automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-11-03 08:10:21 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-11-03 08:10:21 +0000
commit: 5a84624f6bf6e3113f33037d52ef1ac20444455e (patch)
tree: 85f3bad907af04ba93e87f3b1bc44dfad380e970
parent: c1e268882ec69c096a964014bf9d55c83b54b6ca (diff)
5 files changed, 161 insertions, 118 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index c45ba46eec..76bb9db8c2 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -40203,8 +40203,7 @@ CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome pri
 	- chromium-browser 62.0.3202.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5123 [waitid() not calling access_ok()]
-	RESERVED
+CVE-2017-5123 (Insufficient data validation in waitid allowed an user to escape sandb ...)
 	- linux 4.13.4-2
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index e9b9a6a98f..38e597126f 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -40426,8 +40426,7 @@ CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62
 	- firefox-esr 52.8.1esr-1
 	- skia <itp> (bug #818180)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
-CVE-2018-6125
-	RESERVED
+CVE-2018-6125 (Insufficient policy enforcement in USB in Google Chrome on Windows pri ...)
 	{DSA-4237-1}
 	- chromium-browser 67.0.3396.62-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -40442,8 +40441,7 @@ CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62
 	- chromium-browser 67.0.3396.62-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6122
-	RESERVED
+CVE-2018-6122 (Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139  ...)
 	{DSA-4237-1}
 	- chromium-browser 66.0.3359.181-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -40758,10 +40756,10 @@ CVE-2018-6060 (Use after free in WebAudio in Google Chrome prior to 65.0.3325.14
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2018-6059
-	RESERVED
+	REJECTED
 	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
 CVE-2018-6058
-	RESERVED
+	REJECTED
 	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
 CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior to 65. ...)
 	{DSA-4182-1}
@@ -40831,7 +40829,7 @@ CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prio
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2018-6044
-	RESERVED
+	REJECTED
 	{DSA-4256-1}
 	- chromium-browser 68.0.3440.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 74d6006f59..cb1a4e9365 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -18726,7 +18726,7 @@ CVE-2019-13778
 CVE-2019-13777
 	RESERVED
 CVE-2019-13776
-	RESERVED
+	REJECTED
 CVE-2019-13775
 	RESERVED
 CVE-2019-13774
@@ -40736,7 +40736,7 @@ CVE-2019-5864 (Insufficient data validation in CORS in Google Chrome prior to 76
 	- chromium 76.0.3809.87-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2019-5863
-	RESERVED
+	REJECTED
 	- chromium <not-affected> (Windows-specific)
 CVE-2019-5862 (Insufficient data validation in AppCache in Google Chrome prior to 76. ...)
 	{DSA-4500-1}
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 723091e492..dd6d2d20c3 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -7887,8 +7887,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
 	NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7 (v3.0)
-CVE-2020-27820 [use-after-free in nouveau kernel module]
-	RESERVED
+CVE-2020-27820 (A vulnerability was found in Linux kernel, where a use-after-frees in  ...)
 	- linux <unfixed> (unimportant)
 	NOTE: No security impact, requires physical access to the computer
 CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...)
@@ -33897,8 +33896,7 @@ CVE-2020-16050
 	RESERVED
 CVE-2020-16049
 	RESERVED
-CVE-2020-16048
-	RESERVED
+CVE-2020-16048 (Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ...)
 	- firefox <not-affected> (Only affects Windows)
 	- firefox-esr <not-affected> (Only affects Windows)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926979
@@ -58101,8 +58099,8 @@ CVE-2020-6493 (Use after free in WebAuthentication in Google Chrome prior to 83.
 	{DSA-4714-1}
 	- chromium 83.0.4103.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6492
-	RESERVED
+CVE-2020-6492 (Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed ...)
+	TODO: check
 CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...)
 	{DSA-4714-1}
 	- chromium 83.0.4103.83-1
@@ -59516,8 +59514,8 @@ CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
 	NOT-FOR-US: Nvidia driver for Windows
 CVE-2020-5956
 	RESERVED
-CVE-2020-5955
-	RESERVED
+CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...)
+	TODO: check
 CVE-2020-5954
 	RESERVED
 CVE-2020-5953
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index e9e272e669..3e86d9392e 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,4 +1,86 @@
-CVE-2021-43267 [tipc: fix size validations for the MSG_CRYPTO type]
+CVE-2021-43296
+	RESERVED
+CVE-2021-43295
+	RESERVED
+CVE-2021-43294
+	RESERVED
+CVE-2021-43293
+	RESERVED
+CVE-2021-43292
+	RESERVED
+CVE-2021-43291
+	RESERVED
+CVE-2021-43290
+	RESERVED
+CVE-2021-43289
+	RESERVED
+CVE-2021-43288
+	RESERVED
+CVE-2021-43287
+	RESERVED
+CVE-2021-43286
+	RESERVED
+CVE-2021-43285
+	RESERVED
+CVE-2021-43284
+	RESERVED
+CVE-2021-43283
+	RESERVED
+CVE-2021-43282
+	RESERVED
+CVE-2021-43281
+	RESERVED
+CVE-2021-43280
+	RESERVED
+CVE-2021-43279
+	RESERVED
+CVE-2021-43278
+	RESERVED
+CVE-2021-43277
+	RESERVED
+CVE-2021-43276
+	RESERVED
+CVE-2021-43275
+	RESERVED
+CVE-2021-43274
+	RESERVED
+CVE-2021-43273
+	RESERVED
+CVE-2021-43272
+	RESERVED
+CVE-2021-43271
+	RESERVED
+CVE-2021-43270 (Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) 3.1.0-dev-00148, 3. ...)
+	TODO: check
+CVE-2021-43269
+	RESERVED
+CVE-2021-43268
+	RESERVED
+CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
+	TODO: check
+CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...)
+	TODO: check
+CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...)
+	TODO: check
+CVE-2021-43263
+	RESERVED
+CVE-2021-43262
+	RESERVED
+CVE-2021-43261
+	RESERVED
+CVE-2021-43260
+	RESERVED
+CVE-2021-43259
+	RESERVED
+CVE-2021-43258
+	RESERVED
+CVE-2021-43257
+	RESERVED
+CVE-2021-3923
+	RESERVED
+CVE-2021-3922
+	RESERVED
+CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -1217,8 +1299,8 @@ CVE-2021-42699
 	RESERVED
 CVE-2021-42698
 	RESERVED
-CVE-2021-42697
-	RESERVED
+CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...)
+	TODO: check
 CVE-2021-42696
 	RESERVED
 CVE-2021-42695
@@ -4318,8 +4400,8 @@ CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in
 	NOT-FOR-US: NETGEAR
 CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
 	NOT-FOR-US: Atlassian
-CVE-2021-41312
-	RESERVED
+CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
+	TODO: check
 CVE-2021-41311
 	RESERVED
 CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
@@ -4974,8 +5056,8 @@ CVE-2021-41038
 	RESERVED
 CVE-2021-41037
 	RESERVED
-CVE-2021-41036
-	RESERVED
+CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
+	TODO: check
 CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
 	NOT-FOR-US: Eclipse OpenJ9
 CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
@@ -9245,10 +9327,10 @@ CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before
 	NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8
 CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...)
 	NOT-FOR-US: Apache Jena
-CVE-2021-39238
-	RESERVED
-CVE-2021-39237
-	RESERVED
+CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...)
+	TODO: check
+CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...)
+	TODO: check
 CVE-2021-39236
 	RESERVED
 CVE-2021-39235
@@ -10951,22 +11033,19 @@ CVE-2021-38503
 	- firefox-esr 91.3.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
-CVE-2021-38502
-	RESERVED
+CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
 	[experimental] - thunderbird 1:91.2.0-1
 	- thunderbird <undetermined>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
 	TODO: double check, it was only referenced in mfsa2021-47 but not mfsa2021-46, but issue is about attack on SMTP STARTTLS connections
-CVE-2021-38501
-	RESERVED
+CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
 	- firefox 93.0-1
 	- firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
 	- thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
-CVE-2021-38500
-	RESERVED
+CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
 	{DSA-4981-1 DLA-2782-1}
 	- firefox 93.0-1
 	- firefox-esr 91.2.0esr-1
@@ -10977,28 +11056,24 @@ CVE-2021-38500
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500
-CVE-2021-38499
-	RESERVED
+CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92.  ...)
 	- firefox 93.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499
-CVE-2021-38498
-	RESERVED
+CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...)
 	- firefox 93.0-1
 	- firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
 	- thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498
-CVE-2021-38497
-	RESERVED
+CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...)
 	- firefox 93.0-1
 	- firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
 	- thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
-CVE-2021-38496
-	RESERVED
+CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while  ...)
 	{DSA-4981-1 DLA-2782-1}
 	- firefox 93.0-1
 	- firefox-esr 91.2.0esr-1
@@ -11009,16 +11084,13 @@ CVE-2021-38496
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496
-CVE-2021-38495
-	RESERVED
+CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird  ...)
 	- thunderbird <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495
-CVE-2021-38494
-	RESERVED
+CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91.  ...)
 	- firefox 92.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
-CVE-2021-38493
-	RESERVED
+CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...)
 	{DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1}
 	- firefox 92.0-1
 	- firefox-esr 78.14.0esr-1
@@ -11026,16 +11098,14 @@ CVE-2021-38493
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493
-CVE-2021-38492
-	RESERVED
+CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...)
 	- firefox <not-affected> (Only affects Windows)
 	- firefox-esr <not-affected> (Only affects Windows)
 	- thunderbird <not-affected> (Only affects Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492
-CVE-2021-38491
-	RESERVED
+CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...)
 	- firefox 92.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491
 CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...)
@@ -12229,84 +12299,64 @@ CVE-2021-37997
 	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37996
-	RESERVED
+CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37995
-	RESERVED
+CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37994
-	RESERVED
+CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37993
-	RESERVED
+CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37992
-	RESERVED
+CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37991
-	RESERVED
+CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37990
-	RESERVED
+CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37989
-	RESERVED
+CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37988
-	RESERVED
+CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37987
-	RESERVED
+CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37986
-	RESERVED
+CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37985
-	RESERVED
+CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37984
-	RESERVED
+CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37983
-	RESERVED
+CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37982
-	RESERVED
+CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37981
-	RESERVED
+CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37980
-	RESERVED
+CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37979
-	RESERVED
+CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37978
-	RESERVED
+CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37977
-	RESERVED
+CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...)
@@ -12358,7 +12408,7 @@ CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-37960
-	RESERVED
+	REJECTED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54  ...)
@@ -29670,7 +29720,7 @@ CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82
 	- chromium 93.0.4577.82-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-30631
-	RESERVED
+	REJECTED
 	- chromium 93.0.4577.82-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...)
@@ -31352,14 +31402,12 @@ CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in C
 	NOT-FOR-US: CloverDX
 CVE-2021-29994
 	RESERVED
-CVE-2021-29993
-	RESERVED
+CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...)
 	- firefox <not-affected> (Specific to Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993
 CVE-2021-29992
 	RESERVED
-CVE-2021-29991
-	RESERVED
+CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...)
 	- firefox 91.0.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991
 CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...)
@@ -53415,22 +53463,22 @@ CVE-2021-20709 (Improper validation of integrity check value vulnerability in NE
 	NOT-FOR-US: Aterm firmware
 CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...)
 	NOT-FOR-US: Aterm firmware
-CVE-2021-20707
-	RESERVED
-CVE-2021-20706
-	RESERVED
-CVE-2021-20705
-	RESERVED
-CVE-2021-20704
-	RESERVED
-CVE-2021-20703
-	RESERVED
-CVE-2021-20702
-	RESERVED
-CVE-2021-20701
-	RESERVED
-CVE-2021-20700
-	RESERVED
+CVE-2021-20707 (Improper input validation vulnerability in the Transaction Server CLUS ...)
+	TODO: check
+CVE-2021-20706 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+	TODO: check
+CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+	TODO: check
+CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
+	TODO: check
+CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+	TODO: check
+CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+	TODO: check
+CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+	TODO: check
+CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+	TODO: check
 CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
 	NOT-FOR-US: SHARP
 CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and  ...)
@@ -55023,8 +55071,8 @@ CVE-2021-20137
 	RESERVED
 CVE-2021-20136 (ManageEngine Log360 Builds &lt; 5235 are affected by an improper acces ...)
 	NOT-FOR-US: ManageEngine
-CVE-2021-20135
-	RESERVED
+CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)
+	TODO: check
 CVE-2021-20134
 	RESERVED
 CVE-2021-20133
author	security tracker role <sectracker@soriano.debian.org>	2021-11-03 08:10:21 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-11-03 08:10:21 +0000
commit	5a84624f6bf6e3113f33037d52ef1ac20444455e (patch)
tree	85f3bad907af04ba93e87f3b1bc44dfad380e970
parent	c1e268882ec69c096a964014bf9d55c83b54b6ca (diff)