automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-05-27 08:10:29 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-05-27 08:10:29 +0000
commit: 606f9e1cf2dd90e0abe359570266e192ca8ace18 (patch)
tree: 0565403ea2e1988a551b2c2124b874476cc63371
parent: 3acc21f547bbea65416dd58c9774ca9f616bd132 (diff)
4 files changed, 90 insertions, 112 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 3dad705c6b..f58e6b4506 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -3924,7 +3924,7 @@ CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before
 	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
 	NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
 CVE-2008-5509
-	RESERVED
+	REJECTED
 CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
 	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceweasel 3.0.5-1
@@ -5089,9 +5089,9 @@ CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login (wrg_a
 CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...)
 	- libvirt 0.4.6-10
 CVE-2008-5085
-	RESERVED
+	REJECTED
 CVE-2008-5084
-	RESERVED
+	REJECTED
 CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security  ...)
 	NOT-FOR-US: Red Hat JBoss Operations Network
 CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...)
@@ -8935,7 +8935,7 @@ CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subs
 CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux  ...)
 	NOT-FOR-US: rc.sysinit on Fedora
 CVE-2008-3523
-	RESERVED
+	REJECTED
 CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...)
 	{DSA-2080-1}
 	- jasper 1.900.1-5.1 (medium; bug #501021)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 869064c8a1..6a4ab35145 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -3636,8 +3636,7 @@ CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem
 	- kvm 88+dfsg-2 (low; bug #557739)
 	NOTE: http://bugzilla.redhat.com/531660
 	NOTE: https://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
-CVE-2009-3721 [ytnef buffer overflow]
-	RESERVED
+CVE-2009-3721 (Multiple directory traversal and buffer overflow vulnerabilities were  ...)
 	- ytnef <removed> (bug #567631)
 	[lenny] - ytnef <no-dsa> (Minor issue)
 	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index e3b8259e57..2ffa19fba7 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -7389,8 +7389,7 @@ CVE-2020-27840 (A flaw was found in samba. Spaces used in a string around a doma
 	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a
 	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd
 	NOTE: Samba uses the System ldb library
-CVE-2020-27839
-	RESERVED
+CVE-2020-27839 (A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for  ...)
 	- ceph 14.2.18-1 (bug #985670)
 	[buster] - ceph <no-dsa> (Minor issue)
 	[stretch] - ceph <not-affected> (dashboard introduced in 12.1.0)
@@ -7424,8 +7423,7 @@ CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in openshift
 CVE-2020-27832
 	RESERVED
 	NOT-FOR-US: Quay
-CVE-2020-27831
-	RESERVED
+CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly protect t ...)
 	NOT-FOR-US: Quay
 CVE-2020-27830 (A vulnerability was found in Linux Kernel where in the spk_ttyio_recei ...)
 	{DSA-4843-1 DLA-2557-1}
@@ -12457,8 +12455,7 @@ CVE-2020-25726
 CVE-2020-25725 (In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOut ...)
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915
-CVE-2020-25724
-	RESERVED
+CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to an HTTP r ...)
 	- resteasy <unfixed>
 	- resteasy3.0 <unfixed>
 	[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
@@ -12867,8 +12864,7 @@ CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connecti
 CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
 	- ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
 	NOTE: https://github.com/ansible-collections/community.aws/issues/222
-CVE-2020-25634
-	RESERVED
+CVE-2020-25634 (A flaw was found in Red Hat 3scale&#8217;s API docs URL, where it is a ...)
 	NOT-FOR-US: 3scale
 CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to  ...)
 	- resteasy <unfixed> (bug #970585)
@@ -20486,28 +20482,28 @@ CVE-2020-22030
 	RESERVED
 CVE-2020-22029
 	RESERVED
-CVE-2020-22028
-	RESERVED
+CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
+	TODO: check
 CVE-2020-22027
 	RESERVED
-CVE-2020-22026
-	RESERVED
+CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
+	TODO: check
 CVE-2020-22025
 	RESERVED
-CVE-2020-22024
-	RESERVED
+CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
+	TODO: check
 CVE-2020-22023
 	RESERVED
 CVE-2020-22022
 	RESERVED
-CVE-2020-22021
-	RESERVED
+CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
+	TODO: check
 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
 	- ffmpeg 7:4.3-2
 	NOTE: https://trac.ffmpeg.org/ticket/8239
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
-CVE-2020-22019
-	RESERVED
+CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in  ...)
+	TODO: check
 CVE-2020-22018
 	RESERVED
 CVE-2020-22017
@@ -46876,8 +46872,7 @@ CVE-2020-10697
 CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5.  ...)
 	- golang-github-containers-buildah 1.11.6-2
 	NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed
-CVE-2020-10695
-	RESERVED
+CVE-2020-10695 (An insecure modification flaw in the /etc/passwd file was found in the ...)
 	NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container
 CVE-2020-10694
 	RESERVED
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index cf1efbd9e7..e0f1e7c24d 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,7 @@
+CVE-2021-33588
+	RESERVED
+CVE-2021-33587
+	RESERVED
 CVE-2021-33585
 	RESERVED
 CVE-2021-33584
@@ -10,7 +14,7 @@ CVE-2021-33581
 	RESERVED
 CVE-2021-33580
 	RESERVED
-CVE-2021-33586 [inspircd memory disclosure]
+CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...)
 	- inspircd 3.8.1-2 (bug #989144)
 	[buster] - inspircd <not-affected> (Vulnerable code not present)
 	[stretch] - inspircd <not-affected> (Vulnerable code not present)
@@ -238,8 +242,7 @@ CVE-2021-33482
 	RESERVED
 CVE-2021-33478
 	RESERVED
-CVE-2021-3561 [Global buffer overflow in fig2dev/read.c in function read_objects]
-	RESERVED
+CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...)
 	- fig2dev 1:3.2.8-3
 	[buster] - fig2dev <no-dsa> (Minor issue)
 	[stretch] - fig2dev <no-dsa> (Minor issue)
@@ -2080,16 +2083,14 @@ CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/pull/1657
 CVE-2021-32616
 	RESERVED
-CVE-2021-3549
-	RESERVED
+CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...)
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7
 	NOTE: binutils not covered by security support
 CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...)
 	- piwigo <removed>
-CVE-2021-32614 [read in memcpy() for up to 204 bytes in fill_mishblk()]
-	RESERVED
+CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not  ...)
 	- dmg2img <unfixed> (unimportant; bug #989008)
 	NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
 	NOTE: Crash in CLI tool, no security impact
@@ -2197,8 +2198,7 @@ CVE-2021-3544 [vhost-user-gpu: multiple memory leaks]
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html
-CVE-2021-3548 [OOB in dmg2img.c memcpy() causing undefined behavior]
-	RESERVED
+CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...)
 	- dmg2img <unfixed> (unimportant)
 	NOTE: https://github.com/Lekensteyn/dmg2img/issues/9
 	NOTE: Crash in CLI tool, no security impact
@@ -3671,8 +3671,7 @@ CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual
 	NOT-FOR-US: Pulse Secure
 CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
 	NOT-FOR-US: noobaa
-CVE-2021-3527 [usb: unbounded stack allocation in usbredir]
-	RESERVED
+CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...)
 	- qemu <unfixed> (bug #988157)
 	[bullseye] - qemu <no-dsa> (Minor issue)
 	[buster] - qemu <no-dsa> (Minor issue)
@@ -3694,8 +3693,7 @@ CVE-2021-3523
 CVE-2021-31921
 	RESERVED
 	NOT-FOR-US: Istio
-CVE-2021-31920
-	RESERVED
+CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...)
 	NOT-FOR-US: Istio
 CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When  ...)
 	NOT-FOR-US: Rust crate rkyv
@@ -4616,8 +4614,7 @@ CVE-2021-31522
 	RESERVED
 CVE-2021-3510
 	RESERVED
-CVE-2021-3509
-	RESERVED
+CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...)
 	- ceph <unfixed> (bug #988888)
 	[buster] - ceph <not-affected> (Vulnerable code introduced later)
 	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
@@ -6914,22 +6911,19 @@ CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly
 	- linux 5.10.38-1
 	[stretch] - linux <not-affected> (Unprivileged users cannot mount overlayfs)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
-CVE-2021-30501
-	RESERVED
-CVE-2021-30500
-	RESERVED
+CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in  ...)
+	TODO: check
+CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...)
 	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/485
 	NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
-CVE-2021-30499
-	RESERVED
+CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...)
 	- libcaca <unfixed> (bug #987278)
 	[bullseye] - libcaca <no-dsa> (Minor issue)
 	[buster] - libcaca <no-dsa> (Minor issue)
 	[stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/cacalabs/libcaca/issues/54
-CVE-2021-30498
-	RESERVED
+CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...)
 	- libcaca <unfixed> (bug #987278)
 	[bullseye] - libcaca <no-dsa> (Minor issue)
 	[buster] - libcaca <no-dsa> (Minor issue)
@@ -7011,8 +7005,7 @@ CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
 	NOTE: binutils not covered by security support
-CVE-2021-3486
-	RESERVED
+CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...)
 	- glpi <removed>
 	NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
 CVE-2021-30475
@@ -7023,29 +7016,25 @@ CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory
 	- aom <unfixed> (bug #988211)
 	NOTE: https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
-CVE-2021-30472
-	RESERVED
+CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...)
 	- libpodofo <unfixed> (bug #986794)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/132/
-CVE-2021-30471
-	RESERVED
+CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...)
 	- libpodofo <unfixed> (bug #986793)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/131/
-CVE-2021-30470
-	RESERVED
+CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
 	- libpodofo <unfixed> (bug #986792)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/130/
-CVE-2021-30469
-	RESERVED
+CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
 	- libpodofo <unfixed> (bug #986791)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -12371,8 +12360,8 @@ CVE-2021-28172 (There is a Path Traversal vulnerability in the file download fun
 	NOT-FOR-US: Vangene deltaFlow E-platform
 CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...)
 	NOT-FOR-US: Vangene deltaFlow E-platform
-CVE-2021-28170
-	RESERVED
+CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...)
+	TODO: check
 CVE-2021-28169
 	RESERVED
 CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...)
@@ -18390,8 +18379,8 @@ CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x
 	NOT-FOR-US: Couchbase Server
 CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1  ...)
 	NOT-FOR-US: Couchbase Server
-CVE-2021-25643
-	RESERVED
+CVE-2021-25643 (An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 a ...)
+	TODO: check
 CVE-2021-25642
 	RESERVED
 CVE-2021-25641
@@ -19393,8 +19382,7 @@ CVE-2021-25219
 	RESERVED
 CVE-2021-25218
 	RESERVED
-CVE-2021-25217 [A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient]
-	RESERVED
+CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -&gt; 4.1-ESV-R16, ISC DHCP 4.4.0 -&gt; 4.4.2 ( ...)
 	- isc-dhcp <unfixed>
 	NOTE: https://kb.isc.org/docs/cve-2021-25217
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6
@@ -24788,40 +24776,40 @@ CVE-2021-22749
 	RESERVED
 CVE-2021-22748
 	RESERVED
-CVE-2021-22747
-	RESERVED
-CVE-2021-22746
-	RESERVED
-CVE-2021-22745
-	RESERVED
-CVE-2021-22744
-	RESERVED
-CVE-2021-22743
-	RESERVED
-CVE-2021-22742
-	RESERVED
-CVE-2021-22741
-	RESERVED
-CVE-2021-22740
-	RESERVED
-CVE-2021-22739
-	RESERVED
-CVE-2021-22738
-	RESERVED
-CVE-2021-22737
-	RESERVED
-CVE-2021-22736
-	RESERVED
-CVE-2021-22735
-	RESERVED
-CVE-2021-22734
-	RESERVED
-CVE-2021-22733
-	RESERVED
-CVE-2021-22732
-	RESERVED
-CVE-2021-22731
-	RESERVED
+CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+	TODO: check
+CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+	TODO: check
+CVE-2021-22745 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+	TODO: check
+CVE-2021-22744 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+	TODO: check
+CVE-2021-22743 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+	TODO: check
+CVE-2021-22742 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+	TODO: check
+CVE-2021-22741 (Use of Password Hash with Insufficient Computational Effort vulnerabil ...)
+	TODO: check
+CVE-2021-22740 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX)  ...)
+	TODO: check
+CVE-2021-22739 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX)  ...)
+	TODO: check
+CVE-2021-22738 (Use of a Broken or Risky Cryptographic Algorithm vulnerability exists  ...)
+	TODO: check
+CVE-2021-22737 (Insufficiently Protected Credentials vulnerability exists in homeLYnk  ...)
+	TODO: check
+CVE-2021-22736 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2021-22735 (Improper Verification of Cryptographic Signature vulnerability exists  ...)
+	TODO: check
+CVE-2021-22734 (Improper Verification of Cryptographic Signature vulnerability exists  ...)
+	TODO: check
+CVE-2021-22733 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser  ...)
+	TODO: check
+CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser  ...)
+	TODO: check
+CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability  ...)
+	TODO: check
 CVE-2021-22730
 	RESERVED
 CVE-2021-22729
@@ -24872,8 +24860,8 @@ CVE-2021-22707
 	RESERVED
 CVE-2021-22706
 	RESERVED
-CVE-2021-22705
-	RESERVED
+CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+	TODO: check
 CVE-2021-22704
 	RESERVED
 CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
@@ -24884,8 +24872,8 @@ CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in Po
 	NOT-FOR-US: PowerLogic
 CVE-2021-22700
 	RESERVED
-CVE-2021-22699
-	RESERVED
+CVE-2021-22699 (Improper Input Validation vulnerability exists in Modicon M241/M251 lo ...)
+	TODO: check
 CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
 	NOT-FOR-US: EcoStruxure Power Build
 CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
@@ -28728,7 +28716,7 @@ CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
 	NOT-FOR-US: Adobe
 CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
 	NOT-FOR-US: Adobe
-CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
@@ -30264,8 +30252,7 @@ CVE-2021-20299
 	RESERVED
 CVE-2021-20298
 	RESERVED
-CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkManager]
-	RESERVED
+CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Setting  ...)
 	- network-manager 1.30.0-2 (bug #986809)
 	[buster] - network-manager <not-affected> (Vulnerable code introduced later)
 	[stretch] - network-manager <not-affected> (Vulnerable code introduced later)
@@ -30783,8 +30770,7 @@ CVE-2021-20197 (There is an open race window when writing output in the followin
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
 	NOTE: binutils not covered by security support
-CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash]
-	RESERVED
+CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator  ...)
 	- qemu <unfixed> (bug #984453)
 	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in future DSA)
@@ -30808,8 +30794,7 @@ CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This
 	NOTE: Memory leak in CLI tool, no security impact
 CVE-2021-20192
 	RESERVED
-CVE-2021-20191
-	RESERVED
+CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...)
 	- ansible <unfixed> (bug #985753)
 	[bullseye] - ansible <no-dsa> (Minor issue)
 	[buster] - ansible <no-dsa> (Minor issue)
@@ -30867,8 +30852,7 @@ CVE-2021-20178 (A flaw was found in ansible module where credentials are disclos
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
 	NOTE: https://github.com/ansible-collections/community.general/pull/1621
 	NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
-CVE-2021-20177
-	RESERVED
+CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string matchi ...)
 	{DSA-4843-1 DLA-2557-1}
 	- linux 5.5.13-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
author	security tracker role <sectracker@soriano.debian.org>	2021-05-27 08:10:29 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-05-27 08:10:29 +0000
commit	606f9e1cf2dd90e0abe359570266e192ca8ace18 (patch)
tree	0565403ea2e1988a551b2c2124b874476cc63371
parent	3acc21f547bbea65416dd58c9774ca9f616bd132 (diff)