2 2.0.14-1.2 (bug #974664)
[buster] - raptor2 <no-dsa> (Minor issue)
- [stretch] - raptor2 <postponed> (Minor issue; reconsider when fixed upstream.)
NOTE: https://bugs.librdf.org/mantis/view.php?id=650
CVE-2020-25712 (A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer over ...)
{DSA-4803-1 DLA-2486-1}
@@ -13505,8 +13578,7 @@ CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates
{DSA-4837-1 DLA-2480-1}
- salt 3002.1+dfsg1-1
NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
- NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/25/2018.3.5.patch (2018.3.5)
- NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/25/2016.11.3.patch (2016.11.3)
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/09/25
CVE-2020-25591
RESERVED
CVE-2020-25590
@@ -13833,8 +13905,10 @@ CVE-2020-25429
RESERVED
CVE-2020-25428
RESERVED
-CVE-2020-25427
- RESERVED
+CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - GPAC versio ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1406
+ NOTE: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701
CVE-2020-25426
RESERVED
CVE-2020-25425
@@ -14322,7 +14396,7 @@ CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer
CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...)
- rust-rand-core 0.5.0-1 (bug #969911; low)
[buster] - rust-rand-core <ignored> (Minor issue)
- - rust-rand-core-0.3 <unfixed> (bug #970186; low)
+ - rust-rand-core-0.3 <removed> (bug #970186; low)
- rust-rand-core-0.2 <removed> (bug #970185; low)
[buster] - rust-rand-core-0.2 <ignored> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
@@ -14696,9 +14770,11 @@ CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order
CVE-2020-25041
RESERVED
CVE-2020-25040 (Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
- singularity-container <unfixed> (bug #970465)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762
CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on tem ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
- singularity-container <unfixed> (bug #970465)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
CVE-2020-25038
@@ -14931,9 +15007,11 @@ CVE-2020-24943
CVE-2020-24942
RESERVED
CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://blog.laravel.com/security-release-laravel-61835-7240
CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://blog.laravel.com/security-release-laravel-61834-7232
CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to ...)
NOT-FOR-US: Stampit supermixer
CVE-2020-24938
@@ -15042,7 +15120,7 @@ CVE-2020-24890 (** DISPUTED ** libraw 20.0 has a null pointer dereference vulner
CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version &lt; 20.0 LibRaw::Ge ...)
- libraw 0.20.2-1
[buster] - libraw <no-dsa> (Minor issue)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/334
NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee
CVE-2020-24888
@@ -17134,8 +17212,8 @@ CVE-2020-23988
RESERVED
CVE-2020-23987
RESERVED
-CVE-2020-23986
- RESERVED
+CVE-2020-23986 (Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 w ...)
+ NOT-FOR-US: Github Read Me Stats
CVE-2020-23985
RESERVED
CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
@@ -17329,7 +17407,7 @@ CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of
NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be84216c53a4ed81573c82320e9c4a20e9b349d9 (n4.3.1)
CVE-2020-23905
RESERVED
-CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...)
+CVE-2020-23904 (** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 all ...)
- speex <unfixed>
[bullseye] - speex <no-dsa> (Minor issue)
[buster] - speex <no-dsa> (Minor issue)
@@ -17379,6 +17457,7 @@ CVE-2020-23885
RESERVED
CVE-2020-23884 (A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial ...)
- nomacs <unfixed>
+ [buster] - nomacs <no-dsa> (Minor issue)
[stretch] - nomacs <no-dsa> (Minor issue)
NOTE: https://github.com/nomacs/nomacs/issues/516
CVE-2020-23883
@@ -17440,8 +17519,9 @@ CVE-2020-23858
CVE-2020-23857
RESERVED
CVE-2020-23856 (Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, ...)
- - cflow <unfixed> (unimportant; bug #988985)
+ - cflow 1:1.6-6 (unimportant; bug #988985)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
+ NOTE: https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
NOTE: Crash in CLI tool, no security impact
CVE-2020-23855
RESERVED
@@ -18063,8 +18143,8 @@ CVE-2020-23547
RESERVED
CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...)
NOT-FOR-US: IrfanView
-CVE-2020-23545
- RESERVED
+CVE-2020-23545 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ NOT-FOR-US: IrfanView
CVE-2020-23544
RESERVED
CVE-2020-23543
@@ -18538,8 +18618,8 @@ CVE-2020-23317
RESERVED
CVE-2020-23316
RESERVED
-CVE-2020-23315
- RESERVED
+CVE-2020-23315 (There is an ASSERTION (pFuncBody-&gt;GetYieldRegister() == oldYieldReg ...)
+ NOT-FOR-US: Microsoft
CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...)
- iotjs <unfixed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
@@ -19009,6 +19089,8 @@ CVE-2020-23110
RESERVED
CVE-2020-23109 (Buffer overflow vulnerability in function convert_colorspace in heif_c ...)
- libheif <unfixed>
+ [bullseye] - libheif <no-dsa> (Minor issue)
+ [buster] - libheif <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libheif/issues/207
CVE-2020-23108
RESERVED
@@ -19174,8 +19256,9 @@ CVE-2020-23028
RESERVED
CVE-2020-23027
RESERVED
-CVE-2020-23026
- RESERVED
+CVE-2020-23026 (A NULL pointer dereference in the main() function dhry_1.c of dhryston ...)
+ - dhrystone <itp> (bug #693342)
+ NOTE: https://github.com/sifive/benchmark-dhrystone
CVE-2020-23025
RESERVED
CVE-2020-23024
@@ -19894,7 +19977,7 @@ CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function
NOTE: https://github.com/gpac/gpac/commit/5aa8c4bbd970a3a77517b00528a596063efca1a9
CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...)
- gpac 1.0.1+dfsg1-2
- [buster] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
NOTE: https://github.com/gpac/gpac/issues/1346
NOTE: https://github.com/gpac/gpac/commit/6040a5981a9f51410bd18af8820afbd2748c2d76
@@ -20067,8 +20150,6 @@ CVE-2020-22594
RESERVED
CVE-2020-22593
RESERVED
-CVE-2020-22592
- RESERVED
CVE-2020-22591
RESERVED
CVE-2020-22590
@@ -20409,8 +20490,8 @@ CVE-2020-22423
RESERVED
CVE-2020-22422
RESERVED
-CVE-2020-22421
- RESERVED
+CVE-2020-22421 (74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vu ...)
+ NOT-FOR-US: 74CMS
CVE-2020-22420
RESERVED
CVE-2020-22419
@@ -21146,16 +21227,16 @@ CVE-2020-22063
RESERVED
CVE-2020-22062
RESERVED
-CVE-2020-22061
- RESERVED
+CVE-2020-22061 (SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the ...)
+ NOT-FOR-US: SUPERAntispyware
CVE-2020-22060
RESERVED
CVE-2020-22059
RESERVED
CVE-2020-22058
RESERVED
-CVE-2020-22057
- RESERVED
+CVE-2020-22057 (The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precisio ...)
+ NOT-FOR-US: EVGA Precision XOC
CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
[stretch] - ffmpeg <not-affected> (vulnerable code is not present)
@@ -22266,7 +22347,7 @@ CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/240
CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -22278,7 +22359,7 @@ CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/241
CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -22290,7 +22371,7 @@ CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_ima
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/235
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -23076,12 +23157,12 @@ CVE-2020-21240
RESERVED
CVE-2020-21239
RESERVED
-CVE-2020-21238
- RESERVED
-CVE-2020-21237
- RESERVED
-CVE-2020-21236
- RESERVED
+CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers to hijac ...)
+ NOT-FOR-US: CSCMS
+CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers to hija ...)
+ NOT-FOR-US: LJCMS
+CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit of Dami ...)
+ NOT-FOR-US: DamiCMS
CVE-2020-21235
RESERVED
CVE-2020-21234
@@ -23674,18 +23755,18 @@ CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Micro
NOT-FOR-US: Microchip Libraries for Applications
CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...)
NOT-FOR-US: STM32 cryptographic firmware library
-CVE-2020-20948
- RESERVED
+CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows attacker ...)
+ NOT-FOR-US: jeecg
CVE-2020-20947
RESERVED
-CVE-2020-20946
- RESERVED
-CVE-2020-20945
- RESERVED
-CVE-2020-20944
- RESERVED
-CVE-2020-20943
- RESERVED
+CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability ...)
+ NOT-FOR-US: Qibosoft
+CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&amp ...)
+ NOT-FOR-US: Qibosoft
+CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&amp;action=del of Qibosoft v7 a ...)
+ NOT-FOR-US: Qibosoft
+CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&am ...)
+ NOT-FOR-US: Qibosoft
CVE-2020-20942
RESERVED
CVE-2020-20941
@@ -24391,32 +24472,33 @@ CVE-2020-20607
RESERVED
CVE-2020-20606
RESERVED
-CVE-2020-20605
- RESERVED
+CVE-2020-20605 (Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in t ...)
+ NOT-FOR-US: Blog CMS
CVE-2020-20604
RESERVED
CVE-2020-20603
RESERVED
CVE-2020-20602
RESERVED
-CVE-2020-20601
- RESERVED
-CVE-2020-20600
- RESERVED
+CVE-2020-20601 (An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbi ...)
+ NOT-FOR-US: ThinkCMF
+CVE-2020-20600 (MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerab ...)
+ NOT-FOR-US: MetInfo
CVE-2020-20599
RESERVED
-CVE-2020-20598
- RESERVED
-CVE-2020-20597
- RESERVED
+CVE-2020-20598 (A cross-site scripting (XSS) vulnerability in the Editing component of ...)
+ NOT-FOR-US: com.mossle.lemon
+CVE-2020-20597 (A cross-site scripting (XSS) vulnerability in the potrtalItemName para ...)
+ NOT-FOR-US: com.mossle.lemon
+ NOTE: https://github.com/xuhuisheng/lemon
CVE-2020-20596
RESERVED
-CVE-2020-20595
- RESERVED
+CVE-2020-20595 (A cross-site request forgery (CSRF) in OPMS v1.3 and below allows atta ...)
+ NOT-FOR-US: OPMS
CVE-2020-20594
RESERVED
-CVE-2020-20593
- RESERVED
+CVE-2020-20593 (A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authent ...)
+ NOT-FOR-US: Rockoa
CVE-2020-20592
RESERVED
CVE-2020-20591
@@ -24782,10 +24864,10 @@ CVE-2020-20428
RESERVED
CVE-2020-20427
RESERVED
-CVE-2020-20426
- RESERVED
-CVE-2020-20425
- RESERVED
+CVE-2020-20426 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...)
+ NOT-FOR-US: S-CMS Government Station Building System
+CVE-2020-20425 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...)
+ NOT-FOR-US: S-CMS Government Station Building System
CVE-2020-20424
RESERVED
CVE-2020-20423
@@ -25912,14 +25994,25 @@ CVE-2020-19863
RESERVED
CVE-2020-19862
RESERVED
-CVE-2020-19861
- RESERVED
-CVE-2020-19860
- RESERVED
+CVE-2020-19861 (When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt ...)
+ {DLA-2910-1}
+ - ldns <unfixed>
+ [bullseye] - ldns <no-dsa> (Minor issue)
+ [buster] - ldns <no-dsa> (Minor issue)
+ NOTE: https://github.com/NLnetLabs/ldns/issues/51
+ NOTE: https://github.com/NLnetLabs/ldns/commit/136ec420437041fe13f344a2053e774f9050cc38 (1.8.0-rc.1)
+CVE-2020-19860 (When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_ ...)
+ {DLA-2910-1}
+ - ldns <unfixed>
+ [bullseye] - ldns <no-dsa> (Minor issue)
+ [buster] - ldns <no-dsa> (Minor issue)
+ NOTE: https://github.com/NLnetLabs/ldns/issues/50
+ NOTE: https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3 (1.8.0-rc.1)
+ NOTE: https://github.com/NLnetLabs/ldns/commit/4e9861576a600a5ecfa16ec2de853c90dd9ce276 (1.8.0-rc.1)
CVE-2020-19859
RESERVED
-CVE-2020-19858
- RESERVED
+CVE-2020-19858 (Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...)
+ NOT-FOR-US: Platinum Upnp SDK
CVE-2020-19857
RESERVED
CVE-2020-19856
@@ -26094,8 +26187,8 @@ CVE-2020-19772
RESERVED
CVE-2020-19771
RESERVED
-CVE-2020-19770
- RESERVED
+CVE-2020-19770 (A cross-site scripting (XSS) vulnerability in the system bulletin comp ...)
+ NOT-FOR-US: WUZHI CMS
CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...)
NOT-FOR-US: Rob The Bank
CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...)
@@ -26285,10 +26378,10 @@ CVE-2020-19685
RESERVED
CVE-2020-19684
RESERVED
-CVE-2020-19683
- RESERVED
-CVE-2020-19682
- RESERVED
+CVE-2020-19683 (A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile a ...)
+ NOT-FOR-US: zzzcms
+CVE-2020-19682 (A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7 ...)
+ NOT-FOR-US: zzzcms
CVE-2020-19681
RESERVED
CVE-2020-19680
@@ -26316,11 +26409,15 @@ CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authenticat
CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...)
NOT-FOR-US: Eyoucms
CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...)
- - libsixel <unfixed> (bug #990799)
+ - libsixel 1.10.3-1 (bug #990799)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/136
+ NOTE: https://github.com/libsixel/libsixel/issues/7
+ NOTE: https://github.com/libsixel/libsixel/pull/8
+ NOTE: https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968 (v1.9.0)
+ NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork
CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in ...)
{DLA-2523-1}
- imagemagick 8:6.9.11.24+dfsg-1
@@ -26438,8 +26535,8 @@ CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs fu
NOT-FOR-US: sunkaifei FlyCMS
CVE-2020-19612
RESERVED
-CVE-2020-19611
- RESERVED
+CVE-2020-19611 (Cross Site Scripting (XSS) in redirect module of Racktables version 0. ...)
+ - racktables <itp> (bug #629531)
CVE-2020-19610
RESERVED
CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...)
@@ -26708,8 +26805,11 @@ CVE-2020-19489
RESERVED
CVE-2020-19488 (An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, ...)
- gpac 1.0.1+dfsg1-2
- NOTE: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
NOTE: https://github.com/gpac/gpac/issues/1263
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf (v0.8.0)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09 (v0.9.0-preview)
CVE-2020-19487
RESERVED
CVE-2020-19486
@@ -26724,12 +26824,13 @@ CVE-2020-19482
RESERVED
CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Bo ...)
- gpac 1.0.1+dfsg1-2
- [buster] - gpac <ignored> (Minor issue)
- [stretch] - gpac <ignored> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
NOTE: https://github.com/gpac/gpac/issues/1265
NOTE: https://github.com/gpac/gpac/issues/1266
NOTE: https://github.com/gpac/gpac/issues/1267
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview)
CVE-2020-19480
RESERVED
CVE-2020-19479
@@ -27084,8 +27185,10 @@ CVE-2020-19318
RESERVED
CVE-2020-19317
RESERVED
-CVE-2020-19316
- RESERVED
+CVE-2020-19316 (OS Command injection vulnerability in function link in Filesystem.php ...)
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/
+ NOTE: https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 (5.8.17)
CVE-2020-19315
RESERVED
CVE-2020-19314
@@ -27646,8 +27749,8 @@ CVE-2020-19044
RESERVED
CVE-2020-19043
RESERVED
-CVE-2020-19042
- RESERVED
+CVE-2020-19042 (Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via ...)
+ NOT-FOR-US: zzcms
CVE-2020-19041
RESERVED
CVE-2020-19040
@@ -27760,10 +27863,10 @@ CVE-2020-18987
RESERVED
CVE-2020-18986
RESERVED
-CVE-2020-18985
- RESERVED
-CVE-2020-18984
- RESERVED
+CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboratio ...)
+ NOT-FOR-US: Zimbra
+CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmi ...)
+ NOT-FOR-US: Zimbra
CVE-2020-18983
RESERVED
CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...)
@@ -28423,13 +28526,13 @@ CVE-2020-18672
CVE-2020-18671 (Cross Site Scripting (XSS) vulnerability in Roundcube Mail &lt;=1.4.4 ...)
- roundcube 1.4.5+dfsg.1-1
[buster] - roundcube 1.3.13+dfsg.1-1~deb10u1
- [stretch] - roundcube <postponed> (Minor issue, XSS in installer which is not exposed in Debian)
+ [stretch] - roundcube <ignored> (Minor issue, XSS in installer which is not exposed in Debian)
NOTE: https://github.com/roundcube/roundcubemail/issues/7406
NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
CVE-2020-18670 (Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ...)
- roundcube 1.4.5+dfsg.1-1
[buster] - roundcube 1.3.13+dfsg.1-1~deb10u1
- [stretch] - roundcube <postponed> (Minor issue, XSS in installer which is not exposed in Debian)
+ [stretch] - roundcube <ignored> (Minor issue, XSS in installer which is not exposed in Debian)
NOTE: https://github.com/roundcube/roundcubemail/issues/7406
NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
CVE-2020-18669
@@ -28887,10 +28990,10 @@ CVE-2020-18444
CVE-2020-18443
RESERVED
CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...)
+ {DLA-2859-1}
- zziplib 0.13.72+dfsg.1-1
[bullseye] - zziplib <no-dsa> (Minor issue)
[buster] - zziplib <no-dsa> (Minor issue)
- [stretch] - zziplib <postponed> (Minor issue, fix along with next DLA)
NOTE: https://github.com/gdraheim/zziplib/issues/68
NOTE: https://github.com/gdraheim/zziplib/commit/ac9ae39ef419e9f0f83da1e583314d8c7cda34a6
NOTE: https://github.com/gdraheim/zziplib/commit/7e786544084548da7fcfcd9090d3c4e7f5777f7e
@@ -29630,16 +29733,16 @@ CVE-2020-18083
RESERVED
CVE-2020-18082
RESERVED
-CVE-2020-18081
- RESERVED
+CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain a vulne ...)
+ NOT-FOR-US: SEMCMS
CVE-2020-18080
RESERVED
CVE-2020-18079
RESERVED
-CVE-2020-18078
- RESERVED
-CVE-2020-18077
- RESERVED
+CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...)
+ NOT-FOR-US: SEMCMS
+CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...)
+ NOT-FOR-US: FTPShell Server
CVE-2020-18076
RESERVED
CVE-2020-18075
@@ -30855,10 +30958,12 @@ CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attacke
CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...)
NOT-FOR-US: vBulletin
CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
- - python-django-celery-results <unfixed> (bug #968305)
- [bullseye] - python-django-celery-results <no-dsa> (Minor issue)
- [buster] - python-django-celery-results <no-dsa> (Minor issue)
+ - python-django-celery-results <unfixed> (unimportant; bug #968305)
NOTE: https://github.com/celery/django-celery-results/issues/142
+ NOTE: Disputed upstream as security vulnerablity, as it is up to the developers who uses
+ NOTE: sensitive information when calling celery tasks to provide suitable replacement argument
+ NOTE: through argsrepr and kwargsrepr as described in:
+ NOTE: https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270
CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords. ...)
NOT-FOR-US: Untangle Firewall NG
CVE-2020-17493
@@ -31104,8 +31209,8 @@ CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL i
NOT-FOR-US: Cellopoint Cellos
CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
NOT-FOR-US: Cellopoint Cellos
-CVE-2020-17383
- RESERVED
+CVE-2020-17383 (A directory traversal vulnerability on Telos Z/IP One devices through ...)
+ NOT-FOR-US: Telos Z/IP ONE Broadcast
CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...)
NOT-FOR-US: MSI AmbientLink MsIo64 driver
CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
@@ -32211,8 +32316,9 @@ CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending
{DSA-4837-1 DLA-2480-1}
- salt 3002.1+dfsg1-1
NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
- NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x)
- NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2016.11.x.patch (2016.11.x)
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/tree/master/patches/2020/09/02/
+ NOTE: Regression: https://github.com/saltstack/salt/issues/58970
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/84d91931865626a9b53558f88d6c8919a270df3a (v3000.6)
CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...)
{DSA-4848-1 DLA-2460-1 DLA-2459-1}
- golang-1.15 1.15~rc2-1
@@ -32240,405 +32346,405 @@ CVE-2020-16838
CVE-2020-16837
RESERVED
CVE-2020-16836
- RESERVED
+ REJECTED
CVE-2020-16835
- RESERVED
+ REJECTED
CVE-2020-16834
- RESERVED
+ REJECTED
CVE-2020-16833
- RESERVED
+ REJECTED
CVE-2020-16832
- RESERVED
+ REJECTED
CVE-2020-16831
- RESERVED
+ REJECTED
CVE-2020-16830
- RESERVED
+ REJECTED
CVE-2020-16829
- RESERVED
+ REJECTED
CVE-2020-16828
- RESERVED
+ REJECTED
CVE-2020-16827
- RESERVED
+ REJECTED
CVE-2020-16826
- RESERVED
+ REJECTED
CVE-2020-16825
- RESERVED
+ REJECTED
CVE-2020-16824
- RESERVED
+ REJECTED
CVE-2020-16823
- RESERVED
+ REJECTED
CVE-2020-16822
- RESERVED
+ REJECTED
CVE-2020-16821
- RESERVED
+ REJECTED
CVE-2020-16820
- RESERVED
+ REJECTED
CVE-2020-16819
- RESERVED
+ REJECTED
CVE-2020-16818
- RESERVED
+ REJECTED
CVE-2020-16817
- RESERVED
+ REJECTED
CVE-2020-16816
- RESERVED
+ REJECTED
CVE-2020-16815
- RESERVED
+ REJECTED
CVE-2020-16814
- RESERVED
+ REJECTED
CVE-2020-16813
- RESERVED
+ REJECTED
CVE-2020-16812
- RESERVED
+ REJECTED
CVE-2020-16811
- RESERVED
+ REJECTED
CVE-2020-16810
- RESERVED
+ REJECTED
CVE-2020-16809
- RESERVED
+ REJECTED
CVE-2020-16808
- RESERVED
+ REJECTED
CVE-2020-16807
- RESERVED
+ REJECTED
CVE-2020-16806
- RESERVED
+ REJECTED
CVE-2020-16805
- RESERVED
+ REJECTED
CVE-2020-16804
- RESERVED
+ REJECTED
CVE-2020-16803
- RESERVED
+ REJECTED
CVE-2020-16802
- RESERVED
+ REJECTED
CVE-2020-16801
- RESERVED
+ REJECTED
CVE-2020-16800
- RESERVED
+ REJECTED
CVE-2020-16799
- RESERVED
+ REJECTED
CVE-2020-16798
- RESERVED
+ REJECTED
CVE-2020-16797
- RESERVED
+ REJECTED
CVE-2020-16796
- RESERVED
+ REJECTED
CVE-2020-16795
- RESERVED
+ REJECTED
CVE-2020-16794
- RESERVED
+ REJECTED
CVE-2020-16793
- RESERVED
+ REJECTED
CVE-2020-16792
- RESERVED
+ REJECTED
CVE-2020-16791
- RESERVED
+ REJECTED
CVE-2020-16790
- RESERVED
+ REJECTED
CVE-2020-16789
- RESERVED
+ REJECTED
CVE-2020-16788
- RESERVED
+ REJECTED
CVE-2020-16787
- RESERVED
+ REJECTED
CVE-2020-16786
- RESERVED
+ REJECTED
CVE-2020-16785
- RESERVED
+ REJECTED
CVE-2020-16784
- RESERVED
+ REJECTED
CVE-2020-16783
- RESERVED
+ REJECTED
CVE-2020-16782
- RESERVED
+ REJECTED
CVE-2020-16781
- RESERVED
+ REJECTED
CVE-2020-16780
- RESERVED
+ REJECTED
CVE-2020-16779
- RESERVED
+ REJECTED
CVE-2020-16778
- RESERVED
+ REJECTED
CVE-2020-16777
- RESERVED
+ REJECTED
CVE-2020-16776
- RESERVED
+ REJECTED
CVE-2020-16775
- RESERVED
+ REJECTED
CVE-2020-16774
- RESERVED
+ REJECTED
CVE-2020-16773
- RESERVED
+ REJECTED
CVE-2020-16772
- RESERVED
+ REJECTED
CVE-2020-16771
- RESERVED
+ REJECTED
CVE-2020-16770
- RESERVED
+ REJECTED
CVE-2020-16769
- RESERVED
+ REJECTED
CVE-2020-16768
- RESERVED
+ REJECTED
CVE-2020-16767
- RESERVED
+ REJECTED
CVE-2020-16766
- RESERVED
+ REJECTED
CVE-2020-16765
- RESERVED
+ REJECTED
CVE-2020-16764
- RESERVED
+ REJECTED
CVE-2020-16763
- RESERVED
+ REJECTED
CVE-2020-16762
- RESERVED
+ REJECTED
CVE-2020-16761
- RESERVED
+ REJECTED
CVE-2020-16760
- RESERVED
+ REJECTED
CVE-2020-16759
- RESERVED
+ REJECTED
CVE-2020-16758
- RESERVED
+ REJECTED
CVE-2020-16757
- RESERVED
+ REJECTED
CVE-2020-16756
- RESERVED
+ REJECTED
CVE-2020-16755
- RESERVED
+ REJECTED
CVE-2020-16754
- RESERVED
+ REJECTED
CVE-2020-16753
- RESERVED
+ REJECTED
CVE-2020-16752
- RESERVED
+ REJECTED
CVE-2020-16751
- RESERVED
+ REJECTED
CVE-2020-16750
- RESERVED
+ REJECTED
CVE-2020-16749
- RESERVED
+ REJECTED
CVE-2020-16748
- RESERVED
+ REJECTED
CVE-2020-16747
- RESERVED
+ REJECTED
CVE-2020-16746
- RESERVED
+ REJECTED
CVE-2020-16745
- RESERVED
+ REJECTED
CVE-2020-16744
- RESERVED
+ REJECTED
CVE-2020-16743
- RESERVED
+ REJECTED
CVE-2020-16742
- RESERVED
+ REJECTED
CVE-2020-16741
- RESERVED
+ REJECTED
CVE-2020-16740
- RESERVED
+ REJECTED
CVE-2020-16739
- RESERVED
+ REJECTED
CVE-2020-16738
- RESERVED
+ REJECTED
CVE-2020-16737
- RESERVED
+ REJECTED
CVE-2020-16736
- RESERVED
+ REJECTED
CVE-2020-16735
- RESERVED
+ REJECTED
CVE-2020-16734
- RESERVED
+ REJECTED
CVE-2020-16733
- RESERVED
+ REJECTED
CVE-2020-16732
- RESERVED
+ REJECTED
CVE-2020-16731
- RESERVED
+ REJECTED
CVE-2020-16730
- RESERVED
+ REJECTED
CVE-2020-16729
- RESERVED
+ REJECTED
CVE-2020-16728
- RESERVED
+ REJECTED
CVE-2020-16727
- RESERVED
+ REJECTED
CVE-2020-16726
- RESERVED
+ REJECTED
CVE-2020-16725
- RESERVED
+ REJECTED
CVE-2020-16724
- RESERVED
+ REJECTED
CVE-2020-16723
- RESERVED
+ REJECTED
CVE-2020-16722
- RESERVED
+ REJECTED
CVE-2020-16721
- RESERVED
+ REJECTED
CVE-2020-16720
- RESERVED
+ REJECTED
CVE-2020-16719
- RESERVED
+ REJECTED
CVE-2020-16718
- RESERVED
+ REJECTED
CVE-2020-16717
- RESERVED
+ REJECTED
CVE-2020-16716
- RESERVED
+ REJECTED
CVE-2020-16715
- RESERVED
+ REJECTED
CVE-2020-16714
- RESERVED
+ REJECTED
CVE-2020-16713
- RESERVED
+ REJECTED
CVE-2020-16712
- RESERVED
+ REJECTED
CVE-2020-16711
- RESERVED
+ REJECTED
CVE-2020-16710
- RESERVED
+ REJECTED
CVE-2020-16709
- RESERVED
+ REJECTED
CVE-2020-16708
- RESERVED
+ REJECTED
CVE-2020-16707
- RESERVED
+ REJECTED
CVE-2020-16706
- RESERVED
+ REJECTED
CVE-2020-16705
- RESERVED
+ REJECTED
CVE-2020-16704
- RESERVED
+ REJECTED
CVE-2020-16703
- RESERVED
+ REJECTED
CVE-2020-16702
- RESERVED
+ REJECTED
CVE-2020-16701
- RESERVED
+ REJECTED
CVE-2020-16700
- RESERVED
+ REJECTED
CVE-2020-16699
- RESERVED
+ REJECTED
CVE-2020-16698
- RESERVED
+ REJECTED
CVE-2020-16697
- RESERVED
+ REJECTED
CVE-2020-16696
- RESERVED
+ REJECTED
CVE-2020-16695
- RESERVED
+ REJECTED
CVE-2020-16694
- RESERVED
+ REJECTED
CVE-2020-16693
- RESERVED
+ REJECTED
CVE-2020-16692
- RESERVED
+ REJECTED
CVE-2020-16691
- RESERVED
+ REJECTED
CVE-2020-16690
- RESERVED
+ REJECTED
CVE-2020-16689
- RESERVED
+ REJECTED
CVE-2020-16688
- RESERVED
+ REJECTED
CVE-2020-16687
- RESERVED
+ REJECTED
CVE-2020-16686
- RESERVED
+ REJECTED
CVE-2020-16685
- RESERVED
+ REJECTED
CVE-2020-16684
- RESERVED
+ REJECTED
CVE-2020-16683
- RESERVED
+ REJECTED
CVE-2020-16682
- RESERVED
+ REJECTED
CVE-2020-16681
- RESERVED
+ REJECTED
CVE-2020-16680
- RESERVED
+ REJECTED
CVE-2020-16679
- RESERVED
+ REJECTED
CVE-2020-16678
- RESERVED
+ REJECTED
CVE-2020-16677
- RESERVED
+ REJECTED
CVE-2020-16676
- RESERVED
+ REJECTED
CVE-2020-16675
- RESERVED
+ REJECTED
CVE-2020-16674
- RESERVED
+ REJECTED
CVE-2020-16673
- RESERVED
+ REJECTED
CVE-2020-16672
- RESERVED
+ REJECTED
CVE-2020-16671
- RESERVED
+ REJECTED
CVE-2020-16670
- RESERVED
+ REJECTED
CVE-2020-16669
- RESERVED
+ REJECTED
CVE-2020-16668
- RESERVED
+ REJECTED
CVE-2020-16667
- RESERVED
+ REJECTED
CVE-2020-16666
- RESERVED
+ REJECTED
CVE-2020-16665
- RESERVED
+ REJECTED
CVE-2020-16664
- RESERVED
+ REJECTED
CVE-2020-16663
- RESERVED
+ REJECTED
CVE-2020-16662
- RESERVED
+ REJECTED
CVE-2020-16661
- RESERVED
+ REJECTED
CVE-2020-16660
- RESERVED
+ REJECTED
CVE-2020-16659
- RESERVED
+ REJECTED
CVE-2020-16658
- RESERVED
+ REJECTED
CVE-2020-16657
- RESERVED
+ REJECTED
CVE-2020-16656
- RESERVED
+ REJECTED
CVE-2020-16655
- RESERVED
+ REJECTED
CVE-2020-16654
- RESERVED
+ REJECTED
CVE-2020-16653
- RESERVED
+ REJECTED
CVE-2020-16652
- RESERVED
+ REJECTED
CVE-2020-16651
- RESERVED
+ REJECTED
CVE-2020-16650
- RESERVED
+ REJECTED
CVE-2020-16649
- RESERVED
+ REJECTED
CVE-2020-16648
- RESERVED
+ REJECTED
CVE-2020-16647
- RESERVED
+ REJECTED
CVE-2020-16646
- RESERVED
+ REJECTED
CVE-2020-16645
- RESERVED
+ REJECTED
CVE-2020-16644
- RESERVED
+ REJECTED
CVE-2020-16643
- RESERVED
+ REJECTED
CVE-2020-16642
- RESERVED
+ REJECTED
CVE-2020-16641
- RESERVED
+ REJECTED
CVE-2020-16640
- RESERVED
+ REJECTED
CVE-2020-16639
- RESERVED
+ REJECTED
CVE-2020-16638
- RESERVED
+ REJECTED
CVE-2020-16637
- RESERVED
+ REJECTED
CVE-2020-16636
REJECTED
CVE-2020-16635
@@ -33715,25 +33821,22 @@ CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vu
NOT-FOR-US: GoPro
CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
NOT-FOR-US: Nagios Log Server
-CVE-2020-16156 [Signature Verification Bypass]
- RESERVED
+CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass. ...)
- perl <unfixed>
[bullseye] - perl <no-dsa> (Minor issue)
[buster] - perl <no-dsa> (Minor issue)
[stretch] - perl <no-dsa> (Minor issue)
NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
-CVE-2020-16155 [does not uniquely define signed data]
- RESERVED
+CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely define sig ...)
- libcpan-checksums-perl <unfixed>
[bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
[buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
[stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)
NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
-CVE-2020-16154 [Signature Verification Bypass]
- RESERVED
- - cpanminus <unfixed>
+CVE-2020-16154 (The App::cpanminus package 1.7044 for Perl allows Signature Verificati ...)
+ - cpanminus 1.7045-1
[bullseye] - cpanminus <no-dsa> (Minor issue)
[buster] - cpanminus <no-dsa> (Minor issue)
[stretch] - cpanminus <no-dsa> (Minor issue)
@@ -33836,7 +33939,7 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy
[stretch] - linux <not-affected> (Vulnerable configuration combination not possible)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
@@ -34381,9 +34484,14 @@ CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 commu
[buster] - kdepim-runtime <no-dsa> (Minor issue)
- kmail-account-wizard 4:20.04.1-2 (bug #966667)
[buster] - kmail-account-wizard <no-dsa> (Minor issue)
+ - ksmtp <unfixed>
+ [bullseye] - ksmtp <no-dsa> (Minor issue; Upstream changes change API)
+ [buster] - ksmtp <no-dsa> (Minor issue; Upstream changes change API)
NOTE: https://bugs.kde.org/show_bug.cgi?id=423426
NOTE: kdepim-runtime: https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2
NOTE: kmail-account-wizard: https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6
+ NOTE: https://kde.org/info/security/advisory-20211118-1.txt
+ NOTE: https://bugs.kde.org/show_bug.cgi?id=423423
CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...)
{DLA-2329-1}
- libetpan 1.9.4-3 (bug #966647)
@@ -34439,8 +34547,8 @@ CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC
NOT-FOR-US: Fortiguard
CVE-2020-15934
RESERVED
-CVE-2020-15933
- RESERVED
+CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+ NOT-FOR-US: FortiGuard
CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
NOT-FOR-US: Overwolf
CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...)
@@ -34535,7 +34643,7 @@ CVE-2020-15891
RESERVED
CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...)
{DLA-2296-1}
- - luajit <unfixed> (unimportant; bug #966148)
+ - luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant; bug #966148)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6
NOTE: No security impact, only "exploitable" with untrusted Lua code
@@ -34794,7 +34902,7 @@ CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
NOT-FOR-US: Siemens
-CVE-2020-15795 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All versions &lt; ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...)
NOT-FOR-US: Desigo Insight
@@ -35184,7 +35292,7 @@ CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by
- firefox <not-affected> (Specific to Firefox for iOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661
CVE-2020-15660 (Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...)
- NOT-FOR-US: geckodriver
+ - geckodriver <itp> (bug #989456)
CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
- firefox 79.0-1
@@ -35590,7 +35698,7 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This
[experimental] - libraw 0.20.0-1
- libraw 0.20.0-4 (bug #964747)
[buster] - libraw <no-dsa> (Minor issue)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477
NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...)
@@ -36262,6 +36370,7 @@ CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP s
CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...)
NOT-FOR-US: Vapor
CVE-2020-15229 (Singularity (an open source container platform) from version 3.1.1 thr ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
- singularity-container <unfixed> (bug #972212)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9
CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...)
@@ -37924,12 +38033,12 @@ CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri
NOT-FOR-US: Philips
CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
NOT-FOR-US: Softing Industrial Automation
-CVE-2020-14523
- RESERVED
+CVE-2020-14523 (Multiple Mitsubishi Electric Factory Automation products have a vulner ...)
+ NOT-FOR-US: Mitsubishi
CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...)
NOT-FOR-US: Softing Industrial Automation
-CVE-2020-14521
- RESERVED
+CVE-2020-14521 (Multiple Mitsubishi Electric Factory Automation engineering software p ...)
+ NOT-FOR-US: Mitsubishi
CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...)
NOT-FOR-US: Inductive Automation Ignition
CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...)
@@ -38132,6 +38241,8 @@ CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the
NOT-FOR-US: Foxit Reader
CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...)
- cacti 1.2.19+ds1-1
+ [bullseye] - cacti <no-dsa> (Minor issue)
+ [buster] - cacti <no-dsa> (Minor issue)
[stretch] - cacti <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Cacti/cacti/pull/4261
NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18)
@@ -38265,6 +38376,8 @@ CVE-2020-14394 [infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c]
[buster] - qemu <postponed> (Minor issue)
[stretch] - qemu <postponed> (Minor issue, privileged local DoS, low CVSS, no patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/646
+ NOTE: No upstream patch as of 2022-01-28
CVE-2020-14393 (A buffer overflow was found in perl-DBI &lt; 1.643 in DBI.xs. A local ...)
{DLA-2386-1}
- libdbi-perl 1.643-1
@@ -38574,10 +38687,12 @@ CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Se
CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...)
NOT-FOR-US: Ansible Tower
CVE-2020-14326 (A vulnerability was found in RESTEasy, where RootNode incorrectly cach ...)
- - resteasy <undetermined>
- - resteasy3.0 <undetermined>
+ - resteasy <not-affected> (Vulnerable code introduced later)
+ - resteasy3.0 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826
NOTE: https://issues.redhat.com/browse/RESTEASY-2643
+ NOTE: https://issues.redhat.com/browse/RESTEASY-2646
+ NOTE: Introduced by: https://github.com/resteasy/Resteasy/commit/f948c45f4ebe00531f858e289d17664bc2edd496 (4.2.0.Final)
CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...)
@@ -39115,14 +39230,14 @@ CVE-2020-14112
RESERVED
CVE-2020-14111
RESERVED
-CVE-2020-14110
- RESERVED
+CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...)
+ NOT-FOR-US: AX3600 router
CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...)
NOT-FOR-US: Xiaomi
CVE-2020-14108
RESERVED
-CVE-2020-14107
- RESERVED
+CVE-2020-14107 (A stack overflow in the HTTP server of Cast can be exploited to make t ...)
+ NOT-FOR-US: Xiaomi
CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...)
NOT-FOR-US: Xiaomi
CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...)
@@ -39695,7 +39810,7 @@ CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS
CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...)
NOT-FOR-US: Pengutronix Barebox
CVE-2020-13909 (The Ignition component before 2.0.5 for Laravel mishandles globals, _g ...)
- NOT-FOR-US: Laravel
+ NOT-FOR-US: Laravel Ignition component
CVE-2020-13908
RESERVED
CVE-2020-13907
@@ -39864,12 +39979,15 @@ CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote
NOTE: https://github.com/pupnp/pupnp/issues/177
NOTE: https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
CVE-2020-13847 (Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Chec ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
- singularity-container <unfixed> (bug #965040)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
CVE-2020-13846 (Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a S ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
- singularity-container <unfixed> (bug #965040)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92
CVE-2020-13845 (Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integ ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
- singularity-container <unfixed> (bug #965040)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c
CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past ...)
@@ -39974,7 +40092,7 @@ CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.
CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
NOT-FOR-US: Foxit Reader
CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...)
- - rebar3 <itp> (bug #824773)
+ - rebar3 <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/erlang/rebar3/pull/2302
NOTE: https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2
CVE-2020-13801
@@ -40133,85 +40251,85 @@ CVE-2020-13753 (The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.2
- wpewebkit 2.28.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-13752
- RESERVED
+ REJECTED
CVE-2020-13751
- RESERVED
+ REJECTED
CVE-2020-13750
- RESERVED
+ REJECTED
CVE-2020-13749
- RESERVED
+ REJECTED
CVE-2020-13748
- RESERVED
+ REJECTED
CVE-2020-13747
- RESERVED
+ REJECTED
CVE-2020-13746
- RESERVED
+ REJECTED
CVE-2020-13745
- RESERVED
+ REJECTED
CVE-2020-13744
- RESERVED
+ REJECTED
CVE-2020-13743
- RESERVED
+ REJECTED
CVE-2020-13742
- RESERVED
+ REJECTED
CVE-2020-13741
- RESERVED
+ REJECTED
CVE-2020-13740
- RESERVED
+ REJECTED
CVE-2020-13739
- RESERVED
+ REJECTED
CVE-2020-13738
- RESERVED
+ REJECTED
CVE-2020-13737
- RESERVED
+ REJECTED
CVE-2020-13736
- RESERVED
+ REJECTED
CVE-2020-13735
- RESERVED
+ REJECTED
CVE-2020-13734
- RESERVED
+ REJECTED
CVE-2020-13733
- RESERVED
+ REJECTED
CVE-2020-13732
- RESERVED
+ REJECTED
CVE-2020-13731
- RESERVED
+ REJECTED
CVE-2020-13730
- RESERVED
+ REJECTED
CVE-2020-13729
- RESERVED
+ REJECTED
CVE-2020-13728
- RESERVED
+ REJECTED
CVE-2020-13727
- RESERVED
+ REJECTED
CVE-2020-13726
- RESERVED
+ REJECTED
CVE-2020-13725
- RESERVED
+ REJECTED
CVE-2020-13724
- RESERVED
+ REJECTED
CVE-2020-13723
- RESERVED
+ REJECTED
CVE-2020-13722
- RESERVED
+ REJECTED
CVE-2020-13721
- RESERVED
+ REJECTED
CVE-2020-13720
- RESERVED
+ REJECTED
CVE-2020-13719
- RESERVED
+ REJECTED
CVE-2020-13718
- RESERVED
+ REJECTED
CVE-2020-13717
- RESERVED
+ REJECTED
CVE-2020-13716
- RESERVED
+ REJECTED
CVE-2020-13715
- RESERVED
+ REJECTED
CVE-2020-13714
- RESERVED
+ REJECTED
CVE-2020-13713
- RESERVED
+ REJECTED
CVE-2020-13712
RESERVED
CVE-2020-13711
@@ -40301,27 +40419,27 @@ CVE-2020-13679
RESERVED
CVE-2020-13678
RESERVED
-CVE-2020-13677
- RESERVED
-CVE-2020-13676
- RESERVED
-CVE-2020-13675
- RESERVED
-CVE-2020-13674
- RESERVED
-CVE-2020-13673
- RESERVED
+CVE-2020-13677 (Under some circumstances, the Drupal core JSON:API module does not pro ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13676 (The QuickEdit module does not properly check access to fields in some ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13675 (Drupal's JSON:API and REST/File modules allow file uploads through the ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13674 (The QuickEdit module does not properly validate access to routes, whic ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13673 (The Entity Embed module provides a filter to allow embedding entities ...)
+ NOT-FOR-US: Drupal Entity Embed module
CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...)
{DLA-2458-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-012
NOTE: https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84
-CVE-2020-13670
- RESERVED
-CVE-2020-13669
- RESERVED
-CVE-2020-13668
- RESERVED
+CVE-2020-13670 (Information Disclosure vulnerability in file module of Drupal Core all ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13669 (Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core al ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13668 (Access Bypass vulnerability in Drupal Core allows for an attacker to l ...)
+ NOT-FOR-US: Drupal 8.x
CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...)
NOT-FOR-US: Drupal 8.x
CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)
@@ -41741,165 +41859,165 @@ CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute
CVE-2020-13090
RESERVED
CVE-2020-13089
- RESERVED
+ REJECTED
CVE-2020-13088
- RESERVED
+ REJECTED
CVE-2020-13087
- RESERVED
+ REJECTED
CVE-2020-13086
- RESERVED
+ REJECTED
CVE-2020-13085
- RESERVED
+ REJECTED
CVE-2020-13084
- RESERVED
+ REJECTED
CVE-2020-13083
- RESERVED
+ REJECTED
CVE-2020-13082
- RESERVED
+ REJECTED
CVE-2020-13081
- RESERVED
+ REJECTED
CVE-2020-13080
- RESERVED
+ REJECTED
CVE-2020-13079
- RESERVED
+ REJECTED
CVE-2020-13078
- RESERVED
+ REJECTED
CVE-2020-13077
- RESERVED
+ REJECTED
CVE-2020-13076
- RESERVED
+ REJECTED
CVE-2020-13075
- RESERVED
+ REJECTED
CVE-2020-13074
- RESERVED
+ REJECTED
CVE-2020-13073
- RESERVED
+ REJECTED
CVE-2020-13072
- RESERVED
+ REJECTED
CVE-2020-13071
- RESERVED
+ REJECTED
CVE-2020-13070
- RESERVED
+ REJECTED
CVE-2020-13069
- RESERVED
+ REJECTED
CVE-2020-13068
- RESERVED
+ REJECTED
CVE-2020-13067
- RESERVED
+ REJECTED
CVE-2020-13066
- RESERVED
+ REJECTED
CVE-2020-13065
- RESERVED
+ REJECTED
CVE-2020-13064
- RESERVED
+ REJECTED
CVE-2020-13063
- RESERVED
+ REJECTED
CVE-2020-13062
- RESERVED
+ REJECTED
CVE-2020-13061
- RESERVED
+ REJECTED
CVE-2020-13060
- RESERVED
+ REJECTED
CVE-2020-13059
- RESERVED
+ REJECTED
CVE-2020-13058
- RESERVED
+ REJECTED
CVE-2020-13057
- RESERVED
+ REJECTED
CVE-2020-13056
- RESERVED
+ REJECTED
CVE-2020-13055
- RESERVED
+ REJECTED
CVE-2020-13054
- RESERVED
+ REJECTED
CVE-2020-13053
- RESERVED
+ REJECTED
CVE-2020-13052
- RESERVED
+ REJECTED
CVE-2020-13051
- RESERVED
+ REJECTED
CVE-2020-13050
- RESERVED
+ REJECTED
CVE-2020-13049
- RESERVED
+ REJECTED
CVE-2020-13048
- RESERVED
+ REJECTED
CVE-2020-13047
- RESERVED
+ REJECTED
CVE-2020-13046
- RESERVED
+ REJECTED
CVE-2020-13045
- RESERVED
+ REJECTED
CVE-2020-13044
- RESERVED
+ REJECTED
CVE-2020-13043
- RESERVED
+ REJECTED
CVE-2020-13042
- RESERVED
+ REJECTED
CVE-2020-13041
- RESERVED
+ REJECTED
CVE-2020-13040
- RESERVED
+ REJECTED
CVE-2020-13039
- RESERVED
+ REJECTED
CVE-2020-13038
- RESERVED
+ REJECTED
CVE-2020-13037
- RESERVED
+ REJECTED
CVE-2020-13036
- RESERVED
+ REJECTED
CVE-2020-13035
- RESERVED
+ REJECTED
CVE-2020-13034
- RESERVED
+ REJECTED
CVE-2020-13033
- RESERVED
+ REJECTED
CVE-2020-13032
- RESERVED
+ REJECTED
CVE-2020-13031
- RESERVED
+ REJECTED
CVE-2020-13030
- RESERVED
+ REJECTED
CVE-2020-13029
- RESERVED
+ REJECTED
CVE-2020-13028
- RESERVED
+ REJECTED
CVE-2020-13027
- RESERVED
+ REJECTED
CVE-2020-13026
- RESERVED
+ REJECTED
CVE-2020-13025
- RESERVED
+ REJECTED
CVE-2020-13024
- RESERVED
+ REJECTED
CVE-2020-13023
- RESERVED
+ REJECTED
CVE-2020-13022
- RESERVED
+ REJECTED
CVE-2020-13021
- RESERVED
+ REJECTED
CVE-2020-13020
- RESERVED
+ REJECTED
CVE-2020-13019
- RESERVED
+ REJECTED
CVE-2020-13018
- RESERVED
+ REJECTED
CVE-2020-13017
- RESERVED
+ REJECTED
CVE-2020-13016
- RESERVED
+ REJECTED
CVE-2020-13015
- RESERVED
+ REJECTED
CVE-2020-13014
- RESERVED
+ REJECTED
CVE-2020-13013
- RESERVED
+ REJECTED
CVE-2020-13012
- RESERVED
+ REJECTED
CVE-2020-13011
- RESERVED
+ REJECTED
CVE-2020-13010
- RESERVED
+ REJECTED
CVE-2020-13009
REJECTED
CVE-2020-13008
@@ -41942,24 +42060,24 @@ CVE-2020-12990
REJECTED
CVE-2020-12989
REJECTED
-CVE-2020-12988
- REJECTED
-CVE-2020-12987
- REJECTED
-CVE-2020-12986
- REJECTED
-CVE-2020-12985
- REJECTED
+CVE-2020-12988 (A potential denial of service (DoS) vulnerability exists in the integr ...)
+ NOT-FOR-US: AMD
+CVE-2020-12987 (A heap information leak/kernel pool address disclosure vulnerability i ...)
+ NOT-FOR-US: AMD
+CVE-2020-12986 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
+ NOT-FOR-US: AMD
+CVE-2020-12985 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
+ NOT-FOR-US: AMD
CVE-2020-12984
REJECTED
-CVE-2020-12983
- REJECTED
-CVE-2020-12982
- REJECTED
-CVE-2020-12981
- REJECTED
-CVE-2020-12980
- REJECTED
+CVE-2020-12983 (An out of bounds write vulnerability in the AMD Graphics Driver for Wi ...)
+ NOT-FOR-US: AMD
+CVE-2020-12982 (An invalid object pointer free vulnerability in the AMD Graphics Drive ...)
+ NOT-FOR-US: AMD
+CVE-2020-12981 (An insufficient input validation in the AMD Graphics Driver for Window ...)
+ NOT-FOR-US: AMD
+CVE-2020-12980 (An out of bounds write and read vulnerability in the AMD Graphics Driv ...)
+ NOT-FOR-US: AMD
CVE-2020-12979
REJECTED
CVE-2020-12978
@@ -41986,10 +42104,10 @@ CVE-2020-12968
REJECTED
CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...)
NOT-FOR-US: AMD
-CVE-2020-12966
- RESERVED
-CVE-2020-12965
- RESERVED
+CVE-2020-12966 (AMD EPYC&#8482; Processors contain an information disclosure vulnerabi ...)
+ NOT-FOR-US: AMD
+CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may transient ...)
+ NOT-FOR-US: AMD
CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
@@ -42003,55 +42121,55 @@ CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly
CVE-2020-12959
REJECTED
CVE-2020-12958
- RESERVED
+ REJECTED
CVE-2020-12957
REJECTED
CVE-2020-12956
- RESERVED
+ REJECTED
CVE-2020-12955
- RESERVED
+ REJECTED
CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...)
NOT-FOR-US: AMD
CVE-2020-12953
- RESERVED
+ REJECTED
CVE-2020-12952
- RESERVED
+ REJECTED
CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...)
NOT-FOR-US: AMD
CVE-2020-12950
- RESERVED
+ REJECTED
CVE-2020-12949
- RESERVED
+ REJECTED
CVE-2020-12948
- RESERVED
+ REJECTED
CVE-2020-12947
- RESERVED
+ REJECTED
CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...)
NOT-FOR-US: AMD
CVE-2020-12945
- RESERVED
+ REJECTED
CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...)
NOT-FOR-US: AMD
CVE-2020-12943
- RESERVED
+ REJECTED
CVE-2020-12942
- RESERVED
+ REJECTED
CVE-2020-12941
REJECTED
CVE-2020-12940
RESERVED
CVE-2020-12939
- RESERVED
+ REJECTED
CVE-2020-12938
- RESERVED
+ REJECTED
CVE-2020-12937
- RESERVED
+ REJECTED
CVE-2020-12936
REJECTED
CVE-2020-12935
REJECTED
CVE-2020-12934
- RESERVED
+ REJECTED
CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape handler f ...)
NOT-FOR-US: AMD ATIKMDAG.SYS
CVE-2020-12932
@@ -42083,7 +42201,7 @@ CVE-2020-12920 (A potential denial of service issue exists in the AMD Display dr
CVE-2020-12919
REJECTED
CVE-2020-12918
- RESERVED
+ REJECTED
CVE-2020-12917
REJECTED
CVE-2020-12916
@@ -42109,9 +42227,9 @@ CVE-2020-12910
CVE-2020-12909
REJECTED
CVE-2020-12908
- RESERVED
+ REJECTED
CVE-2020-12907
- RESERVED
+ REJECTED
CVE-2020-12906
REJECTED
CVE-2020-12905 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...)
@@ -42142,11 +42260,10 @@ CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in E
NOT-FOR-US: Intel / AMD
CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...)
NOT-FOR-US: Intel / AMD
-CVE-2020-12891
- RESERVED
+CVE-2020-12891 (AMD Radeon Software may be vulnerable to DLL Hijacking through path va ...)
+ NOT-FOR-US: AMD
+CVE-2020-12890 (Improper handling of pointers in the System Management Mode (SMM) hand ...)
NOT-FOR-US: AMD
-CVE-2020-12890
- RESERVED
CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
NOT-FOR-US: MISP
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
@@ -42550,7 +42667,7 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer over
[jessie] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...)
- zulip-server <itp> (bug #800052)
CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...)
@@ -42715,10 +42832,9 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
CVE-2020-12694
RESERVED
CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)
- {DSA-4841-1}
+ {DSA-4841-1 DLA-2886-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
- slurm-llnl <removed> (bug #961406)
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
[jessie] - slurm-llnl <not-affected> (Message Aggregation added in 14.11)
NOTE: https://www.schedmd.com/news.php?id=236
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html
@@ -42791,10 +42907,9 @@ CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and
NOTE: https://bugs.launchpad.net/keystone/+bug/1872735
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...)
- {DLA-2236-1}
+ {DLA-2902-1 DLA-2236-1}
- graphicsmagick 1.4+really1.3.35-2 (bug #960000)
[buster] - graphicsmagick <postponed> (Minor issue; can be fixed along in future DSA)
- [stretch] - graphicsmagick <postponed> (Minor issue; can be fixed along in future DSA)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025
NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/
CVE-2020-12671
@@ -44190,8 +44305,8 @@ CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machi
NOT-FOR-US: EdgeConnect
CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier ...)
NOT-FOR-US: SNMP stack in Contiki-NG
-CVE-2020-12140
- RESERVED
+CVE-2020-12140 (A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Co ...)
+ NOT-FOR-US: Contiki-NG
CVE-2020-12139
RESERVED
CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...)
@@ -44581,7 +44696,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue
NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This
NOTE: CVE is closely related to CVE-2020-1957.
-CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...)
+CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...)
- xmlgraphics-commons 2.4-2 (bug #984949)
[bullseye] - xmlgraphics-commons 2.4-2~deb11u1
[buster] - xmlgraphics-commons 2.3-1+deb10u1
@@ -44856,7 +44971,7 @@ CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names
CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...)
NOT-FOR-US: svg2png
CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...)
@@ -45330,12 +45445,16 @@ CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows
NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...)
- - libsixel <unfixed> (low; bug #972641)
+ - libsixel 1.10.3-1 (low; bug #972641)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/134
+ NOTE: https://github.com/libsixel/libsixel/issues/9
+ NOTE: https://github.com/libsixel/libsixel/pull/10
+ NOTE: https://github.com/libsixel/libsixel/commit/e71aacc97b5f756948b13c1228877d29395c7b55 (v1.9.0)
+ NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork
CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
NOT-FOR-US: Programi Bilanc
CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
@@ -45508,12 +45627,10 @@ CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 30
{DSA-4676-2 DSA-4676-1 DLA-2223-1}
- salt 3000.2+dfsg1-1 (bug #959684)
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
- NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
- NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583
- NOTE: There is a typo in the whitelisted methods on AESFuncs:
- NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
- NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016
- NOTE: https://github.com/saltstack/salt/issues/57027
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 (v3000.2)
+ NOTE: Regression: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/cea28c850f7562fd3b869a1bbcc95050ab19e0f1 (v3000.3)
+ NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/04/14/
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
NOT-FOR-US: FreeNAS
CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)
@@ -45733,11 +45850,13 @@ CVE-2020-11559
RESERVED
CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...)
- gpac 1.0.1+dfsg1-2 (bug #972053)
- [buster] - gpac <no-dsa> (Minor issue)
- [stretch] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible)
- NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
NOTE: https://github.com/gpac/gpac/issues/1440
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/3f1564c43825e052a5d53cbb4c8a242abdf603b4 (v0.9.0-preview)
+ NOTE: and https://github.com/gpac/gpac/commit/526bc968451e1ec83386c93f2c1f5a74ac65e649 (v0.9.0-preview)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c (v0.9.0-preview~20)
CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
@@ -46079,213 +46198,213 @@ CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x
CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...)
NOT-FOR-US: Progress Telerik UI
CVE-2020-11413
- RESERVED
+ REJECTED
CVE-2020-11412
- RESERVED
+ REJECTED
CVE-2020-11411
- RESERVED
+ REJECTED
CVE-2020-11410
- RESERVED
+ REJECTED
CVE-2020-11409
- RESERVED
+ REJECTED
CVE-2020-11408
- RESERVED
+ REJECTED
CVE-2020-11407
- RESERVED
+ REJECTED
CVE-2020-11406
- RESERVED
+ REJECTED
CVE-2020-11405
- RESERVED
+ REJECTED
CVE-2020-11404
- RESERVED
+ REJECTED
CVE-2020-11403
- RESERVED
+ REJECTED
CVE-2020-11402
- RESERVED
+ REJECTED
CVE-2020-11401
- RESERVED
+ REJECTED
CVE-2020-11400
- RESERVED
+ REJECTED
CVE-2020-11399
- RESERVED
+ REJECTED
CVE-2020-11398
- RESERVED
+ REJECTED
CVE-2020-11397
- RESERVED
+ REJECTED
CVE-2020-11396
- RESERVED
+ REJECTED
CVE-2020-11395
- RESERVED
+ REJECTED
CVE-2020-11394
- RESERVED
+ REJECTED
CVE-2020-11393
- RESERVED
+ REJECTED
CVE-2020-11392
- RESERVED
+ REJECTED
CVE-2020-11391
- RESERVED
+ REJECTED
CVE-2020-11390
- RESERVED
+ REJECTED
CVE-2020-11389
- RESERVED
+ REJECTED
CVE-2020-11388
- RESERVED
+ REJECTED
CVE-2020-11387
- RESERVED
+ REJECTED
CVE-2020-11386
- RESERVED
+ REJECTED
CVE-2020-11385
- RESERVED
+ REJECTED
CVE-2020-11384
- RESERVED
+ REJECTED
CVE-2020-11383
- RESERVED
+ REJECTED
CVE-2020-11382
- RESERVED
+ REJECTED
CVE-2020-11381
- RESERVED
+ REJECTED
CVE-2020-11380
- RESERVED
+ REJECTED
CVE-2020-11379
- RESERVED
+ REJECTED
CVE-2020-11378
- RESERVED
+ REJECTED
CVE-2020-11377
- RESERVED
+ REJECTED
CVE-2020-11376
- RESERVED
+ REJECTED
CVE-2020-11375
- RESERVED
+ REJECTED
CVE-2020-11374
- RESERVED
+ REJECTED
CVE-2020-11373
- RESERVED
+ REJECTED
CVE-2020-11372
- RESERVED
+ REJECTED
CVE-2020-11371
- RESERVED
+ REJECTED
CVE-2020-11370
- RESERVED
+ REJECTED
CVE-2020-11369
- RESERVED
+ REJECTED
CVE-2020-11368
- RESERVED
+ REJECTED
CVE-2020-11367
- RESERVED
+ REJECTED
CVE-2020-11366
- RESERVED
+ REJECTED
CVE-2020-11365
- RESERVED
+ REJECTED
CVE-2020-11364
- RESERVED
+ REJECTED
CVE-2020-11363
- RESERVED
+ REJECTED
CVE-2020-11362
- RESERVED
+ REJECTED
CVE-2020-11361
- RESERVED
+ REJECTED
CVE-2020-11360
- RESERVED
+ REJECTED
CVE-2020-11359
- RESERVED
+ REJECTED
CVE-2020-11358
- RESERVED
+ REJECTED
CVE-2020-11357
- RESERVED
+ REJECTED
CVE-2020-11356
- RESERVED
+ REJECTED
CVE-2020-11355
- RESERVED
+ REJECTED
CVE-2020-11354
- RESERVED
+ REJECTED
CVE-2020-11353
- RESERVED
+ REJECTED
CVE-2020-11352
- RESERVED
+ REJECTED
CVE-2020-11351
- RESERVED
+ REJECTED
CVE-2020-11350
- RESERVED
+ REJECTED
CVE-2020-11349
- RESERVED
+ REJECTED
CVE-2020-11348
- RESERVED
+ REJECTED
CVE-2020-11347
- RESERVED
+ REJECTED
CVE-2020-11346
- RESERVED
+ REJECTED
CVE-2020-11345
- RESERVED
+ REJECTED
CVE-2020-11344
- RESERVED
+ REJECTED
CVE-2020-11343
- RESERVED
+ REJECTED
CVE-2020-11342
- RESERVED
+ REJECTED
CVE-2020-11341
- RESERVED
+ REJECTED
CVE-2020-11340
- RESERVED
+ REJECTED
CVE-2020-11339
- RESERVED
+ REJECTED
CVE-2020-11338
- RESERVED
+ REJECTED
CVE-2020-11337
- RESERVED
+ REJECTED
CVE-2020-11336
- RESERVED
+ REJECTED
CVE-2020-11335
- RESERVED
+ REJECTED
CVE-2020-11334
- RESERVED
+ REJECTED
CVE-2020-11333
- RESERVED
+ REJECTED
CVE-2020-11332
- RESERVED
+ REJECTED
CVE-2020-11331
- RESERVED
+ REJECTED
CVE-2020-11330
- RESERVED
+ REJECTED
CVE-2020-11329
- RESERVED
+ REJECTED
CVE-2020-11328
- RESERVED
+ REJECTED
CVE-2020-11327
- RESERVED
+ REJECTED
CVE-2020-11326
- RESERVED
+ REJECTED
CVE-2020-11325
- RESERVED
+ REJECTED
CVE-2020-11324
- RESERVED
+ REJECTED
CVE-2020-11323
- RESERVED
+ REJECTED
CVE-2020-11322
- RESERVED
+ REJECTED
CVE-2020-11321
- RESERVED
+ REJECTED
CVE-2020-11320
- RESERVED
+ REJECTED
CVE-2020-11319
- RESERVED
+ REJECTED
CVE-2020-11318
- RESERVED
+ REJECTED
CVE-2020-11317
- RESERVED
+ REJECTED
CVE-2020-11316
- RESERVED
+ REJECTED
CVE-2020-11315
- RESERVED
+ REJECTED
CVE-2020-11314
- RESERVED
+ REJECTED
CVE-2020-11313
- RESERVED
+ REJECTED
CVE-2020-11312
- RESERVED
+ REJECTED
CVE-2020-11311
RESERVED
CVE-2020-11310
- RESERVED
+ REJECTED
CVE-2020-11309 (Use after free in GPU driver while mapping the user memory to GPU memo ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11308 (Buffer overflow occurs when trying to convert ASCII string to Unicode ...)
@@ -46301,11 +46420,11 @@ CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer length
CVE-2020-11303 (Accepting AMSDU frames with mismatched destination and source address ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11302
- RESERVED
+ REJECTED
CVE-2020-11301 (Improper authentication of un-encrypted plaintext Wi-Fi frames in an e ...)
NOT-FOR-US: Qualcomm WIGIG chipsets
CVE-2020-11300
- RESERVED
+ REJECTED
CVE-2020-11299 (Buffer overflow can occur in video while playing the non-standard clip ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11298 (While waiting for a response to a callback or listener request, non-se ...)
@@ -46378,8 +46497,8 @@ CVE-2020-11265 (Information disclosure issue due to lack of validation of pointe
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11264 (Improper authentication of Non-EAPOL/WAPI plaintext frames during four ...)
NOT-FOR-US: Qualcomm WLAN Windows Host
-CVE-2020-11263
- RESERVED
+CVE-2020-11263 (An integer overflow due to improper check performed after the address ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11262 (A race between command submission and destroying the context can cause ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11261 (Memory corruption due to improper check to return error when user appl ...)
@@ -46888,7 +47007,7 @@ CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8
{DLA-2353-1}
- bacula 9.6.5-1
[buster] - bacula 9.4.2-2+deb10u1
- - bareos <unfixed> (bug #968957)
+ - bareos <removed> (bug #968957)
[buster] - bareos <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - bareos <no-dsa> (minor issue, low priority)
NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
@@ -48060,6 +48179,7 @@ CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's
NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
CVE-2020-10710
RESERVED
+ NOT-FOR-US: foreman-installer
CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...)
- ansible-awx <itp> (bug #908763)
NOTE: https://github.com/ansible/awx/issues/6630
@@ -48157,6 +48277,8 @@ CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versi
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
NOTE: https://github.com/quarkusio/quarkus/issues/7248
NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
+ NOTE: https://github.com/resteasy/Resteasy/pull/2320
+ NOTE: https://github.com/resteasy/Resteasy/commit/3fe881cf945c06bdb16895fbc73bc620694d2ba7 (4.6.0.Final)
CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...)
- undertow 2.2.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
@@ -48176,8 +48298,6 @@ CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine vers
CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...)
{DSA-4950-1}
- ansible 2.9.7+dfsg-1
- [stretch] - ansible <not-affected> (Vulnerable code introduced later, 'ansible_facts' variable not exposed)
- [jessie] - ansible <not-affected> (Vulnerable code introduced later, 'ansible_facts' variable not exposed)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
NOTE: https://github.com/ansible/ansible/pull/68431
NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
@@ -48333,8 +48453,8 @@ CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML in
NOT-FOR-US: WebAccess/NMS
CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
NOT-FOR-US: ControlEdge PLC
-CVE-2020-10627
- RESERVED
+CVE-2020-10627 (Insulet Omnipod Insulin Management System insulin pump product ID 1919 ...)
+ NOT-FOR-US: Insulet Omnipod Insulin Management System
CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...)
NOT-FOR-US: Fazecast jSerialComm
CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
@@ -49407,8 +49527,8 @@ CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that speci
NOT-FOR-US: Acronis
CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...)
NOT-FOR-US: Acronis
-CVE-2020-10137
- RESERVED
+CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do n ...)
+ NOT-FOR-US: Z-Wave devices
CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...)
NOT-FOR-US: Cisco
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
@@ -49464,17 +49584,15 @@ CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Incons
CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...)
NOT-FOR-US: Citrix
CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
- {DLA-2145-1}
+ {DLA-2927-1 DLA-2145-1}
- twisted 18.9.0-7 (bug #953950)
[buster] - twisted <no-dsa> (Minor issue)
- [stretch] - twisted <no-dsa> (Minor issue)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
- {DLA-2145-1}
+ {DLA-2927-1 DLA-2145-1}
- twisted 18.9.0-7 (bug #953950)
[buster] - twisted <no-dsa> (Minor issue)
- [stretch] - twisted <no-dsa> (Minor issue)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
@@ -50906,9 +51024,9 @@ CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in
[jessie] - tika <ignored> (the fix is too invasive to backport)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...)
+ {DLA-2852-1}
- apache-log4j2 2.13.3-1 (bug #959450)
- [buster] - apache-log4j2 <no-dsa> (Minor issue)
- [stretch] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
+ [buster] - apache-log4j2 2.15.0-1~deb10u1
[jessie] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1
NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819
@@ -51241,10 +51359,9 @@ CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows loca
CVE-2020-9360
RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
- {DLA-2159-1}
+ {DLA-2856-1 DLA-2159-1}
- okular 4:19.12.3-2 (bug #954891)
[buster] - okular 4:17.12.2-2.2+deb10u1
- [stretch] - okular <no-dsa> (Minor issue)
NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
NOTE: https://kde.org/info/security/advisory-20200312-1.txt
NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC)
@@ -51891,16 +52008,16 @@ CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not au
NOT-FOR-US: NCR SelfServ ATMs
CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...)
NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
-CVE-2020-9061
- RESERVED
-CVE-2020-9060
- RESERVED
-CVE-2020-9059
- RESERVED
-CVE-2020-9058
- RESERVED
-CVE-2020-9057
- RESERVED
+CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets, includi ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using S2, inc ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using S0 auth ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets ...)
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...)
NOT-FOR-US: Periscope BuySpeed
CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)
@@ -52091,8 +52208,8 @@ CVE-2020-8970
RESERVED
CVE-2020-8969
RESERVED
-CVE-2020-8968
- RESERVED
+CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...)
+ NOT-FOR-US: Parallels Remote Application Server (RAS)
CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
NOT-FOR-US: GESIO
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
@@ -52167,8 +52284,8 @@ CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up
CVE-2020-8934
RESERVED
CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- - google-compute-image-packages <unfixed> (bug #987353)
- [buster] - google-compute-image-packages <no-dsa> (Minor issue)
+ - google-compute-image-packages <removed> (bug #987353)
+ [buster] - google-compute-image-packages <ignored> (Minor issue)
NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8932
@@ -52224,8 +52341,8 @@ CVE-2020-8909
CVE-2020-8908 (A temp directory creation vulnerability exists in all versions of Guav ...)
NOT-FOR-US: Google Guava
CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- - google-compute-image-packages <unfixed> (bug #987353)
- [buster] - google-compute-image-packages <no-dsa> (Minor issue)
+ - google-compute-image-packages <removed> (bug #987353)
+ [buster] - google-compute-image-packages <ignored> (Minor issue)
NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8906
@@ -52235,8 +52352,8 @@ CVE-2020-8905 (A buffer length validation vulnerability in Asylo versions prior
CVE-2020-8904 (An arbitrary memory overwrite vulnerability in the trusted memory of A ...)
NOT-FOR-US: Asylo
CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- - google-compute-image-packages <unfixed> (bug #987353)
- [buster] - google-compute-image-packages <no-dsa> (Minor issue)
+ - google-compute-image-packages <removed> (bug #987353)
+ [buster] - google-compute-image-packages <ignored> (Minor issue)
NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a Server-Sid ...)
@@ -53085,8 +53202,7 @@ CVE-2020-8563 (In Kubernetes clusters using VSphere as a cloud provider, with a
NOTE: https://github.com/kubernetes/kubernetes/pull/95236
NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
NOTE: https://github.com/kubernetes/kubernetes/issues/95621
-CVE-2020-8562
- RESERVED
+CVE-2020-8562 (As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes att ...)
- kubernetes <unfixed> (bug #990793)
[bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
@@ -53268,7 +53384,7 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
[jessie] - python3.4 <postponed> (Minor issue)
- python2.7 2.7.18-2 (low; bug #970099)
[buster] - python2.7 <no-dsa> (Minor issue)
- [stretch] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 <ignored> (Too destructive to backport. Though the patch is partly ready. https://salsa.debian.org/lts-team/packages/python2.7/-/blob/master/debian/patches/CVE-2020-8492.patch)
[jessie] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39503
NOTE: https://github.com/python/cpython/pull/18284
@@ -53838,8 +53954,8 @@ CVE-2020-8244 (A buffer over-read vulnerability exists in bl &lt;4.0.3, &lt;3.0.
NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
CVE-2020-8243 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin web int ...)
NOT-FOR-US: Pulse Connect Secure
-CVE-2020-8242
- RESERVED
+CVE-2020-8242 (Unsanitized user input in ExpressionEngine &lt;= 5.4.0 control panel m ...)
+ NOT-FOR-US: ExpressionEngine
CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 could al ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 allows a ...)
@@ -54222,12 +54338,12 @@ CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that re
NOT-FOR-US: Bitdefender
CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
NOT-FOR-US: Bitdefender
-CVE-2020-8107
- RESERVED
+CVE-2020-8107 (A Process Control vulnerability in ProductAgentUI.exe as used in Bitde ...)
+ NOT-FOR-US: Bitdefender
CVE-2020-8106
REJECTED
-CVE-2020-8105
- RESERVED
+CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...)
+ NOT-FOR-US: Abode iota All-In-One Security Kit
CVE-2020-8104
RESERVED
CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
@@ -54759,18 +54875,18 @@ CVE-2020-7885
RESERVED
CVE-2020-7884
RESERVED
-CVE-2020-7883
- RESERVED
+CVE-2020-7883 (Printchaser v2.2021.804.1 and earlier versions contain a vulnerability ...)
+ NOT-FOR-US: Printchaser
CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...)
NOT-FOR-US: anySign
CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...)
NOT-FOR-US: AfreecaTV
-CVE-2020-7880
- RESERVED
-CVE-2020-7879
- RESERVED
-CVE-2020-7878
- RESERVED
+CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...)
+ NOT-FOR-US: duozone NeoRS remote support
+CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...)
+ NOT-FOR-US: ipTIME C200 IP Camera
+CVE-2020-7878 (An arbitrary file download and execution vulnerability was found in th ...)
+ NOT-FOR-US: VideoOffice
CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...)
NOT-FOR-US: ZOOK
CVE-2020-7876
@@ -55139,10 +55255,11 @@ CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to P
CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...)
NOT-FOR-US: Node json
CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...)
- - golang-github-russellhaering-goxmldsig <unfixed> (bug #968928)
+ - golang-github-russellhaering-goxmldsig 1.1.1-1 (bug #968928)
[bullseye] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
[buster] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
NOTE: https://github.com/russellhaering/goxmldsig/issues/48
+ NOTE: https://github.com/russellhaering/goxmldsig/commit/fb23e0af61c023e3a6dae8ad30dbd0f04d8a4d8f
CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...)
NOT-FOR-US: Node safe-eval
CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...)
@@ -55540,8 +55657,8 @@ CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vu
NOT-FOR-US: Modicon
CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
NOT-FOR-US: Modicon
-CVE-2020-7534
- RESERVED
+CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on t ...)
+ NOT-FOR-US: Schneider Electric
CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
NOT-FOR-US: Modicon
CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
@@ -56953,18 +57070,18 @@ CVE-2020-6924
RESERVED
CVE-2020-6923
RESERVED
-CVE-2020-6922
- RESERVED
-CVE-2020-6921
- RESERVED
-CVE-2020-6920
- RESERVED
-CVE-2020-6919
- RESERVED
-CVE-2020-6918
- RESERVED
-CVE-2020-6917
- RESERVED
+CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6920 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6919 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6918 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6917 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
CVE-2020-6916
RESERVED
CVE-2020-6915
@@ -59381,7 +59498,7 @@ CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
-CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...)
+CVE-2020-6061 (An exploitable heap out-of-bounds read vulnerability exists in the way ...)
{DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
@@ -59627,14 +59744,14 @@ CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
NOT-FOR-US: Nvidia driver for Windows
-CVE-2020-5956
- RESERVED
+CVE-2020-5956 (An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...)
NOT-FOR-US: Int15MicrocodeSmm
CVE-2020-5954
RESERVED
-CVE-2020-5953
- RESERVED
+CVE-2020-5953 (A vulnerability exists in System Management Interrupt (SWSMI) handler ...)
+ NOT-FOR-US: Insyde
CVE-2020-5952
RESERVED
CVE-2020-5951
@@ -60189,7 +60306,7 @@ CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and
NOT-FOR-US: GROWI
CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information ...)
NOT-FOR-US: GROWI
-CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD ...)
+CVE-2020-5675 (Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT21 ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
NOT-FOR-US: SEIKO EPSON products
@@ -61180,7 +61297,7 @@ CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can
CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
NOT-FOR-US: Mailu
CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...)
- - cmark-gfm <unfixed> (bug #965984)
+ - cmark-gfm 0.29.0.gfm.2-1 (bug #965984)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #965983)
@@ -61966,16 +62083,16 @@ CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtai
NOT-FOR-US: IBM
CVE-2020-4880
RESERVED
-CVE-2020-4879
- RESERVED
+CVE-2020-4879 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote ...)
+ NOT-FOR-US: IBM
CVE-2020-4878
RESERVED
-CVE-2020-4877
- RESERVED
-CVE-2020-4876
- RESERVED
-CVE-2020-4875
- RESERVED
+CVE-2020-4877 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4876 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...)
+ NOT-FOR-US: IBM
+CVE-2020-4875 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...)
+ NOT-FOR-US: IBM
CVE-2020-4874
RESERVED
CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...)
@@ -62735,8 +62852,8 @@ CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privilege
NOT-FOR-US: IBM
CVE-2020-4497
RESERVED
-CVE-2020-4496
- RESERVED
+CVE-2020-4496 (The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connect ...)
+ NOT-FOR-US: IBM
CVE-2020-4495 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
NOT-FOR-US: IBM
CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
@@ -63650,7 +63767,7 @@ CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by
CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
NOT-FOR-US: phpMussel
CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to ...)
- - bareos <unfixed> (bug #965985)
+ - bareos <removed> (bug #965985)
[buster] - bareos <ignored> (Minor issue; workaround exists; intrusive to backport to older versions)
[stretch] - bareos <no-dsa> (minor issue, low priority)
NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
@@ -63997,8 +64114,8 @@ CVE-2020-3897 (A type confusion issue was addressed with improved memory handlin
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
-CVE-2020-3896
- RESERVED
+CVE-2020-3896 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -64027,8 +64144,8 @@ CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issu
NOT-FOR-US: Apple
CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
-CVE-2020-3886
- RESERVED
+CVE-2020-3886 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -64420,21 +64537,21 @@ CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corr
CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
NOT-FOR-US: Adobe
CVE-2020-3709
- RESERVED
+ REJECTED
CVE-2020-3708
- RESERVED
+ REJECTED
CVE-2020-3707
- RESERVED
+ REJECTED
CVE-2020-3706
- RESERVED
+ REJECTED
CVE-2020-3705
- RESERVED
+ REJECTED
CVE-2020-3704 (u'While processing invalid connection request PDU which is nonstandard ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
@@ -64448,11 +64565,11 @@ CVE-2020-3699 (Possible out of bound access while processing assoc response from
CVE-2020-3698 (Out of bound write while QoS DSCP mapping due to improper input valida ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3697
- RESERVED
+ REJECTED
CVE-2020-3696 (u'Use after free while installing new security rule in ipcrtr as old o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3695
- RESERVED
+ REJECTED
CVE-2020-3694 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3693 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...)
@@ -64478,7 +64595,7 @@ CVE-2020-3684 (u'QSEE reads the access permission policy for the SMEM TOC partit
CVE-2020-3683
RESERVED
CVE-2020-3682
- RESERVED
+ REJECTED
CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remotely se ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API. ...)
@@ -64580,7 +64697,7 @@ CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check i
CVE-2020-3632 (u'Incorrect validation of ring context fetched from host memory can le ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3631
- RESERVED
+ REJECTED
CVE-2020-3630 (Possibility of out of bound access while processing the responses from ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3629 (u'Stack out of bound issue occurs when making query to DSP capabilitie ...)
@@ -64588,7 +64705,7 @@ CVE-2020-3629 (u'Stack out of bound issue occurs when making query to DSP capabi
CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
NOT-FOR-US: Snapdragon
CVE-2020-3627
- RESERVED
+ REJECTED
CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...)
NOT-FOR-US: Snapdragon
CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due ...)
@@ -69093,7 +69210,7 @@ CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adapta
CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to ...)
NOT-FOR-US: Juniper
CVE-2020-1652 (OpenNMS is accessible via port 9443 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...)
NOT-FOR-US: Juniper
CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...)
@@ -71819,7 +71936,7 @@ CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclos
NOT-FOR-US: Android Media Framework
CVE-2020-0339 (There is a possible out of bounds read due to a missing bounds check.P ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions check d ...)
+CVE-2020-0338 (In checkKeyIntent of AccountManagerService.java, there is a possible p ...)
NOT-FOR-US: Android
CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions check du ...)
NOT-FOR-US: Android
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index df53fd88b2..06406baf29 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,32 +1,6577 @@
-CVE-2021-4027
+CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...)
+ NOT-FOR-US: PreMiD
+CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
+ - libsixel <unfixed>
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/158
+CVE-2021-4222
RESERVED
-CVE-2021-4026
+CVE-2021-4221
RESERVED
-CVE-2021-4025
+CVE-2021-46699
RESERVED
-CVE-2021-44235
+CVE-2021-4220
+ REJECTED
+CVE-2021-4219
RESERVED
-CVE-2021-44234
+CVE-2021-46687
RESERVED
-CVE-2021-44233
+CVE-2021-46270
RESERVED
-CVE-2021-44232
+CVE-2021-45730
RESERVED
-CVE-2021-44231
+CVE-2021-45721
RESERVED
-CVE-2021-44230
+CVE-2021-45074
RESERVED
-CVE-2021-44229
+CVE-2021-41834
+ RESERVED
+CVE-2021-23163
+ RESERVED
+CVE-2021-22590
+ RESERVED
+CVE-2021-46681
+ RESERVED
+CVE-2021-46680
+ RESERVED
+CVE-2021-46679
+ RESERVED
+CVE-2021-46678
+ RESERVED
+CVE-2021-46677
+ RESERVED
+CVE-2021-46676
+ RESERVED
+CVE-2021-46675
+ RESERVED
+CVE-2021-46674
+ RESERVED
+CVE-2021-46673
+ RESERVED
+CVE-2021-46672
+ RESERVED
+CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...)
+ - atftp 0.7.git20210915-1 (bug #1004974)
+ [bullseye] - atftp <no-dsa> (Minor issue)
+ [buster] - atftp <no-dsa> (Minor issue)
+ [stretch] - atftp <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
+CVE-2021-46670
+ RESERVED
+CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25638
+CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25787
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an ...)
+ - mariadb-10.6 1:10.6.5-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-26350
+ NOTE: Fixed in MariaDB: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5
+CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of mishandli ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25635
+ NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
+CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash because ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25636
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in sub_select_postj ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25761
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application crash via ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-26351
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash via certa ...)
+ - mariadb-10.6 1:10.6.5-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25637
+ NOTE: https://jira.mariadb.org/browse/MDEV-22464
+ NOTE: Fixed in MariaDB: 10.3.32, 10.4.22, 10.5.13, 10.6.5
+CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field_in_ta ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25766
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-4218
+ RESERVED
+ - linux 5.8.7-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359
+ NOTE: Fixed by: https://git.kernel.org/linus/32927393dc1ccd60fb2bdc05b9e8e88753761469 (5.8-rc1)
+CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...)
+ NOT-FOR-US: Signiant Manager+Agents
+CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25631
+ NOTE: Fixed in MariaDB: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2
+CVE-2021-46658 (save_window_function_values in MariaDB before 10.6.3 allows an applica ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25630
+ NOTE: Fixed in MariaDB: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.3
+CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application crash ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25629
+ NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
+CVE-2021-4217 [Null pointer dereference in Unicode strings code]
+ RESERVED
+ - unzip <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-4216
+ RESERVED
+CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
+ NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API
+CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
+ NOT-FOR-US: Moxa
+CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...)
+ NOT-FOR-US: Moxa
+CVE-2021-4215
+ RESERVED
+CVE-2021-4214
+ RESERVED
+ - libpng1.6 <unfixed> (unimportant)
+ NOTE: https://github.com/glennrp/libpng/issues/302
+ NOTE: Crash in CLI package, not shipped in binary packages
+CVE-2021-4213
+ RESERVED
+ - jss <unfixed>
+ [bullseye] - jss <no-dsa> (Minor issue)
+ [buster] - jss <no-dsa> (Minor issue)
+ [stretch] - jss <postponed> (revisit when/if fix is complete)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
+ NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
+CVE-2021-4212
+ RESERVED
+CVE-2021-4211
+ RESERVED
+CVE-2021-4210
+ RESERVED
+CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...)
+ NOT-FOR-US: Issabel
+CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...)
+ NOT-FOR-US: Vicidial
+CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46555
+ RESERVED
+CVE-2021-46554 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46553 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46552
+ RESERVED
+CVE-2021-46551
+ RESERVED
+CVE-2021-46550 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46549 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46548 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46547 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46546 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46545 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46544 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46543 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46542 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46541 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46540 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46539 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46538 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46537 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46536
+ RESERVED
+CVE-2021-46535 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46534 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46533
+ RESERVED
+CVE-2021-46532 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46531 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46530 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46529 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46528 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46527 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46526 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46525 (Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free vi ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46524 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46523 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46522 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46521 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46520 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46519 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46518 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46517 (There is an Assertion `mjs_stack_size(&amp;mjs-&gt;scopes) &gt; 0' fai ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46516 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46515 (There is an Assertion `mjs_stack_size(&amp;mjs-&gt;scopes) &gt;= scope ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46514 (There is an Assertion 'ppos != NULL &amp;&amp; mjs_is_number(*ppos)' f ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46513 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46512 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46511 (There is an Assertion `m-&gt;len &gt;= sizeof(v)' failed at src/mjs_co ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46510 (There is an Assertion `s &lt; mjs-&gt;owned_strings.buf + mjs-&gt;owne ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46509 (Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snq ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46508 (There is an Assertion `i &lt; parts_cnt' failed at src/mjs_bcode.c in ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46507 (Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46506 (There is an Assertion 'v-&gt;d.lval != v' failed at src/jsiValue.c in ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46505 (Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46504 (There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5 ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46503 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46502 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46501 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortS ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46500 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_A ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46499 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46498 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_w ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46497 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_U ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46496 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_O ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46495 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Delet ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46494 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46493
+ RESERVED
+CVE-2021-46492 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Fu ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46491 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Co ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46490 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Number ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46489 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_D ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46488 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46487 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46486 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46485 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Va ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46484 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_I ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46479
+ RESERVED
+CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46476
+ RESERVED
+CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46473
+ RESERVED
+CVE-2021-46472
+ RESERVED
+CVE-2021-46471
+ RESERVED
+CVE-2021-46470
+ RESERVED
+CVE-2021-46469
+ RESERVED
+CVE-2021-46468
+ RESERVED
+CVE-2021-46467
+ RESERVED
+CVE-2021-46466
+ RESERVED
+CVE-2021-46465
+ RESERVED
+CVE-2021-46464
+ RESERVED
+CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control ...)
+ NOT-FOR-US: njs
+CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...)
+ NOT-FOR-US: njs
+CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...)
+ NOT-FOR-US: njs
+CVE-2021-46460
+ RESERVED
+CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-46457 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46456 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46455 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46454 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46453 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46452 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online Project ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46450
+ RESERVED
+CVE-2021-46449
+ RESERVED
+CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46443
+ RESERVED
+CVE-2021-46442
+ RESERVED
+CVE-2021-46441
+ RESERVED
+CVE-2021-46440
+ RESERVED
+CVE-2021-46439
+ RESERVED
+CVE-2021-46438
+ RESERVED
+CVE-2021-46437
+ RESERVED
+CVE-2021-46436
+ RESERVED
+CVE-2021-46435
+ RESERVED
+CVE-2021-46434
+ RESERVED
+CVE-2021-46433
+ RESERVED
+CVE-2021-46432
+ RESERVED
+CVE-2021-46431
+ RESERVED
+CVE-2021-46430
+ RESERVED
+CVE-2021-46429
+ RESERVED
+CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester S ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46426
+ RESERVED
+CVE-2021-46425
+ RESERVED
+CVE-2021-46424
+ RESERVED
+CVE-2021-46423
+ RESERVED
+CVE-2021-46422
+ RESERVED
+CVE-2021-46421
+ RESERVED
+CVE-2021-46420
+ RESERVED
+CVE-2021-46419
+ RESERVED
+CVE-2021-46418
+ RESERVED
+CVE-2021-46417
+ RESERVED
+CVE-2021-46416
+ RESERVED
+CVE-2021-46415
+ RESERVED
+CVE-2021-46414
+ RESERVED
+CVE-2021-46413
+ RESERVED
+CVE-2021-46412
+ RESERVED
+CVE-2021-46411
+ RESERVED
+CVE-2021-46410
+ RESERVED
+CVE-2021-46409
+ RESERVED
+CVE-2021-46408
+ RESERVED
+CVE-2021-46407
+ RESERVED
+CVE-2021-46406
+ RESERVED
+CVE-2021-46405
+ RESERVED
+CVE-2021-46404
+ RESERVED
+CVE-2021-4209
+ RESERVED
+CVE-2021-46403
+ RESERVED
+CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-46402
+ RESERVED
+CVE-2021-46401
+ RESERVED
+CVE-2021-46400
+ RESERVED
+CVE-2021-46399
+ RESERVED
+CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser &lt; ...)
+ NOT-FOR-US: FileBrowser
+CVE-2021-46397
+ RESERVED
+CVE-2021-46396
+ RESERVED
+CVE-2021-46395
+ RESERVED
+CVE-2021-46394
+ RESERVED
+CVE-2021-46393
+ RESERVED
+CVE-2021-46392
+ RESERVED
+CVE-2021-46391
+ RESERVED
+CVE-2021-46390
+ RESERVED
+CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
+ NOT-FOR-US: IIPImage High Resolution Streaming Image Server
+CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...)
+ NOT-FOR-US: WAGO
+CVE-2021-46387
+ RESERVED
+CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: File U ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: SQL In ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46384
+ RESERVED
+CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: SQL In ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46382
+ RESERVED
+CVE-2021-46381
+ RESERVED
+CVE-2021-46380
+ RESERVED
+CVE-2021-46379
+ RESERVED
+CVE-2021-46378
+ RESERVED
+CVE-2021-46377 (There is a front-end sql injection vulnerability in cszcms 1.2.9 via c ...)
+ NOT-FOR-US: cszcms
+CVE-2021-46376
+ RESERVED
+CVE-2021-46375
+ RESERVED
+CVE-2021-46374
+ RESERVED
+CVE-2021-46373
+ RESERVED
+CVE-2021-46372 (Scoold 1.47.2 is a Q&amp;A/knowledge base platform written in Java. Wh ...)
+ NOT-FOR-US: Scoold
+CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...)
+ NOT-FOR-US: antd-admin
+CVE-2021-46370
+ RESERVED
+CVE-2021-46369
+ RESERVED
+CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...)
+ NOT-FOR-US: TRIGONE Remote System Monitor
+CVE-2021-46367
+ RESERVED
+CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
+ NOT-FOR-US: Composr-CMS
+CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
+ NOT-FOR-US: FISCO-BCOS
+CVE-2021-46358
+ RESERVED
+CVE-2021-46357
+ RESERVED
+CVE-2021-46356
+ RESERVED
+CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To expl ...)
+ NOT-FOR-US: OCS Inventory (not the same as ocsinventory-server)
+CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-46353
+ RESERVED
+CVE-2021-46352
+ RESERVED
+CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940
+CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936
+CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937
+CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941
+CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938
+CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939
+CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920
+CVE-2021-46344 (There is an Assertion 'flags &amp; PARSER_PATTERN_HAS_REST_ELEMENT' fa ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928
+CVE-2021-46343 (There is an Assertion 'context_p-&gt;token.type == LEXER_LITERAL' fail ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921
+CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934
+CVE-2021-46341
+ RESERVED
+CVE-2021-46340 (There is an Assertion 'context_p-&gt;stack_top_uint8 == SCAN_STACK_TRY ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924
+CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...)
+ - iotjs <undetermined>
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935
+CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900
+CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930
+CVE-2021-46336 (There is an Assertion 'opts &amp; PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927
+CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid memory acces ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer overflow vi ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...)
+ NOT-FOR-US: Duktape
+CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46320 (In OpenZeppelin &lt;=v4.4.0, initializer functions that are invoked se ...)
+ NOT-FOR-US: OpenZeppelin
+CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...)
+ NOT-FOR-US: Dlink DIR-846 Router
+CVE-2021-46318
+ RESERVED
+CVE-2021-46317
+ RESERVED
+CVE-2021-46316
+ RESERVED
+CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2039
+ NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba
+CVE-2021-46312
+ RESERVED
+CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2038
+ NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491
+CVE-2021-46310
+ RESERVED
+CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...)
+ NOT-FOR-US: Projectworlds Online Examination System
+CVE-2021-46306
+ RESERVED
+CVE-2021-46305
+ RESERVED
+CVE-2021-46304
+ RESERVED
+CVE-2021-46303
+ RESERVED
+CVE-2021-46302
+ RESERVED
+CVE-2021-46301
+ RESERVED
+CVE-2021-46300
+ RESERVED
+CVE-2021-46299
+ RESERVED
+CVE-2021-46298
+ RESERVED
+CVE-2021-46297
+ RESERVED
+CVE-2021-46296
+ RESERVED
+CVE-2021-46295
+ RESERVED
+CVE-2021-46294
+ RESERVED
+CVE-2021-46293
+ RESERVED
+CVE-2021-46292
+ RESERVED
+CVE-2021-46291
+ RESERVED
+CVE-2021-46290
+ RESERVED
+CVE-2021-46289
+ RESERVED
+CVE-2021-46288
+ RESERVED
+CVE-2021-46287
+ RESERVED
+CVE-2021-46286
+ RESERVED
+CVE-2021-46285
+ RESERVED
+CVE-2021-46284
+ RESERVED
+CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44760
+ RESERVED
+CVE-2021-4207
+ RESERVED
+CVE-2021-4206
+ RESERVED
+CVE-2021-4205
+ RESERVED
+CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23209
+ RESERVED
+CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23150
+ RESERVED
+CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7)
+CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
+ RESERVED
+ - linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4
+CVE-2021-46269
+ RESERVED
+CVE-2021-46268
+ RESERVED
+CVE-2021-46267
+ RESERVED
+CVE-2021-46266
+ RESERVED
+CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46261
+ RESERVED
+CVE-2021-46260
+ RESERVED
+CVE-2021-46259
+ RESERVED
+CVE-2021-46258
+ RESERVED
+CVE-2021-46257
+ RESERVED
+CVE-2021-46256
+ RESERVED
+CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to ...)
+ NOT-FOR-US: eyouCMS
+CVE-2021-46254
+ RESERVED
+CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...)
+ NOT-FOR-US: Anchor CMS
+CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...)
+ NOT-FOR-US: scratch-confirmaccount-v3
+CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46248
+ RESERVED
+CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...)
+ NOT-FOR-US: ASUS
+CVE-2021-46246
+ RESERVED
+CVE-2021-46245
+ RESERVED
+CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1327
+ NOTE: https://github.com/advisories/GHSA-vrxh-5gxg-rmhm
+CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1326
+ NOTE: https://github.com/advisories/GHSA-2rqw-mg55-mp69
+CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1329
+ NOTE: https://github.com/advisories/GHSA-x9pw-hh7v-wjpf
+CVE-2021-46241
+ RESERVED
+CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2028
+ NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d
+CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2026
+ NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4
+CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2027
+ NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf
+CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2033
+ NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00
+CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2024
+ NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d
+CVE-2021-46235
+ RESERVED
+CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2023
+ NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5
+CVE-2021-46233 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46232 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46231 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46230 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46229 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46228 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46227 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46226 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...)
+ NOT-FOR-US: libMeshb
+CVE-2021-46224
+ RESERVED
+CVE-2021-46223
+ RESERVED
+CVE-2021-46222
+ RESERVED
+CVE-2021-46221
+ RESERVED
+CVE-2021-46220
+ RESERVED
+CVE-2021-46219
+ RESERVED
+CVE-2021-46218
+ RESERVED
+CVE-2021-46217
+ RESERVED
+CVE-2021-46216
+ RESERVED
+CVE-2021-46215
+ RESERVED
+CVE-2021-46214
+ RESERVED
+CVE-2021-46213
+ RESERVED
+CVE-2021-46212
+ RESERVED
+CVE-2021-46211
+ RESERVED
+CVE-2021-46210
+ RESERVED
+CVE-2021-46209
+ RESERVED
+CVE-2021-46208
+ RESERVED
+CVE-2021-46207
+ RESERVED
+CVE-2021-46206
+ RESERVED
+CVE-2021-46205
+ RESERVED
+CVE-2021-46204 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
+ NOT-FOR-US: taocms
+CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
+ NOT-FOR-US: taocms
+CVE-2021-46202
+ RESERVED
+CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...)
+ NOT-FOR-US: Sourcecodester Online Resort Management System
+CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46199
+ RESERVED
+CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46197
+ RESERVED
+CVE-2021-46196
+ RESERVED
+CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the ...)
+ - binutils <unfixed> (unimportant)
+ NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841
+ NOTE: binutils not covered by security support
+CVE-2021-46194
+ RESERVED
+CVE-2021-46193
+ RESERVED
+CVE-2021-46192
+ RESERVED
+CVE-2021-46191
+ RESERVED
+CVE-2021-46190
+ RESERVED
+CVE-2021-46189
+ RESERVED
+CVE-2021-46188
+ RESERVED
+CVE-2021-46187
+ RESERVED
+CVE-2021-46186
+ RESERVED
+CVE-2021-46185
+ RESERVED
+CVE-2021-46184
+ RESERVED
+CVE-2021-46183
+ RESERVED
+CVE-2021-46182
+ RESERVED
+CVE-2021-46181
+ RESERVED
+CVE-2021-46180
+ RESERVED
+CVE-2021-46179
+ RESERVED
+CVE-2021-46178
+ RESERVED
+CVE-2021-46177
+ RESERVED
+CVE-2021-46176
+ RESERVED
+CVE-2021-46175
+ RESERVED
+CVE-2021-46174
+ RESERVED
+CVE-2021-46173
+ RESERVED
+CVE-2021-46172
+ RESERVED
+CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...)
+ NOT-FOR-US: Modex
+CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...)
+ - iotjs <unfixed>
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d
+CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability ...)
+ NOT-FOR-US: Modex
+CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...)
+ NOT-FOR-US: Spin
+CVE-2021-46167
+ RESERVED
+CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...)
+ NOT-FOR-US: Lens
+CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
+ NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4)
+CVE-2021-4202
+ RESERVED
+ - linux 5.15.5-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
+ NOTE: CONFIG_NFC_NCI not enabled in Debian
+CVE-2021-23218 (When running with FIPS mode enabled, Mirantis Container Runtime 20.10. ...)
+ NOT-FOR-US: Mirantis Container Runtime
+CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates helm c ...)
+ NOT-FOR-US: Lens
+CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote code e ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media ...)
+ NOT-FOR-US: Kentico Xperience CMS
+CVE-2021-46162
+ RESERVED
+CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension CheckUser
+CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension UniversalLanguageSelector
+CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension SecurePoll
+CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension MassEditRegex
+CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
+CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...)
+ NOT-FOR-US: ForgeRock
+CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
+ NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
+CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1
+ NOTE: https://github.com/libexpat/libexpat/issues/532
+ NOTE: https://github.com/libexpat/libexpat/pull/538
+ NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b (R_2_4_3)
+CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ {DSA-5063-1 DLA-2883-1}
+ - uriparser 0.9.6+dfsg-1
+ NOTE: https://github.com/uriparser/uriparser/issues/122
+ NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/pull/124
+CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ {DSA-5063-1 DLA-2883-2 DLA-2883-1}
+ - uriparser 0.9.6+dfsg-1
+ NOTE: https://github.com/uriparser/uriparser/issues/121
+ NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/commit/b1a34743bc1472e055d886e29e9b53f670eb3282 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/pull/124
+CVE-2021-4200
+ RESERVED
+CVE-2021-46140
+ RESERVED
+CVE-2021-46139
+ RESERVED
+CVE-2021-46138
+ RESERVED
+CVE-2021-46137
+ RESERVED
+CVE-2021-46136
+ RESERVED
+CVE-2021-46135
+ RESERVED
+CVE-2021-46134
+ RESERVED
+CVE-2021-46133
+ RESERVED
+CVE-2021-46132
+ RESERVED
+CVE-2021-46131
+ RESERVED
+CVE-2021-45722
+ RESERVED
+CVE-2021-45110
+ RESERVED
+CVE-2021-45073
+ RESERVED
+CVE-2021-44778
+ RESERVED
+CVE-2021-44468
+ RESERVED
+CVE-2021-44456
+ RESERVED
+CVE-2021-44452
+ RESERVED
+CVE-2021-43352
+ RESERVED
+CVE-2021-4199
+ RESERVED
+CVE-2021-4198
+ RESERVED
+CVE-2021-31564
+ RESERVED
+CVE-2021-23229
+ RESERVED
+CVE-2021-46130
+ RESERVED
+CVE-2021-46129
+ RESERVED
+CVE-2021-46128
+ RESERVED
+CVE-2021-46127
+ RESERVED
+CVE-2021-46126
+ RESERVED
+CVE-2021-46125
+ RESERVED
+CVE-2021-46124
+ RESERVED
+CVE-2021-46123
+ RESERVED
+CVE-2021-46122
+ RESERVED
+CVE-2021-46121
+ RESERVED
+CVE-2021-46120
+ RESERVED
+CVE-2021-46119
+ RESERVED
+CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ NOT-FOR-US: jpress
+CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ NOT-FOR-US: jpress
+CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...)
+ NOT-FOR-US: jpress
+CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...)
+ NOT-FOR-US: jpress
+CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...)
+ NOT-FOR-US: jpress
+CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...)
+ NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source
+CVE-2021-46112
+ RESERVED
+CVE-2021-46111
+ RESERVED
+CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...)
+ NOT-FOR-US: Online Shopping Portal
+CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...)
+ NOT-FOR-US: ASUS
+CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46107
+ RESERVED
+CVE-2021-46106
+ RESERVED
+CVE-2021-46105
+ RESERVED
+CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...)
+ NOT-FOR-US: webp_server_go
+CVE-2021-46103
+ RESERVED
+CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in ...)
+ NOT-FOR-US: Solana rBBP
+CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...)
+ NOT-FOR-US: Git for Windows
+CVE-2021-46100
+ RESERVED
+CVE-2021-46099
+ RESERVED
+CVE-2021-46098
+ RESERVED
+CVE-2021-46097 (Dolphinphp v1.5.0 contains a remote code execution vulnerability in /a ...)
+ NOT-FOR-US: Dolphinphp
+CVE-2021-46096
+ RESERVED
+CVE-2021-46095
+ RESERVED
+CVE-2021-46094
+ RESERVED
+CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...)
+ NOT-FOR-US: eliteCMS
+CVE-2021-46092
+ RESERVED
+CVE-2021-46091
+ RESERVED
+CVE-2021-46090
+ RESERVED
+CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...)
+ NOT-FOR-US: JeecgBoot
+CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...)
+ - zabbix <undetermined>
+ NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely
+ NOTE: https://github.com/paalbra/zabbix-zbxsec-7
+ NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command
+ NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions
+CVE-2021-46087 (In jfinal_cms &gt;= 5.1 0, there is a storage XSS vulnerability in the ...)
+ NOT-FOR-US: jfinal_cms
+CVE-2021-46086 (xzs-mysql &gt;= t3.4.0 is vulnerable to Insecure Permissions. The fron ...)
+ NOT-FOR-US: xzs-mysql
+CVE-2021-46085 (OneBlog &lt;= 2.2.8 is vulnerable to Insecure Permissions. Low level a ...)
+ NOT-FOR-US: OneBlog
+CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: uscat
+CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: uscat
+CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...)
+ NOT-FOR-US: Moxa
+CVE-2021-46081
+ RESERVED
+CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46077
+ RESERVED
+CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46066
+ RESERVED
+CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46064
+ RESERVED
+CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46060
+ REJECTED
+CVE-2021-46059
+ REJECTED
+CVE-2021-46058
+ REJECTED
+CVE-2021-46057
+ RESERVED
+CVE-2021-46056
+ RESERVED
+CVE-2021-46055 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4413
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46054 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4410
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46053 (A Denial of Service vulnerability exists in Binaryen 103. The program ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4392
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4411
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2011
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4391
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2013
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4412
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2008
+ NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd
+CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2005
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2007
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2006
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2001
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2002
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2004
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2003
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1999
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2000
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46035
+ RESERVED
+CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
+ NOT-FOR-US: ForestBlog
+CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification. ...)
+ NOT-FOR-US: ForestBlog
+CVE-2021-46032
+ RESERVED
+CVE-2021-46031
+ RESERVED
+CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuar ...)
+ NOT-FOR-US: JavaQuarkBBS
+CVE-2021-46029
+ RESERVED
+CVE-2021-46028 (In mblog &lt;= 3.5.0 there is a CSRF vulnerability in the background a ...)
+ NOT-FOR-US: mblog
+CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...)
+ NOT-FOR-US: mysiteforme
+CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...)
+ NOT-FOR-US: mysiteforme
+CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog &lt;= 2.2 ...)
+ NOT-FOR-US: OneBlog
+CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...)
+ NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php
+CVE-2021-46023
+ RESERVED
+CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html
+ NOTE: Negligible security impact
+CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html
+ NOTE: Negligible security impact
+CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...)
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
+ NOTE: https://github.com/mruby/mruby/issues/5613
+CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00009.html
+ NOTE: Negligible security impact
+CVE-2021-46018
+ RESERVED
+CVE-2021-46017
+ RESERVED
+CVE-2021-46016
+ RESERVED
+CVE-2021-46015
+ RESERVED
+CVE-2021-46014
+ RESERVED
+CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46012
+ REJECTED
+CVE-2021-46011
+ RESERVED
+CVE-2021-46010
+ RESERVED
+CVE-2021-46009
+ RESERVED
+CVE-2021-46008
+ RESERVED
+CVE-2021-46007
+ RESERVED
+CVE-2021-46006
+ RESERVED
+CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46004
+ RESERVED
+CVE-2021-46003
+ RESERVED
+CVE-2021-46002
+ RESERVED
+CVE-2021-46001
+ RESERVED
+CVE-2021-46000
+ RESERVED
+CVE-2021-45999
+ RESERVED
+CVE-2021-45998 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-45997 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45996 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45995 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45994 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45993 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45992 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45991 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45990 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45989 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45988 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45985
+ RESERVED
+CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm checks]
+ RESERVED
+ - linux 5.15.15-1
+ NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
+CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...)
+ {DSA-5037-1 DLA-2878-1}
+ - roundcube <unfixed> (bug #1003027)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
+ NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released
+ NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
+CVE-2021-45984
+ RESERVED
+CVE-2021-45983
+ RESERVED
+CVE-2021-45982
+ RESERVED
+CVE-2021-45981
+ RESERVED
+CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45977
+ RESERVED
+CVE-2021-45976
+ RESERVED
+CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...)
+ NOT-FOR-US: Acer
+CVE-2021-45974
+ RESERVED
+CVE-2021-45973
+ RESERVED
+CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...)
+ - giftrans <unfixed> (bug #1002739; unimportant)
+ NOTE: Negligible security impact; crash in CLI tool
+CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45968
+ RESERVED
+CVE-2021-45967
+ RESERVED
+CVE-2021-45966
+ RESERVED
+CVE-2021-45965
+ RESERVED
+CVE-2021-45964
+ RESERVED
+CVE-2021-45963
+ RESERVED
+CVE-2021-45962
+ RESERVED
+CVE-2021-45961
+ RESERVED
+CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1002994)
+ NOTE: https://github.com/libexpat/libexpat/issues/531
+ NOTE: https://github.com/libexpat/libexpat/pull/534
+ NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea (R_2_4_3)
+CVE-2021-45959
+ REJECTED
+CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow ...)
+ - ujson <unfixed> (bug #1005140)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
+ NOTE: https://github.com/ultrajson/ultrajson/issues/501
+ NOTE: https://github.com/ultrajson/ultrajson/issues/502
+CVE-2021-45957 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45956 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_ ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45955 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45954 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45953 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45952 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_r ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45951 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_ ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)
+ {DSA-5038-1 DLA-2879-1}
+ - ghostscript 9.55.0~dfsg-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
+CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...)
+ - assimp 5.1.1~ds0-1
+ [bullseye] - assimp <not-affected> (Vulnerable code not present)
+ [buster] - assimp <not-affected> (Vulnerable code not present)
+ [stretch] - assimp <not-affected> (M3D format support not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
+ NOTE: https://github.com/assimp/assimp/pull/4146
+ NOTE: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0)
+ NOTE: Introduced by: https://github.com/assimp/assimp/commit/a622e109a0739435e3e2f05bfbedba0e8385282d (v5.1.0.rc1)
+CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45945
+ REJECTED
+CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
+ {DSA-5038-1 DLA-2879-1}
+ - ghostscript 9.54.0~dfsg-5
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25
+CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
+ {DLA-2877-1}
+ [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1
+ - gdal <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
+ NOTE: https://github.com/OSGeo/gdal/pull/4944
+ NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master)
+ NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947
+ NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
+CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
+ - openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1209
+CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...)
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
+CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...)
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
+CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: uWebSockets
+CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...)
+ - libgrokj2k <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021
+ NOTE: Referenced fix isn't in the upstream repo
+CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...)
+ - harfbuzz <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml
+ NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1)
+ TODO: check correctness of commit, might not affect any Debian released version
+CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...)
+ {DLA-2895-1 DLA-2885-1}
+ - qtsvg-opensource-src 5.15.2-4 (bug #1002991)
+ [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ [buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ - qt4-x11 <removed>
+ [buster] - qt4-x11 <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
+ NOTE: https://bugreports.qt.io/browse/QTBUG-96044
+ NOTE: https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev)
+ NOTE: https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2)
+ NOTE: https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12)
+CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other produ ...)
+ - jpeg-xl <not-affected> (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456
+ NOTE: https://github.com/libjxl/libjxl/issues/360
+ NOTE: https://github.com/libjxl/libjxl/pull/365
+ NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6)
+ NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6)
+CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ - mdbtools <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187
+ TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
+CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ - mdbtools <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972
+ TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
+CVE-2021-4196
+ RESERVED
+CVE-2021-4195
+ RESERVED
+CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...)
+ NOT-FOR-US: Netgear
+CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
+ NOT-FOR-US: Bitmask Riseup VPN
+CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
+ NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950)
+CVE-2021-4192 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
+ NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949)
+CVE-2021-4191
+ RESERVED
+CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. ...)
+ NOT-FOR-US: Studio 42 elFinder
+CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
+CVE-2021-4189 [ftplib should not use the host from the PASV response]
+ RESERVED
+ {DLA-2919-1}
+ - python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ [stretch] - python3.5 <no-dsa> (Minor issue)
+ - python2.7 <unfixed>
+ [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue43285
+ NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
+ NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
+ NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
+ NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020
+CVE-2021-45918
+ RESERVED
+CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...)
+ NOT-FOR-US: Shockwall system
+CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...)
+ NOT-FOR-US: Shockwall system
+CVE-2021-45915
+ RESERVED
+CVE-2021-45914
+ RESERVED
+CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
+ NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
+CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...)
+ NOT-FOR-US: ControlUp Real-Time Agent
+CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
+ NOT-FOR-US: ControlUp Real-Time Agent
+CVE-2021-44775
+ RESERVED
+CVE-2021-44465
+ RESERVED
+CVE-2021-4187 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e
+ NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923)
+CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002687)
+CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002667)
+CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002668)
+CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+ - gif2apng <removed> (bug #1002669; unimportant)
+ NOTE: Negligible security impact
+CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+ - gif2apng <removed> (bug #1002669; unimportant)
+ NOTE: Negligible security impact
+CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45902
+ RESERVED
+CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...)
+ NOT-FOR-US: ServiceNow Orlando
+CVE-2021-45900
+ RESERVED
+CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...)
+ NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices
+CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...)
+ NOT-FOR-US: Netgen Tags Bundle
+CVE-2021-45894
+ RESERVED
+CVE-2021-45893
+ RESERVED
+CVE-2021-45892
+ RESERVED
+CVE-2021-45891
+ RESERVED
+CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...)
+ NOT-FOR-US: AuthGuard
+CVE-2021-45889
+ RESERVED
+CVE-2021-45888
+ RESERVED
+CVE-2021-45887
+ RESERVED
+CVE-2021-45886
+ RESERVED
+CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
+ - wireshark 3.6.0-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
+CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
+CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
+CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
+CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
+CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
+CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-45883
+ RESERVED
+CVE-2021-45882
+ RESERVED
+CVE-2021-45881
+ RESERVED
+CVE-2021-45880
+ RESERVED
+CVE-2021-45879
+ RESERVED
+CVE-2021-45878
+ RESERVED
+CVE-2021-45877
+ RESERVED
+CVE-2021-45876
+ RESERVED
+CVE-2021-45875
+ RESERVED
+CVE-2021-45874
+ RESERVED
+CVE-2021-45873
+ RESERVED
+CVE-2021-45872
+ RESERVED
+CVE-2021-45871
+ RESERVED
+CVE-2021-45870
+ RESERVED
+CVE-2021-45869
+ RESERVED
+CVE-2021-45868
+ RESERVED
+CVE-2021-45867
+ RESERVED
+CVE-2021-45866
+ RESERVED
+CVE-2021-45865
+ RESERVED
+CVE-2021-45864
+ RESERVED
+CVE-2021-45863
+ RESERVED
+CVE-2021-45862
+ RESERVED
+CVE-2021-45861
+ RESERVED
+CVE-2021-45860
+ RESERVED
+CVE-2021-45859
+ RESERVED
+CVE-2021-45858
+ RESERVED
+CVE-2021-45857
+ RESERVED
+CVE-2021-45856 (Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buf ...)
+ NOT-FOR-US: Accu-Time Systems MAXIMUS
+CVE-2021-45855
+ RESERVED
+CVE-2021-45854
+ RESERVED
+CVE-2021-45853
+ RESERVED
+CVE-2021-45852
+ RESERVED
+CVE-2021-45851
+ RESERVED
+CVE-2021-45850
+ RESERVED
+CVE-2021-45849
+ RESERVED
+CVE-2021-45848
+ RESERVED
+CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...)
+ - slic3r <unfixed>
+ NOTE: https://github.com/slic3r/Slic3r/issues/5118
+ NOTE: https://github.com/slic3r/Slic3r/issues/5119
+ NOTE: https://github.com/slic3r/Slic3r/issues/5120
+CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ...)
+ - slic3r <unfixed>
+ NOTE: https://github.com/slic3r/Slic3r/issues/5117
+CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...)
+ - freecad <unfixed>
+ [stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17)
+ NOTE: https://github.com/FreeCAD/FreeCAD/pull/5306
+ NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406
+ NOTE: https://tracker.freecad.org/view.php?id=4810
+CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...)
+ - freecad <unfixed> (bug #1005747)
+ NOTE: https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (0.20)
+ NOTE: https://tracker.freecad.org/view.php?id=4809
+CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-45842
+ RESERVED
+CVE-2021-45841
+ RESERVED
+CVE-2021-45840
+ RESERVED
+CVE-2021-45839
+ RESERVED
+CVE-2021-45838
+ RESERVED
+CVE-2021-45837
+ RESERVED
+CVE-2021-45836
+ RESERVED
+CVE-2021-45835
+ RESERVED
+CVE-2021-45834
+ RESERVED
+CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1313
+ NOTE: https://github.com/advisories/GHSA-x57p-jwp6-4v79
+CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1315
+ NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8
+CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1990
+ NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765
+CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1314
+ NOTE: https://github.com/advisories/GHSA-5h2h-fjjr-x9m2
+CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1317
+ NOTE: https://github.com/advisories/GHSA-23gx-cm6v-952g
+CVE-2021-45828
+ RESERVED
+CVE-2021-45827
+ RESERVED
+CVE-2021-45826
+ RESERVED
+CVE-2021-45825
+ RESERVED
+CVE-2021-45824
+ RESERVED
+CVE-2021-45823
+ RESERVED
+CVE-2021-45822
+ RESERVED
+CVE-2021-45821
+ RESERVED
+CVE-2021-45820
+ RESERVED
+CVE-2021-45819
+ RESERVED
+CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...)
+ NOT-FOR-US: SAFARI Montage
+CVE-2021-45817
+ REJECTED
+CVE-2021-45816
+ RESERVED
+CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...)
+ NOT-FOR-US: Quectel UC20 UMTS/HSPA+ UC20
+CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...)
+ NOT-FOR-US: Nettmp NNT
+CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...)
+ NOT-FOR-US: SLICAN WebCTI
+CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...)
+ NOT-FOR-US: NUUO Network Video Recorder NVRsolo
+CVE-2021-45811
+ RESERVED
+CVE-2021-45810
+ RESERVED
+CVE-2021-45809
+ RESERVED
+CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...)
+ NOT-FOR-US: jpress
+CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
+ NOT-FOR-US: jpress
+CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...)
+ NOT-FOR-US: jpress
+CVE-2021-45805
+ RESERVED
+CVE-2021-45804
+ RESERVED
+CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
+ NOT-FOR-US: MartDevelopers iResturant
+CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
+ NOT-FOR-US: MartDevelopers iResturant
+CVE-2021-45801
+ RESERVED
+CVE-2021-45800
+ RESERVED
+CVE-2021-45799
+ RESERVED
+CVE-2021-45798
+ RESERVED
+CVE-2021-45797
+ RESERVED
+CVE-2021-45796
+ RESERVED
+CVE-2021-45795
+ RESERVED
+CVE-2021-45794
+ RESERVED
+CVE-2021-45793
+ RESERVED
+CVE-2021-45792
+ RESERVED
+CVE-2021-45791
+ RESERVED
+CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45787
+ RESERVED
+CVE-2021-45786
+ RESERVED
+CVE-2021-45785
+ RESERVED
+CVE-2021-45784
+ RESERVED
+CVE-2021-45783
+ RESERVED
+CVE-2021-45782
+ REJECTED
+CVE-2021-45781
+ REJECTED
+CVE-2021-45780
+ REJECTED
+CVE-2021-45779
+ REJECTED
+CVE-2021-45778
+ REJECTED
+CVE-2021-45777
+ RESERVED
+CVE-2021-45776
+ RESERVED
+CVE-2021-45775
+ REJECTED
+CVE-2021-45774
+ REJECTED
+CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...)
+ NOT-FOR-US: lib60870
+CVE-2021-45772
+ RESERVED
+CVE-2021-45771
+ RESERVED
+CVE-2021-45770
+ RESERVED
+CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...)
+ NOT-FOR-US: libiec61850
+CVE-2021-45768
+ RESERVED
+CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1982
+ NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde
+CVE-2021-45766
+ RESERVED
+CVE-2021-45765
+ RESERVED
+CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1971
+ NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb
+CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1974
+ NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec
+CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1978
+ NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788
+CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...)
+ NOT-FOR-US: ROPium
+CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1966
+ NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea
+CVE-2021-45759
+ RESERVED
+CVE-2021-45758
+ RESERVED
+CVE-2021-45757
+ RESERVED
+CVE-2021-45756
+ RESERVED
+CVE-2021-45755
+ RESERVED
+CVE-2021-45754
+ RESERVED
+CVE-2021-45753
+ RESERVED
+CVE-2021-45752
+ RESERVED
+CVE-2021-45751
+ RESERVED
+CVE-2021-45750
+ RESERVED
+CVE-2021-45749
+ RESERVED
+CVE-2021-45748
+ RESERVED
+CVE-2021-45747
+ RESERVED
+CVE-2021-45746
+ RESERVED
+CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...)
+ NOT-FOR-US: Bludit
+CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...)
+ NOT-FOR-US: Bludit
+CVE-2021-45743
+ RESERVED
+CVE-2021-45742 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a comm ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45741 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45740 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45739 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45738 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45737 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45736 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45735 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45734 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45733 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-4180
+ RESERVED
+ - tripleo-heat-templates <removed>
+ NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397
+CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
+ NOT-FOR-US: Rust crate lru
+CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...)
+ NOT-FOR-US: Rust crate rust-embed
+CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...)
+ NOT-FOR-US: Rust crate simple_asn1
+CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...)
+ - rust-tokio <unfixed>
+ [bullseye] - rust-tokio <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
+ NOTE: https://github.com/tokio-rs/tokio/issues/4225
+CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...)
+ NOT-FOR-US: Rust crate crypto2
+CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...)
+ NOT-FOR-US: Rust crate abomonation
+CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x before ...)
+ - rust-nix 0.23.0-1
+ [bullseye] - rust-nix <no-dsa> (Minor issue)
+ [buster] - rust-nix <not-affected> (Introduced in 0.16)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
+CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...)
+ NOT-FOR-US: Rust crate zeroize_derive
+CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...)
+ NOT-FOR-US: Rust crate nanorand
+CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...)
+ NOT-FOR-US: Rust crate metrics-util
+CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...)
+ NOT-FOR-US: Rust crate tectonic_xdv
+CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+ NOT-FOR-US: Rust crate tremor-script
+CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+ NOT-FOR-US: Rust crate tremor-script
+CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...)
+ NOT-FOR-US: Rust crate molecule
+CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...)
+ - rust-sha2 <not-affected> (Only affetced 0.9.7, never uploaded to the archive)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html
+CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...)
+ NOT-FOR-US: Rust crate mopa
+CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...)
+ NOT-FOR-US: Rust crate rdiff
+CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for ...)
+ NOT-FOR-US: Rust crate gfx-auxil
+CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...)
+ NOT-FOR-US: Rust crate ash
+CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. ...)
+ NOT-FOR-US: Rust crate raw-cpuid
+CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...)
+ NOT-FOR-US: Rust crate csv-sniffer
+CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...)
+ NOT-FOR-US: Rust crate columnar
+CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...)
+ NOT-FOR-US: Rust crate flumedb
+CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...)
+ NOT-FOR-US: Rust crate binjs
+CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...)
+ NOT-FOR-US: Rust crate bronzedb-protocol
+CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...)
+ NOT-FOR-US: Rust crate derive-com-impl
+CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...)
+ NOT-FOR-US: Rust crate vec-const
+CVE-2021-45111
+ RESERVED
+CVE-2021-45071
+ RESERVED
+CVE-2021-44547
+ RESERVED
+CVE-2021-44476
+ RESERVED
+CVE-2021-44475
+ RESERVED
+CVE-2021-44461
+ RESERVED
+CVE-2021-44460
+ RESERVED
+CVE-2021-4178
+ RESERVED
+ NOT-FOR-US: fabric8io/kubernetes-client
+ NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388
+CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-26947
+ RESERVED
+CVE-2021-23186
+ RESERVED
+CVE-2021-23178
+ RESERVED
+CVE-2021-23176
+ RESERVED
+CVE-2021-23166
+ RESERVED
+CVE-2021-4174
+ RESERVED
+CVE-2021-4173 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766
+ NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902)
+CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45677 (Certain NETGEAR devices are affected by stored XSS. This affects GS108 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45676 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45675 (Certain NETGEAR devices are affected by stored XSS. This affects R6120 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45674 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45673 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45672 (Certain NETGEAR devices are affected by Stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45671 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45670 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45669 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45668 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45667 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45666 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45665 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45664 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45663 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45662 (NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45661 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45660 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45659 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45658 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45657 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45656 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45655 (NETGEAR R6400 devices before 1.0.1.70 are affected by server-side inje ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45654 (NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of s ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45653 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45652 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45651 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45650 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45649 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45648 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45647 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45646 (NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45645 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45644 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45643 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45642 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45641 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45640 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45639 (Certain NETGEAR devices are affected by reflected XSS. This affects CB ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45638 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45637 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45636 (NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based bu ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45635 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45634 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45633 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45632 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45631 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45630 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45629 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45628 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45627 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45626 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45625 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45624 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45623 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45622 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45621 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45620 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45619 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45618 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45617 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45616 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45615 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45614 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45613 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45612 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45611 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...)
+ NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices
+CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45605 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45604 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45603 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45602 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45601 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45600 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45599 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45598 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45597 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45596 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45595 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45594 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45593 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45592 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45591 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45590 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45589 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45588 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45587 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45586 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45585 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45584 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45583 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45582 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45581 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45580 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45579 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45578 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45577 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45576 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45575 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45574 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45573 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45572 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45571 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45570 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45569 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45568 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45567 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45566 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45565 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45564 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45563 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45562 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45561 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45560 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45559 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45558 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45557 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45556 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45555 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45554 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45553 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45552 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45551 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45550 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45549 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45548 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45547 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45546 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45545 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45544 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45543 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45542 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45541 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45540 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45539 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45538 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45537 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45536 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45535 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45534 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45533 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45532 (NETGEAR R8000 devices before 1.0.4.76 are affected by command injectio ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45531 (NETGEAR D6220 devices before 1.0.0.76 are affected by command injectio ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45530 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45529 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45528 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45527 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45526 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45525 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45524 (NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45523 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45522 (NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded pas ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45521 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45520 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45519 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45518 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45517 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45516 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45514 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45513 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45512 (Certain NETGEAR devices are affected by weak cryptography. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45511 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45510 (NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45509 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45508 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45507 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45506 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45505 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45504 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45503 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45502 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45501 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45500 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45499 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45498 (NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45497 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45496 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45495 (NETGEAR D7000 devices before 1.0.1.68 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to read ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-45492
+ RESERVED
+CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-45491
+ RESERVED
+CVE-2021-45490
+ RESERVED
+CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://arxiv.org/pdf/2112.09604.pdf
+ NOTE: https://git.kernel.org/linus/aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba (5.13-rc1)
+CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://arxiv.org/pdf/2112.09604.pdf
+ NOTE: https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99 (5.14-rc1)
+CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
+CVE-2021-4167
+ RESERVED
+CVE-2021-45479
+ RESERVED
+CVE-2021-45478
+ RESERVED
+CVE-2021-45477
+ RESERVED
+CVE-2021-45476
+ RESERVED
+CVE-2021-45475
+ RESERVED
+CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
+ NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884)
+CVE-2021-4165
+ RESERVED
+CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-4163
+ RESERVED
+CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: archivy
+CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...)
+ NOT-FOR-US: FileImporter MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
+ NOTE: https://phabricator.wikimedia.org/T296605
+CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...)
+ NOT-FOR-US: WikiBase MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d
+ NOTE: https://phabricator.wikimedia.org/T294693
+CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...)
+ NOT-FOR-US: WikiBase MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd
+ NOTE: https://phabricator.wikimedia.org/T297570
+CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
+ NOT-FOR-US: EntitySchema MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9
+ NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c
+ NOTE: https://phabricator.wikimedia.org/T296578
+CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
+ NOT-FOR-US: cve-search
+CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
+ NOT-FOR-US: Moxa
+CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
+CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
+ NOT-FOR-US: Imperva Web Application Firewall
+CVE-2021-45467
+ RESERVED
+CVE-2021-45466
+ RESERVED
+CVE-2021-45465
+ RESERVED
+CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...)
+ - openssl 1.1.1m-1
+ [bullseye] - openssl <no-dsa> (Minor issue)
+ [buster] - openssl <no-dsa> (Minor issue)
+ [stretch] - openssl <ignored> (This is MIPS-specific and we don't support MIPS for stretch-security)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m)
+ NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html
+ NOTE: https://www.openssl.org/news/secadv/20220128.txt
+CVE-2021-4159 [bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()]
+ RESERVED
+ - linux 5.7.6-1
+ NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1)
+CVE-2021-45464 [hypervisor escape and host code execution]
+ RESERVED
+ - kvmtool <unfixed>
+ NOTE: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/
+CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...)
+ - gegl 1:0.4.34-1 (bug #1002661)
+ [bullseye] - gegl <no-dsa> (Minor issue)
+ [buster] - gegl <no-dsa> (Minor issue)
+ [stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
+ NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)
+CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c]
+ RESERVED
+ - qemu 1:6.2+dfsg-2
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770
+ NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html
+CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
+ NOT-FOR-US: FreePBX
+CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
+ RESERVED
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
+CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
+ RESERVED
+ - libsndfile <unfixed>
+ [bullseye] - libsndfile <no-dsa> (Minor issue)
+ [buster] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <no-dsa> (Minor issue)
+ NOTE: https://github.com/libsndfile/libsndfile/issues/731
+ NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
+CVE-2021-4155
+ RESERVED
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
+ NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1
+CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
+ NOT-FOR-US: Node windows
+CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3b0462726e7ef281c35a7a4ae33e93ee2bc9975b (5.14-rc2)
+CVE-2021-4153
+ RESERVED
+CVE-2021-4152
+ RESERVED
+CVE-2021-4151
+ RESERVED
+CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45455
+ RESERVED
+CVE-2021-45454
+ RESERVED
+CVE-2021-45453
+ RESERVED
+CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11)
+ NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26)
+CVE-2021-4150 [Block subsystem mishandles reference counts]
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
+CVE-2021-4149 [Improper lock operation in btrfs]
+ RESERVED
+ - linux 5.14.16-1
+ NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
+CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users to crash the kernel]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://lkml.org/lkml/2021/9/17/1037
+ NOTE: https://lkml.org/lkml/2021/9/12/323
+CVE-2021-4147 [deadlock and crash in libxl driver]
+ RESERVED
+ - libvirt 7.10.0-2 (bug #1002535)
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
+ NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
+CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...)
+ NOT-FOR-US: pimcore
+CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0)
+CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...)
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/cae590905363747d26fb5617b71bd567541a2f39 (mbedtls-3.1.0)
+CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...)
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0)
+CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...)
+ NOT-FOR-US: Docker Desktop on Windows
+CVE-2021-45448
+ RESERVED
+CVE-2021-45447
+ RESERVED
+CVE-2021-45446
+ RESERVED
+CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
+ NOT-FOR-US: Unisys
+CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
+ {DSA-5078-1 DLA-2926-1}
+ - zsh 5.8.1-1
+ NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
+ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
+ NOTE: https://sourceforge.net/p/zsh/code/ci/bdc4d70a7e033b754e68a8659a037ea0fc5f38de/
+CVE-2021-45443
+ RESERVED
+CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2021-45442 (A link following denial-of-service vulnerability in Trend Micro Worry- ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45441 (A origin validation error vulnerability in Trend Micro Apex One (on-pr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45440 (A unnecessary privilege vulnerability in Trend Micro Apex One and Tren ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45439
+ RESERVED
+CVE-2021-45438
+ RESERVED
+CVE-2021-45437
+ RESERVED
+CVE-2021-45436
+ RESERVED
+CVE-2021-45435 (An SQL Injection vulnerability exists in Sourcecodester Simple Cold St ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-45434
+ RESERVED
+CVE-2021-45433
+ RESERVED
+CVE-2021-45432
+ RESERVED
+CVE-2021-45431
+ RESERVED
+CVE-2021-45430
+ RESERVED
+CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 6 ...)
+ - yara <unfixed>
+ [stretch] - yara <no-dsa> (Minor issue)
+ NOTE: https://github.com/VirusTotal/yara/issues/1616
+ NOTE: https://github.com/VirusTotal/yara/commit/a36b497926b141624ea673111a101e9ddd7ac2eb (v4.2.0-rc1)
+CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability. ...)
+ NOT-FOR-US: TLR-2005KSH
+CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45426
+ RESERVED
+CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...)
+ NOT-FOR-US: SAFARI Montage
+CVE-2021-45424
+ RESERVED
+CVE-2021-45423
+ RESERVED
+CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
+ NOT-FOR-US: Reprise License Manager
+CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
+ NOT-FOR-US: Nova 360 Cabinet
+CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...)
+ NOT-FOR-US: Nova 360 Cabinet
+CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...)
+ {DSA-5051-1 DLA-2894-1}
+ - aide 0.17.4-1
+ NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
+CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 ...)
+ NOT-FOR-US: RosarioSIS
+CVE-2021-45415
+ RESERVED
+CVE-2021-45414
+ RESERVED
+CVE-2021-45413
+ RESERVED
+CVE-2021-45412
+ RESERVED
+CVE-2021-45411 (In Sourcecodetester Printable Staff ID Card Creator System 1.0 after c ...)
+ NOT-FOR-US: Sourcecodetester
+CVE-2021-45410
+ RESERVED
+CVE-2021-45409
+ RESERVED
+CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-45407
+ RESERVED
+CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
+ NOT-FOR-US: SalonERP
+CVE-2021-45405
+ RESERVED
+CVE-2021-45404
+ RESERVED
+CVE-2021-45403
+ RESERVED
+CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linux kern ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60
+ NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
+ NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6
+CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45400
+ RESERVED
+CVE-2021-45399
+ RESERVED
+CVE-2021-45398
+ RESERVED
+CVE-2021-45397
+ RESERVED
+CVE-2021-45396
+ RESERVED
+CVE-2021-45395
+ RESERVED
+CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...)
+ NOT-FOR-US: PHP HTML2PDF
+CVE-2021-45393
+ RESERVED
+CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45390
+ RESERVED
+CVE-2021-45389 (StarWind SAN &amp; NAS build 1578 and StarWind Command Center Build 68 ...)
+ NOT-FOR-US: StarWind
+CVE-2021-45388
+ REJECTED
+CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...)
+ - tcpreplay 4.4.0-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/687
+ NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...)
+ - tcpreplay 4.4.0-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/687
+ NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-45384
+ RESERVED
+CVE-2021-45383
+ RESERVED
+CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...)
+ NOT-FOR-US: D-Link
+CVE-2021-45381
+ RESERVED
+CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...)
+ NOT-FOR-US: AppCMS
+CVE-2021-45378
+ RESERVED
+CVE-2021-45377
+ RESERVED
+CVE-2021-45376
+ RESERVED
+CVE-2021-45375
+ RESERVED
+CVE-2021-45374
+ RESERVED
+CVE-2021-45373
+ RESERVED
+CVE-2021-45372
+ RESERVED
+CVE-2021-45371
+ RESERVED
+CVE-2021-45370
+ RESERVED
+CVE-2021-45369
+ RESERVED
+CVE-2021-45368
+ RESERVED
+CVE-2021-45367
+ RESERVED
+CVE-2021-45366
+ RESERVED
+CVE-2021-45365
+ RESERVED
+CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...)
+ NOT-FOR-US: Statamic
+CVE-2021-45363
+ RESERVED
+CVE-2021-45362
+ RESERVED
+CVE-2021-45361
+ RESERVED
+CVE-2021-45360
+ RESERVED
+CVE-2021-45359
+ RESERVED
+CVE-2021-45358
+ RESERVED
+CVE-2021-45357 (Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the ...)
+ - piwigo <removed>
+CVE-2021-45356
+ RESERVED
+CVE-2021-45355
+ RESERVED
+CVE-2021-45354
+ RESERVED
+CVE-2021-45353
+ RESERVED
+CVE-2021-45352
+ RESERVED
+CVE-2021-45351
+ RESERVED
+CVE-2021-45350
+ RESERVED
+CVE-2021-45349
+ RESERVED
+CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...)
+ NOT-FOR-US: zzcms
+CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...)
+ - sqlite3 <unfixed> (bug #1005974)
+ NOTE: https://github.com/guyinatuxedo/sqlite3_record_leaking
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054793
+CVE-2021-45345
+ RESERVED
+CVE-2021-45344
+ RESERVED
+CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7
+CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4
+CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997
+CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...)
+ - libsixel <unfixed> (bug #1004377)
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/libsixel/libsixel/issues/51
+ NOTE: Fixed by: https://github.com/libsixel/libsixel/pull/52
+CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45338 (Multiple privilege escalation vulnerabilities in Avast Antivirus prior ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45337 (Privilege escalation vulnerability in the Self-Defense driver of Avast ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45336 (Privilege escalation vulnerability in the Sandbox component of Avast A ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45335 (Sandbox component in Avast Antivirus prior to 20.4 has an insecure per ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45334 (Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL ...)
+ NOT-FOR-US: Sourcecodester Online Thesis Archiving System
+CVE-2021-45333
+ RESERVED
+CVE-2021-45332
+ RESERVED
+CVE-2021-45331 (An Authentication Bypass vulnerability exists in Gitea before 1.5.0, w ...)
+ - gitea <removed>
+CVE-2021-45330 (An issue exsits in Gitea through 1.15.7, which could let a malicious u ...)
+ - gitea <removed>
+CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...)
+ - gitea <removed>
+CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
+ - gitea <removed>
+CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...)
+ - gitea <removed>
+CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...)
+ - gitea <removed>
+CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...)
+ - gitea <removed>
+CVE-2021-45324
+ RESERVED
+CVE-2021-45323
+ RESERVED
+CVE-2021-45322
+ RESERVED
+CVE-2021-45321
+ RESERVED
+CVE-2021-45320
+ RESERVED
+CVE-2021-45319
+ RESERVED
+CVE-2021-45318
+ RESERVED
+CVE-2021-45317
+ RESERVED
+CVE-2021-45316
+ RESERVED
+CVE-2021-45315
+ RESERVED
+CVE-2021-45314
+ RESERVED
+CVE-2021-45313
+ RESERVED
+CVE-2021-45312
+ RESERVED
+CVE-2021-45311
+ RESERVED
+CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...)
+ NOT-FOR-US: Sangoma Technologies Corporation Switchvox
+CVE-2021-45309
+ RESERVED
+CVE-2021-45308
+ RESERVED
+CVE-2021-45307
+ RESERVED
+CVE-2021-45306
+ RESERVED
+CVE-2021-45305
+ RESERVED
+CVE-2021-45304
+ RESERVED
+CVE-2021-45303
+ RESERVED
+CVE-2021-45302
+ RESERVED
+CVE-2021-45301
+ RESERVED
+CVE-2021-45300
+ RESERVED
+CVE-2021-45299
+ RESERVED
+CVE-2021-45298
+ RESERVED
+CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1973
+ NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770
+CVE-2021-45296
+ RESERVED
+CVE-2021-45295
+ RESERVED
+CVE-2021-45294
+ RESERVED
+CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...)
+ - binaryen 104-1 (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4384
+ NOTE: https://github.com/WebAssembly/binaryen/pull/4388
+ NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1958
+ NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6
+CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1955
+ NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc
+CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...)
+ - binaryen 104-1 (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4383
+ NOTE: https://github.com/WebAssembly/binaryen/pull/4389
+ NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1972
+ NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d
+CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1956
+ NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3
+CVE-2021-45287
+ RESERVED
+CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...)
+ NOT-FOR-US: ZZCMS
+CVE-2021-45285
+ RESERVED
+CVE-2021-45284
+ RESERVED
+CVE-2021-45283
+ RESERVED
+CVE-2021-45282
+ RESERVED
+CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: QuickBox Pro
+CVE-2021-45280
+ RESERVED
+CVE-2021-45279
+ RESERVED
+CVE-2021-45278
+ RESERVED
+CVE-2021-45277
+ RESERVED
+CVE-2021-45276
+ RESERVED
+CVE-2021-45275
+ RESERVED
+CVE-2021-45274
+ RESERVED
+CVE-2021-45273
+ RESERVED
+CVE-2021-45272
+ RESERVED
+CVE-2021-45271
+ RESERVED
+CVE-2021-45270
+ RESERVED
+CVE-2021-45269
+ RESERVED
+CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...)
+ NOT-FOR-US: Backdrop CMS
+CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1965
+ NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487
+CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1985
+ NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e
+CVE-2021-45265
+ RESERVED
+CVE-2021-45264
+ RESERVED
+CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1975
+ NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9
+CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1980
+ NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a
+CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...)
+ - patch <unfixed> (unimportant)
+ NOTE: https://savannah.gnu.org/bugs/?61685
+ NOTE: Negligible security impact
+CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1979
+ NOTE: https://github.com/gpac/gpac/issues/1977
+ NOTE: https://github.com/gpac/gpac/commit/5e5e9c48b1a61e3844e9fbe26292305ab4c06d04
+ NOTE: Reported twice upstream, fix is in issue 1977 - identical report in issue 1979
+CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1986
+ NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29
+CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1970
+ NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad
+CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392790
+ NOTE: Negligible security impact
+CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...)
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392789
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...)
+ NOT-FOR-US: Video Sharing Website
+CVE-2021-45254
+ RESERVED
+CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...)
+ NOT-FOR-US: Simple Cold Storage Management System
+CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...)
+ NOT-FOR-US: Simple Forum-Discussion System
+CVE-2021-45251
+ RESERVED
+CVE-2021-45250
+ RESERVED
+CVE-2021-45249
+ RESERVED
+CVE-2021-45248
+ RESERVED
+CVE-2021-45247
+ RESERVED
+CVE-2021-45246
+ RESERVED
+CVE-2021-45245
+ RESERVED
+CVE-2021-45244
+ RESERVED
+CVE-2021-45243
+ RESERVED
+CVE-2021-45242
+ RESERVED
+CVE-2021-45241
+ RESERVED
+CVE-2021-45240
+ RESERVED
+CVE-2021-45239
+ RESERVED
+CVE-2021-45238
+ RESERVED
+CVE-2021-45237
+ RESERVED
+CVE-2021-45236
+ RESERVED
+CVE-2021-45235
+ RESERVED
+CVE-2021-45234
+ RESERVED
+CVE-2021-4142
+ RESERVED
+ NOT-FOR-US: Red Hat Satellite / Candlepin
+CVE-2021-4141
+ RESERVED
+CVE-2021-4140
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2021-4140
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140
+CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4138
+ RESERVED
+ - geckodriver <itp> (bug #989456)
+CVE-2021-45233
+ RESERVED
+CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...)
+ NOT-FOR-US: Apache APISIX Dashboard
+CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-45229
+ RESERVED
+CVE-2021-45228
+ RESERVED
+CVE-2021-45227
+ RESERVED
+CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45221
+ RESERVED
+CVE-2021-45220
+ RESERVED
+CVE-2021-45219
+ RESERVED
+CVE-2021-45218
+ RESERVED
+CVE-2021-45217
+ RESERVED
+CVE-2021-45216
+ RESERVED
+CVE-2021-45215
+ RESERVED
+CVE-2021-45214
+ RESERVED
+CVE-2021-45213
+ RESERVED
+CVE-2021-45212
+ RESERVED
+CVE-2021-45211
+ RESERVED
+CVE-2021-45210
+ RESERVED
+CVE-2021-45209
+ RESERVED
+CVE-2021-45208
+ RESERVED
+CVE-2021-45207
+ RESERVED
+CVE-2021-45206
+ RESERVED
+CVE-2021-45205
+ RESERVED
+CVE-2021-45204
+ RESERVED
+CVE-2021-45203
+ RESERVED
+CVE-2021-45202
+ RESERVED
+CVE-2021-45201
+ RESERVED
+CVE-2021-45200
+ RESERVED
+CVE-2021-45199
+ RESERVED
+CVE-2021-45198
+ RESERVED
+CVE-2021-45197
+ RESERVED
+CVE-2021-45196
+ RESERVED
+CVE-2021-45195
+ RESERVED
+CVE-2021-45194
+ RESERVED
+CVE-2021-45193
+ RESERVED
+CVE-2021-45192
+ RESERVED
+CVE-2021-45191
+ RESERVED
+CVE-2021-45190
+ RESERVED
+CVE-2021-45189
+ RESERVED
+CVE-2021-45188
+ RESERVED
+CVE-2021-45187
+ RESERVED
+CVE-2021-45186
+ RESERVED
+CVE-2021-45185
+ RESERVED
+CVE-2021-45184
+ RESERVED
+CVE-2021-45183
+ RESERVED
+CVE-2021-45182
+ RESERVED
+CVE-2021-45181
+ RESERVED
+CVE-2021-45180
+ RESERVED
+CVE-2021-45179
+ RESERVED
+CVE-2021-45178
+ RESERVED
+CVE-2021-45177
+ RESERVED
+CVE-2021-45176
+ RESERVED
+CVE-2021-45175
+ RESERVED
+CVE-2021-45174
+ RESERVED
+CVE-2021-45173
+ RESERVED
+CVE-2021-45172
+ RESERVED
+CVE-2021-45171
+ RESERVED
+CVE-2021-45170
+ RESERVED
+CVE-2021-45169
+ RESERVED
+CVE-2021-45168
+ RESERVED
+CVE-2021-45167
+ RESERVED
+CVE-2021-45166
+ RESERVED
+CVE-2021-45165
+ RESERVED
+CVE-2021-45164
+ RESERVED
+CVE-2021-45163
+ RESERVED
+CVE-2021-45162
+ RESERVED
+CVE-2021-45161
+ RESERVED
+CVE-2021-45160
+ RESERVED
+CVE-2021-45159
+ RESERVED
+CVE-2021-45158
+ RESERVED
+CVE-2021-45157
+ RESERVED
+CVE-2021-45156
+ RESERVED
+CVE-2021-45155
+ RESERVED
+CVE-2021-45154
+ RESERVED
+CVE-2021-45153
+ RESERVED
+CVE-2021-45152
+ RESERVED
+CVE-2021-45151
+ RESERVED
+CVE-2021-45150
+ RESERVED
+CVE-2021-45149
+ RESERVED
+CVE-2021-45148
+ RESERVED
+CVE-2021-45147
+ RESERVED
+CVE-2021-45146
+ RESERVED
+CVE-2021-45145
+ RESERVED
+CVE-2021-45144
+ RESERVED
+CVE-2021-45143
+ RESERVED
+CVE-2021-45142
+ RESERVED
+CVE-2021-45141
+ RESERVED
+CVE-2021-45140
+ RESERVED
+CVE-2021-45139
+ RESERVED
+CVE-2021-45138
+ RESERVED
+CVE-2021-45137
+ RESERVED
+CVE-2021-45136
+ RESERVED
+CVE-2021-45135
+ RESERVED
+CVE-2021-45134
+ RESERVED
+CVE-2021-45133
+ RESERVED
+CVE-2021-45132
+ RESERVED
+CVE-2021-45131
+ RESERVED
+CVE-2021-45130
+ RESERVED
+CVE-2021-45129
+ RESERVED
+CVE-2021-45128
+ RESERVED
+CVE-2021-45127
+ RESERVED
+CVE-2021-45126
+ RESERVED
+CVE-2021-45125
+ RESERVED
+CVE-2021-45124
+ RESERVED
+CVE-2021-45123
+ RESERVED
+CVE-2021-45122
+ RESERVED
+CVE-2021-45121
+ RESERVED
+CVE-2021-45120
+ RESERVED
+CVE-2021-45119
+ RESERVED
+CVE-2021-45118
+ RESERVED
+CVE-2021-45117
+ RESERVED
+CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11)
+ NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26)
+CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
+ NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26)
+CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
+ NOT-FOR-US: Emerson
+CVE-2021-44462
+ RESERVED
+CVE-2021-4137
+ RESERVED
+CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1002534)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938
+ NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847)
+CVE-2021-4135
+ RESERVED
+ - linux 5.15.15-1 (unimportant)
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
+ NOTE: CONFIG_NETDEVSIM is not set in Debian
+CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4129
+ RESERVED
+CVE-2021-4128
+ RESERVED
+CVE-2021-4127
+ RESERVED
+CVE-2021-4126
+ RESERVED
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.4.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
+CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control ...)
+ NOT-FOR-US: DeltaV Distributed Control System Controllers
+CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
+ NOT-FOR-US: Philips
+CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...)
+ - glewlwyd 2.6.1-1
+ [bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
+CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)
+ {DSA-5024-1 DLA-2852-1}
+ - apache-log4j2 2.17.0-1 (bug #1001891)
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
+CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive]
+ RESERVED
+ - libarchive 3.5.2-1 (bug #1001990)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ NOTE: https://github.com/libarchive/libarchive/issues/1566
+ NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2)
+ NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2)
+CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target]
+ RESERVED
+ - libarchive 3.5.2-1 (bug #1001986)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ NOTE: https://github.com/libarchive/libarchive/issues/1565
+ NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2)
+CVE-2021-45104
+ RESERVED
+CVE-2021-45103
+ RESERVED
+CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...)
+ - condor <not-affected> (Only affects 9.0.0 and above)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
+CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...)
+ - condor <unfixed> (bug #1002540)
+ [stretch] - condor <ignored> (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
+ NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14)
+CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)
+ NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal
+CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...)
+ - suricata 1:6.0.4-1
+ [bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
+ NOTE: https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df
+ NOTE: https://redmine.openinfosecfoundation.org/issues/4710
+CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...)
+ NOT-FOR-US: NIME Server
+CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
+ NOT-FOR-US: KNIME Analytics Platform
+CVE-2021-45094
+ RESERVED
+CVE-2021-45093
+ RESERVED
+CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45084
+ RESERVED
+CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...)
+ - cobbler <removed>
+CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...)
+ - cobbler <removed>
+CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...)
+ - cobbler <removed>
+CVE-2021-45080
+ RESERVED
+CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...)
+ {DSA-5056-1 DLA-2909-1}
+ - strongswan 5.9.5-1
+ NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
+ NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/
+CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...)
+ - binutils 2.37.50.20220106-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
+ NOTE: binutils not covered by security support
+CVE-2021-4125
+ RESERVED
+ NOT-FOR-US: OpenShift metering hive containers
+CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...)
+ - logback 1:1.2.8-1
+ [bullseye] - logback <no-dsa> (Minor issue)
+ [buster] - logback <no-dsa> (Minor issue)
+ [stretch] - logback <no-dsa> (Minor issue)
+ NOTE: https://jira.qos.ch/browse/LOGBACK-1591
+ NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8)
+CVE-2021-44771
+ REJECTED
+CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
+ - janus <unfixed> (unimportant)
+ NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190
+ NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d
+ NOTE: Issues only in janus-demos built from src:janus
+CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4122 [decryption through LUKS2 reencryption crash recovery]
+ RESERVED
+ {DSA-5070-1}
+ - cryptsetup 2:2.4.3-1 (bug #1003686)
+ [buster] - cryptsetup <not-affected> (Vulnerable code not present; does not support online LUKS2 reencryption)
+ [stretch] - cryptsetup <not-affected> (Vulnerable code not present; does not support LUKS2)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2032401
+ NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c
+ NOTE: 2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e
+ NOTE: 2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc
+CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-23151
+ REJECTED
+CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
+ - linux 5.15.15-1 (unimportant)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/cifsd-team/ksmbd/issues/550
+ NOTE: https://github.com/cifsd-team/ksmbd/pull/551
+ NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
+ NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
+CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
+CVE-2021-45070
+ RESERVED
+CVE-2021-45069
+ RESERVED
+CVE-2021-45068 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45067 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45066
+ RESERVED
+CVE-2021-45065
+ RESERVED
+CVE-2021-45064 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45063 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45062 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45061 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45060 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45059 (Adobe InDesign version 16.4 (and earlier) is affected by a use-after-f ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45058 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45057 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45056 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45055 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45054 (Adobe InCopy version 16.4 (and earlier) is affected by a use-after-fre ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45053 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...)
+ - snapd <unfixed>
+ [bullseye] - snapd 2.49-1+deb11u1
+ NOTE: https://bugs.launchpad.net/snapd/+bug/1949368
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/18/2
+CVE-2021-45050
+ RESERVED
+CVE-2021-45049
+ RESERVED
+CVE-2021-45048
+ RESERVED
+CVE-2021-45047
+ RESERVED
+CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...)
+ {DSA-5022-1}
+ - apache-log4j2 2.16.0-1 (bug #1001729)
+ [stretch] - apache-log4j2 <not-affected> (JndiLookup class has been removed)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3221
+ NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
+CVE-2021-45045
+ RESERVED
+CVE-2021-45044
+ RESERVED
+CVE-2021-44768
+ RESERVED
+CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data ...)
+ NOT-FOR-US: pytorch-lightning
+CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...)
+ [experimental] - policykit-1 0.120-6
+ - policykit-1 0.105-32 (bug #1005784)
+ [bullseye] - policykit-1 <no-dsa> (Minor issue)
+ [buster] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported)
+ [stretch] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-077-polkit/
+ NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
+ NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38
+ NOTE: Debian backported 0.113 commits in 0.105-26
+CVE-2021-4114
+ REJECTED
+CVE-2021-4113
+ REJECTED
+CVE-2021-4112
+ RESERVED
+ NOT-FOR-US: Ansible Tower
+CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
+ NOT-FOR-US: HD-Network Real-time Monitoring System
+CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby 3.0.0-2 (bug #1001768)
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
+ NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20
+ NOTE: https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34
+CVE-2021-4109
+ RESERVED
+CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-45040
+ RESERVED
+CVE-2021-45039
+ RESERVED
+CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T297574
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-45037
+ RESERVED
+CVE-2021-45036
+ RESERVED
+CVE-2021-45035
+ RESERVED
+CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
+ NOT-FOR-US: Siemens
+CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
+ NOT-FOR-US: Siemens
+CVE-2021-45032
+ RESERVED
+CVE-2021-45031
+ RESERVED
+CVE-2021-45030
+ RESERVED
+CVE-2021-45029 (Groovy Code Injection &amp; SpEL Injection which lead to Remote Code E ...)
+ NOT-FOR-US: Apache ShenYu
+CVE-2021-45028
+ RESERVED
+CVE-2021-45027
+ RESERVED
+CVE-2021-45026
+ RESERVED
+CVE-2021-45025
+ RESERVED
+CVE-2021-45024
+ RESERVED
+CVE-2021-45023
+ RESERVED
+CVE-2021-45022
+ RESERVED
+CVE-2021-45021
+ RESERVED
+CVE-2021-45020
+ RESERVED
+CVE-2021-45019
+ RESERVED
+CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish &lt;=6.3.0 ...)
+ NOT-FOR-US: CatFish (not same as src:catfish)
+CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish &lt;= ...)
+ NOT-FOR-US: CatFish (not same as src:catfish)
+CVE-2021-45016
+ RESERVED
+CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
+ NOT-FOR-US: taocms
+CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...)
+ NOT-FOR-US: taocms
+CVE-2021-45013
+ RESERVED
+CVE-2021-45012
+ RESERVED
+CVE-2021-45011
+ RESERVED
+CVE-2021-45010
+ RESERVED
+CVE-2021-45009
+ RESERVED
+CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...)
+ NOT-FOR-US: Plesk CMS
+CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...)
+ NOT-FOR-US: Plesk
+CVE-2021-45006
+ RESERVED
+CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...)
+ - mujs <unfixed>
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704749 (not public)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=df8559e7bdbc6065276e786217eeee70f28fce66 (1.2.0)
+CVE-2021-45004
+ RESERVED
+CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...)
+ NOT-FOR-US: Laundry Booking Management System
+CVE-2021-45002
+ RESERVED
+CVE-2021-45001
+ RESERVED
+CVE-2021-45000
+ RESERVED
+CVE-2021-44999
+ RESERVED
+CVE-2021-44998
+ RESERVED
+CVE-2021-44997
+ RESERVED
+CVE-2021-44996
+ RESERVED
+CVE-2021-44995
+ RESERVED
+CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4894
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4944
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4895
+CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4876
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
+CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4875
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4879
+CVE-2021-44991
+ RESERVED
+CVE-2021-44990
+ RESERVED
+CVE-2021-44989
+ RESERVED
+CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4891
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
+CVE-2021-44987
+ RESERVED
+CVE-2021-44986
+ RESERVED
+CVE-2021-44985
+ RESERVED
+CVE-2021-44984
+ RESERVED
+CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...)
+ NOT-FOR-US: taocms
+CVE-2021-44982
+ RESERVED
+CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...)
+ NOT-FOR-US: QuickBox Pro
+CVE-2021-44980
+ RESERVED
+CVE-2021-44979
+ RESERVED
+CVE-2021-44978 (iCMS &lt;= 8.0.0 allows users to add and render a comtom template, whi ...)
+ NOT-FOR-US: iCMS
+CVE-2021-44977 (In iCMS &lt;=8.0.0, a directory traversal vulnerability allows an atta ...)
+ NOT-FOR-US: iCMS
+CVE-2021-44976
+ RESERVED
+CVE-2021-44975
+ RESERVED
+CVE-2021-44974
+ RESERVED
+CVE-2021-44973
+ RESERVED
+CVE-2021-44972
+ RESERVED
+CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...)
+ NOT-FOR-US: Tenda
+CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...)
+ NOT-FOR-US: MiniCMS
+CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
+ NOT-FOR-US: Taocms
+CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...)
+ NOT-FOR-US: IOBit Advanced SystemCare
+CVE-2021-44967
+ RESERVED
+CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
+ NOT-FOR-US: PHPGURUKUL Employee Record Management System
+CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...)
+ NOT-FOR-US: PHPGURUKUL Employee Record Management System
+CVE-2021-44964
+ RESERVED
+CVE-2021-44963
+ RESERVED
+CVE-2021-44962
+ RESERVED
+CVE-2021-44961
+ RESERVED
+CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
+ - svgpp <unfixed>
+ [bullseye] - svgpp <no-dsa> (Minor issue)
+ [buster] - svgpp <no-dsa> (Minor issue)
+ NOTE: https://github.com/svgpp/svgpp/issues/101
+CVE-2021-44959
+ RESERVED
+CVE-2021-44958
+ RESERVED
+CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-44955
+ RESERVED
+CVE-2021-44954
+ RESERVED
+CVE-2021-44953
+ RESERVED
+CVE-2021-44952
+ RESERVED
+CVE-2021-44951
+ RESERVED
+CVE-2021-44950
+ RESERVED
+CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44948
+ REJECTED
+CVE-2021-44947
+ RESERVED
+CVE-2021-44946
+ RESERVED
+CVE-2021-44945
+ RESERVED
+CVE-2021-44944
+ RESERVED
+CVE-2021-44943
+ RESERVED
+CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44941
+ RESERVED
+CVE-2021-44940
+ RESERVED
+CVE-2021-44939
+ RESERVED
+CVE-2021-44938
+ RESERVED
+CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44936
+ RESERVED
+CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44934
+ RESERVED
+CVE-2021-44933
+ RESERVED
+CVE-2021-44932
+ RESERVED
+CVE-2021-44931
+ RESERVED
+CVE-2021-44930
+ RESERVED
+CVE-2021-44929
+ RESERVED
+CVE-2021-44928
+ RESERVED
+CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1960
+ NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92
+CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1961
+ NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e
+CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1967
+ NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2
+CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1959
+ NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497
+CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1962
+ NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
+CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1969
+ NOTE: https://github.com/gpac/gpac/issues/1968
+ NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
+CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1964
+ NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2
+CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1957
+ NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4
+CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1963
+ NOTE: https://github.com/gpac/gpac/issues/1962
+ NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
+CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1968
+ NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
+CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...)
+ - gnuplot 5.4.2+dfsg2-2 (unimportant; bug #1002539)
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/4cc2a4c83bc95470caa525cda52fba683e95bbb9/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/7285b0c578a067d8d9fe0566ccefaee131f62087/ (branch-5-4-stable)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/bac7cf51333242999ecb66883fd6076168ec3441/ (branch-5-4-stable)
+ NOTE: Crash in CLI tool, negligible security impact
+CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-44915
+ RESERVED
+CVE-2021-44914
+ RESERVED
+CVE-2021-44913
+ RESERVED
+CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...)
+ NOT-FOR-US: XE
+CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...)
+ NOT-FOR-US: XE
+CVE-2021-44910
+ RESERVED
+CVE-2021-44909
+ RESERVED
+CVE-2021-44908
+ RESERVED
+CVE-2021-44907
+ RESERVED
+CVE-2021-44906
+ RESERVED
+CVE-2021-44905
+ RESERVED
+CVE-2021-44904
+ RESERVED
+CVE-2021-44903 (Micro-Star International (MSI) Center Pro &lt;= 2.0.16.0 is vulnerable ...)
+ NOT-FOR-US: Micro-Star International (MSI) Center Pro
+CVE-2021-44902
+ RESERVED
+CVE-2021-44901 (Micro-Star International (MSI) Dragon Center &lt;= 2.0.116.0 is vulner ...)
+ NOT-FOR-US: Micro-Star International (MSI) Dragon Center
+CVE-2021-44900 (Micro-Star International (MSI) App Player &lt;= 4.280.1.6309 is vulner ...)
+ NOT-FOR-US: Micro-Star International (MSI) App Player
+CVE-2021-44899 (Micro-Star International (MSI) Center &lt;= 1.0.31.0 is vulnerable to ...)
+ NOT-FOR-US: Micro-Star International (MSI) Center
+CVE-2021-44898
+ RESERVED
+CVE-2021-44897
+ RESERVED
+CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS. ...)
+ NOT-FOR-US: DMP Roadmap
+CVE-2021-44895
+ RESERVED
+CVE-2021-44894
+ RESERVED
+CVE-2021-44893
+ RESERVED
+CVE-2021-44892 (A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x v ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2021-44891
+ RESERVED
+CVE-2021-44890
+ RESERVED
+CVE-2021-44889
+ RESERVED
+CVE-2021-44888
+ RESERVED
+CVE-2021-44887
+ RESERVED
+CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-44885
+ RESERVED
+CVE-2021-44884
+ RESERVED
+CVE-2021-44883
+ RESERVED
+CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, ...)
+ - linux 5.16.7-1
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1
+ NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1)
+CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
+ NOT-FOR-US: Pac4j
+CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44873
+ RESERVED
+CVE-2021-44872
+ RESERVED
+CVE-2021-44871
+ RESERVED
+CVE-2021-44870
+ RESERVED
+CVE-2021-44869
+ RESERVED
+CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...)
+ NOT-FOR-US: ming-soft MCMS
+CVE-2021-44867
+ RESERVED
+CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
+ NOT-FOR-US: Online-Movie-Ticket-Booking-System
+CVE-2021-44865
+ RESERVED
+CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-44863
+ RESERVED
+CVE-2021-44862
+ RESERVED
+CVE-2021-44861
+ RESERVED
+CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1 DLA-2847-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki 1:1.31.16-1+deb10u2
+ NOTE: https://phabricator.wikimedia.org/T297322
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T297322
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeContentModel]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <postponed> (Minor issue)
+ [stretch] - mediawiki <postponed> (Minor issue)
+ NOTE: https://phabricator.wikimedia.org/T271037
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T293589
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results from private wikis]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T292763
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44853
+ RESERVED
+CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...)
+ NOT-FOR-US: Biostar RACING GT Evo
+CVE-2021-44851
+ RESERVED
+CVE-2021-44850 (On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot i ...)
+ NOT-FOR-US: Xilinx Zynq-7000 SoC device
+CVE-2021-44849
+ RESERVED
+CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...)
+ NOT-FOR-US: Cibele Thinfinity VirtualUI
+CVE-2021-44847 (A stack-based buffer overflow in handle_request function in DHT.c in t ...)
+ - libtoxcore 0.2.13-1 (bug #1001711)
+ [bullseye] - libtoxcore <no-dsa> (Minor issue)
+ [buster] - libtoxcore <no-dsa> (Minor issue)
+ NOTE: https://github.com/TokTok/c-toxcore/pull/1718
+ NOTE: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/
+ NOTE: Introduced by: https://github.com/TokTok/c-toxcore/commit/71260e38e8d12547b0e55916daf6cadd72f52e19 (v0.1.9)
+ NOTE: Fixed by: https://github.com/TokTok/c-toxcore/commit/1b02bad36864fdfc36694e3f96d2dc6c58a891e4 (v0.2.13)
+CVE-2021-44846
+ RESERVED
+CVE-2021-44845
+ RESERVED
+CVE-2021-44844
+ RESERVED
+CVE-2021-44843
+ RESERVED
+CVE-2021-44842
+ RESERVED
+CVE-2021-44841
+ RESERVED
+CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to request a n ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44835
+ RESERVED
+CVE-2021-44834
+ RESERVED
+CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...)
+ NOT-FOR-US: Snow Inventory Java Scanner
+CVE-2021-4105
+ RESERVED
+CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
+ NOT-FOR-US: CLI for Amazon AWS OpenSearch
+CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1
+ NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
+ NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
+CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
+ NOT-FOR-US: vditor
+CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...)
+ {DLA-2870-1}
+ - apache-log4j2 2.17.1-1 (bug #1002813)
+ [bullseye] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
+ [buster] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293
+ NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
+ NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1)
+ NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2
+CVE-2021-44831
+ RESERVED
+CVE-2021-44830
+ RESERVED
+CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...)
+ NOT-FOR-US: AFI WebACMS
+CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...)
+ NOT-FOR-US: ARM
+CVE-2021-44827
+ RESERVED
+CVE-2021-44826
+ RESERVED
+CVE-2021-44825
+ RESERVED
+CVE-2021-44824
+ RESERVED
+CVE-2021-44823
+ RESERVED
+CVE-2021-44822
+ RESERVED
+CVE-2021-44821
+ RESERVED
+CVE-2021-44820
+ RESERVED
+CVE-2021-44819
+ RESERVED
+CVE-2021-44818
+ RESERVED
+CVE-2021-44817
+ RESERVED
+CVE-2021-44816
+ RESERVED
+CVE-2021-44815
+ RESERVED
+CVE-2021-44814
+ RESERVED
+CVE-2021-44813
+ RESERVED
+CVE-2021-44812
+ RESERVED
+CVE-2021-44811
+ RESERVED
+CVE-2021-44810
+ RESERVED
+CVE-2021-44809
+ RESERVED
+CVE-2021-44808
+ RESERVED
+CVE-2021-44807
+ RESERVED
+CVE-2021-44806
+ RESERVED
+CVE-2021-44805
+ RESERVED
+CVE-2021-44804
+ RESERVED
+CVE-2021-44803
+ RESERVED
+CVE-2021-44802
+ RESERVED
+CVE-2021-44801
+ RESERVED
+CVE-2021-44800
+ RESERVED
+CVE-2021-44799
+ RESERVED
+CVE-2021-44798
+ RESERVED
+CVE-2021-44797
+ RESERVED
+CVE-2021-44796
+ RESERVED
+CVE-2021-4102 (Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
+ NOT-FOR-US: phpservermon
+CVE-2021-4096
+ RESERVED
+CVE-2021-44795 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44794 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Kron Single Connect
+CVE-2021-44791
+ RESERVED
+CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
+ {DSA-5035-1 DLA-2907-1}
+ - apache2 2.4.52-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
+ NOTE: Fixed by: https://svn.apache.org/r1896039
+CVE-2021-4095
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/
+ NOTE: https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194
+CVE-2021-4094
+ RESERVED
+CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...)
+ - linux 5.14.16-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
+CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
+ - 389-ds-base <unfixed>
+ [stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
+ NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
+CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...)
+ - linux 5.15.5-1
+ [bullseye] - linux <not-affected> (Vulnerable code introduced later)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101
+ NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
+CVE-2021-44789
+ RESERVED
+CVE-2021-44788
+ RESERVED
+CVE-2021-44787
+ RESERVED
+CVE-2021-44786
+ RESERVED
+CVE-2021-44785
+ RESERVED
+CVE-2021-44784
+ RESERVED
+CVE-2021-44783
+ RESERVED
+CVE-2021-44782
+ RESERVED
+CVE-2021-44781
+ RESERVED
+CVE-2021-44780
+ RESERVED
+CVE-2021-44764
+ RESERVED
+CVE-2021-4089 (snipe-it is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-37408
+ RESERVED
+CVE-2021-31565
+ RESERVED
+CVE-2021-26261
+ RESERVED
+CVE-2021-26255
+ RESERVED
+CVE-2021-23189
+ RESERVED
+CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2021-23171
+ RESERVED
+CVE-2021-23170
+ RESERVED
+CVE-2021-23148
+ RESERVED
+CVE-2021-44759
+ RESERVED
+CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...)
+ NOT-FOR-US: McAfee
+CVE-2021-4087
+ RESERVED
+CVE-2021-4086
+ RESERVED
+CVE-2021-4085
+ RESERVED
+CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...)
+ - linux 5.15.5-2
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4)
+CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-44758
+ RESERVED
+CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44756
+ RESERVED
+CVE-2021-44755
+ RESERVED
+CVE-2021-44754
+ RESERVED
+CVE-2021-44753
+ RESERVED
+CVE-2021-44752
+ RESERVED
+CVE-2021-44751
+ RESERVED
+CVE-2021-44750
+ RESERVED
+CVE-2021-44749
+ RESERVED
+CVE-2021-44748
+ RESERVED
+CVE-2021-44747
+ RESERVED
+CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...)
+ NOT-FOR-US: UNIVERGE
+CVE-2021-44745
+ RESERVED
+CVE-2021-44744
+ RESERVED
+CVE-2021-44743 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44742 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44741 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44545
+ RESERVED
+CVE-2021-44457
+ RESERVED
+CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
+ NOT-FOR-US: Intel
+CVE-2021-43351
+ RESERVED
+CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
+ NOT-FOR-US: Crater
+CVE-2021-26946
+ RESERVED
+CVE-2021-26254
+ RESERVED
+CVE-2021-23188
+ RESERVED
+CVE-2021-23168
+ RESERVED
+CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...)
+ NOT-FOR-US: Intel
+CVE-2021-23145
+ RESERVED
+CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
+ - rainloop 1.14.0-1 (bug #962629)
+ [buster] - rainloop <no-dsa> (Minor issue)
+ NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
+CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747
+CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...)
+ [experimental] - mbedtls 2.28.0-0.1
+ - mbedtls 2.28.0-0.3 (bug #1002631)
+ NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
+CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...)
+ {DSA-5080-1}
+ - snapd <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
+CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
+ {DSA-5080-1}
+ - snapd <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
+CVE-2021-44729
+ RESERVED
+CVE-2021-44728
+ RESERVED
+CVE-2021-44727
+ RESERVED
+CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
+ NOT-FOR-US: KNIME Server
+CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
+ NOT-FOR-US: KNIME Server
+CVE-2021-44724
+ RESERVED
+CVE-2021-44723
+ RESERVED
+CVE-2021-44722
+ RESERVED
+CVE-2021-44721
+ RESERVED
+CVE-2021-44720
+ RESERVED
+CVE-2021-44719
+ RESERVED
+CVE-2021-44718
+ RESERVED
+CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.5-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50057
+ NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
+ NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5)
+ NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12)
+CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.5-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ - golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1
+ - golang-golang-x-net-dev <removed>
+ [stretch] - golang-golang-x-net-dev <postponed> (Limited support in stretch)
+ NOTE: https://github.com/golang/go/issues/50058
+ NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
+ NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)
+ NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12)
+ NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70
+CVE-2021-44715 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44714 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44713 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44712 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44711 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44710 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44709 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44708 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44707 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44706 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44705 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44704 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44703 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44702 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44701 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44700 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44696
+ RESERVED
+CVE-2021-44695
+ RESERVED
+CVE-2021-44694
+ RESERVED
+CVE-2021-44693
+ RESERVED
+CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4077
+ RESERVED
+CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
+ RESERVED
+ {DSA-5025-1}
+ - tang 11-1
+ [buster] - tang <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/latchset/tang/pull/81
+ NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8)
+ NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11)
+CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...)
+ NOT-FOR-US: BuddyBoss Platform
+CVE-2021-44691
+ RESERVED
+CVE-2021-44690
+ RESERVED
+CVE-2021-44689
+ RESERVED
+CVE-2021-44688
+ RESERVED
+CVE-2021-44687
+ RESERVED
+CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...)
+ - calibre 5.33.0+dfsg-1
+ [bullseye] - calibre <no-dsa> (Minor issue)
+ [buster] - calibre <no-dsa> (Minor issue)
+ [stretch] - calibre <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/calibre/+bug/1951979
+ NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)
+CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...)
+ NOT-FOR-US: git-it
+CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...)
+ NOT-FOR-US: naholyr github-todos
+CVE-2021-44683
+ RESERVED
+CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...)
+ NOT-FOR-US: elgg
+CVE-2021-4071
+ RESERVED
+CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-44673
+ RESERVED
+CVE-2021-44672
+ RESERVED
+CVE-2021-44671
+ RESERVED
+CVE-2021-44670
+ RESERVED
+CVE-2021-44669
+ RESERVED
+CVE-2021-44668
+ RESERVED
+CVE-2021-44667
+ RESERVED
+CVE-2021-44666
+ RESERVED
+CVE-2021-44665
+ RESERVED
+CVE-2021-44664
+ RESERVED
+CVE-2021-44663
+ RESERVED
+CVE-2021-44662
+ RESERVED
+CVE-2021-44661
+ RESERVED
+CVE-2021-44660
+ RESERVED
+CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...)
+ NOT-FOR-US: GoCD server
+CVE-2021-44658
+ RESERVED
+CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
+ NOT-FOR-US: StackStorm
+CVE-2021-44656
+ RESERVED
+CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...)
+ NOT-FOR-US: Online Pre-owned/Used Car Showroom Management System
+CVE-2021-44654
+ RESERVED
+CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...)
+ NOT-FOR-US: Online Magazine Management System
+CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
+ - python-django-cms <itp> (bug #516183)
+CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
+ - gdk-pixbuf <unfixed>
+ [buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ [stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
+ NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
+ NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac (2.39.2)
+CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...)
+ - lua5.4 5.4.4-1 (bug #1004189)
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html
+ NOTE: Fixed by: https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f
+ TODO: check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet
+CVE-2021-44646
+ RESERVED
+CVE-2021-44645
+ RESERVED
+CVE-2021-44644
+ RESERVED
+CVE-2021-44643
+ RESERVED
+CVE-2021-44642
+ RESERVED
+CVE-2021-44641
+ RESERVED
+CVE-2021-44640
+ RESERVED
+CVE-2021-44639
+ RESERVED
+CVE-2021-44638
+ RESERVED
+CVE-2021-44637
+ RESERVED
+CVE-2021-44636
+ RESERVED
+CVE-2021-44635
+ RESERVED
+CVE-2021-44634
+ RESERVED
+CVE-2021-44633
+ RESERVED
+CVE-2021-44632
+ RESERVED
+CVE-2021-44631
+ RESERVED
+CVE-2021-44630
+ RESERVED
+CVE-2021-44629
+ RESERVED
+CVE-2021-44628
+ RESERVED
+CVE-2021-44627
+ RESERVED
+CVE-2021-44626
+ RESERVED
+CVE-2021-44625
+ RESERVED
+CVE-2021-44624
+ RESERVED
+CVE-2021-44623
+ RESERVED
+CVE-2021-44622
+ RESERVED
+CVE-2021-44621
+ RESERVED
+CVE-2021-44620
RESERVED
-CVE-2021-44228
+CVE-2021-44619
RESERVED
-CVE-2021-4024 [podman: podman machine spawns gvproxy with port binded to all IPs]
+CVE-2021-44618
RESERVED
- - libpod <unfixed>
+CVE-2021-44617
+ RESERVED
+CVE-2021-44616
+ RESERVED
+CVE-2021-44615
+ RESERVED
+CVE-2021-44614
+ RESERVED
+CVE-2021-44613
+ RESERVED
+CVE-2021-44612
+ RESERVED
+CVE-2021-44611
+ RESERVED
+CVE-2021-44610
+ RESERVED
+CVE-2021-44609
+ RESERVED
+CVE-2021-44608
+ RESERVED
+CVE-2021-44607
+ RESERVED
+CVE-2021-44606
+ RESERVED
+CVE-2021-44605
+ RESERVED
+CVE-2021-44604
+ RESERVED
+CVE-2021-44603
+ RESERVED
+CVE-2021-44602
+ RESERVED
+CVE-2021-44601
+ RESERVED
+CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...)
+ NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
+CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...)
+ NOT-FOR-US: Online Enrollment Management System
+CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
+ NOT-FOR-US: Attendance Management System
+CVE-2021-44597
+ RESERVED
+CVE-2021-44596
+ RESERVED
+CVE-2021-44595
+ RESERVED
+CVE-2021-44594
+ RESERVED
+CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
+ NOT-FOR-US: Simple College Website
+CVE-2021-44592
+ RESERVED
+CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/235
+CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...)
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/236
+CVE-2021-44589
+ RESERVED
+CVE-2021-44588
+ RESERVED
+CVE-2021-44587
+ RESERVED
+CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...)
+ NOT-FOR-US: dst-admin
+CVE-2021-44585
+ RESERVED
+CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
+ NOT-FOR-US: emlog
+CVE-2021-44583
+ RESERVED
+CVE-2021-44582
+ RESERVED
+CVE-2021-44581
+ RESERVED
+CVE-2021-44580
+ RESERVED
+CVE-2021-44579
+ RESERVED
+CVE-2021-44578
+ RESERVED
+CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/428
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/426
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv through 1 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/427
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv through 13 De ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/429
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/430
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44572
+ RESERVED
+CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv through 13 D ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/421
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 1 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/424
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solve ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/423
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/425
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44567
+ RESERVED
+CVE-2021-44566
+ RESERVED
+CVE-2021-44565
+ RESERVED
+CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...)
+ NOT-FOR-US: SYNC2101
+CVE-2021-44563
+ RESERVED
+CVE-2021-44562
+ RESERVED
+CVE-2021-44561
+ RESERVED
+CVE-2021-44560
+ RESERVED
+CVE-2021-44559
+ RESERVED
+CVE-2021-44558
+ RESERVED
+CVE-2021-44557 (National Library of the Netherlands multiNER &lt;= c0440948057afc6e3d6 ...)
+ NOT-FOR-US: National Library of the Netherlands multiNER
+CVE-2021-44556 (National Library of the Netherlands digger &lt; 6697d1269d981e35e11f24 ...)
+ NOT-FOR-US: National Library of the Netherlands digger
+CVE-2021-44555
+ RESERVED
+CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-44553
+ RESERVED
+CVE-2021-44552
+ RESERVED
+CVE-2021-44551
+ RESERVED
+CVE-2021-44550
+ RESERVED
+CVE-2021-4070
+ RESERVED
+CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...)
+ NOT-FOR-US: Apache Sling
+CVE-2021-4069 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
+ NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741)
+CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...)
+ - lucene-solr <not-affected> (Issue only affects Windows)
+ NOTE: https://issues.apache.org/jira/browse/SOLR-15826
+CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4060
+ RESERVED
+CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4051
+ RESERVED
+CVE-2021-44543 (An XSS vulnerability was found in Privoxy which was fixed in cgi_error ...)
+ {DLA-2844-1}
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33)
+CVE-2021-44542 (A memory leak vulnerability was found in Privoxy when handling errors. ...)
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08996116cbcea55cd3fc6c2a558e499a (v_3_0_33)
+CVE-2021-44541 (A vulnerability was found in Privoxy which was fixed in process_encryp ...)
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044 (v_3_0_33)
+CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_spec_p ...)
+ {DLA-2844-1}
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33)
+CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-44539
+ RESERVED
+CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...)
+ {DSA-5034-1 DLA-2874-1}
+ - element-web <itp> (bug #866502)
+ - olm 3.2.8~dfsg-1 (bug #1001664)
+ [bullseye] - olm <no-dsa> (Minor issue)
+ [buster] - olm <not-affected> (Vulnerable code introduced later)
+ - thunderbird 1:91.4.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538
+ NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/
+ NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4)
+ NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8)
+CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...)
+ - owncloud-client <unfixed>
+ NOTE: https://owncloud.com/security-advisories/cve-2021-44537/
+CVE-2021-44536
+ RESERVED
+CVE-2021-44535
+ RESERVED
+CVE-2021-44534
+ RESERVED
+CVE-2021-44533 [Incorrect handling of certificate subject and issuer fields]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533
+ NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x)
+CVE-2021-44532 [Certificate Verification Bypass via String Injection]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532
+ NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x)
+CVE-2021-44531 [Improper handling of URI Subject Alternative Names]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531
+ NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x)
+ NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x)
+CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...)
+ NOT-FOR-US: UniFi Network
+CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-44528 (A open redirect vulnerability exists in Action Pack &gt;= 6.0.0 that c ...)
+ - rails <unfixed> (bug #1001817)
+ [buster] - rails <not-affected> (Vulnerable code introduced later)
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/5
+ NOTE: https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 (master)
+ NOTE: https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107 (v6.1.4.2)
+ NOTE: https://github.com/rails/rails/commit/fd6a64fef1d0f7f40a8d4b046da882e83163299c (v6.0.4.2)
+ NOTE: Introduced by: https://github.com/rails/rails/commit/07ec8062e605ba4e9bd153e1d264b02ac4ab8a0f (v6.0.0.beta1)
+CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...)
+ NOT-FOR-US: UniFi Switch firmware
+CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44477
+ RESERVED
+CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...)
+ - lapack 3.10.0-2 (bug #1001902)
+ [bullseye] - lapack <no-dsa> (Minor issue)
+ [buster] - lapack <no-dsa> (Minor issue)
+ [stretch] - lapack <no-dsa> (Minor issue)
+ - openblas 0.3.18+ds-1
+ [bullseye] - openblas <no-dsa> (Minor issue)
+ [buster] - openblas <no-dsa> (Minor issue)
+ [stretch] - openblas <no-dsa> (Minor issue)
+ NOTE: https://github.com/Reference-LAPACK/lapack/pull/625
+ NOTE: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
+ NOTE: https://github.com/JuliaLang/julia/issues/42415
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 (v0.3.18)
+CVE-2021-4047
+ RESERVED
+ NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242
+CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...)
+ - cassandra <itp> (bug #585905)
+CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-4045
+ RESERVED
+CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
+ [experimental] - openssl 3.0.1-1
+ - openssl <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openssl.org/news/secadv/20211214.txt
+CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47
+ NOTE: https://github.com/gpac/gpac/issues/2092
+ NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db
+CVE-2021-4042
+ RESERVED
+CVE-2021-4041 [Improper shell escaping in ansible-runner]
+ RESERVED
+ - ansible-runner 2.1.1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074
+ NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0)
+CVE-2021-4040
+ RESERVED
+ NOT-FOR-US: Red Hat AMQ Broker
+CVE-2021-4039
+ RESERVED
+CVE-2021-44520
+ RESERVED
+CVE-2021-44519
+ RESERVED
+CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
+ NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android
+CVE-2021-44517
+ RESERVED
+CVE-2021-44516
+ RESERVED
+CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...)
+ - tmate-ssh-server <unfixed> (bug #1001225)
+ [bullseye] - tmate-ssh-server <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388
+CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions directory in tma ...)
+ - tmate-ssh-server <unfixed> (bug #1001225)
+ [bullseye] - tmate-ssh-server <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388
+CVE-2021-44511
+ RESERVED
+CVE-2021-44510
+ RESERVED
+CVE-2021-44509
+ RESERVED
+CVE-2021-44508
+ RESERVED
+CVE-2021-44507
+ RESERVED
+CVE-2021-44506
+ RESERVED
+CVE-2021-44505
+ RESERVED
+CVE-2021-44504
+ RESERVED
+CVE-2021-44503
+ RESERVED
+CVE-2021-44502
+ RESERVED
+CVE-2021-44501
+ RESERVED
+CVE-2021-44500
+ RESERVED
+CVE-2021-44499
+ RESERVED
+CVE-2021-44498
+ RESERVED
+CVE-2021-44497
+ RESERVED
+CVE-2021-44496
+ RESERVED
+CVE-2021-44495
+ RESERVED
+CVE-2021-44494
+ RESERVED
+CVE-2021-44493
+ RESERVED
+CVE-2021-44492
+ RESERVED
+CVE-2021-44491
+ RESERVED
+CVE-2021-44490
+ RESERVED
+CVE-2021-44489
+ RESERVED
+CVE-2021-44488
+ RESERVED
+CVE-2021-44487
+ RESERVED
+CVE-2021-44486
+ RESERVED
+CVE-2021-44485
+ RESERVED
+CVE-2021-44484
+ RESERVED
+CVE-2021-44483
+ RESERVED
+CVE-2021-44482
+ RESERVED
+CVE-2021-44481
+ RESERVED
+CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...)
+ NOT-FOR-US: Wokka Lokka Q50 devices
+CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...)
+ NOT-FOR-US: NXP Kinetis K82 devices
+CVE-2021-44478
+ RESERVED
+CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
+ NOT-FOR-US: McAfee
+CVE-2021-44470
+ RESERVED
+CVE-2021-4037 [security regression for CVE-2018-13405]
+ RESERVED
+ - linux 5.14.6-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239
+ NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
+CVE-2021-4036
+ RESERVED
+CVE-2021-37409
+ RESERVED
+CVE-2021-37405
+ RESERVED
+CVE-2021-33847
+ RESERVED
+CVE-2021-26950
+ RESERVED
+CVE-2021-26258
+ RESERVED
+CVE-2021-26257
+ RESERVED
+CVE-2021-26251
+ RESERVED
+CVE-2021-23223
+ RESERVED
+CVE-2021-23179
+ RESERVED
+CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...)
+ NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for registered datab ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-4035 (A stored cross site scripting have been identified at the comments in ...)
+ NOT-FOR-US: Wocu Monitoring
+CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link+
+CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant MasterMed
+CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...)
+ NOT-FOR-US: Agilia Link+
+CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...)
+ NOT-FOR-US: Serva
+CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...)
+ NOT-FOR-US: Pinkie
+CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...)
+ NOT-FOR-US: Rosario Student Information System
+CVE-2021-44426
+ RESERVED
+CVE-2021-44425
+ RESERVED
+CVE-2021-44424
+ RESERVED
+CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...)
+ NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
+CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44421
+ RESERVED
+CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
+ - python-django 2:3.2.10-1
+ [bullseye] - python-django 2:2.2.25-1~deb11u1
+ [buster] - python-django <no-dsa> (Minor issue)
+ [stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
+ NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
+ NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
+ NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25)
+CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44394
+ RESERVED
+CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44375
+ RESERVED
+CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44366
+ RESERVED
+CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44357
+ RESERVED
+CVE-2021-44356
+ RESERVED
+CVE-2021-44355
+ RESERVED
+CVE-2021-44354
+ RESERVED
+CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...)
+ {DSA-5059-1 DLA-2899-1}
+ - policykit-1 0.105-31.1
+ NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11
+CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44353
+ RESERVED
+CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
+ NOT-FOR-US: Tenda
+CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x &lt;=5.1.22 via ...)
+ NOT-FOR-US: ThinkPHP5
+CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Con ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44346
+ RESERVED
+CVE-2021-44345
+ RESERVED
+CVE-2021-44344
+ RESERVED
+CVE-2021-44343
+ RESERVED
+CVE-2021-44342
+ RESERVED
+CVE-2021-44341
+ RESERVED
+CVE-2021-44340
+ RESERVED
+CVE-2021-44339
+ RESERVED
+CVE-2021-44338
+ RESERVED
+CVE-2021-44337
+ RESERVED
+CVE-2021-44336
+ RESERVED
+CVE-2021-44335
+ RESERVED
+CVE-2021-44334
+ RESERVED
+CVE-2021-44333
+ RESERVED
+CVE-2021-44332
+ RESERVED
+CVE-2021-44331
+ RESERVED
+CVE-2021-44330
+ RESERVED
+CVE-2021-44329
+ RESERVED
+CVE-2021-44328
+ RESERVED
+CVE-2021-44327
+ RESERVED
+CVE-2021-44326
+ RESERVED
+CVE-2021-44325
+ RESERVED
+CVE-2021-44324
+ RESERVED
+CVE-2021-44323
+ RESERVED
+CVE-2021-44322
+ RESERVED
+CVE-2021-44321
+ RESERVED
+CVE-2021-44320
+ RESERVED
+CVE-2021-44319
+ RESERVED
+CVE-2021-44318
+ RESERVED
+CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...)
+ NOT-FOR-US: Bus Pass Management System
+CVE-2021-44316
+ RESERVED
+CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...)
+ NOT-FOR-US: Bus Pass Management System
+CVE-2021-44314
+ RESERVED
+CVE-2021-44313
+ RESERVED
+CVE-2021-44312
+ RESERVED
+CVE-2021-44311
+ RESERVED
+CVE-2021-44310
+ RESERVED
+CVE-2021-44309
+ RESERVED
+CVE-2021-44308
+ RESERVED
+CVE-2021-44307
+ RESERVED
+CVE-2021-44306
+ RESERVED
+CVE-2021-44305
+ RESERVED
+CVE-2021-44304
+ RESERVED
+CVE-2021-44303
+ RESERVED
+CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...)
+ NOT-FOR-US: BaiCloud-cms
+CVE-2021-44301
+ RESERVED
+CVE-2021-44300
+ RESERVED
+CVE-2021-44299 (A reflected cross-site scripting (XSS) vulnerability in \lib\packages\ ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2021-44298
+ RESERVED
+CVE-2021-44297
+ RESERVED
+CVE-2021-44296
+ RESERVED
+CVE-2021-44295
+ RESERVED
+CVE-2021-44294
+ RESERVED
+CVE-2021-44293
+ RESERVED
+CVE-2021-44292
+ RESERVED
+CVE-2021-44291
+ RESERVED
+CVE-2021-44290
+ RESERVED
+CVE-2021-44289
+ RESERVED
+CVE-2021-44288
+ RESERVED
+CVE-2021-44287
+ RESERVED
+CVE-2021-44286
+ RESERVED
+CVE-2021-44285
+ RESERVED
+CVE-2021-44284
+ RESERVED
+CVE-2021-44283
+ RESERVED
+CVE-2021-44282
+ RESERVED
+CVE-2021-44281
+ RESERVED
+CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
+ NOT-FOR-US: attendance management system
+CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation vulnerability in i ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44276
+ RESERVED
+CVE-2021-44275
+ RESERVED
+CVE-2021-44274
+ RESERVED
+CVE-2021-44273 (e2guardian v5.4.x &lt;= v5.4.3r is affected by missing SSL certificate ...)
+ - e2guardian 5.3.5-3 (bug #1003125)
+ [bullseye] - e2guardian <no-dsa> (Minor issue)
+ [buster] - e2guardian <no-dsa> (Minor issue)
+ [stretch] - e2guardian <no-dsa> (Minor issue; can be fixed later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/23/2
+ NOTE: https://github.com/e2guardian/e2guardian/issues/707
+ NOTE: Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2
+CVE-2021-44272
+ RESERVED
+CVE-2021-44271
+ RESERVED
+CVE-2021-44270
+ RESERVED
+CVE-2021-44269
+ RESERVED
+CVE-2021-44268
+ RESERVED
+CVE-2021-44267
+ RESERVED
+CVE-2021-44266
+ RESERVED
+CVE-2021-44265
+ RESERVED
+CVE-2021-44264
+ RESERVED
+CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...)
+ NOT-FOR-US: Gurock TestRail
+CVE-2021-44262
+ RESERVED
+CVE-2021-44261
+ RESERVED
+CVE-2021-44260
+ RESERVED
+CVE-2021-44259
+ RESERVED
+CVE-2021-44258
+ RESERVED
+CVE-2021-44257
+ RESERVED
+CVE-2021-44256
+ RESERVED
+CVE-2021-44255 (Authenticated remote code execution in MotionEye &lt;= 0.42.1 and Moti ...)
+ NOT-FOR-US: MotionEye
+CVE-2021-44254
+ RESERVED
+CVE-2021-44253
+ RESERVED
+CVE-2021-44252
+ RESERVED
+CVE-2021-44251
+ RESERVED
+CVE-2021-44250
+ RESERVED
+CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...)
+ NOT-FOR-US: Online Motorcycle (Bike) Rental System
+CVE-2021-44248
+ RESERVED
+CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
+ NOT-FOR-US: Totolink
+CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
+ NOT-FOR-US: Totolink
+CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
+ NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS)
+CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
+ NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System
+CVE-2021-44243
+ RESERVED
+CVE-2021-44242
+ RESERVED
+CVE-2021-44241
+ RESERVED
+CVE-2021-44240
+ RESERVED
+CVE-2021-44239
+ RESERVED
+CVE-2021-44238
+ RESERVED
+CVE-2021-44237
+ RESERVED
+CVE-2021-44236
+ RESERVED
+CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...)
+ - linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7)
+ NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
+CVE-2021-4031
+ RESERVED
+CVE-2021-4030
+ RESERVED
+CVE-2021-4029
+ RESERVED
+CVE-2021-4028 [use-after-free in RDMA listen()]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201
+ NOTE: https://git.kernel.org/linus/bc0bdc5afaa740d782fbf936aaeebd65e5c2921d (5.15-rc4)
+CVE-2021-4027
+ RESERVED
+CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4025
+ RESERVED
+CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...)
+ NOT-FOR-US: SAP
+CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that ...)
+ NOT-FOR-US: SAP
+CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...)
+ NOT-FOR-US: SAP
+CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...)
+ NOT-FOR-US: SAP
+CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...)
+ NOT-FOR-US: SAP
+CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...)
+ NOT-FOR-US: Burp Suite (different from src:burp)
+CVE-2021-44229
+ RESERVED
+CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...)
+ {DSA-5020-1 DLA-2842-1}
+ - apache-log4j2 2.15.0-1 (bug #1001478)
+ - apache-log4j1.2 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
+ NOTE: https://github.com/apache/logging-log4j2/pull/608
+ NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day/
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3198
+ NOTE: https://github.com/apache/logging-log4j2/commit/c77b3cb39312b83b053d23a2158b99ac7de44dd3
+ NOTE: The lookup is performed *after* formatting the message, which includes the user input. Hence
+ NOTE: the vulnerability can still be triggered using a ParametrizedMessage.
+CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used to cre ...)
+ - libpod 3.4.3+ds1-1 (bug #1000844)
+ [bullseye] - libpod <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675
NOTE: https://twitter.com/discordianfish/status/1463462371675066371
-CVE-2021-44227
- RESERVED
+ NOTE: https://github.com/containers/podman/pull/12283
+ NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1)
+ NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main)
+ NOTE: Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3)
+CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...)
+ - mailman <removed>
+ [buster] - mailman <no-dsa> (Minor issue)
+ [stretch] - mailman <no-dsa> (Minor issue; can be fixed with the next DLA)
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
+ NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt
+ NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
+ NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
CVE-2021-44226
RESERVED
CVE-2021-4023
@@ -35,13 +6580,17 @@ CVE-2021-4022
RESERVED
CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...)
- keepalived 1:2.2.4-0.2
- [bullseye] - keepalived <no-dsa> (Minor issue)
+ [bullseye] - keepalived 1:2.1.5-0.2+deb11u1
[buster] - keepalived <no-dsa> (Minor issue)
[stretch] - keepalived <no-dsa> (Minor issue)
NOTE: https://github.com/acassen/keepalived/pull/2063
NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
-CVE-2021-44224
- RESERVED
+CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...)
+ {DSA-5035-1 DLA-2907-1}
+ - apache2 2.4.52-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224
+ NOTE: Fixed by: https://svn.apache.org/r1895955
+ NOTE: Fixed by: https://svn.apache.org/r1896044
CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...)
- wordpress 5.8.1+dfsg1-1
[bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
@@ -57,21 +6606,27 @@ CVE-2021-44221
RESERVED
CVE-2021-4021
RESERVED
+ - radare2 <unfixed>
+ NOTE: https://github.com/radareorg/radare2/issues/19436
CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
- - janus <unfixed>
+ - janus 0.11.5-4 (unimportant; bug #1000831)
NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/
- NOTE: https://github.com/meetecho/janus-gateway/commit/d3fc00ec803d6c41d8f98908732f44e7f4911a1c
- TODO: check, possibly to be marked unimportant
-CVE-2021-4019
- RESERVED
+ NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
+ NOTE: Issues only in janus-demos built from src:janus
+CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
+ NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669)
CVE-2021-44220
RESERVED
CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...)
NOT-FOR-US: Gin-Vue-Admin
CVE-2021-44218
RESERVED
-CVE-2021-44217
- RESERVED
+CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...)
+ NOT-FOR-US: Ericsson
CVE-2021-44216
RESERVED
CVE-2021-44215
@@ -90,38 +6645,38 @@ CVE-2021-44209
RESERVED
CVE-2021-44208
RESERVED
-CVE-2021-44207
- RESERVED
-CVE-2021-4018
- RESERVED
-CVE-2021-4017
- RESERVED
-CVE-2021-44206
- RESERVED
-CVE-2021-44205
- RESERVED
-CVE-2021-44204
- RESERVED
-CVE-2021-44203
- RESERVED
-CVE-2021-44202
- RESERVED
-CVE-2021-44201
- RESERVED
-CVE-2021-44200
- RESERVED
-CVE-2021-44199
- RESERVED
-CVE-2021-44198
- RESERVED
+CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...)
+ NOT-FOR-US: Acclaim USAHERDS
+CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...)
+ NOT-FOR-US: Acronis
CVE-2021-44197
RESERVED
CVE-2021-44196
RESERVED
-CVE-2021-4016
- RESERVED
-CVE-2021-4015
- RESERVED
+CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
+ NOT-FOR-US: Rapid7 Insight Agent
+CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
CVE-2021-4014
RESERVED
CVE-2021-4013
@@ -144,30 +6699,30 @@ CVE-2021-44189
RESERVED
CVE-2021-44188
RESERVED
-CVE-2021-44187
- RESERVED
-CVE-2021-44186
- RESERVED
-CVE-2021-44185
- RESERVED
+CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44185 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
CVE-2021-44184
RESERVED
-CVE-2021-44183
- RESERVED
-CVE-2021-44182
- RESERVED
-CVE-2021-44181
- RESERVED
-CVE-2021-44180
- RESERVED
-CVE-2021-44179
- RESERVED
-CVE-2021-44178
- RESERVED
-CVE-2021-44177
- RESERVED
-CVE-2021-44176
- RESERVED
+CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44178 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44177 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44176 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
CVE-2021-44175
RESERVED
CVE-2021-44174
@@ -182,68 +6737,85 @@ CVE-2021-44170
RESERVED
CVE-2021-44169
RESERVED
-CVE-2021-44168
- RESERVED
+CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-44167
RESERVED
CVE-2021-44166
RESERVED
-CVE-2021-44165
- RESERVED
-CVE-2021-44164
- RESERVED
-CVE-2021-44163
- RESERVED
-CVE-2021-44162
- RESERVED
-CVE-2021-44161
- RESERVED
-CVE-2021-44160
- RESERVED
-CVE-2021-44159
- RESERVED
-CVE-2021-44158
- RESERVED
-CVE-2021-4011
- RESERVED
-CVE-2021-4010
- RESERVED
-CVE-2021-4009
- RESERVED
-CVE-2021-4008
- RESERVED
-CVE-2021-4007
- RESERVED
+CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44164 (Chain Sea ai chatbot system&#8217;s file upload function has insuffici ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44162 (Chain Sea ai chatbot system&#8217;s specific file download function ha ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system&#8217;s specific funct ...)
+ NOT-FOR-US: MOTP (Mobile One Time Password) system&
+CVE-2021-44160 (Carinal Tien Hospital Health Report System&#8217;s login page has impr ...)
+ NOT-FOR-US: Carinal Tien Hospital Health Report System&
+CVE-2021-44159 (4MOSAn GCB Doctor&#8217;s file upload function has improper user privi ...)
+ NOT-FOR-US: 4MOSAn GCB Doctor
+CVE-2021-44158 (ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflo ...)
+ NOT-FOR-US: ASUS
+CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768
+CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1}
+ - xorg-server 2:1.20.13-3
+ [stretch] - xorg-server <not-affected> (Vulnerable code introduced later)
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
+CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02
+CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
+CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...)
+ NOT-FOR-US: Rapid7 Insight Agent
CVE-2021-4006
RESERVED
-CVE-2021-4005
- RESERVED
+CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
CVE-2021-44157
RESERVED
CVE-2021-44156
RESERVED
-CVE-2021-44155
- RESERVED
-CVE-2021-44154
- RESERVED
-CVE-2021-44153
- RESERVED
-CVE-2021-44152
- RESERVED
-CVE-2021-44151
- RESERVED
+CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise RLM 14.2. ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin account ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the license ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because /goform/change_pa ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cookies ar ...)
+ NOT-FOR-US: Reprise RLM
CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
NOT-FOR-US: tusdotnet
-CVE-2021-44149
- RESERVED
-CVE-2021-44148
- RESERVED
+CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...)
+ NOT-FOR-US: Linaro/OP-TEE OP-TEE
+CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
+ NOT-FOR-US: GL.iNet
CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
NOT-FOR-US: Claris
CVE-2021-44146
RESERVED
-CVE-2021-44145
- RESERVED
+CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...)
+ NOT-FOR-US: Apache NiFi
CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...)
NOT-FOR-US: Croatia Control Asterix
CVE-2021-4004
@@ -253,15 +6825,29 @@ CVE-2021-4003
CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare]
RESERVED
- linux 5.15.5-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1
NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890
CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...)
- - isync <unfixed> (bug #999804)
- [stretch] - isync <postponed> (revisit when/if fixed upstream)
-CVE-2021-44142
- RESERVED
-CVE-2021-44141
- RESERVED
+ - isync 1.4.4-1 (bug #999804)
+ [bullseye] - isync <not-affected> (Vulnerable code introduced later)
+ [buster] - isync <not-affected> (Vulnerable code introduced later)
+ [stretch] - isync <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2
+CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...)
+ {DSA-5071-1}
+ - samba <unfixed> (bug #1004693)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/
+CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...)
+ - samba <unfixed> (bug #1004692)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911
CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...)
- jspwiki <removed>
CVE-2021-44139
@@ -296,32 +6882,49 @@ CVE-2021-44125
RESERVED
CVE-2021-44124
RESERVED
-CVE-2021-44123
- RESERVED
-CVE-2021-44122
- RESERVED
+CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master)
+ NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db
+ NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
CVE-2021-44121
- RESERVED
-CVE-2021-44120
- RESERVED
+ REJECTED
+CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81
+ NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
CVE-2021-44119
RESERVED
-CVE-2021-44118
- RESERVED
+CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba
+ NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
+ NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
CVE-2021-44117
RESERVED
-CVE-2021-44116
- RESERVED
+CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS &lt;=0.12 ...)
+ NOT-FOR-US: Anchor CMS
CVE-2021-44115
RESERVED
-CVE-2021-44114
- RESERVED
+CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-44113
RESERVED
CVE-2021-44112
RESERVED
-CVE-2021-44111
- RESERVED
+CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...)
+ NOT-FOR-US: S-Cart
CVE-2021-44110
RESERVED
CVE-2021-44109
@@ -358,12 +6961,12 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug
NOT-FOR-US: zrlog
CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
NOT-FOR-US: zrlog
-CVE-2021-44092
- RESERVED
-CVE-2021-44091
- RESERVED
-CVE-2021-44090
- RESERVED
+CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...)
+ NOT-FOR-US: code-projects Pharmacy Management
+CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...)
+ NOT-FOR-US: Sourcecodester Multi Restaurant Table Reservation System
+CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...)
+ NOT-FOR-US: Sourcecodester Online Reviewer System
CVE-2021-44089
RESERVED
CVE-2021-44088
@@ -384,42 +6987,87 @@ CVE-2021-44081
RESERVED
CVE-2021-44080
RESERVED
-CVE-2021-4001 [race condition when the EBPF map is frozen]
- RESERVED
+CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...)
- linux 5.15.5-1
+ [bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53
-CVE-2021-4000
- RESERVED
-CVE-2021-3999
- RESERVED
-CVE-2021-3998
+CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()]
RESERVED
-CVE-2021-3997
+ - glibc 2.33-4
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=472e799a5f2102bc0c3206dbd5a801765fceb39c
+CVE-2021-3998 [Unexpected return value from realpath() for too long results]
RESERVED
-CVE-2021-44079 (In the wazuh-slack active response script in Wazuh before 4.2.5, untru ...)
+ - glibc 2.33-4
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770
+ NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5
+CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]
+ RESERVED
+ - systemd 250.2-1 (bug #1003467)
+ [bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - systemd <ignored> (Minor issue; not exploitable before upstream commit e535840)
+ [stretch] - systemd <ignored> (Minor issue; utility segfault; not exploitable before upstream commit e535840, PoC doesn't segfault on stretch)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639
+ NOTE: https://github.com/systemd/systemd/pull/22070
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2
+ NOTE: Exploitable after (but present before): https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c (v242-rc1)
+ NOTE: PoC still crashes on jessie/215-17+deb8u14
+ NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11
+ NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
+CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...)
NOT-FOR-US: Wazuh
CVE-2021-3996
RESERVED
+ {DSA-5055-1}
+ - util-linux 2.37.3-1
+ [buster] - util-linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - util-linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1)
+ NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b (v2.37.3)
+ NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
CVE-2021-3995
RESERVED
-CVE-2021-3994
- RESERVED
-CVE-2021-3993
- RESERVED
-CVE-2021-3992
- RESERVED
-CVE-2021-44078
- RESERVED
-CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306 is vulnerable to unaut ...)
+ {DSA-5055-1}
+ - util-linux 2.37.3-1
+ [buster] - util-linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - util-linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1)
+ NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929 (v2.37.3)
+ NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
+CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ NOT-FOR-US: django-helpdesk
+CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44078 (An issue was discovered in split_region in uc.c in Unicorn Engine befo ...)
+ NOT-FOR-US: Unicorn Engine
+CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-3991
RESERVED
-CVE-2021-3990
- RESERVED
-CVE-2021-3989
- RESERVED
+CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: ShowDoc
CVE-2021-3988
RESERVED
CVE-2021-3987
@@ -478,38 +7126,44 @@ CVE-2021-44052
RESERVED
CVE-2021-44051
RESERVED
-CVE-2021-44050
- RESERVED
-CVE-2021-44049
- RESERVED
-CVE-2021-44048
- RESERVED
-CVE-2021-44047
- RESERVED
-CVE-2021-44046
- RESERVED
-CVE-2021-44045
- RESERVED
-CVE-2021-44044
- RESERVED
-CVE-2021-44043
- RESERVED
-CVE-2021-44042
- RESERVED
-CVE-2021-44041
- RESERVED
-CVE-2021-3985
- RESERVED
-CVE-2021-3984
- RESERVED
-CVE-2021-3983
- RESERVED
+CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
+ NOT-FOR-US: CA Network Flow Analysis (NFA)
+CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...)
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
+CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...)
+ NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
+CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44046 (An out-of-bounds write vulnerability exists when reading U3D files in ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44045 (An out-of-bounds write vulnerability exists when reading a DGN file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44044 (An out-of-bounds write vulnerability exists when reading a JPG file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44043 (An issue was discovered in UiPath App Studio 21.4.4. There is a persis ...)
+ NOT-FOR-US: UiPath
+CVE-2021-44042 (An issue was discovered in UiPath Assistant 21.4.4. User-controlled da ...)
+ NOT-FOR-US: UiPath
+CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlled data ...)
+ NOT-FOR-US: UiPath
+CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: kimai2
+CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1001896)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
+ NOTE: https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 (v8.2.3625)
+CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: kimai2
CVE-2021-44040
RESERVED
CVE-2021-44039
RESERVED
CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...)
- quagga <removed>
+ [buster] - quagga <no-dsa> (Minor issue)
+ [stretch] - quagga <postponed> (revisit when/if fixed upstream)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890
NOTE: Debian installed systemd unit files install the problematic redhat/*.service
NOTE: files with the unsafe chmod/chown calls in the Debian packaging.
@@ -517,91 +7171,106 @@ CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.23
NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...)
NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
-CVE-2021-44035
- RESERVED
+CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...)
+ NOT-FOR-US: Wolters Kluwer TeamMate AM
CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation]
RESERVED
- - gnome-shell <unfixed>
+ - gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174
- TODO: recheck classification when RH provides more information
-CVE-2021-3981
- RESERVED
-CVE-2021-3980
- RESERVED
-CVE-2021-3979
- RESERVED
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284
+CVE-2021-3981 [Incorrect permission in grub.cfg allow unprivileged user to read the file content]
+ RESERVED
+ - grub2 <unfixed> (bug #1001414)
+ [bullseye] - grub2 <not-affected> (Vulnerable code introduced later)
+ [buster] - grub2 <not-affected> (Vulnerable code introduced later)
+ [stretch] - grub2 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024170
+ NOTE: Introduced by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d (grub-2.06-rc1)
+ NOTE: https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html
+CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...)
+ - elgg <itp> (bug #526197)
+CVE-2021-3979 [ceph: Ceph volume does not honour osd_dmcrypt_key_size]
+ RESERVED
+ - ceph <unfixed>
+ [bullseye] - ceph <no-dsa> (Minor issue)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5
CVE-2021-44034
RESERVED
CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...)
NOT-FOR-US: Ionic Identity Vault
CVE-2021-44032
RESERVED
-CVE-2021-44031
- RESERVED
-CVE-2021-44030
- RESERVED
-CVE-2021-44029
- RESERVED
-CVE-2021-44028
- RESERVED
+CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before 11.2. T ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 because the ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
CVE-2021-44027
RESERVED
-CVE-2021-44024
- RESERVED
-CVE-2021-44023
- RESERVED
-CVE-2021-44022
- RESERVED
-CVE-2021-44021
- RESERVED
-CVE-2021-44020
- RESERVED
-CVE-2021-44019
- RESERVED
+CVE-2021-44024 (A link following denial-of-service vulnerability in Trend Micro Apex O ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
CVE-2021-3978
RESERVED
-CVE-2021-3977
- RESERVED
-CVE-2021-44018
- RESERVED
-CVE-2021-44017
- RESERVED
-CVE-2021-44016
- RESERVED
-CVE-2021-44015
- RESERVED
-CVE-2021-44014
- RESERVED
-CVE-2021-44013
- RESERVED
-CVE-2021-44012
- RESERVED
-CVE-2021-44011
- RESERVED
-CVE-2021-44010
- RESERVED
-CVE-2021-44009
- RESERVED
-CVE-2021-44008
- RESERVED
-CVE-2021-44007
- RESERVED
-CVE-2021-44006
- RESERVED
-CVE-2021-44005
- RESERVED
-CVE-2021-44004
- RESERVED
-CVE-2021-44003
- RESERVED
-CVE-2021-44002
- RESERVED
-CVE-2021-44001
- RESERVED
-CVE-2021-44000
- RESERVED
-CVE-2021-43999
- RESERVED
+CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: invoiceninja
+CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <not-affected> (SAML is not supported)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7
CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
@@ -613,22 +7282,22 @@ CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326
NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2)
CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...)
- {DSA-5013-1}
+ {DSA-5013-1 DLA-2840-1}
- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
NOTE: https://github.com/roundcube/roundcubemail/issues/8193
NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...)
- {DSA-5013-1}
+ {DSA-5013-1 DLA-2840-1}
- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
-CVE-2021-43998
- RESERVED
+CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...)
+ NOT-FOR-US: HashiCorp Vault
CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)
NOT-FOR-US: Amazon FreeRTOS
CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...)
- NOT-FOR-US: Laravel component
+ NOT-FOR-US: Laravel Ignition component
CVE-2021-43995
RESERVED
CVE-2021-43994
@@ -637,50 +7306,51 @@ CVE-2021-43993
RESERVED
CVE-2021-43992
RESERVED
-CVE-2021-43991
- RESERVED
+CVE-2021-43991 (The Kentico Xperience CMS version 13.0 &#8211; 13.0.43 is vulnerable t ...)
+ NOT-FOR-US: Kentico Xperience CMS
CVE-2021-43990
RESERVED
-CVE-2021-43989
- RESERVED
+CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...)
+ NOT-FOR-US: mySCADA myPRO
CVE-2021-43988
RESERVED
-CVE-2021-43987
- RESERVED
+CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...)
+ NOT-FOR-US: mySCADA myPRO
CVE-2021-43986
RESERVED
-CVE-2021-43985
- RESERVED
-CVE-2021-43984
- RESERVED
-CVE-2021-43983
- RESERVED
-CVE-2021-43982
- RESERVED
-CVE-2021-43981
- RESERVED
+CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...)
+ NOT-FOR-US: Delta
+CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...)
+ NOT-FOR-US: mySCADA myPRO
CVE-2021-43980
RESERVED
CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 ...)
NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper
-CVE-2021-43978
- RESERVED
+CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator database cre ...)
+ NOT-FOR-US: Allegro WIndows
CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...)
NOT-FOR-US: SmarterTools
CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...)
- - linux <unfixed>
+ - linux 5.15.15-2
NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...)
- - linux <unfixed>
+ - linux 5.15.5-2
+ [bullseye] - linux 5.10.84-1
NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
-CVE-2021-43974
- RESERVED
-CVE-2021-43973
- RESERVED
-CVE-2021-43972
- RESERVED
-CVE-2021-43971
- RESERVED
+CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg en ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysA ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSettings.js ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...)
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43970
RESERVED
CVE-2021-43969
@@ -695,23 +7365,23 @@ CVE-2021-43965
RESERVED
CVE-2021-43964
RESERVED
-CVE-2021-43963
- RESERVED
+CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...)
+ NOT-FOR-US: Couchbase Sync Gateway
CVE-2021-43962
RESERVED
CVE-2021-43961
RESERVED
-CVE-2021-43960
- RESERVED
+CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...)
+ NOT-FOR-US: Lorensbergs Connect2
CVE-2021-3974 (vim is vulnerable to Use After Free ...)
- - vim <unfixed>
+ - vim 2:8.2.3995-1 (bug #1001897)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612)
CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
- - vim <unfixed>
+ - vim 2:8.2.3995-1 (bug #1001899)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -726,7 +7396,9 @@ CVE-2021-3970
CVE-2021-3969
RESERVED
CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
- - vim <unfixed>
+ - vim 2:8.2.3995-1 (bug #1001900)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610)
@@ -742,64 +7414,64 @@ CVE-2021-43955
RESERVED
CVE-2021-43954
RESERVED
-CVE-2021-43953
- RESERVED
-CVE-2021-43952
- RESERVED
-CVE-2021-43951
- RESERVED
-CVE-2021-43950
- RESERVED
-CVE-2021-43949
- RESERVED
-CVE-2021-43948
- RESERVED
-CVE-2021-43947
- RESERVED
-CVE-2021-43946
- RESERVED
+CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
CVE-2021-43945
RESERVED
CVE-2021-43944
RESERVED
CVE-2021-43943
RESERVED
-CVE-2021-43942
- RESERVED
-CVE-2021-43941
- RESERVED
-CVE-2021-43940
- RESERVED
+CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+ NOT-FOR-US: Atlassian Confluence
CVE-2021-43939
RESERVED
CVE-2021-43938
RESERVED
CVE-2021-43937
RESERVED
-CVE-2021-43936
- RESERVED
-CVE-2021-43935
- RESERVED
+CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...)
+ NOT-FOR-US: Distributed Data Systems
+CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...)
+ NOT-FOR-US: Hillrom
CVE-2021-43934
RESERVED
CVE-2021-43933
RESERVED
CVE-2021-43932
RESERVED
-CVE-2021-43931
- RESERVED
+CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)
+ NOT-FOR-US: Distributed Data Systems
CVE-2021-43930
RESERVED
-CVE-2021-43929
- RESERVED
-CVE-2021-43928
- RESERVED
-CVE-2021-43927
- RESERVED
-CVE-2021-43926
- RESERVED
-CVE-2021-43925
- RESERVED
+CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
+ NOT-FOR-US: Synology
+CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
+ NOT-FOR-US: Synology
+CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
CVE-2021-43924
RESERVED
CVE-2021-43923
@@ -832,14 +7504,14 @@ CVE-2021-43910
RESERVED
CVE-2021-43909
RESERVED
-CVE-2021-43908
- RESERVED
-CVE-2021-43907
- RESERVED
+CVE-2021-43908 (Visual Studio Code Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43907 (Visual Studio Code WSL Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43906
RESERVED
-CVE-2021-43905
- RESERVED
+CVE-2021-43905 (Microsoft Office app Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43904
RESERVED
CVE-2021-43903
@@ -850,30 +7522,30 @@ CVE-2021-43901
RESERVED
CVE-2021-43900
RESERVED
-CVE-2021-43899
- RESERVED
+CVE-2021-43899 (Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerabil ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43898
RESERVED
CVE-2021-43897
RESERVED
-CVE-2021-43896
- RESERVED
+CVE-2021-43896 (Microsoft PowerShell Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43895
RESERVED
CVE-2021-43894
RESERVED
-CVE-2021-43893
- RESERVED
-CVE-2021-43892
- RESERVED
-CVE-2021-43891
- RESERVED
-CVE-2021-43890
- RESERVED
-CVE-2021-43889
- RESERVED
-CVE-2021-43888
- RESERVED
+CVE-2021-43893 (Windows Encrypting File System (EFS) Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43890 (Windows AppX Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43887
RESERVED
CVE-2021-43886
@@ -882,24 +7554,24 @@ CVE-2021-43885
RESERVED
CVE-2021-43884
RESERVED
-CVE-2021-43883
- RESERVED
-CVE-2021-43882
- RESERVED
+CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43881
RESERVED
-CVE-2021-43880
- RESERVED
+CVE-2021-43880 (Windows Mobile Device Management Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43879
RESERVED
CVE-2021-43878
RESERVED
-CVE-2021-43877
- RESERVED
-CVE-2021-43876
- RESERVED
-CVE-2021-43875
- RESERVED
+CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: .NET core
+CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43874
RESERVED
CVE-2021-43873
@@ -922,176 +7594,238 @@ CVE-2021-43865
RESERVED
CVE-2021-43864
RESERVED
-CVE-2021-43863
- RESERVED
-CVE-2021-43862
- RESERVED
-CVE-2021-43861
- RESERVED
-CVE-2021-43860
- RESERVED
-CVE-2021-43859
- RESERVED
-CVE-2021-43858
- RESERVED
-CVE-2021-43857
- RESERVED
-CVE-2021-43856
- RESERVED
-CVE-2021-43855
- RESERVED
-CVE-2021-43854
- RESERVED
-CVE-2021-43853
- RESERVED
-CVE-2021-43852
- RESERVED
-CVE-2021-43851
- RESERVED
-CVE-2021-43850
- RESERVED
-CVE-2021-43849
- RESERVED
-CVE-2021-43848
- RESERVED
-CVE-2021-43847
- RESERVED
-CVE-2021-43846
- RESERVED
-CVE-2021-43845
- RESERVED
-CVE-2021-43844
- RESERVED
-CVE-2021-43843
- RESERVED
-CVE-2021-43842
- RESERVED
-CVE-2021-43841
- RESERVED
-CVE-2021-43840
- RESERVED
-CVE-2021-43839
- RESERVED
-CVE-2021-43838
- RESERVED
-CVE-2021-43837
- RESERVED
-CVE-2021-43836
- RESERVED
-CVE-2021-43835
- RESERVED
-CVE-2021-43834
- RESERVED
-CVE-2021-43833
- RESERVED
-CVE-2021-43832
- RESERVED
-CVE-2021-43831
- RESERVED
-CVE-2021-43830
- RESERVED
-CVE-2021-43829
- RESERVED
-CVE-2021-43828
- RESERVED
-CVE-2021-43827
- RESERVED
+CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...)
+ NOT-FOR-US: jQuery Terminal Emulator
+CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...)
+ - node-mermaid 8.13.8+~cs10.4.16-1
+ [bullseye] - node-mermaid <no-dsa> (Minor issue)
+ NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
+ NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
+CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...)
+ {DSA-5049-1}
+ - flatpak 1.12.3-1
+ [buster] - flatpak <ignored> (Intrusive and risky to backport)
+ [stretch] - flatpak <ignored> (Intrusive and risky to backport)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
+ NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
+ NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee
+ NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
+ NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
+CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...)
+ {DLA-2924-1}
+ - libxstream-java <unfixed>
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
+ NOTE: https://x-stream.github.io/CVE-2021-43859.html
+ NOTE: https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
+CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...)
+ NOT-FOR-US: MinIO
+CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...)
+ NOT-FOR-US: Gerapy
+CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
+ - nltk 3.6.7-1 (bug #1002623)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x
+ NOTE: https://github.com/nltk/nltk/issues/2866
+ NOTE: https://github.com/nltk/nltk/pull/2869
+ NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6)
+CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...)
+ NOT-FOR-US: Ajax.NET Professional
+CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ NOT-FOR-US: OroPlatform
+CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...)
+ NOT-FOR-US: cordova-plugin-fingerprint-aio
+CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...)
+ - h2o <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4
+ NOTE: Introduced by: https://github.com/h2o/h2o/commit/93af1383b248e9284ba5f63211b4fbb4c828d060
+ NOTE: Fixed by: https://github.com/h2o/h2o/commit/8c0eca3d9bc1f08e7c6bdf57645f3d54aed7d844
+CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...)
+ NOT-FOR-US: HumHub Social Network Kit Enterprise
+CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
+ NOT-FOR-US: solidus_frontend
+CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
+ NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
+ NOTE: https://github.com/pjsip/pjproject/pull/2924
+CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...)
+ NOT-FOR-US: MSEdgeRedirect
+CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...)
+ NOT-FOR-US: jsx-slack
+CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...)
+ NOT-FOR-US: XWiki
+CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...)
+ NOT-FOR-US: Discourse Message Bus middleware
+CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
+ NOT-FOR-US: Cronos
+CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...)
+ NOT-FOR-US: jsx-slack
+CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...)
+ NOT-FOR-US: Hashicorp vault-cli
+CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ NOT-FOR-US: Spinnaker
+CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
+ NOT-FOR-US: gradio
+CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
+ NOT-FOR-US: OpenProject
+CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...)
+ NOT-FOR-US: PatrOwl
+CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security ...)
+ NOT-FOR-US: PatrOwl
+CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...)
+ NOT-FOR-US: discourse-footnote
CVE-2021-43826
RESERVED
CVE-2021-43825
RESERVED
CVE-2021-43824
RESERVED
-CVE-2021-43823
- RESERVED
-CVE-2021-43822
- RESERVED
-CVE-2021-43821
- RESERVED
-CVE-2021-43820
- RESERVED
+CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...)
+ NOT-FOR-US: Jackalope Doctrine-DBAL
+CVE-2021-43821 (Opencast is an Open Source Lecture Capture &amp; Video Management for ...)
+ NOT-FOR-US: Opencast
+CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...)
+ - seafile-server <itp> (bug #865830)
+ NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
+ NOTE: https://github.com/haiwen/seafile-server/pull/520
CVE-2021-43819
RESERVED
-CVE-2021-43818
- RESERVED
-CVE-2021-43817
- RESERVED
-CVE-2021-43816
- RESERVED
-CVE-2021-43815
- RESERVED
-CVE-2021-43814
- RESERVED
-CVE-2021-43813
- RESERVED
-CVE-2021-43812
- RESERVED
-CVE-2021-43811
- RESERVED
-CVE-2021-43810
- RESERVED
-CVE-2021-43809
- RESERVED
-CVE-2021-43808
- RESERVED
-CVE-2021-43807
- RESERVED
-CVE-2021-43806
- RESERVED
-CVE-2021-43805
- RESERVED
-CVE-2021-43804
- RESERVED
-CVE-2021-43803
- RESERVED
-CVE-2021-43802
- RESERVED
-CVE-2021-43801
- RESERVED
-CVE-2021-43800
- RESERVED
-CVE-2021-43799
- RESERVED
-CVE-2021-43798
- RESERVED
-CVE-2021-43797
- RESERVED
+CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...)
+ {DSA-5043-1 DLA-2871-1}
+ - lxml 4.7.1-1 (bug #1001885)
+ NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
+ NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)
+ NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)
+CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...)
+ NOT-FOR-US: Collabora Online
+CVE-2021-43816 (containerd is an open source container runtime. On installations using ...)
+ - containerd 1.5.9~ds1-1
+ [bullseye] - containerd <not-affected> (Vulnerable code introduced in 1.5.0)
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
+ NOTE: Fixed by: https://github.com/containerd/containerd/commit/1407cab509ff0d96baa4f0eb6ff9980270e6e620
+CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ NOT-FOR-US: Rizin
+CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ NOT-FOR-US: Auth0 Next.js SDK
+CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
+ NOT-FOR-US: Sockeye
+CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
+ NOT-FOR-US: Admidio
+CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...)
+ - rubygems 3.3.5-1
+ NOTE: https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
+ NOTE: https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c (v3.3.0)
+ NOTE: https://github.com/rubygems/rubygems/pull/5142
+CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
+ - php-laravel-framework 6.20.14+dfsg-3 (bug #1001333)
+ [bullseye] - php-laravel-framework <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
+ NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42)
+CVE-2021-43807 (Opencast is an Open Source Lecture Capture &amp; Video Management for ...)
+ NOT-FOR-US: Opencast
+CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
+ NOT-FOR-US: Solidus
+CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
+ NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
+CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
+ NOT-FOR-US: next.js
+CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8 ...)
+ NOT-FOR-US: Mercurius
+CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
+ - netty <unfixed> (bug #1001437)
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
+ NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
CVE-2021-43796
RESERVED
-CVE-2021-43795
- RESERVED
-CVE-2021-43794
- RESERVED
-CVE-2021-43793
- RESERVED
-CVE-2021-43792
- RESERVED
-CVE-2021-43791
- RESERVED
-CVE-2021-43790
- RESERVED
-CVE-2021-43789
- RESERVED
-CVE-2021-43788
- RESERVED
-CVE-2021-43787
- RESERVED
-CVE-2021-43786
- RESERVED
+CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
+ NOT-FOR-US: Armeria
+CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43792 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43791 (Zulip is an open source group chat application that combines real-time ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in ...)
+ NOT-FOR-US: Lucet
+CVE-2021-43789 (PrestaShop is an Open Source e-commerce web application. Versions of P ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-43788 (Nodebb is an open source Node.js based forum software. Prior to v1.18. ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43787 (Nodebb is an open source Node.js based forum software. In affected ver ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affected ver ...)
+ NOT-FOR-US: Nodebb
CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...)
- TODO: check
-CVE-2021-43784
- RESERVED
-CVE-2021-43783
- RESERVED
-CVE-2021-43782
- RESERVED
-CVE-2021-43781
- RESERVED
+ NOT-FOR-US: @joeattardi/emoji-button
+CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...)
+ {DLA-2841-1}
+ - runc 1.0.3+ds1-1
+ [bullseye] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
+ [buster] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
+ NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1
+ NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
+CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
+ NOT-FOR-US: @backstage/plugin-scaffolder-backend
+CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...)
+ NOT-FOR-US: Invenio-Drafts-Resources
CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
NOT-FOR-US: Redash
-CVE-2021-43779
- RESERVED
+CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking system and ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...)
NOT-FOR-US: GLPI plugin
CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
@@ -1104,18 +7838,18 @@ CVE-2021-3967
RESERVED
CVE-2021-3966
RESERVED
-CVE-2021-3965
- RESERVED
+CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
+ NOT-FOR-US: HP
CVE-2021-43774
RESERVED
CVE-2021-43773
RESERVED
-CVE-2021-43772
- RESERVED
-CVE-2021-43771
- RESERVED
-CVE-2021-3964
- RESERVED
+CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key ...)
+ - elgg <itp> (bug #526197)
CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...)
@@ -1132,16 +7866,16 @@ CVE-2021-43767
RESERVED
CVE-2021-43766
RESERVED
-CVE-2021-43765
- RESERVED
-CVE-2021-43764
- RESERVED
-CVE-2021-43763
- RESERVED
-CVE-2021-43762
- RESERVED
-CVE-2021-43761
- RESERVED
+CVE-2021-43765 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43764 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ NOT-FOR-US: Adobe
CVE-2021-43760
RESERVED
CVE-2021-43759
@@ -1158,26 +7892,26 @@ CVE-2021-43754
RESERVED
CVE-2021-43753
RESERVED
-CVE-2021-43752
- RESERVED
+CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
+ NOT-FOR-US: Adobe
CVE-2021-43751
RESERVED
-CVE-2021-43750
- RESERVED
-CVE-2021-43749
- RESERVED
-CVE-2021-43748
- RESERVED
-CVE-2021-43747
- RESERVED
-CVE-2021-43746
- RESERVED
+CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...)
+ NOT-FOR-US: Adobe
CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
-CVE-2021-3960
- RESERVED
-CVE-2021-3959
- RESERVED
+CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+ NOT-FOR-US: Bitdefender
CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
NOT-FOR-US: iPack SCADA Automation
CVE-2021-43745
@@ -1202,8 +7936,8 @@ CVE-2021-43736
RESERVED
CVE-2021-43735
RESERVED
-CVE-2021-43734
- RESERVED
+CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...)
+ NOT-FOR-US: kkFileview
CVE-2021-43733
RESERVED
CVE-2021-43732
@@ -1248,8 +7982,8 @@ CVE-2021-43713
RESERVED
CVE-2021-43712
RESERVED
-CVE-2021-43711
- RESERVED
+CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
+ NOT-FOR-US: TOTOLINK
CVE-2021-43710
RESERVED
CVE-2021-43709
@@ -1264,8 +7998,8 @@ CVE-2021-43705
RESERVED
CVE-2021-43704
RESERVED
-CVE-2021-43703
- RESERVED
+CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...)
+ NOT-FOR-US: zzcms
CVE-2021-43702
RESERVED
CVE-2021-43701
@@ -1274,58 +8008,58 @@ CVE-2021-43700
RESERVED
CVE-2021-43699
RESERVED
-CVE-2021-43698
- RESERVED
-CVE-2021-43697
- RESERVED
-CVE-2021-43696
- RESERVED
-CVE-2021-43695
- RESERVED
+CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...)
+ NOT-FOR-US: phpWhois
+CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...)
+ NOT-FOR-US: Workerman-ThinkPHP-Redis
+CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...)
+ NOT-FOR-US: twmap
+CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...)
+ NOT-FOR-US: issabelPBX
CVE-2021-43694
RESERVED
-CVE-2021-43693
- RESERVED
-CVE-2021-43692
- RESERVED
-CVE-2021-43691
- RESERVED
-CVE-2021-43690
- RESERVED
-CVE-2021-43689
- RESERVED
+CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...)
+ NOT-FOR-US: Vesta Control Panel
+CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...)
+ NOT-FOR-US: youtube-php-mirroring
+CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...)
+ NOT-FOR-US: tripexpress
+CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: YurunProxy
+CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...)
+ NOT-FOR-US: thinkphp manage
CVE-2021-43688
RESERVED
-CVE-2021-43687
- RESERVED
-CVE-2021-43686
- RESERVED
-CVE-2021-43685
- RESERVED
+CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: nZEDb
+CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
+ - libretime <itp> (bug #888687)
CVE-2021-43684
RESERVED
-CVE-2021-43683
- RESERVED
-CVE-2021-43682
- RESERVED
-CVE-2021-43681
- RESERVED
+CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: pictshare
+CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...)
+ NOT-FOR-US: ThinkPHP BJY Blog
+CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
+ NOT-FOR-US: SakuraPanel
CVE-2021-43680
RESERVED
-CVE-2021-43679
- RESERVED
-CVE-2021-43678
- RESERVED
-CVE-2021-43677
- RESERVED
-CVE-2021-43676
- RESERVED
-CVE-2021-43675
- RESERVED
-CVE-2021-43674
- RESERVED
-CVE-2021-43673
- RESERVED
+CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
+ NOT-FOR-US: ecshop
+CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
+ NOT-FOR-US: Wechat-php-sdk
+CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: Fluxbb
+CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
+ NOT-FOR-US: matyhtf framework
+CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: Lychee-v3
+CVE-2021-43674 (** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a p ...)
+ NOT-FOR-US: ThinkUp
+CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: dzzoffice
CVE-2021-43672
RESERVED
CVE-2021-43671
@@ -1395,28 +8129,28 @@ CVE-2021-43640
RESERVED
CVE-2021-43639
RESERVED
-CVE-2021-43638
- RESERVED
-CVE-2021-43637
- RESERVED
+CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...)
+ NOT-FOR-US: Amazon
+CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Amazon
CVE-2021-43636
RESERVED
-CVE-2021-43635
- RESERVED
+CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...)
+ NOT-FOR-US: Codex
CVE-2021-43634
RESERVED
CVE-2021-43633
RESERVED
CVE-2021-43632
RESERVED
-CVE-2021-43631
- RESERVED
-CVE-2021-43630
- RESERVED
-CVE-2021-43629
- RESERVED
-CVE-2021-43628
- RESERVED
+CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
CVE-2021-43627
RESERVED
CVE-2021-43626
@@ -1436,13 +8170,15 @@ CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Ru
CVE-2021-43619
RESERVED
CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
+ {DLA-2837-1}
- gmp 2:6.2.1+dfsg-3 (bug #994405)
- [bullseye] - gmp <no-dsa> (Minor issue)
+ [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
[buster] - gmp <no-dsa> (Minor issue)
NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...)
- - php-laravel-framework <unfixed>
+ - php-laravel-framework 6.20.14+dfsg-3 (bug #1002728)
+ [bullseye] - php-laravel-framework <no-dsa> (Can be fixed via point release)
NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
@@ -1451,8 +8187,8 @@ CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds wit
[bullseye] - npm <no-dsa> (Minor issue)
[buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/cli/issues/2701
-CVE-2021-43615
- RESERVED
+CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
CVE-2021-43614
RESERVED
CVE-2021-43613
@@ -1460,7 +8196,7 @@ CVE-2021-43613
CVE-2021-43612 [crash in SONMP decoder]
RESERVED
- lldpd 1.0.13-1
- [bullseye] - lldpd <no-dsa> (Minor issue)
+ [bullseye] - lldpd 1.0.11-1+deb11u1
[buster] - lldpd <no-dsa> (Minor issue)
[stretch] - lldpd <no-dsa> (Minor issue)
NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13)
@@ -1470,8 +8206,7 @@ CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such a
NOT-FOR-US: Belledonne Belle-sip
CVE-2021-43609
RESERVED
-CVE-2021-43608 [SQL Injection Security Vulnerability]
- RESERVED
+CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...)
- php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and
NOTE: only present in experimental suite.
@@ -1512,12 +8247,12 @@ CVE-2021-43591
RESERVED
CVE-2021-43590
RESERVED
-CVE-2021-43589
- RESERVED
-CVE-2021-43588
- RESERVED
-CVE-2021-43587
- RESERVED
+CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...)
+ NOT-FOR-US: EMC
+CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...)
+ NOT-FOR-US: EMC
+CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...)
+ NOT-FOR-US: Dell
CVE-2021-43586
RESERVED
CVE-2021-43585
@@ -1544,8 +8279,9 @@ CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D fi
NOT-FOR-US: Open Design Alliance PRC SDK
CVE-2021-43580
RESERVED
-CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
+CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC &lt;= 1.9 ...)
- htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/453
NOTE: Crash in CLI tool, no security impact
@@ -1565,24 +8301,23 @@ CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who i
NOT-FOR-US: Philips
CVE-2021-3949
RESERVED
-CVE-2021-3948
- RESERVED
+CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...)
NOT-FOR-US: Migration Toolkit for Containers
-CVE-2021-3947 [NVME: Arbitrary Memory Read]
- RESERVED
- - qemu <unfixed>
+CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...)
+ - qemu 1:6.2+dfsg-1
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2021869
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f432fdfa1215bc3a00468b2e711176be279b0fd2 (v6.0.0-rc0)
NOTE: https://lore.kernel.org/qemu-devel/20211111153125.2258176-1-philmd@redhat.com/
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e2c57529c9306e4c9aac75d9879f6e7699584a22 (v6.2.0-rc3)
CVE-2021-3946
RESERVED
CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
NOT-FOR-US: django-helpdesk
-CVE-2021-3944
- RESERVED
+CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: bookstack
CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
@@ -1591,7 +8326,7 @@ CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail
- atmailopen <removed>
CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
NOT-FOR-US: Realtek
-CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...)
+CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...)
NOT-FOR-US: Stark bank libraries
CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...)
NOT-FOR-US: Stark bank libraries
@@ -1603,10 +8338,18 @@ CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecds
NOT-FOR-US: Stark bank libraries
CVE-2021-43567
RESERVED
-CVE-2021-43566
- RESERVED
-CVE-2021-43565
- RESERVED
+CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...)
+ - samba <unfixed> (bug #1004691)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-43566.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13979
+CVE-2021-43565 [x/crypto/ssh: empty plaintext packet causes panic]
+ RESERVED
+ - golang-go.crypto 1:0.0~git20211202.5770296-1
+ [stretch] - golang-go.crypto <postponed> (Limited support in stretch)
+ NOTE: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
+ NOTE: https://github.com/golang/go/issues/49932
CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...)
NOT-FOR-US: TYPO3 extension
CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
@@ -1635,66 +8378,152 @@ CVE-2021-3941
NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed
CVE-2021-3940
RESERVED
-CVE-2021-43556
- RESERVED
+CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...)
+ NOT-FOR-US: FATEK WinProladder
CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...)
NOT-FOR-US: mySCADA myDESIGNER
-CVE-2021-43554
- RESERVED
+CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an ...)
+ NOT-FOR-US: FATEK WinProladder
CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...)
NOT-FOR-US: OSIsoft
-CVE-2021-43552
- RESERVED
+CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the ...)
+ NOT-FOR-US: Philips
CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...)
NOT-FOR-US: OSIsoft
-CVE-2021-43550
- RESERVED
+CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an unnecessary ...)
+ NOT-FOR-US: Philips
CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...)
NOT-FOR-US: OSIsoft
-CVE-2021-43548
- RESERVED
+CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...)
+ NOT-FOR-US: Philips
CVE-2021-43547
RESERVED
-CVE-2021-43546
- RESERVED
-CVE-2021-43545
- RESERVED
-CVE-2021-43544
- RESERVED
-CVE-2021-43543
- RESERVED
-CVE-2021-43542
- RESERVED
-CVE-2021-43541
- RESERVED
-CVE-2021-43540
- RESERVED
-CVE-2021-43539
- RESERVED
-CVE-2021-43538
- RESERVED
-CVE-2021-43537
- RESERVED
-CVE-2021-43536
- RESERVED
-CVE-2021-43535
- RESERVED
-CVE-2021-43534
- RESERVED
-CVE-2021-43533
- RESERVED
-CVE-2021-43532
- RESERVED
-CVE-2021-43531
- RESERVED
-CVE-2021-43530
- RESERVED
+CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43546
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
+CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43545
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43545
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43545
+CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have searche ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
+CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43543
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
+CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43542
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
+CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541
+CVE-2021-43540 (WebExtensions with the correct permissions were able to create and ins ...)
+ - firefox 95.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
+CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43539
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
+CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43538
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
+CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43537
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
+CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43536
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
+CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 93.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-43535
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
+CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43534
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43534
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43534
+CVE-2021-43533 (When parsing internationalized domain names, high bits of the characte ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43533
+CVE-2021-43532 (The 'Copy Image Link' context menu action would copy the final image U ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43532
+CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web Extension co ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43531
+CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android resul ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
CVE-2021-43529
RESERVED
-CVE-2021-43528
- RESERVED
-CVE-2021-43527
- RESERVED
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
+CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...)
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
+CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...)
+ {DSA-5016-1 DLA-2836-1}
+ - nss 2:3.73-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4
+ NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
+ NOTE: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
CVE-2021-43526
RESERVED
CVE-2021-43525
@@ -1706,8 +8535,8 @@ CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of spe
- uclibc-ng <itp> (bug #811275)
NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1
NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174
-CVE-2021-43522
- RESERVED
+CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...)
+ NOT-FOR-US: Insyde
CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...)
- accountsservice <not-affected> (Ubuntu specific patch)
NOTE: https://ubuntu.com/security/CVE-2021-3939
@@ -1718,6 +8547,7 @@ CVE-2021-3937
CVE-2021-3936
RESERVED
CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...)
+ {DLA-2922-1}
- pgbouncer 1.16.1-1
[bullseye] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release)
[buster] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release)
@@ -1738,7 +8568,8 @@ CVE-2021-43521
CVE-2021-43520
RESERVED
CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...)
- - lua5.4 <unfixed> (bug #1000228)
+ - lua5.4 5.4.4-1 (bug #1000228)
+ [bullseye] - lua5.4 <no-dsa> (Minor issue)
- lua5.3 <unfixed>
[bullseye] - lua5.3 <no-dsa> (Minor issue)
[buster] - lua5.3 <no-dsa> (Minor issue)
@@ -1755,8 +8586,14 @@ CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5
NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html
NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html
NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
-CVE-2021-43518
- RESERVED
+CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. ...)
+ - teeworlds <unfixed>
+ [bullseye] - teeworlds <no-dsa> (Minor issue)
+ [buster] - teeworlds <no-dsa> (Minor issue)
+ NOTE: https://github.com/teeworlds/teeworlds/issues/2981
+ NOTE: https://github.com/teeworlds/teeworlds/pull/3018
+ NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368
+ NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
CVE-2021-43517
RESERVED
CVE-2021-43516
@@ -1771,10 +8608,10 @@ CVE-2021-43512
RESERVED
CVE-2021-43511
RESERVED
-CVE-2021-43510
- RESERVED
-CVE-2021-43509
- RESERVED
+CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-43508
RESERVED
CVE-2021-43507
@@ -1849,12 +8686,12 @@ CVE-2021-43473
RESERVED
CVE-2021-43472
RESERVED
-CVE-2021-43471
- RESERVED
+CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does not requi ...)
+ NOT-FOR-US: Canon
CVE-2021-43470
RESERVED
-CVE-2021-43469
- RESERVED
+CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulner ...)
+ NOT-FOR-US: VINGA
CVE-2021-43468
RESERVED
CVE-2021-43467
@@ -1889,8 +8726,8 @@ CVE-2021-43453
RESERVED
CVE-2021-43452
RESERVED
-CVE-2021-43451
- RESERVED
+CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...)
+ NOT-FOR-US: PHPGURUKUL
CVE-2021-43450
RESERVED
CVE-2021-43449
@@ -1909,18 +8746,18 @@ CVE-2021-43443
RESERVED
CVE-2021-43442
RESERVED
-CVE-2021-43441
- RESERVED
-CVE-2021-43440
- RESERVED
-CVE-2021-43439
- RESERVED
-CVE-2021-43438
- RESERVED
-CVE-2021-43437
- RESERVED
-CVE-2021-43436
- RESERVED
+CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...)
+ NOT-FOR-US: iOrder
+CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...)
+ NOT-FOR-US: iOrder
+CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...)
+ NOT-FOR-US: iResturant
+CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...)
+ NOT-FOR-US: iResturant
+CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...)
+ NOT-FOR-US: sourcecodetester Engineers Online Portal
+CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...)
+ NOT-FOR-US: MartDevelopers Inc iResturant
CVE-2021-43435
RESERVED
CVE-2021-43434
@@ -1951,8 +8788,8 @@ CVE-2021-43422
RESERVED
CVE-2021-43421
RESERVED
-CVE-2021-43420
- RESERVED
+CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-43419
RESERVED
CVE-2021-43418
@@ -1961,8 +8798,10 @@ CVE-2021-43417
RESERVED
CVE-2021-43416
RESERVED
-CVE-2021-43415
- RESERVED
+CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...)
+ - nomad <undetermined>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
+ TODO: check
CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...)
- hurd 1:0.9.git20210404-9
CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pa ...)
@@ -1971,8 +8810,8 @@ CVE-2021-43412 (An issue was discovered in GNU Hurd before 0.9 20210404-9. libpo
- hurd 1:0.9.git20210404-9
CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying ...)
- hurd 1:0.9.git20210404-9
-CVE-2021-43410
- RESERVED
+CVE-2021-43410 (Apache Airavata Django Portal allows CRLF log injection because of lac ...)
+ NOT-FOR-US: Apache Airavata
CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: twill
CVE-2021-43409 (The &#8220;WPO365 | LOGIN&#8221; WordPress plugin (up to and including ...)
@@ -1995,55 +8834,66 @@ CVE-2021-43401
RESERVED
CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
-CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
- RESERVED
- - qemu <unfixed>
+CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
[stretch] - qemu <postponed> (Fix along with a future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546
- NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8
-CVE-2021-3929
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 (v6.2.0-rc0)
+CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free]
RESERVED
+ - qemu <unfixed>
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556
+ NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: No upstream patch as of 2022-01-28
CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
- - bluez <unfixed> (bug #998626)
+ - bluez 5.62-1 (bug #998626)
+ [bullseye] - bluez <no-dsa> (Minor issue; can be fixed in point release)
+ [buster] - bluez <no-dsa> (Minor issue; can be fixed in point release)
[stretch] - bluez <ignored> (invasive patch, requires post-stretch revamps)
NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f (5.40)
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62)
-CVE-2021-43399
- RESERVED
-CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in ...)
- - libcrypto++ <unfixed> (bug #1000227)
- [bullseye] - libcrypto++ <no-dsa> (Minor issue)
- [buster] - libcrypto++ <no-dsa> (Minor issue)
- [stretch] - libcrypto++ <no-dsa> (Minor issue)
+CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...)
+ NOT-FOR-US: yubihsm-shell
+CVE-2021-43398 (** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a ti ...)
+ - libcrypto++ <unfixed> (unimportant; bug #1000227)
NOTE: https://github.com/weidai11/cryptopp/issues/1080
+ NOTE: As per upstream believed to be the expected behaviour:
+ NOTE: https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996492222
CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
NOT-FOR-US: LiquidFiles
CVE-2021-43395
RESERVED
-CVE-2021-43394
- RESERVED
+CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
+ NOT-FOR-US: Unisys
CVE-2021-43393
RESERVED
CVE-2021-43392
RESERVED
CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka ...)
- - glibc <unfixed> (bug #998622)
+ - glibc 2.32-5 (unimportant; bug #998622)
[buster] - glibc <not-affected> (Vulnerable code not present)
[stretch] - glibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28524
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
NOTE: Introduced by the fix for CVE-2021-3326 / BZ#27256: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
+ NOTE: No security impact per upstream assessment
CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF file usi ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...)
+ {DLA-2843-1}
- linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d
-CVE-2021-43388
- RESERVED
+CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...)
+ NOT-FOR-US: Unisys Cargo Mobile Application
CVE-2021-43387
RESERVED
CVE-2021-43386
@@ -2098,19 +8948,23 @@ CVE-2021-43362
RESERVED
CVE-2021-43361
RESERVED
-CVE-2021-43360
- RESERVED
-CVE-2021-43359
- RESERVED
-CVE-2021-43358
- RESERVED
-CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
- - vim <unfixed>
+CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule&#8217;s serialization functi ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
- - vim <unfixed>
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)
@@ -2142,7 +8996,6 @@ CVE-2021-43339 (In Ericsson Network Location before 2021-07-31, it is possible f
NOT-FOR-US: Ericsson
CVE-2021-43338
REJECTED
- NOT-FOR-US: Ericsson
CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On ...)
- slurm-wlm <not-affected> (Affects only 21.08 series; vulnerable code introduced later)
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
@@ -2163,10 +9016,10 @@ CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF f
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43335
RESERVED
-CVE-2021-43334
- RESERVED
-CVE-2021-43333
- RESERVED
+CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...)
+ NOT-FOR-US: BuddyBoss
+CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
+ NOT-FOR-US: Datalogic
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
- mailman <removed> (bug #1000367)
[buster] - mailman <no-dsa> (Minor issue)
@@ -2185,24 +9038,24 @@ CVE-2021-43329
RESERVED
CVE-2021-43328
RESERVED
-CVE-2021-43327
- RESERVED
-CVE-2021-43326
- RESERVED
-CVE-2021-43325
- RESERVED
+CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC ...)
+ NOT-FOR-US: Renesas
+CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets permissions on a t ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a temporar ...)
+ NOT-FOR-US: Automox Agent
CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
NOT-FOR-US: LibreNMS
-CVE-2021-43323
- RESERVED
+CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
CVE-2021-43322
RESERVED
CVE-2021-43321
RESERVED
CVE-2021-43320
- RESERVED
-CVE-2021-43319
- RESERVED
+ REJECTED
+CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-43318
RESERVED
CVE-2021-43317
@@ -2233,20 +9086,40 @@ CVE-2021-43305
RESERVED
CVE-2021-43304
RESERVED
-CVE-2021-43303
- RESERVED
-CVE-2021-43302
- RESERVED
-CVE-2021-43301
- RESERVED
-CVE-2021-43300
- RESERVED
-CVE-2021-43299
- RESERVED
-CVE-2021-43298
- RESERVED
-CVE-2021-43297
- RESERVED
+CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...)
+ NOT-FOR-US: GoAhead Web Server
+CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...)
+ NOT-FOR-US: Apache Dubbo
CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...)
NOT-FOR-US: Grav CMS
CVE-2021-23222
@@ -2267,12 +9140,12 @@ CVE-2021-23214
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24)
-CVE-2021-43296
- RESERVED
-CVE-2021-43295
- RESERVED
-CVE-2021-43294
- RESERVED
+CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...)
NOT-FOR-US: Sonatype
CVE-2021-43292
@@ -2291,12 +9164,12 @@ CVE-2021-43286
RESERVED
CVE-2021-43285
RESERVED
-CVE-2021-43284
- RESERVED
-CVE-2021-43283
- RESERVED
-CVE-2021-43282
- RESERVED
+CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...)
+ NOT-FOR-US: Victure WR1200 devices
CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...)
NOT-FOR-US: MyBB
CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...)
@@ -2321,8 +9194,8 @@ CVE-2021-43271
RESERVED
CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
-CVE-2021-43269
- RESERVED
+CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...)
+ NOT-FOR-US: Code42 app
CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...)
NOT-FOR-US: Wind River VxWorks
CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
@@ -2351,13 +9224,14 @@ CVE-2021-3922
RESERVED
CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
- linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15)
-CVE-2021-43256
- RESERVED
-CVE-2021-43255
- RESERVED
+CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43254
RESERVED
CVE-2021-43253
@@ -2370,76 +9244,76 @@ CVE-2021-43250
RESERVED
CVE-2021-43249
RESERVED
-CVE-2021-43248
- RESERVED
-CVE-2021-43247
- RESERVED
-CVE-2021-43246
- RESERVED
-CVE-2021-43245
- RESERVED
-CVE-2021-43244
- RESERVED
-CVE-2021-43243
- RESERVED
-CVE-2021-43242
- RESERVED
+CVE-2021-43248 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43247 (Windows TCP/IP Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43246 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43245 (Windows Digital TV Tuner Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43241
RESERVED
-CVE-2021-43240
- RESERVED
-CVE-2021-43239
- RESERVED
-CVE-2021-43238
- RESERVED
-CVE-2021-43237
- RESERVED
-CVE-2021-43236
- RESERVED
-CVE-2021-43235
- RESERVED
-CVE-2021-43234
- RESERVED
-CVE-2021-43233
- RESERVED
-CVE-2021-43232
- RESERVED
-CVE-2021-43231
- RESERVED
-CVE-2021-43230
- RESERVED
-CVE-2021-43229
- RESERVED
-CVE-2021-43228
- RESERVED
-CVE-2021-43227
- RESERVED
-CVE-2021-43226
- RESERVED
-CVE-2021-43225
- RESERVED
-CVE-2021-43224
- RESERVED
-CVE-2021-43223
- RESERVED
-CVE-2021-43222
- RESERVED
+CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43239 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43228 (SymCrypt Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43225 (Bot Framework SDK Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-43219
- RESERVED
+CVE-2021-43219 (DirectX Graphics Kernel File Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43218
RESERVED
-CVE-2021-43217
- RESERVED
-CVE-2021-43216
- RESERVED
-CVE-2021-43215
- RESERVED
-CVE-2021-43214
- RESERVED
+CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43216 (Microsoft Local Security Authority Server (lsasrv) Information Disclos ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43214 (Web Media Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43213
RESERVED
CVE-2021-43212
@@ -2452,14 +9326,14 @@ CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is uni
NOT-FOR-US: Microsoft
CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
NOT-FOR-US: Microsoft
-CVE-2021-43207
- RESERVED
+CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
CVE-2021-43206
RESERVED
CVE-2021-43205
RESERVED
-CVE-2021-43204
- RESERVED
+CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
@@ -2468,8 +9342,8 @@ CVE-2021-3919
RESERVED
CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
NOT-FOR-US: JetBrains Ktor
-CVE-2021-43202
- RESERVED
+CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...)
+ NOT-FOR-US: JetBrains TeamCity
CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...)
@@ -2520,24 +9394,39 @@ CVE-2021-43178
RESERVED
CVE-2021-43177
RESERVED
-CVE-2021-43176
- RESERVED
-CVE-2021-43175
- RESERVED
+CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
+ NOT-FOR-US: GOautodial API
+CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
+ NOT-FOR-US: GOautodial API
CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
- [bullseye] - node-json-schema <no-dsa> (Minor issue)
+ [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
[buster] - node-json-schema <no-dsa> (Minor issue)
NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0)
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
+ {DSA-5041-1}
- routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/667
CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...)
+ {DSA-5041-1 DSA-5033-1}
- routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/666
+ NOTE: https://github.com/NLnetLabs/routinator/pull/612
CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...)
- routinator <itp> (bug #929024)
+ - fort-validator <unfixed>
+ [bullseye] - fort-validator <postponed> (Minor issue, revisit when fixed upstream)
+ - cfrpki <unfixed>
+ [bullseye] - cfrpki <postponed> (Minor issue, revisit when fixed upstream)
+ - rpki-client 7.5-1
NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/665
CVE-2021-3917
RESERVED
NOT-FOR-US: coreos-installer
@@ -2567,14 +9456,14 @@ CVE-2021-43160
RESERVED
CVE-2021-43159
RESERVED
-CVE-2021-43158
- RESERVED
-CVE-2021-43157
- RESERVED
-CVE-2021-43156
- RESERVED
-CVE-2021-43155
- RESERVED
+CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...)
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
+CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
+CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...)
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
+CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
CVE-2021-43154
RESERVED
CVE-2021-43153
@@ -2593,8 +9482,8 @@ CVE-2021-43147
RESERVED
CVE-2021-43146
RESERVED
-CVE-2021-43145
- RESERVED
+CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...)
+ - zammad <itp> (bug #841355)
CVE-2021-43144
RESERVED
CVE-2021-43143
@@ -2609,8 +9498,8 @@ CVE-2021-43139
RESERVED
CVE-2021-43138
RESERVED
-CVE-2021-43137
- RESERVED
+CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...)
+ NOT-FOR-US: hostel management system
CVE-2021-43136 (An authentication bypass issue in FormaLMS &lt;= 2.4.4 allows an attac ...)
NOT-FOR-US: FormaLMS
CVE-2021-43135
@@ -2649,16 +9538,17 @@ CVE-2021-43119
RESERVED
CVE-2021-43118
RESERVED
-CVE-2021-43117
- RESERVED
+CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...)
+ NOT-FOR-US: fastadmin
CVE-2021-43116
RESERVED
CVE-2021-43115
RESERVED
CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...)
+ {DSA-5033-1}
- fort-validator 1.5.2-1
-CVE-2021-43113
- RESERVED
+CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection via a Co ...)
+ NOT-FOR-US: iText
CVE-2021-43112
RESERVED
CVE-2021-43111
@@ -2671,8 +9561,8 @@ CVE-2021-43108
RESERVED
CVE-2021-43107
RESERVED
-CVE-2021-43106
- RESERVED
+CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...)
+ NOT-FOR-US: Compass Plus TranzWare
CVE-2021-43105
RESERVED
CVE-2021-43104
@@ -2719,8 +9609,8 @@ CVE-2021-43084
RESERVED
CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
NOT-FOR-US: bookstack
-CVE-2021-43083
- RESERVED
+CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...)
+ NOT-FOR-US: Apache PLC4X
CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
- trafficserver 9.1.1+ds-1
[bullseye] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
@@ -2748,30 +9638,30 @@ CVE-2021-43075
RESERVED
CVE-2021-43074
RESERVED
-CVE-2021-43073
- RESERVED
+CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-43072
RESERVED
-CVE-2021-43071
- RESERVED
+CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-43070
RESERVED
CVE-2021-43069
RESERVED
-CVE-2021-43068
- RESERVED
-CVE-2021-43067
- RESERVED
+CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-43066
RESERVED
-CVE-2021-43065
- RESERVED
-CVE-2021-43064
- RESERVED
-CVE-2021-43063
- RESERVED
-CVE-2021-43062
- RESERVED
+CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-43061
RESERVED
CVE-2021-43060
@@ -2789,20 +9679,20 @@ CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
-CVE-2021-43055
- RESERVED
-CVE-2021-43054
- RESERVED
-CVE-2021-43053
- RESERVED
-CVE-2021-43052
- RESERVED
-CVE-2021-43051
- RESERVED
-CVE-2021-43050
- RESERVED
-CVE-2021-43049
- RESERVED
+CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ NOT-FOR-US: Spotfire Server component of TIBCO
+CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect ...)
+ NOT-FOR-US: TIBCO
CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...)
NOT-FOR-US: TIBCO
CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...)
@@ -2811,87 +9701,94 @@ CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Softw
NOT-FOR-US: TIBCO
CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...)
- linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6)
-CVE-2021-43045
- RESERVED
+CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...)
+ NOT-FOR-US: Apache Avro
CVE-2021-3913
RESERVED
-CVE-2021-43044
- RESERVED
-CVE-2021-43043
- RESERVED
-CVE-2021-43042
- RESERVED
-CVE-2021-43041
- RESERVED
-CVE-2021-43040
- RESERVED
-CVE-2021-43039
- RESERVED
-CVE-2021-43038
- RESERVED
-CVE-2021-43037
- RESERVED
-CVE-2021-43036
- RESERVED
-CVE-2021-43035
- RESERVED
-CVE-2021-43034
- RESERVED
-CVE-2021-43033
- RESERVED
+CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43043 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43042 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43041 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43040 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43039 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43038 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43037 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43036 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43035 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43034 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory, ...)
+ {DSA-5041-1}
+ - routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg
- TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...)
+ {DSA-5041-1}
- cfrpki 1.4.0-1
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22
- TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...)
+ {DSA-5041-1}
- cfrpki 1.4.0-1
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j
- TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...)
+ {DSA-5041-1 DSA-5033-1}
+ - routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
- TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...)
+ {DSA-5041-1}
- cfrpki 1.4.0-1
+ - routinator <itp> (bug #929024)
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
- TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...)
+ {DSA-5041-1 DSA-5033-1}
- cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
- TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
NOT-FOR-US: bookstack
CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admin pane ...)
NOT-FOR-US: XenForo
CVE-2021-43031
RESERVED
-CVE-2021-43030
- RESERVED
-CVE-2021-43029
- RESERVED
-CVE-2021-43028
- RESERVED
+CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
CVE-2021-43027
RESERVED
-CVE-2021-43026
- RESERVED
-CVE-2021-43025
- RESERVED
-CVE-2021-43024
- RESERVED
-CVE-2021-43023
- RESERVED
-CVE-2021-43022
- RESERVED
-CVE-2021-43021
- RESERVED
+CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
CVE-2021-43020
RESERVED
CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...)
@@ -2922,6 +9819,8 @@ CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web
NOT-FOR-US: Grav CMS
CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3565-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
@@ -2934,76 +9833,76 @@ CVE-2021-43008
RESERVED
CVE-2021-43007
RESERVED
-CVE-2021-43006
- RESERVED
+CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
+ NOT-FOR-US: AmZetta Amzetta zPortal DVM Tools
CVE-2021-43005
RESERVED
CVE-2021-43004
RESERVED
-CVE-2021-43003
- RESERVED
-CVE-2021-43002
- RESERVED
+CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...)
+ NOT-FOR-US: Amzetta
+CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...)
+ NOT-FOR-US: Amzetta
CVE-2021-43001
RESERVED
-CVE-2021-43000
- RESERVED
+CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...)
+ NOT-FOR-US: Amzetta
CVE-2021-42999
RESERVED
CVE-2021-42998
RESERVED
CVE-2021-42997
RESERVED
-CVE-2021-42996
- RESERVED
+CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
+ NOT-FOR-US: Donglify
CVE-2021-42995
RESERVED
-CVE-2021-42994
- RESERVED
-CVE-2021-42993
- RESERVED
+CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
+ NOT-FOR-US: Donglify
+CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
+ NOT-FOR-US: FlexiHub For Windows
CVE-2021-42992
RESERVED
CVE-2021-42991
RESERVED
-CVE-2021-42990
- RESERVED
+CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...)
+ NOT-FOR-US: FlexiHub For Windows
CVE-2021-42989
RESERVED
-CVE-2021-42988
- RESERVED
-CVE-2021-42987
- RESERVED
-CVE-2021-42986
- RESERVED
+CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Eltima USB Network Gate
+CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Eltima USB Network Gate
+CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...)
+ NOT-FOR-US: NoMachine
CVE-2021-42985
RESERVED
CVE-2021-42984
RESERVED
-CVE-2021-42983
- RESERVED
+CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...)
+ NOT-FOR-US: NoMachine
CVE-2021-42982
RESERVED
CVE-2021-42981
RESERVED
-CVE-2021-42980
- RESERVED
-CVE-2021-42979
- RESERVED
+CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: NoMachine
CVE-2021-42978
RESERVED
-CVE-2021-42977
- RESERVED
-CVE-2021-42976
- RESERVED
+CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...)
+ NOT-FOR-US: NoMachine
CVE-2021-42975
RESERVED
CVE-2021-42974
RESERVED
-CVE-2021-42973
- RESERVED
-CVE-2021-42972
- RESERVED
+CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...)
+ NOT-FOR-US: NoMachine
CVE-2021-42971
RESERVED
CVE-2021-42970
@@ -3056,8 +9955,8 @@ CVE-2021-42947
RESERVED
CVE-2021-42946
RESERVED
-CVE-2021-42945
- RESERVED
+CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...)
+ NOT-FOR-US: ZZCMS
CVE-2021-42944
RESERVED
CVE-2021-42943
@@ -3066,8 +9965,8 @@ CVE-2021-42942
RESERVED
CVE-2021-42941
RESERVED
-CVE-2021-42940
- RESERVED
+CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...)
+ NOT-FOR-US: Projeqtor
CVE-2021-42939
RESERVED
CVE-2021-42938
@@ -3114,7 +10013,7 @@ CVE-2021-42918
RESERVED
CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
- kodi 2:19.3+dfsg1-1 (bug #998419)
- [bullseye] - kodi <no-dsa> (Minor issue)
+ [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
[buster] - kodi <no-dsa> (Minor issue)
[stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
- xbmc <removed>
@@ -3127,10 +10026,10 @@ CVE-2021-42915
RESERVED
CVE-2021-42914
RESERVED
-CVE-2021-42913
- RESERVED
-CVE-2021-42912
- RESERVED
+CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...)
+ NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers
+CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
+ NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
CVE-2021-42911
RESERVED
CVE-2021-42910
@@ -3283,8 +10182,8 @@ CVE-2021-42843
RESERVED
CVE-2021-42842
RESERVED
-CVE-2021-42841
- RESERVED
+CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of improper vali ...)
+ NOT-FOR-US: Insta HMS
CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
NOT-FOR-US: SuiteCRM
CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...)
@@ -3299,12 +10198,12 @@ CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of
NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
NOTE: https://github.com/tidwall/gjson/issues/236
NOTE: https://github.com/tidwall/gjson/issues/237
-CVE-2021-42835
- RESERVED
+CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...)
+ NOT-FOR-US: Plex Media Server
CVE-2021-42834
RESERVED
-CVE-2021-42833
- RESERVED
+CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...)
+ NOT-FOR-US: AquaView
CVE-2021-42832
RESERVED
CVE-2021-42831
@@ -3351,12 +10250,12 @@ CVE-2021-42812
RESERVED
CVE-2021-42811
RESERVED
-CVE-2021-42810
- RESERVED
-CVE-2021-42809
- RESERVED
-CVE-2021-42808
- RESERVED
+CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...)
+ NOT-FOR-US: Thales SafeNet Agent
+CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...)
+ NOT-FOR-US: ThalesThales Sentinel Protection Installer
+CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could ...)
+ NOT-FOR-US: Thales Sentinel Protection Installer
CVE-2021-42807
RESERVED
CVE-2021-42806
@@ -3389,8 +10288,8 @@ CVE-2021-42793
RESERVED
CVE-2021-42792
RESERVED
-CVE-2021-42791
- RESERVED
+CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...)
+ NOT-FOR-US: VeridiumID
CVE-2021-42790
RESERVED
CVE-2021-42789
@@ -3402,7 +10301,7 @@ CVE-2021-42787
CVE-2021-42786
RESERVED
CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...)
- TODO: check
+ NOT-FOR-US: TightVNC Viewer
CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...)
NOT-FOR-US: D-Link
CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...)
@@ -3419,8 +10318,8 @@ CVE-2021-42778
RESERVED
CVE-2021-42777
RESERVED
-CVE-2021-42776
- RESERVED
+CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...)
+ NOT-FOR-US: CloverDX Server
CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
@@ -3430,7 +10329,7 @@ CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions before
CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...)
- {DLA-2790-1}
+ {DSA-5018-1 DLA-2790-1}
- python-babel 2.8.0+dfsg.1-7 (bug #987824)
NOTE: https://www.tenable.com/security/research/tra-2021-14
NOTE: https://github.com/python-babel/babel/pull/782
@@ -3459,32 +10358,32 @@ CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
CVE-2021-42761
RESERVED
-CVE-2021-42760
- RESERVED
-CVE-2021-42759
- RESERVED
-CVE-2021-42758
- RESERVED
-CVE-2021-42757
- RESERVED
+CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-42756
RESERVED
CVE-2021-42755
RESERVED
CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
NOT-FOR-US: Fortiguard
-CVE-2021-42753
- RESERVED
-CVE-2021-42752
- RESERVED
+CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-42751
RESERVED
CVE-2021-42750
RESERVED
-CVE-2021-42749
- RESERVED
-CVE-2021-42748
- RESERVED
+CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...)
+ NOT-FOR-US: Beaver
+CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...)
+ NOT-FOR-US: Beaver
CVE-2021-42747
RESERVED
CVE-2021-42745
@@ -3510,10 +10409,12 @@ CVE-2021-42742
CVE-2021-42741
RESERVED
CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...)
- - node-shell-quote <unfixed> (bug #998418)
+ - node-shell-quote 1.7.3+~1.7.1-1 (bug #998418)
NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3)
CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
+ {DLA-2843-1}
- linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://seclists.org/oss-sec/2021/q2/46
NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
@@ -3558,15 +10459,22 @@ CVE-2021-42719
RESERVED
CVE-2021-42718
RESERVED
-CVE-2021-3894
- RESERVED
-CVE-2021-42717 [ModSecurity DoS Vulnerability in JSON Parsing]
+CVE-2021-3894 [sctp: local DoS: unprivileged user can cause BUG()]
RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014970
+CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
+ {DSA-5023-1}
- modsecurity 3.0.6-1
+ [bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
+ [buster] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
- modsecurity-apache 2.9.5-1
[stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647
NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/
+ NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4 (v2.9.5)
+ NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/ac79c1c29b7e6323e26cc984ad4f76ef62c731cd (v3.0.6)
CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...)
- libstb <unfixed>
[bullseye] - libstb <no-dsa> (Minor issue)
@@ -3580,14 +10488,14 @@ CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. Th
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1224
NOTE: https://github.com/nothings/stb/pull/1223
-CVE-2021-42714
- RESERVED
-CVE-2021-42713
- RESERVED
-CVE-2021-42712
- RESERVED
-CVE-2021-42711
- RESERVED
+CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...)
+ NOT-FOR-US: Splashtop Remote Client
+CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...)
+ NOT-FOR-US: Splashtop Remote Client
+CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...)
+ NOT-FOR-US: Splashtop Streamer
+CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...)
+ NOT-FOR-US: Barracuda Network Access Client
CVE-2021-42710
RESERVED
CVE-2021-42709
@@ -3632,22 +10540,22 @@ CVE-2021-42690
RESERVED
CVE-2021-42689
RESERVED
-CVE-2021-42688
- RESERVED
-CVE-2021-42687
- RESERVED
-CVE-2021-42686
- RESERVED
-CVE-2021-42685
- RESERVED
+CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
CVE-2021-42684
RESERVED
-CVE-2021-42683
- RESERVED
-CVE-2021-42682
- RESERVED
-CVE-2021-42681
- RESERVED
+CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
+CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
CVE-2021-42680
RESERVED
CVE-2021-42679
@@ -3724,30 +10632,30 @@ CVE-2021-42644
RESERVED
CVE-2021-42643
RESERVED
-CVE-2021-42642
- RESERVED
-CVE-2021-42641
- RESERVED
-CVE-2021-42640
- RESERVED
-CVE-2021-42639
- RESERVED
-CVE-2021-42638
- RESERVED
-CVE-2021-42637
- RESERVED
+CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...)
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42636
RESERVED
-CVE-2021-42635
- RESERVED
+CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42634
RESERVED
-CVE-2021-42633
- RESERVED
+CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42632
RESERVED
-CVE-2021-42631
- RESERVED
+CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42630
RESERVED
CVE-2021-42629
@@ -3840,10 +10748,10 @@ CVE-2021-42586
RESERVED
CVE-2021-42585
RESERVED
-CVE-2021-42584
- RESERVED
-CVE-2021-42583
- RESERVED
+CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
+ NOT-FOR-US: Convos-Chat
+CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy ...)
+ NOT-FOR-US: Max Mazurov Maddy
CVE-2021-42582
RESERVED
CVE-2021-42581
@@ -3857,13 +10765,16 @@ CVE-2021-42578
CVE-2021-42577
RESERVED
CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...)
- NOT-FOR-US: bluemonday sanitizer
+ - golang-github-microcosm-cc-bluemonday 1.0.16-1
+ [bullseye] - golang-github-microcosm-cc-bluemonday <no-dsa> (Minor issue)
+ NOTE: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...)
NOT-FOR-US: OWASP HTML Sanitizer
CVE-2021-42574 (An issue was discovered in the Bidirectional Algorithm in the Unicode ...)
- rustc <unfixed>
[bullseye] - rustc <no-dsa> (Minor issue)
[buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/11/01/1
NOTE: https://github.com/rust-lang/rust/commit/dd61274930ec0cd17711fab52d2bc9ad3e9053de (1.56.1)
CVE-2021-42573
@@ -3878,64 +10789,66 @@ CVE-2021-42569
RESERVED
CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...)
NOT-FOR-US: Sonatype
-CVE-2021-42567
- RESERVED
+CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...)
+ NOT-FOR-US: Apereo CAS
CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
NOT-FOR-US: myfactory.FMS
CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
NOT-FOR-US: myfactory.FMS
-CVE-2021-42564
- RESERVED
+CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...)
+ NOT-FOR-US: Cryptshare Server
CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...)
NOT-FOR-US: NI Service Locator
CVE-2021-3893
RESERVED
-CVE-2021-42562
- RESERVED
-CVE-2021-42561
- RESERVED
-CVE-2021-42560
- RESERVED
-CVE-2021-42559
- RESERVED
-CVE-2021-42558
- RESERVED
+CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...)
+ NOT-FOR-US: CALDERA
CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
NOT-FOR-US: Jeedom
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
NOT-FOR-US: Rasa X
-CVE-2021-42555
- RESERVED
-CVE-2021-42554
- RESERVED
-CVE-2021-3892 [memory leak in fib6_rule_suppress could result in DoS]
- RESERVED
- - linux <unfixed>
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014623
-CVE-2021-26247
- RESERVED
-CVE-2021-23225
- RESERVED
+CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...)
+ NOT-FOR-US: Insyde
+CVE-2021-3892
+ REJECTED
+CVE-2021-26247 (As an unauthenticated remote user, visit "http://&lt;CACTI_SERVER&gt;/ ...)
+ - cacti 0.8.7i-1
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h)
+ NOTE: Addressed again as a side-note in the same issue and fix for CVE-2021-3816
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1)
+CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
+ - cacti 1.2.1+ds1-1
+ [stretch] - cacti <postponed> (Minor issue; stored XSS requires prior admin access)
+ NOTE: https://github.com/Cacti/cacti/issues/1882
CVE-2021-42553
RESERVED
CVE-2021-42552
RESERVED
-CVE-2021-42551
- RESERVED
-CVE-2021-42550
- RESERVED
-CVE-2021-42549
- RESERVED
-CVE-2021-42548
- RESERVED
-CVE-2021-42547
- RESERVED
-CVE-2021-42546
- RESERVED
-CVE-2021-42545
- RESERVED
-CVE-2021-42544
- RESERVED
+CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...)
+ NOT-FOR-US: AlCoda NetBiblio WebOPAC
+CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...)
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42543 (The affected application uses specific functions that could be abused ...)
NOT-FOR-US: AzeoTech
CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
@@ -3981,9 +10894,13 @@ CVE-2021-3891
CVE-2021-3890
RESERVED
CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
- - libmobi <itp> (bug #966677)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8)
CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
- - libmobi <itp> (bug #966677)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8)
CVE-2021-3887
RESERVED
CVE-2021-42523
@@ -4248,8 +11165,13 @@ CVE-2021-42394
RESERVED
CVE-2021-42393
RESERVED
-CVE-2021-42392
- RESERVED
+CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
+ {DSA-5076-1 DLA-2923-1}
+ - h2database 2.1.210-1 (bug #1003894)
+ NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
+ NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
+ NOTE: Fixed by https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7
+ NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd
CVE-2021-42391
RESERVED
CVE-2021-42390
@@ -4350,14 +11272,14 @@ CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 a
NOT-FOR-US: Imagicle Application Suite
CVE-2021-42368
RESERVED
-CVE-2021-42367
- RESERVED
+CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-42366
RESERVED
-CVE-2021-42365
- RESERVED
-CVE-2021-42364
- RESERVED
+CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...)
@@ -4368,10 +11290,10 @@ CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress instal
NOT-FOR-US: Elementor plugin for WordPress
CVE-2021-42359 (WP DSGVO Tools (GDPR) &lt;= 3.1.23 had an AJAX action, &#8216;admin-di ...)
NOT-FOR-US: WP DSGVO Tools (GDPR)
-CVE-2021-42358
- RESERVED
-CVE-2021-42357
- RESERVED
+CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted ...)
+ NOT-FOR-US: Apache Knox
CVE-2021-42356
RESERVED
CVE-2021-42355
@@ -4455,6 +11377,7 @@ CVE-2021-42328
RESERVED
CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
- linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerability introduced later)
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html
@@ -4475,8 +11398,8 @@ CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-42320
- RESERVED
+CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42318
@@ -4485,20 +11408,20 @@ CVE-2021-42317
RESERVED
CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2021-42315
- RESERVED
-CVE-2021-42314
- RESERVED
-CVE-2021-42313
- RESERVED
-CVE-2021-42312
- RESERVED
-CVE-2021-42311
- RESERVED
-CVE-2021-42310
- RESERVED
-CVE-2021-42309
- RESERVED
+CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42312 (Microsoft Defender for IOT Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42307
@@ -4525,12 +11448,12 @@ CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-42295
- RESERVED
-CVE-2021-42294
- RESERVED
-CVE-2021-42293
- RESERVED
+CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...)
+ NOT-FOR-US: Microsoft
CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
@@ -4596,7 +11519,9 @@ CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session auth
NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie
CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...)
- - libmobi <itp> (bug #966677)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8)
CVE-2021-3880
RESERVED
CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
@@ -4606,7 +11531,10 @@ CVE-2021-42262
CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...)
NOT-FOR-US: Revisor Video Management System (VMS)
CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...)
- - tinyxml <unfixed>
+ - tinyxml 2.6.2-6
+ [bullseye] - tinyxml <no-dsa> (Minor issue)
+ [buster] - tinyxml <no-dsa> (Minor issue)
+ [stretch] - tinyxml <no-dsa> (Minor issue; can be fixed with the next DLA)
NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
CVE-2021-42259
@@ -4694,16 +11622,16 @@ CVE-2021-42222
RESERVED
CVE-2021-42221
RESERVED
-CVE-2021-42220
- RESERVED
+CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 1 ...)
+ - dolibarr <removed>
CVE-2021-42219
RESERVED
CVE-2021-42218
RESERVED
CVE-2021-42217
RESERVED
-CVE-2021-42216
- RESERVED
+CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...)
+ NOT-FOR-US: AnonAddy
CVE-2021-42215
RESERVED
CVE-2021-42214
@@ -4798,8 +11726,8 @@ CVE-2021-42170
RESERVED
CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...)
NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code
-CVE-2021-42168
- RESERVED
+CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sha ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-42167
RESERVED
CVE-2021-42166
@@ -4860,8 +11788,8 @@ CVE-2021-42140
RESERVED
CVE-2021-42139 (Deno Standard Modules before 0.107.0 allows Code Injection via an untr ...)
NOT-FOR-US: Deno
-CVE-2021-42138
- RESERVED
+CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon may l ...)
+ NOT-FOR-US: SafeNet
CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...)
- zammad <itp> (bug #841355)
CVE-2021-42136
@@ -4880,56 +11808,56 @@ CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/
NOTE: Search from cursor position introduced in: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975 (v8.2.3110)
NOTE: Fixed by: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489)
-CVE-2021-42133
- RESERVED
-CVE-2021-42132
- RESERVED
-CVE-2021-42131
- RESERVED
-CVE-2021-42130
- RESERVED
-CVE-2021-42129
- RESERVED
-CVE-2021-42128
- RESERVED
-CVE-2021-42127
- RESERVED
-CVE-2021-42126
- RESERVED
-CVE-2021-42125
- RESERVED
-CVE-2021-42124
- RESERVED
-CVE-2021-42123
- RESERVED
-CVE-2021-42122
- RESERVED
-CVE-2021-42121
- RESERVED
-CVE-2021-42120
- RESERVED
-CVE-2021-42119
- RESERVED
-CVE-2021-42118
- RESERVED
-CVE-2021-42117
- RESERVED
-CVE-2021-42116
- RESERVED
-CVE-2021-42115
- RESERVED
+CVE-2021-42133 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42132 (A command Injection vulnerability exists in Ivanti Avalanche before 6. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42131 (A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 a ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42130 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42129 (A command injection vulnerability exists in Ivanti Avalanche before 6. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42128 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42127 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42126 (An improper authorization control vulnerability exists in Ivanti Avala ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42125 (An unrestricted file upload vulnerability exists in Ivanti Avalanche b ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42124 (An improper access control vulnerability exists in Ivanti Avalanche be ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...)
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...)
NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
NOTE: https://comsec.ethz.ch/research/dram/blacksmith/
-CVE-2021-42113
- RESERVED
+CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...)
+ NOT-FOR-US: Insyde
CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
- limesurvey <itp> (bug #472802)
CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
NOT-FOR-US: RCDevs OpenOTP app
-CVE-2021-42110
- RESERVED
+CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...)
+ NOT-FOR-US: Allegro Windows
CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
NOT-FOR-US: bookstack
CVE-2021-3873
@@ -4984,8 +11912,8 @@ CVE-2021-41133 (Flatpak is a system for building, distributing, and running sand
NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861
CVE-2021-42100
RESERVED
-CVE-2021-42099
- RESERVED
+CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...)
NOT-FOR-US: Devolutions
CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...)
@@ -4995,6 +11923,8 @@ CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation.
NOTE: https://bugs.launchpad.net/mailman/+bug/1947640
NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4
+ NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
+ NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...)
{DSA-4991-1 DLA-2791-1}
- mailman <removed>
@@ -5054,36 +11984,37 @@ CVE-2021-42072 (An issue was discovered in Barrier before 2.4.0. The barriers co
NOT-FOR-US: Barrier
CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...)
NOT-FOR-US: Visual Tools DVR VX16
-CVE-2021-42070
- RESERVED
-CVE-2021-42069
- RESERVED
-CVE-2021-42068
- RESERVED
-CVE-2021-42067
- RESERVED
-CVE-2021-42066
- RESERVED
+CVE-2021-42070 (When a user opens manipulated Jupiter Tessellation (.jt) file received ...)
+ NOT-FOR-US: SAP
+CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) file rec ...)
+ NOT-FOR-US: SAP
+CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...)
+ NOT-FOR-US: SAP
+CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...)
+ NOT-FOR-US: SAP
+CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...)
+ NOT-FOR-US: SAP
CVE-2021-42065
RESERVED
-CVE-2021-42064
- RESERVED
-CVE-2021-42063
- RESERVED
+CVE-2021-42064 (If configured to use an Oracle database and if a query is created usin ...)
+ NOT-FOR-US: SAP
+CVE-2021-42063 (A security vulnerability has been discovered in the SAP Knowledge Ware ...)
+ NOT-FOR-US: SAP
CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...)
NOT-FOR-US: SAP
-CVE-2021-42061
- RESERVED
+CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...)
+ NOT-FOR-US: SAP
CVE-2021-3868
RESERVED
CVE-2021-3867
RESERVED
-CVE-2021-3866
- RESERVED
-CVE-2021-42060
- RESERVED
-CVE-2021-42059
- RESERVED
+CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...)
+ - zulip-server <itp> (bug #800052)
+ NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
+CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...)
+ NOT-FOR-US: Insyde
CVE-2021-42058
RESERVED
CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...)
@@ -5098,10 +12029,10 @@ CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via c
NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2021-42052
RESERVED
-CVE-2021-42051
- RESERVED
-CVE-2021-42050
- RESERVED
+CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...)
+ NOT-FOR-US: AbanteCart
+CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...)
+ NOT-FOR-US: AbanteCart
CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...)
NOT-FOR-US: Translate MediaWiki extension
CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...)
@@ -5148,18 +12079,18 @@ CVE-2021-42029
RESERVED
CVE-2021-42028
RESERVED
-CVE-2021-42027
- RESERVED
+CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions &l ...)
+ NOT-FOR-US: Siemens
CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
-CVE-2021-42024
- RESERVED
-CVE-2021-42023
- RESERVED
-CVE-2021-42022
- RESERVED
+CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...)
+ NOT-FOR-US: Siemens
CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
NOT-FOR-US: Siemens
CVE-2021-42020
@@ -5184,8 +12115,10 @@ CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Serv
NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013
NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
-CVE-2021-3864
+CVE-2021-3864 [descendant's dumpable setting with certain SUID binaries]
RESERVED
+ - linux <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/20/2
CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...)
NOT-FOR-US: Trend Micro
CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
@@ -5196,16 +12129,19 @@ CVE-2021-42010
RESERVED
CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
NOT-FOR-US: Apache Traffic Control
-CVE-2021-3862
- RESERVED
-CVE-2021-3861
- RESERVED
-CVE-2021-3860
- RESERVED
+CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: icecoder
+CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerability. Z ...)
+ NOT-FOR-US: zephyr-rtos
+CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
+ NOT-FOR-US: JFrog Artifactory
CVE-2021-3859
RESERVED
+ - undertow <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378
+ TODO: check details
CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -5214,6 +12150,7 @@ CVE-2021-42007
RESERVED
CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...)
- libgclib 0.12.7+ds-2 (bug #996591)
+ [bullseye] - libgclib <no-dsa> (Minor issue)
NOTE: https://github.com/gpertea/gclib/issues/11
CVE-2021-42005
RESERVED
@@ -5225,8 +12162,8 @@ CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a
NOT-FOR-US: Zoho ManageEngine
CVE-2021-42001
RESERVED
-CVE-2021-42000
- RESERVED
+CVE-2021-42000 (When a password reset or password change flow with an authentication p ...)
+ NOT-FOR-US: pingidentity
CVE-2021-41999
RESERVED
CVE-2021-41998
@@ -5286,8 +12223,8 @@ CVE-2021-41974 (Tad Book3 editing book page does not perform identity verificati
NOT-FOR-US: Tad Book3
CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
-CVE-2021-3857
- RESERVED
+CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: chaskiq
CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
NOT-FOR-US: Apache MINA
CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
@@ -5323,8 +12260,8 @@ CVE-2021-41964
RESERVED
CVE-2021-41963
RESERVED
-CVE-2021-41962
- RESERVED
+CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-41961
RESERVED
CVE-2021-41960
@@ -5387,12 +12324,12 @@ CVE-2021-41932
RESERVED
CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...)
NOT-FOR-US: Company's Recruitment Management System
-CVE-2021-41930
- RESERVED
-CVE-2021-41929
- RESERVED
-CVE-2021-41928
- RESERVED
+CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Mana ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-41927
RESERVED
CVE-2021-41926
@@ -5505,10 +12442,10 @@ CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box
NOT-FOR-US: Penguin Aurora TV Box 41502
CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
-CVE-2021-41871
- RESERVED
-CVE-2021-41870
- RESERVED
+CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper ...)
+ NOT-FOR-US: Socomec
+CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec REMOTE ...)
+ NOT-FOR-US: Socomec
CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...)
NOT-FOR-US: SuiteCRM
CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...)
@@ -5519,17 +12456,19 @@ CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before
TODO: check details, exact fixing commits unclear
CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
NOT-FOR-US: MyBB
-CVE-2021-3853
- RESERVED
-CVE-2021-3852
- RESERVED
+CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: chaskiq
+CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
+ NOT-FOR-US: GROWI
CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
- nomad <not-affected> (Only affects 1.1.x)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
NOTE: https://github.com/hashicorp/nomad/issues/11243
NOTE: https://github.com/hashicorp/nomad/pull/11257
CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...)
+ {DLA-2843-1}
- linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
CVE-2021-41863
RESERVED
@@ -5559,8 +12498,11 @@ CVE-2021-41851
RESERVED
CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: firefly-iii
-CVE-2021-3850
- RESERVED
+CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...)
+ {DLA-2912-1}
+ - libphp-adodb <unfixed> (bug #1004376)
+ NOTE: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29
+ NOTE: https://github.com/ADOdb/ADOdb/issues/793
CVE-2021-3849
RESERVED
CVE-2021-41850
@@ -5575,22 +12517,22 @@ CVE-2021-41846
RESERVED
CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...)
NOT-FOR-US: ThycoticCentrify Secret Server
-CVE-2021-41844
- RESERVED
-CVE-2021-41843
- RESERVED
-CVE-2021-41842
- RESERVED
-CVE-2021-41841
- RESERVED
-CVE-2021-41840
- RESERVED
-CVE-2021-41839
- RESERVED
-CVE-2021-41838
- RESERVED
-CVE-2021-41837
- RESERVED
+CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...)
+ NOT-FOR-US: Crocoblock JetEngine
+CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
+ NOT-FOR-US: Insyde
CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...)
@@ -5604,8 +12546,8 @@ CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dan
NOT-FOR-US: firefly-iii
CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...)
NOT-FOR-US: Trend Micro
-CVE-2021-3845
- RESERVED
+CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...)
+ NOT-FOR-US: ws-scrcpy
CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
NOT-FOR-US: Apache OpenOffice
CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...)
@@ -5616,8 +12558,13 @@ CVE-2021-3844
RESERVED
CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...)
NOT-FOR-US: Lenovo
-CVE-2021-3842
- RESERVED
+CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+ - nltk 3.6.7-1 (bug #1003142)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/
+ NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6)
CVE-2021-3841
RESERVED
CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...)
@@ -5640,14 +12587,39 @@ CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Int
NOT-FOR-US: Wazuh
CVE-2021-41820
RESERVED
-CVE-2021-41819
- RESERVED
+CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...)
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
+ NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1)
CVE-2021-41818
RESERVED
-CVE-2021-41817
- RESERVED
-CVE-2021-41816
- RESERVED
+CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...)
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+ NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2)
+ NOTE: Followups to mimic previous behaviour:
+ NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
+ NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
+CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...)
+ {DSA-5067-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <not-affected> (Vulnerable code introduced later)
+ - ruby2.3 <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
+ NOTE: Introduced by: https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c (v0.1.0)
+ NOTE: Fixed by: https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a (v0.3.1)
CVE-2021-41815
RESERVED
CVE-2021-41814
@@ -5660,16 +12632,17 @@ CVE-2021-41811
RESERVED
CVE-2021-41810
RESERVED
-CVE-2021-41809
- RESERVED
-CVE-2021-41808
- RESERVED
-CVE-2021-41807
- RESERVED
+CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...)
+ NOT-FOR-US: M-Files Server
CVE-2021-41806
RESERVED
-CVE-2021-41805
- RESERVED
+CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...)
+ - consul <not-affected> (Only affects Consul Enterprise)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
CVE-2021-41804
RESERVED
CVE-2021-41803
@@ -5715,10 +12688,10 @@ CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0
NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share
CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
-CVE-2021-41789
- RESERVED
-CVE-2021-41788
- RESERVED
+CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...)
+ NOT-FOR-US: Mediatek devices
+CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...)
+ NOT-FOR-US: Netgear
CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...)
NOT-FOR-US: Antilles
CVE-2021-41787
@@ -5763,19 +12736,23 @@ CVE-2021-3839
CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...)
- golang-1.17 1.17.3-1
- golang-1.16 1.16.10-1
- - golang-1.15 <unfixed>
- - golang-1.11 <removed>
- - golang-1.8 <removed>
- - golang-1.7 <removed>
+ - golang-1.15 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.11 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.8 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.7 <not-affected> (Vulnerable code introduced later in go1.16beta1)
NOTE: https://github.com/golang/go/issues/48085
NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ NOTE: Introduced in: https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085 (go1.16beta1)
NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3)
NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10)
CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.3-1
- golang-1.16 1.16.10-1
- - golang-1.15 <unfixed>
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- golang-1.7 <removed>
NOTE: https://github.com/golang/go/issues/48990
@@ -5786,28 +12763,31 @@ CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing
NOT-FOR-US: Ping Identity PingFederate
CVE-2021-3838
RESERVED
-CVE-2021-41769
- RESERVED
+CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
+ NOT-FOR-US: Siemens
CVE-2021-41768
RESERVED
-CVE-2021-41767
- RESERVED
-CVE-2021-3837
- RESERVED
-CVE-2021-41766
- RESERVED
-CVE-2021-3836
- RESERVED
-CVE-2021-3835
- RESERVED
+CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...)
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <end-of-life> (unmaintained stretch-only package)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6
+CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...)
+ NOT-FOR-US: openwhyd
+CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...)
+ - apache-karaf <itp> (bug #881297)
+CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...)
+ - dbeaver <itp> (bug #680987)
+ NOTE: https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22
+CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions &gt;= v2.6.0 cont ...)
+ NOT-FOR-US: zephyr-rtos
CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...)
NOT-FOR-US: Integria IMS
CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...)
NOT-FOR-US: Integria IMS
CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...)
NOT-FOR-US: Integria IMS
-CVE-2021-3831
- RESERVED
+CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: gnuboard5
CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...)
NOT-FOR-US: ResourceSpace
CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...)
@@ -5842,8 +12822,8 @@ CVE-2021-41750
RESERVED
CVE-2021-41749
RESERVED
-CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...)
- NOT-FOR-US: Portainer
+CVE-2021-41748
+ REJECTED
CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
NOT-FOR-US: Csdn APP
CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...)
@@ -5900,18 +12880,16 @@ CVE-2021-41722
RESERVED
CVE-2021-41721
RESERVED
-CVE-2021-41720 (** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 all ...)
- - node-lodash <unfixed> (unimportant)
- NOTE: https://github.com/lodash/lodash/issues/5261
- NOTE: Disputed security impact and validitity of the issue
+CVE-2021-41720
+ REJECTED
CVE-2021-41719
RESERVED
CVE-2021-41718
RESERVED
CVE-2021-41717
RESERVED
-CVE-2021-41716
- RESERVED
+CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...)
+ NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android Application
CVE-2021-41715
RESERVED
CVE-2021-41714
@@ -5948,14 +12926,14 @@ CVE-2021-41699
RESERVED
CVE-2021-41698
RESERVED
-CVE-2021-41697
- RESERVED
-CVE-2021-41696
- RESERVED
-CVE-2021-41695
- RESERVED
-CVE-2021-41694
- RESERVED
+CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...)
+ NOT-FOR-US: Premiumdatingscript
CVE-2021-41693
RESERVED
CVE-2021-41692
@@ -5984,12 +12962,12 @@ CVE-2021-41681
RESERVED
CVE-2021-41680
RESERVED
-CVE-2021-41679
- RESERVED
-CVE-2021-41678
- RESERVED
-CVE-2021-41677
- RESERVED
+CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...)
NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...)
@@ -6022,12 +13000,12 @@ CVE-2021-41662
RESERVED
CVE-2021-41661
RESERVED
-CVE-2021-41660
- RESERVED
-CVE-2021-41659
- RESERVED
-CVE-2021-41658
- RESERVED
+CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-41657
RESERVED
CVE-2021-41656
@@ -6134,14 +13112,14 @@ CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2.
[buster] - squid <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch
-CVE-2021-3829
- RESERVED
+CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: openwhyd
CVE-2021-41610
- RESERVED
-CVE-2021-41609
- RESERVED
-CVE-2021-41608
- RESERVED
+ REJECTED
+CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...)
+ NOT-FOR-US: SelectSurvey.NET
+CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...)
+ NOT-FOR-US: SelectSurvey.NET
CVE-2021-41607
RESERVED
CVE-2021-41606
@@ -6158,12 +13136,12 @@ CVE-2021-41601
RESERVED
CVE-2021-41600
RESERVED
-CVE-2021-41599
- RESERVED
-CVE-2021-41598
- RESERVED
-CVE-2021-41597
- RESERVED
+CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...)
+ NOT-FOR-US: SuiteCRM
CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
NOT-FOR-US: SuiteCRM
CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
@@ -6229,8 +13207,8 @@ CVE-2021-3827
NOT-FOR-US: Keycloak
CVE-2021-41572
RESERVED
-CVE-2021-41571
- RESERVED
+CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...)
+ NOT-FOR-US: Apache Pulsar
CVE-2021-41570
RESERVED
CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
@@ -6251,8 +13229,8 @@ CVE-2021-41563 (Tad Book3 editing book function does not filter special characte
NOT-FOR-US: Tad Book3
CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admin user ...)
NOT-FOR-US: Snow Snow Agent for Windows
-CVE-2021-41561
- RESERVED
+CVE-2021-41561 (Improper Input Validation vulnerability in Parquet-MR of Apache Parque ...)
+ NOT-FOR-US: Apache Parquet
CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...)
NOT-FOR-US: LiderAhenk
CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
@@ -6261,14 +13239,14 @@ CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
NOT-FOR-US: Bitdefender
CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: jsoneditor
-CVE-2021-41560
- RESERVED
+CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...)
+ NOT-FOR-US: OpenCATS
CVE-2021-41559
RESERVED
CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
NOT-FOR-US: set_user extension for Postgres
-CVE-2021-41557
- RESERVED
+CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
+ NOT-FOR-US: Sofico
CVE-2021-41556
RESERVED
CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
@@ -6277,18 +13255,18 @@ CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815
NOT-FOR-US: ARCHIBUS Web Central
CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
NOT-FOR-US: ARCHIBUS Web Central
-CVE-2021-41552
- RESERVED
-CVE-2021-41551
- RESERVED
-CVE-2021-41550
- RESERVED
+CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...)
+ NOT-FOR-US: CommScope
+CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
+ NOT-FOR-US: Leostream Connection Broker
+CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...)
+ NOT-FOR-US: Leostream Connection Broker
CVE-2021-41549
RESERVED
CVE-2021-41548
RESERVED
-CVE-2021-41547
- RESERVED
+CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
+ NOT-FOR-US: Siemens
CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
NOT-FOR-US: Siemens
CVE-2021-41545
@@ -6351,8 +13329,8 @@ CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
NOT-FOR-US: firefly-iii
CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...)
NOT-FOR-US: Grav CMS
-CVE-2021-3817
- RESERVED
+CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...)
+ NOT-FOR-US: wbce_cms
CVE-2021-41523
RESERVED
CVE-2021-41522
@@ -6399,18 +13377,35 @@ CVE-2021-41502
RESERVED
CVE-2021-41501
RESERVED
-CVE-2021-41500
- RESERVED
-CVE-2021-41499
- RESERVED
-CVE-2021-41498
- RESERVED
-CVE-2021-41497
- RESERVED
-CVE-2021-41496
- RESERVED
-CVE-2021-41495
- RESERVED
+CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)
+ - cvxopt 1.2.7+dfsg-1
+ [bullseye] - cvxopt <no-dsa> (Minor issue)
+ [buster] - cvxopt <no-dsa> (Minor issue)
+ [stretch] - cvxopt <no-dsa> (Minor issue)
+ NOTE: https://github.com/cvxopt/cvxopt/issues/193
+CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo &lt; ...)
+ - python-pyo 1.0.4-1
+ [stretch] - python-pyo <no-dsa> (Minor issue)
+ NOTE: https://github.com/belangeo/pyo/issues/222
+ NOTE: https://github.com/belangeo/pyo/commit/e7e6d2880469b523e4c41f0da2087a6a3eec4a45 (1.0.4)
+CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo &amp;lt and 1.03 in the Ser ...)
+ - python-pyo 1.0.4-1
+ [stretch] - python-pyo <no-dsa> (Minor issue)
+ NOTE: https://github.com/belangeo/pyo/issues/221
+ NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4)
+CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...)
+ NOT-FOR-US: RaRe-Technologies bounter
+CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj function of for ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/19000
+ NOTE: https://github.com/numpy/numpy/pull/20630
+ NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2
+CVE-2021-41495 (** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy. ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/19038
+ TODO: check for classification/severity
CVE-2021-41494
RESERVED
CVE-2021-41493
@@ -6455,10 +13450,10 @@ CVE-2021-41474
RESERVED
CVE-2021-41473
RESERVED
-CVE-2021-41472
- RESERVED
-CVE-2021-41471
- RESERVED
+CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple Membership System ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn Online Re ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-41470
RESERVED
CVE-2021-41469
@@ -6509,28 +13504,28 @@ CVE-2021-41453
RESERVED
CVE-2021-41452
RESERVED
-CVE-2021-41451
- RESERVED
-CVE-2021-41450
- RESERVED
-CVE-2021-41449
- RESERVED
+CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
+ NOT-FOR-US: Netgear
CVE-2021-41448
RESERVED
CVE-2021-41447
RESERVED
CVE-2021-41446
RESERVED
-CVE-2021-41445
- RESERVED
+CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...)
+ NOT-FOR-US: D-Link
CVE-2021-41444
RESERVED
CVE-2021-41443
RESERVED
-CVE-2021-41442
- RESERVED
-CVE-2021-41441
- RESERVED
+CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...)
+ NOT-FOR-US: D-Link
CVE-2021-41440
RESERVED
CVE-2021-41439
@@ -6635,8 +13630,8 @@ CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provi
NOT-FOR-US: Ericsson ECM
CVE-2021-41389
RESERVED
-CVE-2021-41388
- RESERVED
+CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...)
+ NOT-FOR-US: Netskope
CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...)
- seatd <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
@@ -6652,8 +13647,11 @@ CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server m
NOT-FOR-US: Plastic SCM
CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...)
NOT-FOR-US: Payara Micro Community
-CVE-2021-3816
- RESERVED
+CVE-2021-3816 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
+ - cacti 1.2.1+ds1-1
+ [stretch] - cacti <not-affected> (user_group_admin.php not present, added in 1.0)
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1)
CVE-2021-41380 (** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to ca ...)
NOT-FOR-US: RealVNC
CVE-2021-41379 (Windows Installer Elevation of Privilege Vulnerability ...)
@@ -6684,8 +13682,8 @@ CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique
NOT-FOR-US: Microsoft
CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...)
NOT-FOR-US: Microsoft
-CVE-2021-41365
- RESERVED
+CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
CVE-2021-41364
RESERVED
CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...)
@@ -6694,8 +13692,8 @@ CVE-2021-41362
RESERVED
CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-41360
- RESERVED
+CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
CVE-2021-41359
RESERVED
CVE-2021-41358
@@ -6748,8 +13746,8 @@ CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-41333
- RESERVED
+CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...)
@@ -6786,24 +13784,24 @@ CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize us
NOT-FOR-US: Device42 Main Appliance
CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...)
NOT-FOR-US: Device42 Remote Collector
-CVE-2021-3815
- RESERVED
+CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...)
+ NOT-FOR-US: fabiocaccamo/utils.js
CVE-2021-3814
RESERVED
-CVE-2021-3813
- RESERVED
+CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...)
+ NOT-FOR-US: chatwoot
CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
NOT-FOR-US: NETGEAR
CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
NOT-FOR-US: Atlassian
CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
NOT-FOR-US: Atlassian
-CVE-2021-41311
- RESERVED
+CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...)
+ NOT-FOR-US: Atlassian
CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
NOT-FOR-US: Atlassian
-CVE-2021-41309
- RESERVED
+CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...)
+ NOT-FOR-US: Atlassian
CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
NOT-FOR-US: Atlassian
CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -6837,7 +13835,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o
- node-object-path 0.11.8-1
[bullseye] - node-object-path 0.11.5-3+deb11u1
[buster] - node-object-path <no-dsa> (Minor issue)
- [stretch] - node-object-path <no-dsa> (Minor issue)
+ [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
@@ -6902,16 +13900,16 @@ CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing nec
NOT-FOR-US: EdgeX
CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
NOT-FOR-US: Metabase
-CVE-2021-41276
- RESERVED
+CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...)
NOT-FOR-US: spree_auth_devise
CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...)
NOT-FOR-US: solidus_auth_devise
CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with ...)
NOT-FOR-US: Pterodactyl
-CVE-2021-41272
- RESERVED
+CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in version 21.10. ...)
+ NOT-FOR-US: Hyperledger Besu
CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...)
NOT-FOR-US: Discourse
CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...)
@@ -6934,18 +13932,21 @@ CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a
NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12)
CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...)
NOT-FOR-US: Minio console
-CVE-2021-41265
- RESERVED
+CVE-2021-41265 (Flask-AppBuilder is a development framework built on top of Flask. Ver ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc (3.3.4)
CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...)
NOT-FOR-US: rails_multisite
-CVE-2021-41262
- RESERVED
-CVE-2021-41261
- RESERVED
-CVE-2021-41260
- RESERVED
+CVE-2021-41262 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41261 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41260 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
- nim <unfixed>
[bullseye] - nim <no-dsa> (Minor issue)
@@ -6956,8 +13957,8 @@ CVE-2021-41258 (Kirby is an open source file structured CMS. In affected version
NOT-FOR-US: Kirby
CVE-2021-41257
RESERVED
-CVE-2021-41256
- RESERVED
+CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...)
+ NOT-FOR-US: nextcloud news-android App
CVE-2021-41255
RESERVED
CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...)
@@ -6978,19 +13979,19 @@ CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL f
CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...)
NOT-FOR-US: GraphiQL
CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...)
- - jupyterhub <unfixed>
+ - jupyterhub 2.0.0+ds1-1
NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
-CVE-2021-41246
- RESERVED
+CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...)
+ NOT-FOR-US: Express OpenID Connect
CVE-2021-41245
RESERVED
CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
- grafana <removed>
CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...)
NOT-FOR-US: baserCMS
-CVE-2021-41242
- RESERVED
+CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path traversal vu ...)
+ NOT-FOR-US: OpenOlat
CVE-2021-41241
RESERVED
CVE-2021-41240
@@ -7001,8 +14002,8 @@ CVE-2021-41238 (Hangfire is an open source system to perform background job proc
NOT-FOR-US: Hangfire
CVE-2021-41237
RESERVED
-CVE-2021-41236
- RESERVED
+CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ NOT-FOR-US: OroPlatform
CVE-2021-41235
RESERVED
CVE-2021-41234
@@ -7017,7 +14018,7 @@ CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affec
NOT-FOR-US: Pomerium
CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...)
{DLA-2827-1}
- - bluez <unfixed> (bug #1000262)
+ - bluez 5.62-2 (bug #1000262)
[bullseye] - bluez <no-dsa> (Minor issue)
[buster] - bluez <no-dsa> (Minor issue)
NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
@@ -7118,20 +14119,29 @@ CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
NOTE: https://bugs.jqueryui.com/ticket/15284
NOTE: https://github.com/jquery/jquery-ui/pull/1953
+ NOTE: https://www.drupal.org/sa-core-2022-001
CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
+ NOTE: https://www.drupal.org/sa-core-2022-002
CVE-2021-41181
RESERVED
CVE-2021-41180
@@ -7162,14 +14172,18 @@ CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser
NOT-FOR-US: Snudown
CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...)
NOT-FOR-US: modern-async
-CVE-2021-41166
- RESERVED
+CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+ NOT-FOR-US: Nextcloud Android app
CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...)
- ckeditor <unfixed> (bug #999909)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <no-dsa> (Minor issue)
NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...)
- ckeditor <unfixed> (bug #999909)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <no-dsa> (Minor issue)
NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
@@ -7179,19 +14193,23 @@ CVE-2021-41162
CVE-2021-41161
RESERVED
CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.4.1+dfsg1-1 (bug #1001062)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
+ NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692
CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.4.1+dfsg1-1 (bug #1001061)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe
CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
- freeswitch <itp> (bug #389591)
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
@@ -7233,8 +14251,10 @@ CVE-2021-41143
RESERVED
CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
NOT-FOR-US: Tuleap
-CVE-2021-41141
- RESERVED
+CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
+ - pjproject <removed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc
+ NOTE: https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196
CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...)
NOT-FOR-US: Discourse plugin
CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -7268,6 +14288,9 @@ CVE-2021-41126 (October is a Content Management System (CMS) and web platform bu
NOT-FOR-US: October CMS
CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...)
- python-scrapy 2.5.1-1
+ [bullseye] - python-scrapy <no-dsa> (Minor issue)
+ [buster] - python-scrapy <no-dsa> (Minor issue)
+ [stretch] - python-scrapy <no-dsa> (Minor issue)
NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498
CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...)
NOT-FOR-US: Scrapy-splash
@@ -7347,21 +14370,21 @@ CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if
NOT-FOR-US: Wire iOS
CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...)
- docker.io 20.10.10+dfsg1-1 (bug #998292)
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...)
- docker.io 20.10.10+dfsg1-1
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
-CVE-2021-41090
- RESERVED
+CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and ...)
+ NOT-FOR-US: Grafana Agent
CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...)
- docker.io 20.10.10+dfsg1-1
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...)
@@ -7393,12 +14416,17 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1
NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44)
NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64)
CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...)
- NOT-FOR-US: nth-check
-CVE-2021-3802
- RESERVED
+ - node-nth-check 2.0.1-1
+ [bullseye] - node-nth-check <no-dsa> (Minor issue)
+ [buster] - node-nth-check <no-dsa> (Minor issue)
+ [stretch] - node-nth-check <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 (v2.0.1)
+ NOTE: https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0/
+ NOTE: https://github.com/advisories/GHSA-rp65-9cf3-cjxr
+CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...)
{DLA-2809-1}
- udisks2 2.9.4-1
- [bullseye] - udisks2 <no-dsa> (Minor issue)
+ [bullseye] - udisks2 2.9.2-2+deb11u1
[buster] - udisks2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
@@ -7441,16 +14469,16 @@ CVE-2021-41069
RESERVED
CVE-2021-41068
RESERVED
-CVE-2021-41067
- RESERVED
-CVE-2021-41066
- RESERVED
-CVE-2021-41065
- RESERVED
+CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...)
+ NOT-FOR-US: Listary
+CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...)
+ NOT-FOR-US: Listary
+CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...)
+ NOT-FOR-US: Listary
CVE-2021-41064
RESERVED
-CVE-2021-41063
- RESERVED
+CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...)
+ NOT-FOR-US: Aanderaa GeoView Webservice
CVE-2021-41062
RESERVED
CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...)
@@ -7466,11 +14494,13 @@ CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDon
CVE-2021-41056
RESERVED
CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...)
+ {DSA-5064-1}
- python-nbxmpp 2.0.4-1
+ [buster] - python-nbxmpp <not-affected> (Vulnerable code not present)
+ [stretch] - python-nbxmpp <not-affected> (Vulnerable code introduced later (modules added in v1.0.0))
NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638
NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f
NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version.
- TODO: double-check correctness for tracking of source package, underlying issue is fixed in python-nbxmpp
CVE-2021-41053
RESERVED
CVE-2021-41052
@@ -7491,16 +14521,25 @@ CVE-2021-41045
RESERVED
CVE-2021-41044
RESERVED
-CVE-2021-41043
- RESERVED
+CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...)
+ - tcpslice <unfixed> (bug #1003190)
+ [bullseye] - tcpslice <no-dsa> (Minor issue)
+ [buster] - tcpslice <no-dsa> (Minor issue)
+ [stretch] - tcpslice <no-dsa> (Minor issue)
+ NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
+ NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5)
CVE-2021-41042
RESERVED
CVE-2021-41041
RESERVED
-CVE-2021-41040
- RESERVED
-CVE-2021-41039
- RESERVED
+CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...)
+ NOT-FOR-US: Eclipse Wakaama
+CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...)
+ - mosquitto <unfixed> (bug #1001028)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
+ NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12)
CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...)
NOT-FOR-US: Eclipse Theia
CVE-2021-41037
@@ -7518,42 +14557,42 @@ CVE-2021-41032
RESERVED
CVE-2021-41031
RESERVED
-CVE-2021-41030
- RESERVED
-CVE-2021-41029
- RESERVED
-CVE-2021-41028
- RESERVED
-CVE-2021-41027
- RESERVED
+CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-41026
RESERVED
-CVE-2021-41025
- RESERVED
-CVE-2021-41024
- RESERVED
+CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...)
NOT-FOR-US: Fortiguard
CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Agent ve ...)
NOT-FOR-US: Fortiguard
-CVE-2021-41021
- RESERVED
+CVE-2021-41021 (A privilege escalation vulnerability in FortiNAC versions 8.8.8 and be ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-41020
RESERVED
CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...)
NOT-FOR-US: Fortiguard
-CVE-2021-41018
- RESERVED
-CVE-2021-41017
- RESERVED
-CVE-2021-41016
- RESERVED
-CVE-2021-41015
- RESERVED
-CVE-2021-41014
- RESERVED
-CVE-2021-41013
- RESERVED
+CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41013 (An improper access control vulnerability [CWE-284] in FortiWeb version ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-41012
RESERVED
CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...)
@@ -7612,6 +14651,7 @@ CVE-2021-3800
RESERVED
CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...)
- htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE: https://github.com/michaelrsweet/htmldoc/issues/444
NOTE: https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 (v1.9.13)
NOTE: Crash in CLI tool, no security impact
@@ -7781,12 +14821,12 @@ CVE-2021-40911
RESERVED
CVE-2021-40910
RESERVED
-CVE-2021-40909
- RESERVED
-CVE-2021-40908
- RESERVED
-CVE-2021-40907
- RESERVED
+CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-40906
RESERVED
CVE-2021-40905
@@ -7833,10 +14873,10 @@ CVE-2021-40885
RESERVED
CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...)
NOT-FOR-US: Projectsend
-CVE-2021-40883
- RESERVED
-CVE-2021-40882
- RESERVED
+CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...)
+ NOT-FOR-US: emlog
+CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...)
+ - piwigo <removed>
CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...)
NOT-FOR-US: PublicCMS
CVE-2021-40880
@@ -7851,8 +14891,15 @@ CVE-2021-40876
RESERVED
CVE-2021-40875 (Improper Access Control in Gurock TestRail versions &lt; 7.2.0.3014 re ...)
NOT-FOR-US: Gurock TestRail
-CVE-2021-40874
- RESERVED
+CVE-2021-40874 [RESTServer pwdConfirm always returns true with Combination + Kerberos]
+ RESERVED
+ [experimental] - lemonldap-ng 2.0.14~exp+ds-1
+ - lemonldap-ng <unfixed> (bug #1005302)
+ [bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+ [buster] - lemonldap-ng <no-dsa> (Minor issue)
+ [stretch] - lemonldap-ng <no-dsa> (Minor issue)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/66946e8f754812b375768c2124937137c856fe0c
CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
NOT-FOR-US: Softing Industrial Automation
CVE-2021-40872 (An issue was discovered in Softing Industrial Automation uaToolkit Emb ...)
@@ -7888,10 +14935,10 @@ CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker ser
CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
NOT-FOR-US: Hestia Control Panel
CVE-2021-3796 (vim is vulnerable to Use After Free ...)
+ {DLA-2876-1}
- vim 2:8.2.3455-1 (bug #994497)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/
NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428)
NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
@@ -7905,30 +14952,30 @@ CVE-2021-40863
RESERVED
CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...)
NOT-FOR-US: HashiCorp Terraform Enterprise
-CVE-2021-40861
- RESERVED
-CVE-2021-40860
- RESERVED
-CVE-2021-40859
- RESERVED
-CVE-2021-40858
- RESERVED
-CVE-2021-40857
- RESERVED
-CVE-2021-40856
- RESERVED
-CVE-2021-40855
- RESERVED
+CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...)
+ NOT-FOR-US: Genesys
+CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...)
+ NOT-FOR-US: Genesys
+CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...)
+ NOT-FOR-US: Auerswald
+CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Discl ...)
+ NOT-FOR-US: Auerswald COMpact 5500R devices
+CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation ...)
+ NOT-FOR-US: Auerswald COMpact 5500R devices
+CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...)
+ NOT-FOR-US: Auerswald
+CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...)
+ NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates
CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
NOT-FOR-US: AnyDesk
-CVE-2021-40853
- RESERVED
-CVE-2021-40852
- RESERVED
-CVE-2021-40851
- RESERVED
-CVE-2021-40850
- RESERVED
+CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...)
+ NOT-FOR-US: TCMAN GIM
CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...)
- mahara <removed>
CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...)
@@ -7945,10 +14992,10 @@ CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe d
NOT-FOR-US: Proofpoint
CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...)
NOT-FOR-US: Proofpoint
-CVE-2021-40841
- RESERVED
-CVE-2021-40840
- RESERVED
+CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...)
+ NOT-FOR-US: LiveConfig
+CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...)
+ NOT-FOR-US: LiveConfig
CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
- python-rencode 1.0.6-2
[bullseye] - python-rencode <no-dsa> (Minor issue)
@@ -7958,14 +15005,14 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite
NOTE: https://github.com/aresch/rencode/pull/29
CVE-2021-40838
RESERVED
-CVE-2021-40837
- RESERVED
-CVE-2021-40836
- RESERVED
-CVE-2021-40835
- RESERVED
-CVE-2021-40834
- RESERVED
+CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
+ NOT-FOR-US: Safe Browser for iOS
+CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
+ NOT-FOR-US: F-secure
CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
NOT-FOR-US: F-Secure
CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
@@ -7978,10 +15025,16 @@ CVE-2021-40829 (Connections initialized by the AWS IoT Device SDK v2 for Java (v
NOT-FOR-US: AWS IoT Device SDK
CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...)
NOT-FOR-US: AWS IoT Device SDK
-CVE-2021-40827
- RESERVED
-CVE-2021-40826
- RESERVED
+CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) ...)
+ - clementine <unfixed> (unimportant)
+ NOTE: https://voidsec.com/advisories/cve-2021-40827/
+ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but
+ NOTE: regardless just a crash in a CLI tool
+CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User Mode Wri ...)
+ - clementine <unfixed> (unimportant)
+ NOTE: https://voidsec.com/advisories/cve-2021-40826/
+ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but
+ NOTE: regardless just a crash in a CLI tool
CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...)
NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers
CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...)
@@ -8025,8 +15078,7 @@ CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During W
NOT-FOR-US: yourls
CVE-2021-3782
RESERVED
-CVE-2021-3781 [Include device specifier strings in access validation]
- RESERVED
+CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...)
{DSA-4972-1}
- ghostscript 9.53.3~dfsg-8 (bug #994011)
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -8043,8 +15095,8 @@ CVE-2021-40815
RESERVED
CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...)
NOT-FOR-US: PrestaShop addon
-CVE-2021-40813
- RESERVED
+CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
+ NOT-FOR-US: Element-IT HTTP Commander
CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
- libgd2 <unfixed>
[bullseye] - libgd2 <no-dsa> (Minor issue)
@@ -8056,8 +15108,8 @@ CVE-2021-40811
RESERVED
CVE-2021-40810
RESERVED
-CVE-2021-40809
- RESERVED
+CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An ...)
+ NOT-FOR-US: Jamf Pro
CVE-2021-40808
RESERVED
CVE-2021-40807
@@ -8111,10 +15163,10 @@ CVE-2021-40786
RESERVED
CVE-2021-40785
RESERVED
-CVE-2021-40784
- RESERVED
-CVE-2021-40783
- RESERVED
+CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
CVE-2021-40782
RESERVED
CVE-2021-40781
@@ -8235,8 +15287,8 @@ CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are aff
NOT-FOR-US: Adobe
CVE-2021-40723
RESERVED
-CVE-2021-40722
- RESERVED
+CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...)
+ NOT-FOR-US: Adobe
CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...)
NOT-FOR-US: Adobe
CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
@@ -8288,17 +15340,17 @@ CVE-2021-40698
CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
NOT-FOR-US: Adobe
CVE-2021-40696
- RESERVED
-CVE-2021-40695
- RESERVED
-CVE-2021-40694
- RESERVED
-CVE-2021-40693
- RESERVED
-CVE-2021-40692
- RESERVED
-CVE-2021-40691
- RESERVED
+ REJECTED
+CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...)
+ - moodle <removed>
+CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...)
+ - moodle <removed>
+CVE-2021-40693 (An authentication bypass risk was identified in the external database ...)
+ - moodle <removed>
+CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...)
+ - moodle <removed>
+CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...)
+ - moodle <removed>
CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
{DSA-5010-1 DLA-2767-1}
- libxml-security-java 2.1.7-1 (bug #994569)
@@ -8337,10 +15389,10 @@ CVE-2021-40682
CVE-2021-3779
RESERVED
CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2876-1}
- vim 2:8.2.3455-1 (bug #994498)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409)
NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
@@ -8484,8 +15536,8 @@ CVE-2021-40614
RESERVED
CVE-2021-40613
RESERVED
-CVE-2021-40612
- RESERVED
+CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...)
+ NOT-FOR-US: Opmantek Open-AudIT
CVE-2021-40611
RESERVED
CVE-2021-40610
@@ -8516,10 +15568,10 @@ CVE-2021-40598
RESERVED
CVE-2021-40597
RESERVED
-CVE-2021-40596
- RESERVED
-CVE-2021-40595
- RESERVED
+CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-40594
RESERVED
CVE-2021-40593
@@ -8550,48 +15602,80 @@ CVE-2021-40581
RESERVED
CVE-2021-40580
RESERVED
-CVE-2021-40579
- RESERVED
-CVE-2021-40578
- RESERVED
+CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...)
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
+CVE-2021-40578 (Authenticated Blind &amp; Error-based SQL injection vulnerability was ...)
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-40576
- RESERVED
-CVE-2021-40575
- RESERVED
-CVE-2021-40574
- RESERVED
-CVE-2021-40573
- RESERVED
-CVE-2021-40572
- RESERVED
-CVE-2021-40571
- RESERVED
-CVE-2021-40570
- RESERVED
-CVE-2021-40569
- RESERVED
-CVE-2021-40568
- RESERVED
-CVE-2021-40567
- RESERVED
-CVE-2021-40566
- RESERVED
-CVE-2021-40565
- RESERVED
-CVE-2021-40564
- RESERVED
-CVE-2021-40563
- RESERVED
-CVE-2021-40562
- RESERVED
+CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1904
+ NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec
+CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1905
+ NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858
+CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1897
+ NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb
+CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1891
+ NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
+CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1893
+ NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109
+CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1895
+ NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340
+CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1899
+ NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302
+CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1890
+ NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
+CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1900
+ NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30
+CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1889
+ NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816
+CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1887
+ NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391
+CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1902
+ NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b
+CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1898
+ NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618
+CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1892
+ NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137
+CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1901
+ NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3
CVE-2021-40561
RESERVED
CVE-2021-40560
RESERVED
-CVE-2021-40559
- RESERVED
+CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1886
+ NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7
CVE-2021-40558
RESERVED
CVE-2021-40557
@@ -8650,7 +15734,7 @@ CVE-2021-40533
CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...)
NOT-FOR-US: tweb
NOTE: https://github.com/morethanwords/tweb
-CVE-2021-40531 (An issue discovered in sketch before version 75,that allows for librar ...)
+CVE-2021-40531 (Sketch before 75 allows library feeds to be used to bypass file quaran ...)
NOT-FOR-US: Sketch collaborative design (Mac or Web app)
NOTE: sketch.com, not the sketch package in Debian.
CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...)
@@ -8665,6 +15749,8 @@ CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaint
NOTE: https://github.com/weidai11/cryptopp/commit/bee8e8ca6658 (CRYPTOPP_8_6_0)
CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...)
- botan 2.18.1+dfsg-3 (bug #993840)
+ [bullseye] - botan <no-dsa> (Minor issue)
+ [buster] - botan <no-dsa> (Minor issue)
- botan1.10 <removed>
[stretch] - botan1.10 <ignored> (Affected function encrypt(...) has changed drastically. Backport is too instrusive to backport)
NOTE: https://eprint.iacr.org/2021/923
@@ -8689,27 +15775,27 @@ CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the
NOT-FOR-US: "com.onepeloton.erlich" mobile application
CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
NOT-FOR-US: Peleton
-CVE-2021-40525
- RESERVED
+CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...)
+ NOT-FOR-US: Apache James
CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- NOT-FOR-US: showdoc
+ NOT-FOR-US: ShowDoc
CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- NOT-FOR-US: showdoc
+ NOT-FOR-US: ShowDoc
CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
-CVE-2021-3773
- RESERVED
+CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
TODO: fill in tracking details
CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associations]
RESERVED
- linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694
CVE-2021-3771
RESERVED
CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...)
- - pure-ftpd <unfixed> (bug #993810)
+ - pure-ftpd 1.0.50-1 (bug #993810)
[bullseye] - pure-ftpd <no-dsa> (Minor issue)
[buster] - pure-ftpd <no-dsa> (Minor issue)
[stretch] - pure-ftpd <no-dsa> (Minor issue)
@@ -8738,15 +15824,15 @@ CVE-2021-40515
RESERVED
CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3455-1 (bug #994076)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/
NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402)
NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403)
NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
-CVE-2021-3769
- RESERVED
+CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...)
+ NOT-FOR-US: ohmyzsh
CVE-2021-40514
RESERVED
CVE-2021-40513
@@ -8876,10 +15962,10 @@ CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-40453
- RESERVED
-CVE-2021-40452
- RESERVED
+CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
CVE-2021-40451
RESERVED
CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
@@ -8900,13 +15986,14 @@ CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-40441
- RESERVED
+CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
RESERVED
- linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467
NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
@@ -8934,7 +16021,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate add
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
@@ -8966,83 +16053,108 @@ CVE-2021-40425
RESERVED
CVE-2021-40424
RESERVED
-CVE-2021-40423
- RESERVED
+CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...)
+ NOT-FOR-US: Reolink
CVE-2021-40422
RESERVED
CVE-2021-40421
RESERVED
-CVE-2021-40420
- RESERVED
-CVE-2021-40419
- RESERVED
-CVE-2021-40418
- RESERVED
-CVE-2021-40417
- RESERVED
-CVE-2021-40416
- RESERVED
-CVE-2021-40415
- RESERVED
-CVE-2021-40414
- RESERVED
-CVE-2021-40413
- RESERVED
-CVE-2021-40412
- RESERVED
-CVE-2021-40411
- RESERVED
-CVE-2021-40410
- RESERVED
-CVE-2021-40409
- RESERVED
-CVE-2021-40408
- RESERVED
-CVE-2021-40407
- RESERVED
-CVE-2021-40406
- RESERVED
+CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ NOT-FOR-US: DaVinci Resolve
+CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ NOT-FOR-US: DaVinci Resolve
+CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...)
+ NOT-FOR-US: Reolink
CVE-2021-40405
RESERVED
-CVE-2021-40404
- RESERVED
-CVE-2021-40403
- RESERVED
+CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
+ - gerbv <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
+ NOTE: https://github.com/gerbv/gerbv/issues/82
+ NOTE: Proposed patch: https://github.com/gerbv/gerbv/commit/387f07b163cc30cd95e9bedf53bc07e7b38cc318
CVE-2021-40402
RESERVED
-CVE-2021-40401
- RESERVED
+ - gerbv <unfixed>
+ NOTE: https://github.com/gerbv/gerbv/issues/80
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
+CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...)
+ - gerbv <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
+ NOTE: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069
+ NOTE: https://github.com/gerbv/gerbv/issues/81
CVE-2021-40400
RESERVED
+ - gerbv <unfixed>
+ NOTE: https://github.com/gerbv/gerbv/issues/79
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
CVE-2021-40399
RESERVED
CVE-2021-40398
RESERVED
-CVE-2021-40397
- RESERVED
-CVE-2021-40396
- RESERVED
+CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
CVE-2021-40395
- RESERVED
-CVE-2021-40394
- RESERVED
-CVE-2021-40393
- RESERVED
+ REJECTED
+CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ - gerbv 2.8.1-1
+ [bullseye] - gerbv <no-dsa> (Minor issue)
+ [buster] - gerbv <no-dsa> (Minor issue)
+ [stretch] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405
+ NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28
+ NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1)
+CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ - gerbv 2.8.2-1
+ [bullseye] - gerbv <no-dsa> (Minor issue)
+ [buster] - gerbv <no-dsa> (Minor issue)
+ [stretch] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404
+ NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf
+ NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1)
CVE-2021-40392
RESERVED
CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
+ {DLA-2839-1}
- gerbv 2.7.1-1
- [bullseye] - gerbv <no-dsa> (Minor issue)
+ [bullseye] - gerbv 2.7.0-2+deb11u1
[buster] - gerbv <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402
NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
NOTE: https://github.com/gerbv/gerbv/issues/30
CVE-2021-40390
RESERVED
-CVE-2021-40389
- RESERVED
-CVE-2021-40388
- RESERVED
+CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...)
+ NOT-FOR-US: Advantech
CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
NOT-FOR-US: Kaseya Unitrends Backup Software
CVE-2021-40386
@@ -9091,14 +16203,14 @@ CVE-2021-40365
RESERVED
CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
NOT-FOR-US: Siemens
-CVE-2021-40363
- RESERVED
+CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
CVE-2021-40362
RESERVED
CVE-2021-40361
RESERVED
-CVE-2021-40360
- RESERVED
+CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
NOT-FOR-US: Siemens
CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
@@ -9112,12 +16224,14 @@ CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All ver
CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
NOT-FOR-US: Siemens
CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...)
+ {DSA-5041-1}
- cfrpki 1.3.0-1 (bug #994572)
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
-CVE-2021-3760
- RESERVED
+CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...)
+ {DLA-2843-1}
- linux 5.14.16-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2
NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6)
NOTE: CONFIG_NFC_NCI is not set in Debian
@@ -9155,22 +16269,22 @@ CVE-2021-40342
RESERVED
CVE-2021-40341
RESERVED
-CVE-2021-40340
- RESERVED
-CVE-2021-40339
- RESERVED
-CVE-2021-40338
- RESERVED
-CVE-2021-40337
- RESERVED
+CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
+ NOT-FOR-US: Hitachi
CVE-2021-40336
RESERVED
CVE-2021-40335
RESERVED
-CVE-2021-40334
- RESERVED
-CVE-2021-40333
- RESERVED
+CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
+ NOT-FOR-US: Hitachi
CVE-2021-40332
RESERVED
CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks]
@@ -9186,21 +16300,22 @@ CVE-2021-40331
RESERVED
CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...)
- libmysofa 1.2.1~dfsg0-1
+ [bullseye] - libmysofa <no-dsa> (Minor issue)
+ [buster] - libmysofa <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/
NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1)
CVE-2021-3755
REJECTED
CVE-2021-3754
RESERVED
-CVE-2021-3753
- RESERVED
- {DSA-4978-1 DLA-2785-1}
+CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
-CVE-2021-3752
- RESERVED
- - linux <unfixed>
+CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel&#8217;s Bluetooth ...)
+ - linux 5.15.3-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...)
- git 1:2.30.1-1
@@ -9211,11 +16326,13 @@ CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repos
CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...)
NOT-FOR-US: Ping Identity PingFederate
CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...)
- - libmobi <itp> (bug #966677)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7)
CVE-2021-40328
RESERVED
-CVE-2021-40327
- RESERVED
+CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...)
+ NOT-FOR-US: Trusted Firmware-M (TF-M)
CVE-2021-40326
RESERVED
CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
@@ -9239,6 +16356,7 @@ CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free]
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541
NOTE: Fix for whole class of DMA MMIO reentrancy issues: https://gitlab.com/qemu-project/qemu/-/issues/556
NOTE: Patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: No upstream patch as of 2022-01-28
CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...)
- node-axios 0.21.3+dfsg-1
[bullseye] - node-axios 0.21.1+dfsg-1+deb11u1
@@ -9264,8 +16382,8 @@ CVE-2021-40315
RESERVED
CVE-2021-40314
RESERVED
-CVE-2021-40313
- RESERVED
+CVE-2021-40313 (Piwigo v11.5 was discovered to contain a SQL injection vulnerability v ...)
+ - piwigo <removed>
CVE-2021-40312
RESERVED
CVE-2021-40311
@@ -9314,8 +16432,8 @@ CVE-2021-40290
RESERVED
CVE-2021-40289
RESERVED
-CVE-2021-40288
- RESERVED
+CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ NOT-FOR-US: TP-Link
CVE-2021-40287
RESERVED
CVE-2021-40286
@@ -9326,14 +16444,14 @@ CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overfl
NOT-FOR-US: D-Link
CVE-2021-40283
RESERVED
-CVE-2021-40282
- RESERVED
-CVE-2021-40281
- RESERVED
-CVE-2021-40280
- RESERVED
-CVE-2021-40279
- RESERVED
+CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ NOT-FOR-US: zzcms
CVE-2021-40278
RESERVED
CVE-2021-40277
@@ -9396,8 +16514,8 @@ CVE-2021-40249
RESERVED
CVE-2021-40248
RESERVED
-CVE-2021-40247
- RESERVED
+CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-40246
RESERVED
CVE-2021-40245
@@ -9548,16 +16666,16 @@ CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a
NOT-FOR-US: Zoho ManageEngine
CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-40171
- RESERVED
-CVE-2021-40170
- RESERVED
+CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming attack in ...)
+ NOT-FOR-US: SecuritasHome home alarm system
+CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home alarm syst ...)
+ NOT-FOR-US: SecuritasHome home alarm system
CVE-2021-40169
RESERVED
CVE-2021-40168
RESERVED
-CVE-2021-40167
- RESERVED
+CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
+ NOT-FOR-US: Autodesk
CVE-2021-40166
RESERVED
CVE-2021-40165
@@ -9568,14 +16686,14 @@ CVE-2021-40163
RESERVED
CVE-2021-40162
RESERVED
-CVE-2021-40161
- RESERVED
-CVE-2021-40160
- RESERVED
-CVE-2021-40159
- RESERVED
-CVE-2021-40158
- RESERVED
+CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...)
+ NOT-FOR-US: Autodesk
CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
NOT-FOR-US: Autodesk
CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
@@ -9584,22 +16702,26 @@ CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020
NOT-FOR-US: Autodesk
CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...)
NOT-FOR-US: Multipass
-CVE-2021-40154
- RESERVED
+CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...)
+ NOT-FOR-US: NXP LPC55S69 devices
CVE-2021-40152
RESERVED
CVE-2021-40151
RESERVED
CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond the ...)
- - libtpms <unfixed>
+ - libtpms 0.9.1-1
NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6)
NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6)
- TODO: check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian
+ NOTE: https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b (v0.8.5)
+ NOTE: https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab (v0.8.5)
+ NOTE: https://github.com/stefanberger/libtpms/commit/034a5c02488cf7f0048e130177fc71c9e626e135 (v0.9.0)
+ NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0)
CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
NOT-FOR-US: flatcore-cms
CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
RESERVED
- linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627
NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
@@ -9614,8 +16736,8 @@ CVE-2021-40150
RESERVED
CVE-2021-40149
RESERVED
-CVE-2021-40148
- RESERVED
+CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
+ NOT-FOR-US: Mediatek components for Android
CVE-2021-3743
RESERVED
{DSA-4978-1 DLA-2785-1}
@@ -9732,7 +16854,7 @@ CVE-2021-40120 (A vulnerability in the web-based management interface of certain
NOT-FOR-US: Cisco
CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2021-40118 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+CVE-2021-40118 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
NOT-FOR-US: Cisco
CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...)
NOT-FOR-US: Cisco
@@ -9746,10 +16868,10 @@ CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...)
NOT-FOR-US: Cisco
-CVE-2021-40111
- RESERVED
-CVE-2021-40110
- RESERVED
+CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...)
+ NOT-FOR-US: Apache James
+CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...)
+ NOT-FOR-US: Apache James
CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...)
NOT-FOR-US: Concrete CMS
CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...)
@@ -9766,8 +16888,8 @@ CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Trav
NOT-FOR-US: Concrete CMS
CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...)
NOT-FOR-US: Concrete CMS
-CVE-2021-40101
- RESERVED
+CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...)
+ NOT-FOR-US: Concrete CMS
CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...)
NOT-FOR-US: Concrete CMS
CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...)
@@ -9776,18 +16898,18 @@ CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Trav
NOT-FOR-US: Concrete CMS
CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...)
NOT-FOR-US: Concrete CMS
-CVE-2021-40096
- RESERVED
-CVE-2021-40095
- RESERVED
-CVE-2021-40094
- RESERVED
-CVE-2021-40093
- RESERVED
-CVE-2021-40092
- RESERVED
-CVE-2021-40091
- RESERVED
+CVE-2021-40096 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40095 (An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40094 (A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. I ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40093 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40092 (A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. ...)
+ NOT-FOR-US: SquaredUp for SCOM
CVE-2021-40090
RESERVED
CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Pu ...)
@@ -9821,6 +16943,7 @@ CVE-2021-3735 [ahci: deadlock issue leads to denial of service]
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <postponed> (Fix along with a future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
+ NOTE: No upstream patch as of 2022-01-28
CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...)
[experimental] - knot-resolver 5.4.1-1
- knot-resolver 5.4.1-2 (bug #991463)
@@ -9900,166 +17023,166 @@ CVE-2021-40047
RESERVED
CVE-2021-40046
RESERVED
-CVE-2021-40045
- RESERVED
-CVE-2021-40044
- RESERVED
+CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...)
+ NOT-FOR-US: Huawei
CVE-2021-40043
RESERVED
-CVE-2021-40042
- RESERVED
-CVE-2021-40041
- RESERVED
+CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
+ NOT-FOR-US: Huawei
CVE-2021-40040
RESERVED
-CVE-2021-40039
- RESERVED
-CVE-2021-40038
- RESERVED
-CVE-2021-40037
- RESERVED
+CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...)
+ NOT-FOR-US: Huawei
CVE-2021-40036
RESERVED
-CVE-2021-40035
- RESERVED
+CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ NOT-FOR-US: Huawei
CVE-2021-40034
RESERVED
-CVE-2021-40033
- RESERVED
-CVE-2021-40032
- RESERVED
-CVE-2021-40031
- RESERVED
+CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
+ NOT-FOR-US: Huawei
CVE-2021-40030
RESERVED
-CVE-2021-40029
- RESERVED
-CVE-2021-40028
- RESERVED
-CVE-2021-40027
- RESERVED
-CVE-2021-40026
- RESERVED
-CVE-2021-40025
- RESERVED
+CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...)
+ NOT-FOR-US: Huawei
CVE-2021-40024
RESERVED
CVE-2021-40023
RESERVED
-CVE-2021-40022
- RESERVED
-CVE-2021-40021
- RESERVED
-CVE-2021-40020
- RESERVED
+CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...)
+ NOT-FOR-US: Huawei
CVE-2021-40019
RESERVED
-CVE-2021-40018
- RESERVED
+CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
+ NOT-FOR-US: Huawei
CVE-2021-40017
RESERVED
CVE-2021-40016
RESERVED
-CVE-2021-40015
- RESERVED
-CVE-2021-40014
- RESERVED
+CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ NOT-FOR-US: Huawei
CVE-2021-40013
RESERVED
CVE-2021-40012
RESERVED
-CVE-2021-40011
- RESERVED
-CVE-2021-40010
- RESERVED
-CVE-2021-40009
- RESERVED
-CVE-2021-40008
- RESERVED
-CVE-2021-40007
- RESERVED
-CVE-2021-40006
- RESERVED
-CVE-2021-40005
- RESERVED
-CVE-2021-40004
- RESERVED
-CVE-2021-40003
- RESERVED
-CVE-2021-40002
- RESERVED
-CVE-2021-40001
- RESERVED
-CVE-2021-40000
- RESERVED
+CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in the dis ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40006 (The fingerprint module has a security risk of brute force cracking. Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ NOT-FOR-US: Huawei
CVE-2021-39999
RESERVED
-CVE-2021-39998
- RESERVED
-CVE-2021-39997
- RESERVED
-CVE-2021-39996
- RESERVED
-CVE-2021-39995
- RESERVED
-CVE-2021-39994
- RESERVED
-CVE-2021-39993
- RESERVED
-CVE-2021-39992
- RESERVED
-CVE-2021-39991
- RESERVED
-CVE-2021-39990
- RESERVED
-CVE-2021-39989
- RESERVED
-CVE-2021-39988
- RESERVED
-CVE-2021-39987
- RESERVED
-CVE-2021-39986
- RESERVED
-CVE-2021-39985
- RESERVED
-CVE-2021-39984
- RESERVED
-CVE-2021-39983
- RESERVED
-CVE-2021-39982
- RESERVED
-CVE-2021-39981
- RESERVED
-CVE-2021-39980
- RESERVED
-CVE-2021-39979
- RESERVED
-CVE-2021-39978
- RESERVED
-CVE-2021-39977
- RESERVED
+CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39983 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39982 (Phone Manager application has a Improper Privilege Management vulnerab ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39981 (Chang Lian application has a vulnerability which can be maliciously ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39980 (Telephony application has a Exposure of Sensitive Information to an Un ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39979 (HHEE system has a Code Injection vulnerability.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39978 (Telephony application has a SQL Injection vulnerability.Successful exp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39977 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...)
+ NOT-FOR-US: Huawei
CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 5800 V200 ...)
NOT-FOR-US: Huawei
-CVE-2021-39975
- RESERVED
-CVE-2021-39974
- RESERVED
-CVE-2021-39973
- RESERVED
-CVE-2021-39972
- RESERVED
-CVE-2021-39971
- RESERVED
-CVE-2021-39970
- RESERVED
-CVE-2021-39969
- RESERVED
-CVE-2021-39968
- RESERVED
-CVE-2021-39967
- RESERVED
-CVE-2021-39966
- RESERVED
+CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39970 (HwPCAssistant has a Improper Input Validation vulnerability.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39969 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39968 (Changlian Blocklist has a Business Logic Errors vulnerability .Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39967 (There is a Vulnerability of obtaining broadcast information improperly ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39966 (There is an Uninitialized AOD driver structure in Smartphones.Successf ...)
+ NOT-FOR-US: Huawei
CVE-2021-39965
RESERVED
CVE-2021-39964
@@ -10098,88 +17221,111 @@ CVE-2021-39948
RESERVED
CVE-2021-39947
RESERVED
-CVE-2021-39946
- RESERVED
-CVE-2021-39945
- RESERVED
-CVE-2021-39944
- RESERVED
-CVE-2021-39943
- RESERVED
-CVE-2021-39942
- RESERVED
-CVE-2021-39941
- RESERVED
-CVE-2021-39940
- RESERVED
-CVE-2021-39939
- RESERVED
-CVE-2021-39938
- RESERVED
-CVE-2021-39937
- RESERVED
-CVE-2021-39936
- RESERVED
-CVE-2021-39935
- RESERVED
-CVE-2021-39934
- RESERVED
-CVE-2021-39933
- RESERVED
-CVE-2021-39932
- RESERVED
-CVE-2021-39931
- RESERVED
-CVE-2021-39930
- RESERVED
+CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...)
+ - gitlab <unfixed>
+CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...)
+ - gitlab <unfixed>
+CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...)
+ - gitlab <unfixed>
+ TODO: reach out for details
+CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
+ - gitlab <unfixed>
+CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...)
+ - gitlab <unfixed>
+CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...)
+ - gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
+ NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
+CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...)
+ - gitlab <unfixed>
+CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...)
+ - gitlab <unfixed>
+CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...)
+ - gitlab <unfixed>
+CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...)
+ - gitlab <unfixed>
+CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...)
+ - gitlab <unfixed>
CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html
-CVE-2021-39927
- RESERVED
+CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...)
+ - gitlab <unfixed>
CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
+ [buster] - wireshark <not-affected> (Vulnerable code not present)
+ [stretch] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
+ [buster] - wireshark 2.6.20-0+deb10u2
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...)
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
-CVE-2021-39923 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...)
+CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...)
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
- NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
- NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html
CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...)
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html
CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
+ [buster] - wireshark <not-affected> (IPPUSB dissector added in 3.4)
+ [stretch] - wireshark <not-affected> (IPPUSB dissector added in 3.4)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
-CVE-2021-39919
- RESERVED
-CVE-2021-39918
- RESERVED
-CVE-2021-39917
- RESERVED
-CVE-2021-39916
- RESERVED
-CVE-2021-39915
- RESERVED
+CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...)
+ - gitlab <unfixed>
+CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...)
+ - gitlab <unfixed>
+CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...)
+ - gitlab <unfixed>
+CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...)
+ - gitlab <unfixed>
CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...)
- gitlab <unfixed>
CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...)
@@ -10188,8 +17334,8 @@ CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE sta
- gitlab <unfixed>
CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 13.9 exp ...)
- gitlab <unfixed>
-CVE-2021-39910
- RESERVED
+CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-39908
@@ -10224,12 +17370,14 @@ CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebindi
- gitlab <unfixed>
CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
- gitlab <unfixed>
-CVE-2021-39892
- RESERVED
+CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...)
+ [experimental] - gitlab 14.6.4+ds1-1
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440
CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
- gitlab <unfixed>
-CVE-2021-39890
- RESERVED
+CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...)
+ - gitlab <unfixed>
CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...)
@@ -10634,152 +17782,177 @@ CVE-2021-39690
RESERVED
CVE-2021-39689
RESERVED
-CVE-2021-39688
- RESERVED
-CVE-2021-39687
- RESERVED
+CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...)
+ NOT-FOR-US: Android
CVE-2021-39686
RESERVED
CVE-2021-39685
RESERVED
-CVE-2021-39684
- RESERVED
-CVE-2021-39683
- RESERVED
-CVE-2021-39682
- RESERVED
-CVE-2021-39681
- RESERVED
-CVE-2021-39680
- RESERVED
-CVE-2021-39679
- RESERVED
-CVE-2021-39678
- RESERVED
-CVE-2021-39677
- RESERVED
-CVE-2021-39676
- RESERVED
-CVE-2021-39675
- RESERVED
-CVE-2021-39674
- RESERVED
+ {DSA-5050-1}
+ - linux 5.15.5-2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
+CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39678 (In &lt;TBD&gt; of &lt;TBD&gt;, there is a possible bypass of Factory R ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39677 (In startVideoStream() there is a possibility of an OOB Read in the hea ...)
+ NOT-FOR-US: Android
+CVE-2021-39676 (In writeThrowable of AndroidFuture.java, there is a possible parcel se ...)
+ NOT-FOR-US: Android
+CVE-2021-39675 (In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds writ ...)
+ NOT-FOR-US: Android
+CVE-2021-39674 (In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , the ...)
+ NOT-FOR-US: Android
CVE-2021-39673
RESERVED
-CVE-2021-39672
- RESERVED
-CVE-2021-39671
- RESERVED
+CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a configura ...)
+ NOT-FOR-US: Android
+CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...)
+ NOT-FOR-US: Android
CVE-2021-39670
RESERVED
-CVE-2021-39669
- RESERVED
-CVE-2021-39668
- RESERVED
+CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...)
+ NOT-FOR-US: Android
CVE-2021-39667
RESERVED
-CVE-2021-39666
- RESERVED
-CVE-2021-39665
- RESERVED
-CVE-2021-39664
- RESERVED
-CVE-2021-39663
- RESERVED
-CVE-2021-39662
- RESERVED
+CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android
+CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...)
+ NOT-FOR-US: Android
+CVE-2021-39664 (In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...)
+ NOT-FOR-US: Android
CVE-2021-39661
RESERVED
CVE-2021-39660
RESERVED
-CVE-2021-39659
- RESERVED
-CVE-2021-39658
- RESERVED
-CVE-2021-39657
- RESERVED
-CVE-2021-39656
- RESERVED
-CVE-2021-39655
- RESERVED
+CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment&#12290;ismsEx s ...)
+ NOT-FOR-US: Android
+CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...)
+ - linux 5.10.12-1
+ [buster] - linux 4.19.171-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+ NOTE: https://git.kernel.org/linus/35fc4cd34426c242ab015ef280853b7bff101f48 (5.11-rc4)
+CVE-2021-39656 (In __configfs_open_file of file.c, there is a possible use-after-free ...)
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+ NOTE: https://git.kernel.org/linus/14fbbc8297728e880070f7b077b3301a8c698ef9 (5.12-rc3)
+CVE-2021-39655 (Product: AndroidVersions: Android kernelAndroid ID: A-192641593Referen ...)
+ NOT-FOR-US: Google Pixel components
CVE-2021-39654
RESERVED
-CVE-2021-39653
- RESERVED
-CVE-2021-39652
- RESERVED
-CVE-2021-39651
- RESERVED
-CVE-2021-39650
- RESERVED
-CVE-2021-39649
- RESERVED
-CVE-2021-39648
- RESERVED
-CVE-2021-39647
- RESERVED
-CVE-2021-39646
- RESERVED
-CVE-2021-39645
- RESERVED
-CVE-2021-39644
- RESERVED
-CVE-2021-39643
- RESERVED
-CVE-2021-39642
- RESERVED
-CVE-2021-39641
- RESERVED
-CVE-2021-39640
- RESERVED
-CVE-2021-39639
- RESERVED
-CVE-2021-39638
- RESERVED
-CVE-2021-39637
- RESERVED
-CVE-2021-39636
- RESERVED
-CVE-2021-39635
- RESERVED
-CVE-2021-39634
- RESERVED
-CVE-2021-39633
- RESERVED
-CVE-2021-39632
- RESERVED
-CVE-2021-39631
- RESERVED
-CVE-2021-39630
- RESERVED
-CVE-2021-39629
- RESERVED
-CVE-2021-39628
- RESERVED
-CVE-2021-39627
- RESERVED
-CVE-2021-39626
- RESERVED
-CVE-2021-39625
- RESERVED
+CVE-2021-39653 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39652 (In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds wri ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39651 (In TBD of TBD, there is a possible way to access PIN protected setting ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39650 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39649 (In regmap_exit of regmap.c, there is a possible use-after-free due to ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39648 (In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...)
+ - linux 5.10.9-1
+ [buster] - linux 4.19.171-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://git.kernel.org/linus/64e6bbfff52db4bf6785fab9cffab850b2de6870
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+CVE-2021-39647 (In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_ ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39646 (Product: AndroidVersions: Android kernelAndroid ID: A-201537251Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39645 (Product: AndroidVersions: Android kernelAndroid ID: A-199805112Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39644 (Product: AndroidVersions: Android kernelAndroid ID: A-199809304Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39643 (In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39642 (In synchronous_process_io_entries of lwis_ioctl.c, there is a possible ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39641 (Product: AndroidVersions: Android kernelAndroid ID: A-126949257Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39640 (In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39639 (In TBD of fvp.c, there is a possible way to glitch CPU behavior due to ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39638 (In periodic_io_work_func of lwis_periodic_io.c, there is a possible ou ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there i ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...)
+ - linux 4.16.5-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+CVE-2021-39635 (ims_ex is a vendor system service used to manage VoLTE in unisoc devic ...)
+ NOT-FOR-US: Android
+CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...)
+ - linux 5.8.14-1
+ [buster] - linux 4.19.152-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://source.android.com/security/bulletin/2022-01-01
+ NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8)
+CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://source.android.com/security/bulletin/2022-01-01
+ NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14)
+CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2021-39631 (In clear_data_dlg_text of strings.xml, there is a possible situation w ...)
+ NOT-FOR-US: Android
+CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...)
+ NOT-FOR-US: Android
+CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
+ NOT-FOR-US: Android
CVE-2021-39624
RESERVED
-CVE-2021-39623
- RESERVED
-CVE-2021-39622
- RESERVED
-CVE-2021-39621
- RESERVED
-CVE-2021-39620
- RESERVED
-CVE-2021-39619
- RESERVED
-CVE-2021-39618
- RESERVED
+CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...)
+ NOT-FOR-US: Android
+CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...)
+ NOT-FOR-US: Android
+CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...)
+ NOT-FOR-US: Android
CVE-2021-39617
RESERVED
-CVE-2021-39616
- RESERVED
+CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 ...)
+ NOT-FOR-US: Android
CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
RESERVED
{DLA-2808-1}
@@ -10797,7 +17970,7 @@ CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files]
RESERVED
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
@@ -11150,8 +18323,8 @@ CVE-2021-39482
RESERVED
CVE-2021-39481
RESERVED
-CVE-2021-39480
- RESERVED
+CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...)
+ NOT-FOR-US: bingrep
CVE-2021-39479
RESERVED
CVE-2021-39478
@@ -11484,7 +18657,6 @@ CVE-2021-39331
RESERVED
CVE-2021-39330
REJECTED
- NOT-FOR-US: WordPress plugin
CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...)
@@ -11505,34 +18677,34 @@ CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vul
NOT-FOR-US: WordPress plugin
CVE-2021-39320 (The underConstruction plugin &lt;= 1.18 for WordPress echoes out the r ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39319
- RESERVED
-CVE-2021-39318
- RESERVED
-CVE-2021-39317 (Versions up to, and including, 1.0.6, of the Access Demo Importer Word ...)
+CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39317 (A WordPress plugin and several WordPress themes developed by AccessPre ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39316 (The Zoomsounds plugin &lt;= 6.45 for WordPress allows arbitrary files, ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39315
- RESERVED
-CVE-2021-39314
- RESERVED
-CVE-2021-39313
- RESERVED
-CVE-2021-39312
- RESERVED
-CVE-2021-39311
- RESERVED
-CVE-2021-39310
- RESERVED
-CVE-2021-39309
- RESERVED
-CVE-2021-39308
- RESERVED
+CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39312 (The True Ranker plugin &lt;= 2.2.2 for WordPress allows arbitrary file ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...)
+ NOT-FOR-US: WordPess plugin
CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
NOT-FOR-US: PDFTron WebViewer UI
-CVE-2021-39306
- RESERVED
+CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...)
+ NOT-FOR-US: Realtek
CVE-2021-39305
RESERVED
CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...)
@@ -11543,30 +18715,30 @@ CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
NOT-FOR-US: firefly-iii
CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
-CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability affecting in ...)
+CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...)
NOT-FOR-US: Jamf Pro
CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...)
NOT-FOR-US: MISP
-CVE-2021-39301
- RESERVED
-CVE-2021-39300
- RESERVED
-CVE-2021-39299
- RESERVED
-CVE-2021-39298
- RESERVED
-CVE-2021-39297
- RESERVED
+CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
NOT-FOR-US: OpenBMC
CVE-2021-39295
RESERVED
-CVE-2021-3727
- RESERVED
-CVE-2021-3726
- RESERVED
-CVE-2021-3725
- RESERVED
+CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...)
+ NOT-FOR-US: ohmyzsh
CVE-2021-3724
RESERVED
NOT-FOR-US: Red Hat Serverless
@@ -11578,11 +18750,12 @@ CVE-2021-23156
NOT-FOR-US: Red Hat Serverless
CVE-2021-39294
RESERVED
-CVE-2021-39293
- RESERVED
+CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.1-1
- golang-1.16 1.16.8-1
- golang-1.15 1.15.15-2
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -11632,8 +18805,8 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser f
NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html
CVE-2021-39281
RESERVED
-CVE-2021-39280
- RESERVED
+CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...)
+ NOT-FOR-US: Korenix JetWave devices
CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...)
NOT-FOR-US: MOXA
CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...)
@@ -11839,6 +19012,7 @@ CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SC
- qemu 1:6.1+dfsg-2 (bug #992727)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a
CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...)
NOT-FOR-US: Butter
CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...)
@@ -11966,8 +19140,8 @@ CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services
NOT-FOR-US: Https4s
CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...)
- electron <itp> (bug #842420)
-CVE-2021-39183
- RESERVED
+CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...)
+ NOT-FOR-US: Owncast
CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...)
NOT-FOR-US: EnroCrypt
CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...)
@@ -12084,8 +19258,8 @@ CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
NOTE: https://x-stream.github.io/CVE-2021-39144.html
-CVE-2021-39143
- RESERVED
+CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ NOT-FOR-US: Spinnaker
CVE-2021-39142
RESERVED
CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
@@ -12227,10 +19401,10 @@ CVE-2021-39082
RESERVED
CVE-2021-39081
RESERVED
-CVE-2021-39080
- RESERVED
-CVE-2021-39079
- RESERVED
+CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...)
+ NOT-FOR-US: IBM
+CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...)
+ NOT-FOR-US: IBM
CVE-2021-39078
RESERVED
CVE-2021-39077
@@ -12247,22 +19421,22 @@ CVE-2021-39072
RESERVED
CVE-2021-39071
RESERVED
-CVE-2021-39070
- RESERVED
+CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...)
+ NOT-FOR-US: IBM
CVE-2021-39069
RESERVED
CVE-2021-39068
RESERVED
CVE-2021-39067
RESERVED
-CVE-2021-39066
- RESERVED
-CVE-2021-39065
- RESERVED
-CVE-2021-39064
- RESERVED
-CVE-2021-39063
- RESERVED
+CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...)
+ NOT-FOR-US: IBM
+CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-39063 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin ...)
+ NOT-FOR-US: IBM
CVE-2021-39062
RESERVED
CVE-2021-39061
@@ -12271,36 +19445,36 @@ CVE-2021-39060
RESERVED
CVE-2021-39059
RESERVED
-CVE-2021-39058
- RESERVED
-CVE-2021-39057
- RESERVED
-CVE-2021-39056
- RESERVED
+CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...)
+ NOT-FOR-US: IBM
CVE-2021-39055
RESERVED
-CVE-2021-39054
- RESERVED
-CVE-2021-39053
- RESERVED
-CVE-2021-39052
- RESERVED
+CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
CVE-2021-39051
RESERVED
-CVE-2021-39050
- RESERVED
-CVE-2021-39049
- RESERVED
-CVE-2021-39048
- RESERVED
+CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...)
+ NOT-FOR-US: IBM
CVE-2021-39047
RESERVED
CVE-2021-39046
RESERVED
CVE-2021-39045
RESERVED
-CVE-2021-39044
- RESERVED
+CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...)
+ NOT-FOR-US: IBM
CVE-2021-39043
RESERVED
CVE-2021-39042
@@ -12319,14 +19493,14 @@ CVE-2021-39036
RESERVED
CVE-2021-39035
RESERVED
-CVE-2021-39034
- RESERVED
+CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
+ NOT-FOR-US: IBM
CVE-2021-39033
RESERVED
-CVE-2021-39032
- RESERVED
-CVE-2021-39031
- RESERVED
+CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...)
+ NOT-FOR-US: IBM
+CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...)
+ NOT-FOR-US: IBM
CVE-2021-39030
RESERVED
CVE-2021-39029
@@ -12335,8 +19509,8 @@ CVE-2021-39028
RESERVED
CVE-2021-39027
RESERVED
-CVE-2021-39026
- RESERVED
+CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
+ NOT-FOR-US: IBM
CVE-2021-39025
RESERVED
CVE-2021-39024
@@ -12345,8 +19519,8 @@ CVE-2021-39023
RESERVED
CVE-2021-39022
RESERVED
-CVE-2021-39021
- RESERVED
+CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
+ NOT-FOR-US: IBM
CVE-2021-39020
RESERVED
CVE-2021-39019
@@ -12361,8 +19535,8 @@ CVE-2021-39015
RESERVED
CVE-2021-39014
RESERVED
-CVE-2021-39013
- RESERVED
+CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...)
+ NOT-FOR-US: IBM
CVE-2021-39012
RESERVED
CVE-2021-39011
@@ -12383,14 +19557,14 @@ CVE-2021-39004
RESERVED
CVE-2021-39003
RESERVED
-CVE-2021-39002
- RESERVED
+CVE-2021-39002 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
CVE-2021-39001
RESERVED
-CVE-2021-39000
- RESERVED
-CVE-2021-38999
- RESERVED
+CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...)
+ NOT-FOR-US: IBM
CVE-2021-38998
RESERVED
CVE-2021-38997
@@ -12405,10 +19579,10 @@ CVE-2021-38993
RESERVED
CVE-2021-38992
RESERVED
-CVE-2021-38991
- RESERVED
-CVE-2021-38990
- RESERVED
+CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...)
+ NOT-FOR-US: IBM
+CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
CVE-2021-38989
RESERVED
CVE-2021-38988
@@ -12453,30 +19627,30 @@ CVE-2021-38969
RESERVED
CVE-2021-38968
RESERVED
-CVE-2021-38967
- RESERVED
-CVE-2021-38966
- RESERVED
-CVE-2021-38965
- RESERVED
+CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...)
+ NOT-FOR-US: IBM
+CVE-2021-38966 (IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site script ...)
+ NOT-FOR-US: IBM
+CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remo ...)
+ NOT-FOR-US: IBM
CVE-2021-38964
RESERVED
CVE-2021-38963
RESERVED
CVE-2021-38962
RESERVED
-CVE-2021-38961
- RESERVED
-CVE-2021-38960
- RESERVED
+CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...)
+ NOT-FOR-US: IBM
+CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...)
+ NOT-FOR-US: IBM
CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
NOT-FOR-US: IBM
-CVE-2021-38958
- RESERVED
-CVE-2021-38957
- RESERVED
-CVE-2021-38956
- RESERVED
+CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...)
+ NOT-FOR-US: IBM
+CVE-2021-38957 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...)
+ NOT-FOR-US: IBM
+CVE-2021-38956 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...)
+ NOT-FOR-US: IBM
CVE-2021-38955
RESERVED
CVE-2021-38954
@@ -12485,16 +19659,16 @@ CVE-2021-38953
RESERVED
CVE-2021-38952
RESERVED
-CVE-2021-38951
- RESERVED
-CVE-2021-38950
- RESERVED
+CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
+ NOT-FOR-US: IBM
CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...)
NOT-FOR-US: IBM
CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...)
NOT-FOR-US: IBM
-CVE-2021-38947
- RESERVED
+CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
+ NOT-FOR-US: IBM
CVE-2021-38946
RESERVED
CVE-2021-38945
@@ -12513,20 +19687,20 @@ CVE-2021-38939
RESERVED
CVE-2021-38938
RESERVED
-CVE-2021-38937
- RESERVED
+CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...)
+ NOT-FOR-US: IBM
CVE-2021-38936
RESERVED
-CVE-2021-38935
- RESERVED
+CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
+ NOT-FOR-US: IBM
CVE-2021-38934
RESERVED
CVE-2021-38933
RESERVED
CVE-2021-38932
RESERVED
-CVE-2021-38931
- RESERVED
+CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+ NOT-FOR-US: IBM
CVE-2021-38930
RESERVED
CVE-2021-38929
@@ -12535,8 +19709,8 @@ CVE-2021-38928
RESERVED
CVE-2021-38927
RESERVED
-CVE-2021-38926
- RESERVED
+CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...)
NOT-FOR-US: IBM
CVE-2021-38924
@@ -12545,16 +19719,16 @@ CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to g
NOT-FOR-US: IBM
CVE-2021-38922
RESERVED
-CVE-2021-38921
- RESERVED
+CVE-2021-38921 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than ex ...)
+ NOT-FOR-US: IBM
CVE-2021-38920
RESERVED
CVE-2021-38919
RESERVED
-CVE-2021-38918
- RESERVED
-CVE-2021-38917
- RESERVED
+CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a spec ...)
+ NOT-FOR-US: IBM
+CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...)
+ NOT-FOR-US: IBM
CVE-2021-38916
RESERVED
CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...)
@@ -12569,8 +19743,8 @@ CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credential
NOT-FOR-US: IBM
CVE-2021-38910
RESERVED
-CVE-2021-38909
- RESERVED
+CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
CVE-2021-38908
RESERVED
CVE-2021-38907
@@ -12585,10 +19759,10 @@ CVE-2021-38903
RESERVED
CVE-2021-38902
RESERVED
-CVE-2021-38901
- RESERVED
-CVE-2021-38900
- RESERVED
+CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...)
+ NOT-FOR-US: IBM
+CVE-2021-38900 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
+ NOT-FOR-US: IBM
CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with special privi ...)
NOT-FOR-US: IBM
CVE-2021-38898
@@ -12597,14 +19771,15 @@ CVE-2021-38897
RESERVED
CVE-2021-38896 (IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scrip ...)
NOT-FOR-US: IBM
-CVE-2021-38895
- RESERVED
-CVE-2021-38894
- RESERVED
-CVE-2021-38893
- RESERVED
+CVE-2021-38895 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cr ...)
+ NOT-FOR-US: IBM
+CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
+ NOT-FOR-US: IBM
CVE-2021-38892
- RESERVED
+ REJECTED
+ NOT-FOR-US: IBM
CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...)
NOT-FOR-US: IBM
CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...)
@@ -12621,8 +19796,8 @@ CVE-2021-38885
RESERVED
CVE-2021-38884
RESERVED
-CVE-2021-38883
- RESERVED
+CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...)
+ NOT-FOR-US: IBM
CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...)
NOT-FOR-US: IBM
CVE-2021-38881
@@ -12635,8 +19810,8 @@ CVE-2021-38878
RESERVED
CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...)
NOT-FOR-US: IBM
-CVE-2021-38876
- RESERVED
+CVE-2021-38876 (IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vu ...)
+ NOT-FOR-US: IBM
CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...)
NOT-FOR-US: IBM
CVE-2021-38874
@@ -12833,20 +20008,20 @@ CVE-2021-38791
RESERVED
CVE-2021-38790
RESERVED
-CVE-2021-38789
- RESERVED
-CVE-2021-38788
- RESERVED
-CVE-2021-38787
- RESERVED
-CVE-2021-38786
- RESERVED
-CVE-2021-38785
- RESERVED
-CVE-2021-38784
- RESERVED
-CVE-2021-38783
- RESERVED
+CVE-2021-38789 (Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38788 (The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38787 (There is an integer overflow in the ION driver "/dev/ion" of Allwinner ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38786 (There is a NULL pointer dereference in media/libcedarc/vdecoder of All ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...)
+ NOT-FOR-US: Allwinner Android Q SDK
CVE-2021-38782
RESERVED
CVE-2021-38781
@@ -12893,8 +20068,8 @@ CVE-2021-38761
RESERVED
CVE-2021-38760
RESERVED
-CVE-2021-38759
- RESERVED
+CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...)
+ NOT-FOR-US: Raspberry Pi OS
CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
NOT-FOR-US: Directory traversal in Online Catering Reservation System
CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
@@ -12986,7 +20161,7 @@ CVE-2021-38715
CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...)
{DLA-2775-1}
- plib 1.8.5-10 (bug #992973)
- [bullseye] - plib <no-dsa> (Minor issue)
+ [bullseye] - plib 1.8.5-8+deb11u1
[buster] - plib <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/plib/bugs/55/
CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
@@ -13025,38 +20200,40 @@ CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions i
NOT-FOR-US: D-Link
CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...)
NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
-CVE-2021-38701
- RESERVED
+CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the administr ...)
+ NOT-FOR-US: Motorola Solutions Avigilon devices
CVE-2021-38700
RESERVED
CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...)
NOT-FOR-US: TastyIgniter
CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...)
- consul <unfixed>
+ [bullseye] - consul <no-dsa> (Minor issue)
+ [buster] - consul <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15)
-CVE-2021-38697
- RESERVED
-CVE-2021-38696
- RESERVED
-CVE-2021-38695
- RESERVED
-CVE-2021-38694
- RESERVED
+CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
CVE-2021-38693
RESERVED
-CVE-2021-38692
- RESERVED
-CVE-2021-38691
- RESERVED
-CVE-2021-38690
- RESERVED
-CVE-2021-38689
- RESERVED
-CVE-2021-38688
- RESERVED
-CVE-2021-38687
- RESERVED
+CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...)
NOT-FOR-US: QNAP
CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...)
@@ -13065,24 +20242,24 @@ CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affec
NOT-FOR-US: QNAP
CVE-2021-38683
RESERVED
-CVE-2021-38682
- RESERVED
+CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...)
NOT-FOR-US: QNAP
-CVE-2021-38680
- RESERVED
-CVE-2021-38679
- RESERVED
-CVE-2021-38678
- RESERVED
-CVE-2021-38677
- RESERVED
+CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38679 (An improper authentication vulnerability has been reported to affect Q ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
CVE-2021-38676
RESERVED
CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
NOT-FOR-US: QNAP
-CVE-2021-38674
- RESERVED
+CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...)
NOT-FOR-US: adminlte
CVE-2021-38673
@@ -13237,9 +20414,11 @@ CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
- pluxml <unfixed>
+ [buster] - pluxml <ignored> (Minor issue)
[stretch] - pluxml <no-dsa> (Minor issue)
CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
- pluxml <unfixed>
+ [buster] - pluxml <ignored> (Minor issue)
[stretch] - pluxml <no-dsa> (Minor issue)
CVE-2021-38601
RESERVED
@@ -13256,7 +20435,7 @@ CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0
NOTE: https://launchpad.net/bugs/1938670
NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/
CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...)
- - wolfssl <unfixed> (bug #992174)
+ - wolfssl 5.0.0-1 (bug #992174)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093
CVE-2021-38596
@@ -13306,10 +20485,10 @@ CVE-2021-38578
RESERVED
CVE-2021-38577
RESERVED
-CVE-2021-38576
- RESERVED
-CVE-2021-38575 [edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe]
- RESERVED
+CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...)
+ - edk2 <undetermined>
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private)
+CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...)
- edk2 2021.08-1
[bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
@@ -13356,6 +20535,10 @@ CVE-2021-3701
NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
CVE-2021-3700
RESERVED
+ - usbredir 0.11.0-1
+ [bullseye] - usbredir <no-dsa> (Minor issue)
+ [buster] - usbredir <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0)
CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...)
- request-tracker5 <unfixed> (bug #995167)
- request-tracker4 4.4.4+dfsg-3 (bug #995175)
@@ -13367,8 +20550,8 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 befor
NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17)
CVE-2021-38561
RESERVED
-CVE-2021-38560
- RESERVED
+CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...)
+ NOT-FOR-US: Ivanti
CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...)
- hoteldruid 3.0.3-1
[bullseye] - hoteldruid <no-dsa> (Minor issue)
@@ -13406,8 +20589,8 @@ CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remo
NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices
CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...)
NOT-FOR-US: TP-Link
-CVE-2021-38542
- RESERVED
+CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...)
+ NOT-FOR-US: Apache James
CVE-2021-38541
RESERVED
CVE-2021-3699
@@ -13476,64 +20659,62 @@ CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. T
NOT-FOR-US: Netgear
CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...)
NOT-FOR-US: Rust crate actix-http
-CVE-2021-38510
- RESERVED
+CVE-2021-38510 (The executable file warning was not presented when downloading .inetlo ...)
- firefox <not-affected> (Only affects Mac OSX)
- firefox-esr <not-affected> (Only affects Mac OSX)
- thunderbird <not-affected> (Only affects Mac OSX)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38510
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
-CVE-2021-38509
- RESERVED
+CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38509
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
-CVE-2021-38508
- RESERVED
+CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38508
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
-CVE-2021-38507
- RESERVED
+CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38507
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
-CVE-2021-38506
- RESERVED
+CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38506
-CVE-2021-38505
- RESERVED
+CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
-CVE-2021-38504
- RESERVED
+CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
-CVE-2021-38503
- RESERVED
+CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -13541,6 +20722,7 @@ CVE-2021-38503
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503
CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
+ {DSA-5034-1 DLA-2874-1}
[experimental] - thunderbird 1:91.2.0-1
- thunderbird 1:91.2.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
@@ -13552,7 +20734,7 @@ CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
- {DSA-4981-1 DLA-2782-1}
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
[experimental] - thunderbird 1:91.2.0-1
@@ -13580,7 +20762,7 @@ CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...)
- {DSA-4981-1 DLA-2782-1}
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
[experimental] - thunderbird 1:91.2.0-1
@@ -13752,32 +20934,32 @@ CVE-2021-38423
RESERVED
CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38421
- RESERVED
+CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38419
- RESERVED
+CVE-2021-38419 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...)
NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38417
RESERVED
CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38415
- RESERVED
+CVE-2021-38415 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
CVE-2021-38414
RESERVED
-CVE-2021-38413
- RESERVED
+CVE-2021-38413 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
NOT-FOR-US: Digi PortServer TS
CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38410
RESERVED
-CVE-2021-38409
- RESERVED
+CVE-2021-38409 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...)
NOT-FOR-US: Advantech WebAccess
CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
@@ -13792,8 +20974,8 @@ CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerab
NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
-CVE-2021-38401
- RESERVED
+CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...)
NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120
CVE-2021-38399
@@ -13897,10 +21079,12 @@ CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allo
NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
CVE-2021-3698 [authenticates with revoked certificates]
RESERVED
- - cockpit <unfixed>
+ - cockpit 260-1
[bullseye] - cockpit <no-dsa> (Minor issue)
[buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+ NOTE: Needs sssd 2.6.1
+ NOTE: https://cockpit-project.org/blog/cockpit-260.html
CVE-2021-3697
RESERVED
CVE-2021-3696
@@ -13916,8 +21100,8 @@ CVE-2021-38363
RESERVED
CVE-2021-38362
RESERVED
-CVE-2021-38361
- RESERVED
+CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPess plugin
CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...)
@@ -14051,6 +21235,8 @@ CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to bl
CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...)
- golang-1.17 1.17.2-1
- golang-1.16 1.16.9-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <not-affected> (Vulnerable code not present)
@@ -14098,8 +21284,8 @@ CVE-2021-38285
RESERVED
CVE-2021-38284
RESERVED
-CVE-2021-38283
- RESERVED
+CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
CVE-2021-38282
RESERVED
CVE-2021-38281
@@ -14176,8 +21362,8 @@ CVE-2021-38246
RESERVED
CVE-2021-38245
RESERVED
-CVE-2021-38244
- RESERVED
+CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...)
+ NOT-FOR-US: cbioportal
CVE-2021-38243
RESERVED
CVE-2021-38242
@@ -14273,13 +21459,13 @@ CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48
CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37
CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1 (unimportant)
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -14300,12 +21486,12 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7
@@ -14348,8 +21534,8 @@ CVE-2021-38184
RESERVED
CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...)
NOT-FOR-US: SAP
-CVE-2021-38182
- RESERVED
+CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can ...)
+ NOT-FOR-US: Kyma
CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...)
NOT-FOR-US: SAP
CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...)
@@ -14375,8 +21561,8 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish
[buster] - btrbk 0.27.1-1+deb10u1
NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
-CVE-2021-38172
- RESERVED
+CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...)
+ NOT-FOR-US: perM
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...)
{DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1
@@ -14417,7 +21603,7 @@ CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/da
NOT-FOR-US: Nagios XI
CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
- keystone 2:19.0.0-3 (bug #992070)
- [bullseye] - keystone <no-dsa> (Minor issue)
+ [bullseye] - keystone 2:18.0.0-3+deb11u1
[buster] - keystone <no-dsa> (Minor issue)
[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
NOTE: https://launchpad.net/bugs/1688137
@@ -14430,7 +21616,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI
NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
@@ -14448,8 +21634,8 @@ CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2
NOT-FOR-US: Chikitsa Patient Management System
CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...)
NOT-FOR-US: Obsidian
-CVE-2021-38147
- RESERVED
+CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
NOT-FOR-US: Wipro Holmes Orchestrator
CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
@@ -14485,16 +21671,16 @@ CVE-2021-38132
RESERVED
CVE-2021-38131
RESERVED
-CVE-2021-38130
- RESERVED
-CVE-2021-38129
- RESERVED
+CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
+ NOT-FOR-US: Micro Focus
CVE-2021-38128
RESERVED
-CVE-2021-38127
- RESERVED
-CVE-2021-38126
- RESERVED
+CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+ NOT-FOR-US: Micro Focus
CVE-2021-38125
RESERVED
CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...)
@@ -14535,7 +21721,7 @@ CVE-2021-3685
CVE-2021-3684
RESERVED
CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- NOT-FOR-US: showdoc
+ NOT-FOR-US: ShowDoc
CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...)
@@ -14747,187 +21933,337 @@ CVE-2021-38024
RESERVED
CVE-2021-38023
RESERVED
-CVE-2021-38022
- RESERVED
-CVE-2021-38021
- RESERVED
-CVE-2021-38020
- RESERVED
-CVE-2021-38019
- RESERVED
-CVE-2021-38018
- RESERVED
-CVE-2021-38017
- RESERVED
-CVE-2021-38016
- RESERVED
-CVE-2021-38015
- RESERVED
-CVE-2021-38014
- RESERVED
-CVE-2021-38013
- RESERVED
-CVE-2021-38012
- RESERVED
-CVE-2021-38011
- RESERVED
-CVE-2021-38010
- RESERVED
-CVE-2021-38009
- RESERVED
-CVE-2021-38008
- RESERVED
-CVE-2021-38007
- RESERVED
-CVE-2021-38006
- RESERVED
-CVE-2021-38005
- RESERVED
+CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37960
REJECTED
CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...)
- - chromium <unfixed>
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37955
RESERVED
@@ -14957,10 +22293,10 @@ CVE-2021-37943
RESERVED
CVE-2021-37942
RESERVED
-CVE-2021-37941
- RESERVED
-CVE-2021-37940
- RESERVED
+CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent, ...)
+ NOT-FOR-US: Elastic APM Java agent
+CVE-2021-37940 (An information disclosure via GET request server-side request forgery ...)
+ NOT-FOR-US: Workplace Search GHES integration
CVE-2021-37939 (It was discovered that Kibana&#8217;s JIRA connector &amp; IBM Resilie ...)
NOT-FOR-US: IBM
CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...)
@@ -14969,10 +22305,10 @@ CVE-2021-37937
RESERVED
CVE-2021-37936
RESERVED
-CVE-2021-37935
- RESERVED
-CVE-2021-37934
- RESERVED
+CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...)
+ NOT-FOR-US: Huntflow Enterprise
+CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...)
+ NOT-FOR-US: Huntflow Enterprise
CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...)
NOT-FOR-US: Huntflow Enterprise
CVE-2021-37932
@@ -14982,14 +22318,14 @@ CVE-2021-3681
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407
TODO: check, needs verifying the affected ansible/ansible-base components
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
- NOT-FOR-US: showdoc
+ NOT-FOR-US: ShowDoc
CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
- NOT-FOR-US: showdoc
+ NOT-FOR-US: ShowDoc
CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
@@ -15118,38 +22454,42 @@ CVE-2021-37869
RESERVED
CVE-2021-37868
RESERVED
-CVE-2021-37867
- RESERVED
-CVE-2021-37866
- RESERVED
-CVE-2021-37865
- RESERVED
-CVE-2021-37864
- RESERVED
-CVE-2021-37863
- RESERVED
-CVE-2021-37862
- RESERVED
-CVE-2021-37861
- RESERVED
+CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...)
+ NOT-FOR-US: Mattermost Boards plugin
+CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...)
+ NOT-FOR-US: Mattermost Boards plugin
+CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37865 (MMSA-2021-0081)
+CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37864 (MMSA-2021-0076)
+CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37863 (MMSA-2021-0075)
+CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37862 (MMSA-2021-0074)
+CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...)
+ - mattermost-server <itp> (bug #823556)
CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...)
- mattermost-server <itp> (bug #823556)
CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
- mattermost-server <itp> (bug #823556)
CVE-2021-37858
- RESERVED
+ REJECTED
CVE-2021-37857
- RESERVED
+ REJECTED
CVE-2021-37856
- RESERVED
+ REJECTED
CVE-2021-37855
- RESERVED
+ REJECTED
CVE-2021-37854
- RESERVED
+ REJECTED
CVE-2021-37853
- RESERVED
-CVE-2021-37852
- RESERVED
+ REJECTED
+CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...)
+ NOT-FOR-US: ESET
CVE-2021-37851
RESERVED
CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...)
@@ -15164,7 +22504,7 @@ CVE-2021-37846
RESERVED
CVE-2021-37845
RESERVED
- - citadel <unfixed>
+ - citadel <removed>
[buster] - citadel <ignored> (Minor issue)
[stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259
@@ -15196,7 +22536,7 @@ CVE-2021-37839
CVE-2021-3674
RESERVED
CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...)
- - radare2 <unfixed>
+ - radare2 5.5.0+dfsg-1
NOTE: https://github.com/radareorg/radare2/issues/18923
NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d
CVE-2021-37838
@@ -15515,8 +22855,12 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
NOT-FOR-US: Shopware
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
-CVE-2021-37706
- RESERVED
+CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
+ NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865
CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...)
NOT-FOR-US: OneFuzz
CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
@@ -15537,6 +22881,8 @@ CVE-2021-37699 (Next.js is an open source website development framework to be us
CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
{DLA-2816-1}
- icinga2 2.13.1-1
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2
NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
NOTE: https://github.com/Icinga/icinga2/commit/8910abc5882774c067dfc22cdf8bf8b830257608 (v2.12.6)
@@ -15699,42 +23045,42 @@ CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi
- freeswitch <itp> (bug #389591)
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
NOTE: https://github.com/Exiv2/exiv2/pull/1790
CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
NOTE: https://github.com/Exiv2/exiv2/pull/1788
CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
NOTE: https://github.com/Exiv2/exiv2/pull/1778
CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728
NOTE: https://github.com/Exiv2/exiv2/pull/1769
CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
NOTE: https://github.com/Exiv2/exiv2/pull/1752
CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -15744,14 +23090,14 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from
- nextcloud-desktop <not-affected> (Doesn't affect Nextcloud client as shipped in Debian)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
NOTE: https://github.com/Exiv2/exiv2/pull/1758
CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -15759,8 +23105,8 @@ CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, wri
NOTE: https://github.com/Exiv2/exiv2/pull/1758
CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...)
NOT-FOR-US: MOVEit Transfer
-CVE-2021-37613
- RESERVED
+CVE-2021-37613 (Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-37612
RESERVED
CVE-2021-37611
@@ -15779,9 +23125,9 @@ CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
NOT-FOR-US: Meow hash
-CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
+CVE-2021-37605 (In version 6.5 Microchip MiWi software and all previous versions inclu ...)
NOT-FOR-US: Microchip MiWi
-CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
+CVE-2021-37604 (In version 6.5 of Microchip MiWi software and all previous versions in ...)
NOT-FOR-US: Microchip MiWi
CVE-2021-37603
RESERVED
@@ -15832,10 +23178,10 @@ CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multi
NOT-FOR-US: Mitel
CVE-2021-37585
RESERVED
-CVE-2021-37584
- RESERVED
-CVE-2021-37583
- RESERVED
+CVE-2021-37584 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37583 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
CVE-2021-37582
RESERVED
CVE-2021-37581
@@ -15862,32 +23208,32 @@ CVE-2021-37574
RESERVED
CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...)
NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS)
-CVE-2021-37572
- RESERVED
-CVE-2021-37571
- RESERVED
-CVE-2021-37570
- RESERVED
-CVE-2021-37569
- RESERVED
-CVE-2021-37568
- RESERVED
-CVE-2021-37567
- RESERVED
-CVE-2021-37566
- RESERVED
-CVE-2021-37565
- RESERVED
-CVE-2021-37564
- RESERVED
-CVE-2021-37563
- RESERVED
-CVE-2021-37562
- RESERVED
-CVE-2021-37561
- RESERVED
-CVE-2021-37560
- RESERVED
+CVE-2021-37572 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37571 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37570 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37569 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37568 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37567 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37566 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37565 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37564 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37563 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37562 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37561 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37560 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
CVE-2021-37559
RESERVED
CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...)
@@ -15954,10 +23300,22 @@ CVE-2021-37532 (SAP Business One version - 10, due to improper input validation,
NOT-FOR-US: SAP
CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...)
NOT-FOR-US: SAP
-CVE-2021-37530
- RESERVED
-CVE-2021-37529
- RESERVED
+CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...)
+ - fig2dev 1:3.2.8b-1
+ [bullseye] - fig2dev <no-dsa> (Minor issue)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/126/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/ff103511e49c44c83fc58e2092aa37e9019a3a9f/
+CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...)
+ - fig2dev 1:3.2.8b-1
+ [bullseye] - fig2dev <no-dsa> (Minor issue)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/125/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/899ea1277387ca9e9853bf61d29b7419d5692691/
CVE-2021-37528
RESERVED
CVE-2021-37527
@@ -16174,9 +23532,9 @@ CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerabl
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoo ...)
+CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...)
NOT-FOR-US: ManageEngine
-CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. ...)
+CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...)
NOT-FOR-US: ManageEngine
CVE-2021-37418
REJECTED
@@ -16231,10 +23589,10 @@ CVE-2021-3660
[bullseye] - cockpit <ignored> (Minor issue)
[buster] - cockpit <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688
-CVE-2021-37401
- RESERVED
-CVE-2021-37400
- RESERVED
+CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...)
+ NOT-FOR-US: IDEC
+CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...)
+ NOT-FOR-US: IDEC
CVE-2021-37399
RESERVED
CVE-2021-37398
@@ -16325,8 +23683,8 @@ CVE-2021-37356
RESERVED
CVE-2021-37355
RESERVED
-CVE-2021-37354
- RESERVED
+CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...)
+ NOT-FOR-US: Xerox
CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...)
NOT-FOR-US: Nagios XI
CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...)
@@ -16390,7 +23748,7 @@ CVE-2021-37324
CVE-2021-37323
RESERVED
CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.27.51.20161102-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188
NOTE: binutils not covered by security support
CVE-2021-37321
@@ -16439,8 +23797,10 @@ CVE-2021-37300
RESERVED
CVE-2021-37299
RESERVED
-CVE-2021-37298
- RESERVED
+CVE-2021-37298 (Laravel v5.1 was discovered to contain a deserialization vulnerability ...)
+ - php-laravel-framework <undetermined>
+ NOTE: https://github.com/Stakcery/happywd/issues/1
+ TODO: check, unclear status of report to upstream
CVE-2021-37297
RESERVED
CVE-2021-37296
@@ -16511,8 +23871,8 @@ CVE-2021-37264
RESERVED
CVE-2021-37263
RESERVED
-CVE-2021-37262
- RESERVED
+CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...)
+ NOT-FOR-US: JFinal_cms
CVE-2021-37261
RESERVED
CVE-2021-37260
@@ -16529,8 +23889,8 @@ CVE-2021-37255
RESERVED
CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...)
NOT-FOR-US: M-Files
-CVE-2021-37253
- RESERVED
+CVE-2021-37253 (** DISPUTED ** M-Files Web before 20.10.9524.1 allows a denial of serv ...)
+ NOT-FOR-US: M-Files Web
CVE-2021-37252
RESERVED
CVE-2021-37251
@@ -16573,6 +23933,8 @@ CVE-2021-37233
RESERVED
CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...)
- atomicparsley 20210715.151551.e7ad03a-1 (bug #993366)
+ [bullseye] - atomicparsley <no-dsa> (Minor issue)
+ [buster] - atomicparsley <no-dsa> (Minor issue)
[stretch] - atomicparsley <no-dsa> (Minor issue)
- gtkpod <unfixed> (bug #993376)
[bullseye] - gtkpod <ignored> (Minor issue)
@@ -16582,6 +23944,8 @@ CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.
NOTE: https://github.com/wez/atomicparsley/issues/32
CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...)
- atomicparsley 20210715.151551.e7ad03a-1 (bug #993372)
+ [bullseye] - atomicparsley <no-dsa> (Minor issue)
+ [buster] - atomicparsley <no-dsa> (Minor issue)
[stretch] - atomicparsley <no-dsa> (Minor issue)
- gtkpod <unfixed> (bug #993375)
[bullseye] - gtkpod <ignored> (Minor issue)
@@ -16621,6 +23985,7 @@ CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer all
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...)
- nomad <unfixed>
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
NOTE: https://github.com/hashicorp/nomad/pull/11089 (main)
NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4)
@@ -16663,10 +24028,10 @@ CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (
NOT-FOR-US: Siemens
CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
NOT-FOR-US: Siemens
-CVE-2021-37205
- RESERVED
-CVE-2021-37204
- RESERVED
+CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
NOT-FOR-US: Siemens
CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
@@ -16677,16 +24042,16 @@ CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions &
NOT-FOR-US: Siemens
CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...)
NOT-FOR-US: Siemens
-CVE-2021-37198
- RESERVED
-CVE-2021-37197
- RESERVED
-CVE-2021-37196
- RESERVED
-CVE-2021-37195
- RESERVED
-CVE-2021-37194
- RESERVED
+CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -16695,16 +24060,16 @@ CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Ser
NOT-FOR-US: Siemens
CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
-CVE-2021-37189
- RESERVED
-CVE-2021-37188
- RESERVED
-CVE-2021-37187
- RESERVED
+CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...)
+ NOT-FOR-US: Digi TransPort Gateway devices
+CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ NOT-FOR-US: Digi TransPort devices
+CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ NOT-FOR-US: Digi TransPort devices
CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions &lt ...)
NOT-FOR-US: Siemens
-CVE-2021-37185
- RESERVED
+CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...)
NOT-FOR-US: Siemens
CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -16764,7 +24129,7 @@ CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b
CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...)
- - wolfssl <unfixed> (bug #991443)
+ - wolfssl 5.0.0-1 (bug #991443)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
@@ -16776,10 +24141,14 @@ CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3
NOT-FOR-US: Sonatype
CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...)
NOT-FOR-US: CyberArk Identity
-CVE-2021-3657
- RESERVED
+CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...)
+ - isync 1.4.4-1
+ [bullseye] - isync 1.3.0-2.2+deb11u1
+ [buster] - isync <no-dsa> (Minor issue)
+ [stretch] - isync <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1
CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -16807,7 +24176,7 @@ CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apa
CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
[experimental] - ros-ros-comm 1.15.13+ds1-1
- ros-ros-comm 1.15.13+ds1-2
- [bullseye] - ros-ros-comm <no-dsa> (Minor issue)
+ [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1
[buster] - ros-ros-comm <no-dsa> (Minor issue)
[stretch] - ros-ros-comm <no-dsa> (Minor issue)
NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
@@ -16855,62 +24224,62 @@ CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting s
NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final)
CVE-2021-37135
RESERVED
-CVE-2021-37134
- RESERVED
-CVE-2021-37133
- RESERVED
-CVE-2021-37132
- RESERVED
+CVE-2021-37134 (Location-related APIs exists a Race Condition vulnerability.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37133 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and Access Contro ...)
+ NOT-FOR-US: Huawei
CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...)
NOT-FOR-US: Huawei
CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...)
NOT-FOR-US: Huawei
CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...)
NOT-FOR-US: Huawei
-CVE-2021-37128
- RESERVED
+CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful exploitat ...)
+ NOT-FOR-US: Huawei
CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...)
NOT-FOR-US: Huawei
-CVE-2021-37126
- RESERVED
-CVE-2021-37125
- RESERVED
+CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
+ NOT-FOR-US: Huawei
CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...)
NOT-FOR-US: Huawei
CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...)
NOT-FOR-US: Hero-CT060
CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...)
NOT-FOR-US: Huawei
-CVE-2021-37121
- RESERVED
-CVE-2021-37120
- RESERVED
-CVE-2021-37119
- RESERVED
-CVE-2021-37118
- RESERVED
-CVE-2021-37117
- RESERVED
-CVE-2021-37116
- RESERVED
-CVE-2021-37115
- RESERVED
-CVE-2021-37114
- RESERVED
-CVE-2021-37113
- RESERVED
-CVE-2021-37112
- RESERVED
-CVE-2021-37111
- RESERVED
-CVE-2021-37110
- RESERVED
-CVE-2021-37109
- RESERVED
+CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37119 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional Conditi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37112 (Hisuite module has a External Control of System or Configuration Setti ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful explo ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...)
+ NOT-FOR-US: Huawei
CVE-2021-37108
RESERVED
-CVE-2021-37107
- RESERVED
+CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...)
+ NOT-FOR-US: Huawei
CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...)
NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...)
@@ -16923,134 +24292,134 @@ CVE-2021-37102 (There is a command injection vulnerability in CMA service module
NOT-FOR-US: Huawei
CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
NOT-FOR-US: Huawei
-CVE-2021-37100
- RESERVED
-CVE-2021-37099
- RESERVED
-CVE-2021-37098
- RESERVED
-CVE-2021-37097
- RESERVED
-CVE-2021-37096
- RESERVED
-CVE-2021-37095
- RESERVED
-CVE-2021-37094
- RESERVED
-CVE-2021-37093
- RESERVED
-CVE-2021-37092
- RESERVED
-CVE-2021-37091
- RESERVED
-CVE-2021-37090
- RESERVED
-CVE-2021-37089
- RESERVED
-CVE-2021-37088
- RESERVED
-CVE-2021-37087
- RESERVED
-CVE-2021-37086
- RESERVED
-CVE-2021-37085
- RESERVED
-CVE-2021-37084
- RESERVED
-CVE-2021-37083
- RESERVED
-CVE-2021-37082
- RESERVED
-CVE-2021-37081
- RESERVED
-CVE-2021-37080
- RESERVED
-CVE-2021-37079
- RESERVED
-CVE-2021-37078
- RESERVED
-CVE-2021-37077
- RESERVED
-CVE-2021-37076
- RESERVED
-CVE-2021-37075
- RESERVED
-CVE-2021-37074
- RESERVED
-CVE-2021-37073
- RESERVED
-CVE-2021-37072
- RESERVED
-CVE-2021-37071
- RESERVED
-CVE-2021-37070
- RESERVED
-CVE-2021-37069
- RESERVED
-CVE-2021-37068
- RESERVED
-CVE-2021-37067
- RESERVED
-CVE-2021-37066
- RESERVED
-CVE-2021-37065
- RESERVED
-CVE-2021-37064
- RESERVED
-CVE-2021-37063
- RESERVED
-CVE-2021-37062
- RESERVED
-CVE-2021-37061
- RESERVED
-CVE-2021-37060
- RESERVED
-CVE-2021-37059
- RESERVED
-CVE-2021-37058
- RESERVED
-CVE-2021-37057
- RESERVED
-CVE-2021-37056
- RESERVED
-CVE-2021-37055
- RESERVED
-CVE-2021-37054
- RESERVED
-CVE-2021-37053
- RESERVED
-CVE-2021-37052
- RESERVED
-CVE-2021-37051
- RESERVED
-CVE-2021-37050
- RESERVED
-CVE-2021-37049
- RESERVED
-CVE-2021-37048
- RESERVED
-CVE-2021-37047
- RESERVED
-CVE-2021-37046
- RESERVED
-CVE-2021-37045
- RESERVED
-CVE-2021-37044
- RESERVED
-CVE-2021-37043
- RESERVED
-CVE-2021-37042
- RESERVED
-CVE-2021-37041
- RESERVED
-CVE-2021-37040
- RESERVED
-CVE-2021-37039
- RESERVED
-CVE-2021-37038
- RESERVED
-CVE-2021-37037
- RESERVED
+CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors vulnerability .Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37097 (There is a Code Injection vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37095 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37094 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37093 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37092 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37091 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37090 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37089 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37088 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37087 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37086 (There is a Improper Preservation of Permissions vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37085 (There is a Encoding timing vulnerability in Huawei Smartphone.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37084 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37083 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37082 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37081 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37080 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37079 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37078 (There is a Uncaught Exception vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37077 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37076 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37075 (There is a Credentials Management Errors vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37074 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37073 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37072 (There is a Incorrect Calculation of Buffer Size vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37071 (There is a Business Logic Errors vulnerability in Huawei Smartphone.Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37070 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37069 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37068 (There is a Resource Management Errors vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37067 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37066 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37065 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37064 (There is a Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37063 (There is a Cryptographic Issues vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37062 (There is a Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37061 (There is a Uncontrolled Resource Consumption vulnerability in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37060 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37059 (There is a Weaknesses Introduced During Design ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-37058 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37057 (There is a Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37056 (There is an Improper permission control vulnerability in Huawei Smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37055 (There is a Logic bypass vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37054 (There is an Identity spoofing and authentication bypass vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37053 (There is a Service logic vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37052 (There is an Exception log vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37051 (There is an Out-of-bounds read vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37050 (There is a Missing sensitive data encryption vulnerability in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37049 (There is a Heap-based buffer overflow vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37048 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37047 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37046 (There is a Memory leak vulnerability with the codec detection module i ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37045 (There is an UAF vulnerability in Huawei Smartphone.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37044 (There is a Permission control vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37043 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37042 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37041 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37040 (There is a Parameter injection vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37039 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37038 (There is an Improper access control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37037 (There is an Invalid address access vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1, ...)
NOT-FOR-US: Huawei
CVE-2021-37035 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
@@ -17081,10 +24450,10 @@ CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smart
NOT-FOR-US: Huawei
CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...)
NOT-FOR-US: Huawei
-CVE-2021-37021
- RESERVED
-CVE-2021-37020
- RESERVED
+CVE-2021-37021 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37020 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
@@ -17095,14 +24464,14 @@ CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone
NOT-FOR-US: Huawei
CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
NOT-FOR-US: Huawei
-CVE-2021-37014
- RESERVED
+CVE-2021-37014 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
NOT-FOR-US: Huawei
-CVE-2021-37011
- RESERVED
+CVE-2021-37011 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...)
NOT-FOR-US: Huawei
CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...)
@@ -17164,7 +24533,7 @@ CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl
CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...)
NOT-FOR-US: SerNet verinice
CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-3
[buster] - linux 4.19.208-1
CVE-2021-3654 [novnc allows open redirection]
@@ -17182,7 +24551,7 @@ CVE-2021-23203
CVE-2021-23184
RESERVED
CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...)
- - openvswitch <unfixed> (bug #991308)
+ - openvswitch 2.15.0+ds1-10 (bug #991308)
[bullseye] - openvswitch <no-dsa> (Minor issue)
[buster] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11)
[stretch] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11)
@@ -17325,8 +24694,8 @@ CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/A
NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
-CVE-2021-36920
- RESERVED
+CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36918
@@ -17343,8 +24712,8 @@ CVE-2021-36913
RESERVED
CVE-2021-36912
RESERVED
-CVE-2021-36911
- RESERVED
+CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-36910
RESERVED
CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...)
@@ -17387,16 +24756,16 @@ CVE-2021-36891
RESERVED
CVE-2021-36890
RESERVED
-CVE-2021-36889
- RESERVED
-CVE-2021-36888
- RESERVED
-CVE-2021-36887
- RESERVED
-CVE-2021-36886
- RESERVED
-CVE-2021-36885
- RESERVED
+CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36883
@@ -17603,12 +24972,12 @@ CVE-2021-36783
RESERVED
CVE-2021-36782
RESERVED
-CVE-2021-36781
- RESERVED
-CVE-2021-36780
- RESERVED
-CVE-2021-36779
- RESERVED
+CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...)
+ NOT-FOR-US: Parsec
+CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
+ NOT-FOR-US: Longhorn
+CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
+ NOT-FOR-US: Longhorn
CVE-2021-36778
RESERVED
CVE-2021-36777
@@ -17618,12 +24987,12 @@ CVE-2021-36776
CVE-2021-36775
RESERVED
CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
-CVE-2021-36774
- RESERVED
+CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
- ublock-origin 1.37.0+dfsg-1 (bug #991386)
[bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1
@@ -17666,7 +25035,7 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succ
NOTE: https://github.com/389ds/389-ds-base/issues/4817
NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x)
-CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a challen ...)
+CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...)
NOT-FOR-US: Digi RealPort
CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
NOT-FOR-US: Concrete5
@@ -17680,8 +25049,8 @@ CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack th
NOT-FOR-US: HCC Embedded InterNiche NicheStack
CVE-2021-36761
RESERVED
-CVE-2021-36760
- RESERVED
+CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...)
+ NOT-FOR-US: WSO2
CVE-2021-36759
RESERVED
CVE-2021-3651
@@ -17701,10 +25070,10 @@ CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current wor
NOT-FOR-US: sharkdp BAT
CVE-2021-36752
RESERVED
-CVE-2021-36751
- RESERVED
-CVE-2021-36750
- RESERVED
+CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such ...)
+ NOT-FOR-US: ENC DataVault
+CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...)
+ NOT-FOR-US: ENC
CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
- druid <itp> (bug #825797)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
@@ -17729,11 +25098,7 @@ CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex On
CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...)
NOT-FOR-US: Trend Micro
CVE-2021-3648
- RESERVED
- - binutils <unfixed> (unimportant)
- NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968
- NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935
- NOTE: binutils not covered by security support
+ REJECTED
CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: URI.js
CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
@@ -17743,18 +25108,18 @@ CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Obje
CVE-2021-3644
RESERVED
- wildfly <itp> (bug #752018)
-CVE-2021-36739
- RESERVED
-CVE-2021-36738
- RESERVED
-CVE-2021-36737
- RESERVED
+CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...)
+ NOT-FOR-US: Apache Pluto MVCBean JSP portlet
+CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...)
+ NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet
+CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...)
+ NOT-FOR-US: Apache Pluto UrlTestPortlet
CVE-2021-36736
- RESERVED
+ REJECTED
CVE-2021-36735
- RESERVED
+ REJECTED
CVE-2021-36734
- RESERVED
+ REJECTED
CVE-2021-36733
RESERVED
CVE-2021-36732
@@ -17779,20 +25144,20 @@ CVE-2021-36726
RESERVED
CVE-2021-36725
RESERVED
-CVE-2021-36724
- RESERVED
-CVE-2021-36723
- RESERVED
-CVE-2021-36722
- RESERVED
-CVE-2021-36721
- RESERVED
-CVE-2021-36720
- RESERVED
-CVE-2021-36719
- RESERVED
-CVE-2021-36718
- RESERVED
+CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...)
+ NOT-FOR-US: ForeScout - SecureConnector
+CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...)
+ NOT-FOR-US: Emuse - eServices / eNvoice
+CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...)
+ NOT-FOR-US: Emuse - eServices / eNvoice
+CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...)
+ NOT-FOR-US: Sysaid API
+CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...)
+ NOT-FOR-US: PineApp - Mail Secure
+CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...)
+ NOT-FOR-US: PineApp - Mail Secure
+CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...)
+ NOT-FOR-US: SYNEL - eharmonynew / Synel Reports
CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...)
NOT-FOR-US: Synerion TimeNet
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
@@ -17856,9 +25221,14 @@ CVE-2021-36694
CVE-2021-36693
RESERVED
CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...)
- NOT-FOR-US: libjxl
+ - jpeg-xl <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/308
+ NOTE: https://github.com/libjxl/libjxl/pull/313
+ NOTE: https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b (v0.5)
CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...)
- NOT-FOR-US: libjxl
+ - jpeg-xl <unfixed>
+ NOTE: https://github.com/libjxl/libjxl/issues/422
+ NOTE: Special case of https://github.com/libjxl/libjxl/issues/762
CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...)
- sqlite3 3.36.0-2 (unimportant)
[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
@@ -18112,14 +25482,14 @@ CVE-2021-36569
RESERVED
CVE-2021-36568
RESERVED
-CVE-2021-36567
- RESERVED
+CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
+ NOT-FOR-US: ThinkPHP
CVE-2021-36566
RESERVED
CVE-2021-36565
RESERVED
-CVE-2021-36564
- RESERVED
+CVE-2021-36564 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
+ NOT-FOR-US: ThinkPHP
CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) does not ...)
- check-mk <removed>
CVE-2021-36562
@@ -18346,8 +25716,8 @@ CVE-2021-36452
RESERVED
CVE-2021-36451
RESERVED
-CVE-2021-36450
- RESERVED
+CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the co ...)
+ NOT-FOR-US: Verint
CVE-2021-36449
RESERVED
CVE-2021-36448
@@ -18414,28 +25784,50 @@ CVE-2021-36419
RESERVED
CVE-2021-36418
RESERVED
-CVE-2021-36417
- RESERVED
+CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1846
+ NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30
CVE-2021-36416
RESERVED
CVE-2021-36415
RESERVED
-CVE-2021-36414
- RESERVED
+CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1840
+ NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21
CVE-2021-36413
RESERVED
-CVE-2021-36412
- RESERVED
-CVE-2021-36411
- RESERVED
-CVE-2021-36410
- RESERVED
+CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1838
+ NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e
+CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/302
+CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/301
CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
NOT-FOR-US: Bitdefender
-CVE-2021-36409
- RESERVED
-CVE-2021-36408
- RESERVED
+CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/300
+CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/299
CVE-2021-36407
RESERVED
CVE-2021-36406
@@ -18572,6 +25964,7 @@ CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Infor
CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
RESERVED
- linux 5.15.3-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
RESERVED
@@ -18580,36 +25973,36 @@ CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
[buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
[stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
-CVE-2021-36350
- RESERVED
-CVE-2021-36349
- RESERVED
-CVE-2021-36348
- RESERVED
-CVE-2021-36347
- RESERVED
-CVE-2021-36346
- RESERVED
+CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...)
+ NOT-FOR-US: Dell
+CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
+ NOT-FOR-US: EMC
+CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...)
+ NOT-FOR-US: Dell
+CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...)
+ NOT-FOR-US: Dell
+CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...)
+ NOT-FOR-US: Dell
CVE-2021-36345
RESERVED
CVE-2021-36344
RESERVED
-CVE-2021-36343
- RESERVED
-CVE-2021-36342
- RESERVED
-CVE-2021-36341
- RESERVED
+CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...)
+ NOT-FOR-US: Dell
CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
NOT-FOR-US: EMC
-CVE-2021-36339
- RESERVED
-CVE-2021-36338
- RESERVED
-CVE-2021-36337
- RESERVED
-CVE-2021-36336
- RESERVED
+CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...)
+ NOT-FOR-US: EMC
+CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege ...)
+ NOT-FOR-US: Unisphere for PowerMax
+CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...)
+ NOT-FOR-US: Dell
+CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...)
+ NOT-FOR-US: Dell
CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...)
NOT-FOR-US: EMC
CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...)
@@ -18620,16 +26013,16 @@ CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and
NOT-FOR-US: EMC
CVE-2021-36331
RESERVED
-CVE-2021-36330
- RESERVED
-CVE-2021-36329
- RESERVED
-CVE-2021-36328
- RESERVED
-CVE-2021-36327
- RESERVED
-CVE-2021-36326
- RESERVED
+CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -18644,12 +26037,12 @@ CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 cont
NOT-FOR-US: Dell
CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...)
NOT-FOR-US: Dell
-CVE-2021-36318
- RESERVED
-CVE-2021-36317
- RESERVED
-CVE-2021-36316
- RESERVED
+CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...)
+ NOT-FOR-US: EMC
+CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...)
+ NOT-FOR-US: EMC
+CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...)
+ NOT-FOR-US: EMC
CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...)
NOT-FOR-US: EMC
CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...)
@@ -18676,8 +26069,8 @@ CVE-2021-36304
RESERVED
CVE-2021-36303
RESERVED
-CVE-2021-36302
- RESERVED
+CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...)
+ NOT-FOR-US: EMC
CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...)
NOT-FOR-US: Dell
CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...)
@@ -18688,12 +26081,12 @@ CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky crypt
NOT-FOR-US: EMC
CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...)
NOT-FOR-US: SupportAssist Client (Dell)
-CVE-2021-36296
- RESERVED
-CVE-2021-36295
- RESERVED
-CVE-2021-36294
- RESERVED
+CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
CVE-2021-36293
RESERVED
CVE-2021-36292
@@ -18702,8 +26095,8 @@ CVE-2021-36291
RESERVED
CVE-2021-36290
RESERVED
-CVE-2021-36289
- RESERVED
+CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...)
+ NOT-FOR-US: Dell
CVE-2021-36288
RESERVED
CVE-2021-36287
@@ -18851,9 +26244,10 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center
NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.16 1.16.7-1
- golang-1.15 1.15.15-1 (bug #991961)
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -18908,30 +26302,30 @@ CVE-2021-36201
RESERVED
CVE-2021-36200
RESERVED
-CVE-2021-36199
- RESERVED
-CVE-2021-36198
- RESERVED
+CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...)
+ NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
+CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...)
+ NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2021-36197
RESERVED
CVE-2021-36196
RESERVED
-CVE-2021-36195
- RESERVED
-CVE-2021-36194
- RESERVED
-CVE-2021-36193
- RESERVED
+CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36191
- RESERVED
-CVE-2021-36190
- RESERVED
-CVE-2021-36189
- RESERVED
-CVE-2021-36188
- RESERVED
+CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...)
NOT-FOR-US: Fortiguard
CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, vers ...)
@@ -18946,34 +26340,34 @@ CVE-2021-36182 (A Improper neutralization of special elements used in a command
NOT-FOR-US: FortiGuard
CVE-2021-36181 (A concurrent execution using shared resource with improper Synchroniza ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36180
- RESERVED
+CVE-2021-36180 (Multiple improper neutralization of special elements used in a command ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...)
NOT-FOR-US: FortiGuard
CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36177
- RESERVED
+CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...)
NOT-FOR-US: Fortiguard
CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...)
NOT-FOR-US: Fortiguard
CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36173
- RESERVED
+CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...)
NOT-FOR-US: Fortiguard
CVE-2021-36171
RESERVED
CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36169
- RESERVED
+CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
NOT-FOR-US: Fortinet
-CVE-2021-36167
- RESERVED
+CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-36166
RESERVED
CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
@@ -18996,6 +26390,7 @@ CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi t
NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
NOTE: packages which are provided by src:apache2 itself.
NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616
+ NOTE: Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x)
CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
NOT-FOR-US: libfetch
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
@@ -19010,10 +26405,10 @@ CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows
NOT-FOR-US: gRPC Swift
CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...)
NOT-FOR-US: gRPC Swift
-CVE-2021-36152
- RESERVED
-CVE-2021-36151
- RESERVED
+CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...)
+ NOT-FOR-US: Apache Gobblin
+CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is ...)
+ NOT-FOR-US: Apache Gobblin
CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...)
NOT-FOR-US: OpenShift
CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...)
@@ -19063,8 +26458,8 @@ CVE-2021-36135
RESERVED
CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
NOT-FOR-US: McAfee
-CVE-2021-36133
- RESERVED
+CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
+ NOT-FOR-US: OP-TEE
CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
NOT-FOR-US: FileImport MediaWiki extension
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
@@ -19471,8 +26866,8 @@ CVE-2021-35980
RESERVED
CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
NOT-FOR-US: Digi RealPort
-CVE-2021-35978
- RESERVED
+CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
+ NOT-FOR-US: Digi TransPort devices
CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...)
NOT-FOR-US: Digi RealPort
CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
@@ -19489,8 +26884,8 @@ CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and
NOT-FOR-US: Veeam
CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...)
NOT-FOR-US: Coral
-CVE-2021-35969
- RESERVED
+CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...)
NOT-FOR-US: Orca HCM digital learning platform
CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...)
@@ -19552,7 +26947,7 @@ CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.
CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...)
NOT-FOR-US: Western Digital
CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...)
- {DLA-2702-1}
+ {DSA-5032-1 DLA-2702-1}
- djvulibre 3.5.27.1-12
NOTE: https://sourceforge.net/p/djvu/bugs/302/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
@@ -20098,16 +27493,16 @@ CVE-2021-35689
RESERVED
CVE-2021-35688
RESERVED
-CVE-2021-35687
- RESERVED
-CVE-2021-35686
- RESERVED
+CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
CVE-2021-35685
RESERVED
CVE-2021-35684
RESERVED
-CVE-2021-35683
- RESERVED
+CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...)
+ NOT-FOR-US: Oracle
CVE-2021-35682
RESERVED
CVE-2021-35681
@@ -20266,16 +27661,15 @@ CVE-2021-35606 (Vulnerability in the PeopleSoft Enterprise CS Campus Community p
CVE-2021-35605
RESERVED
CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mariadb-10.5 <unfixed>
+ - mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 <no-dsa> (Minor issue)
- mariadb-10.3 <removed>
[buster] - mariadb-10.3 <no-dsa> (Minor issue)
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
- TODO: clarify MariaDB 10.6 status
CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -20310,10 +27704,10 @@ CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
{DLA-2814-1}
- openjdk-8 8u312-b07-1
-CVE-2021-35587
- RESERVED
+CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
+ NOT-FOR-US: Oracle
CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -20332,7 +27726,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac
CVE-2021-35579
RESERVED
CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -20357,18 +27751,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac
CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -20377,14 +27771,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle
CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -20393,7 +27787,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser
CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
NOT-FOR-US: Oracle
CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -20408,7 +27802,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
NOT-FOR-US: Oracle
CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -20444,7 +27838,7 @@ CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relio
CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...)
NOT-FOR-US: Hitachi
CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-35532
RESERVED
CVE-2021-35531
@@ -20467,7 +27861,7 @@ CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()]
[stretch] - dcraw <no-dsa> (Minor issue)
CVE-2021-3623 [out-of-bounds access when trying to resume the state of the vTPM]
RESERVED
- - libtpms <unfixed> (bug #990522)
+ - libtpms 0.9.1-1 (bug #990522)
NOTE: https://github.com/stefanberger/libtpms/pull/223
NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809
@@ -20549,8 +27943,7 @@ CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forward
NOT-FOR-US: Afian FileRun
CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...)
NOT-FOR-US: MISP
-CVE-2021-3622
- RESERVED
+CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attacker to ...)
- hivex 1.3.21-1 (bug #991860)
[bullseye] - hivex <no-dsa> (Minor issue)
[buster] - hivex <no-dsa> (Minor issue)
@@ -20559,8 +27952,7 @@ CVE-2021-3622
NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255
CVE-2021-35501 (PandoraFMS &lt;=7.54 allows Stored XSS by placing a payload in the nam ...)
NOT-FOR-US: PandoraFMS
-CVE-2021-3621 [shell command injection in sssctl]
- RESERVED
+CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...)
{DLA-2758-1}
- sssd 2.5.2-1 (bug #992710)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
@@ -20571,10 +27963,10 @@ CVE-2021-3620
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
- - ansible-base <unfixed>
+ - ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
-CVE-2021-35500
- RESERVED
+CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...)
+ NOT-FOR-US: TIBCO
CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...)
NOT-FOR-US: TIBCO
CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
@@ -20595,8 +27987,8 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authentic
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-35490
- RESERVED
+CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...)
+ NOT-FOR-US: Thruk
CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&amp;host={HOSTN ...)
NOT-FOR-US: Thruk
CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&amp;titl ...)
@@ -20719,8 +28111,9 @@ CVE-2021-35454
RESERVED
CVE-2021-35453
RESERVED
-CVE-2021-35452
- RESERVED
+CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...)
+ - libde265 <unfixed>
+ NOTE: https://github.com/strukturag/libde265/issues/298
CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...)
NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...)
@@ -20794,12 +28187,12 @@ CVE-2021-35417
RESERVED
CVE-2021-35416
RESERVED
-CVE-2021-35415
- RESERVED
-CVE-2021-35414
- RESERVED
-CVE-2021-35413
- RESERVED
+CVE-2021-35415 (A stored cross-site scripting (XSS) vulnerability allows attackers to ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35414 (Chamilo LMS v1.11.x was discovered to contain a SQL injection via the ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35413 (A remote code execution (RCE) vulnerability in course_intro_pdf_import ...)
+ NOT-FOR-US: Chamilo LMS
CVE-2021-35412
RESERVED
CVE-2021-35411
@@ -20864,8 +28257,8 @@ CVE-2021-35382
RESERVED
CVE-2021-35381
RESERVED
-CVE-2021-35380
- RESERVED
+CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...)
+ NOT-FOR-US: Solari di Udine TermTalk Server (TTServer)
CVE-2021-35379
RESERVED
CVE-2021-35378
@@ -20939,12 +28332,12 @@ CVE-2021-35348
RESERVED
CVE-2021-35347
RESERVED
-CVE-2021-35346
- RESERVED
+CVE-2021-35346 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...)
+ NOT-FOR-US: tsMuxer
CVE-2021-35345
RESERVED
-CVE-2021-35344
- RESERVED
+CVE-2021-35344 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...)
+ NOT-FOR-US: tsMuxer
CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...)
NOT-FOR-US: SeedDMS
CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...)
@@ -21157,20 +28550,20 @@ CVE-2021-35250
RESERVED
CVE-2021-35249
RESERVED
-CVE-2021-35248
- RESERVED
-CVE-2021-35247
- RESERVED
+CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...)
+ NOT-FOR-US: SolarWinds
CVE-2021-35246
RESERVED
-CVE-2021-35245
- RESERVED
-CVE-2021-35244
- RESERVED
-CVE-2021-35243
- RESERVED
-CVE-2021-35242
- RESERVED
+CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...)
+ NOT-FOR-US: SolarWinds
CVE-2021-35241
RESERVED
CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...)
@@ -21185,12 +28578,12 @@ CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Serv
NOT-FOR-US: SolarWinds
CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...)
NOT-FOR-US: Kiwi Syslog Server
-CVE-2021-35234
- RESERVED
+CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...)
+ NOT-FOR-US: SolarWinds
CVE-2021-35233 (The HTTP TRACK &amp; TRACE methods were enabled in Kiwi Syslog Server ...)
NOT-FOR-US: Kiwi Syslog Server
-CVE-2021-35232
- RESERVED
+CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk product. ...)
+ NOT-FOR-US: SolarWinds
CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
NOT-FOR-US: Kiwi Syslog Server Installation Wizard
CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
@@ -21475,8 +28868,8 @@ CVE-2021-35095
RESERVED
CVE-2021-35094
RESERVED
-CVE-2021-35093
- RESERVED
+CVE-2021-35093 (Possible memory corruption in BT controller when it receives an oversi ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-35092
RESERVED
CVE-2021-35091
@@ -21507,14 +28900,14 @@ CVE-2021-35079
RESERVED
CVE-2021-35078
RESERVED
-CVE-2021-35077
- RESERVED
+CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-35076
RESERVED
-CVE-2021-35075
- RESERVED
-CVE-2021-35074
- RESERVED
+CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-35073
RESERVED
CVE-2021-35072
@@ -21523,14 +28916,14 @@ CVE-2021-35071
RESERVED
CVE-2021-35070
RESERVED
-CVE-2021-35069
- RESERVED
-CVE-2021-35068
- RESERVED
+CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...)
NOT-FOR-US: Meross MSG100 devices
CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-3
[buster] - linux 4.19.208-1
NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
@@ -21560,8 +28953,8 @@ CVE-2021-35057
RESERVED
CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...)
NOT-FOR-US: Unisys
-CVE-2021-35055
- RESERVED
+CVE-2021-35055 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...)
NOT-FOR-US: Minecraft
CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
@@ -21573,6 +28966,7 @@ CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
NOTE: https://bugs.launchpad.net/qemu/+bug/1907497
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542
NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0)
+ NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-philmd@redhat.com/
CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
RESERVED
- imagemagick <not-affected> (Specific to Imagemagick 7)
@@ -21626,16 +29020,16 @@ CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect v
NOT-FOR-US: Jamf Pro
CVE-2021-35036
RESERVED
-CVE-2021-35035
- RESERVED
-CVE-2021-35034
- RESERVED
+CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...)
+ NOT-FOR-US: Zyxel
CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...)
NOT-FOR-US: Zyxel
-CVE-2021-35032
- RESERVED
-CVE-2021-35031
- RESERVED
+CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...)
+ NOT-FOR-US: Zyxel
CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...)
NOT-FOR-US: Zyxel
CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...)
@@ -21686,12 +29080,12 @@ CVE-2021-35007
RESERVED
CVE-2021-35006
RESERVED
-CVE-2021-35005
- RESERVED
-CVE-2021-35004
- RESERVED
-CVE-2021-35003
- RESERVED
+CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TP-Link
CVE-2021-35002
RESERVED
CVE-2021-35001
@@ -21700,18 +29094,18 @@ CVE-2021-35000
RESERVED
CVE-2021-34999
RESERVED
-CVE-2021-34998
- RESERVED
-CVE-2021-34997
- RESERVED
-CVE-2021-34996
- RESERVED
-CVE-2021-34995
- RESERVED
-CVE-2021-34994
- RESERVED
-CVE-2021-34993
- RESERVED
+CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Panda Security Free Antivirus
+CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34996 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34995 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34994 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34993 (This vulnerability allows remote attackers to bypass authentication on ...)
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Orckestra C1 CMS
CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -21726,10 +29120,10 @@ CVE-2021-34987
RESERVED
CVE-2021-34986
RESERVED
-CVE-2021-34985
- RESERVED
-CVE-2021-34984
- RESERVED
+CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley ContextCapture
+CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley ContextCapture
CVE-2021-34983
RESERVED
CVE-2021-34982
@@ -21741,14 +29135,14 @@ CVE-2021-34981 [Bluetooth CMTP Module Double Free Privilege Escalation Vulnerabi
[stretch] - linux 4.9.272-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
NOTE: https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1)
-CVE-2021-34980
- RESERVED
-CVE-2021-34979
- RESERVED
-CVE-2021-34978
- RESERVED
-CVE-2021-34977
- RESERVED
+CVE-2021-34980 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34979 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
CVE-2021-34976
RESERVED
CVE-2021-34975
@@ -21809,175 +29203,174 @@ CVE-2021-34948
RESERVED
CVE-2021-34947
RESERVED
-CVE-2021-34946
- RESERVED
-CVE-2021-34945
- RESERVED
-CVE-2021-34944
- RESERVED
-CVE-2021-34943
- RESERVED
-CVE-2021-34942
- RESERVED
-CVE-2021-34941
- RESERVED
-CVE-2021-34940
- RESERVED
-CVE-2021-34939
- RESERVED
-CVE-2021-34938
- RESERVED
-CVE-2021-34937
- RESERVED
-CVE-2021-34936
- RESERVED
-CVE-2021-34935
- RESERVED
-CVE-2021-34934
- RESERVED
-CVE-2021-34933
- RESERVED
-CVE-2021-34932
- RESERVED
-CVE-2021-34931
- RESERVED
-CVE-2021-34930
- RESERVED
-CVE-2021-34929
- RESERVED
-CVE-2021-34928
- RESERVED
-CVE-2021-34927
- RESERVED
-CVE-2021-34926
- RESERVED
-CVE-2021-34925
- RESERVED
-CVE-2021-34924
- RESERVED
-CVE-2021-34923
- RESERVED
-CVE-2021-34922
- RESERVED
-CVE-2021-34921
- RESERVED
-CVE-2021-34920
- RESERVED
-CVE-2021-34919
- RESERVED
-CVE-2021-34918
- RESERVED
-CVE-2021-34917
- RESERVED
-CVE-2021-34916
- RESERVED
-CVE-2021-34915
- RESERVED
-CVE-2021-34914
- RESERVED
-CVE-2021-34913
- RESERVED
-CVE-2021-34912
- RESERVED
-CVE-2021-34911
- RESERVED
-CVE-2021-34910
- RESERVED
-CVE-2021-34909
- RESERVED
-CVE-2021-34908
- RESERVED
-CVE-2021-34907
- RESERVED
-CVE-2021-34906
- RESERVED
-CVE-2021-34905
- RESERVED
-CVE-2021-34904
- RESERVED
-CVE-2021-34903
- RESERVED
-CVE-2021-34902
- RESERVED
-CVE-2021-34901
- RESERVED
-CVE-2021-34900
- RESERVED
-CVE-2021-34899
- RESERVED
-CVE-2021-34898
- RESERVED
-CVE-2021-34897
- RESERVED
-CVE-2021-34896
- RESERVED
-CVE-2021-34895
- RESERVED
-CVE-2021-34894
- RESERVED
-CVE-2021-34893
- RESERVED
-CVE-2021-34892
- RESERVED
-CVE-2021-34891
- RESERVED
-CVE-2021-34890
- RESERVED
-CVE-2021-34889
- RESERVED
-CVE-2021-34888
- RESERVED
-CVE-2021-34887
- RESERVED
-CVE-2021-34886
- RESERVED
-CVE-2021-34885
- RESERVED
-CVE-2021-34884
- RESERVED
-CVE-2021-34883
- RESERVED
-CVE-2021-34882
- RESERVED
-CVE-2021-34881
- RESERVED
-CVE-2021-34880
- RESERVED
-CVE-2021-34879
- RESERVED
-CVE-2021-34878
- RESERVED
-CVE-2021-34877
- RESERVED
-CVE-2021-34876
- RESERVED
-CVE-2021-34875
- RESERVED
-CVE-2021-34874
- RESERVED
-CVE-2021-34873
- RESERVED
-CVE-2021-34872
- RESERVED
-CVE-2021-34871
- RESERVED
-CVE-2021-34870
- RESERVED
-CVE-2021-34869
- RESERVED
-CVE-2021-34868
- RESERVED
-CVE-2021-34867
- RESERVED
-CVE-2021-34866
- RESERVED
+CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34944 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34943 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34942 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34941 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34940 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34939 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34938 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34937 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34936 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34935 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34934 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34933 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34932 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34931 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34930 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34929 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34928 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34927 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34926 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34925 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34924 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34923 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34922 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34921 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34920 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34919 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34918 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34917 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34916 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34913 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34912 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34911 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34910 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34909 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34906 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34905 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34904 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34903 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34902 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34901 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34900 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34899 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34898 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34897 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34896 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34895 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34894 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34893 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34892 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34891 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34890 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34889 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34888 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34887 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34886 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34884 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34882 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34881 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34879 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34877 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34876 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34875 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34874 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34873 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
-CVE-2021-34865
- RESERVED
+CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels Desktop
CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -21990,8 +29383,8 @@ CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose
NOT-FOR-US: D-Link
CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TeamViewer
-CVE-2021-34858
- RESERVED
+CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TeamViewer
CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels Desktop
CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
@@ -22060,6 +29453,7 @@ CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3
CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()]
RESERVED
- qemu 1:5.2+dfsg-11 (bug #990564)
@@ -22071,7 +29465,7 @@ CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to loa
CVE-2021-34826
RESERVED
CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...)
- - quassel <unfixed> (bug #990567)
+ - quassel 1:0.14.0-1 (bug #990567)
[bullseye] - quassel <no-dsa> (Minor issue)
[buster] - quassel <no-dsa> (Minor issue)
[stretch] - quassel <no-dsa> (Minor issue)
@@ -22102,7 +29496,7 @@ CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security C
NOT-FOR-US: Proofpoint
CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
[experimental] - olm 3.2.3~dfsg-1
- - olm <unfixed> (bug #989997)
+ - olm 3.2.3~dfsg-3 (bug #989997)
[bullseye] - olm <no-dsa> (Minor issue)
[buster] - olm <no-dsa> (Minor issue)
NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b
@@ -22122,8 +29516,8 @@ CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in
NOT-FOR-US: Zimbra
CVE-2021-34806
RESERVED
-CVE-2021-34805
- RESERVED
+CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...)
+ NOT-FOR-US: FAUST iServer
CVE-2021-34804
RESERVED
CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
@@ -22132,8 +29526,8 @@ CVE-2021-34802 (A failure in resetting the security context in some transaction
NOT-FOR-US: Neo4j
CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...)
NOT-FOR-US: Valine
-CVE-2021-34800
- RESERVED
+CVE-2021-34800 (Sensitive information could be logged. The following products are affe ...)
+ NOT-FOR-US: Acronis
CVE-2021-34799
RESERVED
CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...)
@@ -22143,8 +29537,8 @@ CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL po
NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1)
CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
NOT-FOR-US: Secure 8 (Evalos)
-CVE-2021-34797
- RESERVED
+CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...)
+ NOT-FOR-US: Apache Geode
CVE-2021-34796
RESERVED
CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...)
@@ -22329,8 +29723,8 @@ CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...)
NOT-FOR-US: Cisco
-CVE-2021-34704
- RESERVED
+CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...)
NOT-FOR-US: Cisco
CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -22594,10 +29988,10 @@ CVE-2021-34602
RESERVED
CVE-2021-34601
RESERVED
-CVE-2021-34600
- RESERVED
-CVE-2021-34599
- RESERVED
+CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
+ NOT-FOR-US: Telenot CompasX
+CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
+ NOT-FOR-US: CODESYS
CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
NOT-FOR-US: Phoenix
CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...)
@@ -22678,8 +30072,12 @@ CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.9 a form contain
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 a vulnerability may ...)
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
-CVE-2021-3596
+CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c]
RESERVED
+ - imagemagick 8:6.9.11.57+dfsg-1
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b
CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...)
{DLA-2753-1}
- libslirp 4.6.1-1 (bug #989996)
@@ -22776,10 +30174,10 @@ CVE-2021-34546 (An unauthenticated attacker with physical access to a computer w
NOT-FOR-US: NetSetMan Pro
CVE-2021-34545
RESERVED
-CVE-2021-34544
- RESERVED
-CVE-2021-34543
- RESERVED
+CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...)
+ NOT-FOR-US: Solar-Log
+CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...)
+ NOT-FOR-US: Solar-Log
CVE-2021-34542
RESERVED
CVE-2021-34541
@@ -23019,6 +30417,7 @@ CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...)
- mosquitto 2.0.11-1
+ [bullseye] - mosquitto <no-dsa> (Minor issue)
[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
NOTE: https://mosquitto.org/blog/2021/06/version-2-0-11-released/
@@ -23042,10 +30441,10 @@ CVE-2021-34428 (For Eclipse Jetty versions &lt;= 9.4.40, &lt;= 10.0.2, &lt;= 11.
NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x)
CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...)
NOT-FOR-US: Eclipse BIRT
-CVE-2021-34426
- RESERVED
-CVE-2021-34425
- RESERVED
+CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for Windows befor ...)
+ NOT-FOR-US: Keybase Client for Windows
+CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, L ...)
+ NOT-FOR-US: Zoom
CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...)
NOT-FOR-US: Zoom
CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...)
@@ -23076,24 +30475,24 @@ CVE-2021-34411 (During the installation process forZoom Rooms for Conference Roo
NOT-FOR-US: Zoom
CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...)
NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
-CVE-2021-34409 (User-writable pre and post-install scripts unpacked during the Zoom Cl ...)
+CVE-2021-34409 (It was discovered that the installation packages of the Zoom Client fo ...)
NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...)
NOT-FOR-US: Zoom Client for Meetings for Windows
CVE-2021-34407
REJECTED
-CVE-2021-34406
- RESERVED
-CVE-2021-34405
- RESERVED
-CVE-2021-34404
- RESERVED
-CVE-2021-34403
- RESERVED
-CVE-2021-34402
- RESERVED
-CVE-2021-34401
- RESERVED
+CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone&#8217; ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...)
+ NOT-FOR-US: NVIDIA
CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
NOT-FOR-US: NVIDIA
CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
@@ -23241,17 +30640,25 @@ CVE-2021-34338
RESERVED
- ming <removed>
NOTE: https://github.com/libming/libming/issues/201
-CVE-2021-34337
+CVE-2021-34337 [password checking timing attack in administrative REST API]
RESERVED
+ - mailman3 <unfixed> (bug #1004934)
+ [bullseye] - mailman3 <no-dsa> (Minor issue)
+ [buster] - mailman3 <no-dsa> (Minor issue; will be fixed via point release)
+ NOTE: Fixed by: https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 (3.3.5b1)
CVE-2021-34336
RESERVED
CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #992707)
+ - exiv2 0.27.5-1 (bug #992707)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
NOTE: https://github.com/Exiv2/exiv2/pull/1750
CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #992706)
+ - exiv2 0.27.5-1 (bug #992706)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
NOTE: https://github.com/Exiv2/exiv2/pull/1766
@@ -23348,14 +30755,13 @@ CVE-2021-3585
RESERVED
- tripleo-heat-templates <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247
-CVE-2021-3584
- RESERVED
+CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...)
- foreman <itp> (bug #663101)
CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...)
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
- - ansible-base <unfixed>
+ - ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch
CVE-2021-34290
@@ -23468,8 +30874,8 @@ CVE-2021-34237
RESERVED
CVE-2021-34236
RESERVED
-CVE-2021-34235
- RESERVED
+CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...)
+ NOT-FOR-US: Tokheim Profleet DiaLOG
CVE-2021-34234
RESERVED
CVE-2021-34233
@@ -23572,9 +30978,8 @@ CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by
NOT-FOR-US: Miniaudio
CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...)
NOT-FOR-US: Miniaudio
-CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in s ...)
- - imagemagick <unfixed> (unimportant)
- NOTE: https://github.com/ImageMagick/ImageMagick/issues/3767
+CVE-2021-34183
+ REJECTED
CVE-2021-34182
RESERVED
CVE-2021-34181
@@ -23657,8 +31062,11 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C
NOT-FOR-US: Zhuhai Jieli
CVE-2021-34142
RESERVED
-CVE-2021-34141
- RESERVED
+CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/18993
+ NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0)
CVE-2021-34140
RESERVED
CVE-2021-34139
@@ -23765,10 +31173,10 @@ CVE-2021-34089
RESERVED
CVE-2021-34088
RESERVED
-CVE-2021-34087
- RESERVED
-CVE-2021-34086
- RESERVED
+CVE-2021-34087 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...)
+ NOT-FOR-US: Ultimaker
+CVE-2021-34086 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...)
+ NOT-FOR-US: Ultimaker
CVE-2021-34085
RESERVED
CVE-2021-34084
@@ -23793,8 +31201,8 @@ CVE-2021-34075 (In Artica Pandora FMS &lt;=754 in the File Manager component, th
NOT-FOR-US: Artica Pandora FMS
CVE-2021-34074 (PandoraFMS &lt;=7.54 allows arbitrary file upload, it leading to remot ...)
NOT-FOR-US: PandoraFMS
-CVE-2021-34073
- RESERVED
+CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...)
+ NOT-FOR-US: Sourcecodester
CVE-2021-34072
RESERVED
CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
@@ -24007,16 +31415,19 @@ CVE-2021-33968
RESERVED
CVE-2021-33967
RESERVED
-CVE-2021-33966
- RESERVED
-CVE-2021-33965
- RESERVED
-CVE-2021-33964
- RESERVED
-CVE-2021-33963
- RESERVED
-CVE-2021-33962
- RESERVED
+CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...)
+ - spotweb <removed>
+ [buster] - spotweb <no-dsa> (Minor issue)
+ [stretch] - spotweb <postponed> (Minor issue; possible reflected XSS with unconclusive PoC "proof")
+ NOTE: https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html
+CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface
+CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-33961
RESERVED
CVE-2021-33960
@@ -24049,8 +31460,8 @@ CVE-2021-33947
RESERVED
CVE-2021-33946
RESERVED
-CVE-2021-33945
- RESERVED
+CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...)
+ NOT-FOR-US: RICOH
CVE-2021-33944
RESERVED
CVE-2021-33943
@@ -24129,10 +31540,22 @@ CVE-2021-33915
RESERVED
CVE-2021-33914
RESERVED
-CVE-2021-33913
- RESERVED
-CVE-2021-33912
- RESERVED
+CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...)
+ {DLA-2890-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ [buster] - libspf2 1.2.10-7.1~deb10u1
+ NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+ NOTE: https://github.com/shevek/libspf2/pull/35
+ NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
+CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ...)
+ {DLA-2890-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ [buster] - libspf2 1.2.10-7.1~deb10u1
+ NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+ NOTE: https://github.com/shevek/libspf2/pull/35
+ NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d
CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...)
NOT-FOR-US: Zoho
CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 ...)
@@ -24320,9 +31743,9 @@ CVE-2021-33835
CVE-2021-33834
RESERVED
CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
+ {DLA-2915-1}
- connman 1.36-2.2 (bug #989662)
[buster] - connman 1.36-2.1~deb10u2
- [stretch] - connman <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
CVE-2021-33832
@@ -24337,10 +31760,10 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc
[buster] - ckeditor <no-dsa> (Minor issue)
NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
-CVE-2021-33828
- RESERVED
-CVE-2021-33827
- RESERVED
+CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...)
+ - owncloud <removed>
+CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...)
+ - owncloud <removed>
CVE-2021-33826
RESERVED
CVE-2021-33825
@@ -24398,8 +31821,7 @@ CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in ges
NOT-FOR-US: Cartadis Gespage
CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
NOT-FOR-US: Bitdefender
-CVE-2021-3578 [possible remote code execution in isync/mbsync]
- RESERVED
+CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
- isync 1.3.0-2.2 (bug #989564)
[buster] - isync 1.3.0-2.2~deb10u1
[stretch] - isync <no-dsa> (Minor issue)
@@ -24816,20 +32238,25 @@ CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when build
NOT-FOR-US: isula-build
CVE-2021-33628
RESERVED
-CVE-2021-33627
- RESERVED
-CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not cor ...)
+CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...)
NOT-FOR-US: Insyde
-CVE-2021-33625
- RESERVED
CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
{DLA-2785-1}
- linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
- NOT-FOR-US: Node.js trim-newlines package
+ - node-trim-newlines 3.0.0+~3.0.0-1
+ [bullseye] - node-trim-newlines <no-dsa> (Minor issue)
+ [buster] - node-trim-newlines <no-dsa> (Minor issue)
+ [stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v
CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
- singularity-container <unfixed> (bug #990201)
NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
CVE-2021-33621
@@ -24973,6 +32400,7 @@ CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secu
CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...)
{DLA-2676-1}
- python-django 2:2.2.24-1 (bug #989394)
+ [buster] - python-django <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main)
NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24)
@@ -25157,10 +32585,10 @@ CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Cod
NOT-FOR-US: Overwolf
CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
- putty <not-affected> (Windows-specific)
-CVE-2021-33499
- RESERVED
-CVE-2021-33498
- RESERVED
+CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2021-3563
RESERVED
- keystone <unfixed> (bug #989998)
@@ -25213,8 +32641,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed
NOTE: https://sourceforge.net/p/mcj/tickets/116/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
NOTE: Depends on CVE-2019-19797 fix
-CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()]
- RESERVED
+CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...)
- policykit-1 0.105-31 (bug #989429)
[buster] - policykit-1 <not-affected> (Vulnerable code introduced later)
[stretch] - policykit-1 <not-affected> (Vulnerable code introduced later)
@@ -25317,8 +32744,12 @@ CVE-2021-33432
RESERVED
CVE-2021-33431
RESERVED
-CVE-2021-33430
- RESERVED
+CVE-2021-33430 (** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x i ...)
+ - numpy 1:1.21.4-2
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/18939
+ NOTE: https://github.com/numpy/numpy/pull/18989
+ NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0)
CVE-2021-33429
RESERVED
CVE-2021-33428
@@ -25676,26 +33107,26 @@ CVE-2021-33276
RESERVED
CVE-2021-33275
RESERVED
-CVE-2021-33274
- RESERVED
+CVE-2021-33274 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
CVE-2021-33273
RESERVED
CVE-2021-33272
RESERVED
-CVE-2021-33271
- RESERVED
-CVE-2021-33270
- RESERVED
-CVE-2021-33269
- RESERVED
-CVE-2021-33268
- RESERVED
-CVE-2021-33267
- RESERVED
-CVE-2021-33266
- RESERVED
-CVE-2021-33265
- RESERVED
+CVE-2021-33271 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33270 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33269 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33268 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33267 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33266 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33265 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
CVE-2021-33264
RESERVED
CVE-2021-33263
@@ -25823,8 +33254,7 @@ CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices A
CVE-2021-3558
RESERVED
- moodle <removed>
-CVE-2021-3557
- RESERVED
+CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...)
NOT-FOR-US: Argo CD
CVE-2021-3556
REJECTED
@@ -25836,6 +33266,7 @@ CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.
CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...)
{DLA-2676-1}
- python-django 2:2.2.24-1 (bug #989394)
+ [buster] - python-django <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main)
NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24)
@@ -25875,14 +33306,13 @@ CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configuratio
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)
CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.16 1.16.5-1 (bug #989492)
- golang-1.15 1.15.9-4
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- [stretch] - golang-1.8 <postponed> (Minor issue, OOM, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <postponed> (Minor issue, OOM, requires rebuilding reverse-dependencies)
NOTE: https://github.com/golang/go/issues/46242
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
@@ -25891,6 +33321,7 @@ CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a
CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point release)
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -25970,8 +33401,11 @@ CVE-2021-33180 (Improper neutralization of special elements used in an SQL comma
NOT-FOR-US: Synology
CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
NOT-FOR-US: Nagios XI
-CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
- - nagvis <undetermined>
+CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...)
+ - nagvis 1:1.9.29-1
+ [bullseye] - nagvis <no-dsa> (Minor issue)
+ [buster] - nagvis <no-dsa> (Minor issue)
+ [stretch] - nagvis <no-dsa> (Minor issue)
TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
NOT-FOR-US: Nagios XI
@@ -25995,8 +33429,8 @@ CVE-2021-33168
RESERVED
CVE-2021-33167
RESERVED
-CVE-2021-33166
- RESERVED
+CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...)
+ NOT-FOR-US: Intel
CVE-2021-33165
RESERVED
CVE-2021-33164
@@ -26017,8 +33451,10 @@ CVE-2021-33157
RESERVED
CVE-2021-33156
RESERVED
-CVE-2021-33155
- RESERVED
+CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...)
+ - firmware-nonfree <undetermined>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html
+ TODO: check in which firmware versions fixed
CVE-2021-33154
RESERVED
CVE-2021-33153
@@ -26033,8 +33469,8 @@ CVE-2021-33149
RESERVED
CVE-2021-33148
RESERVED
-CVE-2021-33147
- RESERVED
+CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
+ NOT-FOR-US: Intel
CVE-2021-33146
RESERVED
CVE-2021-33145
@@ -26049,12 +33485,14 @@ CVE-2021-33141
RESERVED
CVE-2021-33140
RESERVED
-CVE-2021-33139
- RESERVED
+CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...)
+ - firmware-nonfree <undetermined>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html
+ TODO: check in which firmware versions fixed
CVE-2021-33138
RESERVED
-CVE-2021-33137
- RESERVED
+CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...)
+ NOT-FOR-US: Intel
CVE-2021-33136
RESERVED
CVE-2021-33135
@@ -26069,8 +33507,8 @@ CVE-2021-33131
RESERVED
CVE-2021-33130
RESERVED
-CVE-2021-33129
- RESERVED
+CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...)
+ NOT-FOR-US: Intel
CVE-2021-33128
RESERVED
CVE-2021-33127
@@ -26087,38 +33525,40 @@ CVE-2021-33122
RESERVED
CVE-2021-33121
RESERVED
-CVE-2021-33120
- RESERVED
-CVE-2021-33119
- RESERVED
+CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html
+CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...)
+ NOT-FOR-US: Intel
CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...)
NOT-FOR-US: Intel
CVE-2021-33117
RESERVED
CVE-2021-33116
RESERVED
-CVE-2021-33115
- RESERVED
-CVE-2021-33114
- RESERVED
-CVE-2021-33113
- RESERVED
+CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...)
+ NOT-FOR-US: Intel
+CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ NOT-FOR-US: Intel
+CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ NOT-FOR-US: Intel
CVE-2021-33112
RESERVED
CVE-2021-33111
RESERVED
-CVE-2021-33110
- RESERVED
+CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
+ NOT-FOR-US: Intel
CVE-2021-33109
RESERVED
CVE-2021-33108
RESERVED
-CVE-2021-33107
- RESERVED
+CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...)
+ NOT-FOR-US: Intel
CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...)
NOT-FOR-US: Intel
-CVE-2021-33105
- RESERVED
+CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...)
NOT-FOR-US: Intel
CVE-2021-33104
RESERVED
@@ -26126,19 +33566,21 @@ CVE-2021-33103
RESERVED
CVE-2021-33102
RESERVED
-CVE-2021-33101
- RESERVED
+CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...)
+ NOT-FOR-US: Intel
CVE-2021-33100
RESERVED
CVE-2021-33099
RESERVED
CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...)
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/63e39d29b3da02e901349f6cd71159818a4737a6 (5.13-rc4)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html
- TODO: check, might affect src:linux
CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...)
NOT-FOR-US: Intel
-CVE-2021-33096
- RESERVED
+CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...)
+ NOT-FOR-US: Intel
CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...)
NOT-FOR-US: Intel
CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
@@ -26193,8 +33635,8 @@ CVE-2021-33070
RESERVED
CVE-2021-33069
RESERVED
-CVE-2021-33068
- RESERVED
+CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...)
+ NOT-FOR-US: Intel
CVE-2021-33067
RESERVED
CVE-2021-33066
@@ -26207,8 +33649,9 @@ CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Seri
NOT-FOR-US: Intel
CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...)
NOT-FOR-US: Intel
-CVE-2021-33061
- RESERVED
+CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html
+ TODO: check, might affect the src:linux ixgbe driver
CVE-2021-33060
RESERVED
CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...)
@@ -26222,7 +33665,7 @@ CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and othe
CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
- {DLA-2707-1}
+ {DSA-5029-1 DLA-2707-1}
- sogo 5.1.1-1 (bug #989479)
NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -26245,8 +33688,8 @@ CVE-2021-33048
RESERVED
CVE-2021-33047
RESERVED
-CVE-2021-33046
- RESERVED
+CVE-2021-33046 (Some Dahua products have access control vulnerability in the password ...)
+ NOT-FOR-US: Dahua
CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...)
NOT-FOR-US: Dahua
CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...)
@@ -26263,8 +33706,8 @@ CVE-2021-33042
RESERVED
CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
NOT-FOR-US: vmd
-CVE-2021-33040
- RESERVED
+CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...)
+ NOT-FOR-US: FuturePress EPub.js
CVE-2021-33039
RESERVED
CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
@@ -26331,8 +33774,8 @@ CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics
NOT-FOR-US: Delta Electronics
CVE-2021-33018
RESERVED
-CVE-2021-33017
- RESERVED
+CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...)
+ NOT-FOR-US: Philips
CVE-2021-33016
RESERVED
CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
@@ -26369,18 +33812,18 @@ CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-base
NOT-FOR-US: WebAccess HMI Designer
CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...)
NOT-FOR-US: Suitelink
-CVE-2021-32998
- RESERVED
+CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...)
+ NOT-FOR-US: FANUC
CVE-2021-32997
RESERVED
-CVE-2021-32996
- RESERVED
+CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...)
+ NOT-FOR-US: FANUC
CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
NOT-FOR-US: Cscape
CVE-2021-32994
RESERVED
-CVE-2021-32993
- RESERVED
+CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...)
+ NOT-FOR-US: Philips
CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...)
NOT-FOR-US: FATEK Automation WinProladder
CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...)
@@ -26515,8 +33958,7 @@ CVE-2021-32927
RESERVED
CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
NOT-FOR-US: Rockwell Automation
-CVE-2021-3551
- RESERVED
+CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...)
- dogtag-pki 10.10.6-1 (bug #991665)
[bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971
@@ -26710,8 +34152,8 @@ CVE-2021-32851
RESERVED
CVE-2021-32850
RESERVED
-CVE-2021-32849
- RESERVED
+CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
+ NOT-FOR-US: Gerapy
CVE-2021-32848
RESERVED
CVE-2021-32847
@@ -26724,14 +34166,25 @@ CVE-2021-32844
RESERVED
CVE-2021-32843
RESERVED
-CVE-2021-32842
- RESERVED
-CVE-2021-32841
- RESERVED
-CVE-2021-32840
- RESERVED
+CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: CVE refers to the commit for the test case:
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...)
- - sqlparse <unfixed> (bug #994841)
+ - sqlparse 0.4.2-1 (bug #994841)
[bullseye] - sqlparse <no-dsa> (Minor issue)
[buster] - sqlparse <not-affected> (Vulnerable code introduced later)
[stretch] - sqlparse <not-affected> (Vulnerable code introduced later)
@@ -26791,7 +34244,9 @@ CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hb
CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #992705)
+ - exiv2 0.27.5-1 (bug #992705)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
NOTE: https://github.com/Exiv2/exiv2/pull/1739
@@ -26836,7 +34291,9 @@ CVE-2021-32807 (The module `AccessControl` defines security policies for Python
CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...)
NOT-FOR-US: Plone
CVE-2021-32805 (Flask-AppBuilder is an application development framework, built on top ...)
- NOT-FOR-US: Flask-AppBuilder
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74 (v3.3.2)
CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...)
- node-tar 6.1.7+~cs11.3.10-1 (bug #992111)
[bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
@@ -27035,6 +34492,8 @@ CVE-2021-32743 (Icinga is a monitoring system which checks the availability of n
{DLA-2816-1}
[experimental] - icinga2 2.12.5-1~exp1
- icinga2 2.12.5-1 (bug #991494)
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
NOTE: https://github.com/Icinga/icinga2/commit/843353ab69f79b3abfeb38ac249b05e1944369ab (v2.12.5)
@@ -27051,6 +34510,8 @@ CVE-2021-32739 (Icinga is a monitoring system which checks the availability of n
{DLA-2816-1}
[experimental] - icinga2 2.12.5-1~exp1
- icinga2 2.12.5-1 (bug #991494)
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
NOTE: https://github.com/Icinga/icinga2/commit/b5b83fa51564662ff2e78d7529ff77e1085d4522 (v2.12.5)
@@ -27066,8 +34527,8 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storag
- nextcloud-server <itp> (bug #941708)
CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...)
NOT-FOR-US: Nextcloud Text
-CVE-2021-32732
- RESERVED
+CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...)
+ NOT-FOR-US: XWiki
CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -27096,19 +34557,24 @@ CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In Pow
CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...)
NOT-FOR-US: Sylius
CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
- - rabbitmq-server <unfixed> (bug #990524)
+ - rabbitmq-server 3.9.4-1 (bug #990524)
[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
[stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f01f0f2d840b98128cdb7ff966d8234b06ef7c75 (master)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/51df93b45fb05f935456f09b88e7554e0b36317f (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 (v3.8.18)
CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
- - rabbitmq-server <unfixed> (bug #990524)
+ - rabbitmq-server 3.9.4-1 (bug #990524)
[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
[stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a8dffdf7de9793a76fc4685c89b968d8eddca4ca (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 (v3.8.17-rc.1)
CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
NOT-FOR-US: Shopware
CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
@@ -27187,11 +34653,11 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
[stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch)
+ - ring <unfixed>
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
NOTE: https://github.com/pjsip/pjproject/pull/2716
- TODO: check, might affect in impact src:ring
CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
NOT-FOR-US: tEnvoy
CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)
@@ -27269,10 +34735,10 @@ CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missi
- nextcloud-server <itp> (bug #941708)
CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...)
NOT-FOR-US: OneDev
-CVE-2021-32650
- RESERVED
-CVE-2021-32649
- RESERVED
+CVE-2021-32650 (October CMS is a self-hosted content management system (CMS) platform ...)
+ NOT-FOR-US: October CMS
+CVE-2021-32649 (October CMS is a self-hosted content management system (CMS) platform ...)
+ NOT-FOR-US: October CMS
CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
NOT-FOR-US: October CMS
CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
@@ -27358,7 +34824,7 @@ CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and
CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
NOT-FOR-US: Flask-Security-Too
CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #988731)
+ - exiv2 0.27.5-1 (bug #988731)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -27378,7 +34844,7 @@ CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() doe
NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
NOTE: Crash in CLI tool, no security impact
CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...)
- - radare2 <unfixed> (bug #989067)
+ - radare2 5.5.0+dfsg-1 (bug #989067)
NOTE: https://github.com/radareorg/radare2/issues/18679
NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc
CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...)
@@ -27432,10 +34898,10 @@ CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface o
NOT-FOR-US: FortiPortal
CVE-2021-32593
RESERVED
-CVE-2021-32592
- RESERVED
-CVE-2021-32591
- RESERVED
+CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that encry ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
NOT-FOR-US: FortiPortal
CVE-2021-32589
@@ -27472,7 +34938,7 @@ CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net
CVE-2021-3545 (An information disclosure vulnerability was found in the virtio vhost- ...)
{DSA-4980-1}
- qemu 1:6.1+dfsg-1 (bug #989042)
- [buster] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
[stretch] - qemu <not-affected> (The vulnerable code was introduced later)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html
@@ -27480,7 +34946,7 @@ CVE-2021-3545 (An information disclosure vulnerability was found in the virtio v
CVE-2021-3544 (Several memory leaks were found in the virtio vhost-user GPU device (v ...)
{DSA-4980-1}
- qemu 1:6.1+dfsg-1 (bug #989042)
- [buster] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
[stretch] - qemu <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958935
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
@@ -27584,8 +35050,8 @@ CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would
NOT-FOR-US: Apport
CVE-2021-32546
RESERVED
-CVE-2021-32545
- RESERVED
+CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...)
NOT-FOR-US: igt+
CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...)
@@ -27676,12 +35142,12 @@ CVE-2021-32501
RESERVED
CVE-2021-32500
RESERVED
-CVE-2021-32499
- RESERVED
-CVE-2021-32498
- RESERVED
-CVE-2021-32497
- RESERVED
+CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...)
+ NOT-FOR-US: SICK SOPAS ET
CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
NOT-FOR-US: SICK Visionary-S CX
CVE-2021-32495
@@ -27719,7 +35185,7 @@ CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x befor
CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...)
{DSA-4980-1}
- qemu 1:6.1+dfsg-1 (bug #989042)
- [buster] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
[stretch] - qemu <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
@@ -27728,22 +35194,22 @@ CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhos
CVE-2021-3542
REJECTED
CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12)
CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10)
CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9)
CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8)
@@ -27775,12 +35241,12 @@ CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implemen
NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine
CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...)
NOT-FOR-US: Craft CMS
-CVE-2021-32469
- RESERVED
-CVE-2021-32468
- RESERVED
-CVE-2021-32467
- RESERVED
+CVE-2021-32469 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32468 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32467 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
CVE-2021-32466 (An uncontrolled search path element privilege escalation vulnerability ...)
NOT-FOR-US: Trend Micro
CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...)
@@ -28706,11 +36172,10 @@ CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab
CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
NOT-FOR-US: Mitel
CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- {DLA-2780-1}
+ {DSA-5066-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
- [buster] - ruby2.3 <no-dsa> (Minor issue)
- jruby <unfixed>
[buster] - jruby <no-dsa> (Minor issue)
[stretch] - jruby <no-dsa> (Minor issue)
@@ -28747,7 +36212,7 @@ CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while
CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting ...)
NOT-FOR-US: Rapid7
CVE-2021-32061 (S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket ...)
- TODO: check
+ NOT-FOR-US: S3Scanner
CVE-2021-32060
RESERVED
CVE-2021-32059
@@ -28794,14 +36259,18 @@ CVE-2021-32041
RESERVED
CVE-2021-32040
RESERVED
-CVE-2021-32039
- RESERVED
+CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...)
+ NOT-FOR-US: MongoDB VSCode Extension
CVE-2021-32038
RESERVED
CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...)
- TODO: check
-CVE-2021-32036
- RESERVED
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-59071
+CVE-2021-32036 (An authenticated user without any specific authorizations may be able ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-59294
CVE-2021-32035
RESERVED
CVE-2021-32034
@@ -28846,19 +36315,19 @@ CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 1
NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3)
CVE-2021-3534
- RESERVED
+ REJECTED
CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR ...)
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
- - ansible-base <unfixed>
+ - ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477
CVE-2021-32026
RESERVED
CVE-2021-32025
RESERVED
-CVE-2021-32024
- RESERVED
+CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...)
+ NOT-FOR-US: BlackBerry
CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...)
NOT-FOR-US: BlackBerry
CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...)
@@ -28887,7 +36356,7 @@ CVE-2021-3532 (A flaw was found in Ansible where the secret information present
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
- - ansible-base <unfixed>
+ - ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464
CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...)
- ceph 14.2.21-1 (bug #988890)
@@ -29061,8 +36530,8 @@ CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact
NOT-FOR-US: OX App Suite
CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...)
NOT-FOR-US: Chamilo
-CVE-2021-31932
- RESERVED
+CVE-2021-31932 (Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentic ...)
+ NOT-FOR-US: Nokia
CVE-2021-31931
RESERVED
CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
@@ -29098,6 +36567,8 @@ CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU
NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
CVE-2021-3526
REJECTED
CVE-2021-3525
@@ -29304,16 +36775,16 @@ CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted mes
[stretch] - kdepim4 <no-dsa> (Minor issue)
NOTE: https://kde.org/info/security/advisory-20210429-1.txt
NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
-CVE-2021-31854
- RESERVED
+CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...)
+ NOT-FOR-US: McAfee
CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
NOT-FOR-US: McAfee
CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
NOT-FOR-US: McAfee
CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
NOT-FOR-US: McAfee
-CVE-2021-31850
- RESERVED
+CVE-2021-31850 (A denial-of-service vulnerability in Database Security (DBS) prior to ...)
+ NOT-FOR-US: McAfee
CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...)
NOT-FOR-US: McAfee
CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...)
@@ -29346,8 +36817,8 @@ CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrato
NOT-FOR-US: McAfee
CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
NOT-FOR-US: McAfee
-CVE-2021-31833
- RESERVED
+CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...)
+ NOT-FOR-US: McAfee
CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
NOT-FOR-US: McAfee
CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
@@ -29399,8 +36870,8 @@ CVE-2021-31823
RESERVED
CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...)
NOT-FOR-US: Octopus Tentacle
-CVE-2021-31821
- RESERVED
+CVE-2021-31821 (When the Windows Tentacle docker image starts up it logs all the comma ...)
+ NOT-FOR-US: Octopus Tentacle
CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...)
NOT-FOR-US: Octopus Server
CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...)
@@ -29415,8 +36886,8 @@ CVE-2021-3513
NOT-FOR-US: Keycloak
CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...)
NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
-CVE-2021-31814
- RESERVED
+CVE-2021-31814 (In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a ...)
+ NOT-FOR-US: Stormshield
CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...)
NOT-FOR-US: Zoho
CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...)
@@ -29440,10 +36911,9 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou
NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- {DLA-2780-1}
+ {DSA-5066-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- [buster] - ruby2.5 <no-dsa> (Minor issue)
- ruby2.3 <removed>
- jruby <unfixed>
[buster] - jruby <no-dsa> (Minor issue)
@@ -29498,10 +36968,9 @@ CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in
[stretch] - impacket <no-dsa> (Minor issue)
NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...)
- {DLA-2780-1}
+ {DSA-5066-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- [buster] - ruby2.5 <no-dsa> (Minor issue)
- ruby2.3 <removed>
NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11)
NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1)
@@ -29530,8 +36999,8 @@ CVE-2021-31789
RESERVED
CVE-2021-31788
RESERVED
-CVE-2021-31787
- RESERVED
+CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...)
+ NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets
CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...)
NOT-FOR-US: Actions ATS
CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...)
@@ -29562,8 +37031,8 @@ CVE-2021-31773
RESERVED
CVE-2021-31772
RESERVED
-CVE-2021-31771 (Splinterware System Scheduler Professional version 5.30 is subject to ...)
- NOT-FOR-US: Splinterware
+CVE-2021-31771
+ REJECTED
CVE-2021-31770
RESERVED
CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...)
@@ -29610,12 +37079,12 @@ CVE-2021-31749
RESERVED
CVE-2021-31748
RESERVED
-CVE-2021-31747
- RESERVED
-CVE-2021-31746
- RESERVED
-CVE-2021-31745
- RESERVED
+CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 ...)
+ NOT-FOR-US: Pluck CMS
CVE-2021-31744
RESERVED
CVE-2021-31743
@@ -29843,10 +37312,10 @@ CVE-2021-31634
RESERVED
CVE-2021-31633
RESERVED
-CVE-2021-31632
- RESERVED
-CVE-2021-31631
- RESERVED
+CVE-2021-31632 (b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulne ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2021-31631 (b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request ...)
+ NOT-FOR-US: b2evolution CMS
CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...)
NOT-FOR-US: Open PLC webserver
CVE-2021-31629
@@ -29878,8 +37347,8 @@ CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol chec
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
-CVE-2021-31617
- RESERVED
+CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
@@ -29903,6 +37372,8 @@ CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vul
- salt 3002.6+dfsg1-2 (bug #987496)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
+ NOTE: Introduced by: https://gitlab.com/saltstack/open/salt/-/commit/1343078d03613e33eec9e5ec5095d2e0b0aa2e59 (v2016.9)
+ NOTE: Combined fix and regression fix: https://salsa.debian.org/salt-team/salt/-/commit/71f7f30851f9609bfda5a1b0f5b115d2743372cd
CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...)
NOT-FOR-US: openvpn-monitor
CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...)
@@ -29956,8 +37427,8 @@ CVE-2021-31591
RESERVED
CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...)
NOT-FOR-US: PwnDoc
-CVE-2021-31589
- RESERVED
+CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported and confi ...)
+ NOT-FOR-US: BeyondTrust
CVE-2021-31588
RESERVED
CVE-2021-31587
@@ -30037,6 +37508,7 @@ CVE-2021-31543
CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
{DLA-2651-1}
- python-django 2:2.2.21-1 (bug #988053)
+ [buster] - python-django <no-dsa> (Minor issue)
NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21)
@@ -30132,8 +37604,8 @@ CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer func
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e
CVE-2021-31524
RESERVED
-CVE-2021-31522
- RESERVED
+CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...)
@@ -30167,6 +37639,7 @@ CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of Q
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
+ NOTE: No upstream patch as of 2022-01-28
CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...)
{DLA-2690-1}
- linux 5.10.38-1
@@ -30449,9 +37922,8 @@ CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present
NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c
NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2 (bug #988215)
- [buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently)
@@ -30926,10 +38398,10 @@ CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, in
CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...)
NOT-FOR-US: Siren Investigate
CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
+ {DLA-2886-1}
- slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
- slurm-llnl <removed>
[buster] - slurm-llnl <no-dsa> (Minor issue)
- [stretch] - slurm-llnl <not-affected> (env is already SPANKed)
NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7)
NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing)
NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2
@@ -31381,154 +38853,182 @@ CVE-2021-30998
REJECTED
CVE-2021-30997
REJECTED
-CVE-2021-30996
- REJECTED
-CVE-2021-30995
- REJECTED
+CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
CVE-2021-30994
REJECTED
-CVE-2021-30993
- REJECTED
-CVE-2021-30992
- REJECTED
-CVE-2021-30991
- REJECTED
-CVE-2021-30990
- REJECTED
+CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30990 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2021-30989
REJECTED
-CVE-2021-30988
- REJECTED
-CVE-2021-30987
- REJECTED
-CVE-2021-30986
- REJECTED
-CVE-2021-30985
- REJECTED
-CVE-2021-30984
- REJECTED
-CVE-2021-30983
- REJECTED
-CVE-2021-30982
- REJECTED
-CVE-2021-30981
- REJECTED
-CVE-2021-30980
- REJECTED
-CVE-2021-30979
- REJECTED
+CVE-2021-30988 (Description: A permissions issue was addressed with improved validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30987 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30986 (A device configuration issue was addressed with an updated configurati ...)
+ NOT-FOR-US: Apple
+CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30981 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30980 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30979 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
CVE-2021-30978
REJECTED
-CVE-2021-30977
- REJECTED
-CVE-2021-30976
- REJECTED
-CVE-2021-30975
- REJECTED
+CVE-2021-30977 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30976 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30975 (This issue was addressed by disabling execution of JavaScript when vie ...)
+ NOT-FOR-US: Apple
CVE-2021-30974
REJECTED
-CVE-2021-30973
- REJECTED
+CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
CVE-2021-30972
REJECTED
-CVE-2021-30971
- REJECTED
-CVE-2021-30970
- REJECTED
-CVE-2021-30969
- REJECTED
-CVE-2021-30968
- REJECTED
-CVE-2021-30967
- REJECTED
-CVE-2021-30966
- REJECTED
-CVE-2021-30965
- REJECTED
-CVE-2021-30964
- REJECTED
-CVE-2021-30963
- REJECTED
+CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30969 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-30968 (A validation issue related to hard link behavior was addressed with im ...)
+ NOT-FOR-US: Apple
+CVE-2021-30967 (Description: A permissions issue was addressed with improved validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30966 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30965 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30964 (An inherited permissions issue was addressed with additional restricti ...)
+ NOT-FOR-US: Apple
+CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
CVE-2021-30962
REJECTED
-CVE-2021-30961
- REJECTED
-CVE-2021-30960
- REJECTED
-CVE-2021-30959
- REJECTED
-CVE-2021-30958
- REJECTED
-CVE-2021-30957
- REJECTED
+CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30959 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30958 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
CVE-2021-30956
REJECTED
-CVE-2021-30955
- REJECTED
-CVE-2021-30954
- REJECTED
-CVE-2021-30953
- REJECTED
-CVE-2021-30952
- REJECTED
-CVE-2021-30951
- REJECTED
-CVE-2021-30950
- REJECTED
-CVE-2021-30949
- REJECTED
-CVE-2021-30948
- REJECTED
-CVE-2021-30947
- REJECTED
-CVE-2021-30946
- REJECTED
-CVE-2021-30945
- REJECTED
+CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30948 (An inconsistent user interface issue was addressed with improved state ...)
+ NOT-FOR-US: Apple
+CVE-2021-30947 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30946 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
CVE-2021-30944
REJECTED
CVE-2021-30943
REJECTED
-CVE-2021-30942
- REJECTED
-CVE-2021-30941
- REJECTED
-CVE-2021-30940
- REJECTED
-CVE-2021-30939
- REJECTED
-CVE-2021-30938
- REJECTED
-CVE-2021-30937
- REJECTED
-CVE-2021-30936
- REJECTED
-CVE-2021-30935
- REJECTED
-CVE-2021-30934
- REJECTED
+CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...)
+ NOT-FOR-US: Apple
+CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30933
REJECTED
-CVE-2021-30932
- REJECTED
-CVE-2021-30931
- REJECTED
-CVE-2021-30930
- REJECTED
-CVE-2021-30929
- REJECTED
+CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
CVE-2021-30928
REJECTED
-CVE-2021-30927
- REJECTED
-CVE-2021-30926
- REJECTED
+CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...)
+ NOT-FOR-US: Apple
CVE-2021-30925
REJECTED
-CVE-2021-30924
- REJECTED
-CVE-2021-30923
- REJECTED
+CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2021-30922
REJECTED
CVE-2021-30921
@@ -31565,8 +39065,8 @@ CVE-2021-30906 (This issue was addressed with improved checks. This issue is fix
NOT-FOR-US: Apple
CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2021-30904
- REJECTED
+CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...)
+ NOT-FOR-US: Apple
CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...)
@@ -31579,8 +39079,8 @@ CVE-2021-30899 (A race condition was addressed with improved state handling. Thi
NOT-FOR-US: Apple
CVE-2021-30898
REJECTED
-CVE-2021-30897
- REJECTED
+CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...)
+ NOT-FOR-US: Apple
CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -31594,19 +39094,39 @@ CVE-2021-30892 (An inherited permissions issue was addressed with additional res
CVE-2021-30891
REJECTED
CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...)
- NOT-FOR-US: Apple
+ {DSA-5031-1 DSA-5030-1}
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...)
- NOT-FOR-US: Apple
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...)
- NOT-FOR-US: Apple
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...)
- NOT-FOR-US: Apple
+ {DSA-5031-1 DSA-5030-1}
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2021-30885
REJECTED
CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...)
- NOT-FOR-US: Apple
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...)
@@ -31724,7 +39244,11 @@ CVE-2021-30838 (A memory corruption issue was addressed with improved memory han
CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...)
NOT-FOR-US: Apple
CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...)
- NOT-FOR-US: Apple
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...)
@@ -31750,7 +39274,11 @@ CVE-2021-30825 (This issue was addressed with improved checks. This issue is fix
CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...)
- NOT-FOR-US: Apple
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30822
RESERVED
CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -31760,7 +39288,11 @@ CVE-2021-30820 (A logic issue was addressed with improved state management. This
CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...)
- NOT-FOR-US: Apple
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...)
NOT-FOR-US: Apple
CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...)
@@ -31778,7 +39310,11 @@ CVE-2021-30811 (This issue was addressed with improved checks. This issue is fix
CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...)
NOT-FOR-US: Apple
CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...)
- NOT-FOR-US: Apple
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -31873,8 +39409,8 @@ CVE-2021-30769 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
-CVE-2021-30767
- RESERVED
+CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...)
NOT-FOR-US: Apple
CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -32159,8 +39695,8 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This
NOT-FOR-US: Apple
CVE-2021-30651
RESERVED
-CVE-2021-30650
- RESERVED
+CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
+ NOT-FOR-US: Symantec
CVE-2021-30649
RESERVED
CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...)
@@ -32267,268 +39803,350 @@ CVE-2021-30638 (Information Exposure vulnerability in context asset handling of
NOT-FOR-US: Apache Tapestry
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
NOT-FOR-US: htmly
-CVE-2021-30636
- RESERVED
+CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...)
+ NOT-FOR-US: MediaTek LinkIt SDK
CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-30634
RESERVED
CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30631
REJECTED
CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...)
- chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...)
NOT-FOR-US: ChromeOS Readiness Tool installer on Windows
CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30595
RESERVED
CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30570
RESERVED
CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30558
RESERVED
CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...)
{DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
@@ -32538,39 +40156,51 @@ CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547
CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
- icu 67.1-7
[buster] - icu <not-affected> (Vulnerable code introduced later)
@@ -32582,45 +40212,59 @@ CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowe
NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2dc5bea9061b4fb05cd03e21b775dd944a0eb81d
CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...)
- chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...)
{DSA-4917-1}
@@ -33072,8 +40716,8 @@ CVE-2021-30362
RESERVED
CVE-2021-30361
RESERVED
-CVE-2021-30360
- RESERVED
+CVE-2021-30360 (Users have access to the directory where the installation repair occur ...)
+ NOT-FOR-US: Check Point
CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...)
NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers
CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...)
@@ -33086,18 +40730,18 @@ CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 imp
NOT-FOR-US: Amazon Kindle e-reader
CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...)
NOT-FOR-US: Amazon Kindle e-reader
-CVE-2021-30353
- RESERVED
+CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30352
RESERVED
-CVE-2021-30351
- RESERVED
+CVE-2021-30351 (An out of bound memory access can occur due to improper validation of ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30350
RESERVED
CVE-2021-30349
RESERVED
-CVE-2021-30348
- RESERVED
+CVE-2021-30348 (Improper validation of LLM utility timers availability can lead to den ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30347
RESERVED
CVE-2021-30346
@@ -33118,12 +40762,12 @@ CVE-2021-30339
RESERVED
CVE-2021-30338
RESERVED
-CVE-2021-30337
- RESERVED
-CVE-2021-30336
- RESERVED
-CVE-2021-30335
- RESERVED
+CVE-2021-30337 (Possible use after free when process shell memory is freed using IOCTL ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30336 (Possible out of bound read due to lack of domain input validation whil ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30335 (Possible assertion in QOS request due to improper validation when mult ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30334
RESERVED
CVE-2021-30333
@@ -33132,72 +40776,72 @@ CVE-2021-30332
RESERVED
CVE-2021-30331
RESERVED
-CVE-2021-30330
- RESERVED
+CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30329
RESERVED
CVE-2021-30328
RESERVED
CVE-2021-30327
RESERVED
-CVE-2021-30326
- RESERVED
-CVE-2021-30325
- RESERVED
-CVE-2021-30324
- RESERVED
-CVE-2021-30323
- RESERVED
-CVE-2021-30322
- RESERVED
+CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...)
NOT-FOR-US: Snapdragon
CVE-2021-30320
RESERVED
-CVE-2021-30319
- RESERVED
-CVE-2021-30318
- RESERVED
-CVE-2021-30317
- RESERVED
+CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...)
NOT-FOR-US: Snapdragon
CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
NOT-FOR-US: Snapdragon
-CVE-2021-30314
- RESERVED
-CVE-2021-30313
- RESERVED
+CVE-2021-30314 (Lack of validation for third party application accessing the service c ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30311
- RESERVED
+CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30309
- RESERVED
-CVE-2021-30308
- RESERVED
-CVE-2021-30307
- RESERVED
+CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...)
NOT-FOR-US: Snapdragon
-CVE-2021-30303
- RESERVED
+CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when segme ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30301
- RESERVED
-CVE-2021-30300
- RESERVED
+CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30299
RESERVED
-CVE-2021-30298
- RESERVED
+CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30296
@@ -33206,60 +40850,60 @@ CVE-2021-30295 (Possible heap overflow due to improper validation of local varia
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30293
- RESERVED
+CVE-2021-30293 (Possible assertion due to lack of input validation in PUSCH configurat ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30292 (Possible memory corruption due to lack of validation of client data us ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30291 (Possible memory corruption due to lack of validation of client data us ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...)
NOT-FOR-US: Snapdragon
-CVE-2021-30289
- RESERVED
+CVE-2021-30289 (Possible buffer overflow due to lack of range check while processing a ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30287
- RESERVED
+CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30286
RESERVED
-CVE-2021-30285
- RESERVED
+CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...)
+ NOT-FOR-US: Qualcomm
CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30283
- RESERVED
-CVE-2021-30282
- RESERVED
+CVE-2021-30283 (Possible denial of service due to improper handling of debug register ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30281
RESERVED
CVE-2021-30280
RESERVED
-CVE-2021-30279
- RESERVED
-CVE-2021-30278
- RESERVED
+CVE-2021-30279 (Possible access control violation while setting current permission for ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30278 (Improper input validation in TrustZone memory transfer interface can l ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30277
RESERVED
-CVE-2021-30276
- RESERVED
-CVE-2021-30275
- RESERVED
-CVE-2021-30274
- RESERVED
-CVE-2021-30273
- RESERVED
-CVE-2021-30272
- RESERVED
-CVE-2021-30271
- RESERVED
-CVE-2021-30270
- RESERVED
-CVE-2021-30269
- RESERVED
-CVE-2021-30268
- RESERVED
-CVE-2021-30267
- RESERVED
+CVE-2021-30276 (Improper access control while doing XPU re-configuration dynamically c ...)
+ NOT-FOR-US: Android
+CVE-2021-30275 (Possible integer overflow in page alignment interface due to lack of a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30274 (Possible integer overflow in access control initialization interface d ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30273 (Possible assertion due to improper handling of IPV6 packet with invali ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30272 (Possible null pointer dereference in thread cache operation handler du ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30271 (Possible null pointer dereference in trap handler due to lack of threa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30270 (Possible null pointer dereference in thread profile trap handler due t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30269 (Possible null pointer dereference due to lack of TLB validation for us ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30268 (Possible heap Memory Corruption Issue due to lack of input validation ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30267 (Possible integer overflow to buffer overflow due to improper input val ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...)
@@ -33268,8 +40912,8 @@ CVE-2021-30264 (Possible use after free due improper validation of reference fro
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30263 (Possible race condition can occur due to lack of synchronization mecha ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30262
- RESERVED
+CVE-2021-30262 (Improper validation of a socket state when socket events are being sen ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...)
@@ -33681,7 +41325,7 @@ CVE-2021-30123 (FFmpeg &lt;=4.3 contains a buffer overflow vulnerability in liba
NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
CVE-2021-30122
RESERVED
-CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...)
+CVE-2021-30121 (Authenticated local file inclusion in Kaseya VSA &lt; v9.5.6 ...)
NOT-FOR-US: Kaseya
CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...)
NOT-FOR-US: Kaseya
@@ -34192,19 +41836,18 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a
NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...)
{DSA-4958-1 DLA-2750-1}
- - exiv2 <unfixed> (bug #986888)
+ - exiv2 0.27.5-1 (bug #986888)
[bullseye] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/1522
NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
RESERVED
+ {DLA-2895-1 DLA-2885-1}
- qtsvg-opensource-src 5.15.2-3 (bug #986798)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
- [stretch] - qtsvg-opensource-src <postponed> (Minor issue; can be fixed in next update)
- qt4-x11 <removed>
[buster] - qt4-x11 <no-dsa> (Minor issue)
- [stretch] - qt4-x11 <postponed> (Minor issue; can be fixed in next update)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931444
NOTE: https://bugreports.qt.io/browse/QTBUG-91507
NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f (qt/qtsvg/dev)
@@ -34258,7 +41901,9 @@ CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero charac
- golang-1.15 <unfixed>
- golang-1.11 <removed>
- golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility)
NOTE: https://github.com/golang/go/issues/30999
NOTE: https://github.com/golang/go/issues/43389
NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md
@@ -34376,8 +42021,8 @@ CVE-2021-29874
RESERVED
CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...)
NOT-FOR-US: IBM
-CVE-2021-29872
- RESERVED
+CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...)
+ NOT-FOR-US: IBM
CVE-2021-29871
RESERVED
CVE-2021-29870
@@ -34386,16 +42031,16 @@ CVE-2021-29869
RESERVED
CVE-2021-29868 (IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain s ...)
NOT-FOR-US: IBM
-CVE-2021-29867
- RESERVED
+CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to ...)
+ NOT-FOR-US: IBM
CVE-2021-29866
RESERVED
CVE-2021-29865
RESERVED
CVE-2021-29864
RESERVED
-CVE-2021-29863
- RESERVED
+CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...)
+ NOT-FOR-US: IBM
CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
NOT-FOR-US: IBM
CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
@@ -34422,16 +42067,16 @@ CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to obta
NOT-FOR-US: IBM
CVE-2021-29850
RESERVED
-CVE-2021-29849
- RESERVED
+CVE-2021-29849 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
CVE-2021-29848
RESERVED
-CVE-2021-29847
- RESERVED
-CVE-2021-29846
- RESERVED
-CVE-2021-29845
- RESERVED
+CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...)
+ NOT-FOR-US: IBM
+CVE-2021-29846 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29845 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...)
NOT-FOR-US: IBM
CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...)
@@ -34444,8 +42089,8 @@ CVE-2021-29840
RESERVED
CVE-2021-29839
RESERVED
-CVE-2021-29838
- RESERVED
+CVE-2021-29838 (IBM Security Guardium Insights 3.0 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
NOT-FOR-US: IBM
CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...)
@@ -34550,8 +42195,8 @@ CVE-2021-29787
RESERVED
CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear text wh ...)
NOT-FOR-US: IBM
-CVE-2021-29785
- RESERVED
+CVE-2021-29785 (IBM Security SOAR V42 and V43could allow a remote attacker to obtain s ...)
+ NOT-FOR-US: IBM
CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker t ...)
NOT-FOR-US: IBM
CVE-2021-29783
@@ -34562,8 +42207,8 @@ CVE-2021-29781 (IBM Partner Engagement Manager 2.0 could allow a remote attacker
NOT-FOR-US: IBM
CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...)
NOT-FOR-US: IBM
-CVE-2021-29779
- RESERVED
+CVE-2021-29779 (IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitiv ...)
+ NOT-FOR-US: IBM
CVE-2021-29778
RESERVED
CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
@@ -34608,8 +42253,8 @@ CVE-2021-29758 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1
NOT-FOR-US: IBM
CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site r ...)
NOT-FOR-US: IBM
-CVE-2021-29756
- RESERVED
+CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site req ...)
+ NOT-FOR-US: IBM
CVE-2021-29755
RESERVED
CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
@@ -34682,14 +42327,14 @@ CVE-2021-29721
RESERVED
CVE-2021-29720
RESERVED
-CVE-2021-29719
- RESERVED
+CVE-2021-29719 (IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client s ...)
+ NOT-FOR-US: IBM
CVE-2021-29718
RESERVED
CVE-2021-29717
RESERVED
-CVE-2021-29716
- RESERVED
+CVE-2021-29716 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to ...)
+ NOT-FOR-US: IBM
CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to ...)
NOT-FOR-US: IBM
CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...)
@@ -34718,8 +42363,8 @@ CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is
NOT-FOR-US: IBM
CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
NOT-FOR-US: IBM
-CVE-2021-29701
- RESERVED
+CVE-2021-29701 (IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as I ...)
+ NOT-FOR-US: IBM
CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
NOT-FOR-US: IBM
CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...)
@@ -34764,8 +42409,8 @@ CVE-2021-29680
RESERVED
CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...)
NOT-FOR-US: IBM
-CVE-2021-29678
- RESERVED
+CVE-2021-29678 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
NOT-FOR-US: IBM
CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
@@ -34810,10 +42455,10 @@ CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134
NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
-CVE-2021-29656
- RESERVED
-CVE-2021-29655
- RESERVED
+CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validat ...)
+ NOT-FOR-US: Pexip Infinity Connect
+CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning authent ...)
+ NOT-FOR-US: Pexip Infinity Connect
CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
NOT-FOR-US: AjaxSearchPro
CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...)
@@ -34902,8 +42547,9 @@ CVE-2021-29634
RESERVED
CVE-2021-29633
RESERVED
-CVE-2021-29632
- RESERVED
+CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc
CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...)
NOT-FOR-US: FreeBSD
CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...)
@@ -34927,7 +42573,7 @@ CVE-2021-29625 (Adminer is open-source database management software. A cross-sit
CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect their F ...)
NOT-FOR-US: fastify-csrf
CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- - exiv2 <unfixed> (bug #988481)
+ - exiv2 0.27.5-1 (bug #988481)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -34942,7 +42588,9 @@ CVE-2021-29622 (Prometheus is an open-source monitoring system and time series d
NOTE: The vulnerability itself is introduced with 2.23.0 upstream.
NOTE: See https://bugs.debian.org/988804 for details.
CVE-2021-29621 (Flask-AppBuilder is a development framework, built on top of Flask. Us ...)
- NOT-FOR-US: Flask-AppBuilder
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580 (v3.3.0)
CVE-2021-29620 (Report portal is an open source reporting and analysis framework. Star ...)
NOT-FOR-US: Report portal
CVE-2021-29619 (TensorFlow is an end-to-end open source platform for machine learning. ...)
@@ -35199,6 +42847,7 @@ CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the r
CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...)
NOT-FOR-US: bubble fireworks
CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...)
+ [experimental] - golang-github-sylabs-sif 2.3.1-1
- golang-github-sylabs-sif <unfixed> (bug #991664)
[bullseye] - golang-github-sylabs-sif <no-dsa> (Minor issue)
NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
@@ -35284,7 +42933,7 @@ CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborat
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
{DSA-4958-1 DLA-2750-1}
- - exiv2 <unfixed> (bug #987736)
+ - exiv2 0.27.5-1 (bug #987736)
[bullseye] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
NOTE: https://github.com/Exiv2/exiv2/pull/1587
@@ -35300,7 +42949,7 @@ CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python (pypi
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
NOTE: https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2)
CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #987450)
+ - exiv2 0.27.5-1 (bug #987450)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
@@ -35323,14 +42972,14 @@ CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions
CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...)
NOT-FOR-US: Discord-Recon
CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #988242)
+ - exiv2 0.27.5-1 (bug #988242)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54
CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #988241)
+ - exiv2 0.27.5-1 (bug #988241)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <not-affected> (webp support introduced in 0.27)
[stretch] - exiv2 <not-affected> (webp support introduced in 0.27)
@@ -35352,7 +43001,7 @@ CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the
CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #987277)
+ - exiv2 0.27.5-1 (bug #987277)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -35378,8 +43027,10 @@ CVE-2021-29456 (Authelia is an open-source authentication and authorization serv
NOT-FOR-US: Authelia
CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)
NOT-FOR-US: Grassroot Platform
-CVE-2021-29454
- RESERVED
+CVE-2021-29454 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ - smarty3 <unfixed>
+ NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m
+ NOTE: https://github.com/smarty-php/smarty/commit/7ad97ad030b4289711e30819c928b8bc33c62b23 (3.1.42)
CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media repository for ...)
NOT-FOR-US: matrix-media-repo
CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...)
@@ -35551,18 +43202,18 @@ CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP
NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS
CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
NOT-FOR-US: XMB
-CVE-2021-29398
- RESERVED
-CVE-2021-29397
- RESERVED
-CVE-2021-29396
- RESERVED
-CVE-2021-29395
- RESERVED
-CVE-2021-29394
- RESERVED
-CVE-2021-29393
- RESERVED
+CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...)
+ NOT-FOR-US: Northstar
CVE-2021-29392
RESERVED
CVE-2021-29391
@@ -35679,7 +43330,7 @@ CVE-2021-29340
CVE-2021-29339
RESERVED
CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
- - openjpeg2 <unfixed> (bug #987276)
+ - openjpeg2 2.4.0-4 (bug #987276)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
@@ -35913,7 +43564,7 @@ CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. .
NOT-FOR-US: Cloudera Manager
CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...)
NOT-FOR-US: CODESYS Control Runtime
-CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that ...)
+CVE-2021-29241 (CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that ...)
NOT-FOR-US: CODESYS Gateway 3
CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...)
NOT-FOR-US: Package Manager of CODESYS Development System 3
@@ -35957,18 +43608,18 @@ CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erl
- erlang <not-affected> (Windows-specific)
CVE-2021-29220
RESERVED
-CVE-2021-29219
- RESERVED
-CVE-2021-29218
- RESERVED
+CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
+ NOT-FOR-US: HPE
+CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
+ NOT-FOR-US: HPE
CVE-2021-29217
RESERVED
CVE-2021-29216
RESERVED
-CVE-2021-29215
- RESERVED
-CVE-2021-29214
- RESERVED
+CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
+ NOT-FOR-US: HPE
+CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
+ NOT-FOR-US: HPE
CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
NOT-FOR-US: HPE
CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
@@ -36106,7 +43757,7 @@ CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versi
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/268
NOTE: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b
-CVE-2021-3466 (A flaw was found in libmicrohttpd in versions before 0.9.71. A missing ...)
+CVE-2021-3466 (A flaw was found in libmicrohttpd. A missing bounds check in the post_ ...)
- libmicrohttpd 0.9.71-1
[buster] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
[stretch] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
@@ -36197,14 +43848,14 @@ CVE-2021-29118
RESERVED
CVE-2021-29117
RESERVED
-CVE-2021-29116
- RESERVED
-CVE-2021-29115
- RESERVED
-CVE-2021-29114
- RESERVED
-CVE-2021-29113
- RESERVED
+CVE-2021-29116 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
+ NOT-FOR-US: Esri ArcGIS Server
+CVE-2021-29115 (An information disclosure vulnerability in the ArcGIS Service Director ...)
+ NOT-FOR-US: Esri ArcGIS
+CVE-2021-29114 (A SQL injection vulnerability in feature services provided by Esri Arc ...)
+ NOT-FOR-US: Esri ArcGIS
+CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server help docume ...)
+ NOT-FOR-US: ArcGIS Server
CVE-2021-29112
RESERVED
CVE-2021-29111
@@ -36523,9 +44174,9 @@ CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a c
- ruby2.7 <not-affected> (Windows-specific)
NOTE: https://hackerone.com/reports/1131465
CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...)
+ {DSA-5066-1}
- ruby2.7 2.7.3-1 (bug #986807)
- ruby2.5 <removed>
- [buster] - ruby2.5 <postponed> (Minor issue, can be fixed along with next update)
- ruby2.3 <removed>
[stretch] - ruby2.3 <postponed> (Minor issue; can be fixed in next update)
[experimental] - ruby-rexml 3.2.5-1
@@ -36547,8 +44198,8 @@ CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctre
- linux 5.10.26-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
-CVE-2021-28962
- RESERVED
+CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a read-only adm ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
NOT-FOR-US: DDNS package for OpenWrt
CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthe ...)
@@ -37129,52 +44780,67 @@ CVE-2021-28717
RESERVED
CVE-2021-28716
RESERVED
-CVE-2021-28715
- RESERVED
-CVE-2021-28714
- RESERVED
-CVE-2021-28713
- RESERVED
-CVE-2021-28712
- RESERVED
-CVE-2021-28711
- RESERVED
+CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-392.html
+CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-392.html
+CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
- xen <not-affected> (Only affects 4.15 series)
NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/9
NOTE: https://xenbits.xen.org/xsa/advisory-390.html
CVE-2021-28709 (issues with partially successful P2M updates on x86 T[his CNA informat ...)
- - xen <unfixed>
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-389.html
CVE-2021-28708 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
- - xen <unfixed>
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-388.html
CVE-2021-28707 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
- - xen <unfixed>
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-388.html
CVE-2021-28706 (guests may exceed their designated memory limit When a guest is permit ...)
- - xen <unfixed>
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-385.html
CVE-2021-28705 (issues with partially successful P2M updates on x86 T[his CNA informat ...)
- - xen <unfixed>
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-389.html
CVE-2021-28704 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
- - xen <unfixed>
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-388.html
-CVE-2021-28703
- RESERVED
+CVE-2021-28703 (grant table v2 status pages may remain accessible after de-allocation ...)
- xen 4.14.0+80-gd101b417b7-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -37184,8 +44850,8 @@ CVE-2021-28703
NOTE: Debian including the fix.
NOTE: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e (4.14.0-rc1)
CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...)
- - xen <unfixed>
- [bullseye] - xen <postponed> (Minor issue, fix along with next DSA)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-386.html
@@ -37279,8 +44945,8 @@ CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remo
- envoyproxy <itp> (bug #987544)
CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
NOT-FOR-US: Pion WebRTC
-CVE-2021-28680
- RESERVED
+CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...)
+ NOT-FOR-US: devise_masquerade
CVE-2021-28679
RESERVED
CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
@@ -37419,7 +45085,7 @@ CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonl
NOTE: https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e
CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
[experimental] - gnome-autoar 0.3.1-1
- - gnome-autoar <unfixed> (bug #985391)
+ - gnome-autoar 0.4.0-1 (bug #985391)
[bullseye] - gnome-autoar <no-dsa> (Minor issue)
[buster] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
[stretch] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
@@ -37721,22 +45387,22 @@ CVE-2021-28509
RESERVED
CVE-2021-28508
RESERVED
-CVE-2021-28507
- RESERVED
-CVE-2021-28506
- RESERVED
+CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under certa ...)
+ NOT-FOR-US: Arista
+CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...)
+ NOT-FOR-US: Arista
CVE-2021-28505
RESERVED
CVE-2021-28504
RESERVED
-CVE-2021-28503
- RESERVED
+CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
+ NOT-FOR-US: Arista
CVE-2021-28502
RESERVED
-CVE-2021-28501
- RESERVED
-CVE-2021-28500
- RESERVED
+CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
+ NOT-FOR-US: Arista
+CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the incorrec ...)
+ NOT-FOR-US: Arista
CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
NOT-FOR-US: Arista
CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
@@ -37995,10 +45661,10 @@ CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP
NOT-FOR-US: Vesta Control Panel
CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...)
- gitea <removed>
-CVE-2021-28377
- RESERVED
-CVE-2021-28376
- RESERVED
+CVE-2021-28377 (ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary fi ...)
+ NOT-FOR-US: ChronoForums
+CVE-2021-28376 (ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary f ...)
+ NOT-FOR-US: ChronoForums
CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03- ...)
- tt-rss <not-affected> (Vulnerable code introduced later)
NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502
@@ -38294,10 +45960,10 @@ CVE-2021-28239
RESERVED
CVE-2021-28238
RESERVED
-CVE-2021-28237
- RESERVED
-CVE-2021-28236
- RESERVED
+CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference ...)
+ - libredwg <itp> (bug #595191)
CVE-2021-28235
RESERVED
CVE-2021-28234
@@ -38359,11 +46025,9 @@ CVE-2021-28215
CVE-2021-28214
RESERVED
CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...)
- - edk2 <unfixed> (bug #989988)
- [bullseye] - edk2 <no-dsa> (Minor issue)
- [buster] - edk2 <no-dsa> (Minor issue)
- [stretch] - edk2 <no-dsa> (Minor issue)
+ - edk2 0~20190606.20d2e5a1-2 (bug #989988; unimportant)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866
+ NOTE: IpSecDxe code not built.
CVE-2021-28212
RESERVED
CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...)
@@ -38477,6 +46141,7 @@ CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.r
NOT-FOR-US: Eclipse OpenJ9
CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...)
- mosquitto 2.0.10-1 (bug #986701)
+ [bullseye] - mosquitto <no-dsa> (Minor issue)
[buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
[stretch] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
@@ -38705,8 +46370,8 @@ CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A
NOT-FOR-US: Forescout CounterACT
CVE-2021-28097
RESERVED
-CVE-2021-28096
- RESERVED
+CVE-2021-28096 (An issue was discovered in Stormshield SNS before 4.2.3 (when the prox ...)
+ NOT-FOR-US: Stormshield SNS
CVE-2021-28095 (OX Documents before 7.10.5-rev5 has Incorrect Access Control for docum ...)
NOT-FOR-US: OX Documents
CVE-2021-28094 (OX Documents before 7.10.5-rev7 has Incorrect Access Control for conve ...)
@@ -38956,10 +46621,10 @@ CVE-2021-27986
RESERVED
CVE-2021-27985
RESERVED
-CVE-2021-27984
- RESERVED
-CVE-2021-27983
- RESERVED
+CVE-2021-27984 (In Pluck-4.7.15 admin background a remote command execution vulnerabil ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-27983 (Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 ...)
+ NOT-FOR-US: MaxSite CMS
CVE-2021-27982
RESERVED
CVE-2021-27981
@@ -38982,8 +46647,8 @@ CVE-2021-27973 (SQL injection exists in Piwigo before 11.4.0 via the language pa
- piwigo <removed>
CVE-2021-27972
RESERVED
-CVE-2021-27971
- RESERVED
+CVE-2021-27971 (Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injec ...)
+ NOT-FOR-US: Alps Alpine Touchpad Driver
CVE-2021-27970
RESERVED
CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...)
@@ -39147,7 +46812,7 @@ CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper o
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
- picolibc 1.5-1
- - libnewlib-nano <unfixed> (bug #984424)
+ - libnewlib-nano <removed> (bug #984424)
[buster] - libnewlib-nano <no-dsa> (Minor issue)
NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
@@ -39279,18 +46944,18 @@ CVE-2021-27862
RESERVED
CVE-2021-27861
RESERVED
-CVE-2021-27860
- RESERVED
-CVE-2021-27859
- RESERVED
-CVE-2021-27858
- RESERVED
-CVE-2021-27857
- RESERVED
-CVE-2021-27856
- RESERVED
-CVE-2021-27855
- RESERVED
+CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27859 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27858 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27857 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ NOT-FOR-US: FatPipe
CVE-2021-27854
RESERVED
CVE-2021-27853
@@ -39416,10 +47081,10 @@ CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator
NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
CVE-2021-27798
RESERVED
-CVE-2021-27797
- RESERVED
-CVE-2021-27796
- RESERVED
+CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...)
+ NOT-FOR-US: Brocade
+CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...)
+ NOT-FOR-US: Brocade
CVE-2021-27795
RESERVED
CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...)
@@ -39500,12 +47165,12 @@ CVE-2021-27757
RESERVED
CVE-2021-27756
RESERVED
-CVE-2021-27755
- RESERVED
+CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...)
+ NOT-FOR-US: HCL
CVE-2021-27754
RESERVED
-CVE-2021-27753
- RESERVED
+CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...)
+ NOT-FOR-US: HCL
CVE-2021-27752
RESERVED
CVE-2021-27751
@@ -39534,8 +47199,8 @@ CVE-2021-27740
RESERVED
CVE-2021-27739
RESERVED
-CVE-2021-27738
- RESERVED
+CVE-2021-27738 (All request mappings in `StreamingCoordinatorController.java` handling ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...)
- trafficserver <not-affected> (Only affects 9.x)
CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...)
@@ -39727,8 +47392,8 @@ CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior c
NOT-FOR-US: exacqVision Web Service
CVE-2021-27655
RESERVED
-CVE-2021-27654
- RESERVED
+CVE-2021-27654 (Forgotten password reset functionality for local accounts can be used ...)
+ NOT-FOR-US: Pega
CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...)
NOT-FOR-US: Pega
CVE-2021-27652
@@ -40150,24 +47815,24 @@ CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulne
NOT-FOR-US: Delta Electronics
CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...)
NOT-FOR-US: GE
-CVE-2021-27453
- RESERVED
+CVE-2021-27453 (Mesa Labs AmegaView Versions 3.0 uses default cookies that could be se ...)
+ NOT-FOR-US: Mesa Labs
CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...)
NOT-FOR-US: GE
-CVE-2021-27451
- RESERVED
+CVE-2021-27451 (Mesa Labs AmegaView Versions 3.0 and prior&#8217;s passcode is generat ...)
+ NOT-FOR-US: Mesa Labs
CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...)
NOT-FOR-US: GE
-CVE-2021-27449
- RESERVED
+CVE-2021-27449 (Mesa Labs AmegaView Versions 3.0 and prior has a command injection vul ...)
+ NOT-FOR-US: Mesa Labs
CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...)
NOT-FOR-US: GE
-CVE-2021-27447
- RESERVED
+CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, ...)
+ NOT-FOR-US: Mesa Labs
CVE-2021-27446
RESERVED
-CVE-2021-27445
- RESERVED
+CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...)
+ NOT-FOR-US: Mesa Labs
CVE-2021-27444
RESERVED
CVE-2021-27443
@@ -40274,7 +47939,7 @@ CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian
NOT-FOR-US: Siemens
CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Mendix Applications (Siemens)
-CVE-2021-27393 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network ...)
NOT-FOR-US: Siveillance
@@ -41105,19 +48770,32 @@ CVE-2021-27026 (A flaw was divered in Puppet Enterprise and other Puppet product
NOT-FOR-US: Puppet Enterprise
CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silently ign ...)
- puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [buster] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [stretch] - puppet <ignored> (Minor issue, too intrusive to backport)
NOTE: https://puppet.com/security/cve/cve-2021-27025
NOTE: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1)
+ NOTE: Limited impact, needs a malformed custom type provider
CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD ...)
NOT-FOR-US: Continuous Delivery for Puppet Enterprise
CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may resul ...)
- puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue)
+ [buster] - puppet <ignored> (Minor issue)
+ [stretch] - puppet <ignored> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2021-27023
NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
+ NOTE: Marginal/unclear security implications, the redirects are fully under control of
+ NOTE: the puppet masters and the advisory states this CVE would be similar to CVE-2018-1000007,
+ NOTE: but CVE is for curl, which obviously has different scope being a library. Plus, all
+ NOTE: reasonably secure installations use client auth on the agents
+ NOTE: Previous client code in lib/puppet/network/http/connection.rb also vulnerable
CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/CVE-2021-27022/
CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...)
- puppetdb <unfixed> (bug #990419)
+ [buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2021-27021/
NOTE: https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
NOTE: https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266
@@ -41153,10 +48831,10 @@ CVE-2021-27009
RESERVED
CVE-2021-27008
RESERVED
-CVE-2021-27007
- RESERVED
-CVE-2021-27006
- RESERVED
+CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway i ...)
+ NOT-FOR-US: NetApp Virtual Desktop Service
+CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11. ...)
+ NOT-FOR-US: StorageGRID
CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...)
@@ -41677,8 +49355,8 @@ CVE-2021-26802
RESERVED
CVE-2021-26801
RESERVED
-CVE-2021-26800
- RESERVED
+CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in Change-password.php ...)
+ NOT-FOR-US: phpgurukul
CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka ...)
NOT-FOR-US: Omeka
CVE-2021-26798
@@ -41703,8 +49381,8 @@ CVE-2021-26789
RESERVED
CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...)
NOT-FOR-US: Oryx Embedded CycloneTCP
-CVE-2021-26787
- RESERVED
+CVE-2021-26787 (A cross site scripting (XSS) vulnerability in Genesys Workforce Manage ...)
+ NOT-FOR-US: Genesys Workforce Management
CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland PlayTub ...)
NOT-FOR-US: PlayTube
CVE-2021-26785
@@ -41723,8 +49401,8 @@ CVE-2021-26779
RESERVED
CVE-2021-26778
RESERVED
-CVE-2021-26777
- RESERVED
+CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in index.cgi in ...)
+ NOT-FOR-US: CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare
CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...)
NOT-FOR-US: CSZ CMS
CVE-2021-26775
@@ -41825,8 +49503,8 @@ CVE-2021-26728
RESERVED
CVE-2021-26727
RESERVED
-CVE-2021-26726
- RESERVED
+CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
+ NOT-FOR-US: Valmet
CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
NOT-FOR-US: Nozomi Networks Guardian
CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
@@ -41872,8 +49550,8 @@ CVE-2021-26709 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices throu
NOT-FOR-US: D-Link
CVE-2021-26707 (The merge-deep library before 3.0.3 for Node.js can be tricked into ov ...)
NOT-FOR-US: Node deep-merge
-CVE-2021-26706
- RESERVED
+CVE-2021-26706 (An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x an ...)
+ NOT-FOR-US: Micrium
CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...)
NOT-FOR-US: SquareBox CatDV Server
CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...)
@@ -41958,12 +49636,12 @@ CVE-2021-26677 (A local authenticated escalation of privilege vulnerability was
NOT-FOR-US: Aruba
CVE-2021-3399
RESERVED
-CVE-2021-3398
- RESERVED
+CVE-2021-3398 (Stormshield Network Security (SNS) 3.x has an Integer Overflow in the ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-3397
RESERVED
CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
{DSA-4847-1 DLA-2552-1}
- connman 1.36-2.1
@@ -42083,22 +49761,22 @@ CVE-2021-26621
RESERVED
CVE-2021-26620
RESERVED
-CVE-2021-26619
- RESERVED
-CVE-2021-26618
- RESERVED
+CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...)
+ NOT-FOR-US: BigFileAgent
+CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
+ NOT-FOR-US: ToWord of ToOffice
CVE-2021-26617
RESERVED
-CVE-2021-26616
- RESERVED
+CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
+ NOT-FOR-US: SecuwaySSL client for MacOS
CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
NOT-FOR-US: ARK library
CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
NOT-FOR-US: IpTime C200 camera
-CVE-2021-26613
- RESERVED
-CVE-2021-26612
- RESERVED
+CVE-2021-26613 (improper input validation vulnerability in nexacro permits copying fil ...)
+ NOT-FOR-US: Tobesoft Nexacro
+CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...)
+ NOT-FOR-US: Tobesoft Nexacro
CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
NOT-FOR-US: HejHome GKW-IC052 IP Camera
CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
@@ -42142,6 +49820,7 @@ CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU.
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d
CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, authentica ...)
NOT-FOR-US: Nokia NetAct 18A
CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user can chan ...)
@@ -42281,17 +49960,17 @@ CVE-2021-26542
CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...)
NOT-FOR-US: Node gitlog
CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2021-3379
RESERVED
CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...)
NOT-FOR-US: FortiLogger
CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...)
- node-ansi-up 5.0.0+dfsg-1 (bug #984667)
-CVE-2021-3376
- RESERVED
+CVE-2021-3376 (An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allow ...)
+ NOT-FOR-US: Cuppa CMS
CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...)
NOT-FOR-US: ActivePresenter
CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 allows attac ...)
@@ -42302,8 +49981,8 @@ CVE-2021-3372
RESERVED
CVE-2021-3371
RESERVED
-CVE-2021-3370
- RESERVED
+CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...)
+ NOT-FOR-US: DouPHP
CVE-2021-3369
RESERVED
CVE-2021-3368
@@ -42483,13 +50162,13 @@ CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via
NOT-FOR-US: EPrints
CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...)
NOT-FOR-US: EPrints
-CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET req ...)
+CVE-2021-26474 (Various Vembu products allow an attacker to execute a (non-blind) http ...)
NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a G ...)
+CVE-2021-26473 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http ...)
NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
+CVE-2021-26472 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed ...)
NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
+CVE-2021-26471 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http ...)
NOT-FOR-US: Vembu BDR Suite
CVE-2021-26470
RESERVED
@@ -42751,8 +50430,8 @@ CVE-2021-26342
RESERVED
CVE-2021-26341
RESERVED
-CVE-2021-26340
- RESERVED
+CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged attacker pr ...)
+ NOT-FOR-US: AMD
CVE-2021-26339
RESERVED
CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...)
@@ -42763,8 +50442,8 @@ CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may
NOT-FOR-US: AMD
CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
NOT-FOR-US: AMD
-CVE-2021-26334
- RESERVED
+CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD &#956;Prof tool may allow lower ...)
+ NOT-FOR-US: AMD
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
NOT-FOR-US: AMD
CVE-2021-26332
@@ -43443,12 +51122,12 @@ CVE-2021-26112
RESERVED
CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in ...)
NOT-FOR-US: Fortiguard
-CVE-2021-26110
- RESERVED
-CVE-2021-26109
- RESERVED
-CVE-2021-26108
- RESERVED
+CVE-2021-26110 (An improper access control vulnerability [CWE-284] in FortiOS autod da ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26109 (An integer overflow or wraparound vulnerability in the memory allocato ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26108 (A use of hard-coded cryptographic key vulnerability in the SSLVPN of F ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-26107 (An improper access control vulnerability [CWE-284] in FortiManager ver ...)
NOT-FOR-US: Fortiguard
CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...)
@@ -43457,8 +51136,8 @@ CVE-2021-26105
RESERVED
CVE-2021-26104
RESERVED
-CVE-2021-26103
- RESERVED
+CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
+ NOT-FOR-US: FortiGuard
CVE-2021-26102
RESERVED
CVE-2021-26101
@@ -43532,57 +51211,57 @@ CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from versi
CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...)
NOT-FOR-US: Atlassian
CVE-2021-26066
- RESERVED
+ REJECTED
CVE-2021-26065
- RESERVED
+ REJECTED
CVE-2021-26064
- RESERVED
+ REJECTED
CVE-2021-26063
- RESERVED
+ REJECTED
CVE-2021-26062
- RESERVED
+ REJECTED
CVE-2021-26061
- RESERVED
+ REJECTED
CVE-2021-26060
- RESERVED
+ REJECTED
CVE-2021-26059
- RESERVED
+ REJECTED
CVE-2021-26058
- RESERVED
+ REJECTED
CVE-2021-26057
- RESERVED
+ REJECTED
CVE-2021-26056
- RESERVED
+ REJECTED
CVE-2021-26055
- RESERVED
+ REJECTED
CVE-2021-26054
- RESERVED
+ REJECTED
CVE-2021-26053
- RESERVED
+ REJECTED
CVE-2021-26052
- RESERVED
+ REJECTED
CVE-2021-26051
- RESERVED
+ REJECTED
CVE-2021-26050
- RESERVED
+ REJECTED
CVE-2021-26049
- RESERVED
+ REJECTED
CVE-2021-26048
- RESERVED
+ REJECTED
CVE-2021-26047
- RESERVED
+ REJECTED
CVE-2021-26046
- RESERVED
+ REJECTED
CVE-2021-26045
- RESERVED
+ REJECTED
CVE-2021-26044
- RESERVED
+ REJECTED
CVE-2021-26043
- RESERVED
+ REJECTED
CVE-2021-26042
- RESERVED
+ REJECTED
CVE-2021-26041
- RESERVED
+ REJECTED
CVE-2021-26040 (An issue was discovered in Joomla! 4.0.0. The media manager does not c ...)
NOT-FOR-US: Joomla!
CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
@@ -43696,22 +51375,22 @@ CVE-2021-25996
RESERVED
CVE-2021-25995
RESERVED
-CVE-2021-25994
- RESERVED
-CVE-2021-25993
- RESERVED
-CVE-2021-25992
- RESERVED
-CVE-2021-25991
- RESERVED
-CVE-2021-25990
- RESERVED
-CVE-2021-25989
- RESERVED
-CVE-2021-25988
- RESERVED
-CVE-2021-25987
- RESERVED
+CVE-2021-25994 (In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Head ...)
+ NOT-FOR-US: Userfrosting
+CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...)
+ NOT-FOR-US: Requarks wiki.js
+CVE-2021-25992 (In Ifme, versions 1.0.0 to v.7.33.2 don&#8217;t properly invalidate a ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25991 (In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper a ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25990 (In &#8220;ifme&#8221;, versions v7.22.0 to v7.31.4 are vulnerable agai ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25989 (In &#8220;ifme&#8221;, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25988 (In &#8220;ifme&#8221;, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The po ...)
+ NOT-FOR-US: hexo blog framework
CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...)
NOT-FOR-US: Django-wiki
CVE-2021-25985 (In Factor (App Framework &amp; Headless CMS) v1.0.4 to v1.8.30, improp ...)
@@ -43722,8 +51401,8 @@ CVE-2021-25983 (In Factor (App Framework &amp; Headless CMS) forum plugin, versi
NOT-FOR-US: Factor (App Framework & Headless CMS)
CVE-2021-25982 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions 1. ...)
NOT-FOR-US: Factor (App Framework & Headless CMS)
-CVE-2021-25981
- RESERVED
+CVE-2021-25981 (In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev ve ...)
+ NOT-FOR-US: Talkyard
CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...)
NOT-FOR-US: Talkyard
CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...)
@@ -43750,8 +51429,8 @@ CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnera
NOT-FOR-US: Camaleon CMS
CVE-2021-25968 (In &#8220;OpenCMS&#8221;, versions 10.5.0 to 11.0.2 are affected by a ...)
NOT-FOR-US: OpenCMS
-CVE-2021-25967
- RESERVED
+CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...)
+ NOT-FOR-US: CKAN
CVE-2021-25966 (In &#8220;Orchard core CMS&#8221; application, versions 1.0.0-beta1-33 ...)
NOT-FOR-US: Orchard CMS
CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...)
@@ -43809,8 +51488,8 @@ CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.
NOT-FOR-US: Node deep-override
CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
- arangodb <itp> (bug #761817)
-CVE-2021-25939
- RESERVED
+CVE-2021-25939 (In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...)
+ - arangodb <itp> (bug #761817)
CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
- arangodb <itp> (bug #761817)
CVE-2021-25937
@@ -43818,19 +51497,19 @@ CVE-2021-25937
CVE-2021-25936
RESERVED
CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
NOT-FOR-US: Node safe-obj
CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
@@ -43967,8 +51646,8 @@ CVE-2021-3244
RESERVED
CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...)
NOT-FOR-US: Wfilter ICF
-CVE-2021-3242
- RESERVED
+CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: DuxCMS
CVE-2021-3241
RESERVED
CVE-2021-3240
@@ -44052,8 +51731,9 @@ CVE-2021-3202
CVE-2021-3201
RESERVED
CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...)
- - libsolv <unfixed> (unimportant)
+ - libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/416
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
NOTE: Crash in CLI tool, no security impact
CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...)
NOT-FOR-US: ONLYOFFICE Document Server
@@ -44295,12 +51975,12 @@ CVE-2021-25787
RESERVED
CVE-2021-25786
RESERVED
-CVE-2021-25785
- RESERVED
-CVE-2021-25784
- RESERVED
-CVE-2021-25783
- RESERVED
+CVE-2021-25785 (Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS ...)
+ NOT-FOR-US: taocms
+CVE-2021-25784 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...)
+ NOT-FOR-US: taocms
+CVE-2021-25783 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...)
+ NOT-FOR-US: taocms
CVE-2021-25782
RESERVED
CVE-2021-25781
@@ -44379,8 +52059,10 @@ CVE-2021-25745
RESERVED
CVE-2021-25744
RESERVED
-CVE-2021-25743
- RESERVED
+CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <no-dsa> (Minor issue)
+ NOTE: https://github.com/kubernetes/kubernetes/issues/101695
CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may be able ...)
@@ -44527,6 +52209,12 @@ CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/5273722c2180c394bc426f731450b95809ca952e (v3002.3)
+ NOTE: https://github.com/saltstack/salt/commit/039b7f3f5713170799363d96e6263c2809e4245c (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186
+ NOTE: Regression follow-up: https://github.com/saltstack/salt/pull/59748
+ NOTE: Regression follow-up fix: https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d
CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
NOT-FOR-US: Hitachi ID Bravura Security Fabric
CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
@@ -44544,7 +52232,7 @@ CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command
NOT-FOR-US: Node async-git
CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
NOT-FOR-US: Solid Edge (Siemens)
-CVE-2021-25677 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...)
NOT-FOR-US: Siemens
@@ -44889,42 +52577,42 @@ CVE-2021-25529
RESERVED
CVE-2021-25528
RESERVED
-CVE-2021-25527
- RESERVED
-CVE-2021-25526
- RESERVED
-CVE-2021-25525
- RESERVED
-CVE-2021-25524
- RESERVED
-CVE-2021-25523
- RESERVED
-CVE-2021-25522
- RESERVED
-CVE-2021-25521
- RESERVED
-CVE-2021-25520
- RESERVED
-CVE-2021-25519
- RESERVED
-CVE-2021-25518
- RESERVED
-CVE-2021-25517
- RESERVED
-CVE-2021-25516
- RESERVED
-CVE-2021-25515
- RESERVED
-CVE-2021-25514
- RESERVED
-CVE-2021-25513
- RESERVED
-CVE-2021-25512
- RESERVED
-CVE-2021-25511
- RESERVED
-CVE-2021-25510
- RESERVED
+CVE-2021-25527 (Improper export of Android application components vulnerability in Sam ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25526 (Intent redirection vulnerability in Samsung Blockchain Wallet prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25525 (Improper check or handling of exception conditions vulnerability in Sa ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25524 (Insecure storage of device information in Contacts prior to version 12 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25523 (Insecure storage of device information in Samsung Dialer prior to vers ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25522 (Insecure storage of sensitive information vulnerability in Smart Captu ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25521 (Insecure caller check in sharevia deeplink logic prior to Samsung Inte ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25520 (Insecure caller check and input validation vulnerabilities in SearchKe ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25519 (An improper access control vulnerability in CPLC prior to SMR Dec-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25518 (An improper boundary check in secure_log of LDFW and BL31 prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25517 (An improper input validation vulnerability in LDFW prior to SMR Dec-20 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25516 (An improper check or handling of exceptional conditions in Exynos base ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25515 (An improper usage of implicit intent in SemRewardManager prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25514 (An improper intent redirection handling in Tags prior to SMR Dec-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25513 (An improper privilege management vulnerability in Apps Edge applicatio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25512 (An improper validation vulnerability in telephony prior to SMR Dec-202 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25511 (An improper validation vulnerability in FilterProvider prior to SMR De ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25510 (An improper validation vulnerability in FilterProvider prior to SMR De ...)
+ NOT-FOR-US: Samsung
CVE-2021-25509 (A missing input validation in Samsung Flow Windows application prior t ...)
NOT-FOR-US: Samsung
CVE-2021-25508 (Improper privilege management vulnerability in API Key used in SmartTh ...)
@@ -45346,8 +53034,8 @@ CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerabi
NOT-FOR-US: hawk2 as packaged by SuSE
CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
NOT-FOR-US: Rancher
-CVE-2021-3179
- RESERVED
+CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of the pas ...)
+ NOT-FOR-US: GGLocker iOS application
CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
{DLA-2586-1}
- linux 5.10.12-1 (unimportant)
@@ -45355,7 +53043,7 @@ CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10
NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
NOTE: Disputed/mild security relevance/impact
CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...)
- {DLA-2619-1}
+ {DLA-2919-1 DLA-2619-1}
- python3.9 3.9.1-3
- python3.8 <removed>
- python3.7 <removed>
@@ -45364,7 +53052,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in
- python3.5 <removed>
- python2.7 2.7.18-2
[buster] - python2.7 <no-dsa> (Minor issue)
- [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue42938
NOTE: https://github.com/python/cpython/pull/24239
NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
@@ -45501,21 +53188,36 @@ CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5.
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/ac2ce3a3a000e428122bc120179e083de95c1de7 (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59793
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...)
{DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/3fbf9a35bc4f7a43f628631f89ebb31f907859e3 (v3002.5)
CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...)
{DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/aafc5ed6de60403c90201d85963299df351147ec (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59935
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/da381954425e1e1d5b807ff1156090847c5d16aa
CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...)
{DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/01/28
+ NOTE: https://github.com/saltstack/salt/commit/905efea17d9740a081509780d7c44e742b99ce60 (v3000.7)
+ NOTE: Regression: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/02/05
+ NOTE: Regression: https://github.com/saltstack/salt/commit/8f8994ba42e618a9b07fac417d931bdb7b7005d1
+ NOTE: Regression: https://github.com/saltstack/salt/commit/41a24843d8b22c6a340338ac86a628323fbfc181
+ NOTE: Regression: https://github.com/saltstack/salt/commit/7b3591d9cd427d46e410bc2d510e2ccfa6a23884
CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection]
- php-laravel-framework 6.20.14+dfsg-2 (bug #987831)
- php-illuminate-database <removed> (bug #987848)
@@ -45750,8 +53452,11 @@ CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result
NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89
NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783
NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3
-CVE-2021-3155
- RESERVED
+CVE-2021-3155 (snapd 2.54.2 and earlier created ~/snap directories in user home direc ...)
+ - snapd 2.54-1
+ NOTE: https://github.com/snapcore/snapd/pull/9841
+ NOTE: https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 (2.52)
+ NOTE: https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca (2.54)
CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...)
NOT-FOR-US: SolarWinds
CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
@@ -45769,6 +53474,8 @@ CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/fc9267afa3a7ecaae3ef446575072e0e5d51d8b7 (v2016.3)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/6ae64c6b15cb7f43b57f564a0cb8a0e426cc183a (v3000.7 backport)
CVE-2021-3147
RESERVED
CVE-2021-25196
@@ -45940,212 +53647,212 @@ CVE-2021-25117
RESERVED
CVE-2021-25116
RESERVED
-CVE-2021-25115
- RESERVED
-CVE-2021-25114
- RESERVED
+CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25113
RESERVED
CVE-2021-25112
RESERVED
CVE-2021-25111
RESERVED
-CVE-2021-25110
- RESERVED
-CVE-2021-25109
- RESERVED
-CVE-2021-25108
- RESERVED
-CVE-2021-25107
- RESERVED
-CVE-2021-25106
- RESERVED
-CVE-2021-25105
- RESERVED
+CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25106 (The Privacy Policy Generator, Terms &amp; Conditions Generator WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25104
RESERVED
-CVE-2021-25103
- RESERVED
+CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25102
RESERVED
-CVE-2021-25101
- RESERVED
-CVE-2021-25100
- RESERVED
-CVE-2021-25099
- RESERVED
+CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25098
RESERVED
-CVE-2021-25097
- RESERVED
-CVE-2021-25096
- RESERVED
-CVE-2021-25095
- RESERVED
+CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25094
RESERVED
-CVE-2021-25093
- RESERVED
-CVE-2021-25092
- RESERVED
-CVE-2021-25091
- RESERVED
+CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25090
RESERVED
-CVE-2021-25089
- RESERVED
+CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25088
RESERVED
CVE-2021-25087
RESERVED
CVE-2021-25086
RESERVED
-CVE-2021-25085
- RESERVED
-CVE-2021-25084
- RESERVED
-CVE-2021-25083
- RESERVED
-CVE-2021-25082
- RESERVED
+CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25081
RESERVED
-CVE-2021-25080
- RESERVED
-CVE-2021-25079
- RESERVED
-CVE-2021-25078
- RESERVED
-CVE-2021-25077
- RESERVED
-CVE-2021-25076
- RESERVED
-CVE-2021-25075
- RESERVED
-CVE-2021-25074
- RESERVED
-CVE-2021-25073
- RESERVED
-CVE-2021-25072
- RESERVED
+CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25075 (The Duplicate Page or Post WordPress plugin before 1.5.1 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 contains a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25071
RESERVED
CVE-2021-25070
RESERVED
-CVE-2021-25069
- RESERVED
+CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25068
RESERVED
-CVE-2021-25067
- RESERVED
+CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25066
RESERVED
-CVE-2021-25065
- RESERVED
+CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25064
RESERVED
-CVE-2021-25063
- RESERVED
-CVE-2021-25062
- RESERVED
-CVE-2021-25061
- RESERVED
-CVE-2021-25060
- RESERVED
+CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25059
RESERVED
-CVE-2021-25058
- RESERVED
-CVE-2021-25057
- RESERVED
+CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25056
RESERVED
-CVE-2021-25055
- RESERVED
-CVE-2021-25054
- RESERVED
-CVE-2021-25053
- RESERVED
-CVE-2021-25052
- RESERVED
-CVE-2021-25051
- RESERVED
-CVE-2021-25050
- RESERVED
-CVE-2021-25049
- RESERVED
+CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25053 (The WP Coder WordPress plugin before 2.5.2 within the wow-company admi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25052 (The Button Generator WordPress plugin before 2.3.3 within the wow-comp ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-company ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25048
RESERVED
-CVE-2021-25047
- RESERVED
-CVE-2021-25046
- RESERVED
-CVE-2021-25045
- RESERVED
+CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not validate or ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25044
RESERVED
-CVE-2021-25043
- RESERVED
+CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25042
RESERVED
-CVE-2021-25041
- RESERVED
-CVE-2021-25040
- RESERVED
+CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25039
RESERVED
CVE-2021-25038
RESERVED
-CVE-2021-25037
- RESERVED
-CVE-2021-25036
- RESERVED
-CVE-2021-25035
- RESERVED
+CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by an a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25034
RESERVED
-CVE-2021-25033
- RESERVED
-CVE-2021-25032
- RESERVED
-CVE-2021-25031
- RESERVED
-CVE-2021-25030
- RESERVED
-CVE-2021-25029
- RESERVED
-CVE-2021-25028
- RESERVED
-CVE-2021-25027
- RESERVED
+CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25026
RESERVED
-CVE-2021-25025
- RESERVED
-CVE-2021-25024
- RESERVED
-CVE-2021-25023
- RESERVED
-CVE-2021-25022
- RESERVED
-CVE-2021-25021
- RESERVED
-CVE-2021-25020
- RESERVED
+CVE-2021-25025 (The EventCalendar WordPress plugin before 1.1.51 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25024 (The EventCalendar WordPress plugin before 1.1.51 does not escape some ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25023 (The Speed Booster Pack &#9889; PageSpeed Optimization Suite WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25022 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25021 (The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25019
RESERVED
-CVE-2021-25018
- RESERVED
-CVE-2021-25017
- RESERVED
-CVE-2021-25016
- RESERVED
-CVE-2021-25015
- RESERVED
-CVE-2021-25014
- RESERVED
-CVE-2021-25013
- RESERVED
+CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25012
RESERVED
CVE-2021-25011
@@ -46154,98 +53861,98 @@ CVE-2021-25010
RESERVED
CVE-2021-25009
RESERVED
-CVE-2021-25008
- RESERVED
+CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25007
RESERVED
CVE-2021-25006
RESERVED
-CVE-2021-25005
- RESERVED
-CVE-2021-25004
- RESERVED
+CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-25003
RESERVED
CVE-2021-25002
RESERVED
-CVE-2021-25001
- RESERVED
-CVE-2021-25000
- RESERVED
-CVE-2021-24999
- RESERVED
-CVE-2021-24998
- RESERVED
-CVE-2021-24997
- RESERVED
+CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24999 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used to crea ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any authorisati ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24996
RESERVED
CVE-2021-24995
RESERVED
CVE-2021-24994
RESERVED
-CVE-2021-24993
- RESERVED
-CVE-2021-24992
- RESERVED
-CVE-2021-24991
- RESERVED
+CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24991 (The WooCommerce PDF Invoices &amp; Packing Slips WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24990
RESERVED
-CVE-2021-24989
- RESERVED
-CVE-2021-24988
- RESERVED
+CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24987
RESERVED
CVE-2021-24986
RESERVED
-CVE-2021-24985
- RESERVED
-CVE-2021-24984
- RESERVED
-CVE-2021-24983
- RESERVED
+CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24982
RESERVED
-CVE-2021-24981
- RESERVED
-CVE-2021-24980
- RESERVED
-CVE-2021-24979
- RESERVED
+CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24978
RESERVED
CVE-2021-24977
RESERVED
-CVE-2021-24976
- RESERVED
-CVE-2021-24975
- RESERVED
-CVE-2021-24974
- RESERVED
-CVE-2021-24973
- RESERVED
-CVE-2021-24972
- RESERVED
+CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24971
RESERVED
-CVE-2021-24970
- RESERVED
-CVE-2021-24969
- RESERVED
-CVE-2021-24968
- RESERVED
-CVE-2021-24967
- RESERVED
+CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24968 (The Ultimate FAQ WordPress plugin before 2.1.2 does not have capabilit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24967 (The Contact Form &amp; Lead Form Elementor Builder WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24966
RESERVED
-CVE-2021-24965
- RESERVED
-CVE-2021-24964
- RESERVED
-CVE-2021-24963
- RESERVED
+CVE-2021-24965 (The Five Star Restaurant Reservations WordPress plugin before 2.4.8 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly ve ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24962
RESERVED
CVE-2021-24961
@@ -46258,92 +53965,92 @@ CVE-2021-24958
RESERVED
CVE-2021-24957
RESERVED
-CVE-2021-24956
- RESERVED
-CVE-2021-24955
- RESERVED
-CVE-2021-24954
- RESERVED
+CVE-2021-24956 (The Blog2Social: Social Media Auto Post &amp; Scheduler WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24955 (The User Registration, Login Form, User Profile &amp; Membership WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24954 (The User Registration, Login Form, User Profile &amp; Membership WordP ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24953
RESERVED
CVE-2021-24952
RESERVED
-CVE-2021-24951
- RESERVED
+CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not sanitise, valida ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24950
RESERVED
-CVE-2021-24949
- RESERVED
-CVE-2021-24948
- RESERVED
-CVE-2021-24947
- RESERVED
-CVE-2021-24946
- RESERVED
-CVE-2021-24945
- RESERVED
-CVE-2021-24944
- RESERVED
-CVE-2021-24943
- RESERVED
+CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor - Pro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24945 (The Like Button Rating &#9829; LikeBtn WordPress plugin before 2.6.38 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24944 (The Custom Dashboard &amp; Login Page WordPress plugin before 7.0 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24942
RESERVED
-CVE-2021-24941
- RESERVED
+CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24940
RESERVED
-CVE-2021-24939
- RESERVED
-CVE-2021-24938
- RESERVED
-CVE-2021-24937
- RESERVED
-CVE-2021-24936
- RESERVED
-CVE-2021-24935
- RESERVED
-CVE-2021-24934
- RESERVED
+CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24937 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not have CS ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24933
RESERVED
-CVE-2021-24932
- RESERVED
-CVE-2021-24931
- RESERVED
-CVE-2021-24930
- RESERVED
+CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24929
RESERVED
-CVE-2021-24928
- RESERVED
-CVE-2021-24927
- RESERVED
-CVE-2021-24926
- RESERVED
-CVE-2021-24925
- RESERVED
-CVE-2021-24924
- RESERVED
-CVE-2021-24923
- RESERVED
-CVE-2021-24922
- RESERVED
-CVE-2021-24921
- RESERVED
+CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24920
RESERVED
-CVE-2021-24919
- RESERVED
-CVE-2021-24918
- RESERVED
-CVE-2021-24917
- RESERVED
+CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24916
RESERVED
-CVE-2021-24915
- RESERVED
-CVE-2021-24914
- RESERVED
+CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24913
RESERVED
CVE-2021-24912
@@ -46352,48 +54059,48 @@ CVE-2021-24911
RESERVED
CVE-2021-24910
RESERVED
-CVE-2021-24909
- RESERVED
-CVE-2021-24908
- RESERVED
-CVE-2021-24907
- RESERVED
-CVE-2021-24906
- RESERVED
+CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24908 (The Check &amp; Log Email WordPress plugin before 1.0.4 does not escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not check for ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24905
RESERVED
-CVE-2021-24904
- RESERVED
+CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24903
RESERVED
-CVE-2021-24902
- RESERVED
+CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24901
RESERVED
-CVE-2021-24900
- RESERVED
-CVE-2021-24899
- RESERVED
+CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24898
RESERVED
CVE-2021-24897
RESERVED
-CVE-2021-24896
- RESERVED
+CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24895
RESERVED
CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24893
- RESERVED
+CVE-2021-24893 (The Stars Rating WordPress plugin before 3.5.1 does not validate the s ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does not s ...)
+CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24890
RESERVED
-CVE-2021-24889
- RESERVED
+CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24887
@@ -46404,64 +54111,64 @@ CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the p
NOT-FOR-US: WordPress plugin
CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24883
- RESERVED
+CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24881
RESERVED
-CVE-2021-24880
- RESERVED
-CVE-2021-24879
- RESERVED
-CVE-2021-24878
- RESERVED
+CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24876
- RESERVED
+CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24874
- RESERVED
+CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24872
- RESERVED
-CVE-2021-24871
- RESERVED
+CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does not esc ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24870
RESERVED
CVE-2021-24869
RESERVED
-CVE-2021-24868
- RESERVED
-CVE-2021-24867
- RESERVED
-CVE-2021-24866
- RESERVED
-CVE-2021-24865
- RESERVED
+CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...)
+ TODO: check
+CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24864
RESERVED
-CVE-2021-24863
- RESERVED
-CVE-2021-24862
- RESERVED
-CVE-2021-24861
- RESERVED
-CVE-2021-24860
- RESERVED
-CVE-2021-24859
- RESERVED
-CVE-2021-24858
- RESERVED
-CVE-2021-24857
- RESERVED
+CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24861 (The Quotes Collection WordPress plugin through 2.5.2 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5 registers a shor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24858 (The Cookie Notification Plugin for WordPress plugin before 1.0.9 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded us ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24855
- RESERVED
+CVE-2021-24855 (The Display Post Metadata WordPress plugin before 1.5.0 adds a shortco ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have capability ...)
@@ -46472,34 +54179,34 @@ CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with
NOT-FOR-US: WordPress plugin
CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24849
- RESERVED
-CVE-2021-24848
- RESERVED
+CVE-2021-24849 (The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24846
- RESERVED
-CVE-2021-24845
- RESERVED
+CVE-2021-24846 (The get_query() function of the Ni WooCommerce Custom Order Status Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24843
- RESERVED
-CVE-2021-24842
- RESERVED
+CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
NOT-FOR-US: WordPress theme
-CVE-2021-24839
- RESERVED
-CVE-2021-24838
- RESERVED
+CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24837
RESERVED
-CVE-2021-24836
- RESERVED
+CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24835 (The WCFM &#8211; Frontend Manager for WooCommerce along with Bookings ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
@@ -46508,14 +54215,14 @@ CVE-2021-24833 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stor
NOT-FOR-US: WordPress plugin
CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24831
- RESERVED
+CVE-2021-24831 (All AJAX actions of the Tab WordPress plugin before 1.3.2 are availabl ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24828
- RESERVED
+CVE-2021-24828 (The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5. ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24826
@@ -46526,30 +54233,30 @@ CVE-2021-24824
RESERVED
CVE-2021-24823
RESERVED
-CVE-2021-24822
- RESERVED
+CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24821
RESERVED
CVE-2021-24820
RESERVED
-CVE-2021-24819
- RESERVED
-CVE-2021-24818
- RESERVED
-CVE-2021-24817
- RESERVED
+CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24817 (The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24814
- RESERVED
+CVE-2021-24814 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24811
- RESERVED
+CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24810
RESERVED
CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
@@ -46576,42 +54283,42 @@ CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does no
NOT-FOR-US: WordPress plugin
CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24797
- RESERVED
+CVE-2021-24797 (The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24795
- RESERVED
+CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking C ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24792
- RESERVED
+CVE-2021-24792 (The Shiny Buttons WordPress plugin through 1.1.0 does not have any aut ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24790
- RESERVED
+CVE-2021-24790 (The Contact Form Advanced Database WordPress plugin through 1.0.8 does ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24787 (The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24786
- RESERVED
+CVE-2021-24786 (The Download Monitor WordPress plugin before 4.4.5 does not properly v ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24784
- RESERVED
+CVE-2021-24784 (The WP Admin Logo Changer WordPress plugin through 1.0 does not have C ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have proper ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24782
- RESERVED
+CVE-2021-24782 (The Flex Local Fonts WordPress plugin through 1.0.0 does not escape th ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24780
- RESERVED
+CVE-2021-24780 (The Single Post Exporter WordPress plugin through 1.1.1 does not have ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24778
@@ -46620,68 +54327,68 @@ CVE-2021-24777
RESERVED
CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24775
- RESERVED
+CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a REST en ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24774 (The Check &amp; Log Email WordPress plugin before 1.0.3 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and validat ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24771
- RESERVED
+CVE-2021-24771 (The Inspirational Quote Rotator WordPress plugin through 1.0.0 does no ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24768
- RESERVED
+CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24766 (The 404 to 301 &#8211; Redirect, Log and Notify 404 Errors WordPress p ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24765
- RESERVED
-CVE-2021-24764
- RESERVED
-CVE-2021-24763
- RESERVED
-CVE-2021-24762
- RESERVED
-CVE-2021-24761
- RESERVED
+CVE-2021-24765 (The Perfect Survey WordPress plugin through 1.5.2 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24764 (The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24759
- RESERVED
+CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some o ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly validate ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24756
- RESERVED
-CVE-2021-24755
- RESERVED
+CVE-2021-24756 (The WP System Log WordPress plugin before 1.0.21 does not sanitise, va ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24753
- RESERVED
+CVE-2021-24753 (The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not pr ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...)
NOT-FOR-US: WordPress plugins
-CVE-2021-24751
- RESERVED
-CVE-2021-24750
- RESERVED
-CVE-2021-24749
- RESERVED
-CVE-2021-24748
- RESERVED
-CVE-2021-24747
- RESERVED
+CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24750 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for authenticated S ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24746
RESERVED
-CVE-2021-24745
- RESERVED
+CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
@@ -46692,10 +54399,10 @@ CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape
NOT-FOR-US: WordPress plugin
CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24739
- RESERVED
-CVE-2021-24738
- RESERVED
+CVE-2021-24739 (The Logo Carousel WordPress plugin before 3.4.2 allows users with a ro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24738 (The Logo Carousel WordPress plugin before 3.4.2 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24737 (The Comments &#8211; wpDiscuz WordPress plugin through 7.3.0 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...)
@@ -46704,8 +54411,8 @@ CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does n
NOT-FOR-US: WordPress plugin
CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24733
- RESERVED
+CVE-2021-24733 (The WP Post Page Clone WordPress plugin before 1.2 allows users with a ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress &#8211; DearFlip WordPress plu ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24731 (The Registration Forms &#8211; User profile, Content Restriction, Spam ...)
@@ -46734,16 +54441,16 @@ CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.
NOT-FOR-US: WordPress plugin
CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...)
NOT-FOR-US: WordPress theme
-CVE-2021-24718
- RESERVED
+CVE-2021-24718 (The Contact Form, Survey &amp; Popup Form Plugin for WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24714
- RESERVED
+CVE-2021-24714 (The Import any XML or CSV File to WordPress plugin before 3.6.3 does n ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and Video Less ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...)
@@ -46756,12 +54463,12 @@ CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not proper
NOT-FOR-US: WordPress plugin
CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24707
- RESERVED
+CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24706 (The Qwizcards &#8211; online quizzes and flashcards WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24705
- RESERVED
+CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24704
RESERVED
CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...)
@@ -46778,12 +54485,12 @@ CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows
NOT-FOR-US: WordPress plugin
CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24696
- RESERVED
+CVE-2021-24696 (The Simple Download Monitor WordPress plugin before 3.9.9 does not enf ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6 saves logs i ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24694
- RESERVED
+CVE-2021-24694 (The Simple Download Monitor WordPress plugin before 3.9.11 could allow ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24692
@@ -46798,8 +54505,8 @@ CVE-2021-24688
RESERVED
CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24686
- RESERVED
+CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...)
@@ -46810,8 +54517,8 @@ CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape
NOT-FOR-US: WordPress plugin
CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24680
- RESERVED
+CVE-2021-24680 (The WP Travel Engine WordPress plugin before 5.3.1 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...)
@@ -46834,7 +54541,7 @@ CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some
NOT-FOR-US: WordPress plugin
CVE-2021-24669 (The MAZ Loader &#8211; Preloader Builder for WordPress plugin before 1 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24668 (The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce c ...)
+CVE-2021-24668 (The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce ch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
NOT-FOR-US: FortiGuard
@@ -46874,13 +54581,13 @@ CVE-2021-24650
RESERVED
CVE-2021-24649
RESERVED
-CVE-2021-24648
- RESERVED
+CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitis ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24647 (The Registration Forms &#8211; User profile, Content Restriction, Spam ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin through 1.4.2 does not ...)
+CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24645 (The Booking.com Product Helper WordPress plugin through 1.0.1 does not ...)
+CVE-2021-24645 (The Booking.com Product Helper WordPress plugin before 1.0.2 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not validate or sa ...)
NOT-FOR-US: WordPress plugin
@@ -47014,8 +54721,8 @@ CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24578
- RESERVED
+CVE-2021-24578 (The SportsPress WordPress plugin before 2.7.9 does not sanitise and es ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...)
@@ -47278,8 +54985,8 @@ CVE-2021-24448 (The User Registration &amp; User Profile &#8211; Profile Builder
NOT-FOR-US: WordPress plugin
CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24446
- RESERVED
+CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does not have C ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24444 (The TaxoPress &#8211; Create and Manage Taxonomies, Tags, Categories W ...)
@@ -47324,8 +55031,8 @@ CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky
NOT-FOR-US: WordPress plugin
CVE-2021-24424 (The WP Reset &#8211; Most Advanced WordPress Reset Tool WordPress plug ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24423
- RESERVED
+CVE-2021-24423 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-24422
RESERVED
CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...)
@@ -47484,7 +55191,7 @@ CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter Wo
NOT-FOR-US: WordPress plugin
CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24343 (The iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise i ...)
+CVE-2021-24343 (The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP I ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...)
NOT-FOR-US: WordPress theme
@@ -47959,6 +55666,8 @@ CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once af
- salt 3002.5+dfsg1-1 (bug #983632)
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/b8e34e1f6f785bf00634ee561c89c30c45f4c689 (v2018.2)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/7c1d565465f78a7937f089857f3980045f27fd6e (v3002.3)
CVE-2021-3143
RESERVED
CVE-2021-3142
@@ -47980,7 +55689,7 @@ CVE-2021-24118
CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...)
NOT-FOR-US: Rust SGX
CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...)
- - wolfssl <unfixed> (bug #991663)
+ - wolfssl 5.0.0-1 (bug #991663)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used for ce ...)
@@ -48125,18 +55834,18 @@ CVE-2021-24048
RESERVED
CVE-2021-24047
RESERVED
-CVE-2021-24046
- RESERVED
-CVE-2021-24045
- RESERVED
-CVE-2021-24044
- RESERVED
-CVE-2021-24043
- RESERVED
-CVE-2021-24042
- RESERVED
-CVE-2021-24041
- RESERVED
+CVE-2021-24046 (A logic flaw in Ray-Ban&#174; Stories device software allowed some par ...)
+ NOT-FOR-US: Facebook View
+CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24043 (A missing bound check in RTCP flag parsing code prior to WhatsApp for ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
+ NOT-FOR-US: Whatsapp
CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...)
NOT-FOR-US: Facebook ParlAI
CVE-2021-24039
@@ -48677,16 +56386,16 @@ CVE-2021-23865
RESERVED
CVE-2021-23864
RESERVED
-CVE-2021-23863
- RESERVED
-CVE-2021-23862
- RESERVED
-CVE-2021-23861
- RESERVED
-CVE-2021-23860
- RESERVED
-CVE-2021-23859
- RESERVED
+CVE-2021-23863 (HTML code injection vulnerability in Android Application, Bosch Video ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23861 (By executing a special command, an user with administrative rights can ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23860 (An error in a page handler of the VRM may lead to a reflected cross si ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23859 (An unauthenticated attacker is able to send a special HTTP request, th ...)
+ NOT-FOR-US: Bosch
CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...)
NOT-FOR-US: Bosch
CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the ...)
@@ -48717,10 +56426,10 @@ CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session w
NOT-FOR-US: Bosch
CVE-2021-23844
RESERVED
-CVE-2021-23843
- RESERVED
-CVE-2021-23842
- RESERVED
+CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...)
+ NOT-FOR-US: Bosch
CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
{DSA-4855-1 DLA-2565-1 DLA-2563-1}
- openssl 1.1.1j-1
@@ -48757,6 +56466,7 @@ CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH server
NOT-FOR-US: CMCAgent in NCR Command Center Agent
CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...)
- golang-gogoprotobuf 1.3.2-1
+ [buster] - golang-gogoprotobuf <no-dsa> (Minor issue)
[stretch] - golang-gogoprotobuf <no-dsa> (Minor issue)
NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...)
@@ -48813,8 +56523,8 @@ CVE-2021-23826
RESERVED
CVE-2021-23825
RESERVED
-CVE-2021-23824
- RESERVED
+CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...)
+ NOT-FOR-US: CrowCpp
CVE-2021-23823
RESERVED
CVE-2021-23822
@@ -48833,8 +56543,8 @@ CVE-2021-23816
RESERVED
CVE-2021-23815
RESERVED
-CVE-2021-23814
- RESERVED
+CVE-2021-23814 (This affects the package unisharp/laravel-filemanager from 0.0.0. The ...)
+ NOT-FOR-US: Laravel Filemanager
CVE-2021-23813
RESERVED
CVE-2021-23812
@@ -48855,8 +56565,11 @@ CVE-2021-23805
RESERVED
CVE-2021-23804
RESERVED
-CVE-2021-23803
- RESERVED
+CVE-2021-23803 (This affects the package latte/latte before 2.10.6. There is a way to ...)
+ - php-nette <removed>
+ [stretch] - php-nette <not-affected> (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.)
+ NOTE: https://github.com/nette/latte/commit/227c86eda9a8a6d060ea8501923e768b6d992210
+ NOTE: https://github.com/nette/latte/issues/279
CVE-2021-23802
RESERVED
CVE-2021-23801
@@ -48867,8 +56580,8 @@ CVE-2021-23799
RESERVED
CVE-2021-23798
RESERVED
-CVE-2021-23797
- RESERVED
+CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...)
+ NOT-FOR-US: Node http-server
CVE-2021-23796
RESERVED
CVE-2021-23795
@@ -48917,8 +56630,8 @@ CVE-2021-23774
RESERVED
CVE-2021-23773
RESERVED
-CVE-2021-23772
- RESERVED
+CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...)
+ NOT-FOR-US: iris Go web framework
CVE-2021-23771
RESERVED
CVE-2021-23770
@@ -48941,12 +56654,12 @@ CVE-2021-23762
RESERVED
CVE-2021-23761
RESERVED
-CVE-2021-23760
- RESERVED
+CVE-2021-23760 (The package keyget from 0.0.0 are vulnerable to Prototype Pollution vi ...)
+ NOT-FOR-US: Node keyget
CVE-2021-23759
RESERVED
-CVE-2021-23758
- RESERVED
+CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...)
+ NOT-FOR-US: ajaxpro
CVE-2021-23757
RESERVED
CVE-2021-23756
@@ -48998,7 +56711,7 @@ CVE-2021-23734
CVE-2021-23733
RESERVED
CVE-2021-23732 (This affects all versions of package docker-cli-js. If the command par ...)
- TODO: check
+ NOT-FOR-US: Node docker-cli-js
CVE-2021-23731
RESERVED
CVE-2021-23730
@@ -49007,8 +56720,13 @@ CVE-2021-23729
RESERVED
CVE-2021-23728
RESERVED
-CVE-2021-23727
- RESERVED
+CVE-2021-23727 (This affects the package celery before 5.2.2. It by default trusts the ...)
+ - celery 5.2.3-1
+ [bullseye] - celery <no-dsa> (Minor issue)
+ [buster] - celery <not-affected> (Vulnerable code not present)
+ [stretch] - celery <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/celery/celery/commit/5c3f1559df16c32fb8d82918b4497f688d42ad0a (v5.2.3)
+ NOTE: Introduced by: https://github.com/celery/celery/commit/d20b8a5d469c80f48468e251cbe6451c798d1c29 (4.4.0rc1)
CVE-2021-23726
RESERVED
CVE-2021-23725
@@ -49057,12 +56775,12 @@ CVE-2021-23704
RESERVED
CVE-2021-23703
RESERVED
-CVE-2021-23702
- RESERVED
+CVE-2021-23702 (The package object-extend from 0.0.0 are vulnerable to Prototype Pollu ...)
+ TODO: check
CVE-2021-23701
RESERVED
-CVE-2021-23700
- RESERVED
+CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: merge-deep2 (fork of unaffected merge-deep).
CVE-2021-23699
RESERVED
CVE-2021-23698
@@ -49097,8 +56815,8 @@ CVE-2021-23684
RESERVED
CVE-2021-23683
RESERVED
-CVE-2021-23682
- RESERVED
+CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...)
+ NOT-FOR-US: litespeed.js
CVE-2021-23681
RESERVED
CVE-2021-23680
@@ -49116,7 +56834,7 @@ CVE-2021-23675
CVE-2021-23674
RESERVED
CVE-2021-23673 (This affects all versions of package pekeupload. If an attacker induce ...)
- TODO: check
+ NOT-FOR-US: Node pekeupload
CVE-2021-23672
RESERVED
CVE-2021-23671
@@ -49133,10 +56851,10 @@ CVE-2021-23666
RESERVED
CVE-2021-23665
RESERVED
-CVE-2021-23664
- RESERVED
-CVE-2021-23663
- RESERVED
+CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ...)
+ NOT-FOR-US: cors-proxy
+CVE-2021-23663 (All versions of package sey are vulnerable to Prototype Pollution via ...)
+ NOT-FOR-US: sey - Deprecated Simple JavaScript build tool
CVE-2021-23662
RESERVED
CVE-2021-23661
@@ -49154,7 +56872,7 @@ CVE-2021-23656
CVE-2021-23655
RESERVED
CVE-2021-23654 (This affects all versions of package html-to-csv. When there is a form ...)
- TODO: check
+ NOT-FOR-US: html-to-csv
CVE-2021-23653
RESERVED
CVE-2021-23652
@@ -49183,8 +56901,8 @@ CVE-2021-23641
RESERVED
CVE-2021-23640
RESERVED
-CVE-2021-23639
- RESERVED
+CVE-2021-23639 (The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ...)
+ NOT-FOR-US: Node md-to-pdf
CVE-2021-23638
RESERVED
CVE-2021-23637
@@ -49199,8 +56917,8 @@ CVE-2021-23633
RESERVED
CVE-2021-23632
RESERVED
-CVE-2021-23631
- RESERVED
+CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...)
+ NOT-FOR-US: Node convert-svg
CVE-2021-23630
RESERVED
CVE-2021-23629
@@ -49267,14 +56985,14 @@ CVE-2021-23599
RESERVED
CVE-2021-23598
RESERVED
-CVE-2021-23597
- RESERVED
+CVE-2021-23597 (This affects the package fastify-multipart before 5.3.1. By providing ...)
+ NOT-FOR-US: Node fastify
CVE-2021-23596
RESERVED
CVE-2021-23595
RESERVED
-CVE-2021-23594
- RESERVED
+CVE-2021-23594 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ NOT-FOR-US: realms-shim
CVE-2021-23593
RESERVED
CVE-2021-23592
@@ -49313,8 +57031,8 @@ CVE-2021-23576
RESERVED
CVE-2021-23575
RESERVED
-CVE-2021-23574
- RESERVED
+CVE-2021-23574 (All versions of package js-data are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node js-data
CVE-2021-23573
RESERVED
CVE-2021-23572
@@ -49325,34 +57043,36 @@ CVE-2021-23570
RESERVED
CVE-2021-23569
RESERVED
-CVE-2021-23568
- RESERVED
-CVE-2021-23567
- RESERVED
-CVE-2021-23566
- RESERVED
+CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: extend2 (fork of node-extend which is not affected)
+CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...)
+ - colors.js <not-affected> (Vulnerable code never in a released Debian version)
+ NOTE: https://github.com/Marak/colors.js/issues/285
+ NOTE: Introduced with: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
+CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...)
+ NOT-FOR-US: Node nanoid (NaN0-1D)
CVE-2021-23565
RESERVED
CVE-2021-23564
RESERVED
CVE-2021-23563
RESERVED
-CVE-2021-23562
- RESERVED
-CVE-2021-23561
- RESERVED
+CVE-2021-23562 (This affects the package plupload before 2.3.9. A file name containing ...)
+ NOT-FOR-US: Node plupload
+CVE-2021-23561 (All versions of package comb are vulnerable to Prototype Pollution via ...)
+ NOT-FOR-US: Node comb
CVE-2021-23560
RESERVED
CVE-2021-23559
RESERVED
-CVE-2021-23558
- RESERVED
+CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node bmoor
CVE-2021-23557
RESERVED
CVE-2021-23556
RESERVED
-CVE-2021-23555
- RESERVED
+CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...)
+ NOT-FOR-US: Node vm2
CVE-2021-23554
RESERVED
CVE-2021-23553
@@ -49375,8 +57095,8 @@ CVE-2021-23545
RESERVED
CVE-2021-23544
RESERVED
-CVE-2021-23543
- RESERVED
+CVE-2021-23543 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ NOT-FOR-US: realms-shim
CVE-2021-23542
RESERVED
CVE-2021-23541
@@ -49419,22 +57139,38 @@ CVE-2021-23523
RESERVED
CVE-2021-23522
RESERVED
-CVE-2021-23521
- RESERVED
-CVE-2021-23520
- RESERVED
+CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This vulner ...)
+ - juce 6.1.5~ds0-1
+ [bullseye] - juce <no-dsa> (Minor issue)
+ [buster] - juce <no-dsa> (Minor issue)
+ [stretch] - juce <no-dsa> (Minor issue)
+ NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
+ NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608
+CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...)
+ - juce 6.1.5~ds0-1
+ [bullseye] - juce <no-dsa> (Minor issue)
+ [buster] - juce <no-dsa> (Minor issue)
+ [stretch] - juce <no-dsa> (Minor issue)
+ NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
+ NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388607
+ NOTE: https://snyk.io/research/zip-slip-vulnerability
CVE-2021-23519
RESERVED
-CVE-2021-23518
- RESERVED
+CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
+ - node-cached-path-relative 1.1.0+~1.0.0-1 (bug #1004338)
+ [bullseye] - node-cached-path-relative <no-dsa> (Minor issue)
+ [buster] - node-cached-path-relative <no-dsa> (Minor issue)
+ NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
+ NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
+ NOTE: which was CVE-2018-16472.
CVE-2021-23517
RESERVED
CVE-2021-23516
RESERVED
CVE-2021-23515
RESERVED
-CVE-2021-23514
- RESERVED
+CVE-2021-23514 (This affects the package Crow before 0.3+4. It is possible to traverse ...)
+ NOT-FOR-US: CrowCpp
CVE-2021-23513
RESERVED
CVE-2021-23512
@@ -49447,8 +57183,8 @@ CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion
NOT-FOR-US: Node json-ptr
CVE-2021-23508
RESERVED
-CVE-2021-23507
- RESERVED
+CVE-2021-23507 (The package object-path-set before 1.0.2 are vulnerable to Prototype P ...)
+ NOT-FOR-US: Node object-path-set
CVE-2021-23506
RESERVED
CVE-2021-23505
@@ -49467,8 +57203,8 @@ CVE-2021-23499
RESERVED
CVE-2021-23498
RESERVED
-CVE-2021-23497
- RESERVED
+CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allows an a ...)
+ NOT-FOR-US: Node strikeentco/set
CVE-2021-23496
RESERVED
CVE-2021-23495
@@ -49481,8 +57217,8 @@ CVE-2021-23492
RESERVED
CVE-2021-23491
RESERVED
-CVE-2021-23490
- RESERVED
+CVE-2021-23490 (The package parse-link-header before 2.0.0 are vulnerable to Regular E ...)
+ NOT-FOR-US: parse-link-header
CVE-2021-23489
RESERVED
CVE-2021-23488
@@ -49493,8 +57229,8 @@ CVE-2021-23486
RESERVED
CVE-2021-23485
RESERVED
-CVE-2021-23484
- RESERVED
+CVE-2021-23484 (The package zip-local before 0.3.5 are vulnerable to Arbitrary File Wr ...)
+ NOT-FOR-US: zip-local
CVE-2021-23483
RESERVED
CVE-2021-23482
@@ -49522,8 +57258,8 @@ CVE-2021-23472 (This affects versions before 1.19.1 of package bootstrap-table.
NOTE: URL in CVE has moved. https://github.com/wenzhixin/bootstrap-table/pull/5941
CVE-2021-23471
RESERVED
-CVE-2021-23470
- RESERVED
+CVE-2021-23470 (This affects the package putil-merge before 3.8.0. The merge() functio ...)
+ NOT-FOR-US: Node putil-merge
CVE-2021-23469
RESERVED
CVE-2021-23468
@@ -49536,14 +57272,18 @@ CVE-2021-23465
RESERVED
CVE-2021-23464
RESERVED
-CVE-2021-23463
- RESERVED
+CVE-2021-23463 (The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...)
+ - h2database <not-affected> (vulnerable method is not supported; vulnerable code introduced in 1.4.198)
+ NOTE: https://github.com/h2database/h2database/issues/3195
+ NOTE: https://github.com/h2database/h2database/pull/3199
+ NOTE: Introduced in: https://github.com/h2database/h2database/commit/1cfd2ffad975b31de3f20711bab19a121bfad20c (version-1.4.198)
+ NOTE: Fixed by: https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8 (version-2.0.202)
CVE-2021-23462
RESERVED
CVE-2021-23461
RESERVED
-CVE-2021-23460
- RESERVED
+CVE-2021-23460 (The package min-dash before 3.8.1 are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: bpmn.io min-dash
CVE-2021-23459
RESERVED
CVE-2021-23458
@@ -49562,8 +57302,10 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto
NOT-FOR-US: x-assign JS
CVE-2021-23451
RESERVED
-CVE-2021-23450
- RESERVED
+CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
+ - dojo <unfixed>
+ NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
+ NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9
CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
NOT-FOR-US: vm2 JS
NOTE: https://github.com/patriksimek/vm2
@@ -49575,6 +57317,8 @@ CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable
NOT-FOR-US: Node handsontable
CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
- datatables.js 1.10.21+dfsg-3 (bug #995229)
+ [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
+ [buster] - datatables.js <no-dsa> (Minor issue)
[stretch] - datatables.js <no-dsa> (Minor issue)
NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3)
CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...)
@@ -50026,20 +57770,20 @@ CVE-2021-23266
RESERVED
CVE-2021-23265
RESERVED
-CVE-2021-23264
- RESERVED
-CVE-2021-23263
- RESERVED
-CVE-2021-23262
- RESERVED
-CVE-2021-23261
- RESERVED
-CVE-2021-23260
- RESERVED
-CVE-2021-23259
- RESERVED
-CVE-2021-23258
- RESERVED
+CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute ...)
+ NOT-FOR-US: Crafter CMS
CVE-2021-23257
RESERVED
CVE-2021-23256
@@ -50066,8 +57810,8 @@ CVE-2021-23246
RESERVED
CVE-2021-23245
RESERVED
-CVE-2021-23244
- RESERVED
+CVE-2021-23244 (ColorOS pregrant dangerous permissions to apps which are listed in a w ...)
+ NOT-FOR-US: OPPO Android Phone
CVE-2021-23243 (In Oppo's battery application, the third-party SDK provides the functi ...)
NOT-FOR-US: OPPO Android Phone
CVE-2021-3112
@@ -50125,7 +57869,7 @@ CVE-2021-3097
CVE-2021-3096
RESERVED
CVE-2021-3095
- RESERVED
+ REJECTED
CVE-2021-3094
RESERVED
CVE-2021-3093
@@ -50135,7 +57879,7 @@ CVE-2021-3092
CVE-2021-3091
RESERVED
CVE-2021-3090
- RESERVED
+ REJECTED
CVE-2021-3089
RESERVED
CVE-2021-3088
@@ -50632,12 +58376,12 @@ CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concret
NOT-FOR-US: Concrete CMS
CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Pr ...)
NOT-FOR-US: UniFi Protect
-CVE-2021-22956
- RESERVED
-CVE-2021-22955
- RESERVED
-CVE-2021-22954
- RESERVED
+CVE-2021-22956 (An uncontrolled resource consumption vulnerability exists in Citrix AD ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22955 (A unauthenticated denial of service vulnerability exists in Citrix ADC ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22954 (A cross-site request forgery vulnerability exists in Concrete CMS &lt; ...)
+ NOT-FOR-US: Concrete CMS
CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
NOT-FOR-US: Concrete CMS
CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
@@ -50678,6 +58422,7 @@ CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and e
CVE-2021-22942 (A possible open redirect vulnerability in the Host Authorization middl ...)
[experimental] - rails 2:6.1.4.1+dfsg-1
- rails <unfixed> (bug #992586)
+ [bullseye] - rails <no-dsa> (Minor issue)
[buster] - rails <not-affected> (Vulnerable code not present)
[stretch] - rails <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1
@@ -51012,70 +58757,70 @@ CVE-2021-22829
RESERVED
CVE-2021-22828
RESERVED
-CVE-2021-22827
- RESERVED
-CVE-2021-22826
- RESERVED
-CVE-2021-22825
- RESERVED
-CVE-2021-22824
- RESERVED
-CVE-2021-22823
- RESERVED
-CVE-2021-22822
- RESERVED
-CVE-2021-22821
- RESERVED
-CVE-2021-22820
- RESERVED
-CVE-2021-22819
- RESERVED
-CVE-2021-22818
- RESERVED
-CVE-2021-22817
- RESERVED
-CVE-2021-22816
- RESERVED
-CVE-2021-22815
- RESERVED
-CVE-2021-22814
- RESERVED
-CVE-2021-22813
- RESERVED
-CVE-2021-22812
- RESERVED
-CVE-2021-22811
- RESERVED
-CVE-2021-22810
- RESERVED
-CVE-2021-22809
- RESERVED
-CVE-2021-22808
- RESERVED
-CVE-2021-22807
- RESERVED
-CVE-2021-22806
- RESERVED
-CVE-2021-22805
- RESERVED
-CVE-2021-22804
- RESERVED
-CVE-2021-22803
- RESERVED
-CVE-2021-22802
- RESERVED
-CVE-2021-22801
- RESERVED
-CVE-2021-22800
- RESERVED
-CVE-2021-22799
- RESERVED
-CVE-2021-22798
- RESERVED
+CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22824 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22823 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists that co ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22817 (A CWE-276: Incorrect Default Permissions vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could cause uni ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause arbitr ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22806 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22805 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22804 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22803 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22802 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22801 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22800 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...)
+ NOT-FOR-US: Schneider Electric
CVE-2021-22797
RESERVED
-CVE-2021-22796
- RESERVED
+CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
+ NOT-FOR-US: Schneider Electric
CVE-2021-22795
RESERVED
CVE-2021-22794
@@ -51090,14 +58835,14 @@ CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a D
NOT-FOR-US: Schneider Electric
CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22788
- RESERVED
-CVE-2021-22787
- RESERVED
+CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause d ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
CVE-2021-22786
RESERVED
-CVE-2021-22785
- RESERVED
+CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22783
@@ -51170,8 +58915,8 @@ CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Defin
NOT-FOR-US: Schneider
CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
NOT-FOR-US: Schneider
-CVE-2021-22748
- RESERVED
+CVE-2021-22748 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
NOT-FOR-US: Tricon
CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
@@ -51216,10 +58961,10 @@ CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink C
NOT-FOR-US: Schneider Electric
CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22725
- RESERVED
-CVE-2021-22724
- RESERVED
+CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
@@ -51375,8 +59120,8 @@ CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may a
NOT-FOR-US: Rockwell Automation
CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
NOT-FOR-US: Advantech iView
-CVE-2021-22657
- RESERVED
+CVE-2021-22657 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API p ...)
+ NOT-FOR-US: mySCADA myPRO
CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...)
NOT-FOR-US: Advantech iView
CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
@@ -51489,8 +59234,11 @@ CVE-2021-22602
RESERVED
CVE-2021-22601
RESERVED
-CVE-2021-22600
- RESERVED
+CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (5.16-rc6)
CVE-2021-22599
RESERVED
CVE-2021-22598
@@ -51509,8 +59257,6 @@ CVE-2021-22592
RESERVED
CVE-2021-22591
RESERVED
-CVE-2021-22590
- RESERVED
CVE-2021-22589
RESERVED
CVE-2021-22588
@@ -51549,22 +59295,43 @@ CVE-2021-22572
RESERVED
CVE-2021-22571
RESERVED
-CVE-2021-22570
- RESERVED
-CVE-2021-22569
- RESERVED
-CVE-2021-22568
- RESERVED
-CVE-2021-22567
- RESERVED
-CVE-2021-22566
- RESERVED
-CVE-2021-22565
- RESERVED
+CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
+ [experimental] - protobuf 3.17.1-1
+ - protobuf <unfixed>
+ [bullseye] - protobuf <no-dsa> (Minor issue)
+ [buster] - protobuf <no-dsa> (Minor issue)
+ [stretch] - protobuf <postponed> (Minor issue; clean crash / Dos; patch needs to be isolated)
+ NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
+CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
+ [experimental] - protobuf 3.19.3-1
+ - protobuf <unfixed>
+ [bullseye] - protobuf <no-dsa> (Minor issue)
+ [buster] - protobuf <no-dsa> (Minor issue)
+ [stretch] - protobuf <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/12/4
+ NOTE: https://cloud.google.com/support/bulletins#gcp-2022-001
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330 (unclear, might be bogus)
+ NOTE: https://github.com/protocolbuffers/protobuf/pull/9371/commits/5ea2bdf6d7483d64a6b02fcf00ee51fbfb80e847
+CVE-2021-22568 (When using the dart pub publish command to publish a package to a thir ...)
+ NOT-FOR-US: Dart language
+CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...)
+ NOT-FOR-US: Dart language (different from src:dart)
+ NOTE: https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41
+CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...)
+ NOT-FOR-US: Google fuchsia
+CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...)
+ NOT-FOR-US: Google reference COVID19 exposure verification component
+ NOTE: https://github.com/google/exposure-notifications-verification-server
CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
- NOT-FOR-US: libjxl
+ - jpeg-xl <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/708
+ NOTE: https://github.com/libjxl/libjxl/pull/775
+ NOTE: https://github.com/libjxl/libjxl/commit/9d4a2de2f7a853f072c2a1bd6719e815a09075e9 (v0.6.1)
CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access ...)
- NOT-FOR-US: libjxl
+ - jpeg-xl <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/735
+ NOTE: https://github.com/libjxl/libjxl/pull/757
+ NOTE: https://github.com/libjxl/libjxl/commit/b0b39694d8ba6eb031eae217fcae488ce7403ae7 (v0.6.1)
CVE-2021-22562
RESERVED
CVE-2021-22561
@@ -51608,7 +59375,7 @@ CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cau
CVE-2021-22544
RESERVED
CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-2
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3
@@ -52122,16 +59889,16 @@ CVE-2021-22290
RESERVED
CVE-2021-22289
RESERVED
-CVE-2021-22288
- RESERVED
+CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+ NOT-FOR-US: ABB
CVE-2021-22287
RESERVED
-CVE-2021-22286
- RESERVED
-CVE-2021-22285
- RESERVED
-CVE-2021-22284
- RESERVED
+CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+ NOT-FOR-US: ABB
+CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for Unusua ...)
+ NOT-FOR-US: ABB
+CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ NOT-FOR-US: ABB
CVE-2021-22283
RESERVED
CVE-2021-22282
@@ -52140,8 +59907,8 @@ CVE-2021-22281
RESERVED
CVE-2021-22280
RESERVED
-CVE-2021-22279
- RESERVED
+CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...)
+ NOT-FOR-US: ABB / OmniCore robot controller
CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
NOT-FOR-US: PCM600 Update Manager
CVE-2021-22277
@@ -52232,11 +59999,10 @@ CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
+ {DSA-5019-1 DLA-2849-1}
[experimental] - wireshark 3.4.7-1~exp1
- wireshark 3.4.7-1
- [bullseye] - wireshark <postponed> (Minor issue, can be fixed along in future update)
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
- [stretch] - wireshark <postponed> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616
@@ -52265,9 +60031,9 @@ CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in
CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...)
- gitlab <unfixed>
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
+ {DSA-5019-1}
[experimental] - wireshark 3.4.6-1~exp1
- wireshark 3.4.7-1
- [bullseye] - wireshark <postponed> (Minor issue, can be fixed along in future update)
[buster] - wireshark <not-affected> (Vulnerability introduced in 3.4)
[stretch] - wireshark <not-affected> (Vulnerability introduced in 3.4)
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
@@ -52305,11 +60071,10 @@ CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versi
CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
- gitlab <unfixed>
CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
+ {DSA-5019-1 DLA-2849-1}
[experimental] - wireshark 3.4.6-1~exp1
- wireshark 3.4.7-1 (bug #987853)
- [bullseye] - wireshark <postponed> (Minor issue, can be fixed along in future update)
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
- [stretch] - wireshark <postponed> (Minor issue, can be fixed along in future update)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
@@ -52349,7 +60114,7 @@ CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versi
- gitlab <unfixed>
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...)
- wireshark 3.4.4-1
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
+ [buster] - wireshark <no-dsa> (Minor issue)
[stretch] - wireshark <postponed> (Minor issue, can be fixed along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
@@ -52411,8 +60176,8 @@ CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a
CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...)
[experimental] - gitlab 13.6.6-1
- gitlab <unfixed>
-CVE-2021-22170
- RESERVED
+CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...)
+ - gitlab <unfixed>
CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...)
- gitlab <not-affected> (Specific to EE)
NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
@@ -52540,11 +60305,13 @@ CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not ha
- rabbitmq-server <not-affected> (Windows-specific)
CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...)
{DLA-2710-1}
- - rabbitmq-server <unfixed> (bug #989056)
+ - rabbitmq-server 3.9.4-1 (bug #989056)
[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
NOTE: https://tanzu.vmware.com/security/cve-2021-22116
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/2953
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f37a31de55229e6c763215500e376fa16803390b (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/626d5219115d087a2695c0eb243c7ddb7e154563 (v3.8.15-rc.2)
CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...)
NOT-FOR-US: Cloud Controller API
CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...)
@@ -52589,8 +60356,8 @@ CVE-2021-22096 (In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and
[buster] - libspring-java <no-dsa> (Minor issue)
[stretch] - libspring-java <ignored> (Minor issue, no known patch)
NOTE: https://github.com/spring-projects/spring-framework/issues/27647 (patch unidentifiable)
-CVE-2021-22095
- RESERVED
+CVE-2021-22095 (In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring ...)
+ NOT-FOR-US: Spring AMQP
CVE-2021-22094
RESERVED
CVE-2021-22093
@@ -52659,28 +60426,31 @@ CVE-2021-22062
RESERVED
CVE-2021-22061
RESERVED
-CVE-2021-22060
- RESERVED
+CVE-2021-22060 (In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...)
+ - libspring-java <unfixed>
+ [stretch] - libspring-java <end-of-life> (EOL'd for stretch)
+ NOTE: follow-up to CVE-2021-22096
+ NOTE: https://tanzu.vmware.com/security/cve-2021-22060
CVE-2021-22059
RESERVED
CVE-2021-22058
RESERVED
-CVE-2021-22057
- RESERVED
-CVE-2021-22056
- RESERVED
+CVE-2021-22057 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an aut ...)
+ NOT-FOR-US: VMware
+CVE-2021-22056 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity M ...)
+ NOT-FOR-US: VMware
CVE-2021-22055
RESERVED
-CVE-2021-22054
- RESERVED
+CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
+ NOT-FOR-US: VMware
CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
CVE-2021-22052
RESERVED
CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
NOT-FOR-US: Spring Cloud Gateway
-CVE-2021-22050
- RESERVED
+CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...)
+ NOT-FOR-US: VMware
CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
NOT-FOR-US: VMware
CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
@@ -52689,18 +60459,18 @@ CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and
NOT-FOR-US: Spring Data REST
CVE-2021-22046
RESERVED
-CVE-2021-22045
- RESERVED
+CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi6 ...)
+ NOT-FOR-US: VMware
CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
NOT-FOR-US: Spring Cloud OpenFeign
-CVE-2021-22043
- RESERVED
-CVE-2021-22042
- RESERVED
-CVE-2021-22041
- RESERVED
-CVE-2021-22040
- RESERVED
+CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...)
+ NOT-FOR-US: VMware
+CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...)
+ NOT-FOR-US: VMware
+CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+ NOT-FOR-US: VMware
CVE-2021-22039
RESERVED
CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...)
@@ -52774,6 +60544,7 @@ CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerabili
CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...)
- salt 3002.7+dfsg1-1 (unimportant; bug #994016)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
+ NOTE: Windows-specific
CVE-2021-22003 (VMware Workspace ONE Access and Identity Manager, unintentionally prov ...)
NOT-FOR-US: VMware
CVE-2021-22002 (VMware Workspace ONE Access and Identity Manager, allow the /cfg web a ...)
@@ -52858,50 +60629,50 @@ CVE-2021-3009
RESERVED
CVE-2021-3008
RESERVED
-CVE-2021-21971
- RESERVED
-CVE-2021-21970
- RESERVED
-CVE-2021-21969
- RESERVED
-CVE-2021-21968
- RESERVED
+CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode function ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21970 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...)
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21967
RESERVED
-CVE-2021-21966
- RESERVED
-CVE-2021-21965
- RESERVED
-CVE-2021-21964
- RESERVED
-CVE-2021-21963
- RESERVED
-CVE-2021-21962
- RESERVED
-CVE-2021-21961
- RESERVED
-CVE-2021-21960
- RESERVED
-CVE-2021-21959
- RESERVED
-CVE-2021-21958
- RESERVED
-CVE-2021-21957
- RESERVED
+CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
+ NOT-FOR-US: Texas Instruments
+CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21963 (An information disclosure vulnerability exists in the Web Server funct ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA Update u- ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS functio ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the LLMNR f ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...)
+ NOT-FOR-US: Hancom Office 2020
+CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
+ NOT-FOR-US: Dream Report ODS Remote Connector
CVE-2021-21956
RESERVED
-CVE-2021-21955
- RESERVED
-CVE-2021-21954
- RESERVED
-CVE-2021-21953
- RESERVED
-CVE-2021-21952
- RESERVED
-CVE-2021-21951
- RESERVED
-CVE-2021-21950
- RESERVED
+CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21953 (An authentication bypass vulnerability exists in the process_msg() fun ...)
+ NOT-FOR-US: Anker Eufy Homebase 2
+CVE-2021-21952 (An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RS ...)
+ NOT-FOR-US: Anker Eufy Homebase 2
+CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21949
RESERVED
CVE-2021-21948
@@ -52926,92 +60697,95 @@ CVE-2021-21939
RESERVED
CVE-2021-21938
RESERVED
-CVE-2021-21937
- RESERVED
-CVE-2021-21936
- RESERVED
-CVE-2021-21935
- RESERVED
-CVE-2021-21934
- RESERVED
-CVE-2021-21933
- RESERVED
-CVE-2021-21932
- RESERVED
-CVE-2021-21931
- RESERVED
-CVE-2021-21930
- RESERVED
-CVE-2021-21929
- RESERVED
-CVE-2021-21928
- RESERVED
-CVE-2021-21927
- RESERVED
-CVE-2021-21926
- RESERVED
-CVE-2021-21925
- RESERVED
-CVE-2021-21924
- RESERVED
-CVE-2021-21923
- RESERVED
-CVE-2021-21922
- RESERVED
-CVE-2021-21921
- RESERVED
-CVE-2021-21920
- RESERVED
-CVE-2021-21919
- RESERVED
-CVE-2021-21918
- RESERVED
-CVE-2021-21917
- RESERVED
-CVE-2021-21916
- RESERVED
-CVE-2021-21915
- RESERVED
+CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21935 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21934 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21933 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21932 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21931 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21930 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21929 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21928 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21927 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21926 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21925 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21924 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21923 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21922 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21921 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21920 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21919 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21918 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21917 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
CVE-2021-21914
RESERVED
CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...)
NOT-FOR-US: D-LINK
-CVE-2021-21912
- RESERVED
-CVE-2021-21911
- RESERVED
-CVE-2021-21910
- RESERVED
-CVE-2021-21909
- RESERVED
-CVE-2021-21908
- RESERVED
-CVE-2021-21907
- RESERVED
-CVE-2021-21906
- RESERVED
-CVE-2021-21905
- RESERVED
-CVE-2021-21904
- RESERVED
-CVE-2021-21903
- RESERVED
-CVE-2021-21902
- RESERVED
-CVE-2021-21901
- RESERVED
+CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI getenv comma ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI setenv comma ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_server_68 ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
- - librecad <unfixed>
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...)
- - librecad <unfixed>
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...)
- - librecad <unfixed>
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0
@@ -53023,56 +60797,56 @@ CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPol
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
-CVE-2021-21896
- RESERVED
-CVE-2021-21895
- RESERVED
-CVE-2021-21894
- RESERVED
+CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ NOT-FOR-US: Lantronix PremierWave
CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2021-21892
- RESERVED
-CVE-2021-21891
- RESERVED
-CVE-2021-21890
- RESERVED
-CVE-2021-21889
- RESERVED
-CVE-2021-21888
- RESERVED
-CVE-2021-21887
- RESERVED
-CVE-2021-21886
- RESERVED
-CVE-2021-21885
- RESERVED
-CVE-2021-21884
- RESERVED
-CVE-2021-21883
- RESERVED
-CVE-2021-21882
- RESERVED
-CVE-2021-21881
- RESERVED
-CVE-2021-21880
- RESERVED
-CVE-2021-21879
- RESERVED
-CVE-2021-21878
- RESERVED
-CVE-2021-21877
- RESERVED
-CVE-2021-21876
- RESERVED
-CVE-2021-21875
- RESERVED
-CVE-2021-21874
- RESERVED
-CVE-2021-21873
- RESERVED
-CVE-2021-21872
- RESERVED
+CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21888 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager FSBrowse ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager FsMove f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21884 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21883 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21882 (An OS command injection vulnerability exists in the Web Manager FsUnmo ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21881 (An OS command injection vulnerability exists in the Web Manager Wirele ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager FsCopyFi ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager File Upl ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager Applica ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21875 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21874 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21873 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21872 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ NOT-FOR-US: Lantronix
CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
NOT-FOR-US: PowerISO
CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -53508,10 +61282,10 @@ CVE-2021-21753
RESERVED
CVE-2021-21752
RESERVED
-CVE-2021-21751
- RESERVED
-CVE-2021-21750
- RESERVED
+CVE-2021-21751 (ZTE BigVideo analysis product has an input verification vulnerability. ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21750 (ZTE BigVideo Analysis product has a privilege escalation vulnerability ...)
+ NOT-FOR-US: ZTE
CVE-2021-21749 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
NOT-FOR-US: ZTE
CVE-2021-21748 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
@@ -53596,12 +61370,22 @@ CVE-2021-21709
RESERVED
CVE-2021-21708
RESERVED
+ {DSA-5082-1}
+ - php8.1 <unfixed>
+ - php7.4 <removed>
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.1.3, 7.4.28
+ NOTE: PHP Bug: https://bugs.php.net/81708
CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...)
+ {DSA-5082-1}
- php8.1 8.1.0-1
- - php8.0 <unfixed>
- - php7.4 <removed>
+ - php8.0 <removed>
+ - php7.4 7.4.26-1
- php7.3 <removed>
+ [buster] - php7.3 <no-dsa> (Minor issue, fix along with next DSA)
- php7.0 <removed>
+ [stretch] - php7.0 <no-dsa> (Minor issue, fix along with next DLA)
NOTE: Fixed in 8.1.0, 8.0.13, 7.4.26, 7.3.33
NOTE: PHP Bug: https://bugs.php.net/79971
NOTE: https://github.com/php/php-src/commit/f15f8fc573eb38c3c73e23e0930063a6f6409ed4
@@ -53633,8 +61417,8 @@ CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x
NOTE: PHP Bug: https://bugs.php.net/76452
CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...)
{DSA-4993-1 DSA-4992-1 DLA-2794-1}
- - php8.0 <unfixed>
- - php7.4 <unfixed> (bug #997003)
+ - php8.0 <removed>
+ - php7.4 7.4.26-1 (bug #997003)
- php7.3 <removed>
- php7.0 <removed>
NOTE: Fixed in 8.0.12, 7.4.25
@@ -54294,8 +62078,10 @@ CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network appli
NOTE: Fixed by: https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
NOTE: https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
NOTE: Is a followup to: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
-CVE-2021-21408
- RESERVED
+CVE-2021-21408 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ - smarty3 <unfixed>
+ NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m
+ NOTE: https://github.com/smarty-php/smarty/commit/28519ca00fe6890ef2d464f8400a16188c4b6f36 (3.1.43)
CVE-2021-21407 (Combodo iTop is an open source, web based IT Service Management tool. ...)
NOT-FOR-US: Combodo iTop
CVE-2021-21406 (Combodo iTop is an open source, web based IT Service Management tool. ...)
@@ -54592,6 +62378,7 @@ CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm packa
NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
- ruby-carrierwave <unfixed> (bug #982551)
+ [buster] - ruby-carrierwave <no-dsa> (Minor issue)
[stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7
@@ -54647,6 +62434,7 @@ CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated we
NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7)
CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
- ruby-carrierwave 1.3.2-1 (bug #982552)
+ [buster] - ruby-carrierwave <no-dsa> (Minor issue)
[stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5
NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0
@@ -55765,72 +63553,72 @@ CVE-2021-20879
RESERVED
CVE-2021-20878
RESERVED
-CVE-2021-20877
- RESERVED
-CVE-2021-20876
- RESERVED
-CVE-2021-20875
- RESERVED
-CVE-2021-20874
- RESERVED
-CVE-2021-20873
- RESERVED
-CVE-2021-20872
- RESERVED
-CVE-2021-20871
- RESERVED
-CVE-2021-20870
- RESERVED
-CVE-2021-20869
- RESERVED
-CVE-2021-20868
- RESERVED
-CVE-2021-20867
- RESERVED
-CVE-2021-20866
- RESERVED
-CVE-2021-20865
- RESERVED
-CVE-2021-20864
- RESERVED
-CVE-2021-20863
- RESERVED
-CVE-2021-20862
- RESERVED
-CVE-2021-20861
- RESERVED
-CVE-2021-20860
- RESERVED
-CVE-2021-20859
- RESERVED
-CVE-2021-20858
- RESERVED
-CVE-2021-20857
- RESERVED
-CVE-2021-20856
- RESERVED
-CVE-2021-20855
- RESERVED
-CVE-2021-20854
- RESERVED
-CVE-2021-20853
- RESERVED
-CVE-2021-20852
- RESERVED
-CVE-2021-20851
- RESERVED
+CVE-2021-20877 (Cross-site scripting vulnerability in Canon laser printers and small o ...)
+ NOT-FOR-US: Canon printer firmware
+CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20873 (Yappli is an application development platform which provides the funct ...)
+ NOT-FOR-US: Yappli
+CVE-2021-20872 (Protection mechanism failure vulnerability in KONICA MINOLTA bizhub se ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20871 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20870 (Improper handling of exceptional conditions vulnerability in KONICA MI ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20869 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20868 (Incorrect authorization vulnerability in KONICA MINOLTA bizhub series ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20865 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20862 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmwa ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and Operati ...)
+ NOT-FOR-US: WordPress plugin
CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...)
NOT-FOR-US: PowerCMS
CVE-2021-20849
RESERVED
CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...)
- TODO: check
-CVE-2021-20847
- RESERVED
+ NOT-FOR-US: rwtxt
+CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G ...)
+ NOT-FOR-US: Wi-Fi STATION SH-52A
CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications ...)
NOT-FOR-US: WordPress plugin
CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...)
- TODO: check
+ NOT-FOR-US: Unlimited Sitemap Generator
CVE-2021-20844 (Improper neutralization of HTTP request headers for scripting syntax v ...)
NOT-FOR-US: RTX830
CVE-2021-20843 (Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev ...)
@@ -55865,10 +63653,10 @@ CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag san
NOT-FOR-US: GROWI
CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
NOT-FOR-US: EC-CUBE plugin
-CVE-2021-20827
- RESERVED
-CVE-2021-20826
- RESERVED
+CVE-2021-20827 (Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Serie ...)
+ NOT-FOR-US: IDEC
+CVE-2021-20826 (Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A ...)
+ NOT-FOR-US: IDEC
CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...)
NOT-FOR-US: EC-CUBE plugin
CVE-2021-20824
@@ -56116,13 +63904,13 @@ CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTE
NOT-FOR-US: Nec
CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
NOT-FOR-US: Nec
-CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
NOT-FOR-US: Nec
-CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
NOT-FOR-US: Nec
-CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
NOT-FOR-US: Nec
-CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
NOT-FOR-US: Nec
CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
NOT-FOR-US: SHARP
@@ -56296,22 +64084,22 @@ CVE-2021-20615
RESERVED
CVE-2021-20614
RESERVED
-CVE-2021-20613
- RESERVED
-CVE-2021-20612
- RESERVED
-CVE-2021-20611
- RESERVED
-CVE-2021-20610
- RESERVED
-CVE-2021-20609
- RESERVED
-CVE-2021-20608
- RESERVED
-CVE-2021-20607
- RESERVED
-CVE-2021-20606
- RESERVED
+CVE-2021-20613 (Improper initialization vulnerability in MELSEC-F series FX3U-ENET Fir ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20612 (Lack of administrator control over security vulnerability in MELSEC-F ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versi ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...)
+ NOT-FOR-US: Mitsubishi
CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
@@ -56536,8 +64324,8 @@ CVE-2021-20495
RESERVED
CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
NOT-FOR-US: IBM
-CVE-2021-20493
- RESERVED
+CVE-2021-20493 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...)
NOT-FOR-US: IBM
CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based bu ...)
@@ -56582,8 +64370,8 @@ CVE-2021-20472
RESERVED
CVE-2021-20471
RESERVED
-CVE-2021-20470
- RESERVED
+CVE-2021-20470 (IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users sho ...)
+ NOT-FOR-US: IBM
CVE-2021-20469
RESERVED
CVE-2021-20468
@@ -56722,8 +64510,8 @@ CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allo
NOT-FOR-US: IBM
CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...)
NOT-FOR-US: IBM
-CVE-2021-20400
- RESERVED
+CVE-2021-20400 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
+ NOT-FOR-US: IBM
CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...)
NOT-FOR-US: IBM
CVE-2021-20398
@@ -56776,8 +64564,8 @@ CVE-2021-20375 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an
NOT-FOR-US: IBM
CVE-2021-20374 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
NOT-FOR-US: IBM
-CVE-2021-20373
- RESERVED
+CVE-2021-20373 (IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Inform ...)
+ NOT-FOR-US: IBM
CVE-2021-20372 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
NOT-FOR-US: IBM
CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
@@ -56864,8 +64652,10 @@ CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials us
NOT-FOR-US: MongoDB rust driver
CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
NOT-FOR-US: MongoDB C# Driver
-CVE-2021-20330
- RESERVED
+CVE-2021-20330 (An attacker with basic CRUD permissions on a replicated collection can ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-36263
CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...)
NOT-FOR-US: mongo-driver
NOTE: https://jira.mongodb.org/browse/GODRIVER-1923
@@ -56881,8 +64671,7 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma
- mongodb <removed>
[stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
NOTE: https://jira.mongodb.org/browse/SERVER-53929
-CVE-2021-20325
- RESERVED
+CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
- apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
CVE-2021-20324
@@ -56890,17 +64679,18 @@ CVE-2021-20324
NOT-FOR-US: WildFly Elytron
CVE-2021-20323
RESERVED
-CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies]
- RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
+ {DLA-2843-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
-CVE-2021-20321
- RESERVED
+CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...)
+ {DLA-2843-1}
- linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
-CVE-2021-20320
- RESERVED
+CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...)
- linux 5.14.9-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -56909,16 +64699,20 @@ CVE-2021-20320
CVE-2021-20319
RESERVED
NOT-FOR-US: coreos-installer
-CVE-2021-20318
- RESERVED
+CVE-2021-20318 (The HornetQ component of Artemis in EAP 7 was not updated with the fix ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...)
+ {DLA-2843-1}
- linux 5.4.6-1
NOTE: https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1)
CVE-2021-20316
RESERVED
-CVE-2021-20315 [locking protection bypass allow unauthorized user to kill existing applications or start new ones]
- RESERVED
+ - samba <unfixed> (bug #1004690)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842
+CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...)
- gnome-shell <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285
TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
@@ -57232,6 +65026,7 @@ CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was fou
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
+ NOTE: No upstream patch as of 2022-01-28
CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...)
{DLA-2668-1}
- samba 2:4.13.5+dfsg-2 (bug #987811)
@@ -57379,7 +65174,7 @@ CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2. This fla
CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...)
{DSA-4950-1}
- ansible 2.10.7+merged+base+2.10.8+dfsg-1
- - ansible-base <unfixed>
+ - ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
NOTE: https://github.com/ansible/ansible/pull/73487
CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...)
@@ -57410,7 +65205,7 @@ CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM G
- qemu 1:5.2+dfsg-4
[buster] - qemu <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
- NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a (v6.0.0-rc0)
CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...)
- undertow 2.2.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
@@ -57505,13 +65300,14 @@ CVE-2021-20204 (A heap memory corruption problem (use after free) can be trigger
NOTE: Debian patch applied causes functional regressions: https://bugs.debian.org/992437
CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
{DLA-2623-1}
- - qemu <unfixed> (bug #984452)
+ - qemu 1:6.2+dfsg-1 (bug #984452)
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/308
NOTE: https://bugs.launchpad.net/qemu/+bug/1890152
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d05dcd94aee88728facafb993c7280547eb4d645 (v6.2.0-rc3)
CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior to the ...)
NOT-FOR-US: Keycloak
CVE-2021-20201 (A flaw was found in spice in versions before 0.14.92. A DoS tool might ...)
@@ -57544,7 +65340,7 @@ CVE-2021-20197 (There is an open race window when writing output in the followin
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
NOTE: binutils not covered by security support
CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...)
- - qemu <unfixed> (bug #984453)
+ - qemu 1:6.2+dfsg-1 (bug #984453)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
@@ -57552,6 +65348,7 @@ CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emu
NOTE: https://bugs.launchpad.net/qemu/+bug/1912780
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/338
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/1ab95af033a419e7a64e2d58e67dd96b20af5233 (v6.2.0-rc4)
CVE-2021-20195 (A flaw was found in keycloak in versions before 13.0.0. A Self Stored ...)
NOT-FOR-US: Keycloak
CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher than 5.2 ...)
@@ -57638,94 +65435,94 @@ CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f
-CVE-2021-20175
- RESERVED
-CVE-2021-20174
- RESERVED
-CVE-2021-20173
- RESERVED
-CVE-2021-20172
- RESERVED
-CVE-2021-20171
- RESERVED
-CVE-2021-20170
- RESERVED
-CVE-2021-20169
- RESERVED
-CVE-2021-20168
- RESERVED
-CVE-2021-20167
- RESERVED
-CVE-2021-20166
- RESERVED
-CVE-2021-20165
- RESERVED
-CVE-2021-20164
- RESERVED
-CVE-2021-20163
- RESERVED
-CVE-2021-20162
- RESERVED
-CVE-2021-20161
- RESERVED
-CVE-2021-20160
- RESERVED
-CVE-2021-20159
- RESERVED
-CVE-2021-20158
- RESERVED
-CVE-2021-20157
- RESERVED
-CVE-2021-20156
- RESERVED
-CVE-2021-20155
- RESERVED
-CVE-2021-20154
- RESERVED
-CVE-2021-20153
- RESERVED
-CVE-2021-20152
- RESERVED
-CVE-2021-20151
- RESERVED
-CVE-2021-20150
- RESERVED
-CVE-2021-20149
- RESERVED
-CVE-2021-20148
- RESERVED
-CVE-2021-20147
- RESERVED
-CVE-2021-20146
- RESERVED
-CVE-2021-20145
- RESERVED
-CVE-2021-20144
- RESERVED
-CVE-2021-20143
- RESERVED
-CVE-2021-20142
- RESERVED
-CVE-2021-20141
- RESERVED
-CVE-2021-20140
- RESERVED
-CVE-2021-20139
- RESERVED
-CVE-2021-20138
- RESERVED
-CVE-2021-20137
- RESERVED
+CVE-2021-20175 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20174 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20173 (Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20172 (All known versions of the Netgear Genie Installer for macOS contain a ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20171 (Netgear RAX43 version 1.0.3.96 stores sensitive information in plainte ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20170 (Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20169 (Netgear RAX43 version 1.0.3.96 does not utilize secure communications ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20168 (Netgear RAX43 version 1.0.3.96 does not have sufficient protections to ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20167 (Netgear RAX43 version 1.0.3.96 contains a command injection vulnerabil ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20166 (Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20165 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20164 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses creden ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20163 (Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the f ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20162 (Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plain ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20161 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient pr ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20160 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injectio ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command in ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force the dev ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded cred ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20154 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw i ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20153 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerab ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20152 (Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20151 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the sess ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20150 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses inform ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20149 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient ac ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20148 (ManageEngine ADSelfService Plus below build 6116 stores the password p ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20147 (ManageEngine ADSelfService Plus below build 6116 contains an observabl ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20146 (An unprotected ssh private key exists on the Gryphon devices which cou ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20145 (Gryphon Tower routers contain an unprotected openvpn configuration fil ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20144 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20143 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20142 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20141 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20140 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20139 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20138 (An unauthenticated command injection vulnerability exists in multiple ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20137 (A reflected cross-site scripting vulnerability exists in the url param ...)
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20136 (ManageEngine Log360 Builds &lt; 5235 are affected by an improper acces ...)
NOT-FOR-US: ManageEngine
CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)
NOT-FOR-US: Nessus
-CVE-2021-20134
- RESERVED
-CVE-2021-20133
- RESERVED
-CVE-2021-20132
- RESERVED
+CVE-2021-20134 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20133 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20132 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
NOT-FOR-US: ManageEngine ADManager Plus
CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
@@ -57890,32 +65687,32 @@ CVE-2021-20052
RESERVED
CVE-2021-20051
RESERVED
-CVE-2021-20050
- RESERVED
-CVE-2021-20049
- RESERVED
-CVE-2021-20048
- RESERVED
-CVE-2021-20047
- RESERVED
-CVE-2021-20046
- RESERVED
-CVE-2021-20045
- RESERVED
-CVE-2021-20044
- RESERVED
-CVE-2021-20043
- RESERVED
-CVE-2021-20042
- RESERVED
-CVE-2021-20041
- RESERVED
-CVE-2021-20040
- RESERVED
-CVE-2021-20039
- RESERVED
-CVE-2021-20038
- RESERVED
+CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series leads to ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP response h ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and ear ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP Content-Length respo ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacN ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20044 (A post-authentication remote command injection vulnerability in SonicW ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20043 (A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBook ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20042 (An unauthenticated remote attacker can use SMA 100 as an unintended pr ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20041 (An unauthenticated and remote adversary can consume all of the device' ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20040 (A relative path traversal vulnerability in the SMA100 upload funtion a ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20039 (Improper neutralization of special elements in the SMA100 management i ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20038 (A Stack-based buffer overflow vulnerability in SMA100 Apache httpd ser ...)
+ NOT-FOR-US: SonicWall
CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incor ...)
NOT-FOR-US: SonicWall
CVE-2021-20036
@@ -57935,7 +65732,7 @@ CVE-2021-20030
CVE-2021-20029
RESERVED
CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
- NOT-FOR-US: Sonicwall
+ NOT-FOR-US: SonicWall
CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
NOT-FOR-US: SonicWall
CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
@@ -57961,35 +65758,37 @@ CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWal
CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...)
NOT-FOR-US: SonicWall
CVE-2021-20015
- RESERVED
+ REJECTED
CVE-2021-20014
- RESERVED
+ REJECTED
CVE-2021-20013
- RESERVED
+ REJECTED
CVE-2021-20012
- RESERVED
+ REJECTED
CVE-2021-20011
- RESERVED
+ REJECTED
CVE-2021-20010
- RESERVED
+ REJECTED
CVE-2021-20009
- RESERVED
+ REJECTED
CVE-2021-20008
- RESERVED
+ REJECTED
CVE-2021-20007
- RESERVED
+ REJECTED
CVE-2021-20006
- RESERVED
+ REJECTED
CVE-2021-20005
- RESERVED
+ REJECTED
CVE-2021-20004
- RESERVED
+ REJECTED
CVE-2021-20003
- RESERVED
+ REJECTED
CVE-2021-20002
- RESERVED
-CVE-2021-20001
- RESERVED
+ REJECTED
+CVE-2021-20001 (It was discovered, that debian-edu-config, a set of configuration file ...)
+ {DSA-5072-1 DLA-2918-1}
+ - debian-edu-config 2.12.16
+ NOTE: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
CVE-2021-2485 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
NOT-FOR-US: Oracle
CVE-2021-2484 (Vulnerability in the Oracle Operations Intelligence product of Oracle ...)
@@ -59196,8 +66995,8 @@ CVE-2021-1920 (Integer underflow can occur due to improper handling of incoming
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1919 (Integer underflow can occur when the RTCP length is lesser than than t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1918
- RESERVED
+CVE-2021-1918 (Improper handling of resource allocation in virtual machines can lead ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1917 (Null pointer dereference can occur due to memory allocation failure in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1916 (Possible buffer underflow due to lack of check for negative indices va ...)
@@ -59244,8 +67043,8 @@ CVE-2021-1896 (Weak configuration in WLAN could cause forwarding of unencrypted
NOT-FOR-US: Snapdragon
CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1894
- RESERVED
+CVE-2021-1894 (Improper access control in TrustZone due to improper error handling wh ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1893
RESERVED
CVE-2021-1892 (Memory corruption due to improper input validation while processing IO ...)
@@ -59934,8 +67733,8 @@ CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Vi
NOT-FOR-US: Cisco
CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1573
- RESERVED
+CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...)
NOT-FOR-US: Cisco
CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -60863,7 +68662,7 @@ CVE-2021-1115 (NVIDIA GPU Display Driver for Windows contains a vulnerability in
NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...)
NOT-FOR-US: NVIDIA
-CVE-2021-1113 (NVIDIA camera firmware contains a vulnerability where an unauthorized ...)
+CVE-2021-1113 (NVIDIA camera firmware contains a difficult to exploit vulnerability w ...)
NOT-FOR-US: NVIDIA
CVE-2021-1112 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
NOT-FOR-US: NVIDIA
@@ -60900,6 +68699,7 @@ CVE-2021-1097 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU
CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerability ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
[buster] - nvidia-graphics-drivers 418.211.00-1
- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
@@ -60913,6 +68713,7 @@ CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
[buster] - nvidia-graphics-drivers 418.211.00-1
- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
@@ -60926,6 +68727,7 @@ CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
[buster] - nvidia-graphics-drivers 418.211.00-1
- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
@@ -60976,6 +68778,7 @@ CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 dr
- nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221)
- nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222)
CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+ {DLA-2888-1}
- nvidia-graphics-drivers 460.73.01-1 (bug #987216)
[buster] - nvidia-graphics-drivers 418.197.02-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #987217)
@@ -61026,9 +68829,9 @@ CVE-2021-1058 (NVIDIA vGPU software contains a vulnerability in the guest kernel
CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerabilit ...)
NOT-FOR-US: NVIDIA Virtual GPU Manager NVIDIA vGPU manager
CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
+ {DLA-2888-1}
- nvidia-graphics-drivers 460.32.03-1 (bug #979670)
[buster] - nvidia-graphics-drivers 418.181.07-1
- [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
@@ -61055,207 +68858,206 @@ CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in
NOT-FOR-US: NVIDIA Windows drivers
CVE-2021-1050
RESERVED
-CVE-2021-1049
- RESERVED
-CVE-2021-1048
- RESERVED
-CVE-2021-1047
- RESERVED
-CVE-2021-1046
- RESERVED
-CVE-2021-1045
- RESERVED
+CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...)
+ NOT-FOR-US: Unisoc
+CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...)
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/77f4689de17c0887775bb77896f4cc11a39bf848 (5.9-rc4)
+CVE-2021-1047 (In valid_ipc_dram_addr of cm_access_control.c, there is a possible out ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1044
- RESERVED
+CVE-2021-1046 (In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1043
- RESERVED
+CVE-2021-1045 (Product: AndroidVersions: Android kernelAndroid ID: A-195580473Referen ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1042
- RESERVED
+CVE-2021-1044 (In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1041
- RESERVED
+CVE-2021-1043 (In TBD of TBD, there is a possible downgrade attack due to under utili ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1040
- RESERVED
-CVE-2021-1039
- RESERVED
-CVE-2021-1038
- RESERVED
-CVE-2021-1037
- RESERVED
-CVE-2021-1036
- RESERVED
-CVE-2021-1035
- RESERVED
-CVE-2021-1034
- RESERVED
+CVE-2021-1042 (In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible d ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1041 (In (TBD) of (TBD), there is a possible out of bounds read due to memor ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1040 (In onCreate of BluetoothPairingSelectionFragment.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...)
+ NOT-FOR-US: Android
+CVE-2021-1037 (The broadcast that DevicePickerFragment sends when a new device is pai ...)
+ NOT-FOR-US: Android
+CVE-2021-1036 (In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-1035 (In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...)
+ NOT-FOR-US: Android
CVE-2021-1033
RESERVED
-CVE-2021-1032
- RESERVED
-CVE-2021-1031
- RESERVED
-CVE-2021-1030
- RESERVED
-CVE-2021-1029
- RESERVED
-CVE-2021-1028
- RESERVED
-CVE-2021-1027
- RESERVED
-CVE-2021-1026
- RESERVED
-CVE-2021-1025
- RESERVED
-CVE-2021-1024
- RESERVED
-CVE-2021-1023
- RESERVED
-CVE-2021-1022
- RESERVED
-CVE-2021-1021
- RESERVED
-CVE-2021-1020
- RESERVED
-CVE-2021-1019
- RESERVED
-CVE-2021-1018
- RESERVED
-CVE-2021-1017
- RESERVED
-CVE-2021-1016
- RESERVED
-CVE-2021-1015
- RESERVED
-CVE-2021-1014
- RESERVED
-CVE-2021-1013
- RESERVED
-CVE-2021-1012
- RESERVED
-CVE-2021-1011
- RESERVED
-CVE-2021-1010
- RESERVED
-CVE-2021-1009
- RESERVED
-CVE-2021-1008
- RESERVED
-CVE-2021-1007
- RESERVED
-CVE-2021-1006
- RESERVED
-CVE-2021-1005
- RESERVED
-CVE-2021-1004
- RESERVED
-CVE-2021-1003
- RESERVED
-CVE-2021-1002
- RESERVED
-CVE-2021-1001
- RESERVED
+CVE-2021-1032 (In getMimeGroup of PackageManagerService.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1031 (In cancelNotificationsFromListener of NotificationManagerService.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-1030 (In setNotificationsShownFromListener of NotificationManagerService.jav ...)
+ NOT-FOR-US: Android
+CVE-2021-1029 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-1028 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-1027 (In setTransactionState of SurfaceFlinger, there is possible arbitrary ...)
+ NOT-FOR-US: Android
+CVE-2021-1026 (In startRanging of RttServiceImpl.java, there is a possible way to det ...)
+ NOT-FOR-US: Android
+CVE-2021-1025 (In hasNamedWallpaper of WallpaperManagerService.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-1024 (In onEventReceived of EventResultPersister.java, there is a possible i ...)
+ NOT-FOR-US: Android
+CVE-2021-1023 (In onCreate of RequestIgnoreBatteryOptimizations.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1022 (In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1021 (In snoozeNotificationInt of NotificationManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1020 (In snoozeNotification of NotificationListenerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-1019 (In snoozeNotification of NotificationListenerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-1018 (In adjustStreamVolume of AudioService.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-1017 (In AdapterService and GattService definition of AndroidManifest.xml, t ...)
+ NOT-FOR-US: Android
+CVE-2021-1016 (In onCreate of UsbPermissionActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-1015 (In getMeidForSlot of PhoneInterfaceManager.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-1014 (In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1013 (In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of P ...)
+ NOT-FOR-US: Android
+CVE-2021-1012 (In onResume of NotificationAccessDetails.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1011 (In setPackageStoppedState of PackageManagerService.java, there is a mi ...)
+ NOT-FOR-US: Android
+CVE-2021-1010 (In getSigningKeySet of PackageManagerService.java, there is a missing ...)
+ NOT-FOR-US: Android
+CVE-2021-1009 (In setApplicationCategoryHint of PackageManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1008 (In addSubInfo of SubscriptionController.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1007 (In btu_hcif_process_event of btu_hcif.cc, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-1006 (In several functions of DatabaseManager.java, there is a possible leak ...)
+ NOT-FOR-US: Android
+CVE-2021-1005 (In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2021-1004 (In getConfiguredNetworks of WifiServiceImpl.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-1003 (In adjustStreamVolume of AudioService.java, there is a possible way fo ...)
+ NOT-FOR-US: Android
+CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bo ...)
+ NOT-FOR-US: Android
CVE-2021-1000
RESERVED
-CVE-2021-0999
- RESERVED
-CVE-2021-0998
- RESERVED
-CVE-2021-0997
- RESERVED
-CVE-2021-0996
- RESERVED
-CVE-2021-0995
- RESERVED
-CVE-2021-0994
- RESERVED
-CVE-2021-0993
- RESERVED
-CVE-2021-0992
- RESERVED
-CVE-2021-0991
- RESERVED
-CVE-2021-0990
- RESERVED
-CVE-2021-0989
- RESERVED
-CVE-2021-0988
- RESERVED
-CVE-2021-0987
- RESERVED
-CVE-2021-0986
- RESERVED
-CVE-2021-0985
- RESERVED
-CVE-2021-0984
- RESERVED
-CVE-2021-0983
- RESERVED
-CVE-2021-0982
- RESERVED
-CVE-2021-0981
- RESERVED
+CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible ou ...)
+ NOT-FOR-US: Android
+CVE-2021-0997 (In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , t ...)
+ NOT-FOR-US: Android
+CVE-2021-0996 (In nfaHciCallback of HciEventManager.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-0995 (In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-0994 (In requestRouteToHostAddress of ConnectivityService.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0993 (In getOffsetBeforeAfter of TextLine.java, there is a possible denial o ...)
+ NOT-FOR-US: Android
+CVE-2021-0992 (In onCreate of PaymentDefaultDialog.java, there is a possible way to c ...)
+ NOT-FOR-US: Android
+CVE-2021-0991 (In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderControll ...)
+ NOT-FOR-US: Android
+CVE-2021-0990 (In getDeviceId of PhoneSubInfoController.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0989 (In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0988 (In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientCont ...)
+ NOT-FOR-US: Android
+CVE-2021-0987 (In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2021-0986 (In hasGrantedPolicy of DevicePolicyManagerService.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0985 (In onReceive of AlertReceiver.java, there is a possible way to dismiss ...)
+ NOT-FOR-US: Android
+CVE-2021-0984 (In onNullBinding of ManagedServices.java, there is a possible permissi ...)
+ NOT-FOR-US: Android
+CVE-2021-0983 (In createAdminSupportIntent of DevicePolicyManagerService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0982 (In getOrganizationNameForUser of DevicePolicyManagerService.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-0981 (In enqueueNotificationInternal of NotificationManagerService.java, the ...)
+ NOT-FOR-US: Android
CVE-2021-0980
RESERVED
-CVE-2021-0979
- RESERVED
-CVE-2021-0978
- RESERVED
-CVE-2021-0977
- RESERVED
-CVE-2021-0976
- RESERVED
+CVE-2021-0979 (In isRequestPinItemSupported of ShortcutService.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0978 (In getSerialForPackage of DeviceIdentifiersPolicyService.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read due to a ...)
+ NOT-FOR-US: Android
CVE-2021-0975
RESERVED
CVE-2021-0974
RESERVED
-CVE-2021-0973
- RESERVED
+CVE-2021-0973 (In isFileUri of UriUtil.java, there is a possible way to bypass ignori ...)
+ NOT-FOR-US: Android
CVE-2021-0972
RESERVED
-CVE-2021-0971
- RESERVED
-CVE-2021-0970
- RESERVED
-CVE-2021-0969
- RESERVED
-CVE-2021-0968
- RESERVED
-CVE-2021-0967
- RESERVED
-CVE-2021-0966
- RESERVED
-CVE-2021-0965
- RESERVED
-CVE-2021-0964
- RESERVED
-CVE-2021-0963
- RESERVED
+CVE-2021-0971 (In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0970 (In createFromParcel of GpsNavigationMessage.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0969 (In getTitle of AccessPoint.java, there is a possible unhandled excepti ...)
+ NOT-FOR-US: Android
+CVE-2021-0968 (In osi_malloc and osi_calloc of allocator.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0967 (In vorbis_book_decodev_set of codebook.c, there is a possible out of b ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0966 (In code generated by BuildParcelFields of generate_cpp.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0965 (In AndroidManifest.xml of Settings, there is a possible pairing of a B ...)
+ NOT-FOR-US: Android
+CVE-2021-0964 (In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out o ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0963 (In onCreate of KeyChainActivity.java, there is a possible way to use a ...)
+ NOT-FOR-US: Android
CVE-2021-0962
RESERVED
-CVE-2021-0961
- RESERVED
+CVE-2021-0961 (In quota_proc_write of xt_quota2.c, there is a possible way to read ke ...)
+ - linux <not-affected> (Android-specific xt_quota2 code)
+ NOTE: https://source.android.com/security/bulletin/2021-12-01
CVE-2021-0960
RESERVED
-CVE-2021-0959
- RESERVED
-CVE-2021-0958
- RESERVED
+CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory restrict ...)
+ NOT-FOR-US: Android
+CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...)
+ NOT-FOR-US: Android
CVE-2021-0957
RESERVED
-CVE-2021-0956
- RESERVED
-CVE-2021-0955
- RESERVED
-CVE-2021-0954
- RESERVED
-CVE-2021-0953
- RESERVED
-CVE-2021-0952
- RESERVED
+CVE-2021-0956 (In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0955 (In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption ...)
+ NOT-FOR-US: Android
+CVE-2021-0954 (In ResolverActivity, there is a possible user interaction bypass due t ...)
+ NOT-FOR-US: Android
+CVE-2021-0953 (In setOnClickActivityIntent of SearchWidgetProvider.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a possible perm ...)
+ NOT-FOR-US: Android
CVE-2021-0951
RESERVED
CVE-2021-0950
@@ -61310,61 +69112,46 @@ CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds wr
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
CVE-2021-0934
RESERVED
-CVE-2021-0933
- RESERVED
+CVE-2021-0933 (In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.j ...)
NOT-FOR-US: Android
-CVE-2021-0932
- RESERVED
+CVE-2021-0932 (In showNotification of NavigationModeController.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-0931
- RESERVED
+CVE-2021-0931 (In getAlias of BluetoothDevice.java, there is a possible way to create ...)
NOT-FOR-US: Android
-CVE-2021-0930
- RESERVED
+CVE-2021-0930 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-0929
- RESERVED
+CVE-2021-0929 (In ion_dma_buf_end_cpu_access and related functions of ion.c, there is ...)
- linux 5.6.4-1 (unimportant)
NOTE: https://source.android.com/security/bulletin/2021-11-01
NOTE: CONFIG_ION not enabled in Debian
-CVE-2021-0928
- RESERVED
+CVE-2021-0928 (In createFromParcel of OutputConfiguration.java, there is a possible p ...)
NOT-FOR-US: Android media framework
-CVE-2021-0927
- RESERVED
+CVE-2021-0927 (In requestChannelBrowsable of TvInputManagerService.java, there is a p ...)
NOT-FOR-US: Android TV
-CVE-2021-0926
- RESERVED
+CVE-2021-0926 (In onCreate of NfcImportVCardActivity.java, there is a possible way to ...)
NOT-FOR-US: Android
-CVE-2021-0925
- RESERVED
+CVE-2021-0925 (In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of boun ...)
NOT-FOR-US: Android
-CVE-2021-0924
- RESERVED
+CVE-2021-0924 (In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds re ...)
- linux <not-affected> (Android-specific XHCI patch)
NOTE: https://source.android.com/security/bulletin/2021-11-01
NOTE: https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497
-CVE-2021-0923
- RESERVED
+CVE-2021-0923 (In createOrUpdate of Permission.java, there is a possible way to gain ...)
NOT-FOR-US: Android
-CVE-2021-0922
- RESERVED
+CVE-2021-0922 (In enforceCrossUserOrProfilePermission of PackageManagerService.java, ...)
NOT-FOR-US: Android
-CVE-2021-0921
- RESERVED
+CVE-2021-0921 (In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0920
- RESERVED
+CVE-2021-0920 (In unix_scm_to_skb of af_unix.c, there is a possible use after free bu ...)
+ {DLA-2843-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca
NOTE: https://source.android.com/security/bulletin/2021-11-01
-CVE-2021-0919
- RESERVED
+CVE-2021-0919 (In getService of IServiceManager.cpp, there is a possible unhandled ex ...)
NOT-FOR-US: Android
-CVE-2021-0918
- RESERVED
+CVE-2021-0918 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...)
NOT-FOR-US: Android
CVE-2021-0917
RESERVED
@@ -61392,38 +69179,37 @@ CVE-2021-0906
RESERVED
CVE-2021-0905
RESERVED
-CVE-2021-0904
- RESERVED
-CVE-2021-0903
- RESERVED
-CVE-2021-0902
- RESERVED
-CVE-2021-0901
- RESERVED
-CVE-2021-0900
- RESERVED
-CVE-2021-0899
- RESERVED
-CVE-2021-0898
- RESERVED
-CVE-2021-0897
- RESERVED
-CVE-2021-0896
- RESERVED
-CVE-2021-0895
- RESERVED
-CVE-2021-0894
- RESERVED
-CVE-2021-0893
- RESERVED
+CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0901 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
CVE-2021-0892
RESERVED
CVE-2021-0891
RESERVED
CVE-2021-0890
RESERVED
-CVE-2021-0889
- RESERVED
+CVE-2021-0889 (In Android TV , there is a possible silent pairing due to lack of rate ...)
NOT-FOR-US: Android TV
CVE-2021-0888
RESERVED
@@ -61603,8 +69389,7 @@ CVE-2021-0801
RESERVED
CVE-2021-0800
RESERVED
-CVE-2021-0799
- RESERVED
+CVE-2021-0799 (In ActivityThread.java, there is a possible way to collide the content ...)
NOT-FOR-US: Android
CVE-2021-0798
RESERVED
@@ -61664,8 +69449,8 @@ CVE-2021-0771
RESERVED
CVE-2021-0770
RESERVED
-CVE-2021-0769
- RESERVED
+CVE-2021-0769 (In onCreate of AllowBindAppWidgetActivity.java, there is a possible by ...)
+ NOT-FOR-US: Android
CVE-2021-0768
RESERVED
CVE-2021-0767
@@ -61794,8 +69579,8 @@ CVE-2021-0706 (In startListening of PluginManagerImpl.java, there is a possible
NOT-FOR-US: Android
CVE-2021-0705 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0704
- RESERVED
+CVE-2021-0704 (In createNoCredentialsPermissionNotification and related functions of ...)
+ NOT-FOR-US: Android
CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after free due ...)
NOT-FOR-US: Android
CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...)
@@ -61845,20 +69630,20 @@ CVE-2021-0681 (In system properties, there is a possible information disclosure
NOT-FOR-US: MediaTek components for Android
CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0679
- RESERVED
-CVE-2021-0678
- RESERVED
-CVE-2021-0677
- RESERVED
-CVE-2021-0676
- RESERVED
-CVE-2021-0675
- RESERVED
-CVE-2021-0674
- RESERVED
-CVE-2021-0673
- RESERVED
+CVE-2021-0679 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an intege ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due to an ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to an inco ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due to a m ...)
+ NOT-FOR-US: Mediatek
CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...)
@@ -61897,18 +69682,15 @@ CVE-2021-0655 (In mdlactl driver, there is a possible memory corruption due to a
NOT-FOR-US: Mediatek
CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...)
NOT-FOR-US: Android
-CVE-2021-0653
- RESERVED
+CVE-2021-0653 (In enqueueNotification of NetworkPolicyManagerService.java, there is a ...)
NOT-FOR-US: Android
CVE-2021-0652 (In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a p ...)
NOT-FOR-US: Android
CVE-2021-0651 (In loadLabel of PackageItemInfo.java, there is a possible way to DoS a ...)
NOT-FOR-US: Android
-CVE-2021-0650
- RESERVED
+CVE-2021-0650 (In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of ...)
NOT-FOR-US: Android media framework
-CVE-2021-0649
- RESERVED
+CVE-2021-0649 (In stopVpnProfile of Vpn.java, there is a possible VPN profile reset d ...)
NOT-FOR-US: Android
CVE-2021-0648
RESERVED
@@ -62162,8 +69944,8 @@ CVE-2021-0526 (In memory management driver, there is a possible out of bounds wr
NOT-FOR-US: MediaTek components for Android
CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0524
- RESERVED
+CVE-2021-0524 (In isServiceDistractionOptimized of CarPackageManagerService.java, the ...)
+ NOT-FOR-US: Android
CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...)
NOT-FOR-US: Android
CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...)
@@ -62347,8 +70129,7 @@ CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible
NOT-FOR-US: Android media framework
CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...)
NOT-FOR-US: Android
-CVE-2021-0434
- RESERVED
+CVE-2021-0434 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...)
NOT-FOR-US: Android
CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...)
NOT-FOR-US: Android
@@ -62864,52 +70645,92 @@ CVE-2021-0185
RESERVED
CVE-2021-0184
RESERVED
-CVE-2021-0183
- RESERVED
+CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
NOT-FOR-US: Intel Hardware Accelerated Execution Manager
CVE-2021-0181
RESERVED
CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
NOT-FOR-US: Intel Hardware Accelerated Execution Manager
-CVE-2021-0179
- RESERVED
-CVE-2021-0178
- RESERVED
-CVE-2021-0177
- RESERVED
-CVE-2021-0176
- RESERVED
-CVE-2021-0175
- RESERVED
-CVE-2021-0174
- RESERVED
-CVE-2021-0173
- RESERVED
-CVE-2021-0172
- RESERVED
-CVE-2021-0171
- RESERVED
-CVE-2021-0170
- RESERVED
-CVE-2021-0169
- RESERVED
-CVE-2021-0168
- RESERVED
-CVE-2021-0167
- RESERVED
-CVE-2021-0166
- RESERVED
-CVE-2021-0165
- RESERVED
-CVE-2021-0164
- RESERVED
-CVE-2021-0163
- RESERVED
-CVE-2021-0162
- RESERVED
-CVE-2021-0161
- RESERVED
+CVE-2021-0179 (Improper Use of Validation Framework in software for Intel(R) PROSet/W ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0178 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0177 (Improper Validation of Consistency within input in software for Intel( ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0176 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0175 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0174 (Improper Use of Validation Framework in firmware for some Intel(R) PRO ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0173 (Improper Validation of Consistency within input in firmware for some I ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0172 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0171 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0170 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0169 (Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0168 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0167 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0166 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0165 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0164 (Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0163 (Improper Validation of Consistency within input in software for Intel( ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0162 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...)
NOT-FOR-US: Intel
CVE-2021-0159
@@ -62918,8 +70739,8 @@ CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R)
NOT-FOR-US: Intel
CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for some Int ...)
NOT-FOR-US: Intel
-CVE-2021-0156
- RESERVED
+CVE-2021-0156 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ TODO: check
CVE-2021-0155
RESERVED
CVE-2021-0154
@@ -62936,12 +70757,20 @@ CVE-2021-0149
RESERVED
CVE-2021-0148 (Insertion of information into log file in firmware for some Intel(R) S ...)
NOT-FOR-US: Intel
-CVE-2021-0147
- RESERVED
-CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...)
+CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for some Int ...)
NOT-FOR-US: Intel
-CVE-2021-0145
- RESERVED
+CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
+CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) Processor ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
+ NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html
CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
NOT-FOR-US: Intel
CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...)
@@ -62982,14 +70811,18 @@ CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
CVE-2021-0128
RESERVED
-CVE-2021-0127
- RESERVED
+CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors may a ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
CVE-2021-0126
RESERVED
-CVE-2021-0125
- RESERVED
-CVE-2021-0124
- RESERVED
+CVE-2021-0125 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0124 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
CVE-2021-0123
RESERVED
CVE-2021-0122
@@ -62998,48 +70831,48 @@ CVE-2021-0121 (Improper access control in the installer for some Intel(R) Iris(R
NOT-FOR-US: Intel
CVE-2021-0120 (Improper initialization in the installer for some Intel(R) Graphics DC ...)
NOT-FOR-US: Intel
-CVE-2021-0119
- RESERVED
-CVE-2021-0118
- RESERVED
-CVE-2021-0117
- RESERVED
-CVE-2021-0116
- RESERVED
-CVE-2021-0115
- RESERVED
-CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
+CVE-2021-0119 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0118 (Out-of-bounds read in the firmware for some Intel(R) Processors may al ...)
+ TODO: check
+CVE-2021-0117 (Pointer issues in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0116 (Out-of-bounds write in the firmware for some Intel(R) Processors may a ...)
+ TODO: check
+CVE-2021-0115 (Buffer overflow in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0114 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
NOT-FOR-US: Intel
CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
NOT-FOR-US: Intel
CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...)
NOT-FOR-US: Intel
-CVE-2021-0111
- RESERVED
+CVE-2021-0111 (NULL pointer dereference in the firmware for some Intel(R) Processors ...)
+ TODO: check
CVE-2021-0110 (Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH D ...)
NOT-FOR-US: Intel
CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
NOT-FOR-US: Intel
CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...)
NOT-FOR-US: Intel
-CVE-2021-0107
- RESERVED
+CVE-2021-0107 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
+ TODO: check
CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...)
NOT-FOR-US: Intel
CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...)
NOT-FOR-US: Intel
CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...)
NOT-FOR-US: Intel
-CVE-2021-0103
- RESERVED
+CVE-2021-0103 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...)
NOT-FOR-US: Intel
CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
NOT-FOR-US: Intel
CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...)
NOT-FOR-US: Intel
-CVE-2021-0099
- RESERVED
+CVE-2021-0099 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...)
NOT-FOR-US: Intel
CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...)
@@ -63050,12 +70883,12 @@ CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Process
NOT-FOR-US: Intel
CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...)
NOT-FOR-US: Intel
-CVE-2021-0093
- RESERVED
-CVE-2021-0092
- RESERVED
-CVE-2021-0091
- RESERVED
+CVE-2021-0093 (Incorrect default permissions in the firmware for some Intel(R) Proces ...)
+ TODO: check
+CVE-2021-0092 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0091 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...)
NOT-FOR-US: Intel
CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...)
@@ -63091,16 +70924,20 @@ CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wi
NOT-FOR-US: Intel
CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...)
NOT-FOR-US: Intel
-CVE-2021-0076
- RESERVED
+CVE-2021-0076 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...)
NOT-FOR-US: Intel
CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...)
NOT-FOR-US: Intel
CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...)
NOT-FOR-US: Intel
-CVE-2021-0072
- RESERVED
+CVE-2021-0072 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
NOT-FOR-US: Intel
CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...)
@@ -63111,8 +70948,10 @@ CVE-2021-0068
RESERVED
CVE-2021-0067 (&amp;nbsp;Improper access control in system firmware for some Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2021-0066
- RESERVED
+CVE-2021-0066 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...)
NOT-FOR-US: Intel
CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...)
@@ -63123,8 +70962,8 @@ CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers befor
NOT-FOR-US: Intel drivers for Windows
CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...)
NOT-FOR-US: Intel drivers for Windows
-CVE-2021-0060
- RESERVED
+CVE-2021-0060 (Insufficient compartmentalization in HECI subsystem for the Intel(R) S ...)
+ NOT-FOR-US: Intel
CVE-2021-0059
RESERVED
CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 24adba79a0..d065e0189f 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,313 +1,10806 @@
-CVE-2022-21792
+CVE-2022-25643
RESERVED
-CVE-2022-21791
+CVE-2022-25642
RESERVED
-CVE-2022-21790
+CVE-2022-25641
RESERVED
-CVE-2022-21789
+CVE-2022-25640
RESERVED
-CVE-2022-21788
+CVE-2022-25639
RESERVED
-CVE-2022-21787
+CVE-2022-25638
RESERVED
-CVE-2022-21786
+CVE-2022-25637
RESERVED
-CVE-2022-21785
+CVE-2022-25635
RESERVED
-CVE-2022-21784
+CVE-2022-25634
RESERVED
-CVE-2022-21783
+CVE-2022-25633
RESERVED
-CVE-2022-21782
+CVE-2022-25632
RESERVED
-CVE-2022-21781
+CVE-2022-25631
RESERVED
-CVE-2022-21780
+CVE-2022-25630
RESERVED
-CVE-2022-21779
+CVE-2022-25629
RESERVED
-CVE-2022-21778
+CVE-2022-25628
RESERVED
-CVE-2022-21777
+CVE-2022-25627
RESERVED
-CVE-2022-21776
+CVE-2022-25626
RESERVED
-CVE-2022-21775
+CVE-2022-25625
RESERVED
-CVE-2022-21774
+CVE-2022-25624
RESERVED
-CVE-2022-21773
+CVE-2022-25623
RESERVED
-CVE-2022-21772
+CVE-2022-25325
RESERVED
-CVE-2022-21771
+CVE-2022-25234
RESERVED
-CVE-2022-21770
+CVE-2022-25230
RESERVED
-CVE-2022-21769
+CVE-2022-21219
RESERVED
-CVE-2022-21768
+CVE-2022-21124
RESERVED
-CVE-2022-21767
+CVE-2022-0717
RESERVED
-CVE-2022-21766
+CVE-2022-0716
RESERVED
-CVE-2022-21765
+CVE-2022-0715
RESERVED
-CVE-2022-21764
+CVE-2022-0714
RESERVED
-CVE-2022-21763
+CVE-2022-0713
RESERVED
-CVE-2022-21762
+CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...)
+ - linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
+CVE-2022-25622
RESERVED
-CVE-2022-21761
+CVE-2022-25621
RESERVED
-CVE-2022-21760
+CVE-2022-25620
RESERVED
-CVE-2022-21759
+CVE-2022-25619
RESERVED
-CVE-2022-21758
+CVE-2022-25618
RESERVED
-CVE-2022-21757
+CVE-2022-25617
RESERVED
-CVE-2022-21756
+CVE-2022-25616
RESERVED
-CVE-2022-21755
+CVE-2022-25615
RESERVED
-CVE-2022-21754
+CVE-2022-25614
RESERVED
-CVE-2022-21753
+CVE-2022-25613
RESERVED
-CVE-2022-21752
+CVE-2022-25612
RESERVED
-CVE-2022-21751
+CVE-2022-25611
RESERVED
-CVE-2022-21750
+CVE-2022-25610
RESERVED
-CVE-2022-21749
+CVE-2022-25609
RESERVED
-CVE-2022-21748
+CVE-2022-25608
RESERVED
-CVE-2022-21747
+CVE-2022-25607
RESERVED
-CVE-2022-21746
+CVE-2022-25606
RESERVED
-CVE-2022-21745
+CVE-2022-25605
RESERVED
-CVE-2022-21744
+CVE-2022-25604
RESERVED
-CVE-2022-21743
+CVE-2022-25603
RESERVED
-CVE-2022-0009
+CVE-2022-25602
RESERVED
-CVE-2022-0008
+CVE-2022-25601
RESERVED
-CVE-2022-0007
+CVE-2022-25600
RESERVED
-CVE-2022-0006
+CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-25598
RESERVED
-CVE-2022-21742
+CVE-2022-0712
RESERVED
-CVE-2022-21741
+CVE-2022-0711
RESERVED
-CVE-2022-21740
+CVE-2022-0710
RESERVED
-CVE-2022-21739
+CVE-2022-0709
RESERVED
-CVE-2022-21738
+CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
+ TODO: check
+CVE-2022-0707
RESERVED
-CVE-2022-21737
+CVE-2022-0706
RESERVED
-CVE-2022-21736
+CVE-2022-0705
RESERVED
-CVE-2022-21735
+CVE-2022-0704
RESERVED
-CVE-2022-21734
+CVE-2022-0703
RESERVED
-CVE-2022-21733
+CVE-2022-0702
RESERVED
-CVE-2022-21732
+CVE-2022-0701
RESERVED
-CVE-2022-21731
+CVE-2022-0700
RESERVED
-CVE-2022-21730
+CVE-2022-0699
RESERVED
-CVE-2022-21729
+CVE-2022-25597
RESERVED
-CVE-2022-21728
+CVE-2022-25596
RESERVED
-CVE-2022-21727
+CVE-2022-25595
RESERVED
-CVE-2022-21726
+CVE-2022-25594
RESERVED
-CVE-2022-21725
+CVE-2022-25593
RESERVED
-CVE-2022-21724
+CVE-2022-25592
RESERVED
-CVE-2022-21723
+CVE-2022-25591
RESERVED
-CVE-2022-21722
+CVE-2022-25590
RESERVED
-CVE-2022-21721
+CVE-2022-25589
RESERVED
-CVE-2022-21720
+CVE-2022-25588
RESERVED
-CVE-2022-21719
+CVE-2022-25587
RESERVED
-CVE-2022-21718
+CVE-2022-25586
RESERVED
-CVE-2022-21717
+CVE-2022-25585
RESERVED
-CVE-2022-21716
+CVE-2022-25584
RESERVED
-CVE-2022-21715
+CVE-2022-25583
RESERVED
-CVE-2022-21714
+CVE-2022-25582
RESERVED
-CVE-2022-21713
+CVE-2022-25581
RESERVED
-CVE-2022-21712
+CVE-2022-25580
RESERVED
-CVE-2022-21711
+CVE-2022-25579
RESERVED
-CVE-2022-21710
+CVE-2022-25578
RESERVED
-CVE-2022-21709
+CVE-2022-25577
RESERVED
-CVE-2022-21708
+CVE-2022-25576
RESERVED
-CVE-2022-21707
+CVE-2022-25575
RESERVED
-CVE-2022-21706
+CVE-2022-25574
RESERVED
-CVE-2022-21705
+CVE-2022-25573
RESERVED
-CVE-2022-21704
+CVE-2022-25572
RESERVED
-CVE-2022-21703
+CVE-2022-25571
RESERVED
-CVE-2022-21702
+CVE-2022-25570
RESERVED
-CVE-2022-21701
+CVE-2022-25569
RESERVED
-CVE-2022-21700
+CVE-2022-25568
RESERVED
-CVE-2022-21699
+CVE-2022-25567
RESERVED
-CVE-2022-21698
+CVE-2022-25566
RESERVED
-CVE-2022-21697
+CVE-2022-25565
RESERVED
-CVE-2022-21696
+CVE-2022-25564
RESERVED
-CVE-2022-21695
+CVE-2022-25563
RESERVED
-CVE-2022-21694
+CVE-2022-25562
RESERVED
-CVE-2022-21693
+CVE-2022-25561
RESERVED
-CVE-2022-21692
+CVE-2022-25560
RESERVED
-CVE-2022-21691
+CVE-2022-25559
RESERVED
-CVE-2022-21690
+CVE-2022-25558
RESERVED
-CVE-2022-21689
+CVE-2022-25557
RESERVED
-CVE-2022-21688
+CVE-2022-25556
RESERVED
-CVE-2022-21687
+CVE-2022-25555
RESERVED
-CVE-2022-21686
+CVE-2022-25554
RESERVED
-CVE-2022-21685
+CVE-2022-25553
RESERVED
-CVE-2022-21684
+CVE-2022-25552
RESERVED
-CVE-2022-21683
+CVE-2022-25551
RESERVED
-CVE-2022-21682
+CVE-2022-25550
RESERVED
-CVE-2022-21681
+CVE-2022-25549
RESERVED
-CVE-2022-21680
+CVE-2022-25548
RESERVED
-CVE-2022-21679
+CVE-2022-25547
RESERVED
-CVE-2022-21678
+CVE-2022-25546
RESERVED
-CVE-2022-21677
+CVE-2022-25545
RESERVED
-CVE-2022-21676
+CVE-2022-25544
RESERVED
-CVE-2022-21675
+CVE-2022-25543
RESERVED
-CVE-2022-21674
+CVE-2022-25542
RESERVED
-CVE-2022-21673
+CVE-2022-25541
RESERVED
-CVE-2022-21672
+CVE-2022-25540
RESERVED
-CVE-2022-21671
+CVE-2022-25539
RESERVED
-CVE-2022-21670
+CVE-2022-25538
RESERVED
-CVE-2022-21669
+CVE-2022-25537
RESERVED
-CVE-2022-21668
+CVE-2022-25536
RESERVED
-CVE-2022-21667
+CVE-2022-25535
RESERVED
-CVE-2022-21666
+CVE-2022-25534
RESERVED
-CVE-2022-21665
+CVE-2022-25533
RESERVED
-CVE-2022-21664
+CVE-2022-25532
RESERVED
-CVE-2022-21663
+CVE-2022-25531
RESERVED
-CVE-2022-21662
+CVE-2022-25530
RESERVED
-CVE-2022-21661
+CVE-2022-25529
RESERVED
-CVE-2022-21660
+CVE-2022-25528
RESERVED
-CVE-2022-21659
+CVE-2022-25527
RESERVED
-CVE-2022-21658
+CVE-2022-25526
RESERVED
-CVE-2022-21657
+CVE-2022-25525
RESERVED
-CVE-2022-21656
+CVE-2022-25524
RESERVED
-CVE-2022-21655
+CVE-2022-25523
RESERVED
-CVE-2022-21654
+CVE-2022-25522
RESERVED
-CVE-2022-21653
+CVE-2022-25521
RESERVED
-CVE-2022-21652
+CVE-2022-25520
RESERVED
-CVE-2022-21651
+CVE-2022-25519
RESERVED
-CVE-2022-21650
+CVE-2022-25518
RESERVED
-CVE-2022-21649
+CVE-2022-25517
RESERVED
-CVE-2022-21648
+CVE-2022-25516
RESERVED
-CVE-2022-21647
+CVE-2022-25515
RESERVED
-CVE-2022-21646
+CVE-2022-25514
RESERVED
-CVE-2022-21645
+CVE-2022-25513
+ RESERVED
+CVE-2022-25512
+ RESERVED
+CVE-2022-25511
+ RESERVED
+CVE-2022-25510
+ RESERVED
+CVE-2022-25509
+ RESERVED
+CVE-2022-25508
+ RESERVED
+CVE-2022-25507
+ RESERVED
+CVE-2022-25506
+ RESERVED
+CVE-2022-25505
+ RESERVED
+CVE-2022-25504
+ RESERVED
+CVE-2022-25503
+ RESERVED
+CVE-2022-25502
+ RESERVED
+CVE-2022-25501
+ RESERVED
+CVE-2022-25500
+ RESERVED
+CVE-2022-25499
+ RESERVED
+CVE-2022-25498
+ RESERVED
+CVE-2022-25497
+ RESERVED
+CVE-2022-25496
+ RESERVED
+CVE-2022-25495
+ RESERVED
+CVE-2022-25494
+ RESERVED
+CVE-2022-25493
+ RESERVED
+CVE-2022-25492
+ RESERVED
+CVE-2022-25491
+ RESERVED
+CVE-2022-25490
+ RESERVED
+CVE-2022-25489
+ RESERVED
+CVE-2022-25488
+ RESERVED
+CVE-2022-25487
+ RESERVED
+CVE-2022-25486
+ RESERVED
+CVE-2022-25485
+ RESERVED
+CVE-2022-25484
+ RESERVED
+CVE-2022-25483
+ RESERVED
+CVE-2022-25482
+ RESERVED
+CVE-2022-25481
+ RESERVED
+CVE-2022-25480
+ RESERVED
+CVE-2022-25479
+ RESERVED
+CVE-2022-25478
+ RESERVED
+CVE-2022-25477
+ RESERVED
+CVE-2022-25476
+ RESERVED
+CVE-2022-25475
+ RESERVED
+CVE-2022-25474
+ RESERVED
+CVE-2022-25473
+ RESERVED
+CVE-2022-25472
+ RESERVED
+CVE-2022-25471
+ RESERVED
+CVE-2022-25470
+ RESERVED
+CVE-2022-25469
+ RESERVED
+CVE-2022-25468
+ RESERVED
+CVE-2022-25467
+ RESERVED
+CVE-2022-25466
+ RESERVED
+CVE-2022-25465
+ RESERVED
+CVE-2022-25464
+ RESERVED
+CVE-2022-25463
+ RESERVED
+CVE-2022-25462
+ RESERVED
+CVE-2022-25461
+ RESERVED
+CVE-2022-25460
+ RESERVED
+CVE-2022-25459
+ RESERVED
+CVE-2022-25458
+ RESERVED
+CVE-2022-25457
+ RESERVED
+CVE-2022-25456
+ RESERVED
+CVE-2022-25455
+ RESERVED
+CVE-2022-25454
+ RESERVED
+CVE-2022-25453
+ RESERVED
+CVE-2022-25452
+ RESERVED
+CVE-2022-25451
+ RESERVED
+CVE-2022-25450
+ RESERVED
+CVE-2022-25449
+ RESERVED
+CVE-2022-25448
+ RESERVED
+CVE-2022-25447
+ RESERVED
+CVE-2022-25446
+ RESERVED
+CVE-2022-25445
+ RESERVED
+CVE-2022-25444
+ RESERVED
+CVE-2022-25443
+ RESERVED
+CVE-2022-25442
+ RESERVED
+CVE-2022-25441
+ RESERVED
+CVE-2022-25440
+ RESERVED
+CVE-2022-25439
+ RESERVED
+CVE-2022-25438
+ RESERVED
+CVE-2022-25437
+ RESERVED
+CVE-2022-25436
+ RESERVED
+CVE-2022-25435
+ RESERVED
+CVE-2022-25434
+ RESERVED
+CVE-2022-25433
+ RESERVED
+CVE-2022-25432
+ RESERVED
+CVE-2022-25431
+ RESERVED
+CVE-2022-25430
+ RESERVED
+CVE-2022-25429
+ RESERVED
+CVE-2022-25428
+ RESERVED
+CVE-2022-25427
+ RESERVED
+CVE-2022-25426
+ RESERVED
+CVE-2022-25425
+ RESERVED
+CVE-2022-25424
+ RESERVED
+CVE-2022-25423
+ RESERVED
+CVE-2022-25422
+ RESERVED
+CVE-2022-25421
+ RESERVED
+CVE-2022-25420
+ RESERVED
+CVE-2022-25419
+ RESERVED
+CVE-2022-25418
+ RESERVED
+CVE-2022-25417
+ RESERVED
+CVE-2022-25416
+ RESERVED
+CVE-2022-25415
+ RESERVED
+CVE-2022-25414
+ RESERVED
+CVE-2022-25413
+ RESERVED
+CVE-2022-25412
+ RESERVED
+CVE-2022-25411
+ RESERVED
+CVE-2022-25410
+ RESERVED
+CVE-2022-25409
+ RESERVED
+CVE-2022-25408
+ RESERVED
+CVE-2022-25407
+ RESERVED
+CVE-2022-25406
+ RESERVED
+CVE-2022-25405
+ RESERVED
+CVE-2022-25404
+ RESERVED
+CVE-2022-25403
+ RESERVED
+CVE-2022-25402
+ RESERVED
+CVE-2022-25401
+ RESERVED
+CVE-2022-25400
+ RESERVED
+CVE-2022-25399
+ RESERVED
+CVE-2022-25398
+ RESERVED
+CVE-2022-25397
+ RESERVED
+CVE-2022-25396
+ RESERVED
+CVE-2022-25395
+ RESERVED
+CVE-2022-25394
+ RESERVED
+CVE-2022-25393
+ RESERVED
+CVE-2022-25392
+ RESERVED
+CVE-2022-25391
+ RESERVED
+CVE-2022-25390
+ RESERVED
+CVE-2022-25389
+ RESERVED
+CVE-2022-25388
+ RESERVED
+CVE-2022-25387
+ RESERVED
+CVE-2022-25386
+ RESERVED
+CVE-2022-25385
+ RESERVED
+CVE-2022-25384
+ RESERVED
+CVE-2022-25383
+ RESERVED
+CVE-2022-25382
+ RESERVED
+CVE-2022-25381
+ RESERVED
+CVE-2022-25380
+ RESERVED
+CVE-2022-25379
+ RESERVED
+CVE-2022-25378
+ RESERVED
+CVE-2022-25377
+ RESERVED
+CVE-2022-25376
+ RESERVED
+CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c in the ...)
+ - linux 5.16.10-1
+ NOTE: https://github.com/szymonh/rndis-co
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
+ NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
+CVE-2022-25374
+ RESERVED
+CVE-2022-25373
+ RESERVED
+CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...)
+ NOT-FOR-US: Pritunl Client
+CVE-2022-0698
+ RESERVED
+CVE-2022-0697
+ RESERVED
+CVE-2022-0696 (NULL Pointer Dereference in Conda vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
+ NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428)
+CVE-2022-0695
+ RESERVED
+CVE-2022-25371
+ RESERVED
+CVE-2022-25370
+ RESERVED
+CVE-2022-25355
+ RESERVED
+CVE-2022-0694
+ RESERVED
+CVE-2022-0693
+ RESERVED
+CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
+ NOT-FOR-US: alltube
+CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.9+~1.4.8-1
+ NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
+ NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9)
+CVE-2022-25369
+ RESERVED
+CVE-2022-25368
+ RESERVED
+CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+ NOT-FOR-US: microweber
+CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...)
+ NOT-FOR-US: microweber
+CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0687
+ RESERVED
+CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.9+~1.4.8-1
+ NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
+ NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8)
+CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
+ NOTE: https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 (v8.2.4418)
+CVE-2022-0684
+ RESERVED
+CVE-2022-25367
+ RESERVED
+CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...)
+ NOT-FOR-US: Cryptomator
+CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...)
+ NOT-FOR-US: Docker Desktop
+CVE-2022-25364
+ RESERVED
+CVE-2022-25363
+ RESERVED
+CVE-2022-25362
+ RESERVED
+CVE-2022-25361
+ RESERVED
+CVE-2022-25360
+ RESERVED
+CVE-2022-25359
+ RESERVED
+CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...)
+ NOT-FOR-US: awful-salmonella-tar
+CVE-2022-25357
+ RESERVED
+CVE-2022-25356
+ RESERVED
+CVE-2022-25344
+ RESERVED
+CVE-2022-25343
+ RESERVED
+CVE-2022-25342
+ RESERVED
+CVE-2022-25341
+ RESERVED
+CVE-2022-25340
+ RESERVED
+CVE-2022-25339
+ RESERVED
+CVE-2022-25338
+ RESERVED
+CVE-2022-24914
+ RESERVED
+CVE-2022-24436
+ RESERVED
+CVE-2022-24378
+ RESERVED
+CVE-2022-24067
+ RESERVED
+CVE-2022-23403
+ RESERVED
+CVE-2022-23182
+ RESERVED
+CVE-2022-22139
+ RESERVED
+CVE-2022-21225
+ RESERVED
+CVE-2022-21198
+ RESERVED
+CVE-2022-21183
+ RESERVED
+CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+ NOT-FOR-US: Ibexa
+CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+ NOT-FOR-US: Ibexa
+CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
+ NOT-FOR-US: RigoBlock Dragos
+CVE-2022-25334
+ RESERVED
+CVE-2022-25333
+ RESERVED
+CVE-2022-25332
+ RESERVED
+CVE-2022-25331
+ RESERVED
+CVE-2022-25330
+ RESERVED
+CVE-2022-25329
+ RESERVED
+CVE-2022-25328
+ RESERVED
+CVE-2022-25327
+ RESERVED
+CVE-2022-25326
+ RESERVED
+CVE-2022-23183
+ RESERVED
+CVE-2022-21179
+ RESERVED
+CVE-2022-0683
+ RESERVED
+CVE-2022-0682
+ RESERVED
+CVE-2022-0681
+ RESERVED
+CVE-2022-0680
+ RESERVED
+CVE-2022-0679
+ RESERVED
+CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+ NOT-FOR-US: microweber
+CVE-2022-0677
+ RESERVED
+CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
+ NOT-FOR-US: ZEROF Web Server
+CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...)
+ NOT-FOR-US: ZEROF Web Server
+CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25316
+ RESERVED
+CVE-2022-25312
+ RESERVED
+CVE-2022-21132
+ RESERVED
+CVE-2022-0676 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4. ...)
+ TODO: check
+CVE-2022-0675
+ RESERVED
+CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
+ - expat 2.4.5-1
+ NOTE: https://github.com/libexpat/libexpat/pull/559
+ NOTE: https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9
+CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
+ - expat 2.4.5-1
+ NOTE: https://github.com/libexpat/libexpat/pull/560
+ NOTE: https://github.com/libexpat/libexpat/commit/efcb347440ade24b9f1054671e6bd05e60b4cafd
+CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex ...)
+ - expat 2.4.5-1
+ NOTE: https://github.com/libexpat/libexpat/pull/558
+ NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
+CVE-2022-25311
+ RESERVED
+CVE-2022-25310
+ RESERVED
+CVE-2022-25309
+ RESERVED
+CVE-2022-25308
+ RESERVED
+CVE-2022-25307
+ RESERVED
+CVE-2022-25306
+ RESERVED
+CVE-2022-25305
+ RESERVED
+CVE-2022-21158
+ RESERVED
+CVE-2022-0674
+ RESERVED
+CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...)
+ NOT-FOR-US: LemMinX
+CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...)
+ NOT-FOR-US: LemMinX
+CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...)
+ TODO: check
+CVE-2022-0670
+ RESERVED
+CVE-2022-0669
+ RESERVED
+CVE-2022-0668
+ RESERVED
+CVE-2022-0667
+ RESERVED
+CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...)
+ NOT-FOR-US: microweber
+CVE-2022-0665
+ RESERVED
+CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...)
+ NOT-FOR-US: Go github.com/gravitl/netmaker
+CVE-2022-0663
+ RESERVED
+CVE-2022-0662
+ RESERVED
+CVE-2022-0661
+ RESERVED
+CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ NOT-FOR-US: microweber
+CVE-2022-0659
+ RESERVED
+CVE-2022-0658
+ RESERVED
+CVE-2022-0657
+ RESERVED
+CVE-2022-0656
+ RESERVED
+CVE-2022-XXXX [Arbitrary File Write Vulnerability ]
+ - libpgjava 42.3.3-1
+ NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
+ NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
+CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...)
+ TODO: check
+CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...)
+ NOT-FOR-US: webcc
+CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...)
+ TODO: check
+CVE-2022-25296
+ RESERVED
+CVE-2022-25295
+ RESERVED
+CVE-2022-25294
+ RESERVED
+CVE-2022-25293
+ RESERVED
+CVE-2022-25292
+ RESERVED
+CVE-2022-25291
+ RESERVED
+CVE-2022-25290
+ RESERVED
+CVE-2022-25289
+ RESERVED
+CVE-2022-25288
+ RESERVED
+CVE-2022-25287
+ RESERVED
+CVE-2022-25286
+ RESERVED
+CVE-2022-25285
+ RESERVED
+CVE-2022-25284
+ RESERVED
+CVE-2022-25283
+ RESERVED
+CVE-2022-25282
+ RESERVED
+CVE-2022-25281
+ RESERVED
+CVE-2022-25280
+ RESERVED
+CVE-2022-25279
+ RESERVED
+CVE-2022-25278
+ RESERVED
+CVE-2022-25277
+ RESERVED
+CVE-2022-25276
+ RESERVED
+CVE-2022-25275
+ RESERVED
+CVE-2022-25274
+ RESERVED
+CVE-2022-25273
+ RESERVED
+CVE-2022-25272
+ RESERVED
+CVE-2022-25270 (The Quick Edit module does not properly check entity access in some ci ...)
+ NOT-FOR-US: Drupal 9.x
+CVE-2022-25269
+ RESERVED
+CVE-2022-25268
+ RESERVED
+CVE-2022-25267
+ RESERVED
+CVE-2022-25266
+ RESERVED
+CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may have the ...)
+ - linux <unfixed>
+ NOTE: https://github.com/x0reaxeax/exec-prot-bypass
+CVE-2022-25264
+ RESERVED
+CVE-2022-25263
+ RESERVED
+CVE-2022-25262
+ RESERVED
+CVE-2022-25261
+ RESERVED
+CVE-2022-25260
+ RESERVED
+CVE-2022-25259
+ RESERVED
+CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...)
+ - linux 5.16.10-1
+ NOTE: https://github.com/szymonh/d-os-descriptor
+ NOTE: https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4)
+CVE-2022-0655
+ RESERVED
+CVE-2022-0654
+ RESERVED
+CVE-2022-0653
+ RESERVED
+CVE-2022-0652
+ RESERVED
+CVE-2022-0651
+ RESERVED
+CVE-2022-0650
+ RESERVED
+CVE-2022-0649
+ RESERVED
+CVE-2022-25257
+ RESERVED
+CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...)
+ NOT-FOR-US: SAS Web Report Studio
+CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...)
+ - qt6-base <unfixed>
+ - qtbase-opensource-src 5.15.2+dfsg-15
+ - qtbase-opensource-src-gles <unfixed>
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/393113
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/394914
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396020
+ NOTE: https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff
+ NOTE: https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff
+CVE-2022-25254
+ RESERVED
+CVE-2022-25253
+ RESERVED
+CVE-2022-25252
+ RESERVED
+CVE-2022-25251
+ RESERVED
+CVE-2022-25250
+ RESERVED
+CVE-2022-25249
+ RESERVED
+CVE-2022-25248
+ RESERVED
+CVE-2022-25247
+ RESERVED
+CVE-2022-25246
+ RESERVED
+CVE-2022-24374
+ RESERVED
+CVE-2022-23916
+ RESERVED
+CVE-2022-23810
+ RESERVED
+CVE-2022-21142
+ RESERVED
+CVE-2022-0648
+ RESERVED
+CVE-2022-0647
+ RESERVED
+CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
+ - linux <unfixed>
+ NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
+CVE-2022-0645
+ RESERVED
+CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://git.kernel.org/linus/032146cda85566abcd1c4884d9d23e4e30a07e9a (5.15-rc7)
+CVE-2022-0643
+ RESERVED
+CVE-2022-0642
+ RESERVED
+CVE-2022-0641
+ RESERVED
+CVE-2022-0640
+ RESERVED
+CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.7-1
+ [bullseye] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
+ NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
+CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+ NOT-FOR-US: microweber
+CVE-2022-0637
+ RESERVED
+CVE-2022-0636
+ RESERVED
+CVE-2022-0635
+ RESERVED
+CVE-2022-0634
+ RESERVED
+CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b
+ NOTE: https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d
+CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40
+ NOTE: https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299
+CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
+CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
+ NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397)
+CVE-2022-0628
+ RESERVED
+CVE-2022-0627
+ RESERVED
+CVE-2022-0626
+ RESERVED
+CVE-2022-0625
+ RESERVED
+CVE-2022-0624
+ RESERVED
+CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...)
+ {DLA-2925-1}
+ - drupal7 <removed>
+ NOTE: https://www.drupal.org/sa-core-2022-003
+ NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712
+CVE-2022-25245
+ RESERVED
+CVE-2022-25244
+ RESERVED
+CVE-2022-25243
+ RESERVED
+CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...)
+ NOT-FOR-US: FileCloud
+CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...)
+ NOT-FOR-US: FileCloud
+CVE-2022-25240
+ RESERVED
+CVE-2022-25239
+ RESERVED
+CVE-2022-25238
+ RESERVED
+CVE-2022-25237
+ RESERVED
+CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
+ - expat 2.4.5-1 (bug #1005895)
+ NOTE: https://github.com/libexpat/libexpat/pull/561
+ NOTE: https://github.com/libexpat/libexpat/commit/6881a4fc8596307ab9ff2e85e605afa2e413ab71
+ NOTE: https://github.com/libexpat/libexpat/commit/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4
+ NOTE: https://github.com/libexpat/libexpat/commit/2de077423fb22750ebea599677d523b53cb93b1d
+CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...)
+ - expat 2.4.5-1 (bug #1005894)
+ NOTE: https://github.com/libexpat/libexpat/pull/562
+ NOTE: https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da
+ NOTE: https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6
+ NOTE: https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f
+ NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379
+CVE-2022-25229
+ RESERVED
+CVE-2022-25228
+ RESERVED
+CVE-2022-25227
+ RESERVED
+CVE-2022-25226
+ RESERVED
+CVE-2022-25225
+ RESERVED
+CVE-2022-25224
+ RESERVED
+CVE-2022-25223
+ RESERVED
+CVE-2022-25222
+ RESERVED
+CVE-2022-25221
+ RESERVED
+CVE-2022-25220
+ RESERVED
+CVE-2022-25219
+ RESERVED
+CVE-2022-25218
+ RESERVED
+CVE-2022-25217
+ RESERVED
+CVE-2022-25216
+ RESERVED
+CVE-2022-25215
+ RESERVED
+CVE-2022-25214
+ RESERVED
+CVE-2022-25213
+ RESERVED
+CVE-2022-24915
+ RESERVED
+CVE-2022-24432
+ RESERVED
+CVE-2022-22985
+ RESERVED
+CVE-2022-21146
+ RESERVED
+CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
+ NOTE: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580
+CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0621
+ RESERVED
+CVE-2022-0620
+ RESERVED
+CVE-2022-0619
+ RESERVED
+CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
+ NOT-FOR-US: Jenkins Chef Sinatra Plugin
+CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
+ NOT-FOR-US: Jenkins Pipeline: Multibranch Plugin
+CVE-2022-25169
+ RESERVED
+CVE-2022-25168
+ RESERVED
+CVE-2022-25167
+ RESERVED
+CVE-2022-24435
+ RESERVED
+CVE-2022-23986
+ RESERVED
+CVE-2022-21159
+ RESERVED
+CVE-2022-0618
+ RESERVED
+CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...)
+ - linux 5.16.7-1
+ NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
+ NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
+CVE-2022-0616
+ RESERVED
+CVE-2022-0615
+ RESERVED
+CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
+CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...)
+ NOT-FOR-US: Node urijs
+CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25166
+ RESERVED
+CVE-2022-25165
+ RESERVED
+CVE-2022-25164
+ RESERVED
+CVE-2022-25163
+ RESERVED
+CVE-2022-25162
+ RESERVED
+CVE-2022-25161
+ RESERVED
+CVE-2022-25160
+ RESERVED
+CVE-2022-25159
+ RESERVED
+CVE-2022-25158
+ RESERVED
+CVE-2022-25157
+ RESERVED
+CVE-2022-25156
+ RESERVED
+CVE-2022-25155
+ RESERVED
+CVE-2022-25154
+ RESERVED
+CVE-2022-25153
+ RESERVED
+CVE-2022-25152
+ RESERVED
+CVE-2022-25151
+ RESERVED
+CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...)
+ NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
+CVE-2022-25149
+ RESERVED
+CVE-2022-25148
+ RESERVED
+CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-25147
+ RESERVED
+CVE-2022-0610
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0609
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0608
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0607
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0606
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0605
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0604
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0603
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0602
+ RESERVED
+CVE-2022-0601
+ RESERVED
+CVE-2022-0600
+ RESERVED
+CVE-2022-0599
+ RESERVED
+CVE-2022-0598
+ RESERVED
+CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0595
+ RESERVED
+CVE-2022-0594
+ RESERVED
+CVE-2022-0593
+ RESERVED
+CVE-2022-0592
+ RESERVED
+CVE-2022-0591
+ RESERVED
+CVE-2022-0590
+ RESERVED
+CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-25146
+ RESERVED
+CVE-2022-25145
+ RESERVED
+CVE-2022-25144
+ RESERVED
+CVE-2022-25143
+ RESERVED
+CVE-2022-25142
+ RESERVED
+CVE-2022-25141
+ RESERVED
+CVE-2022-25140
+ RESERVED
+CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...)
+ NOT-FOR-US: njs
+CVE-2022-25138
+ RESERVED
+CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25129
+ RESERVED
+CVE-2022-25128
+ RESERVED
+CVE-2022-25127
+ RESERVED
+CVE-2022-25126
+ RESERVED
+CVE-2022-25125
+ RESERVED
+CVE-2022-25124
+ RESERVED
+CVE-2022-25123
+ RESERVED
+CVE-2022-25122
+ RESERVED
+CVE-2022-25121
+ RESERVED
+CVE-2022-25120
+ RESERVED
+CVE-2022-25119
+ RESERVED
+CVE-2022-25118
+ RESERVED
+CVE-2022-25117
+ RESERVED
+CVE-2022-25116
+ RESERVED
+CVE-2022-25115
+ RESERVED
+CVE-2022-25114
+ RESERVED
+CVE-2022-25113
+ RESERVED
+CVE-2022-25112
+ RESERVED
+CVE-2022-25111
+ RESERVED
+CVE-2022-25110
+ RESERVED
+CVE-2022-25109
+ RESERVED
+CVE-2022-25108
+ RESERVED
+CVE-2022-25107
+ RESERVED
+CVE-2022-25106
+ RESERVED
+CVE-2022-25105
+ RESERVED
+CVE-2022-25104
+ RESERVED
+CVE-2022-25103
+ RESERVED
+CVE-2022-25102
+ RESERVED
+CVE-2022-25101
+ RESERVED
+CVE-2022-25100
+ RESERVED
+CVE-2022-25099
+ RESERVED
+CVE-2022-25098
+ RESERVED
+CVE-2022-25097
+ RESERVED
+CVE-2022-25096
+ RESERVED
+CVE-2022-25095
+ RESERVED
+CVE-2022-25094
+ RESERVED
+CVE-2022-25093
+ RESERVED
+CVE-2022-25092
+ RESERVED
+CVE-2022-25091
+ RESERVED
+CVE-2022-25090
+ RESERVED
+CVE-2022-25089
+ RESERVED
+CVE-2022-25088
+ RESERVED
+CVE-2022-25087
+ RESERVED
+CVE-2022-25086
+ RESERVED
+CVE-2022-25085
+ RESERVED
+CVE-2022-25084
+ RESERVED
+CVE-2022-25083
+ RESERVED
+CVE-2022-25082
+ RESERVED
+CVE-2022-25081
+ RESERVED
+CVE-2022-25080
+ RESERVED
+CVE-2022-25079
+ RESERVED
+CVE-2022-25078
+ RESERVED
+CVE-2022-25077
+ RESERVED
+CVE-2022-25076
+ RESERVED
+CVE-2022-25075
+ RESERVED
+CVE-2022-25074
+ RESERVED
+CVE-2022-25073
+ RESERVED
+CVE-2022-25072
+ RESERVED
+CVE-2022-25071
+ RESERVED
+CVE-2022-25070
+ RESERVED
+CVE-2022-25069
+ RESERVED
+CVE-2022-25068
+ RESERVED
+CVE-2022-25067
+ RESERVED
+CVE-2022-25066
+ RESERVED
+CVE-2022-25065
+ RESERVED
+CVE-2022-25064
+ RESERVED
+CVE-2022-25063
+ RESERVED
+CVE-2022-25062
+ RESERVED
+CVE-2022-25061
+ RESERVED
+CVE-2022-25060
+ RESERVED
+CVE-2022-25059
+ RESERVED
+CVE-2022-25058
+ RESERVED
+CVE-2022-25057
+ RESERVED
+CVE-2022-25056
+ RESERVED
+CVE-2022-25055
+ RESERVED
+CVE-2022-25054
+ RESERVED
+CVE-2022-25053
+ RESERVED
+CVE-2022-25052
+ RESERVED
+CVE-2022-25051
+ RESERVED
+CVE-2022-25050
+ RESERVED
+CVE-2022-25049
+ RESERVED
+CVE-2022-25048
+ RESERVED
+CVE-2022-25047
+ RESERVED
+CVE-2022-25046
+ RESERVED
+CVE-2022-25045
+ RESERVED
+CVE-2022-25044
+ RESERVED
+CVE-2022-25043
+ RESERVED
+CVE-2022-25042
+ RESERVED
+CVE-2022-25041
+ RESERVED
+CVE-2022-25040
+ RESERVED
+CVE-2022-25039
+ RESERVED
+CVE-2022-25038
+ RESERVED
+CVE-2022-25037
+ RESERVED
+CVE-2022-25036
+ RESERVED
+CVE-2022-25035
+ RESERVED
+CVE-2022-25034
+ RESERVED
+CVE-2022-25033
+ RESERVED
+CVE-2022-25032
+ RESERVED
+CVE-2022-25031
+ RESERVED
+CVE-2022-25030
+ RESERVED
+CVE-2022-25029
+ RESERVED
+CVE-2022-25028
+ RESERVED
+CVE-2022-25027
+ RESERVED
+CVE-2022-25026
+ RESERVED
+CVE-2022-25025
+ RESERVED
+CVE-2022-25024
+ RESERVED
+CVE-2022-25023
+ RESERVED
+CVE-2022-25022
+ RESERVED
+CVE-2022-25021
+ RESERVED
+CVE-2022-25020
+ RESERVED
+CVE-2022-25019
+ RESERVED
+CVE-2022-25018
+ RESERVED
+CVE-2022-25017
+ RESERVED
+CVE-2022-25016
+ RESERVED
+CVE-2022-25015
+ RESERVED
+CVE-2022-25014
+ RESERVED
+CVE-2022-25013
+ RESERVED
+CVE-2022-25012
+ RESERVED
+CVE-2022-25011
+ RESERVED
+CVE-2022-25010
+ RESERVED
+CVE-2022-25009
+ RESERVED
+CVE-2022-25008
+ RESERVED
+CVE-2022-25007
+ RESERVED
+CVE-2022-25006
+ RESERVED
+CVE-2022-25005
+ RESERVED
+CVE-2022-25004
+ RESERVED
+CVE-2022-25003
+ RESERVED
+CVE-2022-25002
+ RESERVED
+CVE-2022-25001
+ RESERVED
+CVE-2022-25000
+ RESERVED
+CVE-2022-24999
+ RESERVED
+CVE-2022-24998
+ RESERVED
+CVE-2022-24997
+ RESERVED
+CVE-2022-24996
+ RESERVED
+CVE-2022-24995
+ RESERVED
+CVE-2022-24994
+ RESERVED
+CVE-2022-24993
+ RESERVED
+CVE-2022-24992
+ RESERVED
+CVE-2022-24991
+ RESERVED
+CVE-2022-24990
+ RESERVED
+CVE-2022-24989
+ RESERVED
+CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...)
+ NOT-FOR-US: galois_2p8
+CVE-2022-24987
+ RESERVED
+CVE-2022-24986
+ RESERVED
+CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if file-upload ca ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24983 (Forms generated by JQueryForm.com before 2022-02-05 allow remote attac ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
+CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054049
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-02.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17829
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17842
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17847
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17855
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17891
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17925
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17926
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17931
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17932
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17933
+CVE-2022-0584
+ RESERVED
+CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html
+CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html
+CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
+CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2022-24978
+ RESERVED
+CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...)
+ NOT-FOR-US: ImpressCMS
+CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0578
+ RESERVED
+CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...)
+ - atheme-services 7.2.12-1
+ [bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - atheme-services <postponed> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4
+ NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
+CVE-2022-0577
+ RESERVED
+CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms pr ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0574
+ RESERVED
+CVE-2022-0573
+ RESERVED
+CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
+ NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359)
+CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...)
+ - phoronix-test-suite <removed>
+CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1
+ NOTE: https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad
+CVE-2022-0569 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...)
+ - git <unfixed> (unimportant)
+ NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
+ NOTE: CVE is specifically about --mirror documentation not mentioning the availability
+ NOTE: of deleted content.
+CVE-2022-24974
+ RESERVED
+CVE-2022-24973
+ RESERVED
+CVE-2022-24972
+ RESERVED
+CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24970
+ RESERVED
+CVE-2022-24969
+ RESERVED
+CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...)
+ NOT-FOR-US: Mellium
+CVE-2022-24967
+ RESERVED
+CVE-2022-24966
+ RESERVED
+CVE-2022-24965
+ RESERVED
+CVE-2022-24964
+ RESERVED
+CVE-2022-24963
+ RESERVED
+CVE-2022-24962
+ RESERVED
+CVE-2022-0568
+ RESERVED
+CVE-2022-0567
+ RESERVED
+CVE-2022-0566
+ RESERVED
+ - thunderbird 1:91.6.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566
+CVE-2022-0565 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: pimcore
+CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...)
+ NOT-FOR-US: Portainer
+CVE-2022-24960
+ RESERVED
+CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There is a ...)
+ - linux 5.16.7-1
+ NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2)
+CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...)
+ - linux <unfixed>
+ NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1)
+ NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1)
+CVE-2022-24957
+ RESERVED
+CVE-2022-24956
+ RESERVED
+CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent addition ...)
+ - php-crypt-gpg 1.6.7-1 (bug #1005921)
+ [bullseye] - php-crypt-gpg <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7)
+CVE-2022-24952
+ RESERVED
+CVE-2022-24951
+ RESERVED
+CVE-2022-24950
+ RESERVED
+CVE-2022-24949
+ RESERVED
+CVE-2022-24948
+ RESERVED
+CVE-2022-24947
+ RESERVED
+CVE-2022-24946
+ RESERVED
+CVE-2022-24945
+ RESERVED
+CVE-2022-24944
+ RESERVED
+CVE-2022-24943
+ RESERVED
+CVE-2022-24942
+ RESERVED
+CVE-2022-24941
+ RESERVED
+CVE-2022-24940
+ RESERVED
+CVE-2022-24939
+ RESERVED
+CVE-2022-24938
+ RESERVED
+CVE-2022-24937
+ RESERVED
+CVE-2022-24936
+ RESERVED
+CVE-2022-24935
+ RESERVED
+CVE-2022-24934
+ RESERVED
+CVE-2022-24933
+ RESERVED
+CVE-2022-24932
+ RESERVED
+CVE-2022-24931
+ RESERVED
+CVE-2022-24930
+ RESERVED
+CVE-2022-24929
+ RESERVED
+CVE-2022-24928
+ RESERVED
+CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24925 (Improper input validation vulnerability in SettingsProvider prior to A ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24924 (An improper access control in LiveWallpaperService prior to versions 3 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24922
+ RESERVED
+CVE-2022-24921
+ RESERVED
+CVE-2022-24920
+ RESERVED
+CVE-2022-24919
+ RESERVED
+CVE-2022-24918
+ RESERVED
+CVE-2022-24917
+ RESERVED
+CVE-2022-24911
+ RESERVED
+CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...)
+ NOT-FOR-US: Qlik Sense Enterprise
+CVE-2022-24916 (Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing b ...)
+ NOT-FOR-US: Optimism
+CVE-2022-24908
+ RESERVED
+CVE-2022-24907
+ RESERVED
+CVE-2022-24906
+ RESERVED
+CVE-2022-24905
+ RESERVED
+CVE-2022-24904
+ RESERVED
+CVE-2022-24903
+ RESERVED
+CVE-2022-24902
+ RESERVED
+CVE-2022-24901
+ RESERVED
+CVE-2022-24900
+ RESERVED
+CVE-2022-24899
+ RESERVED
+CVE-2022-24898
+ RESERVED
+CVE-2022-24897
+ RESERVED
+CVE-2022-24896
+ RESERVED
+CVE-2022-24895
+ RESERVED
+CVE-2022-24894
+ RESERVED
+CVE-2022-24893
+ RESERVED
+CVE-2022-24892
+ RESERVED
+CVE-2022-24891
+ RESERVED
+CVE-2022-24890
+ RESERVED
+CVE-2022-24889
+ RESERVED
+CVE-2022-24888
+ RESERVED
+CVE-2022-24887
+ RESERVED
+CVE-2022-24886
+ RESERVED
+CVE-2022-24885
+ RESERVED
+CVE-2022-24884
+ RESERVED
+CVE-2022-24883
+ RESERVED
+CVE-2022-24882
+ RESERVED
+CVE-2022-24881
+ RESERVED
+CVE-2022-24880
+ RESERVED
+CVE-2022-24879
+ RESERVED
+CVE-2022-24878
+ RESERVED
+CVE-2022-24877
+ RESERVED
+CVE-2022-24876
+ RESERVED
+CVE-2022-24875
+ RESERVED
+CVE-2022-24874
+ RESERVED
+CVE-2022-24873
+ RESERVED
+CVE-2022-24872
+ RESERVED
+CVE-2022-24871
+ RESERVED
+CVE-2022-24870
+ RESERVED
+CVE-2022-24869
+ RESERVED
+CVE-2022-24868
+ RESERVED
+CVE-2022-24867
+ RESERVED
+CVE-2022-24866
+ RESERVED
+CVE-2022-24865
+ RESERVED
+CVE-2022-24864
+ RESERVED
+CVE-2022-24863
+ RESERVED
+CVE-2022-24862
+ RESERVED
+CVE-2022-24861
+ RESERVED
+CVE-2022-24860
+ RESERVED
+CVE-2022-24859
+ RESERVED
+CVE-2022-24858
+ RESERVED
+CVE-2022-24857
+ RESERVED
+CVE-2022-24856
+ RESERVED
+CVE-2022-24855
+ RESERVED
+CVE-2022-24854
+ RESERVED
+CVE-2022-24853
+ RESERVED
+CVE-2022-24852
+ RESERVED
+CVE-2022-24851
+ RESERVED
+CVE-2022-24850
+ RESERVED
+CVE-2022-24849
+ RESERVED
+CVE-2022-24848
+ RESERVED
+CVE-2022-24847
+ RESERVED
+CVE-2022-24846
+ RESERVED
+CVE-2022-24845
+ RESERVED
+CVE-2022-24844
+ RESERVED
+CVE-2022-24843
+ RESERVED
+CVE-2022-24842
+ RESERVED
+CVE-2022-24841
+ RESERVED
+CVE-2022-24840
+ RESERVED
+CVE-2022-24839
+ RESERVED
+CVE-2022-24838
+ RESERVED
+CVE-2022-24837
+ RESERVED
+CVE-2022-24836
+ RESERVED
+CVE-2022-24835
+ RESERVED
+CVE-2022-24834
+ RESERVED
+CVE-2022-24833
+ RESERVED
+CVE-2022-24832
+ RESERVED
+CVE-2022-24831
+ RESERVED
+CVE-2022-24830
+ RESERVED
+CVE-2022-24829
+ RESERVED
+CVE-2022-24828
+ RESERVED
+CVE-2022-24827
+ RESERVED
+CVE-2022-24826
+ RESERVED
+CVE-2022-24825
+ RESERVED
+CVE-2022-24824
+ RESERVED
+CVE-2022-24823
+ RESERVED
+CVE-2022-24822
+ RESERVED
+CVE-2022-24821
+ RESERVED
+CVE-2022-24820
+ RESERVED
+CVE-2022-24819
+ RESERVED
+CVE-2022-24818
+ RESERVED
+CVE-2022-24817
+ RESERVED
+CVE-2022-24816
+ RESERVED
+CVE-2022-24815
+ RESERVED
+CVE-2022-24814
+ RESERVED
+CVE-2022-24813
+ RESERVED
+CVE-2022-24812
+ RESERVED
+CVE-2022-24811
+ RESERVED
+CVE-2022-24810
+ RESERVED
+CVE-2022-24809
+ RESERVED
+CVE-2022-24808
+ RESERVED
+CVE-2022-24807
+ RESERVED
+CVE-2022-24806
+ RESERVED
+CVE-2022-24805
+ RESERVED
+CVE-2022-24804
+ RESERVED
+CVE-2022-24803
+ RESERVED
+CVE-2022-24802
+ RESERVED
+CVE-2022-24801
+ RESERVED
+CVE-2022-24800
+ RESERVED
+CVE-2022-24799
+ RESERVED
+CVE-2022-24798
+ RESERVED
+CVE-2022-24797
+ RESERVED
+CVE-2022-24796
+ RESERVED
+CVE-2022-24795
+ RESERVED
+CVE-2022-24794
+ RESERVED
+CVE-2022-24793
+ RESERVED
+CVE-2022-24792
+ RESERVED
+CVE-2022-24791
+ RESERVED
+CVE-2022-24790
+ RESERVED
+CVE-2022-24789
+ RESERVED
+CVE-2022-24788
+ RESERVED
+CVE-2022-24787
+ RESERVED
+CVE-2022-24786
+ RESERVED
+CVE-2022-24785
+ RESERVED
+CVE-2022-24784
+ RESERVED
+CVE-2022-24783
+ RESERVED
+CVE-2022-24782
+ RESERVED
+CVE-2022-24781
+ RESERVED
+CVE-2022-24780
+ RESERVED
+CVE-2022-24779
+ RESERVED
+CVE-2022-24778
+ RESERVED
+CVE-2022-24777
+ RESERVED
+CVE-2022-24776
+ RESERVED
+CVE-2022-24775
+ RESERVED
+CVE-2022-24774
+ RESERVED
+CVE-2022-24773
+ RESERVED
+CVE-2022-24772
+ RESERVED
+CVE-2022-24771
+ RESERVED
+CVE-2022-24770
+ RESERVED
+CVE-2022-24769
+ RESERVED
+CVE-2022-24768
+ RESERVED
+CVE-2022-24767
+ RESERVED
+CVE-2022-24766
+ RESERVED
+CVE-2022-24765
+ RESERVED
+CVE-2022-24764
+ RESERVED
+CVE-2022-24763
+ RESERVED
+CVE-2022-24762
+ RESERVED
+CVE-2022-24761
+ RESERVED
+CVE-2022-24760
+ RESERVED
+CVE-2022-24759
+ RESERVED
+CVE-2022-24758
+ RESERVED
+CVE-2022-24757
+ RESERVED
+CVE-2022-24756
+ RESERVED
+CVE-2022-24755
+ RESERVED
+CVE-2022-24754
+ RESERVED
+CVE-2022-24753
+ RESERVED
+CVE-2022-24752
+ RESERVED
+CVE-2022-24751
+ RESERVED
+CVE-2022-24750
+ RESERVED
+CVE-2022-24749
+ RESERVED
+CVE-2022-24748
+ RESERVED
+CVE-2022-24747
+ RESERVED
+CVE-2022-24746
+ RESERVED
+CVE-2022-24745
+ RESERVED
+CVE-2022-24744
+ RESERVED
+CVE-2022-24743
+ RESERVED
+CVE-2022-24742
+ RESERVED
+CVE-2022-24741
+ RESERVED
+CVE-2022-24740
+ RESERVED
+CVE-2022-24739
+ RESERVED
+CVE-2022-24738
+ RESERVED
+CVE-2022-24737
+ RESERVED
+CVE-2022-24736
+ RESERVED
+CVE-2022-24735
+ RESERVED
+CVE-2022-24734
+ RESERVED
+CVE-2022-24733
+ RESERVED
+CVE-2022-24732
+ RESERVED
+CVE-2022-24731
+ RESERVED
+CVE-2022-24730
+ RESERVED
+CVE-2022-24729
+ RESERVED
+CVE-2022-24728
+ RESERVED
+CVE-2022-24727
+ RESERVED
+CVE-2022-24726
+ RESERVED
+CVE-2022-24725
+ RESERVED
+CVE-2022-24724
+ RESERVED
+CVE-2022-24723
+ RESERVED
+CVE-2022-24722
+ RESERVED
+CVE-2022-24721
+ RESERVED
+CVE-2022-24720
+ RESERVED
+CVE-2022-24719
+ RESERVED
+CVE-2022-24718
+ RESERVED
+CVE-2022-24717
+ RESERVED
+CVE-2022-24716
+ RESERVED
+CVE-2022-24715
+ RESERVED
+CVE-2022-24714
+ RESERVED
+CVE-2022-24713
+ RESERVED
+CVE-2022-24712
+ RESERVED
+CVE-2022-24711
+ RESERVED
+CVE-2022-24710
+ RESERVED
+CVE-2022-24709
+ RESERVED
+CVE-2022-24708
+ RESERVED
+CVE-2022-24707
+ RESERVED
+CVE-2022-24706
+ RESERVED
+CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2022-23922
+ RESERVED
+CVE-2022-23104
+ RESERVED
+CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...)
+ - util-linux <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
+ NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
+ NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
+ NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided
+ NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh
+CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...)
+ - tiff 4.3.0-4
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
+ NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
+CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...)
+ - tiff 4.3.0-4
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
+ NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
+CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e
+ NOTE: https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e
+CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...)
+ NOT-FOR-US: microweber
+CVE-2022-24703
+ RESERVED
+CVE-2022-24702
+ RESERVED
+CVE-2022-24701
+ RESERVED
+CVE-2022-24700
+ RESERVED
+CVE-2022-0556
+ RESERVED
+CVE-2022-0555
+ RESERVED
+CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/
+ NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327)
+CVE-2022-0553
+ RESERVED
+CVE-2022-0552
+ RESERVED
+CVE-2022-24699
+ RESERVED
+CVE-2022-24698
+ RESERVED
+CVE-2022-24697
+ RESERVED
+CVE-2022-0551
+ RESERVED
+CVE-2022-0550
+ RESERVED
+CVE-2022-0549
+ RESERVED
+CVE-2022-0548
+ RESERVED
+CVE-2022-24696
+ RESERVED
+CVE-2022-24695
+ RESERVED
+CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...)
+ - mahara <removed>
+CVE-2022-24693
+ RESERVED
+CVE-2022-24692
+ RESERVED
+CVE-2022-24691
+ RESERVED
+CVE-2022-24690
+ RESERVED
+CVE-2022-24689
+ RESERVED
+CVE-2022-24688
+ RESERVED
+CVE-2022-24687
+ RESERVED
+CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
+ - nomad <unfixed>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
+CVE-2022-24685
+ RESERVED
+CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
+ - nomad <undetermined>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
+CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
+ - nomad <unfixed>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
+CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
+ NOT-FOR-US: Zimbra
+CVE-2022-24681
+ RESERVED
+CVE-2022-24680
+ RESERVED
+CVE-2022-24679
+ RESERVED
+CVE-2022-24678
+ RESERVED
+CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...)
+ NOT-FOR-US: HYBBS2
+CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...)
+ NOT-FOR-US: HYBBS2
+CVE-2022-24675
+ RESERVED
+CVE-2022-24674
+ RESERVED
+CVE-2022-24673
+ RESERVED
+CVE-2022-24672
+ RESERVED
+CVE-2022-24383
+ RESERVED
+CVE-2022-21228
+ RESERVED
+CVE-2022-21214
+ RESERVED
+CVE-2022-21202
+ RESERVED
+CVE-2022-21168
+ RESERVED
+CVE-2022-24671
+ RESERVED
+CVE-2022-24670
+ RESERVED
+CVE-2022-24669
+ RESERVED
+CVE-2022-0547
+ RESERVED
+CVE-2022-0546
+ RESERVED
+CVE-2022-0545
+ RESERVED
+CVE-2022-0544
+ RESERVED
+CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...)
+ {DSA-5081-1}
+ - redis <unfixed> (bug #1005787)
+ NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
+CVE-2022-0542
+ RESERVED
+CVE-2022-0541
+ RESERVED
+CVE-2022-0540
+ RESERVED
+CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
+ NOT-FOR-US: beanstalk_console
+CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
+ - jenkins <removed>
+CVE-2022-0537
+ RESERVED
+CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
+ - node-follow-redirects 1.14.8+~1.14.0-1
+ [bullseye] - node-follow-redirects <no-dsa> (Minor issue)
+ [buster] - node-follow-redirects <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/
+ NOTE: https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8)
+CVE-2022-0535
+ RESERVED
+CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
+ - htmldoc 1.9.15-1 (unimportant)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
+ NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15)
+ NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0533
+ RESERVED
+CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...)
+ NOT-FOR-US: cri-o
+CVE-2022-0531
+ RESERVED
+CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
+ - unzip <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
+ - unzip <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402
+CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ NOT-FOR-US: swift-nio-http2
+CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ NOT-FOR-US: swift-nio-http2
+CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ NOT-FOR-US: swift-nio-http2
+CVE-2022-0528
+ RESERVED
+CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
+ NOT-FOR-US: chatwoot
+CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
+ NOT-FOR-US: chatwoot
+CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9
+ NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7
+CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
+ NOT-FOR-US: Publify
+CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
+ NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269
+CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...)
+ NOT-FOR-US: Node radare2.js
+CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca
+ NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
+CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...)
+ NOT-FOR-US: Node radare2.js
+CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3
+ NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
+CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184
+ NOTE: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
+CVE-2022-0517
+ RESERVED
+CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest]
+ RESERVED
+ - linux 5.16.10-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2
+CVE-2022-24665 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+ NOT-FOR-US: PHP Everywhere
+CVE-2022-24664 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+ NOT-FOR-US: PHP Everywhere
+CVE-2022-24663 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+ NOT-FOR-US: PHP Everywhere
+CVE-2022-24662
+ RESERVED
+CVE-2022-24661
+ RESERVED
+CVE-2022-24660
+ RESERVED
+CVE-2022-24659
+ RESERVED
+CVE-2022-24658
+ RESERVED
+CVE-2022-24657
+ RESERVED
+CVE-2022-24656
+ RESERVED
+CVE-2022-24655
+ RESERVED
+CVE-2022-24654
+ RESERVED
+CVE-2022-24653
+ RESERVED
+CVE-2022-24652
+ RESERVED
+CVE-2022-24651
+ RESERVED
+CVE-2022-24650
+ RESERVED
+CVE-2022-24649
+ RESERVED
+CVE-2022-24648
+ RESERVED
+CVE-2022-24647 (Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vu ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2022-24645
+ RESERVED
+CVE-2022-24644
+ RESERVED
+CVE-2022-24643
+ RESERVED
+CVE-2022-24642
+ RESERVED
+CVE-2022-24641
+ RESERVED
+CVE-2022-24640
+ RESERVED
+CVE-2022-24639
+ RESERVED
+CVE-2022-24638
+ RESERVED
+CVE-2022-24637
+ RESERVED
+CVE-2022-24636
+ RESERVED
+CVE-2022-24635
+ RESERVED
+CVE-2022-24634
+ RESERVED
+CVE-2022-24633
+ RESERVED
+CVE-2022-24632
+ RESERVED
+CVE-2022-24631
+ RESERVED
+CVE-2022-24630
+ RESERVED
+CVE-2022-24629
+ RESERVED
+CVE-2022-24628
+ RESERVED
+CVE-2022-24627
+ RESERVED
+CVE-2022-24626
+ RESERVED
+CVE-2022-24625
+ RESERVED
+CVE-2022-24624
+ RESERVED
+CVE-2022-24623
+ RESERVED
+CVE-2022-24622
+ RESERVED
+CVE-2022-24621
+ RESERVED
+CVE-2022-24620
+ RESERVED
+CVE-2022-24619
+ RESERVED
+CVE-2022-24618
+ RESERVED
+CVE-2022-24617
+ RESERVED
+CVE-2022-24616
+ RESERVED
+CVE-2022-24615
+ RESERVED
+CVE-2022-24614
+ RESERVED
+CVE-2022-24613
+ RESERVED
+CVE-2022-24612
+ RESERVED
+CVE-2022-24611
+ RESERVED
+CVE-2022-24610
+ RESERVED
+CVE-2022-24609
+ RESERVED
+CVE-2022-24608
+ RESERVED
+CVE-2022-24607
+ RESERVED
+CVE-2022-24606
+ RESERVED
+CVE-2022-24605
+ RESERVED
+CVE-2022-24604
+ RESERVED
+CVE-2022-24603
+ RESERVED
+CVE-2022-24602
+ RESERVED
+CVE-2022-24601
+ RESERVED
+CVE-2022-24600
+ RESERVED
+CVE-2022-24599
+ RESERVED
+CVE-2022-24598
+ RESERVED
+CVE-2022-24597
+ RESERVED
+CVE-2022-24596
+ RESERVED
+CVE-2022-24595
+ RESERVED
+CVE-2022-24594
+ RESERVED
+CVE-2022-24593
+ RESERVED
+CVE-2022-24592
+ RESERVED
+CVE-2022-24591
+ RESERVED
+CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...)
+ NOT-FOR-US: BackdropCMS
+CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...)
+ NOT-FOR-US: Burden
+CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
+ NOT-FOR-US: Flatpress
+CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
+ - pluxml <undetermined>
+ NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf
+ TODO: check if reported upstream
+CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+ - pluxml <undetermined>
+ NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf
+ TODO: check if reported upstream
+CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+ - pluxml <undetermined>
+ NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
+ TODO: check if reported upstream
+CVE-2022-24584
+ RESERVED
+CVE-2022-24583
+ RESERVED
+CVE-2022-24582
+ RESERVED
+CVE-2022-24581
+ RESERVED
+CVE-2022-24580
+ RESERVED
+CVE-2022-24579
+ RESERVED
+CVE-2022-24578
+ RESERVED
+CVE-2022-24577
+ RESERVED
+CVE-2022-24576
+ RESERVED
+CVE-2022-24575
+ RESERVED
+CVE-2022-24574
+ RESERVED
+CVE-2022-24573
+ RESERVED
+CVE-2022-24572
+ RESERVED
+CVE-2022-24571
+ RESERVED
+CVE-2022-24570
+ RESERVED
+CVE-2022-24569
+ RESERVED
+CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Reque ...)
+ NOT-FOR-US: Novel-plus
+CVE-2022-24567
+ RESERVED
+CVE-2022-24566
+ RESERVED
+CVE-2022-24565
+ RESERVED
+CVE-2022-24564 (Checkmk &lt;=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2022-24563
+ RESERVED
+CVE-2022-24562
+ RESERVED
+CVE-2022-24561
+ RESERVED
+CVE-2022-24560
+ RESERVED
+CVE-2022-24559
+ RESERVED
+CVE-2022-24558
+ RESERVED
+CVE-2022-24557
+ RESERVED
+CVE-2022-24556
+ RESERVED
+CVE-2022-24555
+ RESERVED
+CVE-2022-24554
+ RESERVED
+CVE-2022-24553 (An issue was found in Zfaka &lt;= 1.4.5. The verification of the backg ...)
+ NOT-FOR-US: Zfaka
+CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...)
+ NOT-FOR-US: StarWind
+CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...)
+ NOT-FOR-US: StarWind
+CVE-2022-24550
+ RESERVED
+CVE-2022-24549
+ RESERVED
+CVE-2022-24548
+ RESERVED
+CVE-2022-24547
+ RESERVED
+CVE-2022-24546
+ RESERVED
+CVE-2022-24545
+ RESERVED
+CVE-2022-24544
+ RESERVED
+CVE-2022-24543
+ RESERVED
+CVE-2022-24542
+ RESERVED
+CVE-2022-24541
+ RESERVED
+CVE-2022-24540
+ RESERVED
+CVE-2022-24539
+ RESERVED
+CVE-2022-24538
+ RESERVED
+CVE-2022-24537
+ RESERVED
+CVE-2022-24536
+ RESERVED
+CVE-2022-24535
+ RESERVED
+CVE-2022-24534
+ RESERVED
+CVE-2022-24533
+ RESERVED
+CVE-2022-24532
+ RESERVED
+CVE-2022-24531
+ RESERVED
+CVE-2022-24530
+ RESERVED
+CVE-2022-24529
+ RESERVED
+CVE-2022-24528
+ RESERVED
+CVE-2022-24527
+ RESERVED
+CVE-2022-24526
+ RESERVED
+CVE-2022-24525
+ RESERVED
+CVE-2022-24524
+ RESERVED
+CVE-2022-24523
+ RESERVED
+CVE-2022-24522
+ RESERVED
+CVE-2022-24521
+ RESERVED
+CVE-2022-24520
+ RESERVED
+CVE-2022-24519
+ RESERVED
+CVE-2022-24518
+ RESERVED
+CVE-2022-24517
+ RESERVED
+CVE-2022-24516
+ RESERVED
+CVE-2022-24515
+ RESERVED
+CVE-2022-24514
+ RESERVED
+CVE-2022-24513
+ RESERVED
+CVE-2022-24512
+ RESERVED
+CVE-2022-24511
+ RESERVED
+CVE-2022-24510
+ RESERVED
+CVE-2022-24509
+ RESERVED
+CVE-2022-24508
+ RESERVED
+CVE-2022-24507
+ RESERVED
+CVE-2022-24506
+ RESERVED
+CVE-2022-24505
+ RESERVED
+CVE-2022-24504
+ RESERVED
+CVE-2022-24503
+ RESERVED
+CVE-2022-24502
+ RESERVED
+CVE-2022-24501
+ RESERVED
+CVE-2022-24500
+ RESERVED
+CVE-2022-24499
+ RESERVED
+CVE-2022-24498
+ RESERVED
+CVE-2022-24497
+ RESERVED
+CVE-2022-24496
+ RESERVED
+CVE-2022-24495
+ RESERVED
+CVE-2022-24494
+ RESERVED
+CVE-2022-24493
+ RESERVED
+CVE-2022-24492
+ RESERVED
+CVE-2022-24491
+ RESERVED
+CVE-2022-24490
+ RESERVED
+CVE-2022-24489
+ RESERVED
+CVE-2022-24488
+ RESERVED
+CVE-2022-24487
+ RESERVED
+CVE-2022-24486
+ RESERVED
+CVE-2022-24485
+ RESERVED
+CVE-2022-24484
+ RESERVED
+CVE-2022-24483
+ RESERVED
+CVE-2022-24482
+ RESERVED
+CVE-2022-24481
+ RESERVED
+CVE-2022-24480
+ RESERVED
+CVE-2022-24479
+ RESERVED
+CVE-2022-24478
+ RESERVED
+CVE-2022-24477
+ RESERVED
+CVE-2022-24476
+ RESERVED
+CVE-2022-24475
+ RESERVED
+CVE-2022-24474
+ RESERVED
+CVE-2022-24473
+ RESERVED
+CVE-2022-24472
+ RESERVED
+CVE-2022-24471
+ RESERVED
+CVE-2022-24470
+ RESERVED
+CVE-2022-24469
+ RESERVED
+CVE-2022-24468
+ RESERVED
+CVE-2022-24467
+ RESERVED
+CVE-2022-24466
+ RESERVED
+CVE-2022-24465
+ RESERVED
+CVE-2022-24464
+ RESERVED
+CVE-2022-24463
+ RESERVED
+CVE-2022-24462
+ RESERVED
+CVE-2022-24461
+ RESERVED
+CVE-2022-24460
+ RESERVED
+CVE-2022-24459
+ RESERVED
+CVE-2022-24458
+ RESERVED
+CVE-2022-24457
+ RESERVED
+CVE-2022-24456
+ RESERVED
+CVE-2022-24455
+ RESERVED
+CVE-2022-24454
+ RESERVED
+CVE-2022-24453
+ RESERVED
+CVE-2022-24452
+ RESERVED
+CVE-2022-24451
+ RESERVED
+CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...)
+ NOT-FOR-US: nats-server
+CVE-2022-24449
+ RESERVED
+CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...)
+ - linux 5.16.7-1
+ NOTE: Fixed by: https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2)
+CVE-2022-24447
+ RESERVED
+CVE-2022-24446
+ RESERVED
+CVE-2022-24445
+ REJECTED
+CVE-2022-24444
+ RESERVED
+CVE-2022-24443
+ RESERVED
+CVE-2022-24442
+ RESERVED
+CVE-2022-24428
+ RESERVED
+CVE-2022-24427
+ RESERVED
+CVE-2022-24426
+ RESERVED
+CVE-2022-24425
+ RESERVED
+CVE-2022-24424
+ RESERVED
+CVE-2022-24423
+ RESERVED
+CVE-2022-24422
+ RESERVED
+CVE-2022-24421
+ RESERVED
+CVE-2022-24420
+ RESERVED
+CVE-2022-24419
+ RESERVED
+CVE-2022-24418
+ RESERVED
+CVE-2022-24417
+ RESERVED
+CVE-2022-24416
+ RESERVED
+CVE-2022-24415
+ RESERVED
+CVE-2022-24414
+ RESERVED
+CVE-2022-24413
+ RESERVED
+CVE-2022-24412
+ RESERVED
+CVE-2022-24411
+ RESERVED
+CVE-2022-24410
+ RESERVED
+CVE-2022-24409
+ RESERVED
+CVE-2022-24380
+ RESERVED
+CVE-2022-22147
+ RESERVED
+CVE-2022-21130
+ RESERVED
+CVE-2022-0515
+ RESERVED
+CVE-2022-0514
+ RESERVED
+CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.7-1
+ [bullseye] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
+ NOTE: https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 (1.5.6)
+CVE-2022-0511
+ RESERVED
+ - firefox 97.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511
+CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore pr ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0507
+ RESERVED
+CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+ NOT-FOR-US: microweber
+CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ NOT-FOR-US: microweber
+CVE-2022-0503
+ RESERVED
+CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-24408
+ RESERVED
+CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...)
+ NOT-FOR-US: beanstalk_console
+CVE-2022-0500
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
+CVE-2022-0499
+ RESERVED
+CVE-2022-0498
+ REJECTED
+CVE-2022-0497
+ RESERVED
+ - openscad 2021.01-4 (unimportant; bug #1005641)
+ NOTE: https://github.com/openscad/openscad/issues/4043
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0496
+ RESERVED
+ - openscad 2021.01-4 (unimportant; bug #1005641)
+ NOTE: https://github.com/openscad/openscad/issues/4037
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0495
+ RESERVED
+CVE-2022-0494
+ RESERVED
+CVE-2022-0493
+ RESERVED
+CVE-2022-24407
+ RESERVED
+CVE-2022-24406
+ RESERVED
+CVE-2022-24405
+ RESERVED
+CVE-2022-24404
+ RESERVED
+CVE-2022-24403
+ RESERVED
+CVE-2022-24402
+ RESERVED
+CVE-2022-24401
+ RESERVED
+CVE-2022-24400
+ RESERVED
+CVE-2022-24382
+ RESERVED
+CVE-2022-24379
+ RESERVED
+CVE-2022-24297
+ RESERVED
+CVE-2022-23917
+ RESERVED
+CVE-2022-23914
+ RESERVED
+CVE-2022-22730
+ RESERVED
+CVE-2022-21807
+ RESERVED
+CVE-2022-21795
+ RESERVED
+CVE-2022-21233
+ RESERVED
+CVE-2022-21128
+ RESERVED
+CVE-2022-0492 [cgroup-v1: Require capabilities to set release_agent]
+ RESERVED
+ - linux 5.16.7-1
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1
+ NOTE: https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af
+CVE-2022-0491
+ RESERVED
+CVE-2022-0490
+ RESERVED
+CVE-2022-0489
+ RESERVED
+CVE-2022-0488
+ RESERVED
+CVE-2022-24399
+ RESERVED
+CVE-2022-24398
+ RESERVED
+CVE-2022-24397
+ RESERVED
+CVE-2022-24396
+ RESERVED
+CVE-2022-24395
+ RESERVED
+CVE-2022-24394
+ RESERVED
+CVE-2022-24393
+ RESERVED
+CVE-2022-24392
+ RESERVED
+CVE-2022-24391
+ RESERVED
+CVE-2022-24390
+ RESERVED
+CVE-2022-24389
+ RESERVED
+CVE-2022-24388
+ RESERVED
+CVE-2022-24387
+ RESERVED
+CVE-2022-24386
+ RESERVED
+CVE-2022-24385
+ RESERVED
+CVE-2022-24384
+ RESERVED
+CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
+ NOT-FOR-US: CSV+
+CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...)
+ - linux 5.16.10-1 (unimportant)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
+ NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/
+ NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4)
+ NOTE: CONFIG_MMC_MOXART is not set in Debian.
+CVE-2022-0486
+ RESERVED
+CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image]
+ RESERVED
+ - libnbd 1.10.5-1 (bug #1005307)
+ [bullseye] - libnbd <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2050324
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb (v1.11.8)
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/9219d2e70c770d8efb98d6e8eaf68e8e354631e3 (v1.10.4)
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/6c8f2f859926b82094fb5e85c446ea099700fa10 (v1.6.6)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
+CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...)
+ NOT-FOR-US: Mirantis Container Cloud Lens
+CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ NOT-FOR-US: Acronis VSS Doctor
+CVE-2022-0482
+ RESERVED
+CVE-2022-24372
+ RESERVED
+CVE-2022-24371
+ RESERVED
+CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-24353
+ RESERVED
+CVE-2022-24352
+ RESERVED
+CVE-2022-24351
+ RESERVED
+CVE-2022-24350
+ RESERVED
+CVE-2022-24349
+ RESERVED
+CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...)
+ NOT-FOR-US: Argo CD
+CVE-2022-24347
+ RESERVED
+CVE-2022-24346
+ RESERVED
+CVE-2022-24345
+ RESERVED
+CVE-2022-24344
+ RESERVED
+CVE-2022-24343
+ RESERVED
+CVE-2022-24342
+ RESERVED
+CVE-2022-24341
+ RESERVED
+CVE-2022-24340
+ RESERVED
+CVE-2022-24339
+ RESERVED
+CVE-2022-24338
+ RESERVED
+CVE-2022-24337
+ RESERVED
+CVE-2022-24336
+ RESERVED
+CVE-2022-24335
+ RESERVED
+CVE-2022-24334
+ RESERVED
+CVE-2022-24333
+ RESERVED
+CVE-2022-24332
+ RESERVED
+CVE-2022-24331
+ RESERVED
+CVE-2022-24330
+ RESERVED
+CVE-2022-24329
+ RESERVED
+CVE-2022-24328
+ RESERVED
+CVE-2022-24327
+ RESERVED
+CVE-2022-24326
+ RESERVED
+CVE-2022-24325
+ RESERVED
+CVE-2022-23402
+ RESERVED
+CVE-2022-23401
+ RESERVED
+CVE-2022-22729
+ RESERVED
+CVE-2022-22151
+ RESERVED
+CVE-2022-22148
+ RESERVED
+CVE-2022-22145
+ RESERVED
+CVE-2022-22141
+ RESERVED
+CVE-2022-21808
+ RESERVED
+CVE-2022-21194
+ RESERVED
+CVE-2022-21177
+ RESERVED
+CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027
+ NOTE: https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e
+ TODO: check, possibly only introduced with dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc
+CVE-2022-24324
+ RESERVED
+CVE-2022-24323
+ RESERVED
+CVE-2022-24322
+ RESERVED
+CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24309
+ RESERVED
+CVE-2022-0480
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700
+ NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)
+CVE-2022-0479
+ RESERVED
+CVE-2022-0478
+ RESERVED
+CVE-2022-0477
+ RESERVED
+CVE-2022-0476
+ RESERVED
+CVE-2022-0475
+ RESERVED
+CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...)
+ NOT-FOR-US: OTRS
+ NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
+CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...)
+ NOT-FOR-US: OTRS
+ NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian
+CVE-2022-24308
+ RESERVED
+CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
+ NOT-FOR-US: Mastodon
+CVE-2022-24306
+ RESERVED
+CVE-2022-24305
+ RESERVED
+CVE-2022-24304
+ RESERVED
+CVE-2022-24303
+ RESERVED
+ - pillow <unfixed>
+ [bullseye] - pillow <ignored> (Minor issue)
+ [buster] - pillow <ignored> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
+ NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1)
+CVE-2022-24302
+ RESERVED
+CVE-2022-24296
+ RESERVED
+CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...)
+ NOT-FOR-US: Okta Advanced Server Access Client
+CVE-2022-22986
+ RESERVED
+CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
+ NOT-FOR-US: jsdecena/laracom
+CVE-2022-0471
+ RESERVED
+CVE-2022-24294
+ RESERVED
+CVE-2022-24293
+ RESERVED
+CVE-2022-24292
+ RESERVED
+CVE-2022-24291
+ RESERVED
+CVE-2022-24290
+ RESERVED
+CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...)
+ NOT-FOR-US: Apache Cayenne
+CVE-2022-24288
+ RESERVED
+CVE-2022-24287
+ RESERVED
+CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...)
+ NOT-FOR-US: ELECOM
+CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...)
+ NOT-FOR-US: ELECOM
+CVE-2022-0470
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0469
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0468
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0467
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0466
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0465
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0464
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0463
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0462
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0461
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0460
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0459
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0458
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0457
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0456
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0455
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0454
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0453
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0452
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
+ NOT-FOR-US: Dart SDK
+CVE-2022-0450
+ RESERVED
+CVE-2022-0449
+ RESERVED
+CVE-2022-0448
+ RESERVED
+CVE-2022-0447
+ RESERVED
+CVE-2022-0446
+ RESERVED
+CVE-2022-0445
+ RESERVED
+CVE-2022-0444
+ RESERVED
+CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
+ NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281)
+CVE-2022-0442
+ RESERVED
+CVE-2022-0441
+ RESERVED
+CVE-2022-0440
+ RESERVED
+CVE-2022-0439
+ RESERVED
+CVE-2022-0438
+ RESERVED
+CVE-2022-24286
+ RESERVED
+CVE-2022-24285
+ RESERVED
+CVE-2022-24284
+ RESERVED
+CVE-2022-24283
+ RESERVED
+CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...)
+ NOT-FOR-US: Node karma
+CVE-2022-0436
+ RESERVED
+CVE-2022-24282
+ RESERVED
+CVE-2022-24281
+ RESERVED
+CVE-2022-24280
+ RESERVED
+CVE-2022-24277
+ RESERVED
+CVE-2022-24276
+ RESERVED
+CVE-2022-24275
+ RESERVED
+CVE-2022-24274
+ RESERVED
+CVE-2022-24273
+ RESERVED
+CVE-2022-24272
+ RESERVED
+CVE-2022-23400
+ RESERVED
+CVE-2022-0435
+ RESERVED
+ - linux 5.16.10-1
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1
+ NOTE: Fixed by: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216
+CVE-2022-0434
+ RESERVED
+CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS]
+ RESERVED
+ - linux <not-affected> (Vulnerable code newer in a supported Debian release; only affected experimental)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259
+ NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1)
+CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...)
+ NOT-FOR-US: Mastodon
+CVE-2022-0431
+ RESERVED
+CVE-2022-0430
+ RESERVED
+CVE-2022-0429
+ RESERVED
+CVE-2022-0428
+ RESERVED
+CVE-2022-0427
+ RESERVED
+CVE-2022-0426
+ RESERVED
+CVE-2022-0425
+ RESERVED
+CVE-2022-0424
+ RESERVED
+CVE-2022-0423
+ RESERVED
+CVE-2022-0422
+ RESERVED
+CVE-2022-0421
+ RESERVED
+CVE-2022-0420
+ RESERVED
+CVE-2022-24271
+ RESERVED
+CVE-2022-24270
+ RESERVED
+CVE-2022-24269
+ RESERVED
+CVE-2022-24268
+ RESERVED
+CVE-2022-24267
+ RESERVED
+CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not ...)
+ NOT-FOR-US: Voipmonitor
+CVE-2022-24261
+ RESERVED
+CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows ...)
+ NOT-FOR-US: Voipmonitor
+CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before ...)
+ NOT-FOR-US: Voipmonitor
+CVE-2022-24258
+ RESERVED
+CVE-2022-24257
+ RESERVED
+CVE-2022-24256
+ RESERVED
+CVE-2022-24255
+ RESERVED
+CVE-2022-24254
+ RESERVED
+CVE-2022-24253
+ RESERVED
+CVE-2022-24252
+ RESERVED
+CVE-2022-24251
+ RESERVED
+CVE-2022-24250
+ RESERVED
+CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2081
+ NOTE: https://github.com/gpac/gpac/commit/71f9871fc210e60df041b58c84572782b4849de9
+CVE-2022-24248
+ RESERVED
+CVE-2022-24247
+ RESERVED
+CVE-2022-24246
+ RESERVED
+CVE-2022-24245
+ RESERVED
+CVE-2022-24244
+ RESERVED
+CVE-2022-24243
+ RESERVED
+CVE-2022-24242
+ RESERVED
+CVE-2022-24241
+ RESERVED
+CVE-2022-24240
+ RESERVED
+CVE-2022-24239
+ RESERVED
+CVE-2022-24238
+ RESERVED
+CVE-2022-24237
+ RESERVED
+CVE-2022-24236
+ RESERVED
+CVE-2022-24235
+ RESERVED
+CVE-2022-24234
+ RESERVED
+CVE-2022-24233
+ RESERVED
+CVE-2022-24232
+ RESERVED
+CVE-2022-24231
+ RESERVED
+CVE-2022-24230
+ RESERVED
+CVE-2022-24229
+ RESERVED
+CVE-2022-24228
+ RESERVED
+CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...)
+ NOT-FOR-US: BoltWire
+CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2022-24225
+ RESERVED
+CVE-2022-24224
+ RESERVED
+CVE-2022-24223 (AtomCMS v2.0 was discovered to contain a SQL injection vulnerability v ...)
+ NOT-FOR-US: AtomCMS
+CVE-2022-24222 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24221 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24220 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24219 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24218 (An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24217
+ RESERVED
+CVE-2022-24216
+ RESERVED
+CVE-2022-24215
+ RESERVED
+CVE-2022-24214
+ RESERVED
+CVE-2022-24213
+ RESERVED
+CVE-2022-24212
+ RESERVED
+CVE-2022-24211
+ RESERVED
+CVE-2022-24210
+ RESERVED
+CVE-2022-24209
+ RESERVED
+CVE-2022-24208
+ RESERVED
+CVE-2022-24207
+ RESERVED
+CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
+ NOT-FOR-US: Tongda2000
+CVE-2022-24205
+ RESERVED
+CVE-2022-24204
+ RESERVED
+CVE-2022-24203
+ RESERVED
+CVE-2022-24202
+ RESERVED
+CVE-2022-24201
+ RESERVED
+CVE-2022-24200
+ RESERVED
+CVE-2022-24199
+ RESERVED
+CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds exception via ...)
+ NOT-FOR-US: iText
+CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer overflow ...)
+ NOT-FOR-US: iText
+CVE-2022-24196 (iText v7.1.17 was discovered to contain an out-of-memory error via the ...)
+ NOT-FOR-US: iText
+CVE-2022-24195
+ RESERVED
+CVE-2022-24194
+ RESERVED
+CVE-2022-24193
+ RESERVED
+CVE-2022-24192
+ RESERVED
+CVE-2022-24191
+ RESERVED
+CVE-2022-24190
+ RESERVED
+CVE-2022-24189
+ RESERVED
+CVE-2022-24188
+ RESERVED
+CVE-2022-24187
+ RESERVED
+CVE-2022-24186
+ RESERVED
+CVE-2022-24185
+ RESERVED
+CVE-2022-24184
+ RESERVED
+CVE-2022-24183
+ RESERVED
+CVE-2022-24182
+ RESERVED
+CVE-2022-24181
+ RESERVED
+CVE-2022-24180
+ RESERVED
+CVE-2022-24179
+ RESERVED
+CVE-2022-24178
+ RESERVED
+CVE-2022-24177
+ RESERVED
+CVE-2022-24176
+ RESERVED
+CVE-2022-24175
+ RESERVED
+CVE-2022-24174
+ RESERVED
+CVE-2022-24173
+ RESERVED
+CVE-2022-24172 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24171 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24170 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24169 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24168 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24167 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24166 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24165 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24164 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24163 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24162 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24161 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24160 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24159 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24158 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24157 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24156 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24155 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24154 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24153 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24152 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24151 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24150 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24149 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24148 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24147 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24146 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24145 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24144 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to con ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24141
+ RESERVED
+CVE-2022-24140
+ RESERVED
+CVE-2022-24139
+ RESERVED
+CVE-2022-24138
+ RESERVED
+CVE-2022-24137
+ RESERVED
+CVE-2022-24136
+ RESERVED
+CVE-2022-24135
+ RESERVED
+CVE-2022-24134
+ RESERVED
+CVE-2022-24133
+ RESERVED
+CVE-2022-24132
+ RESERVED
+CVE-2022-24131
+ RESERVED
+CVE-2022-21170
+ RESERVED
+CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
+ NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0)
+CVE-2022-0418
+ RESERVED
+CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
+ NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245)
+CVE-2022-0416
+ RESERVED
+CVE-2022-0415
+ RESERVED
+CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...)
+ {DLA-2913-1}
+ - xterm 370-2 (bug #1004689)
+ [bullseye] - xterm <no-dsa> (Minor issue)
+ [buster] - xterm <no-dsa> (Minor issue)
+ NOTE: https://twitter.com/nickblack/status/1487731459398025216
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3
+ NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d
+CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...)
+ NOT-FOR-US: Shibboleth identity provider OIDC OP plugin
+CVE-2022-24128
+ RESERVED
+CVE-2022-24127
+ RESERVED
+CVE-2022-24126
+ RESERVED
+CVE-2022-24125
+ RESERVED
+CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...)
+ NOT-FOR-US: Casdoor
+CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...)
+ NOT-FOR-US: MarkText
+CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...)
+ NOT-FOR-US: Unified Office
+CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...)
+ - dolibarr <removed>
+CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
+ NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253)
+CVE-2022-0412
+ RESERVED
+CVE-2022-0411
+ RESERVED
+CVE-2022-0410
+ RESERVED
+CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...)
+ - linux 5.15.15-2
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/29/1
+ NOTE: https://git.kernel.org/linus/f9d87929d451d3e649699d0f1d74f71f77ad38f5
+CVE-2022-24120
+ RESERVED
+CVE-2022-24119
+ RESERVED
+CVE-2022-24118
+ RESERVED
+CVE-2022-24117
+ RESERVED
+CVE-2022-24116
+ RESERVED
+CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
+ NOT-FOR-US: Acronis
+CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...)
+ NOT-FOR-US: Acronis
+CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...)
+ NOT-FOR-US: Acronis
+CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...)
+ NOT-FOR-US: ShowDoc
+CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
+ NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247)
+CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
+ NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219)
+CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...)
+ NOT-FOR-US: Apache APISIX
+CVE-2022-0406
+ RESERVED
+CVE-2022-0405
+ RESERVED
+CVE-2022-0404
+ RESERVED
+CVE-2022-0403
+ RESERVED
+CVE-2022-0402
+ RESERVED
+CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
+ NOT-FOR-US: Node w-zip
+CVE-2022-0400 [Out of bounds read in the smc protocol stack]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)
+CVE-2022-0399
+ RESERVED
+CVE-2022-0398
+ RESERVED
+CVE-2022-0397
+ RESERVED
+CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios cr ...)
+ - mahara <removed>
+CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...)
+ NOT-FOR-US: Kiteworks managed file transfer
+CVE-2022-24109
+ RESERVED
+CVE-2022-24108
+ RESERVED
+CVE-2022-24107
+ RESERVED
+CVE-2022-24106
+ RESERVED
+CVE-2022-24105
+ RESERVED
+CVE-2022-24104
+ RESERVED
+CVE-2022-24103
+ RESERVED
+CVE-2022-24102
+ RESERVED
+CVE-2022-24101
+ RESERVED
+CVE-2022-24100
+ RESERVED
+CVE-2022-24099
+ RESERVED
+CVE-2022-24098
+ RESERVED
+CVE-2022-24097
+ RESERVED
+CVE-2022-24096
+ RESERVED
+CVE-2022-24095
+ RESERVED
+CVE-2022-24094
+ RESERVED
+CVE-2022-24093
+ RESERVED
+CVE-2022-24092
+ RESERVED
+CVE-2022-24091
+ RESERVED
+CVE-2022-24090
+ RESERVED
+CVE-2022-24089
+ RESERVED
+CVE-2022-24088
+ RESERVED
+CVE-2022-24087
+ RESERVED
+CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...)
+ NOT-FOR-US: Adobe
+CVE-2022-24085
+ RESERVED
+CVE-2022-24084
+ RESERVED
+CVE-2022-24083
+ RESERVED
+CVE-2022-24082
+ RESERVED
+CVE-2022-24081
+ RESERVED
+CVE-2022-24080
+ RESERVED
+CVE-2022-24079
+ RESERVED
+CVE-2022-24078
+ RESERVED
+CVE-2022-24077
+ RESERVED
+CVE-2022-24076
+ RESERVED
+CVE-2022-24075
+ RESERVED
+CVE-2022-24074
+ RESERVED
+CVE-2022-24073
+ RESERVED
+CVE-2022-24072
+ RESERVED
+CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
+ NOT-FOR-US: Whale browser
+CVE-2022-24070
+ RESERVED
+CVE-2022-0396
+ RESERVED
+CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba
+ NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233)
+CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24054
+ RESERVED
+CVE-2022-24053
+ RESERVED
+CVE-2022-24052 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
+CVE-2022-24051 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
+CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
+CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sonos One Speaker
+CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
+CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...)
+ NOT-FOR-US: BMC Track-It!
+CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Sonos One Speaker
+CVE-2022-24045
+ RESERVED
+CVE-2022-24044
+ RESERVED
+CVE-2022-24043
+ RESERVED
+CVE-2022-24042
+ RESERVED
+CVE-2022-24041
+ RESERVED
+CVE-2022-24040
+ RESERVED
+CVE-2022-24039
+ RESERVED
+CVE-2022-24038
+ RESERVED
+CVE-2022-24037
+ RESERVED
+CVE-2022-24036
+ RESERVED
+CVE-2022-23921
+ RESERVED
+CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...)
+ NOT-FOR-US: Advantech
+CVE-2022-21798
+ RESERVED
+CVE-2022-21154
+ RESERVED
+CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
+ NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218)
+CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...)
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ [stretch] - python3.5 <postponed> (Minor issue; regressions reports)
+ - python3.4 <removed>
+ NOTE: https://bugs.python.org/issue43882
+ NOTE: Fixed by: https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 (v3.10.0b1)
+ NOTE: Followup for 3.10.x: https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 (v3.10.0b2)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/491fde0161d5e527eeff8586dd3972d7d3a631a7 (v3.9.5)
+ NOTE: Followup for 3.9.x: https://github.com/python/cpython/commit/8a595744e696a0fb92dccc5d4e45da41571270a1 (v3.9.6)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/515a7bc4e13645d0945b46a8e1d9102b918cd407 (v3.8.11)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14)
+CVE-2022-0390
+ RESERVED
+CVE-2022-0389
+ RESERVED
+CVE-2022-0388
+ RESERVED
+CVE-2022-24035
+ RESERVED
+CVE-2022-24034
+ RESERVED
+CVE-2022-24033
+ RESERVED
+CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...)
+ NOT-FOR-US: Adenza AxiomSL ControllerView
+CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...)
+ NOT-FOR-US: Insyde
+CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2022-24029
+ RESERVED
+CVE-2022-24028
+ RESERVED
+CVE-2022-24027
+ RESERVED
+CVE-2022-24026
+ RESERVED
+CVE-2022-24025
+ RESERVED
+CVE-2022-24024
+ RESERVED
+CVE-2022-24023
+ RESERVED
+CVE-2022-24022
+ RESERVED
+CVE-2022-24021
+ RESERVED
+CVE-2022-24020
+ RESERVED
+CVE-2022-24019
+ RESERVED
+CVE-2022-24018
+ RESERVED
+CVE-2022-24017
+ RESERVED
+CVE-2022-24016
+ RESERVED
+CVE-2022-24015
+ RESERVED
+CVE-2022-24014
+ RESERVED
+CVE-2022-24013
+ RESERVED
+CVE-2022-24012
+ RESERVED
+CVE-2022-24011
+ RESERVED
+CVE-2022-24010
+ RESERVED
+CVE-2022-24009
+ RESERVED
+CVE-2022-24008
+ RESERVED
+CVE-2022-24007
+ RESERVED
+CVE-2022-24006
+ RESERVED
+CVE-2022-24005
+ RESERVED
+CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0386
+ RESERVED
+CVE-2022-0385
+ RESERVED
+CVE-2022-0384
+ RESERVED
+CVE-2022-24004
+ RESERVED
+CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24001 (Information disclosure vulnerability in Edge Panel prior to Android S( ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24000 (PendingIntent hijacking vulnerability in DataUsageReminderReceiver pri ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23999 (PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb- ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23998 (Improper access control vulnerability in Camera prior to versions 11.1 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23997 (Unprotected component vulnerability in StTheaterModeDurationAlarmRecei ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23996 (Unprotected component vulnerability in StTheaterModeReceiver in Wear O ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceiver in W ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
+ NOT-FOR-US: pfSense
+CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...)
+ NOT-FOR-US: XCOM Data Transport
+CVE-2022-23991
+ RESERVED
+CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-3
+ NOTE: https://github.com/libexpat/libexpat/pull/551
+ NOTE: Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4)
+ NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4)
+CVE-2022-23989
+ RESERVED
+CVE-2022-23988
+ RESERVED
+CVE-2022-23987
+ RESERVED
+CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr &#8211; Ye ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23978
+ RESERVED
+CVE-2022-23977
+ RESERVED
+CVE-2022-23976
+ RESERVED
+CVE-2022-23975
+ RESERVED
+CVE-2022-23974
+ RESERVED
+CVE-2022-23103
+ RESERVED
+CVE-2022-0383
+ RESERVED
+CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...)
+ - linux 5.15.15-1
+ NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
+CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+ NOT-FOR-US: microweber
+CVE-2022-0377
+ RESERVED
+CVE-2022-0376
+ RESERVED
+CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0373
+ RESERVED
+CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...)
+ NOT-FOR-US: Crater
+CVE-2022-23973
+ RESERVED
+CVE-2022-23972
+ RESERVED
+CVE-2022-23971
+ RESERVED
+CVE-2022-23970
+ RESERVED
+CVE-2022-23969
+ RESERVED
+CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...)
+ NOT-FOR-US: Xerox
+CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...)
+ TODO: check
+CVE-2022-23966
+ RESERVED
+CVE-2022-23965
+ RESERVED
+CVE-2022-23964
+ RESERVED
+CVE-2022-23963
+ RESERVED
+CVE-2022-23962
+ RESERVED
+CVE-2022-23961
+ RESERVED
+CVE-2022-23960
+ RESERVED
+CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...)
+ {DLA-2920-1}
+ - varnish <unfixed> (bug #1004433)
+ NOTE: https://varnish-cache.org/security/VSV00008.html
+ NOTE: https://docs.varnish-software.com/security/VSV00008/
+ NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 (master)
+ NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327 (6.6.2)
+ NOTE: Test case: https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4 (6.6.2)
+CVE-2022-23958
+ RESERVED
+CVE-2022-23957
+ RESERVED
+CVE-2022-23956
+ RESERVED
+CVE-2022-23955
+ RESERVED
+CVE-2022-23954
+ RESERVED
+CVE-2022-23953
+ RESERVED
+CVE-2022-23952
+ RESERVED
+CVE-2022-23951
+ RESERVED
+CVE-2022-23950
+ RESERVED
+CVE-2022-23949
+ RESERVED
+CVE-2022-23948
+ RESERVED
+CVE-2022-0371
+ RESERVED
+CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0369
+ RESERVED
+CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ NOT-FOR-US: Gerber
+CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ NOT-FOR-US: Gerber
+CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2022-23943
+ RESERVED
+CVE-2022-23942
+ RESERVED
+CVE-2022-21184
+ RESERVED
+CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/
+ NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
+CVE-2022-0367
+ RESERVED
+CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...)
+ NOT-FOR-US: Sophos
+CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...)
+ NOT-FOR-US: Ricon Mobile
+CVE-2022-0364
+ RESERVED
+CVE-2022-0363
+ RESERVED
+CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
+ NOT-FOR-US: ShowDoc
+CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
+ NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215)
+CVE-2022-0360
+ RESERVED
+CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
+ NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214)
+CVE-2022-0358
+ RESERVED
+ - qemu <unfixed>
+ [buster] - qemu <not-affected> (Vulnerable code not present)
+ [stretch] - qemu <not-affected> (virtiofsd added in 5.0)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
+CVE-2022-0357
+ RESERVED
+CVE-2022-0356
+ RESERVED
+CVE-2022-23941
+ RESERVED
+CVE-2022-23940
+ RESERVED
+CVE-2022-23939
+ RESERVED
+CVE-2022-23938
+ RESERVED
+CVE-2022-23937
+ RESERVED
+CVE-2022-23936
+ RESERVED
+CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
+ - libimage-exiftool-perl 12.38+dfsg-1
+ [bullseye] - libimage-exiftool-perl <no-dsa> (Minor issue)
+ [buster] - libimage-exiftool-perl <no-dsa> (Minor issue)
+ [stretch] - libimage-exiftool-perl <no-dsa> (Minor issue)
+ NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38)
+CVE-2022-23934
+ RESERVED
+CVE-2022-23933
+ RESERVED
+CVE-2022-23932
+ RESERVED
+CVE-2022-23931
+ RESERVED
+CVE-2022-23930
+ RESERVED
+CVE-2022-23929
+ RESERVED
+CVE-2022-23928
+ RESERVED
+CVE-2022-23927
+ RESERVED
+CVE-2022-23926
+ RESERVED
+CVE-2022-23925
+ RESERVED
+CVE-2022-23924
+ RESERVED
+CVE-2022-23919
+ RESERVED
+CVE-2022-23918
+ RESERVED
+CVE-2022-23399
+ RESERVED
+CVE-2022-22144
+ RESERVED
+CVE-2022-22140
+ RESERVED
+CVE-2022-21201
+ RESERVED
+CVE-2022-21178
+ RESERVED
+CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...)
+ NOT-FOR-US: simple-get nodejs module
+CVE-2022-0354
+ RESERVED
+CVE-2022-0353
+ RESERVED
+CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...)
+ NOT-FOR-US: Apache ActiveMQ Artemis
+CVE-2022-23912
+ RESERVED
+CVE-2022-23911
+ RESERVED
+CVE-2022-23910
+ RESERVED
+CVE-2022-23909
+ RESERVED
+CVE-2022-23908
+ RESERVED
+CVE-2022-23907
+ RESERVED
+CVE-2022-23906
+ RESERVED
+CVE-2022-23905
+ RESERVED
+CVE-2022-23904
+ RESERVED
+CVE-2022-23903
+ RESERVED
+CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
+ NOT-FOR-US: Tongda2000
+CVE-2022-23901
+ RESERVED
+CVE-2022-23900
+ RESERVED
+CVE-2022-23899
+ RESERVED
+CVE-2022-23898
+ RESERVED
+CVE-2022-23897
+ RESERVED
+CVE-2022-23896
+ RESERVED
+CVE-2022-23895
+ RESERVED
+CVE-2022-23894
+ RESERVED
+CVE-2022-23893
+ RESERVED
+CVE-2022-23892
+ RESERVED
+CVE-2022-23891
+ RESERVED
+CVE-2022-23890
+ RESERVED
+CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23886
+ RESERVED
+CVE-2022-23885
+ RESERVED
+CVE-2022-23884
+ RESERVED
+CVE-2022-23883
+ RESERVED
+CVE-2022-23882
+ RESERVED
+CVE-2022-23881
+ RESERVED
+CVE-2022-23880
+ RESERVED
+CVE-2022-23879
+ RESERVED
+CVE-2022-23878
+ RESERVED
+CVE-2022-23877
+ RESERVED
+CVE-2022-23876
+ RESERVED
+CVE-2022-23875
+ RESERVED
+CVE-2022-23874
+ RESERVED
+CVE-2022-23873 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Victor CMS
+CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...)
+ NOT-FOR-US: Emlog pro
+CVE-2022-23871 (Multiple cross-site scripting (XSS) vulnerabilities in the component o ...)
+ NOT-FOR-US: Gibbon CMS
+CVE-2022-23870
+ RESERVED
+CVE-2022-23869
+ RESERVED
+CVE-2022-23868
+ RESERVED
+CVE-2022-23867
+ RESERVED
+CVE-2022-23866
+ RESERVED
+CVE-2022-23865
+ RESERVED
+CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
+ NOT-FOR-US: calibre-web
+CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
+ NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206)
+CVE-2022-0350
+ RESERVED
+CVE-2022-0349
+ RESERVED
+CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0347
+ RESERVED
+CVE-2022-0346
+ RESERVED
+CVE-2022-0345
+ RESERVED
+CVE-2022-0344
+ RESERVED
+CVE-2022-0343
+ RESERVED
+CVE-2022-0342
+ RESERVED
+CVE-2022-23864
+ RESERVED
+CVE-2022-23863 (Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authen ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2022-23862
+ RESERVED
+CVE-2022-23861
+ RESERVED
+CVE-2022-23860
+ RESERVED
+CVE-2022-23859
+ RESERVED
+CVE-2022-23858 (In StarWind Command Center before V2 build 6021, an authenticated read ...)
+ NOT-FOR-US: StarWind Command Center
+CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to ...)
+ NOT-FOR-US: Navidrome
+CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...)
+ NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC)
+CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...)
+ NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC)
+CVE-2022-23854
+ RESERVED
+CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...)
+ - kate <unfixed>
+ [bullseye] - kate <no-dsa> (Minor issue)
+ [buster] - kate <no-dsa> (Minor issue)
+ [stretch] - kate <no-dsa> (Minor issue)
+ - ktexteditor <unfixed>
+ [bullseye] - ktexteditor <no-dsa> (Minor issue)
+ [buster] - ktexteditor <no-dsa> (Minor issue)
+ [stretch] - ktexteditor <no-dsa> (Minor issue)
+ NOTE: https://kde.org/info/security/advisory-20220131-1.txt
+ NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/804e49444c093fe58ec0df2ab436565e50dc147e
+ NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/c80f935c345de2e2fb10635202800839ca9697bf
+ NOTE: Kate: prerequisites:
+ NOTE: https://commits.kde.org/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2
+ NOTE: https://commits.kde.org/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5
+ NOTE: https://commits.kde.org/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc
+ NOTE: Fixed by: https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9
+ NOTE: Fixed by: https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad
+CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-2
+ NOTE: https://github.com/libexpat/libexpat/pull/550
+ NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4)
+ NOTE: Tests: https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44
+CVE-2022-23851
+ RESERVED
+CVE-2022-0341
+ RESERVED
+CVE-2022-0340
+ RESERVED
+CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrary meta ...)
+ {DSA-5075-1}
+ - minetest 5.4.1+repack-1 (bug #1004223)
+ [stretch] - minetest <end-of-life> (games are not supported in LTS)
+ NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
+ NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0)
+ NOTE: When fixing this issue the fix for GHSA-7q63-4fq2-hqcr should be included,
+ NOTE: which is not a vulnerability by itself, and won't get a CVE assigned:
+ NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr
+ NOTE: https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0)
+CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from a dif ...)
+ {DSA-5075-1}
+ - minetest 5.4.1+repack-1
+ [stretch] - minetest <end-of-life> (games are not supported in LTS)
+ NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-fvwv-qcq6-wmp5
+ NOTE: Fixed by: https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131 (5.4.0)
+CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through ...)
+ - epub2txt2 <itp> (bug #1004115)
+CVE-2022-23849
+ RESERVED
+CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. ...)
+ NOT-FOR-US: calibre-web
+CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
+ - loguru <unfixed> (unimportant)
+ NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+ NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+ NOTE: loguru documents security considerations and best practices to follow
+CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the input str ...)
+ NOT-FOR-US: Alluxio
+CVE-2022-23847
+ RESERVED
+CVE-2022-23846
+ RESERVED
+CVE-2022-23845
+ RESERVED
+CVE-2022-23844
+ RESERVED
+CVE-2022-23843
+ RESERVED
+CVE-2022-23842
+ RESERVED
+CVE-2022-23841
+ RESERVED
+CVE-2022-23840
+ RESERVED
+CVE-2022-23839
+ RESERVED
+CVE-2022-23838
+ RESERVED
+CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...)
+ - ruby-sidekiq <unfixed> (bug #1004193)
+ NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)
+CVE-2022-23836
+ RESERVED
+CVE-2022-23835
+ RESERVED
+CVE-2022-0337
+ RESERVED
+CVE-2022-0336 [Samba AD users with permission to write to an account can impersonate arbitrary services]
+ RESERVED
+ - samba <unfixed> (bug #1004694)
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u3
+ [buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
+ NOTE: https://www.samba.org/samba/security/CVE-2022-0336.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14950
+CVE-2022-23834
+ RESERVED
+CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...)
+ {DLA-2906-1}
+ - python-django 2:3.2.12-1 (bug #1004752)
+ [bullseye] - python-django <no-dsa> (Minor issue)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
+ NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main)
+ NOTE: https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 (4.0.2)
+ NOTE: https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (3.2.12)
+ NOTE: https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27)
+CVE-2022-23832
+ RESERVED
+CVE-2022-23831
+ RESERVED
+CVE-2022-23830
+ RESERVED
+CVE-2022-23829
+ RESERVED
+CVE-2022-23828
+ RESERVED
+CVE-2022-23827
+ RESERVED
+CVE-2022-23826
+ RESERVED
+CVE-2022-23825
+ RESERVED
+CVE-2022-23824
+ RESERVED
+CVE-2022-23823
+ RESERVED
+CVE-2022-23822
+ RESERVED
+CVE-2022-23821
+ RESERVED
+CVE-2022-23820
+ RESERVED
+CVE-2022-23819
+ RESERVED
+CVE-2022-23818
+ RESERVED
+CVE-2022-23817
+ RESERVED
+CVE-2022-23816
+ RESERVED
+CVE-2022-23815
+ RESERVED
+CVE-2022-23814
+ RESERVED
+CVE-2022-23813
+ RESERVED
+CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...)
+ NOT-FOR-US: TransmitMail
+CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
+ NOT-FOR-US: TransmitMail
+CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
+ - moodle <removed>
+CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
+ - moodle <removed>
+CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
+ - moodle <removed>
+CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...)
+ - moodle <removed>
+CVE-2022-0331
+ RESERVED
+CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
+ RESERVED
+ - linux 5.15.15-2
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12
+ NOTE: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c
+CVE-2022-0329
+ REJECTED
+CVE-2022-0328
+ RESERVED
+CVE-2022-0327
+ RESERVED
+CVE-2022-23809
+ RESERVED
+CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...)
+ - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2022-2/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
+ NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available)
+CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ...)
+ - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2022-1/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32
+ NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
+ NOTE: 2FA support is not packaged in Debian
+CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...)
+ - golang-1.18 1.18~rc1-1
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50974
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7)
+CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...)
+ NOT-FOR-US: Trend Micro
+CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ TODO: check
+CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ TODO: check
+CVE-2022-23802
+ RESERVED
+CVE-2022-23801
+ RESERVED
+CVE-2022-23800
+ RESERVED
+CVE-2022-23799
+ RESERVED
+CVE-2022-23798
+ RESERVED
+CVE-2022-23797
+ RESERVED
+CVE-2022-23796
+ RESERVED
+CVE-2022-23795
+ RESERVED
+CVE-2022-23794
+ RESERVED
+CVE-2022-23793
+ RESERVED
+CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/mruby/mruby/commit/dccd66f9efecd0a974b735c62836fe566015cf37 (3.1.0-rc)
+ NOTE: Fixed by: https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e
+CVE-2022-0325
+ RESERVED
+CVE-2022-0324
+ RESERVED
+CVE-2022-23792
+ RESERVED
+CVE-2022-23791
+ RESERVED
+CVE-2022-23790
+ RESERVED
+CVE-2022-23789
+ RESERVED
+CVE-2022-23788
+ RESERVED
+CVE-2022-23787
+ RESERVED
+CVE-2022-23786
+ RESERVED
+CVE-2022-23785
+ RESERVED
+CVE-2022-23784
+ RESERVED
+CVE-2022-23783
+ RESERVED
+CVE-2022-23782
+ RESERVED
+CVE-2022-23781
+ RESERVED
+CVE-2022-23780
+ RESERVED
+CVE-2022-21147
+ RESERVED
+CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ NOT-FOR-US: Mustache (implementation in PHP)
+CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6)
+CVE-2022-0321
+ RESERVED
+CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
+ NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154)
+CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
+ - vim <unfixed> (bug #1004859)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
+ NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151)
+CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...)
+ NOT-FOR-US: go-attestation
+CVE-2022-0316
+ RESERVED
+CVE-2022-0315
+ RESERVED
+CVE-2022-23779
+ RESERVED
+CVE-2022-23778
+ RESERVED
+CVE-2022-23777
+ RESERVED
+CVE-2022-23776
+ RESERVED
+CVE-2022-23775
+ RESERVED
+CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...)
+ NOT-FOR-US: Docker Desktop
+CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...)
+ - golang-1.18 1.18~rc1-1
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/35671
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7)
+CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...)
+ - golang-1.18 1.18~beta2-1
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50699
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7)
+CVE-2022-23771
+ RESERVED
+CVE-2022-23770
+ RESERVED
+CVE-2022-23769
+ RESERVED
+CVE-2022-23768
+ RESERVED
+CVE-2022-23767
+ RESERVED
+CVE-2022-23766
+ RESERVED
+CVE-2022-23765
+ RESERVED
+CVE-2022-23764
+ RESERVED
+CVE-2022-23763
+ RESERVED
+CVE-2022-23762
+ RESERVED
+CVE-2022-23761
RESERVED
-CVE-2022-21644
+CVE-2022-23760
RESERVED
-CVE-2022-21643
+CVE-2022-23759
RESERVED
-CVE-2022-21642
+CVE-2022-23758
RESERVED
+CVE-2022-23757
+ RESERVED
+CVE-2022-23756
+ RESERVED
+CVE-2022-23755
+ RESERVED
+CVE-2022-23754
+ RESERVED
+CVE-2022-23753
+ RESERVED
+CVE-2022-23752
+ RESERVED
+CVE-2022-23751
+ RESERVED
+CVE-2022-23750
+ RESERVED
+CVE-2022-23749
+ RESERVED
+CVE-2022-23748
+ RESERVED
+CVE-2022-23747
+ RESERVED
+CVE-2022-23746
+ RESERVED
+CVE-2022-23745
+ RESERVED
+CVE-2022-23744
+ RESERVED
+CVE-2022-23743
+ RESERVED
+CVE-2022-23742
+ RESERVED
+CVE-2022-23741
+ RESERVED
+CVE-2022-23740
+ RESERVED
+CVE-2022-23739
+ RESERVED
+CVE-2022-23738
+ RESERVED
+CVE-2022-23737
+ RESERVED
+CVE-2022-23736
+ RESERVED
+CVE-2022-23735
+ RESERVED
+CVE-2022-23734
+ RESERVED
+CVE-2022-23733
+ RESERVED
+CVE-2022-23732
+ RESERVED
+CVE-2022-23731
+ RESERVED
+CVE-2022-23730
+ RESERVED
+CVE-2022-23729
+ RESERVED
+CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
+ NOT-FOR-US: LG
+CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...)
+ NOT-FOR-US: LG
+CVE-2022-23726
+ RESERVED
+CVE-2022-23725
+ RESERVED
+CVE-2022-23724
+ RESERVED
+CVE-2022-23723
+ RESERVED
+CVE-2022-23722
+ RESERVED
+CVE-2022-23721
+ RESERVED
+CVE-2022-23720
+ RESERVED
+CVE-2022-23719
+ RESERVED
+CVE-2022-23718
+ RESERVED
+CVE-2022-23717
+ RESERVED
+CVE-2022-23716
+ RESERVED
+CVE-2022-23715
+ RESERVED
+CVE-2022-23714
+ RESERVED
+CVE-2022-23713
+ RESERVED
+CVE-2022-23712
+ RESERVED
+CVE-2022-23711
+ RESERVED
+CVE-2022-23710
+ RESERVED
+CVE-2022-23709
+ RESERVED
+CVE-2022-23708
+ RESERVED
+CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...)
+ - kibana <itp> (bug #700337)
+CVE-2022-23706
+ RESERVED
+CVE-2022-23705
+ RESERVED
+CVE-2022-23704
+ RESERVED
+CVE-2022-23703
+ RESERVED
+CVE-2022-23702
+ RESERVED
+CVE-2022-23701
+ RESERVED
+CVE-2022-23700
+ RESERVED
+CVE-2022-23699
+ RESERVED
+CVE-2022-23698
+ RESERVED
+CVE-2022-23697
+ RESERVED
+CVE-2022-23696
+ RESERVED
+CVE-2022-23695
+ RESERVED
+CVE-2022-23694
+ RESERVED
+CVE-2022-23693
+ RESERVED
+CVE-2022-23692
+ RESERVED
+CVE-2022-23691
+ RESERVED
+CVE-2022-23690
+ RESERVED
+CVE-2022-23689
+ RESERVED
+CVE-2022-23688
+ RESERVED
+CVE-2022-23687
+ RESERVED
+CVE-2022-23686
+ RESERVED
+CVE-2022-23685
+ RESERVED
+CVE-2022-23684
+ RESERVED
+CVE-2022-23683
+ RESERVED
+CVE-2022-23682
+ RESERVED
+CVE-2022-23681
+ RESERVED
+CVE-2022-23680
+ RESERVED
+CVE-2022-23679
+ RESERVED
+CVE-2022-23678
+ RESERVED
+CVE-2022-23677
+ RESERVED
+CVE-2022-23676
+ RESERVED
+CVE-2022-23675
+ RESERVED
+CVE-2022-23674
+ RESERVED
+CVE-2022-23673
+ RESERVED
+CVE-2022-23672
+ RESERVED
+CVE-2022-23671
+ RESERVED
+CVE-2022-23670
+ RESERVED
+CVE-2022-23669
+ RESERVED
+CVE-2022-23668
+ RESERVED
+CVE-2022-23667
+ RESERVED
+CVE-2022-23666
+ RESERVED
+CVE-2022-23665
+ RESERVED
+CVE-2022-23664
+ RESERVED
+CVE-2022-23663
+ RESERVED
+CVE-2022-23662
+ RESERVED
+CVE-2022-23661
+ RESERVED
+CVE-2022-23660
+ RESERVED
+CVE-2022-23659
+ RESERVED
+CVE-2022-23658
+ RESERVED
+CVE-2022-23657
+ RESERVED
+CVE-2022-23656
+ RESERVED
+CVE-2022-23655
+ RESERVED
+CVE-2022-23654
+ RESERVED
+CVE-2022-23653
+ RESERVED
+CVE-2022-23652
+ RESERVED
+CVE-2022-23651
+ RESERVED
+CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...)
+ NOT-FOR-US: Netmaker
+CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
+ NOT-FOR-US: Cosign
+CVE-2022-23648
+ RESERVED
+CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
+ - node-prismjs 1.27.0+dfsg+~1.26.0-1
+ NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99
+ NOTE: https://github.com/PrismJS/prism/issues/3340
+ NOTE: https://github.com/PrismJS/prism/pull/3341
+ NOTE: https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c (v1.27.0)
+CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
+ TODO: check
+CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...)
+ - swtpm <unfixed>
+ NOTE: https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw
+ NOTE: https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19
+CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
+ NOT-FOR-US: BookWyrm
+CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...)
+ NOT-FOR-US: Discourse
+CVE-2022-23640
+ RESERVED
+CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
+ TODO: check
+CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
+ TODO: check
+CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
+ NOT-FOR-US: K-Box
+CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. Prior t ...)
+ NOT-FOR-US: wasmtime
+CVE-2022-23635
+ RESERVED
+CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...)
+ - puma <unfixed> (bug #1005391)
+ NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
+ NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
+ NOTE: Related issue to CVE-2022-23633 for src:rails
+CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...)
+ - rails <unfixed> (bug #1005389)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5
+ NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5)
+ NOTE: Followup: https://github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb (v6.1.4.6)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/e9015f91dd685472f915f8aa1eb18b0e0763e013 (v6.0.4.5)
+ NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1)
+ NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2)
+CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
+ NOT-FOR-US: Traefik
+CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
+ TODO: check
+CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...)
+ - gradle <not-affected> (Vulnerable node not yet uploaded; introduced in 6.2)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr
+ NOTE: https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 (v7.4.0-RC2)
+CVE-2022-23629
+ RESERVED
+CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...)
+ NOT-FOR-US: OPA
+CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...)
+ NOT-FOR-US: ArchiSteamFarm
+CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
+ NOT-FOR-US: m1k1o/blog
+CVE-2022-23625
+ RESERVED
+CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
+ NOT-FOR-US: Frourio-express
+CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
+ NOT-FOR-US: Frourio
+CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...)
+ - php-twig 3.3.8-1
+ NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
+ NOTE: https://github.com/twigphp/Twig/pull/3641
+ NOTE: https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 (v3.3.8)
+CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In affect ...)
+ - xrdp <unfixed> (bug #1005304)
+ [bullseye] - xrdp <not-affected> (Vulnerable code not present)
+ [buster] - xrdp <not-affected> (Vulnerable code not present)
+ [stretch] - xrdp <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32
+ NOTE: Introduced by: https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be (v0.9.17)
+ NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
+CVE-2022-23612
+ RESERVED
+CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
+ NOT-FOR-US: iTunesRPC-Remastered
+CVE-2022-23610
+ RESERVED
+CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
+ NOT-FOR-US: iTunesRPC-Remastered
+CVE-2022-23608
+ RESERVED
+CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
+ - python-treq <unfixed> (bug #1005041)
+ NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc
+ NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0)
+CVE-2022-23606
+ RESERVED
+CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
+ NOT-FOR-US: Wire webapp
+CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...)
+ NOT-FOR-US: x26-Cogs
+CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
+ NOT-FOR-US: iTunesRPC-Remastered
+CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...)
+ NOT-FOR-US: Nimforum
+CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set ...)
+ - symfony <not-affected> (Vulnerable code not present; no Debian released version contained the vulnerable code)
+ NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
+ NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
+CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions ...)
+ NOT-FOR-US: Fleet
+CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...)
+ NOT-FOR-US: Plone
+CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...)
+ NOT-FOR-US: laminas-form
+CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with Element ...)
+ NOT-FOR-US: Element Desktop
+CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...)
+ NOT-FOR-US: Junrar
+CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When building ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The TFG diale ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The `simplify ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow's ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework. During shape ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a graph no ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There is a ty ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow is ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In multiple p ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23556
+ RESERVED
+CVE-2022-23555
+ RESERVED
+CVE-2022-23554
+ RESERVED
+CVE-2022-23553
+ RESERVED
+CVE-2022-23552
+ RESERVED
+CVE-2022-23551
+ RESERVED
+CVE-2022-23550
+ RESERVED
+CVE-2022-23549
+ RESERVED
+CVE-2022-23548
+ RESERVED
+CVE-2022-23547
+ RESERVED
+CVE-2022-23546
+ RESERVED
+CVE-2022-23545
+ RESERVED
+CVE-2022-23544
+ RESERVED
+CVE-2022-23543
+ RESERVED
+CVE-2022-23542
+ RESERVED
+CVE-2022-23541
+ RESERVED
+CVE-2022-23540
+ RESERVED
+CVE-2022-23539
+ RESERVED
+CVE-2022-23538
+ RESERVED
+CVE-2022-23537
+ RESERVED
+CVE-2022-23536
+ RESERVED
+CVE-2022-23535
+ RESERVED
+CVE-2022-23534
+ RESERVED
+CVE-2022-23533
+ RESERVED
+CVE-2022-23532
+ RESERVED
+CVE-2022-23531
+ RESERVED
+CVE-2022-23530
+ RESERVED
+CVE-2022-23529
+ RESERVED
+CVE-2022-23528
+ RESERVED
+CVE-2022-23527
+ RESERVED
+CVE-2022-23526
+ RESERVED
+CVE-2022-23525
+ RESERVED
+CVE-2022-23524
+ RESERVED
+CVE-2022-23523
+ RESERVED
+CVE-2022-23522
+ RESERVED
+CVE-2022-23521
+ RESERVED
+CVE-2022-23520
+ RESERVED
+CVE-2022-23519
+ RESERVED
+CVE-2022-23518
+ RESERVED
+CVE-2022-23517
+ RESERVED
+CVE-2022-23516
+ RESERVED
+CVE-2022-23515
+ RESERVED
+CVE-2022-23514
+ RESERVED
+CVE-2022-23513
+ RESERVED
+CVE-2022-23512
+ RESERVED
+CVE-2022-23511
+ RESERVED
+CVE-2022-23510
+ RESERVED
+CVE-2022-23509
+ RESERVED
+CVE-2022-23508
+ RESERVED
+CVE-2022-23507
+ RESERVED
+CVE-2022-23506
+ RESERVED
+CVE-2022-23505
+ RESERVED
+CVE-2022-23504
+ RESERVED
+CVE-2022-23503
+ RESERVED
+CVE-2022-23502
+ RESERVED
+CVE-2022-23501
+ RESERVED
+CVE-2022-23500
+ RESERVED
+CVE-2022-23499
+ RESERVED
+CVE-2022-23498
+ RESERVED
+CVE-2022-23497
+ RESERVED
+CVE-2022-23496
+ RESERVED
+CVE-2022-23495
+ RESERVED
+CVE-2022-23494
+ RESERVED
+CVE-2022-23493
+ RESERVED
+CVE-2022-23492
+ RESERVED
+CVE-2022-23491
+ RESERVED
+CVE-2022-23490
+ RESERVED
+CVE-2022-23489
+ RESERVED
+CVE-2022-23488
+ RESERVED
+CVE-2022-23487
+ RESERVED
+CVE-2022-23486
+ RESERVED
+CVE-2022-23485
+ RESERVED
+CVE-2022-23484
+ RESERVED
+CVE-2022-23483
+ RESERVED
+CVE-2022-23482
+ RESERVED
+CVE-2022-23481
+ RESERVED
+CVE-2022-23480
+ RESERVED
+CVE-2022-23479
+ RESERVED
+CVE-2022-23478
+ RESERVED
+CVE-2022-23477
+ RESERVED
+CVE-2022-23476
+ RESERVED
+CVE-2022-23475
+ RESERVED
+CVE-2022-23474
+ RESERVED
+CVE-2022-23473
+ RESERVED
+CVE-2022-23472
+ RESERVED
+CVE-2022-23471
+ RESERVED
+CVE-2022-23470
+ RESERVED
+CVE-2022-23469
+ RESERVED
+CVE-2022-23468
+ RESERVED
+CVE-2022-23467
+ RESERVED
+CVE-2022-23466
+ RESERVED
+CVE-2022-23465
+ RESERVED
+CVE-2022-23464
+ RESERVED
+CVE-2022-23463
+ RESERVED
+CVE-2022-23462
+ RESERVED
+CVE-2022-23461
+ RESERVED
+CVE-2022-23460
+ RESERVED
+CVE-2022-23459
+ RESERVED
+CVE-2022-23458
+ RESERVED
+CVE-2022-23457
+ RESERVED
+CVE-2022-0314
+ RESERVED
+CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0312
+ RESERVED
+CVE-2022-0299
+ RESERVED
+CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...)
+ NOT-FOR-US: HP
+CVE-2022-23455
+ RESERVED
+CVE-2022-23454
+ RESERVED
+CVE-2022-23453
+ RESERVED
+CVE-2022-23452
+ RESERVED
+ - barbican <unfixed>
+ [bullseye] - barbican <no-dsa> (Minor issue)
+ [buster] - barbican <no-dsa> (Minor issue)
+ [stretch] - barbican <no-dsa> (Minor issue)
+ NOTE: https://storyboard.openstack.org/#!/story/2009297
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090
+CVE-2022-23451
+ RESERVED
+ - barbican <unfixed>
+ [bullseye] - barbican <no-dsa> (Minor issue)
+ [buster] - barbican <no-dsa> (Minor issue)
+ [stretch] - barbican <no-dsa> (Minor issue)
+ NOTE: https://storyboard.openstack.org/#!/story/2009253
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089
+CVE-2022-23450
+ RESERVED
+CVE-2022-23449
+ RESERVED
+CVE-2022-23448
+ RESERVED
+CVE-2022-23447
+ RESERVED
+CVE-2022-23446
+ RESERVED
+CVE-2022-23445
+ RESERVED
+CVE-2022-23444
+ RESERVED
+CVE-2022-23443
+ RESERVED
+CVE-2022-23442
+ RESERVED
+CVE-2022-23441
+ RESERVED
+CVE-2022-23440
+ RESERVED
+CVE-2022-23439
+ RESERVED
+CVE-2022-23438
+ RESERVED
+CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
+ - libxerces2-java <unfixed>
+ [stretch] - libxerces2-java <postponed> (revisit when/if fix is complete)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3
+CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS prior to ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to 97.0.46 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google Chrome pr ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 all ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0303
+ RESERVED
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.9 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on Android ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 al ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowe ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0296 (Use after free in Printing in Google Chrome prior to 97.0.4692.99 allo ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome prior ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior to 97.0 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to 97.0.4692.9 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0287
+ RESERVED
+CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0284
+ RESERVED
+ - imagemagick <not-affected> (Specific to IM7)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045943
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7
+CVE-2022-0283
+ RESERVED
+CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: microweber
+CVE-2022-0280
+ RESERVED
+CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
+ NOT-FOR-US: microweber
+CVE-2022-23436
+ RESERVED
+CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...)
+ NOT-FOR-US: android-gif-drawable
+CVE-2022-23434 (A vulnerability using PendingIntent in Bixby Vision prior to versions ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23433 (Improper access control vulnerability in Reminder prior to versions 12 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23432 (An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw pri ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23431 (An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23430
+ RESERVED
+CVE-2022-23429 (An improper boundary check in audio hal service prior to SMR Feb-2022 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23428 (An improper boundary check in eden_runtime hal service prior to SMR Fe ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23427 (PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver pri ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23426 (A vulnerability using PendingIntent in DeX Home and DeX for PC prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23425 (Improper input validation in Exynos baseband prior to SMR Feb-2022 Rel ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23424
+ RESERVED
+CVE-2022-23423
+ RESERVED
+CVE-2022-23422
+ RESERVED
+CVE-2022-23421
+ RESERVED
+CVE-2022-23420
+ RESERVED
+CVE-2022-23419
+ RESERVED
+CVE-2022-23418
+ RESERVED
+CVE-2022-23417
+ RESERVED
+CVE-2022-23416
+ RESERVED
+CVE-2022-23415
+ RESERVED
+CVE-2022-23414
+ RESERVED
+CVE-2022-23413
+ RESERVED
+CVE-2022-23412
+ RESERVED
+CVE-2022-23411
+ RESERVED
+CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...)
+ NOT-FOR-US: AXIS IP Utility
+CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...)
+ NOT-FOR-US: Craft CMS
+CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...)
+ - wolfssl 5.1.1-1 (bug #1004181)
+ [bullseye] - wolfssl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/4710
+ NOTE: Introduced by: https://github.com/wolfSSL/wolfssl/commit/2871fc670f448e5f7cab7101479cb5b88e4d21f4 (WCv5.0-RC9)
+ NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/73b4cc9476f6355a91138f545f3fd007ce058255 (master)
+ NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/f3038b7aa5512572a04c14becee799ef275a6736 (v5.1.1-stable)
+CVE-2022-23407
+ RESERVED
+CVE-2022-23406
+ RESERVED
+CVE-2022-23405
+ RESERVED
+CVE-2022-23404
+ RESERVED
+CVE-2022-0276
+ RESERVED
+CVE-2022-0275
+ RESERVED
+CVE-2022-23398
+ RESERVED
+CVE-2022-23397
+ RESERVED
+CVE-2022-23396
+ RESERVED
+CVE-2022-23395
+ RESERVED
+CVE-2022-23394
+ RESERVED
+CVE-2022-23393
+ RESERVED
+CVE-2022-23392
+ RESERVED
+CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...)
+ NOT-FOR-US: Pybbs
+CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...)
+ NOT-FOR-US: BBS Forum
+CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...)
+ NOT-FOR-US: PublicCMS
+CVE-2022-23388
+ RESERVED
+CVE-2022-23387
+ RESERVED
+CVE-2022-23386
+ RESERVED
+CVE-2022-23385
+ RESERVED
+CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23383
+ RESERVED
+CVE-2022-23382
+ RESERVED
+CVE-2022-23381
+ RESERVED
+CVE-2022-23380
+ RESERVED
+CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
+ NOT-FOR-US: Emlog
+CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...)
+ NOT-FOR-US: TastyIgniter
+CVE-2022-23377
+ RESERVED
+CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on ...)
+ NOT-FOR-US: WikiDocs
+CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...)
+ NOT-FOR-US: WikiDocs
+CVE-2022-23374
+ RESERVED
+CVE-2022-23373
+ RESERVED
+CVE-2022-23372
+ RESERVED
+CVE-2022-23371
+ RESERVED
+CVE-2022-23370
+ RESERVED
+CVE-2022-23369
+ RESERVED
+CVE-2022-23368
+ RESERVED
+CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...)
+ NOT-FOR-US: Fulusso
+CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...)
+ NOT-FOR-US: HMS (Hospital Managment System)
+CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...)
+ NOT-FOR-US: HMS (Hospital Managment System)
+CVE-2022-23364 (HMS v1.0 was discovered to contain a SQL injection vulnerability via a ...)
+ NOT-FOR-US: HMS (Hospital Managment System)
+CVE-2022-23363 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+ NOT-FOR-US: Online Banking System
+CVE-2022-23362
+ RESERVED
+CVE-2022-23361
+ RESERVED
+CVE-2022-23360
+ RESERVED
+CVE-2022-23359
+ RESERVED
+CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...)
+ NOT-FOR-US: EasyCMS
+CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...)
+ TODO: check
+CVE-2022-23356
+ RESERVED
+CVE-2022-23355
+ RESERVED
+CVE-2022-23354
+ RESERVED
+CVE-2022-23353
+ RESERVED
+CVE-2022-23352
+ RESERVED
+CVE-2022-23351
+ RESERVED
+CVE-2022-23350
+ RESERVED
+CVE-2022-23349
+ RESERVED
+CVE-2022-23348
+ RESERVED
+CVE-2022-23347
+ RESERVED
+CVE-2022-23346
+ RESERVED
+CVE-2022-23345
+ RESERVED
+CVE-2022-23344
+ RESERVED
+CVE-2022-23343
+ RESERVED
+CVE-2022-23342
+ RESERVED
+CVE-2022-23341
+ RESERVED
+CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
+ NOT-FOR-US: Joplin
+CVE-2022-23339
+ RESERVED
+CVE-2022-23338
+ RESERVED
+CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: DedeCMS
+CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in ...)
+ NOT-FOR-US: S-CMS
+CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Metinfo
+CVE-2022-23334
+ RESERVED
+CVE-2022-23333
+ RESERVED
+CVE-2022-23332
+ RESERVED
+CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...)
+ NOT-FOR-US: DataEase
+CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
+ NOT-FOR-US: jpress
+CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
+ NOT-FOR-US: UJCMS Jspxcms
+CVE-2022-23328
+ RESERVED
+CVE-2022-23327
+ RESERVED
+CVE-2022-23326
+ RESERVED
+CVE-2022-23325
+ RESERVED
+CVE-2022-23324
+ RESERVED
+CVE-2022-23323
+ RESERVED
+CVE-2022-23322
+ RESERVED
+CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...)
+ NOT-FOR-US: XMPie
+CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
+ NOT-FOR-US: XMPie uStore
+CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions &gt;= ...)
+ - pcf2bdf <unfixed> (unimportant)
+ NOTE: https://github.com/ganaware/pcf2bdf/issues/5
+ NOTE: https://github.com/advisories/GHSA-p4gv-mjgc-3g68
+ NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/3555aab4f3cfbec199141122177750a4351b8e79
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions &gt;= 1.05 allows an attac ...)
+ - pcf2bdf <unfixed> (unimportant)
+ NOTE: https://github.com/ganaware/pcf2bdf/issues/4
+ NOTE: https://github.com/advisories/GHSA-mhwp-x94h-mg49
+ NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/aaf16808e4bb8d96eeab5f684df6550912a9e694
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-23317 (CobaltStrike &lt;=4.5 HTTP(S) listener does not determine whether the ...)
+ NOT-FOR-US: CobaltStrike
+CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
+ NOT-FOR-US: taocms
+CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
+ NOT-FOR-US: MCMS
+CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...)
+ NOT-FOR-US: MCMS
+CVE-2022-23313
+ RESERVED
+CVE-2022-22137
+ RESERVED
+CVE-2022-21801 (A denial of service vulnerability exists in the netserver recv_command ...)
+ NOT-FOR-US: Reolink
+CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_comman ...)
+ NOT-FOR-US: Reolink
+CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
+ NOT-FOR-US: calibre-web
+CVE-2022-0272
+ RESERVED
+CVE-2022-0271
+ RESERVED
+CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
+ NOT-FOR-US: bored-agent
+CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
+ NOT-FOR-US: yetiforce-crm
+CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
+ NOT-FOR-US: Grav CMS
+CVE-2022-0267
+ RESERVED
+CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2022-23311
+ RESERVED
+CVE-2022-23310
+ RESERVED
+CVE-2022-23309
+ RESERVED
+CVE-2022-23308
+ RESERVED
+CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0265
+ RESERVED
+CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11 (bug #1004482)
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
+CVE-2022-23306
+ RESERVED
+CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11 (bug #1004482)
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
+CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
+ NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120)
+CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0259
+ RESERVED
+CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0254
+ RESERVED
+CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0250
+ RESERVED
+CVE-2022-0249
+ RESERVED
+CVE-2022-0248
+ RESERVED
+CVE-2022-0247
+ RESERVED
+CVE-2022-0246
+ RESERVED
+CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...)
+ - wpa 2:2.10-1
+ [bullseye] - wpa <no-dsa> (Minor issue)
+ [buster] - wpa <no-dsa> (Minor issue)
+ [stretch] - wpa <ignored> (Minor issue)
+ NOTE: https://w1.fi/security/2022-1/
+ NOTE: Issue exists because of an incomplete fix for CVE-2019-9495
+CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and wpa_supplicant b ...)
+ - wpa 2:2.10-1
+ [bullseye] - wpa <no-dsa> (Minor issue)
+ [buster] - wpa <no-dsa> (Minor issue)
+ [stretch] - wpa <not-affected> (CVE-2019-9494 was not applied and is marked as ignored)
+ NOTE: https://w1.fi/security/2022-1/
+ NOTE: Issue exists because of an incomplete fix for CVE-2019-9494
+CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier when han ...)
+ - linux 5.15.5-2
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6)
+CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11 (bug #1004482)
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
+CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...)
+ NOT-FOR-US: php_mailform
+CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...)
+ NOT-FOR-US: php_mailform
+CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
+ NOT-FOR-US: Crater
+CVE-2022-0241
+ RESERVED
+CVE-2022-0240 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb/
+ NOTE: https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca
+CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: corenlp
+CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ - phoronix-test-suite <removed>
+CVE-2022-23301
+ RESERVED
+CVE-2022-23300
+ RESERVED
+CVE-2022-23299
+ RESERVED
+CVE-2022-23298
+ RESERVED
+CVE-2022-23297
+ RESERVED
+CVE-2022-23296
+ RESERVED
+CVE-2022-23295
+ RESERVED
+CVE-2022-23294
+ RESERVED
+CVE-2022-23293
+ RESERVED
+CVE-2022-23292
+ RESERVED
+CVE-2022-23291
+ RESERVED
+CVE-2022-23290
+ RESERVED
+CVE-2022-23289
+ RESERVED
+CVE-2022-23288
+ RESERVED
+CVE-2022-23287
+ RESERVED
+CVE-2022-23286
+ RESERVED
+CVE-2022-23285
+ RESERVED
+CVE-2022-23284
+ RESERVED
+CVE-2022-23283
+ RESERVED
+CVE-2022-23282
+ RESERVED
+CVE-2022-23281
+ RESERVED
+CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23279
+ RESERVED
+CVE-2022-23278
+ RESERVED
+CVE-2022-23277
+ RESERVED
+CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23275
+ RESERVED
+CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23270
+ RESERVED
+CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23268
+ RESERVED
+CVE-2022-23267
+ RESERVED
+CVE-2022-23266
+ RESERVED
+CVE-2022-23265
+ RESERVED
+CVE-2022-23264
+ RESERVED
+CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23260
+ RESERVED
+CVE-2022-23259
+ RESERVED
+CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23257
+ RESERVED
+CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23253
+ RESERVED
+CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23251
+ RESERVED
+CVE-2022-23250
+ RESERVED
+CVE-2022-23249
+ RESERVED
+CVE-2022-23248
+ RESERVED
+CVE-2022-23247
+ RESERVED
+CVE-2022-23246
+ RESERVED
+CVE-2022-23245
+ RESERVED
+CVE-2022-23244
+ RESERVED
+CVE-2022-23243
+ RESERVED
+CVE-2022-23242
+ RESERVED
+CVE-2022-23241
+ RESERVED
+CVE-2022-23240
+ RESERVED
+CVE-2022-23239
+ RESERVED
+CVE-2022-23238
+ RESERVED
+CVE-2022-23237
+ RESERVED
+CVE-2022-23236
+ RESERVED
+CVE-2022-23235
+ RESERVED
+CVE-2022-23234
+ RESERVED
+CVE-2022-23233
+ RESERVED
+CVE-2022-23232
+ RESERVED
+CVE-2022-23231
+ RESERVED
+CVE-2022-23230
+ RESERVED
+CVE-2022-23229
+ RESERVED
+CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...)
+ NOT-FOR-US: NUUO NVRmini2
+CVE-2022-23226
+ RESERVED
+CVE-2022-23225
+ RESERVED
+CVE-2022-23224
+ RESERVED
+CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
+ {DSA-5076-1 DLA-2923-1}
+ - h2database 2.1.210-1
+ NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
+ NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8
+ NOTE: https://github.com/h2database/h2database/issues/3360#issuecomment-1018351050
+CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...)
+ {DSA-5052-1}
+ - usbview 2.0-21-g6fe2f4f-2.1
+ [stretch] - usbview <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1
+ NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1)
+ NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2)
+ NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2)
+CVE-2022-0237
+ RESERVED
+CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...)
+ - node-fetch 2.6.1-7
+ [bullseye] - node-fetch <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
+ NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1)
+CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0233 (The ProfileGrid &#8211; User Profiles, Memberships, Groups and Communi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0232 (The User Registration, Login &amp; Landing Pages WordPress plugin is v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0230
+ RESERVED
+CVE-2022-0229
+ RESERVED
+CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1
+CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc module ...)
+ - glibc 2.33-3
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542
+CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...)
+ - glibc 2.33-3
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768
+CVE-2022-23217
+ RESERVED
+CVE-2022-23216
+ RESERVED
+CVE-2022-23215
+ RESERVED
+CVE-2022-23214
+ RESERVED
+CVE-2022-23213
+ RESERVED
+CVE-2022-23212
+ RESERVED
+CVE-2022-23211
+ RESERVED
+CVE-2022-23210
+ RESERVED
+CVE-2022-23209
+ RESERVED
+CVE-2022-23208
+ RESERVED
+CVE-2022-23207
+ RESERVED
+CVE-2022-0227 (Business Logic Errors in GitHub repository silverstripe/silverstripe-f ...)
+ NOT-FOR-US: Silverstripe CMS
+CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0225
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...)
+ - dolibarr <removed>
+CVE-2022-0223
+ RESERVED
+CVE-2022-0222
+ RESERVED
+CVE-2022-0221
+ RESERVED
+CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
+ NOT-FOR-US: jadx
+CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0216
+ RESERVED
+CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
+ NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074)
+CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
+ NOT-FOR-US: Apache Traffic Control
+CVE-2022-23205
+ RESERVED
+CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23201
+ RESERVED
+CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23187
+ RESERVED
+CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23185
+ RESERVED
+CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
+ NOT-FOR-US: Octopus Server
+CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...)
+ - tomcat9 <unfixed>
+ [bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
+ [buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
+ - tomcat8 <removed>
+ [stretch] - tomcat8 <postponed> (Minor issue; local race condition)
+ NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
+ NOTE: https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e (9.0.57)
+ NOTE: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74)
+ NOTE: Issue introduced by the fix for CVE-2020-9484
+CVE-2022-23180
+ RESERVED
+CVE-2022-23179
+ RESERVED
+CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...)
+ NOT-FOR-US: Reolink
+CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface]
+ RESERVED
+ {DSA-5047-1}
+ - prosody 0.11.12-1 (bug #1003696)
+ [stretch] - prosody <ignored> (websocket module introduced in 0.10.0; internal XML API only used on trusted data)
+ NOTE: https://prosody.im/security/advisory_20220113/
+ NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
+ NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3
+ NOTE: Regression: https://issues.prosody.im/1711
+ NOTE: Regression fix: https://hg.prosody.im/trunk/rev/e5e0ab93d7f4
+CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0209
+ RESERVED
+CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0207
+ RESERVED
+ - vdsm <itp> (bug #668538)
+CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0205
+ RESERVED
+CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol]
+ RESERVED
+ - bluez <unfixed> (bug #1003712)
+ [bullseye] - bluez <no-dsa> (Minor issue)
+ [buster] - bluez <no-dsa> (Minor issue)
+ [stretch] - bluez <no-dsa> (Minor issue)
+ NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039807
+CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crater pri ...)
+ NOT-FOR-US: Crater
+CVE-2022-0202
+ RESERVED
+CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...)
+ NOT-FOR-US: Crestron devices
+CVE-2022-23177
+ RESERVED
+CVE-2022-23176
+ RESERVED
+CVE-2022-23175
+ RESERVED
+CVE-2022-23174
+ RESERVED
+CVE-2022-23173
+ RESERVED
+CVE-2022-23172
+ RESERVED
+CVE-2022-23171
+ RESERVED
+CVE-2022-23170
+ RESERVED
+CVE-2022-23169
+ RESERVED
+CVE-2022-23168
+ RESERVED
+CVE-2022-23167
+ RESERVED
+CVE-2022-23166
+ RESERVED
+CVE-2022-23165
+ RESERVED
+CVE-2022-23164
+ RESERVED
+CVE-2022-23163
+ RESERVED
+CVE-2022-23162
+ RESERVED
+CVE-2022-23161
+ RESERVED
+CVE-2022-23160
+ RESERVED
+CVE-2022-23159
+ RESERVED
+CVE-2022-23158
+ RESERVED
+CVE-2022-23157
+ RESERVED
+CVE-2022-23156
+ RESERVED
+CVE-2022-23155
+ RESERVED
+CVE-2022-23154
+ RESERVED
+CVE-2022-23153
+ RESERVED
+CVE-2022-23152
+ RESERVED
+CVE-2022-23151
+ RESERVED
+CVE-2022-23150
+ RESERVED
+CVE-2022-23149
+ RESERVED
+CVE-2022-23148
+ RESERVED
+CVE-2022-23147
+ RESERVED
+CVE-2022-23146
+ RESERVED
+CVE-2022-23145
+ RESERVED
+CVE-2022-23144
+ RESERVED
+CVE-2022-23143
+ RESERVED
+CVE-2022-23142
+ RESERVED
+CVE-2022-23141
+ RESERVED
+CVE-2022-23140
+ RESERVED
+CVE-2022-23139
+ RESERVED
+CVE-2022-23138
+ RESERVED
+CVE-2022-23137
+ RESERVED
+CVE-2022-23136
+ RESERVED
+CVE-2022-23135
+ RESERVED
+CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
+ {DLA-2914-1}
+ - zabbix <unfixed>
+ NOTE: https://support.zabbix.com/browse/ZBX-20384
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2)
+CVE-2022-23133 (An authenticated user can create a hosts group from the configuration ...)
+ - zabbix <unfixed>
+ [stretch] - zabbix <not-affected> (Vulnerable code introduced later, and reverted with the fix)
+ NOTE: https://support.zabbix.com/browse/ZBX-20388
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1)
+ NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/f3654d0173ea244a2319a093f7c4e27ad9086dc3 (4.4.0alpha3)
+CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...)
+ - zabbix <unfixed>
+ [stretch] - zabbix <not-affected> (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present)
+ NOTE: https://support.zabbix.com/browse/ZBX-20341
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/019fbd9b5cc9c455304f1a48460435ca474ba2ac (5.0.18)
+CVE-2022-23131 (In the case of instances where the SAML SSO authentication is enabled ...)
+ - zabbix <unfixed>
+ [stretch] - zabbix <not-affected> (SAML authentication support added in 5.0)
+ NOTE: https://support.zabbix.com/browse/ZBX-20350
+ TODO: check, possibly only affecting 5.4.0 onwards; similar code but no upstream fix in 5.0 LTS
+CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23126 (TeslaMate before 1.25.1 (when using the default Docker configuration) ...)
+ NOT-FOR-US: TeslaMate
+CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: corenlp
+CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ - phoronix-test-suite <removed>
+CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ - phoronix-test-suite <removed>
+CVE-2022-0195
+ RESERVED
+CVE-2022-23125
+ RESERVED
+CVE-2022-23124
+ RESERVED
+CVE-2022-23123
+ RESERVED
+CVE-2022-23122
+ RESERVED
+CVE-2022-23121
+ RESERVED
+CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...)
+ NOT-FOR-US: Trend Micro
+CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...)
+ NOT-FOR-US: Trend Micro
+CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch tas ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unenc ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the S ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault c ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the description a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not re ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non-const ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...)
+ NOT-FOR-US: Reolink
+CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...)
+ NOT-FOR-US: Reolink
+CVE-2022-21134 (A firmware update vulnerability exists in the &amp;quot;update&amp;quo ...)
+ NOT-FOR-US: Reolink
+CVE-2022-0194
+ RESERVED
+CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0192
+ RESERVED
+CVE-2022-0191
+ RESERVED
+CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0189
+ RESERVED
+CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0187
+ RESERVED
+CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/7
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/14
+ NOTE: https://www.willsroot.io/2022/01/cve-2022-0185.html
+CVE-2022-0184 (Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR59 ...)
+ NOT-FOR-US: TEPRA
+CVE-2022-0183 (Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 ...)
+ NOT-FOR-US: MIRUPASS
+CVE-2022-23101
+ RESERVED
+CVE-2022-23100
+ RESERVED
+CVE-2022-23099
+ RESERVED
+CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
+ {DLA-2915-1}
+ - connman <unfixed> (bug #1004935)
+ [bullseye] - connman <no-dsa> (Minor issue)
+ [buster] - connman <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
+ NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5
+CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...)
+ {DLA-2915-1}
+ - connman <unfixed> (bug #1004935)
+ [bullseye] - connman <no-dsa> (Minor issue)
+ [buster] - connman <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
+ NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
+CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
+ {DLA-2915-1}
+ - connman <unfixed> (bug #1004935)
+ [bullseye] - connman <no-dsa> (Minor issue)
+ [buster] - connman <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
+ NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
+CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...)
+ {DSA-5048-1}
+ - libreswan 4.6-1
+ [buster] - libreswan <not-affected> (Vulnerable code introduced in 4.2)
+ NOTE: https://github.com/libreswan/libreswan/issues/585
+ NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt
+ NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch (4.2-4.3)
+ NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch (4.4-4.5)
+CVE-2022-23093
+ RESERVED
+CVE-2022-23092
+ RESERVED
+CVE-2022-23091
+ RESERVED
+CVE-2022-23090
+ RESERVED
+CVE-2022-23089
+ RESERVED
+CVE-2022-23088
+ RESERVED
+CVE-2022-23087
+ RESERVED
+CVE-2022-23086
+ RESERVED
+CVE-2022-23085
+ RESERVED
+CVE-2022-23084
+ RESERVED
+CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...)
+ NOT-FOR-US: NetMaster
+CVE-2022-23082
+ RESERVED
+CVE-2022-23081
+ RESERVED
+CVE-2022-23080
+ RESERVED
+CVE-2022-23079
+ RESERVED
+CVE-2022-23078
+ RESERVED
+CVE-2022-23077
+ RESERVED
+CVE-2022-23076
+ RESERVED
+CVE-2022-23075
+ RESERVED
+CVE-2022-23074
+ RESERVED
+CVE-2022-23073
+ RESERVED
+CVE-2022-23072
+ RESERVED
+CVE-2022-23071
+ RESERVED
+CVE-2022-23070
+ RESERVED
+CVE-2022-23069
+ RESERVED
+CVE-2022-23068
+ RESERVED
+CVE-2022-23067
+ RESERVED
+CVE-2022-23066
+ RESERVED
+CVE-2022-23065
+ RESERVED
+CVE-2022-23064
+ RESERVED
+CVE-2022-23063
+ RESERVED
+CVE-2022-23062
+ RESERVED
+CVE-2022-23061
+ RESERVED
+CVE-2022-23060
+ RESERVED
+CVE-2022-23059
+ RESERVED
+CVE-2022-23058
+ RESERVED
+CVE-2022-23057
+ RESERVED
+CVE-2022-23056
+ RESERVED
+CVE-2022-23055
+ RESERVED
+CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
+ NOT-FOR-US: Openmct
+CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
+ NOT-FOR-US: Openmct
+CVE-2022-23052
+ RESERVED
+CVE-2022-23051
+ RESERVED
+CVE-2022-23050
+ RESERVED
+CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...)
+ NOT-FOR-US: PhpIPAM
+CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...)
+ NOT-FOR-US: PhpIPAM
+CVE-2022-23044
+ RESERVED
+CVE-2022-23043
+ RESERVED
+CVE-2022-23042
+ RESERVED
+CVE-2022-23041
+ RESERVED
+CVE-2022-23040
+ RESERVED
+CVE-2022-23039
+ RESERVED
+CVE-2022-23038
+ RESERVED
+CVE-2022-23037
+ RESERVED
+CVE-2022-23036
+ RESERVED
+CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
+ - xen 4.16.0+51-g0941d6cb-1
+ [bullseye] - xen <postponed> (Fix along with next DSA round)
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-395.html
+CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...)
+ - xen 4.16.0+51-g0941d6cb-1
+ [bullseye] - xen <postponed> (Fix along with next DSA round)
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-394.html
+CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...)
+ - xen 4.16.0+51-g0941d6cb-1
+ [bullseye] - xen <postponed> (Fix along with next DSA round)
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-393.html
+CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23026 (On BIG-IP ASM &amp; Advanced WAF version 16.1.x before 16.1.2, 15.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23013 (On BIG-IP DNS &amp; GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23007
+ RESERVED
+CVE-2022-23006
+ RESERVED
+CVE-2022-23005
+ RESERVED
+CVE-2022-23004
+ RESERVED
+CVE-2022-23003
+ RESERVED
+CVE-2022-23002
+ RESERVED
+CVE-2022-23001
+ RESERVED
+CVE-2022-23000
+ RESERVED
+CVE-2022-22999
+ RESERVED
+CVE-2022-22998
+ RESERVED
+CVE-2022-22997
+ RESERVED
+CVE-2022-22996
+ RESERVED
+CVE-2022-22995
+ RESERVED
+CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a ...)
+ NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
+CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...)
+ NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
+CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vul ...)
+ NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
+CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-21234
+ RESERVED
+CVE-2022-21210
+ RESERVED
+CVE-2022-21145
+ RESERVED
+CVE-2022-0182 (Stored cross-site scripting vulnerability in Quiz And Survey Master ve ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2022-0181 (Reflected cross-site scripting vulnerability in Quiz And Survey Master ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2022-0180 (Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Mas ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0177
+ REJECTED
+CVE-2022-22983
+ RESERVED
+CVE-2022-22982
+ RESERVED
+CVE-2022-22981
+ RESERVED
+CVE-2022-22980
+ RESERVED
+CVE-2022-22979
+ RESERVED
+CVE-2022-22978
+ RESERVED
+CVE-2022-22977
+ RESERVED
+CVE-2022-22976
+ RESERVED
+CVE-2022-22975
+ RESERVED
+CVE-2022-22974
+ RESERVED
+CVE-2022-22973
+ RESERVED
+CVE-2022-22972
+ RESERVED
+CVE-2022-22971
+ RESERVED
+CVE-2022-22970
+ RESERVED
+CVE-2022-22969
+ RESERVED
+CVE-2022-22968
+ RESERVED
+CVE-2022-22967
+ RESERVED
+CVE-2022-22966
+ RESERVED
+CVE-2022-22965
+ RESERVED
+CVE-2022-22964
+ RESERVED
+CVE-2022-22963
+ RESERVED
+CVE-2022-22962
+ RESERVED
+CVE-2022-22961
+ RESERVED
+CVE-2022-22960
+ RESERVED
+CVE-2022-22959
+ RESERVED
+CVE-2022-22958
+ RESERVED
+CVE-2022-22957
+ RESERVED
+CVE-2022-22956
+ RESERVED
+CVE-2022-22955
+ RESERVED
+CVE-2022-22954
+ RESERVED
+CVE-2022-22953
+ RESERVED
+CVE-2022-22952
+ RESERVED
+CVE-2022-22951
+ RESERVED
+CVE-2022-22950
+ RESERVED
+CVE-2022-22949
+ RESERVED
+CVE-2022-22948
+ RESERVED
+CVE-2022-22947
+ RESERVED
+CVE-2022-22946
+ RESERVED
+CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...)
+ NOT-FOR-US: VMware
+CVE-2022-22944
+ RESERVED
+CVE-2022-22943
+ RESERVED
+CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
+ RESERVED
+ - linux 5.15.15-2
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/03/1
+ NOTE: Fixed by: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c
+CVE-2022-22941
+ RESERVED
+CVE-2022-22940
+ RESERVED
+CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...)
+ NOT-FOR-US: VMware
+CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2022-22937
+ RESERVED
+CVE-2022-22936
+ RESERVED
+CVE-2022-22935
+ RESERVED
+CVE-2022-22934
+ RESERVED
+CVE-2022-22933
+ RESERVED
+CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...)
+ - apache-karaf <itp> (bug #881297)
+CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid directory v ...)
+ NOT-FOR-US: Apache James
+CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...)
+ NOT-FOR-US: MCMS
+CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...)
+ NOT-FOR-US: MCMS
+CVE-2022-22928 (MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing att ...)
+ NOT-FOR-US: MCMS
+CVE-2022-22927
+ RESERVED
+CVE-2022-22926
+ RESERVED
+CVE-2022-22925
+ RESERVED
+CVE-2022-22924
+ RESERVED
+CVE-2022-22923
+ RESERVED
+CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-22921
+ RESERVED
+CVE-2022-22920
+ RESERVED
+CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SS ...)
+ NOT-FOR-US: Adenza AxiomSL ControllerView
+CVE-2022-22918
+ RESERVED
+CVE-2022-22917
+ RESERVED
+CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...)
+ NOT-FOR-US: O2OA
+CVE-2022-22915
+ RESERVED
+CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...)
+ NOT-FOR-US: Ovidentia CMS
+CVE-2022-22913
+ RESERVED
+CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...)
+ TODO: check
+CVE-2022-22911
+ RESERVED
+CVE-2022-22910
+ RESERVED
+CVE-2022-22909
+ RESERVED
+CVE-2022-22908
+ RESERVED
+CVE-2022-22907
+ RESERVED
+CVE-2022-22906
+ RESERVED
+CVE-2022-22905
+ RESERVED
+CVE-2022-22904
+ RESERVED
+CVE-2022-22903
+ RESERVED
+CVE-2022-22902
+ RESERVED
+CVE-2022-22901 (There is an Assertion in 'context_p-&gt;next_scanner_info_p-&gt;type = ...)
+ TODO: check
+CVE-2022-22900
+ RESERVED
+CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...)
+ NOT-FOR-US: Core FTP / SFTP Server
+CVE-2022-22898
+ RESERVED
+CVE-2022-22897
+ RESERVED
+CVE-2022-22896
+ RESERVED
+CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882
+CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
+CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945
+CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
+CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885
+CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847
+CVE-2022-22889
+ RESERVED
+CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848
+CVE-2022-22887
+ RESERVED
+CVE-2022-22886
+ RESERVED
+CVE-2022-22885 (Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL cert ...)
+ NOT-FOR-US: Hutool
+CVE-2022-22884
+ RESERVED
+CVE-2022-22883
+ RESERVED
+CVE-2022-22882
+ RESERVED
+CVE-2022-22881 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Jeecg-boot
+CVE-2022-22880 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Jeecg-boot
+CVE-2022-22879
+ RESERVED
+CVE-2022-22878
+ RESERVED
+CVE-2022-22877
+ RESERVED
+CVE-2022-22876
+ RESERVED
+CVE-2022-22875
+ RESERVED
+CVE-2022-22874
+ RESERVED
+CVE-2022-22873
+ RESERVED
+CVE-2022-22872
+ RESERVED
+CVE-2022-22871
+ RESERVED
+CVE-2022-22870
+ RESERVED
+CVE-2022-22869
+ RESERVED
+CVE-2022-22868 (Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting ( ...)
+ NOT-FOR-US: Gibbon CMS
+CVE-2022-22867
+ RESERVED
+CVE-2022-22866
+ RESERVED
+CVE-2022-22865
+ RESERVED
+CVE-2022-22864
+ RESERVED
+CVE-2022-22863
+ RESERVED
+CVE-2022-22862
+ RESERVED
+CVE-2022-22861
+ RESERVED
+CVE-2022-22860
+ RESERVED
+CVE-2022-22859
+ RESERVED
+CVE-2022-22858
+ RESERVED
+CVE-2022-22857
+ RESERVED
+CVE-2022-22856
+ RESERVED
+CVE-2022-22855
+ RESERVED
+CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...)
+ NOT-FOR-US: Hospital Patient Record Management System
+CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...)
+ NOT-FOR-US: Hospital Patient Record Management System
+CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ NOT-FOR-US: Sourcecodtester
+CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ NOT-FOR-US: Sourcecodtester
+CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ NOT-FOR-US: Sourcecodtester
+CVE-2022-22849
+ RESERVED
+CVE-2022-22149
+ RESERVED
+CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak]
+ RESERVED
+ - virglrenderer <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039003
+ NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
+ NOTE: Code refactored in https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/7899e057327848300b18d8f03aa3789e00ed0221 (0.9.0)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
+ TODO: check if issue is present before refactoring in 0.9.0
+CVE-2022-0174 (dolibarr is vulnerable to Business Logic Errors ...)
+ - dolibarr <removed>
+CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
+ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
+CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2022-0171
+ RESERVED
+CVE-2022-0170 (peertube is vulnerable to Improper Access Control ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0169
+ RESERVED
+CVE-2022-0168
+ RESERVED
+CVE-2022-0167
+ RESERVED
+CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...)
+ NOT-FOR-US: McAfee
+CVE-2022-0165
+ RESERVED
+CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0163
+ RESERVED
+CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-0161
+ RESERVED
+CVE-2022-0160
+ RESERVED
+CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...)
+ NOT-FOR-US: orchardcore
+CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/
+ NOTE: https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 (v8.2.4049)
+CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of Input ...)
+ - phoronix-test-suite <removed>
+CVE-2022-22848
+ RESERVED
+CVE-2022-22847 (Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Se ...)
+ NOT-FOR-US: Formpipe Lasernet
+CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify that the ...)
+ - python-dnslib 0.9.18-1
+ [bullseye] - python-dnslib <no-dsa> (Minor issue)
+ [buster] - python-dnslib <no-dsa> (Minor issue)
+ NOTE: https://github.com/paulc/dnslib/issues/30
+ NOTE: https://github.com/paulc/dnslib/commit/76e8677699ed098387d502c57980f58da642aeba
+CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...)
+ NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER
+CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...)
+ - tiff 4.3.0-3
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
+ [stretch] - tiff <postponed> (Minor issue; read overflow in CLI utility)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355
+ NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
+ NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64
+CVE-2022-22843
+ RESERVED
+CVE-2022-22842
+ RESERVED
+CVE-2022-22841
+ RESERVED
+CVE-2022-22840
+ RESERVED
+CVE-2022-22839
+ RESERVED
+CVE-2022-22838
+ RESERVED
+CVE-2022-22837
+ RESERVED
+CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file creatio ...)
+ NOT-FOR-US: CoreFTP
+CVE-2022-22835
+ RESERVED
+CVE-2022-22834
+ RESERVED
+CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...)
+ NOT-FOR-US: Servisnet Tessa
+CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...)
+ NOT-FOR-US: Servisnet Tessa
+CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...)
+ NOT-FOR-US: Servisnet Tessa
+CVE-2022-22830
+ RESERVED
+CVE-2022-22829
+ RESERVED
+CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...)
+ NOT-FOR-US: Synametrics
+CVE-2022-0156 (vim is vulnerable to Use After Free ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
+ NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040)
+CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...)
+ NOT-FOR-US: NVIDIA NeMo
+CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...)
+ NOT-FOR-US: LINE
+CVE-2022-22819
+ RESERVED
+CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...)
+ {DLA-2906-1}
+ - python-django 2:3.2.12-1 (bug #1004752)
+ [bullseye] - python-django <no-dsa> (Minor issue)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
+ NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main)
+ NOTE: https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5 (4.0.2)
+ NOTE: https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2 (3.2.12)
+ NOTE: https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6 (2.2.27)
+CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...)
+ {DSA-5053-1 DLA-2893-1}
+ - pillow 9.0.0-1
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
+ NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0)
+ NOTE: Fillowup in 9.0.1: https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581
+CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...)
+ {DSA-5053-1 DLA-2893-1}
+ - pillow 9.0.0-1
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
+ NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0)
+CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...)
+ {DSA-5053-1 DLA-2893-1}
+ - pillow 9.0.0-1
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
+ NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0)
+CVE-2022-22814
+ RESERVED
+CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...)
+ - node-follow-redirects 1.14.7+~1.13.1-1
+ [bullseye] - node-follow-redirects <no-dsa> (Minor issue)
+ [buster] - node-follow-redirects <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
+ NOTE: https://github.com/follow-redirects/follow-redirects/issues/183
+ NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7)
+CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22806
+ RESERVED
+CVE-2022-22805
+ RESERVED
+CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22803
+ RESERVED
+CVE-2022-22802
+ RESERVED
+CVE-2022-22801
+ RESERVED
+CVE-2022-22800
+ RESERVED
+CVE-2022-22799
+ RESERVED
+CVE-2022-22798
+ RESERVED
+CVE-2022-22797
+ RESERVED
+CVE-2022-22796
+ RESERVED
+CVE-2022-22795
+ RESERVED
+CVE-2022-22794
+ RESERVED
+CVE-2022-22793
+ RESERVED
+CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...)
+ NOT-FOR-US: MobiSoft
+CVE-2022-22791 (SYNEL - eharmony Authenticated Blind &amp; Stored XSS. Inject JS code ...)
+ NOT-FOR-US: SYNEL
+CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...)
+ NOT-FOR-US: SYNEL
+CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover &#8211; An attacker ...)
+ NOT-FOR-US: Charactell - FormStorm Enterprise
+CVE-2022-22788
+ RESERVED
+CVE-2022-22787
+ RESERVED
+CVE-2022-22786
+ RESERVED
+CVE-2022-22785
+ RESERVED
+CVE-2022-22784
+ RESERVED
+CVE-2022-22783
+ RESERVED
+CVE-2022-22782
+ RESERVED
+CVE-2022-22781
+ RESERVED
+CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...)
+ NOT-FOR-US: Zoom
+CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
+ NOT-FOR-US: Keybase on MacOS & Windows
+CVE-2022-22778
+ RESERVED
+CVE-2022-22777
+ RESERVED
+CVE-2022-22776
+ RESERVED
+CVE-2022-22775
+ RESERVED
+CVE-2022-22774
+ RESERVED
+CVE-2022-22773
+ RESERVED
+CVE-2022-22772
+ RESERVED
+CVE-2022-22771
+ RESERVED
+CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...)
+ NOT-FOR-US: TIBCO
+CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...)
+ NOT-FOR-US: TIBCO
+CVE-2022-22768
+ RESERVED
+CVE-2022-22767
+ RESERVED
+CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
+ NOT-FOR-US: BD Pyxis
+CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...)
+ NOT-FOR-US: BD Viper LT system
+CVE-2022-22764
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764
+CVE-2022-22763
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763
+CVE-2022-22762
+ RESERVED
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762
+CVE-2022-22761
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761
+CVE-2022-22760
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760
+CVE-2022-22759
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22759
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22759
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22759
+CVE-2022-22758
+ RESERVED
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22758
+CVE-2022-22757
+ RESERVED
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22757
+ TODO: check if WebDriver enabled, if not demote severity to unimportant
+CVE-2022-22756
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756
+CVE-2022-22755
+ RESERVED
+ - firefox 97.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755
+CVE-2022-22754
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22754
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22754
+CVE-2022-22753
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22753
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22753
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22753
+CVE-2022-22752
+ RESERVED
+ - firefox 96.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752
+CVE-2022-22751
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22751
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22751
+CVE-2022-22750
+ RESERVED
+ - firefox <not-affected> (Only affects Windows and MacOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22750
+CVE-2022-22749
+ RESERVED
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749
+CVE-2022-22748
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22748
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22748
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
+CVE-2022-22747
+ RESERVED
+ {DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
+ - nss 2:3.73-1
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22747
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22747
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22747
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1735028
+ NOTE: https://hg.mozilla.org/projects/nss/rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0
+CVE-2022-22746
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22746
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22746
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746
+CVE-2022-22745
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22745
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22745
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22745
+CVE-2022-22744
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22744
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22744
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744
+CVE-2022-22743
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22743
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22743
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743
+CVE-2022-22742
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22742
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22742
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742
+CVE-2022-22741
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22741
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22741
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741
+CVE-2022-22740
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22740
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22740
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740
+CVE-2022-22739
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22739
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22739
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739
+CVE-2022-22738
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22738
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22738
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738
+CVE-2022-22737
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22737
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22737
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22737
+CVE-2022-22736
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22736
+CVE-2022-22735
+ RESERVED
+CVE-2022-22734
+ RESERVED
+CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
+CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0153
+ RESERVED
+CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0150
+ RESERVED
+CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0147
+ RESERVED
+CVE-2022-0146
+ RESERVED
+CVE-2022-0145
+ RESERVED
+CVE-2022-22732
+ RESERVED
+CVE-2022-22731
+ RESERVED
+CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
+ - node-shelljs 0.8.5+~cs0.8.10-1
+ [bullseye] - node-shelljs <no-dsa> (Minor issue)
+ [buster] - node-shelljs <no-dsa> (Minor issue)
+ [stretch] - node-shelljs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
+ NOTE: https://github.com/shelljs/shelljs/issues/1058
+ NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5)
+CVE-2022-0143
+ RESERVED
+CVE-2022-0142
+ RESERVED
+CVE-2022-0141
+ RESERVED
+CVE-2022-0140
+ RESERVED
+CVE-2022-22728
+ RESERVED
+CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22721
+ RESERVED
+CVE-2022-22720
+ RESERVED
+CVE-2022-22719
+ RESERVED
+CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22714
+ RESERVED
+CVE-2022-22713
+ RESERVED
+CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22711
+ RESERVED
+CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21806
+ RESERVED
+CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
+ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
+CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-0137
+ RESERVED
+CVE-2022-0136
+ RESERVED
+CVE-2022-0135 [out-of-bounds write in read_transfer_data()]
+ RESERVED
+ - virglrenderer <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037790
+ NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
+ NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec
+ TODO: Check introducing information for issue
+CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API ...)
+ NOT-FOR-US: Jimoty App for Android
+CVE-2022-22708
+ RESERVED
+CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
+ {DSA-5040-1}
+ - lighttpd 1.4.64-1
+ [stretch] - lighttpd <not-affected> (Vulnerable code not present; the issue was introduced in later versions)
+ NOTE: https://redmine.lighttpd.net/issues/3134
+ NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
+CVE-2022-22706
+ RESERVED
+CVE-2022-22705
+ RESERVED
+CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
+ NOT-FOR-US: zabbix-agent2 package for Alpine
+CVE-2022-22703 (In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cl ...)
+ NOT-FOR-US: Stormshield SSO Agent
+CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...)
+ NOT-FOR-US: PartKeepr
+CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...)
+ NOT-FOR-US: PartKeepr
+CVE-2022-22700
+ RESERVED
+CVE-2022-22699
+ RESERVED
+CVE-2022-22698
+ RESERVED
+CVE-2022-22697
+ RESERVED
+CVE-2022-22696
+ RESERVED
+CVE-2022-22695
+ RESERVED
+CVE-2022-22694
+ RESERVED
+CVE-2022-22693
+ RESERVED
+CVE-2022-22692
+ RESERVED
+CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...)
+ NOT-FOR-US: CA Harvest Software Change Manager
+CVE-2022-22688
+ RESERVED
+CVE-2022-22687
+ RESERVED
+CVE-2022-22686
+ RESERVED
+CVE-2022-22685
+ RESERVED
+CVE-2022-22684
+ RESERVED
+CVE-2022-22683
+ RESERVED
+CVE-2022-22682
+ RESERVED
+CVE-2022-22681
+ RESERVED
+CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: Synology
+CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...)
+ NOT-FOR-US: Foxit
+CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...)
+ NOT-FOR-US: Tenable
+CVE-2022-22678
+ RESERVED
+CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee TechCheck pri ...)
+ NOT-FOR-US: McAfee
+CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim <unfixed>
+ [bullseye] - vim <not-affected> (Vulnerable code introduced later)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba
+ NOTE: Introduced by: https://github.com/vim/vim/commit/bdc0f1c6986e5d64f647e0924a4de795b47c549a (v8.2.2806)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a (v8.2.4009)
+CVE-2022-0127
+ RESERVED
+CVE-2022-0126
+ RESERVED
+CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
+ - gitlab <unfixed>
+CVE-2022-0123
+ RESERVED
+CVE-2022-22677
+ RESERVED
+CVE-2022-22676
+ RESERVED
+CVE-2022-22675
+ RESERVED
+CVE-2022-22674
+ RESERVED
+CVE-2022-22673
+ RESERVED
+CVE-2022-22672
+ RESERVED
+CVE-2022-22671
+ RESERVED
+CVE-2022-22670
+ RESERVED
+CVE-2022-22669
+ RESERVED
+CVE-2022-22668
+ RESERVED
+CVE-2022-22667
+ RESERVED
+CVE-2022-22666
+ RESERVED
+CVE-2022-22665
+ RESERVED
+CVE-2022-22664
+ RESERVED
+CVE-2022-22663
+ RESERVED
+CVE-2022-22662
+ RESERVED
+CVE-2022-22661
+ RESERVED
+CVE-2022-22660
+ RESERVED
+CVE-2022-22659
+ RESERVED
+CVE-2022-22658
+ RESERVED
+CVE-2022-22657
+ RESERVED
+CVE-2022-22656
+ RESERVED
+CVE-2022-22655
+ RESERVED
+CVE-2022-22654
+ RESERVED
+CVE-2022-22653
+ RESERVED
+CVE-2022-22652
+ RESERVED
+CVE-2022-22651
+ RESERVED
+CVE-2022-22650
+ RESERVED
+CVE-2022-22649
+ RESERVED
+CVE-2022-22648
+ RESERVED
+CVE-2022-22647
+ RESERVED
+CVE-2022-22646
+ RESERVED
+CVE-2022-22645
+ RESERVED
+CVE-2022-22644
+ RESERVED
+CVE-2022-22643
+ RESERVED
+CVE-2022-22642
+ RESERVED
+CVE-2022-22641
+ RESERVED
+CVE-2022-22640
+ RESERVED
+CVE-2022-22639
+ RESERVED
+CVE-2022-22638
+ RESERVED
+CVE-2022-22637
+ RESERVED
+CVE-2022-22636
+ RESERVED
+CVE-2022-22635
+ RESERVED
+CVE-2022-22634
+ RESERVED
+CVE-2022-22633
+ RESERVED
+CVE-2022-22632
+ RESERVED
+CVE-2022-22631
+ RESERVED
+CVE-2022-22630
+ RESERVED
+CVE-2022-22629
+ RESERVED
+CVE-2022-22628
+ RESERVED
+CVE-2022-22627
+ RESERVED
+CVE-2022-22626
+ RESERVED
+CVE-2022-22625
+ RESERVED
+CVE-2022-22624
+ RESERVED
+CVE-2022-22623
+ RESERVED
+CVE-2022-22622
+ RESERVED
+CVE-2022-22621
+ RESERVED
+CVE-2022-22620 [A use after free issue was addressed with improved memory management]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0003.html
+CVE-2022-22619
+ RESERVED
+CVE-2022-22618
+ RESERVED
+CVE-2022-22617
+ RESERVED
+CVE-2022-22616
+ RESERVED
+CVE-2022-22615
+ RESERVED
+CVE-2022-22614
+ RESERVED
+CVE-2022-22613
+ RESERVED
+CVE-2022-22612
+ RESERVED
+CVE-2022-22611
+ RESERVED
+CVE-2022-22610
+ RESERVED
+CVE-2022-22609
+ RESERVED
+CVE-2022-22608
+ RESERVED
+CVE-2022-22607
+ RESERVED
+CVE-2022-22606
+ RESERVED
+CVE-2022-22605
+ RESERVED
+CVE-2022-22604
+ RESERVED
+CVE-2022-22603
+ RESERVED
+CVE-2022-22602
+ RESERVED
+CVE-2022-22601
+ RESERVED
+CVE-2022-22600
+ RESERVED
+CVE-2022-22599
+ RESERVED
+CVE-2022-22598
+ RESERVED
+CVE-2022-22597
+ RESERVED
+CVE-2022-22596
+ RESERVED
+CVE-2022-22595
+ RESERVED
+CVE-2022-22594 [A cross-origin issue in the IndexDB API was addressed with improved input validation]
+ RESERVED
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2022-22593
+ RESERVED
+CVE-2022-22591
+ RESERVED
+CVE-2022-22589 [A validation issue was addressed with improved input sanitization]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.5-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.5-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
+CVE-2022-22588
+ RESERVED
+CVE-2022-22587
+ RESERVED
+CVE-2022-22586
+ RESERVED
+CVE-2022-22585
+ RESERVED
+CVE-2022-22584
+ RESERVED
+CVE-2022-22583
+ RESERVED
+CVE-2022-22582
+ RESERVED
+CVE-2022-22581
+ RESERVED
+CVE-2022-22580
+ RESERVED
+CVE-2022-22579
+ RESERVED
+CVE-2022-22578
+ RESERVED
+CVE-2022-22577
+ RESERVED
+CVE-2022-22576
+ RESERVED
+CVE-2022-22575
+ RESERVED
+CVE-2022-22574
+ RESERVED
+CVE-2022-22573
+ RESERVED
+CVE-2022-22572
+ RESERVED
+CVE-2022-22571
+ RESERVED
+CVE-2022-22570
+ RESERVED
+CVE-2022-22569
+ RESERVED
+CVE-2022-22568
+ RESERVED
+CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: forge
+CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...)
+ NOT-FOR-US: hoppscotch
+CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...)
+ NOT-FOR-US: Dell
+CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...)
+ NOT-FOR-US: Dell
+CVE-2022-22565
+ RESERVED
+CVE-2022-22564
+ RESERVED
+CVE-2022-22563
+ RESERVED
+CVE-2022-22562
+ RESERVED
+CVE-2022-22561
+ RESERVED
+CVE-2022-22560
+ RESERVED
+CVE-2022-22559
+ RESERVED
+CVE-2022-22558
+ RESERVED
+CVE-2022-22557
+ RESERVED
+CVE-2022-22556
+ RESERVED
+CVE-2022-22555
+ RESERVED
+CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...)
+ NOT-FOR-US: EMC
+CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...)
+ NOT-FOR-US: EMC
+CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...)
+ NOT-FOR-US: EMC
+CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensi ...)
+ NOT-FOR-US: EMC
+CVE-2022-22550
+ RESERVED
+CVE-2022-22549
+ RESERVED
+CVE-2022-22548
+ RESERVED
+CVE-2022-22547
+ RESERVED
+CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...)
+ NOT-FOR-US: SAP
+CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...)
+ NOT-FOR-US: SAP
+CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720 ...)
+ NOT-FOR-US: SAP
+CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...)
+ NOT-FOR-US: SAP
+CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...)
+ NOT-FOR-US: SAP
+CVE-2022-22541
+ RESERVED
+CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...)
+ NOT-FOR-US: SAP
+CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...)
+ NOT-FOR-US: SAP
+CVE-2022-22538 (When a user opens a manipulated Adobe Illustrator file format (.ai, ai ...)
+ NOT-FOR-US: SAP
+CVE-2022-22537 (When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3 ...)
+ NOT-FOR-US: SAP
+CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Serve ...)
+ NOT-FOR-US: SAP
+CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...)
+ NOT-FOR-US: SAP
+CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...)
+ NOT-FOR-US: SAP
+CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...)
+ NOT-FOR-US: SAP
+CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...)
+ NOT-FOR-US: SAP
+CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...)
+ NOT-FOR-US: SAP
+CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficie ...)
+ NOT-FOR-US: SAP
+CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installation make ...)
+ NOT-FOR-US: SAP
+CVE-2022-22527
+ RESERVED
+CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome prior to 97 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0119
+ RESERVED
+CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior to 97. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google Chrome prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to 97.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to 97.0.469 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome OS prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to 97.0.469 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome prior to 97 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS prior t ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior to 97. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0095
+ RESERVED
+CVE-2022-0094
+ RESERVED
+CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
+ - gitlab <unfixed>
+CVE-2022-0092
+ RESERVED
+CVE-2022-0091
+ RESERVED
+CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
+ - gitlab <unfixed>
+CVE-2022-0089
+ RESERVED
+CVE-2022-0088
+ RESERVED
+CVE-2022-22526
+ RESERVED
+CVE-2022-22525
+ RESERVED
+CVE-2022-22524
+ RESERVED
+CVE-2022-22523
+ RESERVED
+CVE-2022-22522
+ RESERVED
+CVE-2022-22521
+ RESERVED
+CVE-2022-22520
+ RESERVED
+CVE-2022-22519
+ RESERVED
+CVE-2022-22518
+ RESERVED
+CVE-2022-22517
+ RESERVED
+CVE-2022-22516
+ RESERVED
+CVE-2022-22515
+ RESERVED
+CVE-2022-22514
+ RESERVED
+CVE-2022-22513
+ RESERVED
+CVE-2022-22512
+ RESERVED
+CVE-2022-22511
+ RESERVED
+CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
+ NOT-FOR-US: Codesys
+CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH Series
+CVE-2022-22508
+ RESERVED
+CVE-2022-22507
+ RESERVED
+CVE-2022-22506
+ RESERVED
+CVE-2022-22505
+ RESERVED
+CVE-2022-22504
+ RESERVED
+CVE-2022-22503
+ RESERVED
+CVE-2022-22502
+ RESERVED
+CVE-2022-22501
+ RESERVED
+CVE-2022-22500
+ RESERVED
+CVE-2022-22499
+ RESERVED
+CVE-2022-22498
+ RESERVED
+CVE-2022-22497
+ RESERVED
+CVE-2022-22496
+ RESERVED
+CVE-2022-22495
+ RESERVED
+CVE-2022-22494
+ RESERVED
+CVE-2022-22493
+ RESERVED
+CVE-2022-22492
+ RESERVED
+CVE-2022-22491
+ RESERVED
+CVE-2022-22490
+ RESERVED
+CVE-2022-22489
+ RESERVED
+CVE-2022-22488
+ RESERVED
+CVE-2022-22487
+ RESERVED
+CVE-2022-22486
+ RESERVED
+CVE-2022-22485
+ RESERVED
+CVE-2022-22484
+ RESERVED
+CVE-2022-22483
+ RESERVED
+CVE-2022-22482
+ RESERVED
+CVE-2022-22481
+ RESERVED
+CVE-2022-22480
+ RESERVED
+CVE-2022-22479
+ RESERVED
+CVE-2022-22478
+ RESERVED
+CVE-2022-22477
+ RESERVED
+CVE-2022-22476
+ RESERVED
+CVE-2022-22475
+ RESERVED
+CVE-2022-22474
+ RESERVED
+CVE-2022-22473
+ RESERVED
+CVE-2022-22472
+ RESERVED
+CVE-2022-22471
+ RESERVED
+CVE-2022-22470
+ RESERVED
+CVE-2022-22469
+ RESERVED
+CVE-2022-22468
+ RESERVED
+CVE-2022-22467
+ RESERVED
+CVE-2022-22466
+ RESERVED
+CVE-2022-22465
+ RESERVED
+CVE-2022-22464
+ RESERVED
+CVE-2022-22463
+ RESERVED
+CVE-2022-22462
+ RESERVED
+CVE-2022-22461
+ RESERVED
+CVE-2022-22460
+ RESERVED
+CVE-2022-22459
+ RESERVED
+CVE-2022-22458
+ RESERVED
+CVE-2022-22457
+ RESERVED
+CVE-2022-22456
+ RESERVED
+CVE-2022-22455
+ RESERVED
+CVE-2022-22454
+ RESERVED
+CVE-2022-22453
+ RESERVED
+CVE-2022-22452
+ RESERVED
+CVE-2022-22451
+ RESERVED
+CVE-2022-22450
+ RESERVED
+CVE-2022-22449
+ RESERVED
+CVE-2022-22448
+ RESERVED
+CVE-2022-22447
+ RESERVED
+CVE-2022-22446
+ RESERVED
+CVE-2022-22445
+ RESERVED
+CVE-2022-22444
+ RESERVED
+CVE-2022-22443
+ RESERVED
+CVE-2022-22442
+ RESERVED
+CVE-2022-22441
+ RESERVED
+CVE-2022-22440
+ RESERVED
+CVE-2022-22439
+ RESERVED
+CVE-2022-22438
+ RESERVED
+CVE-2022-22437
+ RESERVED
+CVE-2022-22436
+ RESERVED
+CVE-2022-22435
+ RESERVED
+CVE-2022-22434
+ RESERVED
+CVE-2022-22433
+ RESERVED
+CVE-2022-22432
+ RESERVED
+CVE-2022-22431
+ RESERVED
+CVE-2022-22430
+ RESERVED
+CVE-2022-22429
+ RESERVED
+CVE-2022-22428
+ RESERVED
+CVE-2022-22427
+ RESERVED
+CVE-2022-22426
+ RESERVED
+CVE-2022-22425
+ RESERVED
+CVE-2022-22424
+ RESERVED
+CVE-2022-22423
+ RESERVED
+CVE-2022-22422
+ RESERVED
+CVE-2022-22421
+ RESERVED
+CVE-2022-22420
+ RESERVED
+CVE-2022-22419
+ RESERVED
+CVE-2022-22418
+ RESERVED
+CVE-2022-22417
+ RESERVED
+CVE-2022-22416
+ RESERVED
+CVE-2022-22415
+ RESERVED
+CVE-2022-22414
+ RESERVED
+CVE-2022-22413
+ RESERVED
+CVE-2022-22412
+ RESERVED
+CVE-2022-22411
+ RESERVED
+CVE-2022-22410
+ RESERVED
+CVE-2022-22409
+ RESERVED
+CVE-2022-22408
+ RESERVED
+CVE-2022-22407
+ RESERVED
+CVE-2022-22406
+ RESERVED
+CVE-2022-22405
+ RESERVED
+CVE-2022-22404
+ RESERVED
+CVE-2022-22403
+ RESERVED
+CVE-2022-22402
+ RESERVED
+CVE-2022-22401
+ RESERVED
+CVE-2022-22400
+ RESERVED
+CVE-2022-22399
+ RESERVED
+CVE-2022-22398
+ RESERVED
+CVE-2022-22397
+ RESERVED
+CVE-2022-22396
+ RESERVED
+CVE-2022-22395
+ RESERVED
+CVE-2022-22394
+ RESERVED
+CVE-2022-22393
+ RESERVED
+CVE-2022-22392
+ RESERVED
+CVE-2022-22391
+ RESERVED
+CVE-2022-22390
+ RESERVED
+CVE-2022-22389
+ RESERVED
+CVE-2022-22388
+ RESERVED
+CVE-2022-22387
+ RESERVED
+CVE-2022-22386
+ RESERVED
+CVE-2022-22385
+ RESERVED
+CVE-2022-22384
+ RESERVED
+CVE-2022-22383
+ RESERVED
+CVE-2022-22382
+ RESERVED
+CVE-2022-22381
+ RESERVED
+CVE-2022-22380
+ RESERVED
+CVE-2022-22379
+ RESERVED
+CVE-2022-22378
+ RESERVED
+CVE-2022-22377
+ RESERVED
+CVE-2022-22376
+ RESERVED
+CVE-2022-22375
+ RESERVED
+CVE-2022-22374
+ RESERVED
+CVE-2022-22373
+ RESERVED
+CVE-2022-22372
+ RESERVED
+CVE-2022-22371
+ RESERVED
+CVE-2022-22370
+ RESERVED
+CVE-2022-22369
+ RESERVED
+CVE-2022-22368
+ RESERVED
+CVE-2022-22367
+ RESERVED
+CVE-2022-22366
+ RESERVED
+CVE-2022-22365
+ RESERVED
+CVE-2022-22364
+ RESERVED
+CVE-2022-22363
+ RESERVED
+CVE-2022-22362
+ RESERVED
+CVE-2022-22361
+ RESERVED
+CVE-2022-22360
+ RESERVED
+CVE-2022-22359
+ RESERVED
+CVE-2022-22358
+ RESERVED
+CVE-2022-22357
+ RESERVED
+CVE-2022-22356
+ RESERVED
+CVE-2022-22355
+ RESERVED
+CVE-2022-22354
+ RESERVED
+CVE-2022-22353
+ RESERVED
+CVE-2022-22352
+ RESERVED
+CVE-2022-22351
+ RESERVED
+CVE-2022-22350
+ RESERVED
+CVE-2022-22349
+ RESERVED
+CVE-2022-22348
+ RESERVED
+CVE-2022-22347
+ RESERVED
+CVE-2022-22346
+ RESERVED
+CVE-2022-22345
+ RESERVED
+CVE-2022-22344
+ RESERVED
+CVE-2022-22343
+ RESERVED
+CVE-2022-22342
+ RESERVED
+CVE-2022-22341
+ RESERVED
+CVE-2022-22340
+ RESERVED
+CVE-2022-22339
+ RESERVED
+CVE-2022-22338
+ RESERVED
+CVE-2022-22337
+ RESERVED
+CVE-2022-22336
+ RESERVED
+CVE-2022-22335
+ RESERVED
+CVE-2022-22334
+ RESERVED
+CVE-2022-22333
+ RESERVED
+CVE-2022-22332
+ RESERVED
+CVE-2022-22331
+ RESERVED
+CVE-2022-22330
+ RESERVED
+CVE-2022-22329
+ RESERVED
+CVE-2022-22328
+ RESERVED
+CVE-2022-22327
+ RESERVED
+CVE-2022-22326
+ RESERVED
+CVE-2022-22325
+ RESERVED
+CVE-2022-22324
+ RESERVED
+CVE-2022-22323
+ RESERVED
+CVE-2022-22322
+ RESERVED
+CVE-2022-22321
+ RESERVED
+CVE-2022-22320
+ RESERVED
+CVE-2022-22319
+ RESERVED
+CVE-2022-22318
+ RESERVED
+CVE-2022-22317
+ RESERVED
+CVE-2022-22316
+ RESERVED
+CVE-2022-22315
+ RESERVED
+CVE-2022-22314
+ RESERVED
+CVE-2022-22313
+ RESERVED
+CVE-2022-22312
+ RESERVED
+CVE-2022-22311
+ RESERVED
+CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...)
+ NOT-FOR-US: IBM
+CVE-2022-22309
+ RESERVED
+CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...)
+ TODO: check
+CVE-2022-22307
+ RESERVED
+CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: KeystoneJS
+CVE-2022-22306
+ RESERVED
+CVE-2022-22305
+ RESERVED
+CVE-2022-22304
+ RESERVED
+CVE-2022-22303
+ RESERVED
+CVE-2022-22302
+ RESERVED
+CVE-2022-22301
+ RESERVED
+CVE-2022-22300
+ RESERVED
+CVE-2022-22299
+ RESERVED
+CVE-2022-22298
+ RESERVED
+CVE-2022-22297
+ RESERVED
+CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Metinfo
+CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA&lt;=1.43 which an attack ...)
+ NOT-FOR-US: zfaka
+CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ NOT-FOR-US: Node uppy
+CVE-2022-0085
+ RESERVED
+CVE-2022-0084
+ RESERVED
+CVE-2022-0083 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0082
+ RESERVED
+CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstra ...)
+ - dolibarr <removed>
+CVE-2022-0081
+ RESERVED
+CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...)
+ - mruby 3.0.0-3
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/
+ NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6
+CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...)
+ NOT-FOR-US: ShowDoc
+CVE-2022-0078
+ RESERVED
+CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to version 12.2. ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet prior to 16. ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22283 (Improper session management vulnerability in Samsung Health prior to 6 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22282
+ RESERVED
+CVE-2022-22281
+ RESERVED
+CVE-2022-22280
+ RESERVED
+CVE-2022-22279
+ RESERVED
+CVE-2022-22278
+ RESERVED
+CVE-2022-22277
+ RESERVED
+CVE-2022-22276
+ RESERVED
+CVE-2022-22275
+ RESERVED
+CVE-2022-22274
+ RESERVED
+CVE-2022-22273
+ RESERVED
+CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan- ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22269 (Keeping sensitive data in unprotected BluetoothSettingsProvider prior ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22267 (Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22266 ((Applicable to China models only) Unprotected WifiEvaluationService in ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU driver ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to SMR Jan ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22262
+ RESERVED
+CVE-2022-0077
+ RESERVED
+CVE-2022-0076
+ RESERVED
+CVE-2022-0075
+ RESERVED
+CVE-2022-0074
+ RESERVED
+CVE-2022-0073
+ RESERVED
+CVE-2022-0072
+ RESERVED
+CVE-2022-0071
+ RESERVED
+CVE-2022-0070
+ RESERVED
+CVE-2022-0069
+ RESERVED
+CVE-2022-0068
+ RESERVED
+CVE-2022-0067
+ RESERVED
+CVE-2022-0066
+ RESERVED
+CVE-2022-0065
+ RESERVED
+CVE-2022-0064
+ RESERVED
+CVE-2022-0063
+ RESERVED
+CVE-2022-0062
+ RESERVED
+CVE-2022-0061
+ RESERVED
+CVE-2022-0060
+ RESERVED
+CVE-2022-0059
+ RESERVED
+CVE-2022-0058
+ RESERVED
+CVE-2022-0057
+ RESERVED
+CVE-2022-0056
+ RESERVED
+CVE-2022-0055
+ RESERVED
+CVE-2022-0054
+ RESERVED
+CVE-2022-0053
+ RESERVED
+CVE-2022-0052
+ RESERVED
+CVE-2022-0051
+ RESERVED
+CVE-2022-0050
+ RESERVED
+CVE-2022-0049
+ RESERVED
+CVE-2022-0048
+ RESERVED
+CVE-2022-0047
+ RESERVED
+CVE-2022-0046
+ RESERVED
+CVE-2022-0045
+ RESERVED
+CVE-2022-0044
+ RESERVED
+CVE-2022-0043
+ RESERVED
+CVE-2022-0042
+ RESERVED
+CVE-2022-0041
+ RESERVED
+CVE-2022-0040
+ RESERVED
+CVE-2022-0039
+ RESERVED
+CVE-2022-0038
+ RESERVED
+CVE-2022-0037
+ RESERVED
+CVE-2022-0036
+ RESERVED
+CVE-2022-0035
+ RESERVED
+CVE-2022-0034
+ RESERVED
+CVE-2022-0033
+ RESERVED
+CVE-2022-0032
+ RESERVED
+CVE-2022-0031
+ RESERVED
+CVE-2022-0030
+ RESERVED
+CVE-2022-0029
+ RESERVED
+CVE-2022-0028
+ RESERVED
+CVE-2022-0027
+ RESERVED
+CVE-2022-0026
+ RESERVED
+CVE-2022-0025
+ RESERVED
+CVE-2022-0024
+ RESERVED
+CVE-2022-0023
+ RESERVED
+CVE-2022-0022
+ RESERVED
+CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0019 (An insufficiently protected credentials vulnerability exists in the Pa ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0018 (An information exposure vulnerability exists in the Palo Alto Networks ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0017 (An improper link resolution before file access ('link following') vuln ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0016 (An improper handling of exceptional conditions vulnerability exists wi ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0015 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0014 (An untrusted search path vulnerability exists in the Palo Alto Network ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0013 (A file information exposure vulnerability exists in the Palo Alto Netw ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0012 (An improper link resolution before file access vulnerability exists in ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0011 (PAN-OS software provides options to exclude specific websites from URL ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-22261
+ RESERVED
+CVE-2022-22260
+ RESERVED
+CVE-2022-22259
+ RESERVED
+CVE-2022-22258
+ RESERVED
+CVE-2022-22257
+ RESERVED
+CVE-2022-22256
+ RESERVED
+CVE-2022-22255
+ RESERVED
+CVE-2022-22254
+ RESERVED
+CVE-2022-22253
+ RESERVED
+CVE-2022-22252
+ RESERVED
+CVE-2022-22251
+ RESERVED
+CVE-2022-22250
+ RESERVED
+CVE-2022-22249
+ RESERVED
+CVE-2022-22248
+ RESERVED
+CVE-2022-22247
+ RESERVED
+CVE-2022-22246
+ RESERVED
+CVE-2022-22245
+ RESERVED
+CVE-2022-22244
+ RESERVED
+CVE-2022-22243
+ RESERVED
+CVE-2022-22242
+ RESERVED
+CVE-2022-22241
+ RESERVED
+CVE-2022-22240
+ RESERVED
+CVE-2022-22239
+ RESERVED
+CVE-2022-22238
+ RESERVED
+CVE-2022-22237
+ RESERVED
+CVE-2022-22236
+ RESERVED
+CVE-2022-22235
+ RESERVED
+CVE-2022-22234
+ RESERVED
+CVE-2022-22233
+ RESERVED
+CVE-2022-22232
+ RESERVED
+CVE-2022-22231
+ RESERVED
+CVE-2022-22230
+ RESERVED
+CVE-2022-22229
+ RESERVED
+CVE-2022-22228
+ RESERVED
+CVE-2022-22227
+ RESERVED
+CVE-2022-22226
+ RESERVED
+CVE-2022-22225
+ RESERVED
+CVE-2022-22224
+ RESERVED
+CVE-2022-22223
+ RESERVED
+CVE-2022-22222
+ RESERVED
+CVE-2022-22221
+ RESERVED
+CVE-2022-22220
+ RESERVED
+CVE-2022-22219
+ RESERVED
+CVE-2022-22218
+ RESERVED
+CVE-2022-22217
+ RESERVED
+CVE-2022-22216
+ RESERVED
+CVE-2022-22215
+ RESERVED
+CVE-2022-22214
+ RESERVED
+CVE-2022-22213
+ RESERVED
+CVE-2022-22212
+ RESERVED
+CVE-2022-22211
+ RESERVED
+CVE-2022-22210
+ RESERVED
+CVE-2022-22209
+ RESERVED
+CVE-2022-22208
+ RESERVED
+CVE-2022-22207
+ RESERVED
+CVE-2022-22206
+ RESERVED
+CVE-2022-22205
+ RESERVED
+CVE-2022-22204
+ RESERVED
+CVE-2022-22203
+ RESERVED
+CVE-2022-22202
+ RESERVED
+CVE-2022-22201
+ RESERVED
+CVE-2022-22200
+ RESERVED
+CVE-2022-22199
+ RESERVED
+CVE-2022-22198
+ RESERVED
+CVE-2022-22197
+ RESERVED
+CVE-2022-22196
+ RESERVED
+CVE-2022-22195
+ RESERVED
+CVE-2022-22194
+ RESERVED
+CVE-2022-22193
+ RESERVED
+CVE-2022-22192
+ RESERVED
+CVE-2022-22191
+ RESERVED
+CVE-2022-22190
+ RESERVED
+CVE-2022-22189
+ RESERVED
+CVE-2022-22188
+ RESERVED
+CVE-2022-22187
+ RESERVED
+CVE-2022-22186
+ RESERVED
+CVE-2022-22185
+ RESERVED
+CVE-2022-22184
+ RESERVED
+CVE-2022-22183
+ RESERVED
+CVE-2022-22182
+ RESERVED
+CVE-2022-22181
+ RESERVED
+CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22178 (A Stack-based Buffer Overflow vulnerability in the flow processing dae ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22177 (A release of illegal memory vulnerability in the snmpd daemon of Junip ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22176 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22175 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22174 (A vulnerability in the processing of inbound IPv6 packets in Juniper N ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22173 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22172 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22171 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22170 (A Missing Release of Resource after Effective Lifetime vulnerability i ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22169 (An Improper Initialization vulnerability in the routing protocol daemo ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22168 (An Improper Validation of Specified Type of Input vulnerability in the ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22167 (A traffic classification vulnerability in Juniper Networks Junos OS on ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22166 (An Improper Validation of Specified Quantity in Input vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22165
+ RESERVED
+CVE-2022-22164 (An Improper Initialization vulnerability in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22163 (An Improper Input Validation vulnerability in the Juniper DHCP daemon ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22162 (A Generation of Error Message Containing Sensitive Information vulnera ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22161 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22160 (An Unchecked Error Condition vulnerability in the subscriber managemen ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22159 (A vulnerability in the NETISR network queue functionality of Juniper N ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22158
+ RESERVED
+CVE-2022-22157 (A traffic classification vulnerability in Juniper Networks Junos OS on ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22156 (An Improper Certificate Validation weakness in the Juniper Networks Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22155 (An Uncontrolled Resource Consumption vulnerability in the handling of ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22154 (In a Junos Fusion scenario an External Control of Critical State Data ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocation of ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21155
+ RESERVED
+CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
+ NOT-FOR-US: Omron CX-One
+CVE-2022-22136
+ RESERVED
+CVE-2022-22135
+ RESERVED
+CVE-2022-22134
+ RESERVED
+CVE-2022-22133
+ RESERVED
+CVE-2022-22132
+ RESERVED
+CVE-2022-22131
+ RESERVED
+CVE-2022-22130
+ RESERVED
+CVE-2022-22129
+ RESERVED
+CVE-2022-22128
+ RESERVED
+CVE-2022-22127
+ RESERVED
+CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
+ NOT-FOR-US: Openmct
+CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ NOT-FOR-US: Halo
+CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ NOT-FOR-US: Halo
+CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ NOT-FOR-US: Halo
+CVE-2022-22122
+ REJECTED
+CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...)
+ NOT-FOR-US: NocoDB
+CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...)
+ NOT-FOR-US: NocoDB
+CVE-2022-22119
+ RESERVED
+CVE-2022-22118
+ RESERVED
+CVE-2022-22117 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted f ...)
+ NOT-FOR-US: Directus
+CVE-2022-22116 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to st ...)
+ NOT-FOR-US: Directus
+CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: Teedy
+CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...)
+ NOT-FOR-US: Teedy
+CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22109 (In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scri ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22106
+ RESERVED
+CVE-2022-22105
+ RESERVED
+CVE-2022-22104
+ RESERVED
+CVE-2022-22103
+ RESERVED
+CVE-2022-22102
+ RESERVED
+CVE-2022-22101
+ RESERVED
+CVE-2022-22100
+ RESERVED
+CVE-2022-22099
+ RESERVED
+CVE-2022-22098
+ RESERVED
+CVE-2022-22097
+ RESERVED
+CVE-2022-22096
+ RESERVED
+CVE-2022-22095
+ RESERVED
+CVE-2022-22094
+ RESERVED
+CVE-2022-22093
+ RESERVED
+CVE-2022-22092
+ RESERVED
+CVE-2022-22091
+ RESERVED
+CVE-2022-22090
+ RESERVED
+CVE-2022-22089
+ RESERVED
+CVE-2022-22088
+ RESERVED
+CVE-2022-22087
+ RESERVED
+CVE-2022-22086
+ RESERVED
+CVE-2022-22085
+ RESERVED
+CVE-2022-22084
+ RESERVED
+CVE-2022-22083
+ RESERVED
+CVE-2022-22082
+ RESERVED
+CVE-2022-22081
+ RESERVED
+CVE-2022-22080
+ RESERVED
+CVE-2022-22079
+ RESERVED
+CVE-2022-22078
+ RESERVED
+CVE-2022-22077
+ RESERVED
+CVE-2022-22076
+ RESERVED
+CVE-2022-22075
+ RESERVED
+CVE-2022-22074
+ RESERVED
+CVE-2022-22073
+ RESERVED
+CVE-2022-22072
+ RESERVED
+CVE-2022-22071
+ RESERVED
+CVE-2022-22070
+ RESERVED
+CVE-2022-22069
+ RESERVED
+CVE-2022-22068
+ RESERVED
+CVE-2022-22067
+ RESERVED
+CVE-2022-22066
+ RESERVED
+CVE-2022-22065
+ RESERVED
+CVE-2022-22064
+ RESERVED
+CVE-2022-22063
+ RESERVED
+CVE-2022-22062
+ RESERVED
+CVE-2022-22061
+ RESERVED
+CVE-2022-22060
+ RESERVED
+CVE-2022-22059
+ RESERVED
+CVE-2022-22058
+ RESERVED
+CVE-2022-22057
+ RESERVED
+CVE-2022-22056 (The Le-yan dental management system contains a hard-coded credentials ...)
+ NOT-FOR-US: Le-yan dental management system
+CVE-2022-22055 (The Le-yan dental management system contains an SQL-injection vulnerab ...)
+ NOT-FOR-US: Le-yan dental management system
+CVE-2022-22054 (ASUS RT-AX56U&#8217;s login function contains a path traversal vulnera ...)
+ NOT-FOR-US: ASUS
+CVE-2022-22053
+ RESERVED
+CVE-2022-22052
+ RESERVED
+CVE-2022-22051
+ RESERVED
+CVE-2022-22050
+ RESERVED
+CVE-2022-22049
+ RESERVED
+CVE-2022-22048
+ RESERVED
+CVE-2022-22047
+ RESERVED
+CVE-2022-22046
+ RESERVED
+CVE-2022-22045
+ RESERVED
+CVE-2022-22044
+ RESERVED
+CVE-2022-22043
+ RESERVED
+CVE-2022-22042
+ RESERVED
+CVE-2022-22041
+ RESERVED
+CVE-2022-22040
+ RESERVED
+CVE-2022-22039
+ RESERVED
+CVE-2022-22038
+ RESERVED
+CVE-2022-22037
+ RESERVED
+CVE-2022-22036
+ RESERVED
+CVE-2022-22035
+ RESERVED
+CVE-2022-22034
+ RESERVED
+CVE-2022-22033
+ RESERVED
+CVE-2022-22032
+ RESERVED
+CVE-2022-22031
+ RESERVED
+CVE-2022-22030
+ RESERVED
+CVE-2022-22029
+ RESERVED
+CVE-2022-22028
+ RESERVED
+CVE-2022-22027
+ RESERVED
+CVE-2022-22026
+ RESERVED
+CVE-2022-22025
+ RESERVED
+CVE-2022-22024
+ RESERVED
+CVE-2022-22023
+ RESERVED
+CVE-2022-22022
+ RESERVED
+CVE-2022-22021
+ RESERVED
+CVE-2022-22020
+ RESERVED
+CVE-2022-22019
+ RESERVED
+CVE-2022-22018
+ RESERVED
+CVE-2022-22017
+ RESERVED
+CVE-2022-22016
+ RESERVED
+CVE-2022-22015
+ RESERVED
+CVE-2022-22014
+ RESERVED
+CVE-2022-22013
+ RESERVED
+CVE-2022-22012
+ RESERVED
+CVE-2022-22011
+ RESERVED
+CVE-2022-22010
+ RESERVED
+CVE-2022-22009
+ RESERVED
+CVE-2022-22008
+ RESERVED
+CVE-2022-22007
+ RESERVED
+CVE-2022-22006
+ RESERVED
+CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21990
+ RESERVED
+CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21986 (.NET Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21983
+ RESERVED
+CVE-2022-21982
+ RESERVED
+CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21980
+ RESERVED
+CVE-2022-21979
+ RESERVED
+CVE-2022-21978
+ RESERVED
+CVE-2022-21977
+ RESERVED
+CVE-2022-21976
+ RESERVED
+CVE-2022-21975
+ RESERVED
+CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21973
+ RESERVED
+CVE-2022-21972
+ RESERVED
+CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21967
+ RESERVED
+CVE-2022-21966
+ RESERVED
+CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21962 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21961 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21960 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21957 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21956
+ RESERVED
+CVE-2022-21955
+ RESERVED
+CVE-2022-21954 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21953
+ RESERVED
+CVE-2022-21952
+ RESERVED
+CVE-2022-21951
+ RESERVED
+CVE-2022-21950
+ RESERVED
+CVE-2022-21949
+ RESERVED
+CVE-2022-21948
+ RESERVED
+CVE-2022-21947
+ RESERVED
+CVE-2022-21946
+ RESERVED
+CVE-2022-21945
+ RESERVED
+CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...)
+ NOT-FOR-US: SUSE packaging issue in watchman
+CVE-2022-21943
+ RESERVED
+CVE-2022-21942
+ RESERVED
+CVE-2022-21941
+ RESERVED
+CVE-2022-21940
+ RESERVED
+CVE-2022-21939
+ RESERVED
+CVE-2022-21938
+ RESERVED
+CVE-2022-21937
+ RESERVED
+CVE-2022-21936
+ RESERVED
+CVE-2022-21935
+ RESERVED
+CVE-2022-21934
+ RESERVED
+CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...)
+ NOT-FOR-US: ASUS
+CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21930 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21923
+ RESERVED
+CVE-2022-21922 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21921 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21920 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21919 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21918 (DirectX Graphics Kernel File Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21917 (HEVC Video Extensions Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21916 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21915 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21914 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21913 (Local Security Authority (Domain Policy) Remote Protocol Security Feat ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21912 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21911 (.NET Framework Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2022-21910 (Microsoft Cluster Port Driver Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21909
+ RESERVED
+CVE-2022-21908 (Windows Installer Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21906 (Windows Defender Application Control Security Feature Bypass Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21905 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21904 (Windows GDI Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21903 (Windows GDI Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21902 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21901 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21900 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21899 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21898 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21897 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21896 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21895 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21894 (Secure Boot Security Feature Bypass Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21893 (Remote Desktop Protocol Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21892 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21891 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21890 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21889 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21888 (Windows Modern Execution Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21887 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21886
+ RESERVED
+CVE-2022-21885 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21884 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21883 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21882 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21881 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21880 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21879 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21878 (Windows Geolocation Service Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21877 (Storage Spaces Controller Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21876 (Win32k Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21875 (Windows Storage Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21874 (Windows Security Center API Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21873 (Tile Data Repository Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21872 (Windows Event Tracing Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21871 (Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Priv ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21870 (Tablet Windows User Interface Application Core Elevation of Privilege ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21869 (Clipboard User Service Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21868 (Windows Devices Human Interface Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21867 (Windows Push Notifications Apps Elevation Of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21866 (Windows System Launcher Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21865 (Connected Devices Platform Service Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21864 (Windows UI Immersive Server API Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21863 (Windows StateRepository API Server file Elevation of Privilege Vulnera ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21862 (Windows Application Model Core API Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21861 (Task Flow Data Engine Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21860 (Windows AppContracts API Server Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21859 (Windows Accounts Control Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21858 (Windows Bind Filter Driver Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21857 (Active Directory Domain Services Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21856
+ RESERVED
+CVE-2022-21855 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21854
+ RESERVED
+CVE-2022-21853
+ RESERVED
+CVE-2022-21852 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21851 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21850 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21849 (Windows IKE Extension Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21848 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21847 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21845
+ RESERVED
+CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21841 (Microsoft Excel Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21840 (Microsoft Office Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21839 (Windows Event Tracing Discretionary Access Control List Denial of Serv ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21838 (Windows Cleanup Manager Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21837 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21836 (Windows Certificate Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21835 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21834 (Windows User-mode Driver Framework Reflector Driver Elevation of Privi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21833 (Virtual Machine IDE Drive Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-0010
+ RESERVED
+CVE-2022-21832
+ RESERVED
+CVE-2022-21831
+ RESERVED
+CVE-2022-21830
+ RESERVED
+CVE-2022-21829
+ RESERVED
+CVE-2022-21828
+ RESERVED
+CVE-2022-21827
+ RESERVED
+CVE-2022-21826
+ RESERVED
+CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...)
+ NOT-FOR-US: Citrix
+CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
+ NOT-FOR-US: Ivanti
+CVE-2022-21822
+ RESERVED
+CVE-2022-21821
+ RESERVED
+CVE-2022-21820
+ RESERVED
+CVE-2022-21819
+ RESERVED
+CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
+ NOT-FOR-US: NVIDIA License System
+CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
+ NOT-FOR-US: NVIDIA
+CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ - nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
+ [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1004848)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1004849)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853)
+ - nvidia-graphics-drivers-tesla-460 <unfixed> (bug #1004852)
+ [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-450 450.172.01-1 (bug #1004851)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
+ [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
+CVE-2022-21813 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ - nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
+ [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1004848)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1004849)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853)
+ - nvidia-graphics-drivers-tesla-460 <unfixed> (bug #1004852)
+ [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-450 450.172.01-1 (bug #1004851)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
+ [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
+CVE-2022-21812
+ RESERVED
+CVE-2022-21804
+ RESERVED
+CVE-2022-21794
+ RESERVED
+CVE-2022-21793
+ RESERVED
+CVE-2022-21239
+ RESERVED
+CVE-2022-21229
+ RESERVED
+CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
+ NOT-FOR-US: Intel
+CVE-2022-21206
+ RESERVED
+CVE-2022-21188
+ RESERVED
+CVE-2022-21185
+ RESERVED
+CVE-2022-21175
+ RESERVED
+CVE-2022-21171
+ RESERVED
+CVE-2022-21163
+ RESERVED
+CVE-2022-21162
+ RESERVED
+CVE-2022-21161
+ RESERVED
+CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...)
+ NOT-FOR-US: Intel
+CVE-2022-21152
+ RESERVED
+CVE-2022-21150
+ RESERVED
+CVE-2022-21148
+ RESERVED
+CVE-2022-21135
+ RESERVED
+CVE-2022-21824 [Prototype pollution via console.table properties]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
+ NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x)
+CVE-2022-21240
+ RESERVED
+CVE-2022-21237
+ RESERVED
+CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...)
+ NOT-FOR-US: Intel
+CVE-2022-21212
+ RESERVED
+CVE-2022-21197
+ RESERVED
+CVE-2022-21172
+ RESERVED
+CVE-2022-21160
+ RESERVED
+CVE-2022-21140
+ RESERVED
+CVE-2022-21139
+ RESERVED
+CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
+ NOT-FOR-US: Intel
+CVE-2022-21792
+ RESERVED
+CVE-2022-21791
+ RESERVED
+CVE-2022-21790
+ RESERVED
+CVE-2022-21789
+ RESERVED
+CVE-2022-21788
+ RESERVED
+CVE-2022-21787
+ RESERVED
+CVE-2022-21786
+ RESERVED
+CVE-2022-21785
+ RESERVED
+CVE-2022-21784
+ RESERVED
+CVE-2022-21783
+ RESERVED
+CVE-2022-21782
+ RESERVED
+CVE-2022-21781
+ RESERVED
+CVE-2022-21780
+ RESERVED
+CVE-2022-21779
+ RESERVED
+CVE-2022-21778
+ RESERVED
+CVE-2022-21777
+ RESERVED
+CVE-2022-21776
+ RESERVED
+CVE-2022-21775
+ RESERVED
+CVE-2022-21774
+ RESERVED
+CVE-2022-21773
+ RESERVED
+CVE-2022-21772
+ RESERVED
+CVE-2022-21771
+ RESERVED
+CVE-2022-21770
+ RESERVED
+CVE-2022-21769
+ RESERVED
+CVE-2022-21768
+ RESERVED
+CVE-2022-21767
+ RESERVED
+CVE-2022-21766
+ RESERVED
+CVE-2022-21765
+ RESERVED
+CVE-2022-21764
+ RESERVED
+CVE-2022-21763
+ RESERVED
+CVE-2022-21762
+ RESERVED
+CVE-2022-21761
+ RESERVED
+CVE-2022-21760
+ RESERVED
+CVE-2022-21759
+ RESERVED
+CVE-2022-21758
+ RESERVED
+CVE-2022-21757
+ RESERVED
+CVE-2022-21756
+ RESERVED
+CVE-2022-21755
+ RESERVED
+CVE-2022-21754
+ RESERVED
+CVE-2022-21753
+ RESERVED
+CVE-2022-21752
+ RESERVED
+CVE-2022-21751
+ RESERVED
+CVE-2022-21750
+ RESERVED
+CVE-2022-21749
+ RESERVED
+CVE-2022-21748
+ RESERVED
+CVE-2022-21747
+ RESERVED
+CVE-2022-21746
+ RESERVED
+CVE-2022-21745
+ RESERVED
+CVE-2022-21744
+ RESERVED
+CVE-2022-21743
+ RESERVED
+CVE-2022-0009
+ RESERVED
+CVE-2022-0008
+ RESERVED
+CVE-2022-0007
+ RESERVED
+CVE-2022-0006
+ RESERVED
+CVE-2022-21742
+ RESERVED
+CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ### Impact An ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21739 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21738 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21737 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21736 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21735 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21734 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21733 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21732 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21731 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21730 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21729 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21728 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21727 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21726 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21725 (Tensorflow is an Open Source Machine Learning Framework. The estimator ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...)
+ - libpgjava 42.3.2-1
+ NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
+ NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2)
+CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ [stretch] - ring <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
+ NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
+CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
+ NOTE: https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
+CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...)
+ TODO: check
+CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...)
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...)
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2022-21718
+ RESERVED
+CVE-2022-21717
+ RESERVED
+CVE-2022-21716
+ RESERVED
+CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...)
+ - codeigniter <itp> (bug #471583)
+CVE-2022-21714
+ RESERVED
+CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...)
+ - grafana <removed>
+CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
+ {DLA-2927-1}
+ - twisted 22.1.0-1
+ [bullseye] - twisted <no-dsa> (Minor issue)
+ [buster] - twisted <no-dsa> (Minor issue)
+ NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
+ NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1)
+CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
+ NOT-FOR-US: elfspirit
+CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
+ NOT-FOR-US: ShortDescription MediaWiki extension
+CVE-2022-21709
+ RESERVED
+CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...)
+ - golang-github-graph-gophers-graphql-go 1.3.0-1
+ NOTE: https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe (v1.3.0)
+ NOTE: https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh
+ NOTE: https://github.com/graph-gophers/graphql-go/pull/492
+CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...)
+ NOT-FOR-US: wasmCloud Host Runtime
+CVE-2022-21706
+ RESERVED
+CVE-2022-21705
+ RESERVED
+CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...)
+ - node-log4js 6.4.1+~cs8.3.5-1
+ [bullseye] - node-log4js <no-dsa> (Minor issue)
+ [buster] - node-log4js <no-dsa> (Minor issue)
+ [stretch] - node-log4js <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/log4js-node/log4js-node/pull/1141 (v6.4.1)
+ NOTE: https://github.com/log4js-node/streamroller/pull/87
+ NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q
+ NOTE: https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640
+CVE-2022-21703 (Grafana is an open-source platform for monitoring and observability. A ...)
+ - grafana <removed>
+CVE-2022-21702 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...)
+ NOT-FOR-US: Istio
+CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
+ NOT-FOR-US: Micronaut
+CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...)
+ {DSA-5065-1 DLA-2896-1}
+ - ipython 7.31.1-1 (bug #1004122)
+ NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
+ NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
+ NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b
+ NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
+CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...)
+ - golang-github-prometheus-client-golang <unfixed>
+ NOTE: https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p
+ NOTE: https://github.com/prometheus/client_golang/pull/962
+ NOTE: https://github.com/prometheus/client_golang/pull/987
+CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...)
+ TODO: check
+CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f
+CVE-2022-21695 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4
+CVE-2022-21694 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h
+ NOTE: https://github.com/onionshare/onionshare/issues/1389
+CVE-2022-21693 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6
+CVE-2022-21692 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v
+CVE-2022-21691 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766
+CVE-2022-21690 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq
+CVE-2022-21689 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc
+CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
+CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for MySQL. Ve ...)
+ NOT-FOR-US: GitHub Online Schema
+CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...)
+ NOT-FOR-US: PrestaShop
+CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
+ TODO: check
+CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...)
+ NOT-FOR-US: Discourse
+CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...)
+ NOT-FOR-US: Wagtail
+CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...)
+ {DSA-5049-1}
+ - flatpak 1.12.3-1
+ [buster] - flatpak <ignored> (Intrusive and risky to backport)
+ [stretch] - flatpak <ignored> (Intrusive and risky to backport)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
+ NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
+ NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
+ NOTE: 1.12.4 added further changes to avoid regressions for some workflows
+CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
+ - node-marked 4.0.12+ds+~4.0.1-1
+ [bullseye] - node-marked <no-dsa> (Minor issue)
+ [buster] - node-marked <no-dsa> (Minor issue)
+ [stretch] - node-marked <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj
+ NOTE: https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5
+ NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10)
+ NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10
+CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
+ - node-marked 4.0.12+ds+~4.0.1-1
+ [bullseye] - node-marked <no-dsa> (Minor issue)
+ [buster] - node-marked <no-dsa> (Minor issue)
+ [stretch] - node-marked <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10)
+ NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10
+ NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf
+CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...)
+ NOT-FOR-US: Istio
+CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...)
+ NOT-FOR-US: Discourse
+CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...)
+ NOT-FOR-US: Discourse
+CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
+ NOT-FOR-US: Engine.IO
+CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...)
+ NOT-FOR-US: Bytecode Viewer
+CVE-2022-21674
+ RESERVED
+CVE-2022-21673 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI configuratio ...)
+ TODO: check
+CVE-2022-21671 (@replit/crosis is a JavaScript client that speaks Replit's container p ...)
+ NOT-FOR-US: crosis
+CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...)
+ - node-markdown-it 10.0.0+dfsg-6
+ [bullseye] - node-markdown-it <no-dsa> (Minor issue)
+ NOTE: https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
+ NOTE: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101 (12.3.2)
+CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652 and pri ...)
+ NOT-FOR-US: PuddingBot
+CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...)
+ - pipenv <not-affected> (Vulnerable code not uploaded)
+ NOTE: https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w
+ NOTE: https://github.com/pypa/pipenv/releases/tag/v2022.1.8
+ NOTE: https://github.com/pypa/pipenv/pull/4899 (v2022.1.8)
+ NOTE: Introduced by: https://github.com/pypa/pipenv/commit/742988169333ba14a4b2b6f527a604d6f0bc9e09 (v2018.10.9)
+ NOTE: Fixed by: https://github.com/pypa/pipenv/commit/167909839a95ef5aa379fe12d4564b2b829cc175 (v2022.1.8)
+CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...)
+ NOT-FOR-US: soketi
+CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management system (C ...)
+ NOT-FOR-US: Useful Simple Open-Source CMS (USOC)
+CVE-2022-21665
+ RESERVED
+CVE-2022-21664 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
+CVE-2022-21663 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
+ NOTE: https://hackerone.com/reports/541469
+CVE-2022-21662 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
+ NOTE: https://hackerone.com/reports/425342
+CVE-2022-21661 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214
+ NOTE: https://hackerone.com/reports/1378209
+ NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
+CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
+ NOT-FOR-US: Gin-vue-admin
+CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/pull/1775
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe (3.4.4)
+CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...)
+ - rustc <unfixed>
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1
+CVE-2022-21657
+ RESERVED
+CVE-2022-21656
+ RESERVED
+CVE-2022-21655
+ RESERVED
+CVE-2022-21654
+ RESERVED
+CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...)
+ - jawn <not-affected> (Vulnerable code not uploaded)
+ NOTE: https://github.com/typelevel/jawn/pull/390
+ NOTE: https://github.com/typelevel/jawn/commit/e5ddb114ed5d45ee0a605da06a280207bf9f9f58 (1.3.2)
+ NOTE: https://github.com/typelevel/jawn/commit/0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 (1.3.2)
+CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...)
+ NOT-FOR-US: Shopware
+CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...)
+ NOT-FOR-US: Shopware
+CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...)
+ NOT-FOR-US: Convos
+CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...)
+ NOT-FOR-US: Convos
+CVE-2022-21648 (Latte is an open source template engine for PHP. Versions since 2.8.0 ...)
+ - php-nette <removed>
+ [stretch] - php-nette <not-affected> (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.)
+ NOTE: https://github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j
+ NOTE: https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0
+CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework. Deserializ ...)
+ - codeigniter <itp> (bug #471583)
+CVE-2022-21646 (SpiceDB is a database system for managing security-critical applicatio ...)
+ TODO: check
+CVE-2022-21645
+ RESERVED
+CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+ NOT-FOR-US: USOC
+CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+ NOT-FOR-US: USOC
+CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
CVE-2022-21641
RESERVED
CVE-2022-21640
@@ -784,342 +11277,391 @@ CVE-2022-21405
RESERVED
CVE-2022-21404
RESERVED
-CVE-2022-21403
- RESERVED
-CVE-2022-21402
- RESERVED
-CVE-2022-21401
- RESERVED
-CVE-2022-21400
- RESERVED
-CVE-2022-21399
- RESERVED
-CVE-2022-21398
- RESERVED
-CVE-2022-21397
- RESERVED
-CVE-2022-21396
- RESERVED
-CVE-2022-21395
- RESERVED
-CVE-2022-21394
- RESERVED
-CVE-2022-21393
- RESERVED
-CVE-2022-21392
- RESERVED
-CVE-2022-21391
- RESERVED
-CVE-2022-21390
- RESERVED
-CVE-2022-21389
- RESERVED
-CVE-2022-21388
- RESERVED
-CVE-2022-21387
- RESERVED
-CVE-2022-21386
- RESERVED
+CVE-2022-21403 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21402 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21401 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21400 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21399 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21398 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21397 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21396 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21395 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21394 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.32-dfsg-1
+CVE-2022-21393 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21392 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21391 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21390 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21389 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21388 (Vulnerability in the Oracle Communications Pricing Design Center produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21387 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21386 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
CVE-2022-21385
RESERVED
CVE-2022-21384
RESERVED
-CVE-2022-21383
- RESERVED
-CVE-2022-21382
- RESERVED
-CVE-2022-21381
- RESERVED
-CVE-2022-21380
- RESERVED
-CVE-2022-21379
- RESERVED
-CVE-2022-21378
- RESERVED
-CVE-2022-21377
- RESERVED
-CVE-2022-21376
- RESERVED
-CVE-2022-21375
- RESERVED
-CVE-2022-21374
- RESERVED
-CVE-2022-21373
- RESERVED
-CVE-2022-21372
- RESERVED
-CVE-2022-21371
- RESERVED
-CVE-2022-21370
- RESERVED
-CVE-2022-21369
- RESERVED
-CVE-2022-21368
- RESERVED
-CVE-2022-21367
- RESERVED
-CVE-2022-21366
- RESERVED
-CVE-2022-21365
- RESERVED
-CVE-2022-21364
- RESERVED
-CVE-2022-21363
- RESERVED
-CVE-2022-21362
- RESERVED
-CVE-2022-21361
- RESERVED
-CVE-2022-21360
- RESERVED
-CVE-2022-21359
- RESERVED
-CVE-2022-21358
- RESERVED
-CVE-2022-21357
- RESERVED
-CVE-2022-21356
- RESERVED
-CVE-2022-21355
- RESERVED
-CVE-2022-21354
- RESERVED
-CVE-2022-21353
- RESERVED
-CVE-2022-21352
- RESERVED
-CVE-2022-21351
- RESERVED
-CVE-2022-21350
- RESERVED
-CVE-2022-21349
- RESERVED
-CVE-2022-21348
- RESERVED
-CVE-2022-21347
- RESERVED
-CVE-2022-21346
- RESERVED
-CVE-2022-21345
- RESERVED
-CVE-2022-21344
- RESERVED
+CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21381 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21380 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21379 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21378 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21377 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21376 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21375 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21373 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21371 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21369 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21368 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21364 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21363 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21359 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21358 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21357 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21356 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21355 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21354 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21353 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21351 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21350 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21349 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DLA-2917-1}
+ - openjdk-8 <unfixed>
+CVE-2022-21348 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21347 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21346 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21345 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21344 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
CVE-2022-21343
RESERVED
-CVE-2022-21342
- RESERVED
-CVE-2022-21341
- RESERVED
-CVE-2022-21340
- RESERVED
-CVE-2022-21339
- RESERVED
-CVE-2022-21338
- RESERVED
-CVE-2022-21337
- RESERVED
-CVE-2022-21336
- RESERVED
-CVE-2022-21335
- RESERVED
-CVE-2022-21334
- RESERVED
-CVE-2022-21333
- RESERVED
-CVE-2022-21332
- RESERVED
-CVE-2022-21331
- RESERVED
-CVE-2022-21330
- RESERVED
-CVE-2022-21329
- RESERVED
-CVE-2022-21328
- RESERVED
-CVE-2022-21327
- RESERVED
-CVE-2022-21326
- RESERVED
-CVE-2022-21325
- RESERVED
-CVE-2022-21324
- RESERVED
-CVE-2022-21323
- RESERVED
-CVE-2022-21322
- RESERVED
-CVE-2022-21321
- RESERVED
-CVE-2022-21320
- RESERVED
-CVE-2022-21319
- RESERVED
-CVE-2022-21318
- RESERVED
-CVE-2022-21317
- RESERVED
-CVE-2022-21316
- RESERVED
-CVE-2022-21315
- RESERVED
-CVE-2022-21314
- RESERVED
-CVE-2022-21313
- RESERVED
-CVE-2022-21312
- RESERVED
-CVE-2022-21311
- RESERVED
-CVE-2022-21310
- RESERVED
-CVE-2022-21309
- RESERVED
-CVE-2022-21308
- RESERVED
-CVE-2022-21307
- RESERVED
-CVE-2022-21306
- RESERVED
-CVE-2022-21305
- RESERVED
-CVE-2022-21304
- RESERVED
-CVE-2022-21303
- RESERVED
-CVE-2022-21302
- RESERVED
-CVE-2022-21301
- RESERVED
-CVE-2022-21300
- RESERVED
-CVE-2022-21299
- RESERVED
-CVE-2022-21298
- RESERVED
-CVE-2022-21297
- RESERVED
-CVE-2022-21296
- RESERVED
-CVE-2022-21295
- RESERVED
-CVE-2022-21294
- RESERVED
-CVE-2022-21293
- RESERVED
-CVE-2022-21292
- RESERVED
-CVE-2022-21291
- RESERVED
-CVE-2022-21290
- RESERVED
-CVE-2022-21289
- RESERVED
-CVE-2022-21288
- RESERVED
-CVE-2022-21287
- RESERVED
-CVE-2022-21286
- RESERVED
-CVE-2022-21285
- RESERVED
-CVE-2022-21284
- RESERVED
-CVE-2022-21283
- RESERVED
-CVE-2022-21282
- RESERVED
-CVE-2022-21281
- RESERVED
-CVE-2022-21280
- RESERVED
-CVE-2022-21279
- RESERVED
-CVE-2022-21278
- RESERVED
-CVE-2022-21277
- RESERVED
-CVE-2022-21276
- RESERVED
-CVE-2022-21275
- RESERVED
-CVE-2022-21274
- RESERVED
-CVE-2022-21273
- RESERVED
-CVE-2022-21272
- RESERVED
-CVE-2022-21271
- RESERVED
-CVE-2022-21270
- RESERVED
-CVE-2022-21269
- RESERVED
-CVE-2022-21268
- RESERVED
-CVE-2022-21267
- RESERVED
-CVE-2022-21266
- RESERVED
-CVE-2022-21265
- RESERVED
-CVE-2022-21264
- RESERVED
-CVE-2022-21263
- RESERVED
-CVE-2022-21262
- RESERVED
-CVE-2022-21261
- RESERVED
-CVE-2022-21260
- RESERVED
-CVE-2022-21259
- RESERVED
-CVE-2022-21258
- RESERVED
-CVE-2022-21257
- RESERVED
-CVE-2022-21256
- RESERVED
-CVE-2022-21255
- RESERVED
-CVE-2022-21254
- RESERVED
-CVE-2022-21253
- RESERVED
-CVE-2022-21252
- RESERVED
-CVE-2022-21251
- RESERVED
-CVE-2022-21250
- RESERVED
-CVE-2022-21249
- RESERVED
-CVE-2022-21248
- RESERVED
-CVE-2022-21247
- RESERVED
-CVE-2022-21246
- RESERVED
-CVE-2022-21245
- RESERVED
-CVE-2022-21244
- RESERVED
-CVE-2022-21243
- RESERVED
-CVE-2022-21242
- RESERVED
+CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21338 (Vulnerability in the Oracle Communications Convergence product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21337 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21336 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21335 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21334 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21333 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21332 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21331 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21330 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21329 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21328 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21327 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21326 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21325 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21324 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21323 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21322 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21321 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21320 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21319 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21318 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21317 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21316 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21315 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21314 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21313 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21312 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21311 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21310 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21309 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21308 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21307 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21303 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21302 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21298 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox <not-affected> (Windows-specific)
+CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21290 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21289 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21288 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21287 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21286 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21285 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21281 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21280 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21279 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21275 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21274 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21273 (Vulnerability in the Oracle Project Costing product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21272 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21271 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ - openjdk-8 <not-affected> (Seems specific to Oracle Java)
+ - openjdk-11 <not-affected> (Seems specific to Oracle Java)
+CVE-2022-21270 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21269 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21268 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21267 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21266 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21265 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21264 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21263 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21262 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21261 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21260 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21259 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21258 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21257 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21256 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21255 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21254 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21253 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21252 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21251 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21250 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21247 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21246 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21245 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21244 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21243 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
CVE-2022-21216
RESERVED
-CVE-2022-21204
- RESERVED
+CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...)
+ NOT-FOR-US: Intel
CVE-2022-21200
RESERVED
-CVE-2022-21174
- RESERVED
-CVE-2022-21157
- RESERVED
-CVE-2022-21153
- RESERVED
+CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...)
+ NOT-FOR-US: Intel
+CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...)
+ NOT-FOR-US: Intel
+CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...)
+ NOT-FOR-US: Intel
CVE-2022-21151
RESERVED
CVE-2022-21138
@@ -1128,14 +11670,14 @@ CVE-2022-21136
RESERVED
CVE-2022-21131
RESERVED
-CVE-2022-21220
- RESERVED
+CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...)
+ NOT-FOR-US: Intel
CVE-2022-21207
RESERVED
-CVE-2022-21205
- RESERVED
-CVE-2022-21203
- RESERVED
+CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...)
+ NOT-FOR-US: Intel
+CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...)
+ NOT-FOR-US: Intel
CVE-2022-21181
RESERVED
CVE-2022-21180
@@ -1890,10 +12432,10 @@ CVE-2022-20752
RESERVED
CVE-2022-20751
RESERVED
-CVE-2022-20750
- RESERVED
-CVE-2022-20749
- RESERVED
+CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
CVE-2022-20748
RESERVED
CVE-2022-20747
@@ -1914,8 +12456,8 @@ CVE-2022-20740
RESERVED
CVE-2022-20739
RESERVED
-CVE-2022-20738
- RESERVED
+CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...)
+ NOT-FOR-US: Cisco
CVE-2022-20737
RESERVED
CVE-2022-20736
@@ -1966,36 +12508,41 @@ CVE-2022-20714
RESERVED
CVE-2022-20713
RESERVED
-CVE-2022-20712
- RESERVED
-CVE-2022-20711
- RESERVED
-CVE-2022-20710
- RESERVED
-CVE-2022-20709
- RESERVED
-CVE-2022-20708
- RESERVED
-CVE-2022-20707
- RESERVED
-CVE-2022-20706
- RESERVED
-CVE-2022-20705
- RESERVED
-CVE-2022-20704
- RESERVED
-CVE-2022-20703
- RESERVED
-CVE-2022-20702
- RESERVED
-CVE-2022-20701
- RESERVED
-CVE-2022-20700
- RESERVED
-CVE-2022-20699
- RESERVED
-CVE-2022-20698
- RESERVED
+CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20711 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20710 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20709 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20708 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20707 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20706 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20705 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20704 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20703 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20702 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20701 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20700 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20699 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) ...)
+ - clamav 0.103.5+dfsg-1
+ [bullseye] - clamav <no-dsa> (clamav is updated via -updates)
+ [buster] - clamav <no-dsa> (clamav is updated via -updates)
+ [stretch] - clamav <postponed> (Minor issue; clean crash; follow stable updates)
+ NOTE: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
+ NOTE: https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a (0.103.5)
CVE-2022-20697
RESERVED
CVE-2022-20696
@@ -2030,8 +12577,8 @@ CVE-2022-20682
RESERVED
CVE-2022-20681
RESERVED
-CVE-2022-20680
- RESERVED
+CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...)
+ NOT-FOR-US: Cisco
CVE-2022-20679
RESERVED
CVE-2022-20678
@@ -2070,12 +12617,12 @@ CVE-2022-20662
RESERVED
CVE-2022-20661
RESERVED
-CVE-2022-20660
- RESERVED
-CVE-2022-20659
- RESERVED
-CVE-2022-20658
- RESERVED
+CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
CVE-2022-20657
RESERVED
CVE-2022-20656
@@ -2084,8 +12631,8 @@ CVE-2022-20655
RESERVED
CVE-2022-20654
RESERVED
-CVE-2022-20653
- RESERVED
+CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...)
+ NOT-FOR-US: Cisco
CVE-2022-20652
RESERVED
CVE-2022-20651
@@ -2096,32 +12643,32 @@ CVE-2022-20649
RESERVED
CVE-2022-20648
RESERVED
-CVE-2022-20647
- RESERVED
-CVE-2022-20646
- RESERVED
-CVE-2022-20645
- RESERVED
-CVE-2022-20644
- RESERVED
-CVE-2022-20643
- RESERVED
-CVE-2022-20642
- RESERVED
-CVE-2022-20641
- RESERVED
-CVE-2022-20640
- RESERVED
-CVE-2022-20639
- RESERVED
-CVE-2022-20638
- RESERVED
-CVE-2022-20637
- RESERVED
-CVE-2022-20636
- RESERVED
-CVE-2022-20635
- RESERVED
+CVE-2022-20647 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20646 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20645 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20644 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20643 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20642 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20641 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20640 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20639 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20638 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20637 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20636 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20635 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
CVE-2022-20634
RESERVED
CVE-2022-20633
@@ -2130,8 +12677,8 @@ CVE-2022-20632
RESERVED
CVE-2022-20631
RESERVED
-CVE-2022-20630
- RESERVED
+CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...)
+ NOT-FOR-US: Cisco
CVE-2022-20629
RESERVED
CVE-2022-20628
@@ -2148,26 +12695,26 @@ CVE-2022-20623
RESERVED
CVE-2022-20622
RESERVED
-CVE-2022-20621
- RESERVED
-CVE-2022-20620
- RESERVED
-CVE-2022-20619
- RESERVED
-CVE-2022-20618
- RESERVED
-CVE-2022-20617
- RESERVED
-CVE-2022-20616
- RESERVED
-CVE-2022-20615
- RESERVED
-CVE-2022-20614
- RESERVED
-CVE-2022-20613
- RESERVED
-CVE-2022-20612
- RESERVED
+CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source Plugin 7 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the n ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML me ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Pl ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...)
+ - jenkins <removed>
CVE-2022-0005
RESERVED
CVE-2022-0004
@@ -3308,76 +13855,76 @@ CVE-2022-20048
RESERVED
CVE-2022-20047
RESERVED
-CVE-2022-20046
- RESERVED
-CVE-2022-20045
- RESERVED
-CVE-2022-20044
- RESERVED
-CVE-2022-20043
- RESERVED
-CVE-2022-20042
- RESERVED
-CVE-2022-20041
- RESERVED
-CVE-2022-20040
- RESERVED
-CVE-2022-20039
- RESERVED
-CVE-2022-20038
- RESERVED
-CVE-2022-20037
- RESERVED
-CVE-2022-20036
- RESERVED
-CVE-2022-20035
- RESERVED
-CVE-2022-20034
- RESERVED
-CVE-2022-20033
- RESERVED
-CVE-2022-20032
- RESERVED
-CVE-2022-20031
- RESERVED
-CVE-2022-20030
- RESERVED
-CVE-2022-20029
- RESERVED
-CVE-2022-20028
- RESERVED
-CVE-2022-20027
- RESERVED
-CVE-2022-20026
- RESERVED
-CVE-2022-20025
- RESERVED
-CVE-2022-20024
- RESERVED
-CVE-2022-20023
- RESERVED
-CVE-2022-20022
- RESERVED
-CVE-2022-20021
- RESERVED
-CVE-2022-20020
- RESERVED
-CVE-2022-20019
- RESERVED
-CVE-2022-20018
- RESERVED
-CVE-2022-20017
- RESERVED
-CVE-2022-20016
- RESERVED
-CVE-2022-20015
- RESERVED
-CVE-2022-20014
- RESERVED
-CVE-2022-20013
- RESERVED
-CVE-2022-20012
- RESERVED
+CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20044 (In Bluetooth, there is a possible service crash due to a use after fre ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20043 (In Bluetooth, there is a possible escalation of privilege due to a mis ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20042 (In Bluetooth, there is a possible information disclosure due to incorr ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20041 (In Bluetooth, there is a possible escalation of privilege due to a mis ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20040 (In power_hal_manager_service, there is a possible permission bypass du ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20039 (In ccu driver, there is a possible memory corruption due to an integer ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20038 (In ccu driver, there is a possible memory corruption due to an incorre ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20037 (In ion driver, there is a possible information disclosure due to an in ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20036 (In ion driver, there is a possible information disclosure due to an in ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20035 (In vcu driver, there is a possible information disclosure due to a use ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20034 (In Preloader XFLASH, there is a possible escalation of privilege due t ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20033 (In camera driver, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20032 (In vow driver, there is a possible memory corruption due to a race con ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20031 (In fb driver, there is a possible memory corruption due to a use after ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20030 (In vow driver, there is a possible out of bounds write due to a stack- ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20029 (In cmdq driver, there is a possible out of bounds read due to an incor ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20028 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20027 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20026 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20025 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20024 (In system service, there is a possible permission bypass due to a miss ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20017 (In ion driver, there is a possible information disclosure due to an in ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...)
+ NOT-FOR-US: MediaTek
CVE-2022-20011
RESERVED
CVE-2022-20010
@@ -3400,3 +13947,17 @@ CVE-2022-20002
RESERVED
CVE-2022-20001
RESERVED
+CVE-2022-22590 [A use after free issue was addressed with improved memory management]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.5-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.5-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
+CVE-2022-22592 [A logic issue was addressed with improved state management]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.5-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.5-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
diff --git a/data/DLA/list b/data/DLA/list
index e65cfc93ef..21489709f1 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,299 @@
+[19 Feb 2022] DLA-2927-1 twisted - security update
+ {CVE-2020-10108 CVE-2020-10109 CVE-2022-21712}
+ [stretch] - twisted 16.6.0-2+deb9u1
+[18 Feb 2022] DLA-2926-1 zsh - security update
+ {CVE-2021-45444}
+ [stretch] - zsh 5.3.1-4+deb9u5
+[16 Feb 2022] DLA-2925-1 drupal7 - security update
+ {CVE-2022-25271}
+ [stretch] - drupal7 7.52-2+deb9u18
+[15 Feb 2022] DLA-2924-1 libxstream-java - security update
+ {CVE-2021-43859}
+ [stretch] - libxstream-java 1.4.11.1-1+deb9u5
+[15 Feb 2022] DLA-2923-1 h2database - security update
+ {CVE-2021-42392 CVE-2022-23221}
+ [stretch] - h2database 1.4.193-1+deb9u1
+[14 Feb 2022] DLA-2922-1 pgbouncer - security update
+ {CVE-2021-3935}
+ [stretch] - pgbouncer 1.7.2-2+deb9u1
+[14 Feb 2022] DLA-2921-1 thunderbird - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [stretch] - thunderbird 1:91.6.0-1~deb9u1
+[14 Feb 2022] DLA-2920-1 varnish - security update
+ {CVE-2022-23959}
+ [stretch] - varnish 5.0.0-7+deb9u3
+[12 Feb 2022] DLA-2919-1 python2.7 - security update
+ {CVE-2021-3177 CVE-2021-4189}
+ [stretch] - python2.7 2.7.13-2+deb9u6
+[12 Feb 2022] DLA-2918-1 debian-edu-config - security update
+ {CVE-2021-20001}
+ [stretch] - debian-edu-config 1.929+deb9u5
+[10 Feb 2022] DLA-2917-1 openjdk-8 - security update
+ {CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365}
+ [stretch] - openjdk-8 8u322-b06-1~deb9u1
+[09 Feb 2022] DLA-2916-1 firefox-esr - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [stretch] - firefox-esr 91.6.0esr-1~deb9u1
+[09 Feb 2022] DLA-2915-1 connman - security update
+ {CVE-2021-33833 CVE-2022-23096 CVE-2022-23097 CVE-2022-23098}
+ [stretch] - connman 1.33-3+deb9u3
+[07 Feb 2022] DLA-2914-1 zabbix - security update
+ {CVE-2022-23134}
+ [stretch] - zabbix 1:3.0.32+dfsg-0+deb9u2
+[07 Feb 2022] DLA-2913-1 xterm - security update
+ {CVE-2022-24130}
+ [stretch] - xterm 327-2+deb9u2
+[06 Feb 2022] DLA-2912-1 libphp-adodb - security update
+ {CVE-2021-3850}
+ [stretch] - libphp-adodb 5.20.9-1+deb9u1
+[04 Feb 2022] DLA-2911-1 apng2gif - security update
+ {CVE-2017-6960 CVE-2017-6961 CVE-2017-6962}
+ [stretch] - apng2gif 1.8-0.1~deb9u1
+[03 Feb 2022] DLA-2910-1 ldns - security update
+ {CVE-2017-1000231 CVE-2017-1000232 CVE-2020-19860 CVE-2020-19861}
+ [stretch] - ldns 1.7.0-1+deb9u1
+[03 Feb 2022] DLA-2909-1 strongswan - security update
+ {CVE-2021-45079}
+ [stretch] - strongswan 5.5.1-4+deb9u6
+[03 Feb 2022] DLA-2908-1 librecad - security update
+ {CVE-2021-45341 CVE-2021-45342 CVE-2021-45343}
+ [stretch] - librecad 2.1.2-1+deb9u3
+[01 Feb 2022] DLA-2907-1 apache2 - security update
+ {CVE-2021-44224 CVE-2021-44790}
+ [stretch] - apache2 2.4.25-3+deb9u12
+[01 Feb 2022] DLA-2906-1 python-django - security update
+ {CVE-2022-22818 CVE-2022-23833}
+ [stretch] - python-django 1:1.10.7-2+deb9u15
+[31 Jan 2022] DLA-2905-1 apache-log4j1.2 - security update
+ {CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307}
+ [stretch] - apache-log4j1.2 1.2.17-7+deb9u2
+[30 Jan 2022] DLA-2904-1 expat - security update
+ {CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990}
+ [stretch] - expat 2.2.0-2+deb9u4
+[29 Jan 2022] DLA-2903-1 libraw - security update
+ {CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365}
+ [stretch] - libraw 0.17.2-6+deb9u2
+[27 Jan 2022] DLA-2902-1 graphicsmagick - security update
+ {CVE-2020-12672}
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u5
+[26 Jan 2022] DLA-2883-2 uriparser - regression update
+ {CVE-2021-46141}
+ [stretch] - uriparser 0.8.4-1+deb9u4
+[25 Jan 2022] DLA-2901-1 libxfont - security update
+ {CVE-2017-16611}
+ [stretch] - libxfont 1:2.0.1-3+deb9u2
+[25 Jan 2022] DLA-2900-1 lrzsz - security update
+ {CVE-2018-10195}
+ [stretch] - lrzsz 0.12.21-8+deb9u1
+[25 Jan 2022] DLA-2899-1 policykit-1 - security update
+ {CVE-2021-4034}
+ [stretch] - policykit-1 0.105-18+deb9u2
+[25 Jan 2022] DLA-2898-1 nss - security update
+ {CVE-2022-22747}
+ [stretch] - nss 2:3.26.2-1.1+deb9u5
+[24 Jan 2022] DLA-2897-1 apr - security update
+ {CVE-2017-12613}
+ [stretch] - apr 1.5.2-5+deb9u1
+[24 Jan 2022] DLA-2896-1 ipython - security update
+ {CVE-2022-21699}
+ [stretch] - ipython 5.1.0-3+deb9u1
+[24 Jan 2022] DLA-2895-1 qt4-x11 - security update
+ {CVE-2021-3481 CVE-2021-45930}
+ [stretch] - qt4-x11 4:4.8.7+dfsg-11+deb9u3
+[24 Jan 2022] DLA-2894-1 aide - security update
+ {CVE-2021-45417}
+ [stretch] - aide 0.16-1+deb9u1
+[23 Jan 2022] DLA-2893-1 pillow - security update
+ {CVE-2022-22815 CVE-2022-22816 CVE-2022-22817}
+ [stretch] - pillow 4.0.0-4+deb9u4
+[21 Jan 2022] DLA-2892-1 golang-1.7 - security update
+ {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717}
+ [stretch] - golang-1.7 1.7.4-2+deb9u4
+[21 Jan 2022] DLA-2891-1 golang-1.8 - security update
+ {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717}
+ [stretch] - golang-1.8 1.8.1-1+deb9u4
+[21 Jan 2022] DLA-2890-1 libspf2 - security update
+ {CVE-2021-33912 CVE-2021-33913}
+ [stretch] - libspf2 1.2.10-7+deb9u2
+[19 Jan 2022] DLA-2889-1 drupal7 - security update
+ {CVE-2016-7103 CVE-2010-5312 CVE-2021-41182 CVE-2021-41183}
+ [stretch] - drupal7 7.52-2+deb9u17
+[18 Jan 2022] DLA-2888-1 nvidia-graphics-drivers - security update
+ {CVE-2021-1056 CVE-2021-1076 CVE-2021-1093 CVE-2021-1094 CVE-2021-1095}
+ [stretch] - nvidia-graphics-drivers 390.144-1~deb9u1
+[18 Jan 2022] DLA-2887-1 lighttpd - security update
+ {CVE-2018-19052}
+ [stretch] - lighttpd 1.4.45-1+deb9u1
+[17 Jan 2022] DLA-2886-1 slurm-llnl - security update
+ {CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215}
+ [stretch] - slurm-llnl 16.05.9-1+deb9u5
+[17 Jan 2022] DLA-2885-1 qtsvg-opensource-src - security update
+ {CVE-2021-3481 CVE-2021-45930}
+ [stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1+deb9u1
+[17 Jan 2022] DLA-2884-1 wordpress - security update
+ {CVE-2022-21661 CVE-2022-21662 CVE-2022-21663 CVE-2022-21664}
+ [stretch] - wordpress 4.7.22+dfsg-0+deb9u1
+[17 Jan 2022] DLA-2883-1 uriparser - security update
+ {CVE-2021-46141 CVE-2021-46142}
+ [stretch] - uriparser 0.8.4-1+deb9u3
+[17 Jan 2022] DLA-2882-1 sphinxsearch - security update
+ {CVE-2020-29050}
+ [stretch] - sphinxsearch 2.2.11-1.1+deb9u1
+[16 Jan 2022] DLA-2881-1 thunderbird - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [stretch] - thunderbird 1:91.5.0-1~deb9u1
+[16 Jan 2022] DLA-2880-1 firefox-esr - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [stretch] - firefox-esr 91.5.0esr-1~deb9u1
+[14 Jan 2022] DLA-2879-1 ghostscript - security update
+ {CVE-2021-45944 CVE-2021-45949}
+ [stretch] - ghostscript 9.26a~dfsg-0+deb9u8
+[12 Jan 2022] DLA-2878-1 roundcube - security update
+ {CVE-2021-46144}
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u10
+[12 Jan 2022] DLA-2877-1 gdal - security update
+ {CVE-2019-17545 CVE-2021-45943}
+ [stretch] - gdal 2.1.2+dfsg-5+deb9u1
+[10 Jan 2022] DLA-2876-1 vim - security update
+ {CVE-2017-17087 CVE-2019-20807 CVE-2021-3778 CVE-2021-3796}
+ [stretch] - vim 2:8.0.0197-4+deb9u4
+[10 Jan 2022] DLA-2875-1 clamav - security update
+ [stretch] - clamav 0.103.4+dfsg-0+deb9u1
+[04 Jan 2022] DLA-2874-1 thunderbird - security update
+ {CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
+ [stretch] - thunderbird 1:91.4.1-1~deb9u1
+[03 Jan 2022] DLA-2480-2 salt - regression update
+ [stretch] - salt 2016.11.2+ds-1+deb9u10
+[31 Dec 2021] DLA-2873-1 aria2 - security update
+ {CVE-2019-3500}
+ [stretch] - aria2 1.30.0-2+deb9u1
+[31 Dec 2021] DLA-2872-1 agg - security update
+ {CVE-2019-6245}
+ [stretch] - agg 2.5+dfsg1-11+deb9u1
+[30 Dec 2021] DLA-2871-1 lxml - security update
+ {CVE-2021-43818}
+ [stretch] - lxml 3.7.1-1+deb9u5
+[29 Dec 2021] DLA-2870-1 apache-log4j2 - security update
+ {CVE-2021-44832}
+ [stretch] - apache-log4j2 2.12.4-0+deb9u1
+[29 Dec 2021] DLA-2869-1 xorg-server - security update
+ {CVE-2021-4008 CVE-2021-4009 CVE-2021-4011}
+ [stretch] - xorg-server 2:1.19.2-1+deb9u9
+[29 Dec 2021] DLA-2868-1 advancecomp - security update
+ {CVE-2018-1056 CVE-2019-8379 CVE-2019-8383 CVE-2019-9210}
+ [stretch] - advancecomp 1.20-1+deb9u1
+[29 Dec 2021] DLA-2857-2 postgis - regression update
+ [stretch] - postgis 2.3.1+dfsg-2+deb9u2
+[29 Dec 2021] DLA-2867-1 spip - security update
+ {CVE-2021-44118 CVE-2021-44120 CVE-2021-44122 CVE-2021-44123}
+ [stretch] - spip 3.1.4-4~deb9u4+deb9u2
+[29 Dec 2021] DLA-2866-1 uw-imap - security update
+ {CVE-2018-19518}
+ [stretch] - uw-imap 8:2007f~dfsg-5+deb9u1
+[29 Dec 2021] DLA-2865-1 resiprocate - security update
+ {CVE-2017-11521 CVE-2018-12584}
+ [stretch] - resiprocate 1:1.11.0~beta1-3+deb9u2
+[29 Dec 2021] DLA-2864-1 ruby-haml - security update
+ {CVE-2017-1002201}
+ [stretch] - ruby-haml 4.0.7-1+deb9u1
+[29 Dec 2021] DLA-2863-1 firefox-esr - security update
+ {CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546}
+ [stretch] - firefox-esr 91.4.1esr-1~deb9u1
+[29 Dec 2021] DLA-2862-1 python-gnupg - security update
+ {CVE-2018-12020 CVE-2019-6690}
+ [stretch] - python-gnupg 0.3.9-1+deb9u1
+[28 Dec 2021] DLA-2861-1 rdflib - security update
+ {CVE-2019-7653}
+ [stretch] - rdflib 4.2.1-2+deb9u1
+[28 Dec 2021] DLA-2860-1 paramiko - security update
+ {CVE-2018-7750 CVE-2018-1000805}
+ [stretch] - paramiko 2.0.0-1+deb9u1
+[28 Dec 2021] DLA-2859-1 zziplib - security update
+ {CVE-2020-18442}
+ [stretch] - zziplib 0.13.62-3.2~deb9u2
+[28 Dec 2021] DLA-2858-1 libzip - security update
+ {CVE-2017-14107}
+ [stretch] - libzip 1.1.2-1.1+deb9u1
+[28 Dec 2021] DLA-2857-1 postgis - security update
+ {CVE-2017-18359}
+ [stretch] - postgis 2.3.1+dfsg-2+deb9u1
+[27 Dec 2021] DLA-2856-1 okular - security update
+ {CVE-2020-9359}
+ [stretch] - okular 4:16.08.2-1+deb9u2
+[27 Dec 2021] DLA-2855-1 monit - security update
+ {CVE-2019-11454 CVE-2019-11455}
+ [stretch] - monit 1:5.20.0-6+deb9u2
+[27 Dec 2021] DLA-2854-1 novnc - security update
+ {CVE-2017-18635}
+ [stretch] - novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-6+deb9u1
+[27 Dec 2021] DLA-2853-1 ruby2.3 - security update
+ {CVE-2021-41817 CVE-2021-41819}
+ [stretch] - ruby2.3 2.3.3-1+deb9u11
+[26 Dec 2021] DLA-2852-1 apache-log4j2 - security update
+ {CVE-2020-9488 CVE-2021-45105}
+ [stretch] - apache-log4j2 2.12.3-0+deb9u1
+[26 Dec 2021] DLA-2851-1 libextractor - security update
+ {CVE-2019-15531}
+ [stretch] - libextractor 1:1.3-4+deb9u4
+[26 Dec 2021] DLA-2850-1 libpcap - security update
+ {CVE-2019-15165}
+ [stretch] - libpcap 1.8.1-3+deb9u1
+[26 Dec 2021] DLA-2849-1 wireshark - security update
+ {CVE-2021-22207 CVE-2021-22235 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39928 CVE-2021-39929}
+ [stretch] - wireshark 2.6.20-0+deb9u2
+[17 Dec 2021] DLA-2848-1 libssh2 - security update
+ {CVE-2019-13115 CVE-2019-17498}
+ [stretch] - libssh2 1.7.0-1+deb9u2
+[15 Dec 2021] DLA-2847-1 mediawiki - security update
+ {CVE-2021-44858}
+ [stretch] - mediawiki 1:1.27.7-1+deb9u11
+[14 Dec 2021] DLA-2846-1 raptor2 - security update
+ {CVE-2020-25713}
+ [stretch] - raptor2 2.0.14-1+deb9u2
+[14 Dec 2021] DLA-2845-1 libsamplerate - security update
+ {CVE-2017-7697}
+ [stretch] - libsamplerate 0.1.8-8+deb9u1
+[13 Dec 2021] DLA-2844-1 privoxy - security update
+ {CVE-2021-44540 CVE-2021-44543}
+ [stretch] - privoxy 3.0.26-3+deb9u3
+[12 Dec 2021] DLA-2843-1 linux - security update
+ {CVE-2020-3702 CVE-2020-16119 CVE-2021-0920 CVE-2021-3612 CVE-2021-3653 CVE-2021-3655 CVE-2021-3679 CVE-2021-3732 CVE-2021-3753 CVE-2021-3760 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22543 CVE-2021-37159 CVE-2021-38160 CVE-2021-38198 CVE-2021-38199 CVE-2021-38204 CVE-2021-38205 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389}
+ [stretch] - linux 4.9.290-1
+[12 Dec 2021] DLA-2842-1 apache-log4j2 - security update
+ {CVE-2021-44228}
+ [stretch] - apache-log4j2 2.7-2+deb9u1
+[08 Dec 2021] DLA-2836-2 nss - regression update
+ [stretch] - nss 2:3.26.2-1.1+deb9u4
+[06 Dec 2021] DLA-2841-1 runc - security update
+ {CVE-2021-43784}
+ [stretch] - runc 0.1.1+dfsg1-2+deb9u3
+[06 Dec 2021] DLA-2840-1 roundcube - security update
+ {CVE-2021-44025 CVE-2021-44026}
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u9
+[03 Dec 2021] DLA-2839-1 gerbv - security update
+ {CVE-2021-40391}
+ [stretch] - gerbv 2.6.1-2+deb9u1
+[03 Dec 2021] DLA-2838-1 librecad - security update
+ {CVE-2021-21898 CVE-2021-21899 CVE-2021-21900}
+ [stretch] - librecad 2.1.2-1+deb9u2
+[02 Dec 2021] DLA-2837-1 gmp - security update
+ {CVE-2021-43618}
+ [stretch] - gmp 2:6.1.2+dfsg-1+deb9u1
+[02 Dec 2021] DLA-2836-1 nss - security update
+ {CVE-2021-43527}
+ [stretch] - nss 2:3.26.2-1.1+deb9u3
+[30 Nov 2021] DLA-2835-1 rsyslog - security update
+ {CVE-2019-17041 CVE-2019-17042}
+ [stretch] - rsyslog 8.24.0-1+deb9u1
+[30 Nov 2021] DLA-2834-1 uriparser - security update
+ {CVE-2018-20721}
+ [stretch] - uriparser 0.8.4-1+deb9u2
+[30 Nov 2021] DLA-2833-1 rsync - security update
+ {CVE-2018-5764}
+ [stretch] - rsync 3.1.2-1+deb9u3
+[29 Nov 2021] DLA-2832-1 opensc - security update
+ {CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572}
+ [stretch] - opensc 0.16.0-3+deb9u2
[28 Nov 2021] DLA-2831-1 libntlm - security update
{CVE-2019-17455}
[stretch] - libntlm 1.4-8+deb9u1
diff --git a/data/DSA/list b/data/DSA/list
index 80c0b5b9b4..ebcb7e7c4e 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,260 @@
+[19 Feb 2022] DSA-5084-1 wpewebkit - security update
+ {CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22620}
+ [bullseye] - wpewebkit 2.34.6-1~deb11u1
+[19 Feb 2022] DSA-5083-1 webkit2gtk - security update
+ {CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22620}
+ [buster] - webkit2gtk 2.34.6-1~deb10u1
+ [bullseye] - webkit2gtk 2.34.6-1~deb11u1
+[18 Feb 2022] DSA-5082-1 php7.4 - security update
+ {CVE-2021-21707 CVE-2021-21708}
+ [bullseye] - php7.4 7.4.28-1+deb11u1
+[18 Feb 2022] DSA-5081-1 redis - security update
+ {CVE-2022-0543}
+ [buster] - redis 5:5.0.14-1+deb10u2
+ [bullseye] - redis 5:6.0.16-1+deb11u2
+[18 Feb 2022] DSA-5080-1 snapd - security update
+ {CVE-2021-44730 CVE-2021-44731}
+ [buster] - snapd 2.37.4-1+deb10u1
+ [bullseye] - snapd 2.49-1+deb11u1
+[17 Feb 2022] DSA-5079-1 chromium - security update
+ {CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610}
+ [bullseye] - chromium 98.0.4758.102-1~deb11u1
+[16 Feb 2022] DSA-5078-1 zsh - security update
+ {CVE-2021-45444}
+ [buster] - zsh 5.7.1-1+deb10u1
+ [bullseye] - zsh 5.8-6+deb11u1
+[15 Feb 2022] DSA-5077-1 librecad - security update
+ {CVE-2021-21898 CVE-2021-21899 CVE-2021-21900 CVE-2021-45341 CVE-2021-45342 CVE-2021-45343}
+ [buster] - librecad 2.1.3-1.2+deb10u1
+ [bullseye] - librecad 2.1.3-1.3+deb11u1
+[15 Feb 2022] DSA-5076-1 h2database - security update
+ {CVE-2021-42392 CVE-2022-23221}
+ [buster] - h2database 1.4.197-4+deb10u1
+ [bullseye] - h2database 1.4.197-4+deb11u1
+[13 Feb 2022] DSA-5075-1 minetest - security update
+ {CVE-2022-24300 CVE-2022-24301}
+ [buster] - minetest 0.4.17.1+repack-1+deb10u1
+ [bullseye] - minetest 5.3.0+repack-2.1+deb11u1
+[13 Feb 2022] DSA-5074-1 thunderbird - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [buster] - thunderbird 1:91.6.0-1~deb10u1
+ [bullseye] - thunderbird 1:91.6.0-1~deb11u1
+[12 Feb 2022] DSA-5073-1 expat - security update
+ {CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990}
+ [buster] - expat 2.2.6-2+deb10u2
+ [bullseye] - expat 2.2.10-2+deb11u1
+[11 Feb 2022] DSA-5072-1 debian-edu-config - security update
+ {CVE-2021-20001}
+ [buster] - debian-edu-config 2.10.65+deb10u8
+ [bullseye] - debian-edu-config 2.11.56+deb11u3
+[11 Feb 2022] DSA-5071-1 samba - security update
+ {CVE-2021-44142}
+ [buster] - samba 2:4.9.5+dfsg-5+deb10u3
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u3
+[10 Feb 2022] DSA-5070-1 cryptsetup - security update
+ {CVE-2021-4122}
+ [bullseye] - cryptsetup 2:2.3.7-1+deb11u1
+[09 Feb 2022] DSA-5069-1 firefox-esr - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [buster] - firefox-esr 91.6.0esr-1~deb10u1
+ [bullseye] - firefox-esr 91.6.0esr-1~deb11u1
+[07 Feb 2022] DSA-5068-1 chromium - security update
+ {CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470}
+ [bullseye] - chromium 98.0.4758.80-1~deb11u1
+[03 Feb 2022] DSA-5067-1 ruby2.7 - security update
+ {CVE-2021-41816 CVE-2021-41817 CVE-2021-41819}
+ [bullseye] - ruby2.7 2.7.4-1+deb11u1
+[03 Feb 2022] DSA-5066-1 ruby2.5 - security update
+ {CVE-2021-28965 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2021-41819}
+ [buster] - ruby2.5 2.5.5-3+deb10u4
+[31 Jan 2022] DSA-5065-1 ipython - security update
+ {CVE-2022-21699}
+ [buster] - ipython 5.8.0-1+deb10u1
+ [bullseye] - ipython 7.20.0-1+deb11u1
+[29 Jan 2022] DSA-5064-1 python-nbxmpp - security update
+ {CVE-2021-41055}
+ [bullseye] - python-nbxmpp 2.0.2-1+deb11u1
+[29 Jan 2022] DSA-5047-2 prosody - regression update
+ [buster] - prosody 0.11.2-1+deb10u4
+ [bullseye] - prosody 0.11.9-2+deb11u2
+[26 Jan 2022] DSA-5063-1 uriparser - security update
+ {CVE-2021-46141 CVE-2021-46142}
+ [buster] - uriparser 0.9.1-1+deb10u1
+ [bullseye] - uriparser 0.9.4+dfsg-1+deb11u1
+[25 Jan 2022] DSA-5062-1 nss - security update
+ {CVE-2022-22747}
+ [buster] - nss 2:3.42.1-1+deb10u5
+ [bullseye] - nss 2:3.61-1+deb11u2
+[25 Jan 2022] DSA-5061-1 wpewebkit - security update
+ {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+ [bullseye] - wpewebkit 2.34.4-1~deb11u1
+[25 Jan 2022] DSA-5060-1 webkit2gtk - security update
+ {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+ [buster] - webkit2gtk 2.34.4-1~deb10u1
+ [bullseye] - webkit2gtk 2.34.4-1~deb11u1
+[25 Jan 2022] DSA-5059-1 policykit-1 - security update
+ {CVE-2021-4034}
+ [buster] - policykit-1 0.105-25+deb10u1
+ [bullseye] - policykit-1 0.105-31+deb11u1
+[25 Jan 2022] DSA-5058-1 openjdk-17 - security update
+ {CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366}
+ [bullseye] - openjdk-17 17.0.2+8-1~deb11u1
+[24 Jan 2022] DSA-5057-1 openjdk-11 - security update
+ {CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366}
+ [buster] - openjdk-11 11.0.14+9-1~deb10u1
+ [bullseye] - openjdk-11 11.0.14+9-1~deb11u1
+[24 Jan 2022] DSA-5056-1 strongswan - security update
+ {CVE-2021-45079}
+ [buster] - strongswan 5.7.2-1+deb10u2
+ [bullseye] - strongswan 5.9.1-1+deb11u2
+[24 Jan 2022] DSA-5055-1 util-linux - security update
+ {CVE-2021-3995 CVE-2021-3996}
+ [bullseye] - util-linux 2.36.1-8+deb11u1
+[23 Jan 2022] DSA-5054-1 chromium - security update
+ {CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0303 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311}
+ [bullseye] - chromium 97.0.4692.99-1~deb11u2
+[21 Jan 2022] DSA-5053-1 pillow - security update
+ {CVE-2022-22815 CVE-2022-22816 CVE-2022-22817}
+ [buster] - pillow 5.4.1-2+deb10u3
+ [bullseye] - pillow 8.1.2+dfsg-0.3+deb11u1
+[21 Jan 2022] DSA-5052-1 usbview - security update
+ {CVE-2022-23220}
+ [buster] - usbview 2.0-21-g6fe2f4f-2+deb10u1
+ [bullseye] - usbview 2.0-21-g6fe2f4f-2+deb11u1
+[20 Jan 2022] DSA-5051-1 aide - security update
+ {CVE-2021-45417}
+ [buster] - aide 0.16.1-1+deb10u1
+ [bullseye] - aide 0.17.3-4+deb11u1
+[20 Jan 2022] DSA-5050-1 linux - security update
+ {CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222}
+ [bullseye] - linux 5.10.92-1
+[20 Jan 2022] DSA-5049-1 flatpak - security update
+ {CVE-2021-43860 CVE-2022-21682}
+ [bullseye] - flatpak 1.10.7-0+deb11u1
+[15 Jan 2022] DSA-5048-1 libreswan - security update
+ {CVE-2022-23094}
+ [bullseye] - libreswan 4.3-1+deb11u1
+[15 Jan 2022] DSA-5047-1 prosody - security update
+ {CVE-2022-0217}
+ [buster] - prosody 0.11.2-1+deb10u3
+ [bullseye] - prosody 0.11.9-2+deb11u1
+[14 Jan 2022] DSA-5046-1 chromium - security update
+ {CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120}
+ [bullseye] - chromium 97.0.4692.71-0.1~deb11u1
+[14 Jan 2022] DSA-5045-1 thunderbird - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [buster] - thunderbird 1:91.5.0-2~deb10u1
+ [bullseye] - thunderbird 1:91.5.0-2~deb11u1
+[13 Jan 2022] DSA-5044-1 firefox-esr - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [buster] - firefox-esr 91.5.0esr-1~deb10u1
+ [bullseye] - firefox-esr 91.5.0esr-1~deb11u1
+[12 Jan 2022] DSA-5043-1 lxml - security update
+ {CVE-2021-43818}
+ [buster] - lxml 4.3.2-1+deb10u4
+ [bullseye] - lxml 4.6.3+dfsg-0.1+deb11u1
+[12 Jan 2022] DSA-5042-1 epiphany-browser - security update
+ {CVE-2021-45085 CVE-2021-45086 CVE-2021-45087 CVE-2021-45088}
+ [bullseye] - epiphany-browser 3.38.2-1+deb11u1
+[11 Jan 2022] DSA-5041-1 cfrpki - security update
+ {CVE-2021-3761 CVE-2021-3907 CVE-2021-3908 CVE-2021-3909 CVE-2021-3910 CVE-2021-3911 CVE-2021-3912 CVE-2021-43173 CVE-2021-43174}
+ [bullseye] - cfrpki 1.4.2-1~deb11u1
+[11 Jan 2022] DSA-5040-1 lighttpd - security update
+ {CVE-2022-22707}
+ [buster] - lighttpd 1.4.53-4+deb10u2
+ [bullseye] - lighttpd 1.4.59-1+deb11u1
+[11 Jan 2022] DSA-5039-1 wordpress - security update
+ {CVE-2022-21661 CVE-2022-21662 CVE-2022-21663 CVE-2022-21664}
+ [buster] - wordpress 5.0.15+dfsg1-0+deb10u1
+ [bullseye] - wordpress 5.7.5+dfsg1-0+deb11u1
+[08 Jan 2022] DSA-5038-1 ghostscript - security update
+ {CVE-2021-45944 CVE-2021-45949}
+ [buster] - ghostscript 9.27~dfsg-2+deb10u5
+ [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u2
+[08 Jan 2022] DSA-5037-1 roundcube - security update
+ {CVE-2021-46144}
+ [buster] - roundcube 1.3.17+dfsg.1-1~deb10u2
+ [bullseye] - roundcube 1.4.13+dfsg.1-1~deb11u1
+[06 Jan 2022] DSA-5036-1 sphinxsearch - security update
+ {CVE-2020-29050}
+ [buster] - sphinxsearch 2.2.11-2+deb10u1
+[04 Jan 2022] DSA-5035-1 apache2 - security update
+ {CVE-2021-44224 CVE-2021-44790}
+ [buster] - apache2 2.4.38-3+deb10u7
+ [bullseye] - apache2 2.4.52-1~deb11u2
+[02 Jan 2022] DSA-5034-1 thunderbird - security update
+ {CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
+ [buster] - thunderbird 1:91.4.1-1~deb10u1
+ [bullseye] - thunderbird 1:91.4.1-1~deb11u1
+[30 Dec 2021] DSA-5033-1 fort-validator - security update
+ {CVE-2021-3907 CVE-2021-3909 CVE-2021-43173 CVE-2021-43114}
+ [bullseye] - fort-validator 1.5.3-1~deb11u1
+[28 Dec 2021] DSA-5032-1 djvulibre - security update
+ {CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-3500 CVE-2021-3630 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493}
+ [buster] - djvulibre 3.5.27.1-10+deb10u1
+[23 Dec 2021] DSA-5031-1 wpewebkit - security update
+ {CVE-2021-30887 CVE-2021-30890}
+ [bullseye] - wpewebkit 2.34.3-1~deb11u1
+[23 Dec 2021] DSA-5030-1 webkit2gtk - security update
+ {CVE-2021-30887 CVE-2021-30890}
+ [buster] - webkit2gtk 2.34.3-1~deb10u1
+ [bullseye] - webkit2gtk 2.34.3-1~deb11u1
+[22 Dec 2021] DSA-5000-2 openjdk-11 - security update
+ {CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603}
+ [buster] - openjdk-11 11.0.13+8-1~deb10u1
+[22 Dec 2021] DSA-5029-1 sogo - security update
+ {CVE-2021-33054}
+ [buster] - sogo 4.0.7-1+deb10u2
+ [bullseye] - sogo 5.0.1-4+deb11u1
+[22 Dec 2021] DSA-5028-1 spip - security update
+ {CVE-2021-44118 CVE-2021-44120 CVE-2021-44122 CVE-2021-44123}
+ [buster] - spip 3.2.4-1+deb10u5
+ [bullseye] - spip 3.2.11-3+deb11u1
+[21 Dec 2021] DSA-5027-1 xorg-server - security update
+ {CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011}
+ [buster] - xorg-server 2:1.20.4-1+deb10u4
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u1
+[19 Dec 2021] DSA-5026-1 firefox-esr - security update
+ {CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503}
+ [bullseye] - firefox-esr 91.4.1esr-1~deb11u1
+[19 Dec 2021] DSA-5025-1 tang - security update
+ {CVE-2021-4076}
+ [bullseye] - tang 8-3+deb11u1
+[18 Dec 2021] DSA-5024-1 apache-log4j2 - security update
+ {CVE-2021-45105}
+ [buster] - apache-log4j2 2.17.0-1~deb10u1
+ [bullseye] - apache-log4j2 2.17.0-1~deb11u1
+[18 Dec 2021] DSA-5023-1 modsecurity-apache - security update
+ {CVE-2021-42717}
+ [buster] - modsecurity-apache 2.9.3-1+deb10u1
+ [bullseye] - modsecurity-apache 2.9.3-3+deb11u1
+[16 Dec 2021] DSA-5022-1 apache-log4j2 - security update
+ {CVE-2021-45046}
+ [buster] - apache-log4j2 2.16.0-1~deb10u1
+ [bullseye] - apache-log4j2 2.16.0-1~deb11u1
+[15 Dec 2021] DSA-5021-1 mediawiki - security update
+ {CVE-2021-44857 CVE-2021-44858 CVE-2021-45038}
+ [bullseye] - mediawiki 1:1.35.4-1+deb11u2
+[11 Dec 2021] DSA-5020-1 apache-log4j2 - security update
+ {CVE-2021-44228}
+ [buster] - apache-log4j2 2.15.0-1~deb10u1
+ [bullseye] - apache-log4j2 2.15.0-1~deb11u1
+[10 Dec 2021] DSA-5019-1 wireshark - security update
+ {CVE-2021-22207 CVE-2021-22222 CVE-2021-22235 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929}
+ [bullseye] - wireshark 3.4.10-0+deb11u1
+[09 Dec 2021] DSA-5018-1 python-babel - security update
+ {CVE-2021-42771}
+ [buster] - python-babel 2.6.0+dfsg.1-1+deb10u1
+[05 Dec 2021] DSA-5017-1 xen - security update
+ {CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709}
+ [bullseye] - xen 4.14.3+32-g9de3671772-1~deb11u1
+[01 Dec 2021] DSA-5016-1 nss - security update
+ {CVE-2021-43527}
+ [buster] - nss 2:3.42.1-1+deb10u4
+ [bullseye] - nss 2:3.61-1+deb11u1
+[30 Nov 2021] DSA-5015-1 samba - security update
+ {CVE-2020-25717}
+ [buster] - samba 2:4.9.5+dfsg-5+deb10u2
[28 Nov 2021] DSA-5014-1 icu - security update
{CVE-2020-21913}
[buster] - icu 63.1-6+deb10u2
@@ -58,10 +315,10 @@
{CVE-2020-19143}
[buster] - tiff 4.1.0+git191117-2~deb10u3
[29 Oct 2021] DSA-4996-1 wpewebkit - security update
- {CVE-2021-30846 CVE-2021-30851 CVE-2021-42762}
+ {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762 CVE-2021-45481 CVE-2021-45483}
[bullseye] - wpewebkit 2.34.1-1~deb11u1
[29 Oct 2021] DSA-4995-1 webkit2gtk - security update
- {CVE-2021-30846 CVE-2021-30851 CVE-2021-42762}
+ {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762 CVE-2021-45481 CVE-2021-45483}
[buster] - webkit2gtk 2.34.1-1~deb10u1
[bullseye] - webkit2gtk 2.34.1-1~deb11u1
[28 Oct 2021] DSA-4994-1 bind9 - security update
@@ -128,10 +385,10 @@
{CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701}
[bullseye] - xen 4.14.3-1~deb11u1
[20 Sep 2021] DSA-4976-1 wpewebkit - security update
- {CVE-2021-30848 CVE-2021-30849 CVE-2021-30858}
+ {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858 CVE-2021-45482}
[bullseye] - wpewebkit 2.32.4-1~deb11u1
[20 Sep 2021] DSA-4975-1 webkit2gtk - security update
- {CVE-2021-30848 CVE-2021-30849 CVE-2021-30858}
+ {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858 CVE-2021-45482}
[buster] - webkit2gtk 2.32.4-1~deb10u1
[bullseye] - webkit2gtk 2.32.4-1~deb11u1
[19 Sep 2021] DSA-4974-1 nextcloud-desktop - security update
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index ff63a645c7..3718f8e769 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -13,12 +13,14 @@ To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
--
-ansible (Lee Garrett)
+ansible
NOTE: 20210411: As discussed with the maintainer I will update Buster first and
NOTE: 20210411: after that LTS. (apo)
NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
-debian-archive-keyring
+asterisk (Abhijith PA)
+--
+debian-archive-keyring (Anton)
NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
NOTE: 20211003: waiting for Jonathan to get back as his keys
@@ -27,78 +29,71 @@ debian-archive-keyring
NOTE: 20211018: Jonathan is prepping the branch; will work
NOTE: 20211018: with him and upload and publish the DLA. (utkarsh)
--
-firefox-esr (Emilio)
- NOTE: 20211122: blocked on toolchain backports (pochu)
+expat (Emilio)
+ NOTE: 20220221: please wait for DSA first. (Anton)
--
-firmware-nonfree (Markus Koschany)
+firmware-nonfree
NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
+ NOTE: 20211207: Intend to release this week.
--
-gerbv (Anton)
- NOTE: 20211107: The fix has only one-line! But... be sure that the fix will help. (Anton)
- NOTE: 20211107: Please take the package if you can reproduce the issue with valgrind/AddressSanitizer/Leaksanitizer (Anton)
- NOTE: 20211107: The simple fix will unlikely help. (Anton)
- NOTE: 20211121: Still needs to be investigated with extra-tool. (Anton)
- NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/gmp/
+freecad (Emilio)
+ NOTE: 20220221: please wait for DSA first. (Anton)
--
-gmp (Anton)
- NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/gmp/
+gif2apng (Anton)
+ NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc)
+ NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)
+ NOTE: 20220221: WIP (Anton)
--
gpac (Roberto C. Sánchez)
NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto)
NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto)
+ NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto)
--
-libgit2 (Utkarsh)
- NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed
- NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch
- NOTE: 20211029: 4 other CVEs might also be worth fixing (bunk)
- NOTE: 20211029: taking this with my maintainer hat on; will investigate
- NOTE: 20211029: and TAL later next week. (utkarsh)
- NOTE: 20211116: backports prepped; checking build and smoke-testing package. (utkarsh)
+htmldoc (Thorsten Alteholz)
+--
+intel-microcode
+ NOTE: 20220213: please recheck
--
-librecad (Sylvain Beucler)
- NOTE: 20211127: also take care of other suites
+libarchive (Thorsten Alteholz)
+ NOTE: 20220213: testing package
--
-libssh2 (Ola Lundqvist)
- NOTE: 20211031: CVE-2019-13115 and CVE-2019-17498 were fixed in jessie DLAs
- NOTE: 20211031: but still need fixing in stretch and buster. (bunk)
- NOTE: 20211116: Work in progress for stretch. (ola)
+libgit2 (Utkarsh)
+ NOTE: 20220208: got clearance. will upload this week. (utkarsh)
+ NOTE: 20220221: had been severely ill the past week. shall get it done soon. (utkarsh)
--
linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
--
-nvidia-graphics-drivers
- NOTE: package is in non-free but also in packages-to-support
- NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077
- NOTE: 20211108: nvidia-graphics-drivers-legacy-390xx 390.144-1 in buster/bullseye/bookworm
- NOTE: 20211108: now fixes all 5 CVEs (bunk)
---
-opensc (Adrian Bunk)
+mariadb-10.1
+ NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton)
--
-pgbouncer (Thorsten Alteholz)
- NOTE: 20211128: also help with other releases
---
-puppet
- NOTE: please recheck whether really affected
---
-roundcube (Markus Koschany)
+nvidia-graphics-drivers
+ NOTE: 20220203: package is in non-free but also in packages-to-support (Beuc)
+ NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
+ NOTE: 20220209: backport (apo)
--
-rsync (Adrian Bunk)
+pjproject (Abhijith PA)
+ NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
+ NOTE: 20220215: Asterisk and ring have embedded copy of pjproject (abhijith)
--
-rustc (Roberto C. Sánchez)
- NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
- NOTE: https://bugs.debian.org/928422
- NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk)
- NOTE: 20211101: working on llvm-toolchain-11 update, which is needed by rustc (roberto)
- NOTE: 20211112: llvm-toolchain-11 update is now uploaded (roberto)
+ring (Abhijith PA)
--
-samba (Anton)
+samba
NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
+ NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton)
+ NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
+ NOTE: 20220125: ftbfs, wip. (utkarsh)
--
thunderbird (Emilio)
- NOTE: 20211122: blocked on toolchain backports (pochu)
--
-wireshark (Adrian Bunk)
- NOTE: 20211119: Check https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55b7eff90db8487e20106c2c09e61293a477e89 (lamby)
+tiff (Thorsten Alteholz)
+--
+ujson (Anton)
+ NOTE: 20220121: please reheck, at least the mentioned function is available in Stretch
+ NOTE: 20220206: https://salsa.debian.org/lts-team/packages/ujson Investigating, whether affected or not (Anton)
+ NOTE: 20220221: WIP (Anton)
+--
+vim
--
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index f01e1312fa..29d7c49154 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -12,18 +12,16 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-condor
+asterisk/oldstable
--
-chromium
+condor
--
-djvulibre
+expat (carnil)
+ Waiting for final fix upstream and first exposure in unstable
--
faad2/oldstable (jmm)
--
-firefox-esr
- Rust toolchain updates needed
---
-gpac (jmm)
+freecad (aron)
--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
@@ -33,32 +31,17 @@ ndpi/oldstable
--
nodejs (jmm)
--
-puppetdb (jmm)
---
python-pysaml2 (jmm)
--
-rabbitmq-server
+rpki-client/stable
+ new 7.6 release required libretls, which isn't in Bullseye
--
runc
--
-samba/oldstable (carnil)
- We will likely only address the 'min domain uid' patch, the fixes for the CVEs
- are otherwise quite intrusive.
---
-sogo
- Maintainer preparing updates
---
thunderbird (jmm)
- Rust toolchain updates needed
--
trafficserver (jmm)
wait until status for CVE-2021-38161 is clarified (upstream patch got reverted)
--
-varnish
---
-wireshark
---
-xen
- Maintainer proposed an update, but might be very well as well an option via point release
- given the timeline and the kernel upgrade pending.
+varnish (fw)
--
diff --git a/data/embedded-code-copies b/data/embedded-code-copies
index bac2d8476f..17822518b9 100644
--- a/data/embedded-code-copies
+++ b/data/embedded-code-copies
@@ -1513,6 +1513,10 @@ pyparsing
- matplotlib 1.3.0-1 (embed; bug #531024; bug #555369)
- zhpy 1.7.3.1-1 (embed; bug #555370)
- polybori <unknown> (embed)
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
- python-whoosh <unknown> (embed)
- twill <unknown> (embed)
- zope-textindexng3 <unknown> (embed)
@@ -1648,11 +1652,19 @@ python2.7
NOTE: core functionality based on Python difflib code with changed output format
- zodbpickle <unfixable> (fork)
NOTE: embeds outdated stdlib modules: pickle, cpickle
+ - pypy <unfixable> (fork)
+ NOTE: embeds stdlib
python3.6
- zodbpickle <unfixable> (fork)
NOTE: embeds outdated stdlib modules: pickle, cpickle
+python3.7
+ - pypy3 <unfixable> (fork)
+ NOTE: embeds stdlib
+ - python2-pip <unfixable> (embed)
+ NOTE: embeds contextlib - https://lists.debian.org/debian-python/2021/09/msg00031.html
+
argparse
- twill <unfixed> (embed; bug #555347)
- ipython <unfixed> (embed; bug #555348)
@@ -1756,6 +1768,7 @@ unicode-data
- boost1.63 <unfixed> (embed; bug #852763)
- boost1.67 <unfixed> (embed; bug #920319)
- boost1.71 <unfixed> (embed; bug #963587)
+ - boost1.74 <unfixed> (embed; bug #1005201)
- glibc <unfixed> (modified-embed)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21533
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14095
@@ -2875,7 +2888,7 @@ dcraw
libraw
- libkdcraw 4:4.12.3-1
- - darktable <unfixed> (modified-embed; bug #682980)
+ - darktable <unfixed> (modified-embed; bug #1002876)
- shotwell <unfixed>
NOTE: possibly fixed in wheezy and greater
@@ -2911,9 +2924,6 @@ automysqlbackup
- autopostgresqlbackup <unfixed>
NOTE: fork
-python-pip
- - python-virtualenv <unfixed>
-
scrypt
- python-scrypt <unfixed> (embed; wontfix; package in NEW)
NOTE: upstream scrypt does not provide a shared library/API
@@ -3558,8 +3568,173 @@ python-py
- pypy <unfixed> (embed)
- pypy3 <unfixed> (embed)
+pytest
+ - pypy <unfixed> (modified-embed)
+ - pypy3 <unfixed> (modified-embed)
+
+python-cffi
+ - pypy <unfixed> (embed)
+ - pypy3 <unfixed> (embed)
+
+python-cryptography:
+ - pypy <unfixed> (embed)
+ - pypy3 <unfixed> (embed)
+
chezscheme
- racket <unfixable> (fork)
ccextractor
- gpac 0.93+ds2-1 (modified-embed; bug #994754)
+
+xorg-server
+ - xwayland <unfixable> (fork)
+
+python-cachecontrol
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-certifi
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+chardet
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-colorama
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+distlib
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-distro
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+html5lib
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-idna
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-msgpack
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-packaging
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+pep517
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+setuptools
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+platformdirs
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-progress
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+requests
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-resolvelib
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+six
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-tenacity
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-tomli
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-urllib3
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-webencodings
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+appdirs
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-ipaddress
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-retrying
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-toml
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+pygments
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+rich
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+asterisk
+ - pjproject <unfixed> (embed)
+
+ring
+ - pjproject <unfixed> (embed)
diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt
index ff3d12b52a..544f62dcf4 100644
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -87,14 +87,154 @@ CVE-2019-1010317
CVE-2019-1010319
[buster] - wavpack 5.1.0-6+deb10u1
CVE-2021-35604
- [buster] - mariadb-10.3 1:10.3.32-0+deb10u1
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46662
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46667
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46659
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24048
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24050
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24051
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24052
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46661
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46663
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46664
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46665
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46668
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
CVE-2021-43331
[buster] - mailman 1:2.1.29-1+deb10u3
CVE-2021-43332
[buster] - mailman 1:2.1.29-1+deb10u3
+CVE-2021-44227
+ [buster] - mailman 1:2.1.29-1+deb10u4
CVE-2019-14462
[buster] - libmodbus 3.1.4-2+deb10u1
CVE-2019-14463
[buster] - libmodbus 3.1.4-2+deb10u1
CVE-2021-43618
[buster] - gmp 2:6.1.2+dfsg-4+deb10u1
+CVE-2021-37146
+ [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u3
+CVE-2021-40391
+ [buster] - gerbv 2.7.0-1+deb10u1
+CVE-2021-44540
+ [buster] - privoxy 3.0.28-2+deb10u2
+CVE-2021-44543
+ [buster] - privoxy 3.0.28-2+deb10u2
+CVE-2020-12672
+ [buster] - graphicsmagick 1.4+really1.3.35-1~deb10u2
+CVE-2020-16117
+ [buster] - evolution-data-server 3.30.5-1+deb10u2
+CVE-2020-15953
+ [buster] - libetpan 1.9.3-2+deb10u1
+CVE-2019-10172
+ [buster] - libjackson-json-java 1.9.13-2~deb10u1
+CVE-2017-15095
+ [buster] - libjackson-json-java 1.9.13-2~deb10u1
+CVE-2017-7525
+ [buster] - libjackson-json-java 1.9.13-2~deb10u1
+CVE-2021-22207
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-22235
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39921
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39922
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39923
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39924
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39928
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39929
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2020-25693
+ [buster] - cimg 2.4.5+dfsg-1+deb10u1
+CVE-2020-0499
+ [buster] - flac 1.3.2-3+deb10u1
+CVE-2022-20698
+ [buster] - clamav 0.103.5+dfsg-0+deb10u1
+CVE-2020-25713
+ [buster] - raptor2 2.0.14-1.1~deb10u2
+CVE-2019-7572
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7573
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7574
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7575
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7576
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7577
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7578
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7635
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7636
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7637
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7638
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-13616
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2020-18442
+ [buster] - zziplib 0.13.62-3.2+deb10u1
+CVE-2020-8955
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2020-9759
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2020-9760
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2021-40516
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2019-15945
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-15946
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-19479
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-20792
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2020-26570
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2020-26571
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2020-26572
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-17041
+ [buster] - rsyslog 8.1901.0-1+deb10u1
+CVE-2019-17042
+ [buster] - rsyslog 8.1901.0-1+deb10u1
+CVE-2019-15165
+ [buster] - libpcap 1.8.1-6+deb10u1
+CVE-2019-15531
+ [buster] - libextractor 1:1.8-2+deb10u1
+CVE-2021-46671
+ [buster] - atftp 0.7.git20120829-3.2~deb10u3
+CVE-2022-24130
+ [buster] - xterm 344-1+deb10u2
+CVE-2021-4104
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2022-23302
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2022-23305
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2022-23307
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2021-44832
+ [buster] - apache-log4j2 2.17.1-1~deb10u1
diff --git a/data/next-point-update.txt b/data/next-point-update.txt
index abad834dcb..66b78763c0 100644
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -1,42 +1,120 @@
-CVE-2019-11098
- [bullseye] - edk2 2020.11-2+deb11u1
-CVE-2021-38155
- [bullseye] - keystone 2:18.0.0-3+deb11u1
+CVE-2021-42343
+ [bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1
CVE-2021-3654
[bullseye] - nova 2:22.2.2-1+deb11u1
-CVE-2021-36221
- [bullseye] - golang-1.15 1.15.15-1~deb11u1
-CVE-2021-39293
- [bullseye] - golang-1.15 1.15.15-1~deb11u1
CVE-2021-40083
[bullseye] - knot-resolver 5.3.1-1+deb11u1
-CVE-2021-3770
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2021-3778
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2021-3796
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2020-28282
- [bullseye] - node-getobject 0.1.0-2+deb11u1
-CVE-2021-38714
- [bullseye] - plib 1.8.5-8+deb11u1
-CVE-2021-3802
- [bullseye] - udisks2 2.9.2-2+deb11u1
-CVE-2021-41184
- [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-CVE-2021-42917
- [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
-CVE-2021-43612
- [bullseye] - lldpd 1.0.12-1+deb11u1
-CVE-2021-40985
- [bullseye] - htmldoc 1.9.11-4+deb11u1
-CVE-2021-43579
- [bullseye] - htmldoc 1.9.11-4+deb11u1
-CVE-2021-35604
- [bullseye] - mariadb-10.5 1:10.5.13-0+deb11u1
-CVE-2021-3918
- [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
-CVE-2021-43618
- [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
CVE-2021-41270
[bullseye] - symfony 4.4.19+dfsg-2+deb11u1
+CVE-2021-35604
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46667
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46662
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46659
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24048
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24050
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24051
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24052
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46661
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46663
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46664
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46665
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46668
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-44917
+ [bullseye] - gnuplot 5.4.1+dfsg1-1+deb11u1
+CVE-2021-45379
+ [bullseye] - glewlwyd 2.5.2-2+deb11u2
+CVE-2021-23177
+ [bullseye] - libarchive 3.4.3-2+deb11u1
+CVE-2021-31566
+ [bullseye] - libarchive 3.4.3-2+deb11u1
+CVE-2021-43808
+ [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1
+CVE-2021-43617
+ [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1
+CVE-2021-32718
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2021-32719
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2021-22116
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2018-1279
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2021-36980
+ [bullseye] - openvswitch 2.15.0+ds1-2+deb11u1
+CVE-2022-0155
+ [bullseye] - node-follow-redirects 1.13.1-1+deb11u1
+CVE-2022-0536
+ [bullseye] - node-follow-redirects 1.13.1-1+deb11u1
+CVE-2021-45115
+ [bullseye] - python-django 2:2.2.26-1~deb11u1
+CVE-2021-45116
+ [bullseye] - python-django 2:2.2.26-1~deb11u1
+CVE-2021-45452
+ [bullseye] - python-django 2:2.2.26-1~deb11u1
+CVE-2022-21670
+ [bullseye] - node-markdown-it 10.0.0+dfsg-2+deb11u1
+CVE-2022-20698
+ [bullseye] - clamav 0.103.5+dfsg-0+deb11u1
+CVE-2021-3997
+ [bullseye] - systemd 247.3-7
+CVE-2020-18442
+ [bullseye] - zziplib 0.13.62-3.3+deb11u1
+CVE-2022-0235
+ [bullseye] - node-fetch 2.6.1-5+deb11u1
+CVE-2021-40516
+ [bullseye] - weechat 3.0-1+deb11u1
+CVE-2021-23518
+ [bullseye] - node-cached-path-relative 1.0.2-1+deb11u1
+CVE-2021-44273
+ [bullseye] - e2guardian 5.3.4-1+deb11u1
+CVE-2021-46671
+ [bullseye] - atftp 0.7.git20120829-3.3+deb11u2
+CVE-2022-24130
+ [bullseye] - xterm 366-1+deb11u1
+CVE-2022-21814
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.172.01-1~deb11u1
+ [bullseye] - nvidia-graphics-drivers 470.103.01-1~deb11u1
+CVE-2022-21813
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.172.01-1~deb11u1
+ [bullseye] - nvidia-graphics-drivers 470.103.01-1~deb11u1
+CVE-2021-3803
+ [bullseye] - node-nth-check 2.0.0-1+deb11u1
+CVE-2021-33623
+ [bullseye] - node-trim-newlines 3.0.0-1+deb11u1
+CVE-2022-23806
+ [bullseye] - golang-1.15 1.15.15-1~deb11u3
+CVE-2022-23772
+ [bullseye] - golang-1.15 1.15.15-1~deb11u3
+CVE-2022-23773
+ [bullseye] - golang-1.15 1.15.15-1~deb11u3
+CVE-2021-4104
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2022-23302
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2022-23305
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2022-23307
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2021-44832
+ [bullseye] - apache-log4j2 2.17.1-1~deb11u1
+CVE-2021-43396
+ [bullseye] - glibc 2.31-13+deb11u3
+CVE-2022-23218
+ [bullseye] - glibc 2.31-13+deb11u3
+CVE-2022-23219
+ [bullseye] - glibc 2.31-13+deb11u3
+CVE-2021-33574
+ [bullseye] - glibc 2.31-13+deb11u3
diff --git a/data/packages/removed-packages b/data/packages/removed-packages
index 381c664dce..210993b454 100644
--- a/data/packages/removed-packages
+++ b/data/packages/removed-packages
@@ -817,3 +817,6 @@ ruby-rexml
openjdk-15
nvidia-graphics-drivers-tesla-440
opentmpfiles
+php8.0
+rust-rand-core-0.3
+ansible-base
diff --git a/doc/security-team.d.o/glossary b/doc/security-team.d.o/glossary
index 70e086815d..80ea387ddf 100644
--- a/doc/security-team.d.o/glossary
+++ b/doc/security-team.d.o/glossary
@@ -1,18 +1,25 @@
# Glossary
-TODO: NFU, DLA, SPU, embargo, etc...
-
<a id="CVE">CVE id</a>
: *Common Vulnerabilities and Exposures* id.
In order to refer to a vulnerability, an id provided by [MITRE](#mitre) is used.
This id is unique for each public vulnerability.
[Website](https://cve.mitre.org/)
+<a id="dla">DLA</a>
+: A Security Advisory from the Debian Long Term Support team that affects older versions of Debian. [Example DLA](https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html)
+
+<a id="dsa">DSA</a>
+: An official Debian Security Advisory is called a DSA for short. [Example DSA](https://www.debian.org/security/2021/dsa-5014)
+
+<a id="dtsa">DTSA</a>
+: An official Debian Security Advisory for the testing suite (historic, no longer in use)
+
<a id="mitre">MITRE</a>
: The MITRE Corporation, a US based not-for-profit company, best known for maintaining the [CVE](#CVE) id system. [Website](https://www.mitre.org/)
+<a id="nfu">NFU</a>
+: Not For Us. This designation is placed on a CVE that does not directly affect Debian. [More info on NFU](https://security-team.debian.org/security_tracker.html#issues-not-for-us-nfu)
+
<a id="oss-sec">oss-security</a>
: *Open Source Software Security*. Community for open source software security research, best known for its equally named mailing list. [Website](http://oss-security.openwall.org/)
-
-<a id="dsa">DSA</a>
-: An official Debian Security Advisory is called a DSA for short. [Example DSA](https://www.debian.org/security/2021/dsa-5014)
diff --git a/doc/security-team.d.o/security_tracker b/doc/security-team.d.o/security_tracker
index 7a42cbb61a..74d3687271 100644
--- a/doc/security-team.d.o/security_tracker
+++ b/doc/security-team.d.o/security_tracker
@@ -16,6 +16,18 @@ online. Everything is designed to be very simple to use, transparent and
easy to see what other people are working on so you can work on other
things.
+The Debian Security Tracker is only concerned with how specific vulnerabilities affect
+Debian. Many vulnerabilities are triaged as NFU (`NOT-FOR-US`) simply because the
+vulnerable software is not (yet) packaged for Debian. Triage comments on any specific
+vulnerability only reflect the possible impact on a system running Debian.
+
+For example, systems with some additional or modified packages compared to Debian need
+a separate triage process for every NFU to find ones which are relevant to what has
+been added as well as a triage on packages which differ from Debian.
+
+Entries in the Debian Security Tracker do not imply anything about how a vulnerability
+may affect systems other than Debian.
+
Gentle Introduction
-------------------
@@ -421,6 +433,11 @@ assess these levels.
Certain packages may get higher or lower rating than usual, based on
their importance.
+Assessments of severity are made against the binaries as provided by Debian. For each
+vulnerability, the severity assigned within the Debian Security Tracker only relates to
+how Debian views that vulnerability and how quickly the fix may need to be applied to
+the specified package(s) within Debian.
+
### Vulnerabilities without an assigned CVE id
If you learn of a vulnerability to which no CVE id has been assigned yet, you can
@@ -541,22 +558,65 @@ cross-reference will be added automatically by the cron job. However,
you do need to add `[lenny]` or `[squeeze]` entries to `CVE/list` when there
is a `no-dsa` or `not-affected` condition.
+Summary of tracker syntax
+-------------------------
+
+For a vulnerability in a package in Debian or proposed for introduction into Debian,
+the syntax should contain at least the `PKG_NAME` tabbed line and a `NOTE:` providing a
+URL to useful references, like commit references, bug tracker entries and advisories.
+Other lines are added, where relevant, within the general syntax.
+
+ CVE-YYYY-NNNNNN [(description)]
+ \t RESERVED
+ \t - PKG_NAME [PKG_TAG | PKG_FIX_VERSION] SEVERITY_LEVEL (free text comment)
+ \t [codename] - PKG_NAME [PKG_TAG | PKG_FIX_VERSION] (free text comment)
+ \t NOTE:
+ \t TODO:
+
+- Each tabbed line, except `RESERVED`, can be repeated, e.g. for code embedded in
+ multiple packages and/or to cover multiple suites. Codenames are listed in order of
+ the release date.
+- PKG_NAME is the source package name in the archive.
+- PKG_TAG : `<no-dsa>` | `<unfixed>` | `<undetermined>` | `<not-affected>` | `<itp>`
+- SEVERITY_LEVEL : `(unimportant)` | `(low)` | `(medium)` | `(high)`
+- The pre-commit hook will check the syntax of each entry.
+
+The description of the CVE is not edited in the security tracker but it will be
+shortened in the tracker page for the vulnerability. A temporary description can be
+added with the `[description]` syntax, for example for clarification. This will not be
+overridden by an automatic update unless there is a change in the description of the
+CVE in the MITRE feed.
+
+For `<itp>`, the comment needs to include the bug number as `(bug #NNNNNNNNNN)`. (The
+`<itp>` package tag is used for both ITP and RFP bugs -
+see [ITP/RFP packages](#issues-in-itp-andor-rfp-packages))
+
+`NOTE:` annotations are often used for URLs for more information but can also be
+used for descriptive comments.
+
Checking in your changes
------------------------
After thoroughly researching each issue (as described above) and editing
the relevant files, commit your changes. Peer review is (hopefully) done via the
mailing list and IRC notifications (see [Automatic issue updates](#automatic-issue-updates) above).
-However, changes to the tracker website itself (e.g., the files in lib/*
-and bin/tracker_service.py) should be vetted and approved before being
+However, changes to the tracker website itself (e.g., the files in `lib/*`
+and `bin/tracker_service.py`) should be vetted and approved before being
committed. The preferred way to do this is to send a patch to the
-debian-security-tracker@lists.debian.org mailing list.
+`debian-security-tracker@lists.debian.org` mailing list or a merge request in Salsa.
+
+- [Salsa](https://salsa.debian.org/security-tracker-team/security-tracker/)
+- [https://lists.debian.org/debian-security-tracker/](https://lists.debian.org/debian-security-tracker/)
Commits are checked for syntax errors before they are actually committed,
and you'll receive an error and your commit is aborted if it is in error.
To check your changes yourself beforehand, use `make check-syntax` from
the root of the Git directory.
+Note: It can be useful to use `git worktree` support for merging changes to master and
+ease issues that can occur when someone else has committed in between. See [git
+worktree (1)](https://manpages.debian.org/unstable/git-man/git-worktree.1.en.html).
+
Following up on security issues
-------------------------------
@@ -573,7 +633,7 @@ Tracking of security bugs in the BTS and linking them to a user tag by CVE
--------------------------------------------------------------------------
There's an automated tagging of security-related bugs to CVE IDs through
-the user tag security for the user debian-security@lists.debian.org.
+the user tag security for the user `debian-security@lists.debian.org`.
All bugs added to the tracker are automatically tagged. You can use
the search
@@ -594,11 +654,93 @@ with the following content:
Contributing with the security tracker code
-------------------------------------------
-Either fill a bug against the security-tracker pseudo-package attaching the patch
-to be reviewed or create a merge request for the security-tracker project.
+Either file a bug against the `security-tracker` pseudo-package attaching the patch
+to be reviewed or create a merge request for the security-tracker project in Salsa.
+
+### Helper scripts for one-off updates
+
+On success, scripts output a snippet of the main CVE list showing the new CVE
+information. Make sure to check for warnings and errors reported by the script. The
+output file needs to be manually reviewed and can then be merged using
+`./bin/merge-cve-files` or sent for review by the security team by email.
+
+##### Updating a vulnerability
+
+* Mark a given released suite as not affected for a specific CVE and source package:
+
+ `./bin/update-vuln --cve CVE --src SRC --suite SUITE`
+
+* Add a bug number to an existing CVE entry
+
+ `./bin/update-vuln --cve CVE --number 1000000`
+
+* Add a note to a specific CVE entry
+
+ `./bin/update-vuln --cve CVE --note "quoted note string"`
+
+Example workflow:
+
+ ./bin/update-vuln --cve CVE-YYYY-NNNNN ...
+
+check for error and warning messages & merge into the main CVE list:
+
+ ./bin/merge-cve-files ./CVE-YYYY-NNNNN.list
+
+review change to data/CVE/list
+
+ git diff data/CVE/list
+ rm ./CVE-YYYY-NNNNN.list
+
+.. repeat for additional entries to this or other CVEs.
+
+ git add data/CVE/list
+ git commit
+
+#### Retrieve fixes in uploads to unstable
+
+`./bin/grab-cve-in-fix` supports different ways to retrieve one or more CVEs as fixed in unstable:
+
+- Using information directly from the upload into unstable:
+
+ `cat changes | ./bin/grab-cve-in-fix --input`
+
+- Using information in the lists.debian.org archive:
+
+ `./bin/grab-cve-in-fix --archive https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html`
+
+- Using information in the package tracker:
+
+ `./bin/grab-cve-in-fix --tracker https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/`
+
+- Using local caches in the security-tracker:
+
+ `./bin/grab-cve-in-fix --src SRC --cves [CVES...]`
+
+Note: to use `STDIN` with the --input option, the changes content must be signed - i.e.
+as it would appear in notifications after the upload. This can be used to double-check
+your CVE list before uploading to ftp-master. `./bin/grab-cve-in-fix` will report if a
+CVE does not exist or if the CVE is attributed to a different package.
**TODO** (further details)
+### Contributing ongoing triage work
+
+Some familiarity with the tooling and syntax will be needed for this, as with any development
+project.
+
+* `./bin/check-new-issues` - use the -h option to see the help output.
+
+* `./bin/report-vuln` - generate the correct email body to report a bug against a source package
+ relating to an unfixed CVE(s).
+
+### Useful search support for checking new CVEs
+
+- [https://www.debian.org/distrib/packages#search_packages](https://www.debian.org/distrib/packages#search_packages)
+- [https://wnpp.debian.net/](https://wnpp.debian.net/) (Be aware, forwarded ITPs might
+ not be found, so check the [WNPP bug list](https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=wnpp;dist=unstable) also)
+- [https://tracker.debian.org/](https://tracker.debian.org/)
+- [https://codesearch.debian.net/](https://codesearch.debian.net/)
+
Setting up a local testing instance
-----------------------------------
diff --git a/org/lts-frontdesk.2022.txt b/org/lts-frontdesk.2022.txt
index 9907f14fa9..c9ee8c5572 100644
--- a/org/lts-frontdesk.2022.txt
+++ b/org/lts-frontdesk.2022.txt
@@ -16,50 +16,50 @@ From 10-01 to 16-01:Sylvain Beucler <beuc@beuc.net>
From 17-01 to 23-01:Thorsten Alteholz <debian@alteholz.de>
From 24-01 to 30-01:Utkarsh Gupta <guptautkarsh2102@gmail.com>
From 31-01 to 06-02:Sylvain Beucler <beuc@beuc.net>
-From 07-02 to 13-02:Chris Lamb <chris@chris-lamb.co.uk>
+From 07-02 to 13-02:Thorsten Alteholz <squeeze-lts@alteholz.de>
From 14-02 to 20-02:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 21-02 to 27-02:Thorsten Alteholz <debian@alteholz.de>
-From 28-02 to 06-03:Sylvain Beucler <beuc@beuc.net>
-From 07-03 to 13-03:Chris Lamb <chris@chris-lamb.co.uk>
-From 14-03 to 20-03:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 21-03 to 27-03:Thorsten Alteholz <debian@alteholz.de>
+From 21-02 to 27-02:Anton Gladky <gladky.anton@gmail.com>
+From 28-02 to 06-03:Chris Lamb <chris@chris-lamb.co.uk>
+From 07-03 to 13-03:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 14-03 to 20-03:Markus Koschany <markus@koschany.net>
+From 21-03 to 27-03:Ola Lundqvist <ola@inguza.com>
From 28-03 to 03-04:Sylvain Beucler <beuc@beuc.net>
-From 04-04 to 10-04:Chris Lamb <chris@chris-lamb.co.uk>
+From 04-04 to 10-04:Thorsten Alteholz <squeeze-lts@alteholz.de>
From 11-04 to 17-04:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 18-04 to 24-04:Thorsten Alteholz <debian@alteholz.de>
-From 25-04 to 01-05:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 02-05 to 08-05:Sylvain Beucler <beuc@beuc.net>
-From 09-05 to 15-05:Chris Lamb <chris@chris-lamb.co.uk>
-From 16-05 to 22-05:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 23-05 to 29-05:Thorsten Alteholz <debian@alteholz.de>
-From 30-05 to 05-06:Sylvain Beucler <beuc@beuc.net>
-From 06-06 to 12-06:Chris Lamb <chris@chris-lamb.co.uk>
-From 13-06 to 19-06:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 20-06 to 26-06:Thorsten Alteholz <debian@alteholz.de>
-From 27-06 to 03-07:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 04-07 to 10-07:Sylvain Beucler <beuc@beuc.net>
-From 11-07 to 17-07:Chris Lamb <chris@chris-lamb.co.uk>
-From 18-07 to 24-07:Thorsten Alteholz <debian@alteholz.de>
-From 25-07 to 31-07:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 01-08 to 07-08:Sylvain Beucler <beuc@beuc.net>
-From 08-08 to 14-08:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 15-08 to 21-08:Chris Lamb <chris@chris-lamb.co.uk>
-From 22-08 to 28-08:Thorsten Alteholz <debian@alteholz.de>
-From 29-08 to 04-09:Sylvain Beucler <beuc@beuc.net>
-From 05-09 to 11-09:Chris Lamb <chris@chris-lamb.co.uk>
-From 12-09 to 18-09:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 19-09 to 25-09:Thorsten Alteholz <debian@alteholz.de>
-From 26-09 to 02-10:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 03-10 to 09-10:Sylvain Beucler <beuc@beuc.net>
-From 10-10 to 16-10:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 17-10 to 23-10:Chris Lamb <chris@chris-lamb.co.uk>
-From 24-10 to 30-10:Thorsten Alteholz <debian@alteholz.de>
-From 31-10 to 06-11:Sylvain Beucler <beuc@beuc.net>
-From 07-11 to 13-11:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 14-11 to 20-11:Anton Gladky <gladk@debian.org>
-From 21-11 to 27-11:Thorsten Alteholz <debian@alteholz.de>
-From 28-11 to 04-12:Sylvain Beucler <beuc@beuc.net>
-From 05-12 to 11-12:Chris Lamb <chris@chris-lamb.co.uk>
-From 12-12 to 18-12:Thorsten Alteholz <debian@alteholz.de>
-From 19-12 to 25-12:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 26-12 to 01-01:Anton Gladky <gladk@debian.org>
+From 18-04 to 24-04:Anton Gladky <gladky.anton@gmail.com>
+From 25-04 to 01-05:Chris Lamb <chris@chris-lamb.co.uk>
+From 02-05 to 08-05:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 09-05 to 15-05:Markus Koschany <markus@koschany.net>
+From 16-05 to 22-05:Ola Lundqvist <ola@inguza.com>
+From 23-05 to 29-05:Sylvain Beucler <beuc@beuc.net>
+From 30-05 to 05-06:Thorsten Alteholz <squeeze-lts@alteholz.de>
+From 06-06 to 12-06:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 13-06 to 19-06:Anton Gladky <gladky.anton@gmail.com>
+From 20-06 to 26-06:Chris Lamb <chris@chris-lamb.co.uk>
+From 27-06 to 03-07:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 04-07 to 10-07:
+From 11-07 to 17-07:
+From 18-07 to 24-07:
+From 25-07 to 31-07:
+From 01-08 to 07-08:
+From 08-08 to 14-08:
+From 15-08 to 21-08:
+From 22-08 to 28-08:
+From 29-08 to 04-09:
+From 05-09 to 11-09:
+From 12-09 to 18-09:
+From 19-09 to 25-09:
+From 26-09 to 02-10:
+From 03-10 to 09-10:
+From 10-10 to 16-10:
+From 17-10 to 23-10:
+From 24-10 to 30-10:
+From 31-10 to 06-11:
+From 07-11 to 13-11:
+From 14-11 to 20-11:
+From 21-11 to 27-11:
+From 28-11 to 04-12:
+From 05-12 to 11-12:
+From 12-12 to 18-12:
+From 19-12 to 25-12:
+From 26-12 to 01-01: \ No newline at end of file

© 2014-2024 Faster IT GmbH | imprint | privacy policy