CVE-2021-XXXX [XSS vulnerability via HTML messages with malicious CSS content]
- roundcube (bug #1003027)
NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released
NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
CVE-2021-45984
RESERVED
CVE-2021-45983
RESERVED
CVE-2021-45982
RESERVED
CVE-2021-45981
RESERVED
CVE-2021-45980
RESERVED
CVE-2021-45979
RESERVED
CVE-2021-45978
RESERVED
CVE-2021-45977
RESERVED
CVE-2021-45976
RESERVED
CVE-2021-45975
RESERVED
CVE-2021-45974
RESERVED
CVE-2021-45973
RESERVED
CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...)
- giftrans (bug #1002739; unimportant)
NOTE: Negligible security impact; crash in CLI tool
CVE-2021-45971
RESERVED
CVE-2021-45970
RESERVED
CVE-2021-45969
RESERVED
CVE-2021-45968
RESERVED
CVE-2021-45967
RESERVED
CVE-2021-45966
RESERVED
CVE-2021-45965
RESERVED
CVE-2021-45964
RESERVED
CVE-2021-45963
RESERVED
CVE-2021-45962
RESERVED
CVE-2021-45961
RESERVED
CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...)
- expat (bug #1002994)
[bullseye] - expat (Minor issue; can be fixed via point release)
[buster] - expat (Minor issue; can be fixed via point release)
[stretch] - expat (Minor issue)
NOTE: https://github.com/libexpat/libexpat/issues/531
NOTE: https://github.com/libexpat/libexpat/pull/534
CVE-2021-45959 (** DISPUTED ** {fmt} 7.1.0 through 8.0.1 has a stack-based buffer over ...)
- fmtlib (unimportant)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36110
NOTE: https://github.com/fmtlib/fmt/issues/2685
NOTE: Fixed by: https://github.com/fmtlib/fmt/commit/2038bf61831eb8faede0883965364a974d1350fe
NOTE: The CVE is basically invalid, as the report was one of a series of false positives
NOTE: and the "upstream fix" is effectively a noop.
CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...)
- ujson
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
TODO: claimed to be fixed, but 5525f8c9ef8bb879dadd0eb942d524827d1b0362 is not part of the repository, check correctness of introducing details
CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...)
- dnsmasq
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml
TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...)
- dnsmasq
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...)
- dnsmasq
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml
TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...)
- dnsmasq
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml
TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...)
- dnsmasq
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml
TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...)
- dnsmasq
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml
TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...)
- dnsmasq
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml
TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
- libredwg (bug #595191)
CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)
- ghostscript 9.55.0~dfsg-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...)
- assimp 5.1.1~ds0-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
NOTE: https://github.com/assimp/assimp/pull/4146
NOTE: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0)
CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...)
NOT-FOR-US: wasm3
CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
NOT-FOR-US: wasm3
CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...)
NOT-FOR-US: uWebSockets
CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
- ghostscript
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
TODO: check, oss-fuzz "fixing commit" cannot be correct as it only removes a documentation snippet.
CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
[experimental] - gdal 3.4.1~rc1+dfsg-1~exp1
- gdal
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
NOTE: https://github.com/OSGeo/gdal/pull/4944
NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master)
NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947
NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...)
- openexr
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0
CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...)
- libbpf
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml
TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...)
- libbpf
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml
TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
NOT-FOR-US: uWebSockets
CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
NOT-FOR-US: wolfMQTT
CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
NOT-FOR-US: wolfMQTT
CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...)
NOT-FOR-US: wolfMQTT
CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...)
- libgrokj2k
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021
NOTE: Referenced fix isn't in the upstream repo
CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
NOT-FOR-US: wolfMQTT
CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...)
NOT-FOR-US: wolfMQTT
CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...)
NOT-FOR-US: wolfMQTT
CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...)
- harfbuzz
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml
NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1)
TODO: check correctness of commit, might not affect any Debian released version
CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...)
- qtsvg-opensource-src (bug #1002991)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
NOTE: https://bugreports.qt.io/browse/QTBUG-96044
NOTE: https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev)
NOTE: https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2)
NOTE: https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12)
TODO: check if impact present for qt4-x11, furthermore while fixed in 5.12.12 it is not in 5.15.y.
CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
NOT-FOR-US: wasm3
CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other produ ...)
- jpeg-xl (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456
NOTE: https://github.com/libjxl/libjxl/issues/360
NOTE: https://github.com/libjxl/libjxl/pull/365
NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6)
NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6)
CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
- mdbtools
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187
TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
- mdbtools
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972
TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-4196
RESERVED
CVE-2021-4195
RESERVED
CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...)
NOT-FOR-US: Netgear
CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...)
NOT-FOR-US: Netgear
CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
NOT-FOR-US: Bitmask Riseup VPN
CVE-2021-4194
RESERVED
CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
- vim
[bullseye] - vim (Minor issue)
[buster] - vim (Minor issue)
NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950)
CVE-2021-4192 (vim is vulnerable to Use After Free ...)
- vim
[bullseye] - vim (Minor issue)
[buster] - vim (Minor issue)
NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949)
CVE-2021-4191
RESERVED
CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...)
NOT-FOR-US: Netgear
CVE-2021-45919
RESERVED
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
- wireshark
[bullseye] - wireshark (Minor issue)
[buster] - wireshark (Minor issue)
[stretch] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
CVE-2021-4189 [ftplib should not use the host from the PASV response]
RESERVED
- python3.10 (Fixed before initial upload to Debian unstable)
- python3.9 3.9.7-1
- python3.7
- python3.5
- python2.7
NOTE: https://bugs.python.org/issue43285
NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020
CVE-2021-45918
RESERVED
CVE-2021-45917
RESERVED
CVE-2021-45916
RESERVED
CVE-2021-45915
RESERVED
CVE-2021-45914
RESERVED
CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
CVE-2021-45913
RESERVED
CVE-2021-45912
RESERVED
CVE-2021-44775
RESERVED
CVE-2021-44465
RESERVED
CVE-2021-4187 (vim is vulnerable to Use After Free ...)
- vim
[bullseye] - vim (Minor issue)
[buster] - vim (Vulnerable code introduced later)
[stretch] - vim (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e
NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923)
CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
- gif2apng (bug #1002687)
CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
- gif2apng (bug #1002667)
CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
- gif2apng (bug #1002668)
CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
- gif2apng (bug #1002669; unimportant)
NOTE: Negligible security impact
CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
- gif2apng (bug #1002669; unimportant)
NOTE: Negligible security impact
CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. ...)
NOT-FOR-US: OpenWrt
CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ...)
NOT-FOR-US: OpenWrt
CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...)
NOT-FOR-US: OpenWrt
CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...)
NOT-FOR-US: SuiteCRM
CVE-2021-45902
RESERVED
CVE-2021-45901
RESERVED
CVE-2021-45900
RESERVED
CVE-2021-45899
RESERVED
CVE-2021-45898
RESERVED
CVE-2021-45897
RESERVED
CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...)
NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices
CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...)
NOT-FOR-US: Netgen Tags Bundle
CVE-2021-45894
RESERVED
CVE-2021-45893
RESERVED
CVE-2021-45892
RESERVED
CVE-2021-45891
RESERVED
CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...)
NOT-FOR-US: AuthGuard
CVE-2021-45889
RESERVED
CVE-2021-45888
RESERVED
CVE-2021-45887
RESERVED
CVE-2021-45886
RESERVED
CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...)
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
- wireshark 3.6.0-1
[bullseye] - wireshark (Minor issue)
[buster] - wireshark (Minor issue)
[stretch] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
- wireshark
[bullseye] - wireshark (Minor issue)
[buster] - wireshark (Minor issue)
[stretch] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
- wireshark
[bullseye] - wireshark (Minor issue)
[buster] - wireshark (Minor issue)
[stretch] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
- wireshark
[bullseye] - wireshark (Minor issue)
[buster] - wireshark (Minor issue)
[stretch] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
- wireshark
[bullseye] - wireshark (Minor issue)
[buster] - wireshark (Minor issue)
[stretch] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
- wireshark
[bullseye] - wireshark (Minor issue)
[buster] - wireshark (Minor issue)
[stretch] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
- brave-browser (bug #864795)
CVE-2021-45883
RESERVED
CVE-2021-45882
RESERVED
CVE-2021-45881
RESERVED
CVE-2021-45880
RESERVED
CVE-2021-45879
RESERVED
CVE-2021-45878
RESERVED
CVE-2021-45877
RESERVED
CVE-2021-45876
RESERVED
CVE-2021-45875
RESERVED
CVE-2021-45874
RESERVED
CVE-2021-45873
RESERVED
CVE-2021-45872
RESERVED
CVE-2021-45871
RESERVED
CVE-2021-45870
RESERVED
CVE-2021-45869
RESERVED
CVE-2021-45868
RESERVED
CVE-2021-45867
RESERVED
CVE-2021-45866
RESERVED
CVE-2021-45865
RESERVED
CVE-2021-45864
RESERVED
CVE-2021-45863
RESERVED
CVE-2021-45862
RESERVED
CVE-2021-45861
RESERVED
CVE-2021-45860
RESERVED
CVE-2021-45859
RESERVED
CVE-2021-45858
RESERVED
CVE-2021-45857
RESERVED
CVE-2021-45856
RESERVED
CVE-2021-45855
RESERVED
CVE-2021-45854
RESERVED
CVE-2021-45853
RESERVED
CVE-2021-45852
RESERVED
CVE-2021-45851
RESERVED
CVE-2021-45850
RESERVED
CVE-2021-45849
RESERVED
CVE-2021-45848
RESERVED
CVE-2021-45847
RESERVED
CVE-2021-45846
RESERVED
CVE-2021-45845
RESERVED
CVE-2021-45844
RESERVED
CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...)
NOT-FOR-US: glFusion CMS
CVE-2021-45842
RESERVED
CVE-2021-45841
RESERVED
CVE-2021-45840
RESERVED
CVE-2021-45839
RESERVED
CVE-2021-45838
RESERVED
CVE-2021-45837
RESERVED
CVE-2021-45836
RESERVED
CVE-2021-45835
RESERVED
CVE-2021-45834
RESERVED
CVE-2021-45833
RESERVED
CVE-2021-45832
RESERVED
CVE-2021-45831
RESERVED
CVE-2021-45830
RESERVED
CVE-2021-45829
RESERVED
CVE-2021-45828
RESERVED
CVE-2021-45827
RESERVED
CVE-2021-45826
RESERVED
CVE-2021-45825
RESERVED
CVE-2021-45824
RESERVED
CVE-2021-45823
RESERVED
CVE-2021-45822
RESERVED
CVE-2021-45821
RESERVED
CVE-2021-45820
RESERVED
CVE-2021-45819
RESERVED
CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...)
NOT-FOR-US: SAFARI Montage
CVE-2021-45817
RESERVED
CVE-2021-45816
RESERVED
CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...)
NOT-FOR-US: Quectel UC20 UMTS/HSPA+ UC20
CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...)
NOT-FOR-US: Nettmp NNT
CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...)
NOT-FOR-US: SLICAN WebCTI
CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...)
NOT-FOR-US: NUUO Network Video Recorder NVRsolo
CVE-2021-45811
RESERVED
CVE-2021-45810
RESERVED
CVE-2021-45809
RESERVED
CVE-2021-45808
RESERVED
CVE-2021-45807
RESERVED
CVE-2021-45806
RESERVED
CVE-2021-45805
RESERVED
CVE-2021-45804
RESERVED
CVE-2021-45803
RESERVED
CVE-2021-45802
RESERVED
CVE-2021-45801
RESERVED
CVE-2021-45800
RESERVED
CVE-2021-45799
RESERVED
CVE-2021-45798
RESERVED
CVE-2021-45797
RESERVED
CVE-2021-45796
RESERVED
CVE-2021-45795
RESERVED
CVE-2021-45794
RESERVED
CVE-2021-45793
RESERVED
CVE-2021-45792
RESERVED
CVE-2021-45791
RESERVED
CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...)
NOT-FOR-US: Metersphere
CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...)
NOT-FOR-US: Metersphere
CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...)
NOT-FOR-US: Metersphere
CVE-2021-45787
RESERVED
CVE-2021-45786
RESERVED
CVE-2021-45785
RESERVED
CVE-2021-45784
RESERVED
CVE-2021-45783
RESERVED
CVE-2021-45782
RESERVED
CVE-2021-45781
RESERVED
CVE-2021-45780
RESERVED
CVE-2021-45779
RESERVED
CVE-2021-45778
RESERVED
CVE-2021-45777
RESERVED
CVE-2021-45776
RESERVED
CVE-2021-45775
RESERVED
CVE-2021-45774
RESERVED
CVE-2021-45773
RESERVED
CVE-2021-45772
RESERVED
CVE-2021-45771
RESERVED
CVE-2021-45770
RESERVED
CVE-2021-45769
RESERVED
CVE-2021-45768
RESERVED
CVE-2021-45767
RESERVED
CVE-2021-45766
RESERVED
CVE-2021-45765
RESERVED
CVE-2021-45764
RESERVED
CVE-2021-45763
RESERVED
CVE-2021-45762
RESERVED
CVE-2021-45761
RESERVED
CVE-2021-45760
RESERVED
CVE-2021-45759
RESERVED
CVE-2021-45758
RESERVED
CVE-2021-45757
RESERVED
CVE-2021-45756
RESERVED
CVE-2021-45755
RESERVED
CVE-2021-45754
RESERVED
CVE-2021-45753
RESERVED
CVE-2021-45752
RESERVED
CVE-2021-45751
RESERVED
CVE-2021-45750
RESERVED
CVE-2021-45749
RESERVED
CVE-2021-45748
RESERVED
CVE-2021-45747
RESERVED
CVE-2021-45746
RESERVED
CVE-2021-45745
RESERVED
CVE-2021-45744
RESERVED
CVE-2021-45743
RESERVED
CVE-2021-45742
RESERVED
CVE-2021-45741
RESERVED
CVE-2021-45740
RESERVED
CVE-2021-45739
RESERVED
CVE-2021-45738
RESERVED
CVE-2021-45737
RESERVED
CVE-2021-45736
RESERVED
CVE-2021-45735
RESERVED
CVE-2021-45734
RESERVED
CVE-2021-45733
RESERVED
CVE-2021-4180
RESERVED
CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
NOT-FOR-US: Rust crate lru
CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
NOT-FOR-US: Rust crate rusqlite
CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
NOT-FOR-US: Rust crate rusqlite
CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
NOT-FOR-US: Rust crate rusqlite
CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
NOT-FOR-US: Rust crate rusqlite
CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
NOT-FOR-US: Rust crate rusqlite
CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
NOT-FOR-US: Rust crate rusqlite
CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
NOT-FOR-US: Rust crate rusqlite
CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...)
NOT-FOR-US: Rust crate rust-embed
CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...)
NOT-FOR-US: Rust crate simple_asn1
CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...)
- rust-tokio
[bullseye] - rust-tokio (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
NOTE: https://github.com/tokio-rs/tokio/issues/4225
CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...)
NOT-FOR-US: Rust crate crypto2
CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...)
NOT-FOR-US: Rust crate abomonation
CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x before ...)
- rust-nix 0.23.0-1
[bullseye] - rust-nix (Minor issue)
[buster] - rust-nix (Introduced in 0.16)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...)
NOT-FOR-US: Rust crate zeroize_derive
CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...)
NOT-FOR-US: Rust crate nanorand
CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...)
NOT-FOR-US: Rust crate metrics-util
CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...)
NOT-FOR-US: Rust crate tectonic_xdv
CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
NOT-FOR-US: Rust crate tremor-script
CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
NOT-FOR-US: Rust crate tremor-script
CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...)
NOT-FOR-US: Rust crate ckb
CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...)
NOT-FOR-US: Rust crate ckb
CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...)
NOT-FOR-US: Rust crate ckb
CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...)
NOT-FOR-US: Rust crate molecule
CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...)
- rust-sha2 (Only affetced 0.9.7, never uploaded to the archive)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html
CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...)
NOT-FOR-US: Rust crate mopa
CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...)
NOT-FOR-US: Rust crate rdiff
CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
NOT-FOR-US: Rust crate messagepack-rs
CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
NOT-FOR-US: Rust crate messagepack-rs
CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
NOT-FOR-US: Rust crate messagepack-rs
CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
NOT-FOR-US: Rust crate messagepack-rs
CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for ...)
NOT-FOR-US: Rust crate gfx-auxil
CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...)
NOT-FOR-US: Rust crate ash
CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. ...)
NOT-FOR-US: Rust crate raw-cpuid
CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...)
NOT-FOR-US: Rust crate csv-sniffer
CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...)
NOT-FOR-US: Rust crate columnar
CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...)
NOT-FOR-US: Rust crate flumedb
CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...)
NOT-FOR-US: Rust crate binjs
CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...)
NOT-FOR-US: Rust crate bronzedb-protocol
CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...)
NOT-FOR-US: Rust crate derive-com-impl
CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...)
NOT-FOR-US: Rust crate vec-const
CVE-2021-45111
RESERVED
CVE-2021-45071
RESERVED
CVE-2021-44547
RESERVED
CVE-2021-44476
RESERVED
CVE-2021-44475
RESERVED
CVE-2021-44461
RESERVED
CVE-2021-44460
RESERVED
CVE-2021-4178
RESERVED
CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
NOT-FOR-US: livehelperchat
CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-26947
RESERVED
CVE-2021-23186
RESERVED
CVE-2021-23178
RESERVED
CVE-2021-23176
RESERVED
CVE-2021-23166
RESERVED
CVE-2021-4174
RESERVED
CVE-2021-4173 (vim is vulnerable to Use After Free ...)
- vim
[bullseye] - vim (Minor issue)
[buster] - vim (Vulnerable code introduced later)
[stretch] - vim (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766
NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902)
CVE-2021-4172
RESERVED
CVE-2021-4171
RESERVED
CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
NOT-FOR-US: Netgear
CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
NOT-FOR-US: Netgear
CVE-2021-45677 (Certain NETGEAR devices are affected by stored XSS. This affects GS108 ...)
NOT-FOR-US: Netgear
CVE-2021-45676 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
NOT-FOR-US: Netgear
CVE-2021-45675 (Certain NETGEAR devices are affected by stored XSS. This affects R6120 ...)
NOT-FOR-US: Netgear
CVE-2021-45674 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
NOT-FOR-US: Netgear
CVE-2021-45673 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
NOT-FOR-US: Netgear
CVE-2021-45672 (Certain NETGEAR devices are affected by Stored XSS. This affects D6200 ...)
NOT-FOR-US: Netgear
CVE-2021-45671 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
NOT-FOR-US: Netgear
CVE-2021-45670 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
NOT-FOR-US: Netgear
CVE-2021-45669 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
NOT-FOR-US: Netgear
CVE-2021-45668 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
NOT-FOR-US: Netgear
CVE-2021-45667 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
NOT-FOR-US: Netgear
CVE-2021-45666 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
NOT-FOR-US: Netgear
CVE-2021-45665 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
NOT-FOR-US: Netgear
CVE-2021-45664 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
NOT-FOR-US: Netgear
CVE-2021-45663 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
NOT-FOR-US: Netgear
CVE-2021-45662 (NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. ...)
NOT-FOR-US: Netgear
CVE-2021-45661 (Certain NETGEAR devices are affected by server-side injection. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45660 (Certain NETGEAR devices are affected by server-side injection. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45659 (Certain NETGEAR devices are affected by server-side injection. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45658 (Certain NETGEAR devices are affected by server-side injection. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45657 (Certain NETGEAR devices are affected by server-side injection. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45656 (Certain NETGEAR devices are affected by server-side injection. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45655 (NETGEAR R6400 devices before 1.0.1.70 are affected by server-side inje ...)
NOT-FOR-US: Netgear
CVE-2021-45654 (NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of s ...)
NOT-FOR-US: Netgear
CVE-2021-45653 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45652 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45651 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45650 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45649 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45648 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45647 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45646 (NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of ...)
NOT-FOR-US: Netgear
CVE-2021-45645 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2021-45644 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2021-45643 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2021-45642 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2021-45641 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2021-45640 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2021-45639 (Certain NETGEAR devices are affected by reflected XSS. This affects CB ...)
NOT-FOR-US: Netgear
CVE-2021-45638 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2021-45637 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2021-45636 (NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based bu ...)
NOT-FOR-US: Netgear
CVE-2021-45635 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45634 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45633 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45632 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45631 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45630 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45629 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45628 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45627 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45626 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45625 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45624 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45623 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45622 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45621 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45620 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45619 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45618 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45617 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45616 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45615 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45614 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45613 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45612 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45611 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45608 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2021-45605 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2021-45604 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2021-45603 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2021-45602 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45601 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45600 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45599 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45598 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45597 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45596 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45595 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45594 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45593 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45592 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45591 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45590 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45589 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45588 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45587 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45586 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45585 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45584 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45583 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45582 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45581 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45580 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45579 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45578 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45577 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45576 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45575 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45574 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45573 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2021-45572 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45571 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45570 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45569 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45568 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45567 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45566 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45565 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45564 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45563 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45562 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45561 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45560 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45559 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45558 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45557 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45556 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45555 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45554 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45553 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45552 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45551 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45550 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45549 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45548 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45547 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45546 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45545 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45544 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45543 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45542 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45541 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45540 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45539 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45538 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45537 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45536 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45535 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45534 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45533 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45532 (NETGEAR R8000 devices before 1.0.4.76 are affected by command injectio ...)
NOT-FOR-US: Netgear
CVE-2021-45531 (NETGEAR D6220 devices before 1.0.0.76 are affected by command injectio ...)
NOT-FOR-US: Netgear
CVE-2021-45530 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45529 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45528 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45527 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45526 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45525 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
CVE-2021-45524 (NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflo ...)
NOT-FOR-US: Netgear
CVE-2021-45523 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...)
NOT-FOR-US: Netgear
CVE-2021-45522 (NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded pas ...)
NOT-FOR-US: Netgear
CVE-2021-45521 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
NOT-FOR-US: Netgear
CVE-2021-45520 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
NOT-FOR-US: Netgear
CVE-2021-45519 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
NOT-FOR-US: Netgear
CVE-2021-45518 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
NOT-FOR-US: Netgear
CVE-2021-45517 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
NOT-FOR-US: Netgear
CVE-2021-45516 (Certain NETGEAR devices are affected by denial of service. This affect ...)
NOT-FOR-US: Netgear
CVE-2021-45515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
NOT-FOR-US: Netgear
CVE-2021-45514 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
NOT-FOR-US: Netgear
CVE-2021-45513 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
NOT-FOR-US: Netgear
CVE-2021-45512 (Certain NETGEAR devices are affected by weak cryptography. This affect ...)
NOT-FOR-US: Netgear
CVE-2021-45511 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45510 (NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication ...)
NOT-FOR-US: Netgear
CVE-2021-45509 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45508 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45507 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45506 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45505 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45504 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45503 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45502 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45501 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45500 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45499 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
CVE-2021-45498 (NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication ...)
NOT-FOR-US: Netgear
CVE-2021-45497 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
NOT-FOR-US: Netgear
CVE-2021-45496 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
NOT-FOR-US: Netgear
CVE-2021-45495 (NETGEAR D7000 devices before 1.0.1.68 are affected by authentication b ...)
NOT-FOR-US: Netgear
CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to read ...)
NOT-FOR-US: Netgear
CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
NOT-FOR-US: Netgear
CVE-2021-4170
RESERVED
CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-45492
RESERVED
CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: showdoc
CVE-2021-45491
RESERVED
CVE-2021-45490
RESERVED
CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...)
NOT-FOR-US: NetBSD
CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...)
NOT-FOR-US: NetBSD
CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...)
NOT-FOR-US: NetBSD
CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...)
- linux 5.10.38-1
[buster] - linux 4.19.208-1
[stretch] - linux 4.9.290-1
NOTE: https://arxiv.org/pdf/2112.09604.pdf
NOTE: https://git.kernel.org/linus/aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba (5.13-rc1)
CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
[stretch] - linux 4.9.290-1
NOTE: https://arxiv.org/pdf/2112.09604.pdf
NOTE: https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99 (5.14-rc1)
CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...)
NOT-FOR-US: NetBSD
CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...)
TODO: check
CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...)
TODO: check
CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
TODO: check
CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
- linux
[stretch] - linux (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
CVE-2021-4167
RESERVED
CVE-2021-45479
RESERVED
CVE-2021-45478
RESERVED
CVE-2021-45477
RESERVED
CVE-2021-45476
RESERVED
CVE-2021-45475
RESERVED
CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
- vim
[bullseye] - vim (Minor issue)
[buster] - vim (Minor issue)
NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884)
CVE-2021-4165
RESERVED
CVE-2021-4164
RESERVED
CVE-2021-4163
RESERVED
CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: archivy
CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...)
NOT-FOR-US: FileImporter MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
NOTE: https://phabricator.wikimedia.org/T296605
CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...)
NOT-FOR-US: WikiBase MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d
NOTE: https://phabricator.wikimedia.org/T294693
CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...)
NOT-FOR-US: WikiBase MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd
NOTE: https://phabricator.wikimedia.org/T297570
CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
NOT-FOR-US: EntitySchema MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9
NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c
NOTE: https://phabricator.wikimedia.org/T296578
CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
NOT-FOR-US: cve-search
CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
NOT-FOR-US: Moxa
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
- linux
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
CVE-2021-45468
RESERVED
CVE-2021-45467
RESERVED
CVE-2021-45466
RESERVED
CVE-2021-45465
RESERVED
CVE-2021-4160
RESERVED
CVE-2021-4159
RESERVED
CVE-2021-45464
RESERVED
CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...)
- gegl 1:0.4.34-1 (bug #1002661)
[bullseye] - gegl (Minor issue)
[buster] - gegl (Minor issue)
[stretch] - gegl (Minor issue; can be fixed later)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)
CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
NOT-FOR-US: Open5GS
CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c]
RESERVED
- qemu
[bullseye] - qemu (Vulnerable code introduced later)
[buster] - qemu (Vulnerable code introduced later)
[stretch] - qemu (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770
NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html
CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
NOT-FOR-US: FreePBX
CVE-2021-45460
RESERVED
CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
RESERVED
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
RESERVED
- libsndfile
[bullseye] - libsndfile (Minor issue)
[buster] - libsndfile (Minor issue)
[stretch] - libsndfile (Minor issue)
NOTE: https://github.com/libsndfile/libsndfile/issues/731
NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
CVE-2021-4155
RESERVED
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
NOT-FOR-US: Node windows
CVE-2021-4154 [cgroup: verify that source is a string]
RESERVED
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux (Vulnerable code not present)
[stretch] - linux (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3b0462726e7ef281c35a7a4ae33e93ee2bc9975b (5.14-rc2)
CVE-2021-4153
RESERVED
CVE-2021-4152
RESERVED
CVE-2021-4151
RESERVED
CVE-2021-45458
RESERVED
CVE-2021-45457
RESERVED
CVE-2021-45456
RESERVED
CVE-2021-45455
RESERVED
CVE-2021-45454
RESERVED
CVE-2021-45453
RESERVED
CVE-2021-45452
RESERVED
CVE-2021-4150 [Block subsystem mishandles reference counts]
RESERVED
- linux 5.15.3-1
NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
CVE-2021-4149 [Improper lock operation in btrfs]
RESERVED
- linux 5.14.16-1
NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users to crash the kernel]
RESERVED
- linux
NOTE: https://lkml.org/lkml/2021/9/17/1037
NOTE: https://lkml.org/lkml/2021/9/12/323
CVE-2021-4147 [deadlock and crash in libxl driver]
RESERVED
- libvirt 7.10.0-2 (bug #1002535)
[bullseye] - libvirt (Minor issue)
[buster] - libvirt (Minor issue)
[stretch] - libvirt (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
CVE-2021-4146
RESERVED
CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c]
RESERVED
- qemu
[bullseye] - qemu (Vulnerable code introduced later)
[buster] - qemu (Vulnerable code introduced later)
[stretch] - qemu (Vulnerable code introduced later)
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0)
CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...)
NOT-FOR-US: TP-Link
CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...)
- mbedtls (Vulnerable code introduced later)
NOTE: https://github.com/ARMmbed/mbedtls/commit/cae590905363747d26fb5617b71bd567541a2f39 (mbedtls-3.1.0)
CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...)
- mbedtls (Vulnerable code introduced later)
NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0)
NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0)
CVE-2021-45449
RESERVED
CVE-2021-45448
RESERVED
CVE-2021-45447
RESERVED
CVE-2021-45446
RESERVED
CVE-2021-45445
RESERVED
CVE-2021-45444
RESERVED
CVE-2021-45443
RESERVED
CVE-2021-4143
RESERVED
CVE-2021-45442
RESERVED
CVE-2021-45441
RESERVED
CVE-2021-45440
RESERVED
CVE-2021-45439
RESERVED
CVE-2021-45438
RESERVED
CVE-2021-45437
RESERVED
CVE-2021-45436
RESERVED
CVE-2021-45435
RESERVED
CVE-2021-45434
RESERVED
CVE-2021-45433
RESERVED
CVE-2021-45432
RESERVED
CVE-2021-45431
RESERVED
CVE-2021-45430
RESERVED
CVE-2021-45429
RESERVED
CVE-2021-45428
RESERVED
CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...)
TODO: check
CVE-2021-45426
RESERVED
CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...)
NOT-FOR-US: SAFARI Montage
CVE-2021-45424
RESERVED
CVE-2021-45423
RESERVED
CVE-2021-45422
RESERVED
CVE-2021-45421
RESERVED
CVE-2021-45420
RESERVED
CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...)
NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45417
RESERVED
CVE-2021-45416
RESERVED
CVE-2021-45415
RESERVED
CVE-2021-45414
RESERVED
CVE-2021-45413
RESERVED
CVE-2021-45412
RESERVED
CVE-2021-45411
RESERVED
CVE-2021-45410
RESERVED
CVE-2021-45409
RESERVED
CVE-2021-45408
RESERVED
CVE-2021-45407
RESERVED
CVE-2021-45406
RESERVED
CVE-2021-45405
RESERVED
CVE-2021-45404
RESERVED
CVE-2021-45403
RESERVED
CVE-2021-45402
RESERVED
CVE-2021-45401
RESERVED
CVE-2021-45400
RESERVED
CVE-2021-45399
RESERVED
CVE-2021-45398
RESERVED
CVE-2021-45397
RESERVED
CVE-2021-45396
RESERVED
CVE-2021-45395
RESERVED
CVE-2021-45394
RESERVED
CVE-2021-45393
RESERVED
CVE-2021-45392
RESERVED
CVE-2021-45391
RESERVED
CVE-2021-45390
RESERVED
CVE-2021-45389
RESERVED
CVE-2021-45388
RESERVED
CVE-2021-45387
RESERVED
CVE-2021-45386
RESERVED
CVE-2021-45385
RESERVED
CVE-2021-45384
RESERVED
CVE-2021-45383
RESERVED
CVE-2021-45382
RESERVED
CVE-2021-45381
RESERVED
CVE-2021-45380
RESERVED
CVE-2021-45378
RESERVED
CVE-2021-45377
RESERVED
CVE-2021-45376
RESERVED
CVE-2021-45375
RESERVED
CVE-2021-45374
RESERVED
CVE-2021-45373
RESERVED
CVE-2021-45372
RESERVED
CVE-2021-45371
RESERVED
CVE-2021-45370
RESERVED
CVE-2021-45369
RESERVED
CVE-2021-45368
RESERVED
CVE-2021-45367
RESERVED
CVE-2021-45366
RESERVED
CVE-2021-45365
RESERVED
CVE-2021-45364
RESERVED
CVE-2021-45363
RESERVED
CVE-2021-45362
RESERVED
CVE-2021-45361
RESERVED
CVE-2021-45360
RESERVED
CVE-2021-45359
RESERVED
CVE-2021-45358
RESERVED
CVE-2021-45357
RESERVED
CVE-2021-45356
RESERVED
CVE-2021-45355
RESERVED
CVE-2021-45354
RESERVED
CVE-2021-45353
RESERVED
CVE-2021-45352
RESERVED
CVE-2021-45351
RESERVED
CVE-2021-45350
RESERVED
CVE-2021-45349
RESERVED
CVE-2021-45348
RESERVED
CVE-2021-45347
RESERVED
CVE-2021-45346
RESERVED
CVE-2021-45345
RESERVED
CVE-2021-45344
RESERVED
CVE-2021-45343
RESERVED
CVE-2021-45342
RESERVED
CVE-2021-45341
RESERVED
CVE-2021-45340
RESERVED
CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...)
NOT-FOR-US: Avast Antivirus
CVE-2021-45338 (Multiple privilege escalation vulnerabilities in Avast Antivirus prior ...)
NOT-FOR-US: Avast Antivirus
CVE-2021-45337 (Privilege escalation vulnerability in the Self-Defense driver of Avast ...)
NOT-FOR-US: Avast Antivirus
CVE-2021-45336 (Privilege escalation vulnerability in the Sandbox component of Avast A ...)
NOT-FOR-US: Avast Antivirus
CVE-2021-45335 (Sandbox component in Avast Antivirus prior to 20.4 has an insecure per ...)
NOT-FOR-US: Avast Antivirus
CVE-2021-45334
RESERVED
CVE-2021-45333
RESERVED
CVE-2021-45332
RESERVED
CVE-2021-45331
RESERVED
CVE-2021-45330
RESERVED
CVE-2021-45329
RESERVED
CVE-2021-45328
RESERVED
CVE-2021-45327
RESERVED
CVE-2021-45326
RESERVED
CVE-2021-45325
RESERVED
CVE-2021-45324
RESERVED
CVE-2021-45323
RESERVED
CVE-2021-45322
RESERVED
CVE-2021-45321
RESERVED
CVE-2021-45320
RESERVED
CVE-2021-45319
RESERVED
CVE-2021-45318
RESERVED
CVE-2021-45317
RESERVED
CVE-2021-45316
RESERVED
CVE-2021-45315
RESERVED
CVE-2021-45314
RESERVED
CVE-2021-45313
RESERVED
CVE-2021-45312
RESERVED
CVE-2021-45311
RESERVED
CVE-2021-45310
RESERVED
CVE-2021-45309
RESERVED
CVE-2021-45308
RESERVED
CVE-2021-45307
RESERVED
CVE-2021-45306
RESERVED
CVE-2021-45305
RESERVED
CVE-2021-45304
RESERVED
CVE-2021-45303
RESERVED
CVE-2021-45302
RESERVED
CVE-2021-45301
RESERVED
CVE-2021-45300
RESERVED
CVE-2021-45299
RESERVED
CVE-2021-45298
RESERVED
CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1973
NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770
CVE-2021-45296
RESERVED
CVE-2021-45295
RESERVED
CVE-2021-45294
RESERVED
CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...)
- binaryen 104-1 (unimportant)
NOTE: https://github.com/WebAssembly/binaryen/issues/4384
NOTE: https://github.com/WebAssembly/binaryen/pull/4388
NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104)
NOTE: Crash in CLI tool, no security impact
CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1958
NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6
CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1955
NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc
CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...)
- binaryen 104-1 (unimportant)
NOTE: https://github.com/WebAssembly/binaryen/issues/4383
NOTE: https://github.com/WebAssembly/binaryen/pull/4389
NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104)
NOTE: Crash in CLI tool, no security impact
CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1972
NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d
CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1956
NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3
CVE-2021-45287
RESERVED
CVE-2021-45286
RESERVED
CVE-2021-45285
RESERVED
CVE-2021-45284
RESERVED
CVE-2021-45283
RESERVED
CVE-2021-45282
RESERVED
CVE-2021-45281
RESERVED
CVE-2021-45280
RESERVED
CVE-2021-45279
RESERVED
CVE-2021-45278
RESERVED
CVE-2021-45277
RESERVED
CVE-2021-45276
RESERVED
CVE-2021-45275
RESERVED
CVE-2021-45274
RESERVED
CVE-2021-45273
RESERVED
CVE-2021-45272
RESERVED
CVE-2021-45271
RESERVED
CVE-2021-45270
RESERVED
CVE-2021-45269
RESERVED
CVE-2021-45268
RESERVED
CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1965
NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487
CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1985
NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e
CVE-2021-45265
RESERVED
CVE-2021-45264
RESERVED
CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1975
NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9
CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1980
NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a
CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...)
- patch (unimportant)
NOTE: https://savannah.gnu.org/bugs/?61685
NOTE: Negligible security impact
CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...)
- gpac
[bullseye] - gpac (Minor issue)
[buster] - gpac (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1979
TODO: check, fixing commit, cf. https://github.com/gpac/gpac/issues/1979#issuecomment-992471979
CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...)
- gpac
[bullseye] - gpac (Minor issue)
[buster] - gpac (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1986
NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29
CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
- gpac
[bullseye] - gpac (Minor issue)
[buster] - gpac (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1970
NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad
CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
- nasm (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392790
NOTE: Negligible security impact
CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...)
- nasm (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392789
NOTE: Crash in CLI tool, no security impact
CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...)
NOT-FOR-US: Video Sharing Website
CVE-2021-45254
RESERVED
CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...)
NOT-FOR-US: Simple Cold Storage Management System
CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...)
NOT-FOR-US: Simple Forum-Discussion System
CVE-2021-45251
RESERVED
CVE-2021-45250
RESERVED
CVE-2021-45249
RESERVED
CVE-2021-45248
RESERVED
CVE-2021-45247
RESERVED
CVE-2021-45246
RESERVED
CVE-2021-45245
RESERVED
CVE-2021-45244
RESERVED
CVE-2021-45243
RESERVED
CVE-2021-45242
RESERVED
CVE-2021-45241
RESERVED
CVE-2021-45240
RESERVED
CVE-2021-45239
RESERVED
CVE-2021-45238
RESERVED
CVE-2021-45237
RESERVED
CVE-2021-45236
RESERVED
CVE-2021-45235
RESERVED
CVE-2021-45234
RESERVED
CVE-2021-4142
RESERVED
CVE-2021-4141
RESERVED
CVE-2021-4140
RESERVED
CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: Pimcore
CVE-2021-4138
RESERVED
CVE-2021-45233
RESERVED
CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...)
NOT-FOR-US: Apache APISIX Dashboard
CVE-2021-45231
RESERVED
CVE-2021-45230
RESERVED
CVE-2021-45229
RESERVED
CVE-2021-45228
RESERVED
CVE-2021-45227
RESERVED
CVE-2021-45226
RESERVED
CVE-2021-45225
RESERVED
CVE-2021-45224
RESERVED
CVE-2021-45223
RESERVED
CVE-2021-45222
RESERVED
CVE-2021-45221
RESERVED
CVE-2021-45220
RESERVED
CVE-2021-45219
RESERVED
CVE-2021-45218
RESERVED
CVE-2021-45217
RESERVED
CVE-2021-45216
RESERVED
CVE-2021-45215
RESERVED
CVE-2021-45214
RESERVED
CVE-2021-45213
RESERVED
CVE-2021-45212
RESERVED
CVE-2021-45211
RESERVED
CVE-2021-45210
RESERVED
CVE-2021-45209
RESERVED
CVE-2021-45208
RESERVED
CVE-2021-45207
RESERVED
CVE-2021-45206
RESERVED
CVE-2021-45205
RESERVED
CVE-2021-45204
RESERVED
CVE-2021-45203
RESERVED
CVE-2021-45202
RESERVED
CVE-2021-45201
RESERVED
CVE-2021-45200
RESERVED
CVE-2021-45199
RESERVED
CVE-2021-45198
RESERVED
CVE-2021-45197
RESERVED
CVE-2021-45196
RESERVED
CVE-2021-45195
RESERVED
CVE-2021-45194
RESERVED
CVE-2021-45193
RESERVED
CVE-2021-45192
RESERVED
CVE-2021-45191
RESERVED
CVE-2021-45190
RESERVED
CVE-2021-45189
RESERVED
CVE-2021-45188
RESERVED
CVE-2021-45187
RESERVED
CVE-2021-45186
RESERVED
CVE-2021-45185
RESERVED
CVE-2021-45184
RESERVED
CVE-2021-45183
RESERVED
CVE-2021-45182
RESERVED
CVE-2021-45181
RESERVED
CVE-2021-45180
RESERVED
CVE-2021-45179
RESERVED
CVE-2021-45178
RESERVED
CVE-2021-45177
RESERVED
CVE-2021-45176
RESERVED
CVE-2021-45175
RESERVED
CVE-2021-45174
RESERVED
CVE-2021-45173
RESERVED
CVE-2021-45172
RESERVED
CVE-2021-45171
RESERVED
CVE-2021-45170
RESERVED
CVE-2021-45169
RESERVED
CVE-2021-45168
RESERVED
CVE-2021-45167
RESERVED
CVE-2021-45166
RESERVED
CVE-2021-45165
RESERVED
CVE-2021-45164
RESERVED
CVE-2021-45163
RESERVED
CVE-2021-45162
RESERVED
CVE-2021-45161
RESERVED
CVE-2021-45160
RESERVED
CVE-2021-45159
RESERVED
CVE-2021-45158
RESERVED
CVE-2021-45157
RESERVED
CVE-2021-45156
RESERVED
CVE-2021-45155
RESERVED
CVE-2021-45154
RESERVED
CVE-2021-45153
RESERVED
CVE-2021-45152
RESERVED
CVE-2021-45151
RESERVED
CVE-2021-45150
RESERVED
CVE-2021-45149
RESERVED
CVE-2021-45148
RESERVED
CVE-2021-45147
RESERVED
CVE-2021-45146
RESERVED
CVE-2021-45145
RESERVED
CVE-2021-45144
RESERVED
CVE-2021-45143
RESERVED
CVE-2021-45142
RESERVED
CVE-2021-45141
RESERVED
CVE-2021-45140
RESERVED
CVE-2021-45139
RESERVED
CVE-2021-45138
RESERVED
CVE-2021-45137
RESERVED
CVE-2021-45136
RESERVED
CVE-2021-45135
RESERVED
CVE-2021-45134
RESERVED
CVE-2021-45133
RESERVED
CVE-2021-45132
RESERVED
CVE-2021-45131
RESERVED
CVE-2021-45130
RESERVED
CVE-2021-45129
RESERVED
CVE-2021-45128
RESERVED
CVE-2021-45127
RESERVED
CVE-2021-45126
RESERVED
CVE-2021-45125
RESERVED
CVE-2021-45124
RESERVED
CVE-2021-45123
RESERVED
CVE-2021-45122
RESERVED
CVE-2021-45121
RESERVED
CVE-2021-45120
RESERVED
CVE-2021-45119
RESERVED
CVE-2021-45118
RESERVED
CVE-2021-45117
RESERVED
CVE-2021-45116
RESERVED
CVE-2021-45115
RESERVED
CVE-2021-45106
RESERVED
CVE-2021-44463
RESERVED
CVE-2021-44462
RESERVED
CVE-2021-4137
RESERVED
CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim (bug #1002534)
[bullseye] - vim (Minor issue)
[buster] - vim (Vulnerable code introduced later)
[stretch] - vim (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938
NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257)
NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847)
CVE-2021-4135
RESERVED
- linux
[stretch] - linux (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
CVE-2021-4134
RESERVED
CVE-2021-4133
RESERVED
NOT-FOR-US: Keycloak
CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-4129
RESERVED
CVE-2021-4128
RESERVED
CVE-2021-4127
RESERVED
CVE-2021-4126
RESERVED
{DSA-5034-1}
- thunderbird 1:91.4.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
CVE-2021-26264
RESERVED
CVE-2021-23173
RESERVED
CVE-2021-23157
RESERVED
CVE-2021-23138
RESERVED
CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues]
- spip 3.2.12-1
[bullseye] - spip 3.2.11-3+deb11u1
[buster] - spip 3.2.4-1+deb10u5
[stretch] - spip 3.1.4-4~deb9u4+deb9u2
NOTE: For the collection of issues fixed in DSA 5028-1
NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...)
- glewlwyd 2.6.1-1
[bullseye] - glewlwyd (Minor issue; can be fixed via point release)
[buster] - glewlwyd (Vulnerable code introduced later)
NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)
{DSA-5024-1 DLA-2852-1}
- apache-log4j2 2.17.0-1 (bug #1001891)
NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive]
RESERVED
- libarchive 3.5.2-1 (bug #1001990)
NOTE: https://github.com/libarchive/libarchive/issues/1566
NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2)
NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2)
CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target]
RESERVED
- libarchive 3.5.2-1 (bug #1001986)
NOTE: https://github.com/libarchive/libarchive/issues/1565
NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2)
CVE-2021-45104
RESERVED
CVE-2021-45103
RESERVED
CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...)
- condor (Only affects 9.0.0 and above)
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...)
- condor (bug #1002540)
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14)
CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)
NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal
CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...)
- suricata 1:6.0.4-1
[bullseye] - suricata (Minor issue)
[buster] - suricata (Minor issue)
[stretch] - suricata (Minor issue)
NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
NOTE: https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df
NOTE: https://redmine.openinfosecfoundation.org/issues/4710
CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...)
NOT-FOR-US: NIME Server
CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
NOT-FOR-US: KNIME Analytics Platform
CVE-2021-45094
RESERVED
CVE-2021-45093
RESERVED
CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
NOT-FOR-US: Thinfinity VirtualUI
CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...)
NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...)
NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...)
NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- epiphany-browser 41.2-1
[stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- epiphany-browser 41.2-1
[stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- epiphany-browser 41.2-1
[stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- epiphany-browser 41.2-1
[stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45084
RESERVED
CVE-2021-45083
RESERVED
CVE-2021-45082
RESERVED
CVE-2021-45081
RESERVED
CVE-2021-45080
RESERVED
CVE-2021-45079
RESERVED
CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...)
- binutils (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
NOTE: binutils not covered by security support
CVE-2021-4125
RESERVED
NOT-FOR-US: OpenShift metering hive containers
CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...)
- logback 1:1.2.8-1
[bullseye] - logback (Minor issue)
[buster] - logback (Minor issue)
[stretch] - logback (Minor issue)
NOTE: https://jira.qos.ch/browse/LOGBACK-1591
NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8)
CVE-2021-44771
REJECTED
CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
- janus (unimportant)
NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190
NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d
NOTE: Issues only in janus-demos built from src:janus
CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
CVE-2021-4122
RESERVED
CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-23151
REJECTED
CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
- linux (unimportant)
[bullseye] - linux (Vulnerable code not present)
[buster] - linux (Vulnerable code not present)
[stretch] - linux (Vulnerable code not present)
NOTE: https://github.com/cifsd-team/ksmbd/issues/550
NOTE: https://github.com/cifsd-team/ksmbd/pull/551
NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
- linux
NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
CVE-2021-45070
RESERVED
CVE-2021-45069
RESERVED
CVE-2021-45068
RESERVED
CVE-2021-45067
RESERVED
CVE-2021-45066
RESERVED
CVE-2021-45065
RESERVED
CVE-2021-45064
RESERVED
CVE-2021-45063
RESERVED
CVE-2021-45062
RESERVED
CVE-2021-45061
RESERVED
CVE-2021-45060
RESERVED
CVE-2021-45059
RESERVED
CVE-2021-45058
RESERVED
CVE-2021-45057
RESERVED
CVE-2021-45056
RESERVED
CVE-2021-45055
RESERVED
CVE-2021-45054
RESERVED
CVE-2021-45053
RESERVED
CVE-2021-45052
RESERVED
CVE-2021-45051
RESERVED
CVE-2021-4120
RESERVED
CVE-2021-45050
RESERVED
CVE-2021-45049
RESERVED
CVE-2021-45048
RESERVED
CVE-2021-45047
RESERVED
CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...)
{DSA-5022-1}
- apache-log4j2 2.16.0-1 (bug #1001729)
[stretch] - apache-log4j2 (JndiLookup class has been removed)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4
NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046
NOTE: https://issues.apache.org/jira/browse/LOG4J2-3221
NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
CVE-2021-45045
RESERVED
CVE-2021-45044
RESERVED
CVE-2021-44768
RESERVED
CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
NOT-FOR-US: DIAEnergie
CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
NOT-FOR-US: DIAEnergie
CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data ...)
NOT-FOR-US: pytorch-lightning
CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4115
RESERVED
CVE-2021-4114
REJECTED
CVE-2021-4113
REJECTED
CVE-2021-4112
RESERVED
NOT-FOR-US: Ansible Tower
CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
NOT-FOR-US: DIAEnergie
CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
NOT-FOR-US: DIAEnergie
CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
NOT-FOR-US: HD-Network Real-time Monitoring System
CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...)
NOT-FOR-US: HashiCorp Vault
CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...)
NOT-FOR-US: SuiteCRM
CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby (bug #1001768)
[stretch] - mruby (revisit when/if fix is complete)
NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20
NOTE: https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34
CVE-2021-4109
RESERVED
CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
CVE-2021-45040
RESERVED
CVE-2021-45039
RESERVED
CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1}
- mediawiki 1:1.35.5-1
[buster] - mediawiki (Vulnerable code not present)
[stretch] - mediawiki (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T297574
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-45037
RESERVED
CVE-2021-45036
RESERVED
CVE-2021-45035
RESERVED
CVE-2021-45034
RESERVED
CVE-2021-45033
RESERVED
CVE-2021-45032
RESERVED
CVE-2021-45031
RESERVED
CVE-2021-45030
RESERVED
CVE-2021-45029
RESERVED
CVE-2021-45028
RESERVED
CVE-2021-45027
RESERVED
CVE-2021-45026
RESERVED
CVE-2021-45025
RESERVED
CVE-2021-45024
RESERVED
CVE-2021-45023
RESERVED
CVE-2021-45022
RESERVED
CVE-2021-45021
RESERVED
CVE-2021-45020
RESERVED
CVE-2021-45019
RESERVED
CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 ...)
NOT-FOR-US: CatFish (not same as src:catfish)
CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <= ...)
NOT-FOR-US: CatFish (not same as src:catfish)
CVE-2021-45016
RESERVED
CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
NOT-FOR-US: taocms
CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...)
NOT-FOR-US: taocms
CVE-2021-45013
RESERVED
CVE-2021-45012
RESERVED
CVE-2021-45011
RESERVED
CVE-2021-45010
RESERVED
CVE-2021-45009
RESERVED
CVE-2021-45008
RESERVED
CVE-2021-45007
RESERVED
CVE-2021-45006
RESERVED
CVE-2021-45005
RESERVED
CVE-2021-45004
RESERVED
CVE-2021-45003
RESERVED
CVE-2021-45002
RESERVED
CVE-2021-45001
RESERVED
CVE-2021-45000
RESERVED
CVE-2021-44999
RESERVED
CVE-2021-44998
RESERVED
CVE-2021-44997
RESERVED
CVE-2021-44996
RESERVED
CVE-2021-44995
RESERVED
CVE-2021-44994
RESERVED
CVE-2021-44993
RESERVED
CVE-2021-44992
RESERVED
CVE-2021-44991
RESERVED
CVE-2021-44990
RESERVED
CVE-2021-44989
RESERVED
CVE-2021-44988
RESERVED
CVE-2021-44987
RESERVED
CVE-2021-44986
RESERVED
CVE-2021-44985
RESERVED
CVE-2021-44984
RESERVED
CVE-2021-44983
RESERVED
CVE-2021-44982
RESERVED
CVE-2021-44981
RESERVED
CVE-2021-44980
RESERVED
CVE-2021-44979
RESERVED
CVE-2021-44978
RESERVED
CVE-2021-44977
RESERVED
CVE-2021-44976
RESERVED
CVE-2021-44975
RESERVED
CVE-2021-44974
RESERVED
CVE-2021-44973
RESERVED
CVE-2021-44972
RESERVED
CVE-2021-44971
RESERVED
CVE-2021-44970
RESERVED
CVE-2021-44969
RESERVED
CVE-2021-44968
RESERVED
CVE-2021-44967
RESERVED
CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
NOT-FOR-US: PHPGURUKUL Employee Record Management System
CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...)
NOT-FOR-US: PHPGURUKUL Employee Record Management System
CVE-2021-44964
RESERVED
CVE-2021-44963
RESERVED
CVE-2021-44962
RESERVED
CVE-2021-44961
RESERVED
CVE-2021-44960
RESERVED
CVE-2021-44959
RESERVED
CVE-2021-44958
RESERVED
CVE-2021-44957
RESERVED
CVE-2021-44956
RESERVED
CVE-2021-44955
RESERVED
CVE-2021-44954
RESERVED
CVE-2021-44953
RESERVED
CVE-2021-44952
RESERVED
CVE-2021-44951
RESERVED
CVE-2021-44950
RESERVED
CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...)
NOT-FOR-US: glFusion CMS
CVE-2021-44948
REJECTED
CVE-2021-44947
RESERVED
CVE-2021-44946
RESERVED
CVE-2021-44945
RESERVED
CVE-2021-44944
RESERVED
CVE-2021-44943
RESERVED
CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...)
NOT-FOR-US: glFusion CMS
CVE-2021-44941
RESERVED
CVE-2021-44940
RESERVED
CVE-2021-44939
RESERVED
CVE-2021-44938
RESERVED
CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...)
NOT-FOR-US: glFusion CMS
CVE-2021-44936
RESERVED
CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...)
NOT-FOR-US: glFusion CMS
CVE-2021-44934
RESERVED
CVE-2021-44933
RESERVED
CVE-2021-44932
RESERVED
CVE-2021-44931
RESERVED
CVE-2021-44930
RESERVED
CVE-2021-44929
RESERVED
CVE-2021-44928
RESERVED
CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1960
NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92
CVE-2021-44926 (A null pointer dereference vulnerability exists in the gpac in the gf_ ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1961
NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e
CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1967
NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2
CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1959
NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497
CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1962
NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1969
NOTE: https://github.com/gpac/gpac/issues/1968
NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1964
NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2
CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1957
NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4
CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1963
NOTE: https://github.com/gpac/gpac/issues/1962
NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/1968
NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...)
- gnuplot 5.4.2+dfsg2-2 (unimportant; bug #1002539)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master)
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master)
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/4cc2a4c83bc95470caa525cda52fba683e95bbb9/ (master)
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/7285b0c578a067d8d9fe0566ccefaee131f62087/ (branch-5-4-stable)
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/bac7cf51333242999ecb66883fd6076168ec3441/ (branch-5-4-stable)
NOTE: Crash in CLI tool, negligible security impact
CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...)
NOT-FOR-US: Open-AudIT
CVE-2021-44915
RESERVED
CVE-2021-44914
RESERVED
CVE-2021-44913
RESERVED
CVE-2021-44912
RESERVED
CVE-2021-44911
RESERVED
CVE-2021-44910
RESERVED
CVE-2021-44909
RESERVED
CVE-2021-44908
RESERVED
CVE-2021-44907
RESERVED
CVE-2021-44906
RESERVED
CVE-2021-44905
RESERVED
CVE-2021-44904
RESERVED
CVE-2021-44903
RESERVED
CVE-2021-44902
RESERVED
CVE-2021-44901
RESERVED
CVE-2021-44900
RESERVED
CVE-2021-44899
RESERVED
CVE-2021-44898
RESERVED
CVE-2021-44897
RESERVED
CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS. ...)
TODO: check
CVE-2021-44895
RESERVED
CVE-2021-44894
RESERVED
CVE-2021-44893
RESERVED
CVE-2021-44892
RESERVED
CVE-2021-44891
RESERVED
CVE-2021-44890
RESERVED
CVE-2021-44889
RESERVED
CVE-2021-44888
RESERVED
CVE-2021-44887
RESERVED
CVE-2021-44886
RESERVED
CVE-2021-44885
RESERVED
CVE-2021-44884
RESERVED
CVE-2021-44883
RESERVED
CVE-2021-44882
RESERVED
CVE-2021-44881
RESERVED
CVE-2021-44880
RESERVED
CVE-2021-44879
RESERVED
CVE-2021-44878
RESERVED
CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...)
NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44873
RESERVED
CVE-2021-44872
RESERVED
CVE-2021-44871
RESERVED
CVE-2021-44870
RESERVED
CVE-2021-44869
RESERVED
CVE-2021-44868
RESERVED
CVE-2021-44867
RESERVED
CVE-2021-44866
RESERVED
CVE-2021-44865
RESERVED
CVE-2021-44864
RESERVED
CVE-2021-44863
RESERVED
CVE-2021-44862
RESERVED
CVE-2021-44861
RESERVED
CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1 DLA-2847-1}
- mediawiki 1:1.35.5-1
[buster] - mediawiki 1:1.31.16-1+deb10u2
NOTE: https://phabricator.wikimedia.org/T297322
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1}
- mediawiki 1:1.35.5-1
[buster] - mediawiki (Vulnerable code not present)
[stretch] - mediawiki (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T297322
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeContentModel]
RESERVED
- mediawiki 1:1.35.5-1
[bullseye] - mediawiki (Minor issue)
[buster] - mediawiki (Minor issue)
[stretch] - mediawiki (Minor issue)
NOTE: https://phabricator.wikimedia.org/T271037
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
RESERVED
- mediawiki 1:1.35.5-1
[bullseye] - mediawiki (Minor issue)
[buster] - mediawiki (Vulnerable code not present)
[stretch] - mediawiki (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T293589
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results from private wikis]
RESERVED
- mediawiki 1:1.35.5-1
[bullseye] - mediawiki (Minor issue)
[buster] - mediawiki (Vulnerable code not present)
[stretch] - mediawiki (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T292763
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44853
RESERVED
CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...)
TODO: check
CVE-2021-44851
RESERVED
CVE-2021-44850
RESERVED
CVE-2021-44849
RESERVED
CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...)
NOT-FOR-US: Cibele Thinfinity VirtualUI
CVE-2021-44847 (A stack-based buffer overflow in handle_request function in DHT.c in t ...)
- libtoxcore 0.2.13-1 (bug #1001711)
NOTE: https://github.com/TokTok/c-toxcore/pull/1718
NOTE: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/
NOTE: Introduced by: https://github.com/TokTok/c-toxcore/commit/71260e38e8d12547b0e55916daf6cadd72f52e19 (v0.1.9)
NOTE: Fixed by: https://github.com/TokTok/c-toxcore/commit/1b02bad36864fdfc36694e3f96d2dc6c58a891e4 (v0.2.13)
CVE-2021-44846
RESERVED
CVE-2021-44845
RESERVED
CVE-2021-44844
RESERVED
CVE-2021-44843
RESERVED
CVE-2021-44842
RESERVED
CVE-2021-44841
RESERVED
CVE-2021-44840
RESERVED
CVE-2021-44839
RESERVED
CVE-2021-44838
RESERVED
CVE-2021-44837
RESERVED
CVE-2021-44836
RESERVED
CVE-2021-44835
RESERVED
CVE-2021-44834
RESERVED
CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4106
RESERVED
CVE-2021-4105
RESERVED
CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
NOT-FOR-US: CLI for Amazon AWS OpenSearch
CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...)
- apache-log4j1.2
[bullseye] - apache-log4j1.2 (Minor issue; JMSAppender not configured to be used by default)
[buster] - apache-log4j1.2 (Minor issue; JMSAppender not configured to be used by default)
[stretch] - apache-log4j1.2 (Minor issue; JMSAppender not configured to be used by default)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1
NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
CVE-2021-4103
RESERVED
CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...)
{DLA-2870-1}
- apache-log4j2 2.17.1-1 (bug #1002813)
[bullseye] - apache-log4j2 (Minor issue; requires attacker with permissions to modify the logging configuration file)
[buster] - apache-log4j2 (Minor issue; requires attacker with permissions to modify the logging configuration file)
NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293
NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1)
NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2
CVE-2021-44831
RESERVED
CVE-2021-44830
RESERVED
CVE-2021-44829
RESERVED
CVE-2021-44828
RESERVED
CVE-2021-44827
RESERVED
CVE-2021-44826
RESERVED
CVE-2021-44825
RESERVED
CVE-2021-44824
RESERVED
CVE-2021-44823
RESERVED
CVE-2021-44822
RESERVED
CVE-2021-44821
RESERVED
CVE-2021-44820
RESERVED
CVE-2021-44819
RESERVED
CVE-2021-44818
RESERVED
CVE-2021-44817
RESERVED
CVE-2021-44816
RESERVED
CVE-2021-44815
RESERVED
CVE-2021-44814
RESERVED
CVE-2021-44813
RESERVED
CVE-2021-44812
RESERVED
CVE-2021-44811
RESERVED
CVE-2021-44810
RESERVED
CVE-2021-44809
RESERVED
CVE-2021-44808
RESERVED
CVE-2021-44807
RESERVED
CVE-2021-44806
RESERVED
CVE-2021-44805
RESERVED
CVE-2021-44804
RESERVED
CVE-2021-44803
RESERVED
CVE-2021-44802
RESERVED
CVE-2021-44801
RESERVED
CVE-2021-44800
RESERVED
CVE-2021-44799
RESERVED
CVE-2021-44798
RESERVED
CVE-2021-44797
RESERVED
CVE-2021-44796
RESERVED
CVE-2021-4102
RESERVED
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4101
RESERVED
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4100
RESERVED
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4099
RESERVED
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4098
RESERVED
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
NOT-FOR-US: phpservermon
CVE-2021-4096
RESERVED
CVE-2021-44795
RESERVED
CVE-2021-44794
RESERVED
CVE-2021-44793
RESERVED
CVE-2021-44792
RESERVED
CVE-2021-44791
RESERVED
CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
- apache2 2.4.52-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
NOTE: Fixed by: https://svn.apache.org/r1896039
CVE-2021-4095
RESERVED
- linux
NOTE: https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/
NOTE: https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194
CVE-2021-4094
RESERVED
CVE-2021-4093
RESERVED
- linux 5.14.16-1
[bullseye] - linux (Vulnerable code not present)
[buster] - linux (Vulnerable code not present)
[stretch] - linux (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4091
RESERVED
CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
RESERVED
- linux 5.15.5-1
[bullseye] - linux (Vulnerable code introduced later)
[buster] - linux (Vulnerable code introduced later)
[stretch] - linux (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101
NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
CVE-2021-44789
RESERVED
CVE-2021-44788
RESERVED
CVE-2021-44787
RESERVED
CVE-2021-44786
RESERVED
CVE-2021-44785
RESERVED
CVE-2021-44784
RESERVED
CVE-2021-44783
RESERVED
CVE-2021-44782
RESERVED
CVE-2021-44781
RESERVED
CVE-2021-44780
RESERVED
CVE-2021-44764
RESERVED
CVE-2021-4089 (snipe-it is vulnerable to Improper Access Control ...)
NOT-FOR-US: snipe-it
CVE-2021-37408
RESERVED
CVE-2021-31565
RESERVED
CVE-2021-26261
RESERVED
CVE-2021-26255
RESERVED
CVE-2021-23189
RESERVED
CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2021-23171
RESERVED
CVE-2021-23170
RESERVED
CVE-2021-23148
RESERVED
CVE-2021-44759
RESERVED
CVE-2021-4088
RESERVED
CVE-2021-4087
RESERVED
CVE-2021-4086
RESERVED
CVE-2021-4085
RESERVED
CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: Pimcore
CVE-2021-4083
RESERVED
- linux 5.15.5-2
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4)
CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: Pimcore
CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: Pimcore
CVE-2021-44758
RESERVED
CVE-2021-44757
RESERVED
CVE-2021-44756
RESERVED
CVE-2021-44755
RESERVED
CVE-2021-44754
RESERVED
CVE-2021-44753
RESERVED
CVE-2021-44752
RESERVED
CVE-2021-44751
RESERVED
CVE-2021-44750
RESERVED
CVE-2021-44749
RESERVED
CVE-2021-44748
RESERVED
CVE-2021-44747
RESERVED
CVE-2021-44746
RESERVED
CVE-2021-44745
RESERVED
CVE-2021-44744
RESERVED
CVE-2021-44743
RESERVED
CVE-2021-44742
RESERVED
CVE-2021-44741
RESERVED
CVE-2021-44740
RESERVED
CVE-2021-44739
RESERVED
CVE-2021-44545
RESERVED
CVE-2021-44457
RESERVED
CVE-2021-44454
RESERVED
CVE-2021-43351
RESERVED
CVE-2021-4080
RESERVED
CVE-2021-26946
RESERVED
CVE-2021-26254
RESERVED
CVE-2021-23188
RESERVED
CVE-2021-23168
RESERVED
CVE-2021-23152
RESERVED
CVE-2021-23145
RESERVED
CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
- rainloop 1.14.0-1 (bug #962629)
[buster] - rainloop (Minor issue)
NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
CVE-2021-44738
RESERVED
CVE-2021-44737
RESERVED
CVE-2021-44736
RESERVED
CVE-2021-44735
RESERVED
CVE-2021-44734
RESERVED
CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
- linux
[stretch] - linux (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747
CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...)
- mbedtls (bug #1002631)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
CVE-2021-44731
RESERVED
CVE-2021-44730
RESERVED
CVE-2021-44729
RESERVED
CVE-2021-44728
RESERVED
CVE-2021-44727
RESERVED
CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
NOT-FOR-US: KNIME Server
CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
NOT-FOR-US: KNIME Server
CVE-2021-44724
RESERVED
CVE-2021-44723
RESERVED
CVE-2021-44722
RESERVED
CVE-2021-44721
RESERVED
CVE-2021-44720
RESERVED
CVE-2021-44719
RESERVED
CVE-2021-44718
RESERVED
CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...)
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11
- golang-1.8
- golang-1.7
NOTE: https://github.com/golang/go/issues/50057
NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5)
NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12)
CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...)
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11
- golang-1.8
- golang-1.7
- golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1
- golang-golang-x-net-dev
NOTE: https://github.com/golang/go/issues/50058
NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)
NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12)
NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70
CVE-2021-44715
RESERVED
CVE-2021-44714
RESERVED
CVE-2021-44713
RESERVED
CVE-2021-44712
RESERVED
CVE-2021-44711
RESERVED
CVE-2021-44710
RESERVED
CVE-2021-44709
RESERVED
CVE-2021-44708
RESERVED
CVE-2021-44707
RESERVED
CVE-2021-44706
RESERVED
CVE-2021-44705
RESERVED
CVE-2021-44704
RESERVED
CVE-2021-44703
RESERVED
CVE-2021-44702
RESERVED
CVE-2021-44701
RESERVED
CVE-2021-44700
RESERVED
CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
NOT-FOR-US: Adobe
CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
NOT-FOR-US: Adobe
CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
NOT-FOR-US: Adobe
CVE-2021-44696
RESERVED
CVE-2021-44695
RESERVED
CVE-2021-44694
RESERVED
CVE-2021-44693
RESERVED
CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4077
RESERVED
CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
RESERVED
{DSA-5025-1}
- tang 11-1
[buster] - tang (Vulnerable code introduced later)
NOTE: https://github.com/latchset/tang/pull/81
NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8)
NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11)
CVE-2021-44692
RESERVED
CVE-2021-44691
RESERVED
CVE-2021-44690
RESERVED
CVE-2021-44689
RESERVED
CVE-2021-44688
RESERVED
CVE-2021-44687
RESERVED
CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...)
- calibre 5.33.0+dfsg-1
[bullseye] - calibre (Minor issue)
[buster] - calibre (Minor issue)
[stretch] - calibre (Minor issue)
NOTE: https://bugs.launchpad.net/calibre/+bug/1951979
NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)
CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...)
NOT-FOR-US: git-it
CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...)
NOT-FOR-US: naholyr github-todos
CVE-2021-44683
RESERVED
CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-4074
RESERVED
CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...)
NOT-FOR-US: elgg
CVE-2021-4071
RESERVED
CVE-2021-44674
RESERVED
CVE-2021-44673
RESERVED
CVE-2021-44672
RESERVED
CVE-2021-44671
RESERVED
CVE-2021-44670
RESERVED
CVE-2021-44669
RESERVED
CVE-2021-44668
RESERVED
CVE-2021-44667
RESERVED
CVE-2021-44666
RESERVED
CVE-2021-44665
RESERVED
CVE-2021-44664
RESERVED
CVE-2021-44663
RESERVED
CVE-2021-44662
RESERVED
CVE-2021-44661
RESERVED
CVE-2021-44660
RESERVED
CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...)
NOT-FOR-US: GoCD server
CVE-2021-44658
RESERVED
CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
NOT-FOR-US: StackStorm
CVE-2021-44656
RESERVED
CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...)
NOT-FOR-US: Online Pre-owned/Used Car Showroom Management System
CVE-2021-44654
RESERVED
CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...)
NOT-FOR-US: Online Magazine Management System
CVE-2021-44652
RESERVED
CVE-2021-44651
RESERVED
CVE-2021-44650
RESERVED
CVE-2021-44649
RESERVED
CVE-2021-44648
RESERVED
CVE-2021-44647
RESERVED
CVE-2021-44646
RESERVED
CVE-2021-44645
RESERVED
CVE-2021-44644
RESERVED
CVE-2021-44643
RESERVED
CVE-2021-44642
RESERVED
CVE-2021-44641
RESERVED
CVE-2021-44640
RESERVED
CVE-2021-44639
RESERVED
CVE-2021-44638
RESERVED
CVE-2021-44637
RESERVED
CVE-2021-44636
RESERVED
CVE-2021-44635
RESERVED
CVE-2021-44634
RESERVED
CVE-2021-44633
RESERVED
CVE-2021-44632
RESERVED
CVE-2021-44631
RESERVED
CVE-2021-44630
RESERVED
CVE-2021-44629
RESERVED
CVE-2021-44628
RESERVED
CVE-2021-44627
RESERVED
CVE-2021-44626
RESERVED
CVE-2021-44625
RESERVED
CVE-2021-44624
RESERVED
CVE-2021-44623
RESERVED
CVE-2021-44622
RESERVED
CVE-2021-44621
RESERVED
CVE-2021-44620
RESERVED
CVE-2021-44619
RESERVED
CVE-2021-44618
RESERVED
CVE-2021-44617
RESERVED
CVE-2021-44616
RESERVED
CVE-2021-44615
RESERVED
CVE-2021-44614
RESERVED
CVE-2021-44613
RESERVED
CVE-2021-44612
RESERVED
CVE-2021-44611
RESERVED
CVE-2021-44610
RESERVED
CVE-2021-44609
RESERVED
CVE-2021-44608
RESERVED
CVE-2021-44607
RESERVED
CVE-2021-44606
RESERVED
CVE-2021-44605
RESERVED
CVE-2021-44604
RESERVED
CVE-2021-44603
RESERVED
CVE-2021-44602
RESERVED
CVE-2021-44601
RESERVED
CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...)
NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...)
NOT-FOR-US: Online Enrollment Management System
CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
NOT-FOR-US: Attendance Management System
CVE-2021-44597
RESERVED
CVE-2021-44596
RESERVED
CVE-2021-44595
RESERVED
CVE-2021-44594
RESERVED
CVE-2021-44593
RESERVED
CVE-2021-44592
RESERVED
CVE-2021-44591
RESERVED
CVE-2021-44590
RESERVED
CVE-2021-44589
RESERVED
CVE-2021-44588
RESERVED
CVE-2021-44587
RESERVED
CVE-2021-44586
RESERVED
CVE-2021-44585
RESERVED
CVE-2021-44584
RESERVED
CVE-2021-44583
RESERVED
CVE-2021-44582
RESERVED
CVE-2021-44581
RESERVED
CVE-2021-44580
RESERVED
CVE-2021-44579
RESERVED
CVE-2021-44578
RESERVED
CVE-2021-44577
RESERVED
CVE-2021-44576
RESERVED
CVE-2021-44575
RESERVED
CVE-2021-44574
RESERVED
CVE-2021-44573
RESERVED
CVE-2021-44572
RESERVED
CVE-2021-44571
RESERVED
CVE-2021-44570
RESERVED
CVE-2021-44569
RESERVED
CVE-2021-44568
RESERVED
CVE-2021-44567
RESERVED
CVE-2021-44566
RESERVED
CVE-2021-44565
RESERVED
CVE-2021-44564
RESERVED
CVE-2021-44563
RESERVED
CVE-2021-44562
RESERVED
CVE-2021-44561
RESERVED
CVE-2021-44560
RESERVED
CVE-2021-44559
RESERVED
CVE-2021-44558
RESERVED
CVE-2021-44557 (National Library of the Netherlands multiNER <= c0440948057afc6e3d6 ...)
NOT-FOR-US: National Library of the Netherlands multiNER
CVE-2021-44556 (National Library of the Netherlands digger < 6697d1269d981e35e11f24 ...)
NOT-FOR-US: National Library of the Netherlands digger
CVE-2021-44555
RESERVED
CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...)
NOT-FOR-US: Thinfinity VirtualUI
CVE-2021-44553
RESERVED
CVE-2021-44552
RESERVED
CVE-2021-44551
RESERVED
CVE-2021-44550
RESERVED
CVE-2021-4070
RESERVED
CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...)
NOT-FOR-US: Apache Sling
CVE-2021-4069 (vim is vulnerable to Use After Free ...)
- vim
NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741)
CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...)
TODO: check
CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4060
RESERVED
CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...)
- chromium
[stretch] - chromium (see DSA 4562)
CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...)
- chromium