[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 15 21:10:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6d48839 by security tracker role at 2021-09-15T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,429 @@
-CVE-2021-41078
+CVE-2021-41285
+ RESERVED
+CVE-2021-41284
+ RESERVED
+CVE-2021-41283
+ RESERVED
+CVE-2021-41282
+ RESERVED
+CVE-2021-41281
+ RESERVED
+CVE-2021-41280
+ RESERVED
+CVE-2021-41279
+ RESERVED
+CVE-2021-41278
+ RESERVED
+CVE-2021-41277
+ RESERVED
+CVE-2021-41276
+ RESERVED
+CVE-2021-41275
+ RESERVED
+CVE-2021-41274
+ RESERVED
+CVE-2021-41273
+ RESERVED
+CVE-2021-41272
+ RESERVED
+CVE-2021-41271
+ RESERVED
+CVE-2021-41270
+ RESERVED
+CVE-2021-41269
+ RESERVED
+CVE-2021-41268
+ RESERVED
+CVE-2021-41267
+ RESERVED
+CVE-2021-41266
+ RESERVED
+CVE-2021-41265
+ RESERVED
+CVE-2021-41264
+ RESERVED
+CVE-2021-41263
+ RESERVED
+CVE-2021-41262
+ RESERVED
+CVE-2021-41261
+ RESERVED
+CVE-2021-41260
+ RESERVED
+CVE-2021-41259
+ RESERVED
+CVE-2021-41258
+ RESERVED
+CVE-2021-41257
+ RESERVED
+CVE-2021-41256
+ RESERVED
+CVE-2021-41255
+ RESERVED
+CVE-2021-41254
+ RESERVED
+CVE-2021-41253
+ RESERVED
+CVE-2021-41252
+ RESERVED
+CVE-2021-41251
+ RESERVED
+CVE-2021-41250
+ RESERVED
+CVE-2021-41249
+ RESERVED
+CVE-2021-41248
+ RESERVED
+CVE-2021-41247
+ RESERVED
+CVE-2021-41246
+ RESERVED
+CVE-2021-41245
+ RESERVED
+CVE-2021-41244
+ RESERVED
+CVE-2021-41243
+ RESERVED
+CVE-2021-41242
+ RESERVED
+CVE-2021-41241
+ RESERVED
+CVE-2021-41240
+ RESERVED
+CVE-2021-41239
+ RESERVED
+CVE-2021-41238
+ RESERVED
+CVE-2021-41237
+ RESERVED
+CVE-2021-41236
+ RESERVED
+CVE-2021-41235
+ RESERVED
+CVE-2021-41234
+ RESERVED
+CVE-2021-41233
+ RESERVED
+CVE-2021-41232
+ RESERVED
+CVE-2021-41231
+ RESERVED
+CVE-2021-41230
+ RESERVED
+CVE-2021-41229
+ RESERVED
+CVE-2021-41228
+ RESERVED
+CVE-2021-41227
+ RESERVED
+CVE-2021-41226
+ RESERVED
+CVE-2021-41225
+ RESERVED
+CVE-2021-41224
+ RESERVED
+CVE-2021-41223
+ RESERVED
+CVE-2021-41222
+ RESERVED
+CVE-2021-41221
+ RESERVED
+CVE-2021-41220
+ RESERVED
+CVE-2021-41219
+ RESERVED
+CVE-2021-41218
+ RESERVED
+CVE-2021-41217
+ RESERVED
+CVE-2021-41216
+ RESERVED
+CVE-2021-41215
+ RESERVED
+CVE-2021-41214
+ RESERVED
+CVE-2021-41213
+ RESERVED
+CVE-2021-41212
+ RESERVED
+CVE-2021-41211
+ RESERVED
+CVE-2021-41210
+ RESERVED
+CVE-2021-41209
+ RESERVED
+CVE-2021-41208
+ RESERVED
+CVE-2021-41207
+ RESERVED
+CVE-2021-41206
+ RESERVED
+CVE-2021-41205
+ RESERVED
+CVE-2021-41204
+ RESERVED
+CVE-2021-41203
+ RESERVED
+CVE-2021-41202
+ RESERVED
+CVE-2021-41201
+ RESERVED
+CVE-2021-41200
+ RESERVED
+CVE-2021-41199
+ RESERVED
+CVE-2021-41198
+ RESERVED
+CVE-2021-41197
+ RESERVED
+CVE-2021-41196
+ RESERVED
+CVE-2021-41195
+ RESERVED
+CVE-2021-41194
+ RESERVED
+CVE-2021-41193
+ RESERVED
+CVE-2021-41192
+ RESERVED
+CVE-2021-41191
+ RESERVED
+CVE-2021-41190
+ RESERVED
+CVE-2021-41189
+ RESERVED
+CVE-2021-41188
+ RESERVED
+CVE-2021-41187
+ RESERVED
+CVE-2021-41186
+ RESERVED
+CVE-2021-41185
+ RESERVED
+CVE-2021-41184
+ RESERVED
+CVE-2021-41183
+ RESERVED
+CVE-2021-41182
+ RESERVED
+CVE-2021-41181
+ RESERVED
+CVE-2021-41180
+ RESERVED
+CVE-2021-41179
+ RESERVED
+CVE-2021-41178
+ RESERVED
+CVE-2021-41177
+ RESERVED
+CVE-2021-41176
+ RESERVED
+CVE-2021-41175
+ RESERVED
+CVE-2021-41174
+ RESERVED
+CVE-2021-41173
+ RESERVED
+CVE-2021-41172
+ RESERVED
+CVE-2021-41171
+ RESERVED
+CVE-2021-41170
+ RESERVED
+CVE-2021-41169
+ RESERVED
+CVE-2021-41168
+ RESERVED
+CVE-2021-41167
+ RESERVED
+CVE-2021-41166
+ RESERVED
+CVE-2021-41165
RESERVED
-CVE-2021-3801
+CVE-2021-41164
RESERVED
+CVE-2021-41163
+ RESERVED
+CVE-2021-41162
+ RESERVED
+CVE-2021-41161
+ RESERVED
+CVE-2021-41160
+ RESERVED
+CVE-2021-41159
+ RESERVED
+CVE-2021-41158
+ RESERVED
+CVE-2021-41157
+ RESERVED
+CVE-2021-41156
+ RESERVED
+CVE-2021-41155
+ RESERVED
+CVE-2021-41154
+ RESERVED
+CVE-2021-41153
+ RESERVED
+CVE-2021-41152
+ RESERVED
+CVE-2021-41151
+ RESERVED
+CVE-2021-41150
+ RESERVED
+CVE-2021-41149
+ RESERVED
+CVE-2021-41148
+ RESERVED
+CVE-2021-41147
+ RESERVED
+CVE-2021-41146
+ RESERVED
+CVE-2021-41145
+ RESERVED
+CVE-2021-41144
+ RESERVED
+CVE-2021-41143
+ RESERVED
+CVE-2021-41142
+ RESERVED
+CVE-2021-41141
+ RESERVED
+CVE-2021-41140
+ RESERVED
+CVE-2021-41139
+ RESERVED
+CVE-2021-41138
+ RESERVED
+CVE-2021-41137
+ RESERVED
+CVE-2021-41136
+ RESERVED
+CVE-2021-41135
+ RESERVED
+CVE-2021-41134
+ RESERVED
+CVE-2021-41133
+ RESERVED
+CVE-2021-41132
+ RESERVED
+CVE-2021-41131
+ RESERVED
+CVE-2021-41130
+ RESERVED
+CVE-2021-41129
+ RESERVED
+CVE-2021-41128
+ RESERVED
+CVE-2021-41127
+ RESERVED
+CVE-2021-41126
+ RESERVED
+CVE-2021-41125
+ RESERVED
+CVE-2021-41124
+ RESERVED
+CVE-2021-41123
+ RESERVED
+CVE-2021-41122
+ RESERVED
+CVE-2021-41121
+ RESERVED
+CVE-2021-41120
+ RESERVED
+CVE-2021-41119
+ RESERVED
+CVE-2021-41118
+ RESERVED
+CVE-2021-41117
+ RESERVED
+CVE-2021-41116
+ RESERVED
+CVE-2021-41115
+ RESERVED
+CVE-2021-41114
+ RESERVED
+CVE-2021-41113
+ RESERVED
+CVE-2021-41112
+ RESERVED
+CVE-2021-41111
+ RESERVED
+CVE-2021-41110
+ RESERVED
+CVE-2021-41109
+ RESERVED
+CVE-2021-41108
+ RESERVED
+CVE-2021-41107
+ RESERVED
+CVE-2021-41106
+ RESERVED
+CVE-2021-41105
+ RESERVED
+CVE-2021-41104
+ RESERVED
+CVE-2021-41103
+ RESERVED
+CVE-2021-41102
+ RESERVED
+CVE-2021-41101
+ RESERVED
+CVE-2021-41100
+ RESERVED
+CVE-2021-41099
+ RESERVED
+CVE-2021-41098
+ RESERVED
+CVE-2021-41097
+ RESERVED
+CVE-2021-41096
+ RESERVED
+CVE-2021-41095
+ RESERVED
+CVE-2021-41094
+ RESERVED
+CVE-2021-41093
+ RESERVED
+CVE-2021-41092
+ RESERVED
+CVE-2021-41091
+ RESERVED
+CVE-2021-41090
+ RESERVED
+CVE-2021-41089
+ RESERVED
+CVE-2021-41088
+ RESERVED
+CVE-2021-41087
+ RESERVED
+CVE-2021-41086
+ RESERVED
+CVE-2021-41085
+ RESERVED
+CVE-2021-41084
+ RESERVED
+CVE-2021-41083
+ RESERVED
+CVE-2021-41082
+ RESERVED
+CVE-2021-41081
+ RESERVED
+CVE-2021-41080
+ RESERVED
+CVE-2021-41079
+ RESERVED
+CVE-2021-3803
+ RESERVED
+CVE-2021-3802
+ RESERVED
+CVE-2021-41078
+ RESERVED
+CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...)
+ TODO: check
CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...)
NOT-FOR-US: Travis CI
CVE-2021-41076
- RESERVED
+ REJECTED
CVE-2021-41075
RESERVED
CVE-2021-41074
@@ -37,8 +455,8 @@ CVE-2021-41063
RESERVED
CVE-2021-41062
RESERVED
-CVE-2021-41061
- RESERVED
+CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...)
+ TODO: check
CVE-2021-41060
RESERVED
CVE-2021-41059
@@ -227,12 +645,12 @@ CVE-2021-40968
RESERVED
CVE-2021-40967
RESERVED
-CVE-2021-40966
- RESERVED
-CVE-2021-40965
- RESERVED
-CVE-2021-40964
- RESERVED
+CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...)
+ TODO: check
+CVE-2021-40965 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileMa ...)
+ TODO: check
+CVE-2021-40964 (A Path Traversal vulnerability exists in TinyFileManager all version u ...)
+ TODO: check
CVE-2021-40963
RESERVED
CVE-2021-40962
@@ -442,20 +860,20 @@ CVE-2021-3798 [Soft token does not check if an EC key is valid]
NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0
CVE-2021-40865
RESERVED
-CVE-2021-3797
- RESERVED
-CVE-2021-3796
- RESERVED
-CVE-2021-3795
- RESERVED
-CVE-2021-3794
- RESERVED
+CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
+ TODO: check
+CVE-2021-3796 (vim is vulnerable to Use After Free ...)
+ TODO: check
+CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...)
+ TODO: check
+CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity ...)
+ TODO: check
CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...)
NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server
CVE-2021-40863
RESERVED
-CVE-2021-40862
- RESERVED
+CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...)
+ TODO: check
CVE-2021-40861
RESERVED
CVE-2021-40860
@@ -488,8 +906,8 @@ CVE-2021-40847
RESERVED
CVE-2021-40846
RESERVED
-CVE-2021-40845
- RESERVED
+CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...)
+ TODO: check
CVE-2021-40844
RESERVED
CVE-2021-40843
@@ -565,12 +983,12 @@ CVE-2021-3787
RESERVED
CVE-2021-3786
RESERVED
-CVE-2021-3785
- RESERVED
+CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ TODO: check
CVE-2021-3784
RESERVED
-CVE-2021-3783
- RESERVED
+CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ TODO: check
CVE-2021-3782
RESERVED
CVE-2021-3781 [Include device specifier strings in access validation]
@@ -846,8 +1264,8 @@ CVE-2021-40691
RESERVED
CVE-2021-40690
RESERVED
-CVE-2021-3780
- RESERVED
+CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...)
+ TODO: check
CVE-2021-40689
RESERVED
CVE-2021-40688
@@ -875,10 +1293,10 @@ CVE-2021-40682
RESERVED
CVE-2021-3779
RESERVED
-CVE-2021-3778
- RESERVED
-CVE-2021-3777
- RESERVED
+CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
+CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity ...)
+ TODO: check
CVE-2021-40681
RESERVED
CVE-2021-40680
@@ -1400,24 +1818,24 @@ CVE-2021-40450
RESERVED
CVE-2021-40449
RESERVED
-CVE-2021-40448
- RESERVED
-CVE-2021-40447
- RESERVED
+CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...)
+ TODO: check
+CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-40446
RESERVED
CVE-2021-40445
RESERVED
-CVE-2021-40444
- RESERVED
+CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-40443
RESERVED
CVE-2021-40442
RESERVED
CVE-2021-40441
RESERVED
-CVE-2021-40440
- RESERVED
+CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ TODO: check
CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
RESERVED
- linux <unfixed>
@@ -1901,8 +2319,8 @@ CVE-2021-40240
RESERVED
CVE-2021-40239
RESERVED
-CVE-2021-40238
- RESERVED
+CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...)
+ TODO: check
CVE-2021-40237
RESERVED
CVE-2021-40236
@@ -2063,12 +2481,12 @@ CVE-2021-40159
RESERVED
CVE-2021-40158
RESERVED
-CVE-2021-40157
- RESERVED
-CVE-2021-40156
- RESERVED
-CVE-2021-40155
- RESERVED
+CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ TODO: check
+CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ TODO: check
+CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ TODO: check
CVE-2021-3747
RESERVED
CVE-2021-40154
@@ -3688,8 +4106,8 @@ CVE-2021-39394
RESERVED
CVE-2021-39393
RESERVED
-CVE-2021-39392
- RESERVED
+CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...)
+ TODO: check
CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...)
NOT-FOR-US: Beego
CVE-2021-39390
@@ -3898,8 +4316,8 @@ CVE-2021-39309
RESERVED
CVE-2021-39308
RESERVED
-CVE-2021-39307
- RESERVED
+CVE-2021-39307 (PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hy ...)
+ TODO: check
CVE-2021-39306
RESERVED
CVE-2021-39305
@@ -4234,31 +4652,31 @@ CVE-2021-39217
RESERVED
CVE-2021-39216
RESERVED
-CVE-2021-39215
- RESERVED
+CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...)
+ TODO: check
CVE-2021-39214
RESERVED
-CVE-2021-39213
- RESERVED
+CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e
-CVE-2021-39211
- RESERVED
-CVE-2021-39210
- RESERVED
-CVE-2021-39209
- RESERVED
+CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2021-39210 (GLPI is a free Asset and IT management software package. In versions p ...)
+ TODO: check
+CVE-2021-39209 (GLPI is a free Asset and IT management software package. In versions p ...)
+ TODO: check
CVE-2021-39208
RESERVED
CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...)
TODO: check
CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
NOT-FOR-US: Pomerium
-CVE-2021-39205
- RESERVED
+CVE-2021-39205 (Jitsi Meet is an open source video conferencing application. Versions ...)
+ TODO: check
CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
NOT-FOR-US: Pomerium
CVE-2021-39203 (WordPress is a free and open-source content management system written ...)
@@ -4301,8 +4719,8 @@ CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for t
NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672
CVE-2021-39190
RESERVED
-CVE-2021-39189
- RESERVED
+CVE-2021-39189 (Pimcore is an open source data & experience management platform. I ...)
+ TODO: check
CVE-2021-39188
RESERVED
CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -5417,16 +5835,16 @@ CVE-2021-38673
RESERVED
CVE-2021-38672
RESERVED
-CVE-2021-38671
- RESERVED
+CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-38670
RESERVED
-CVE-2021-38669
- RESERVED
+CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...)
+ TODO: check
CVE-2021-38668
RESERVED
-CVE-2021-38667
- RESERVED
+CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-38666
RESERVED
CVE-2021-38665
@@ -5437,42 +5855,42 @@ CVE-2021-38663
RESERVED
CVE-2021-38662
RESERVED
-CVE-2021-38661
- RESERVED
-CVE-2021-38660
- RESERVED
-CVE-2021-38659
- RESERVED
-CVE-2021-38658
- RESERVED
-CVE-2021-38657
- RESERVED
-CVE-2021-38656
- RESERVED
-CVE-2021-38655
- RESERVED
-CVE-2021-38654
- RESERVED
-CVE-2021-38653
- RESERVED
-CVE-2021-38652
- RESERVED
-CVE-2021-38651
- RESERVED
-CVE-2021-38650
- RESERVED
-CVE-2021-38649
- RESERVED
-CVE-2021-38648
- RESERVED
-CVE-2021-38647
- RESERVED
-CVE-2021-38646
- RESERVED
-CVE-2021-38645
- RESERVED
-CVE-2021-38644
- RESERVED
+CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ TODO: check
+CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ TODO: check
+CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...)
+ TODO: check
+CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-38650 (Microsoft Office Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ TODO: check
+CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ TODO: check
+CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...)
+ TODO: check
+CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ TODO: check
+CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-38643
RESERVED
CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability ...)
@@ -5481,38 +5899,38 @@ CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-38640
RESERVED
-CVE-2021-38639
- RESERVED
-CVE-2021-38638
- RESERVED
-CVE-2021-38637
- RESERVED
-CVE-2021-38636
- RESERVED
-CVE-2021-38635
- RESERVED
-CVE-2021-38634
- RESERVED
-CVE-2021-38633
- RESERVED
-CVE-2021-38632
- RESERVED
+CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ TODO: check
+CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
+CVE-2021-38637 (Windows Storage Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-38636 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ TODO: check
+CVE-2021-38635 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ TODO: check
+CVE-2021-38634 (Microsoft Windows Update Client Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-38633 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability ...)
+ TODO: check
CVE-2021-38631
RESERVED
-CVE-2021-38630
- RESERVED
-CVE-2021-38629
- RESERVED
-CVE-2021-38628
- RESERVED
+CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...)
+ TODO: check
+CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
CVE-2021-38627
RESERVED
-CVE-2021-38626
- RESERVED
-CVE-2021-38625
- RESERVED
-CVE-2021-38624
- RESERVED
+CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability ...)
+ TODO: check
CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...)
NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3
CVE-2021-38622
@@ -6693,8 +7111,8 @@ CVE-2021-38158
RESERVED
CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before ...)
NOT-FOR-US: LeoStream Connection Broker
-CVE-2021-38156
- RESERVED
+CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboar ...)
+ TODO: check
CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
- keystone 2:19.0.0-3 (bug #992070)
[bullseye] - keystone <no-dsa> (Minor issue)
@@ -8345,8 +8763,8 @@ CVE-2021-37414 (Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior a
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37413
RESERVED
-CVE-2021-37412
- RESERVED
+CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...)
+ TODO: check
CVE-2021-37411
RESERVED
CVE-2021-3665
@@ -9321,54 +9739,54 @@ CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_stri
NOTE: https://github.com/libarchive/libarchive/issues/1554
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
-CVE-2021-36975
- RESERVED
-CVE-2021-36974
- RESERVED
-CVE-2021-36973
- RESERVED
-CVE-2021-36972
- RESERVED
+CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ TODO: check
+CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ TODO: check
CVE-2021-36971
RESERVED
CVE-2021-36970
RESERVED
-CVE-2021-36969
- RESERVED
-CVE-2021-36968
- RESERVED
-CVE-2021-36967
- RESERVED
-CVE-2021-36966
- RESERVED
-CVE-2021-36965
- RESERVED
-CVE-2021-36964
- RESERVED
-CVE-2021-36963
- RESERVED
-CVE-2021-36962
- RESERVED
-CVE-2021-36961
- RESERVED
-CVE-2021-36960
- RESERVED
-CVE-2021-36959
- RESERVED
+CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ TODO: check
+CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-36967 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-36961 (Windows Installer Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ TODO: check
+CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2021-36957
RESERVED
-CVE-2021-36956
- RESERVED
-CVE-2021-36955
- RESERVED
-CVE-2021-36954
- RESERVED
+CVE-2021-36956 (Azure Sphere Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-36953
RESERVED
-CVE-2021-36952
- RESERVED
+CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-36951
RESERVED
CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
@@ -12763,6 +13181,7 @@ CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in t
NOT-FOR-US: PandoraFMS
CVE-2021-3621 [shell command injection in sssctl]
RESERVED
+ {DLA-2758-1}
- sssd <unfixed> (bug #992710)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
@@ -16931,38 +17350,38 @@ CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to re
NOT-FOR-US: SAP
CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...)
NOT-FOR-US: InfraBox
-CVE-2021-33705
- RESERVED
-CVE-2021-33704
- RESERVED
+CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...)
+ TODO: check
+CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...)
+ TODO: check
CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...)
NOT-FOR-US: NetWeaver
CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...)
NOT-FOR-US: NetWeaver
-CVE-2021-33701
- RESERVED
-CVE-2021-33700
- RESERVED
+CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...)
+ TODO: check
+CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access ...)
+ TODO: check
CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...)
NOT-FOR-US: Android
-CVE-2021-33698
- RESERVED
-CVE-2021-33697
- RESERVED
-CVE-2021-33696
- RESERVED
-CVE-2021-33695
- RESERVED
-CVE-2021-33694
- RESERVED
-CVE-2021-33693
- RESERVED
-CVE-2021-33692
- RESERVED
-CVE-2021-33691
- RESERVED
-CVE-2021-33690
- RESERVED
+CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...)
+ TODO: check
+CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
+ TODO: check
+CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...)
+ TODO: check
+CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...)
+ TODO: check
+CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...)
+ TODO: check
+CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...)
+ TODO: check
+CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as ...)
+ TODO: check
+CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...)
+ TODO: check
+CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in ...)
+ TODO: check
CVE-2021-33689 (When user with insufficient privileges tries to access any application ...)
NOT-FOR-US: SAP
CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...)
@@ -24698,61 +25117,61 @@ CVE-2021-30625
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30624 (Use after free in Autofill in Google Chrome prior to 93.0.4577.63 allo ...)
+CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30623 (Use after free in Bookmarks in Google Chrome prior to 93.0.4577.63 all ...)
+CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30622 (Use after free in WebApp Installs in Google Chrome prior to 93.0.4577. ...)
+CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30621 (Inappropriate implementation in Autofill in Google Chrome prior to 93. ...)
+CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30620 (Insufficient policy enforcement in Blink in Google Chrome prior to 93. ...)
+CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30619 (Inappropriate implementation in Autofill in Google Chrome prior to 93. ...)
+CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30618 (Inappropriate implementation in DevTools in Google Chrome prior to 93. ...)
+CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30617 (Policy bypass in Blink in Google Chrome prior to 93.0.4577.63 allowed ...)
+CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30616 (Use after free in Media in Google Chrome prior to 93.0.4577.63 allowed ...)
+CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30615 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
+CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30614 (Heap buffer overflow in TabStrip in Google Chrome prior to 93.0.4577.6 ...)
+CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30613 (Use after free in Base internals in Google Chrome prior to 93.0.4577.6 ...)
+CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30612 (Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to ...)
+CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30611 (Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to ...)
+CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30610 (Use after free in Extensions API in Google Chrome prior to 93.0.4577.6 ...)
+CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30609 (Use after free in Sign-In in Google Chrome prior to 93.0.4577.63 allow ...)
+CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30608 (Use after free in Web Share in Google Chrome prior to 93.0.4577.63 all ...)
+CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30607 (Use after free in Permissions in Google Chrome prior to 93.0.4577.63 a ...)
+CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30606 (Use after free in Blink in Google Chrome prior to 93.0.4577.63 allowed ...)
+CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...)
@@ -26094,8 +26513,8 @@ CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allo
NOT-FOR-US: Alpine Linux apk-tools
CVE-2021-30138
REJECTED
-CVE-2021-30137
- RESERVED
+CVE-2021-30137 (Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarsha ...)
+ TODO: check
CVE-2021-30136
RESERVED
CVE-2021-30135
@@ -27031,8 +27450,8 @@ CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud
NOT-FOR-US: IBM
CVE-2021-29774
RESERVED
-CVE-2021-29773
- RESERVED
+CVE-2021-29773 (IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated ...)
+ TODO: check
CVE-2021-29772 (IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potenti ...)
NOT-FOR-US: IBM
CVE-2021-29771
@@ -27077,8 +27496,8 @@ CVE-2021-29752
RESERVED
CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
NOT-FOR-US: IBM
-CVE-2021-29750
- RESERVED
+CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
+ TODO: check
CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...)
NOT-FOR-US: IBM
CVE-2021-29748
@@ -29215,8 +29634,8 @@ CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it d
[bullseye] - libyang <no-dsa> (Minor issue)
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1454
-CVE-2021-28901
- RESERVED
+CVE-2021-28901 (Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Soft ...)
+ TODO: check
CVE-2021-28900
RESERVED
CVE-2021-28899 (Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileS ...)
@@ -32243,8 +32662,8 @@ CVE-2021-27664
RESERVED
CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...)
NOT-FOR-US: Johnson Controls
-CVE-2021-27662
- RESERVED
+CVE-2021-27662 (The KT-1 door controller is susceptible to replay or man-in-the-middle ...)
+ TODO: check
CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller
CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...)
@@ -33630,12 +34049,12 @@ CVE-2021-27048 (HEVC Video Extensions Remote Code Execution Vulnerability This C
NOT-FOR-US: Microsoft
CVE-2021-27047 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2021-27046
- RESERVED
-CVE-2021-27045
- RESERVED
-CVE-2021-27044
- RESERVED
+CVE-2021-27046 (A Memory Corruption vulnerability for PDF files in Autodesk Navisworks ...)
+ TODO: check
+CVE-2021-27045 (A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ TODO: check
+CVE-2021-27044 (A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review versio ...)
+ TODO: check
CVE-2021-27043 (An Arbitrary Address Write issue in the Autodesk DWG application can a ...)
NOT-FOR-US: Autodesk
CVE-2021-27042 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
@@ -33666,9 +34085,9 @@ CVE-2021-27030 (A user may be tricked into opening a malicious FBX file which ma
NOT-FOR-US: Autodesk
CVE-2021-27029 (The user may be tricked into opening a malicious FBX file which may ex ...)
NOT-FOR-US: Autodesk
-CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 ...)
+CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 ...)
NOT-FOR-US: Autodesk
-CVE-2021-27027 (A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review versio ...)
+CVE-2021-27027 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...)
NOT-FOR-US: Autodesk
CVE-2021-27026
RESERVED
@@ -35150,14 +35569,14 @@ CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-26438
RESERVED
-CVE-2021-26437
- RESERVED
+CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
NOT-FOR-US: Microsoft
-CVE-2021-26435
- RESERVED
-CVE-2021-26434
- RESERVED
+CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability ...)
+ TODO: check
+CVE-2021-26434 (Visual Studio Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
NOT-FOR-US: Microsoft
CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...)
@@ -45289,14 +45708,11 @@ CVE-2021-22151
RESERVED
CVE-2021-22150
RESERVED
-CVE-2021-22149
- RESERVED
+CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0 are vulner ...)
NOT-FOR-US: Elastic Enterprise Search
-CVE-2021-22148
- RESERVED
+CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0 was vulner ...)
NOT-FOR-US: Elastic Enterprise Search
-CVE-2021-22147
- RESERVED
+CVE-2021-22147 (Elasticsearch before 7.14.0 did not apply document and field level sec ...)
- elasticsearch <removed>
CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch “ ...)
NOT-FOR-US: Elastic Cloud
@@ -46197,8 +46613,8 @@ CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php s
NOT-FOR-US: Advantech R-SeeNet
CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.php scri ...)
NOT-FOR-US: Advantech R-SeeNet
-CVE-2021-21798
- RESERVED
+CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...)
+ TODO: check
CVE-2021-21797
RESERVED
CVE-2021-21796
@@ -50874,8 +51290,8 @@ CVE-2021-20435
RESERVED
CVE-2021-20434
RESERVED
-CVE-2021-20433
- RESERVED
+CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...)
+ TODO: check
CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...)
NOT-FOR-US: IBM
CVE-2021-20431 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not inv ...)
@@ -52781,8 +53197,8 @@ CVE-2020-35342
RESERVED
CVE-2020-35341
RESERVED
-CVE-2020-35340
- RESERVED
+CVE-2020-35340 (A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 ...)
+ TODO: check
CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnerability ...)
NOT-FOR-US: 74cms
CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
@@ -78253,20 +78669,20 @@ CVE-2020-21129
RESERVED
CVE-2020-21128
RESERVED
-CVE-2020-21127
- RESERVED
-CVE-2020-21126
- RESERVED
-CVE-2020-21125
- RESERVED
-CVE-2020-21124
- RESERVED
+CVE-2020-21127 (MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs ...)
+ TODO: check
+CVE-2020-21126 (MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/? ...)
+ TODO: check
+CVE-2020-21125 (An arbitrary file creation vulnerability in UReport 2.2.9 allows attac ...)
+ TODO: check
+CVE-2020-21124 (UReport 2.2.9 allows attackers to execute arbitrary code due to a lack ...)
+ TODO: check
CVE-2020-21123
RESERVED
-CVE-2020-21122
- RESERVED
-CVE-2020-21121
- RESERVED
+CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the de ...)
+ TODO: check
+CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via ...)
+ TODO: check
CVE-2020-21120
RESERVED
CVE-2020-21119
@@ -82308,34 +82724,34 @@ CVE-2020-19161
RESERVED
CVE-2020-19160
RESERVED
-CVE-2020-19159
- RESERVED
-CVE-2020-19158
- RESERVED
-CVE-2020-19157
- RESERVED
-CVE-2020-19156
- RESERVED
-CVE-2020-19155
- RESERVED
-CVE-2020-19154
- RESERVED
+CVE-2020-19159 (Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attacke ...)
+ TODO: check
+CVE-2020-19158 (Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows ...)
+ TODO: check
+CVE-2020-19157 (Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers t ...)
+ TODO: check
+CVE-2020-19156 (Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers t ...)
+ TODO: check
+CVE-2020-19155 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ TODO: check
+CVE-2020-19154 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ TODO: check
CVE-2020-19153
RESERVED
CVE-2020-19152
RESERVED
-CVE-2020-19151
- RESERVED
-CVE-2020-19150
- RESERVED
+CVE-2020-19151 (Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attac ...)
+ TODO: check
+CVE-2020-19150 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ TODO: check
CVE-2020-19149
RESERVED
-CVE-2020-19148
- RESERVED
-CVE-2020-19147
- RESERVED
-CVE-2020-19146
- RESERVED
+CVE-2020-19148 (Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows rem ...)
+ TODO: check
+CVE-2020-19147 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ TODO: check
+CVE-2020-19146 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ TODO: check
CVE-2020-19145
RESERVED
CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...)
@@ -121958,8 +122374,8 @@ CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi
NOT-FOR-US: VMware
CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)
NOT-FOR-US: VMware
-CVE-2020-3960
- RESERVED
+CVE-2020-3960 (VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-20 ...)
+ TODO: check
CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
NOT-FOR-US: VMware
CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d488395bea43545a3d2297b4134451db57970c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d488395bea43545a3d2297b4134451db57970c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210915/7dc1c573/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list