path: root/security/vuxml/vuln-2021.xml

  <vuln vid="a4ff3673-d742-4b83-8c2b-3ddafe732034">
    <topic>minio -- User privilege escalation</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2021.12.27.07.23.18</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>minio developers report:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx">
	  <p>AddUser() API endpoint was exposed to a legacy behavior. i.e it accepts a "policy" field</p>
	  <p>This API is mainly used to create a user or update a user's password.</p>
	  <p>However, a malicious client can hand-craft an HTTP API call that allows for updating Policy for a user and gaining higher privileges.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43858</cvename>
      <url>https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx</url>
    </references>
    <dates>
      <discovery>2021-12-27</discovery>
      <entry>2021-12-29</entry>
    </dates>
  </vuln>

  <vuln vid="ed8a4215-675c-11ec-8dd4-a0f3c100ae18">
    <topic>Pillow -- Regular Expression Denial of Service (ReDoS)</topic>
    <affects>
      <package>
	<name>py38-pillow</name>
	<range><ge>5.2.0</ge><lt>8.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>GitHub Advisory Database reports:</p>
	<blockquote cite="https://github.com/advisories/GHSA-98vv-pw6r-q6q4">
	  <p>Uncontrolled Resource Consumption in pillow.</p>
	  <p>The package pillow from 0 and before 8.3.2 are vulnerable to Regular
	     Expression Denial of Service (ReDoS) via the getrgb function.</p>
	  <p>References:</p>
	  <ul>
	    <li>https://nvd.nist.gov/vuln/detail/CVE-2021-23437</li>
	    <li>https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b</li>
	    <li>https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</li>
	    <li>https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443</li>
	    <li>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/</li>
	    <li>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-23437</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-23437</url>
    </references>
    <dates>
      <discovery>2021-09-02</discovery>
      <entry>2021-09-03</entry>
    </dates>
  </vuln>

  <vuln vid="d1be3d73-6737-11ec-9eea-589cfc007716">
    <topic>OpenSearch -- Log4Shell</topic>
    <affects>
      <package>
	<name>opensearch</name>
	<range><lt>1.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSearch reports:</p>
	<blockquote cite="https://opensearch.org/blog/releases/2021/12/update-1-2-3/">
	  <p>CVE-2021-45105 for Log4j was issued after the release of OpenSearch 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has been no observed reproduction of the issue described in CVE-2021-45105 in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j to version 2.17.0.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45105</cvename>
      <url>https://opensearch.org/blog/releases/2021/12/update-1-2-3/</url>
    </references>
    <dates>
      <discovery>2021-12-16</discovery>
      <entry>2021-12-27</entry>
    </dates>
  </vuln>

  <vuln vid="b0f49cb9-6736-11ec-9eea-589cfc007716">
    <topic>OpenSearch -- Log4Shell</topic>
    <affects>
      <package>
	<name>opensearch</name>
	<range><lt>1.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSearch reports:</p>
	<blockquote cite="https://opensearch.org/blog/releases/2021/12/update-1-2-2/">
	  <p>CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 (used in OpenSearch 1.2.1) to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While there has been no observed reproduction of the issue described in CVE-2021-45046, Log4j 2.16.0 takes much more extensive JNDI mitigation measures.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45046</cvename>
      <url>https://opensearch.org/blog/releases/2021/12/update-1-2-2/</url>
    </references>
    <dates>
      <discovery>2021-12-14</discovery>
      <entry>2021-12-27</entry>
    </dates>
  </vuln>

  <vuln vid="1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6">
    <topic>opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.</topic>
    <affects>
      <package>
	<name>opengrok</name>
	<range><le>1.6.7</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Bobby Rauch of Accenture reports:</p>
	<blockquote cite="https://medium.com/@bobbyrsec/oracle-opengrok-rce-cve-2021-2322-a284e5621bfe">
	  <p>I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok &lt;1.6.8 and was reported to Oracle. The vulnerability has now been patched in OpenGrok 1.6.9, and has been issued a CVE. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2322)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-2322</cvename>
      <url>https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html</url>
      <url>https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html</url>
      <url>https://github.com/oracle/opengrok/pull/3528</url>
    </references>
    <dates>
      <discovery>2021-04-07</discovery>
      <entry>2021-12-21</entry>
    </dates>
  </vuln>

  <vuln vid="0a50bb48-625f-11ec-a1fb-080027cb2f6f">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki135</name>
	<range><lt>1.35.5</lt></range>
      </package>
      <package>
	<name>mediawiki136</name>
	<range><lt>1.36.3</lt></range>
      </package>
      <package>
	<name>mediawiki137</name>
	<range><lt>1.37.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawiki reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/">
	  <p>(T292763. CVE-2021-44854) REST API incorrectly publicly caches
	    autocomplete search results from private wikis.</p>
	  <p>(T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via
	    Special:ChangeContentModel.</p>
	  <p>(T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to
	    replace the content of arbitrary pages.</p>
	  <p> (T297322, CVE-2021-44858) Unauthorized users can view contents of private
	    wikis using various actions.</p>
	  <p>(T297574, CVE-2021-45038) Unauthorized users can access private wiki
	    contents using rollback action</p>
	  <p>(T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog.</p>
	  <p>(T294686) Special:Nuke doesn't actually delete pages.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44854</cvename>
      <cvename>CVE-2021-44856</cvename>
      <cvename>CVE-2021-44857</cvename>
      <cvename>CVE-2021-44858</cvename>
      <cvename>CVE-2021-45038</cvename>
      <cvename>CVE-2021-44855</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/</url>
    </references>
    <dates>
      <discovery>2021-12-01</discovery>
      <entry>2021-12-21</entry>
    </dates>
  </vuln>

  <vuln vid="650734b2-7665-4170-9a0a-eeced5e10a5e">
    <topic>graylog -- remote code execution in log4j from user-controlled log input</topic>
    <affects>
      <package>
    <name>graylog</name>
    <range><lt>4.2.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Apache Software Foundation reports:</p>
    <blockquote cite="https://logging.apache.org/log4j/2.x/security.html">
      <p>It was found that the fix to address CVE-2021-44228 in Apache
       Log4j 2.15.0 was incomplete in certain non-default
       configurations. This could allows attackers with control over
       Thread Context Map (MDC) input data when the logging
       configuration uses a non-default Pattern Layout with either a
       Context Lookup (for example, $${ctx:loginId}) or a Thread
       Context Map pattern (%X, %mdc, or %MDC) to craft malicious input
       data using a JNDI Lookup pattern resulting in a denial of
       service (DOS) attack. Log4j 2.15.0 makes a best-effort attempt
       to restrict JNDI LDAP lookups to localhost by default. Log4j
       2.16.0 fixes this issue by removing support for message lookup
       patterns and disabling JNDI functionality by default.
      </p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45046</cvename>
      <url>https://github.com/Graylog2/graylog2-server/commit/d3e441f</url>
      <url>https://github.com/Graylog2/graylog2-server/commit/dd24b85</url>
      <url>https://logging.apache.org/log4j/2.x/security.html</url>
    </references>
    <dates>
      <discovery>2021-11-14</discovery>
      <entry>2021-12-17</entry>
    </dates>
  </vuln>

  <vuln vid="ca982e2d-61a9-11ec-8be6-d4c9ef517024">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.52</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
	  <p>moderate: Possible NULL dereference or SSRF in forward proxy
	    configurations in Apache HTTP Server 2.4.51 and earlier (CVE-2021-44224)
	    <br/>A crafted URI sent to httpd configured as a forward proxy
	    (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for
	    configurations mixing forward and reverse proxy declarations, can allow
	    for requests to be directed to a declared Unix Domain Socket endpoint
	    (Server Side Request Forgery).</p>
	  <p>high: Possible buffer overflow when parsing multipart content in
	    mod_lua of Apache HTTP Server 2.4.51 and earlier (CVE-2021-44790)<br/>A
	    carefully crafted request body can cause a buffer overflow in the
	    mod_lua multipart parser (r:parsebody() called from Lua scripts).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44224</cvename>
      <cvename>CVE-2021-44790</cvename>
      <url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
    </references>
    <dates>
      <discovery>2021-12-20</discovery>
      <entry>2021-12-20</entry>
    </dates>
  </vuln>

  <vuln vid="1ea05bb8-5d74-11ec-bb1e-001517a2e1a4">
    <topic>serviio -- affected by log4j vulnerability</topic>
    <affects>
      <package>
	<name>serviio</name>
	<range><lt>2.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Serviio reports:</p>
	<blockquote cite="https://serviio.org/news/124-version-2-2-1-released">
	  <p>Serviio is affectred by the log4j vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44228</cvename>
    </references>
    <dates>
      <discovery>2021-12-13</discovery>
      <entry>2021-12-15</entry>
    </dates>
  </vuln>

  <vuln vid="897e1962-5d5a-11ec-a3ed-040e3c3cf7e7">
    <topic>Privoxy -- Multiple vulnerabilities (memory leak, XSS)</topic>
    <affects>
      <package>
	<name>dropbear</name>
	<range><lt>3.0.33</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Privoxy reports:</p>
	<blockquote cite="https://lists.privoxy.org/pipermail/privoxy-announce/2021-December/000009.html">
	<p>cgi_error_no_template(): Encode the template name to prevent
	    XSS (cross-site scripting) when Privoxy is configured to servce
	    the user-manual itself.</p>
	<p>Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
	    Reported by: Artem Ivanov</p>
	<p>get_url_spec_param(): Free memory of compiled pattern spec
	    before bailing.
	    Reported by Joshua Rogers (Opera) who also provided the fix.
	    Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.</p>
	<p>process_encrypted_request_headers(): Free header memory when
	    failing to get the request destination.
	    Reported by Joshua Rogers (Opera) who also provided the fix.
	    Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.</p>
	<p>send_http_request(): Prevent memory leaks when handling errors
	    Reported by Joshua Rogers (Opera) who also provided the fix.
	    Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44540</cvename>
      <cvename>CVE-2021-44541</cvename>
      <cvename>CVE-2021-44542</cvename>
      <cvename>CVE-2021-44543</cvename>
      <url>https://lists.privoxy.org/pipermail/privoxy-announce/2021-December/000009.html</url>
    </references>
    <dates>
      <discovery>2021-12-09</discovery>
      <entry>2021-12-15</entry>
    </dates>
  </vuln>

  <vuln vid="0132ca5b-5d11-11ec-8be6-d4c9ef517024">
    <topic>OpenSSL -- Certificate validation issue</topic>
    <affects>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20211214.txt">
	  <p>Invalid handling of X509_verify_cert() internal errors in libssl
	    (Moderate)</p>
	  <p>Internally libssl in OpenSSL calls X509_verify_cert() on the client
	    side to verify a certificate supplied by a server. That function may
	    return a negative return value to indicate an internal error (for
	    example out of memory). Such a negative return value is mishandled by
	    OpenSSL and will cause an IO function (such as SSL_connect() or
	    SSL_do_handshake()) to not indicate success and a subsequent call to
	    SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY.
	    This return value is only supposed to be returned by OpenSSL if the
	    application has previously called SSL_CTX_set_cert_verify_callback().
	    Since most applications do not do this the
	    SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be
	    totally unexpected and applications may not behave correctly as a
	    result. The exact behaviour will depend on the application but it
	    could result in crashes, infinite loops or other similar incorrect
	    responses.</p>
	  </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-4044</cvename>
      <url>https://www.openssl.org/news/secadv/20211214.txt</url>
    </references>
    <dates>
      <discovery>2021-12-14</discovery>
      <entry>2021-12-14</entry>
    </dates>
  </vuln>

  <vuln vid="515df85a-5cd7-11ec-a16d-001517a2e1a4">
    <topic>bastillion -- log4j vulnerability</topic>
    <affects>
      <package>
	<name>bastillion</name>
	<range><lt>3.10.00_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>FreeBSD port maintainer reports:</p>
	<blockquote>
	  <p>Bastillion uses log4j.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44228</cvename>
    </references>
    <dates>
      <discovery>2021-12-10</discovery>
      <entry>2021-12-14</entry>
    </dates>
  </vuln>

  <vuln vid="fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>96.0.4664.110</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html">
	  <p>This release contains 5 security fixes, including:</p>
	  <ul>
	    <li>[1263457] Critical CVE-2021-4098: Insufficient data validation
	      in Mojo. Reported by Sergei Glazunov of Google Project Zero on
	      2021-10-26</li>
	    <li>[1270658] High CVE-2021-4099: Use after free in Swiftshader.
	      Reported by Aki Helin of Solita on 2021-11-16</li>
	    <li>[1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE.
	      Reported by Aki Helin of Solita on 2021-11-19</li>
	    <li>[1262080] High CVE-2021-4101: Heap buffer overflow in
	      Swiftshader. Reported by Abraruddin Khan and Omair on
	      2021-10-21</li>
	    <li>[1278387] High CVE-2021-4102: Use after free in V8. Reported by
	      Anonymous on 2021-12-09</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-4098</cvename>
      <cvename>CVE-2021-4099</cvename>
      <cvename>CVE-2021-4100</cvename>
      <cvename>CVE-2021-4101</cvename>
      <cvename>CVE-2021-4102</cvename>
      <url>https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html</url>
    </references>
    <dates>
      <discovery>2021-12-13</discovery>
      <entry>2021-12-14</entry>
    </dates>
  </vuln>

  <vuln vid="0dcf68fa-5c31-11ec-875e-901b0e9408dc">
    <topic>Matrix clients -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>cinny</name>
	<range><lt>1.6.0</lt></range>
      </package>
      <package>
	<name>element-web</name>
	<range><lt>1.9.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk">
	  <p>Today we are releasing security updates to libolm, matrix-js-sdk,
	  and several clients including Element Web / Desktop. Users are
	  encouraged to upgrade as soon as possible.</p>
	  <p>These releases mitigate a buffer overflow in olm_session_describe,
	  a libolm debugging function used by matrix-js-sdk in its end-to-end
	  encryption (E2EE) implementation. If you rely on matrix-js-sdk for
	  E2EE, you are affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk</url>
    </references>
    <dates>
      <discovery>2021-12-03</discovery>
      <entry>2021-12-13</entry>
    </dates>
  </vuln>

  <vuln vid="93a1c9a7-5bef-11ec-a47a-001517a2e1a4">
    <topic>openhab -- log4j remote code injection</topic>
    <affects>
      <package>
	<name>openhab2</name>
	<name>openhab</name>
	<range><le>2.5.12</le></range>
	<range><lt>3.1.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Openhab reports:</p>
	<blockquote cite="https://github.com/openhab/openhab-distro/security/advisories/GHSA-j99j-qp89-pcfq">
	  <p>Any openHAB instance that is publicly available or which consumes untrusted content from remote servers is potentially a target of this attack.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44228</cvename>
      <url>https://github.com/openhab/openhab-distro/security/advisories/GHSA-j99j-qp89-pcfq</url>
      <url>https://github.com/ops4j/org.ops4j.pax.logging/security/advisories/GHSA-xxfh-x98p-j8fr</url>
      <url>https://github.com/advisories/GHSA-jfh8-c2jp-5v3q</url>
    </references>
    <dates>
      <discovery>2021-12-10</discovery>
      <entry>2021-12-13</entry>
    </dates>
  </vuln>

  <vuln vid="66cf7c43-5be3-11ec-a587-001b217b3468">
    <topic>Solr -- Apache Log4J</topic>
    <affects>
      <package>
	<name>apache-solr</name>
	<range><lt>8.11.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Solr reports:</p>
	<blockquote cite="https://solr.apache.org/security.html">
	  <p>Apache Solr affected by Apache Log4J</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://solr.apache.org/security.html</url>
    </references>
    <dates>
      <discovery>2021-12-10</discovery>
      <entry>2021-12-13</entry>
      <modified>2021-12-13</modified>
    </dates>
  </vuln>

  <vuln vid="4b1ac5a3-5bd4-11ec-8602-589cfc007716">
    <topic>OpenSearch -- Log4Shell</topic>
    <affects>
      <package>
	<name>opensearch</name>
	<range><lt>1.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSearch reports:</p>
	<blockquote cite="https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/">
	  <p>A <a href="https://www.lunasec.io/docs/blog/log4j-zero-day/">recently published</a> security issue (<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228">CVE-2021-44228</a>) affects several versions of the broadly-used <a href="https://logging.apache.org/log4j/2.x/">Apache Log4j</a> library. Some software in the OpenSearch project includes versions of Log4j referenced in this CVE. While, at time of writing, the team has not found a reproduceable example in OpenSearch of remote code execution (RCE) described in this issue, its severity is such that all users should take mitigation measures. As recommended by the advisory, the team has released OpenSearch 1.2.1, which updates Log4j to version 2.15.0. For those who cannot upgrade to 1.2.1, the <a href="https://logging.apache.org/log4j/2.x/">Log4j website outlines additional measures to mitigate the issue</a>. This patch release also addresses <a href="https://alas.aws.amazon.com/AL2/ALAS-2021-1722.html">CVE-2021-4352</a> in the OpenSearch Docker distributions..</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44228</cvename>
      <url>https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/</url>
    </references>
    <dates>
      <discovery>2021-12-11</discovery>
      <entry>2021-12-13</entry>
    </dates>
  </vuln>

  <vuln vid="c2a7de31-5b42-11ec-8398-6c3be5272acd">
    <topic>Grafana -- Directory Traversal</topic>
    <affects>
      <package>
	<name>grafana</name>
	<name>grafana8</name>
	<range><ge>8.0.0</ge><lt>8.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>GitHub Security Labs reports:</p>
	<blockquote cite="https://github.com/grafana/grafana/security/advisories/GHSA-7533-c8qv-jm9m">
	  <p>A vulnerability through which authenticated users could read out fully lowercase or fully uppercase <code>.md</code> files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrary <code>.csv</code> files through directory traversal. Thanks to our defense-in-depth approach, at no time has <a href="https://grafana.com/cloud">Grafana Cloud</a> been vulnerable.</p>
	  <p><strong>The vulnerable URL path is:</strong> <code>/api/ds/query</code></p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43815</cvename>
      <url>https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/</url>
    </references>
    <dates>
      <discovery>2021-12-09</discovery>
      <entry>2021-12-12</entry>
    </dates>
  </vuln>

  <vuln vid="a994ff7d-5b3f-11ec-8398-6c3be5272acd">
    <topic>Grafana -- Directory Traversal</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>5.0.0</ge><lt>7.5.12</lt></range>
	<range><ge>8.0.0</ge><lt>8.3.2</lt></range>
      </package>
      <package>
	<name>grafana6</name>
	<range><ge>6.0.0</ge></range>
      </package>
      <package>
	<name>grafana7</name>
	<range><ge>7.0.0</ge><lt>7.5.12</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge><lt>8.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>GitHub Security Labs reports:</p>
	<blockquote cite="https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q">
	  <p>A vulnerability through which authenticated users could read out fully lowercase or fully uppercase <code>.md</code> files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrary <code>.csv</code> files through directory traversal. Thanks to our defense-in-depth approach, at no time has <a href="https://grafana.com/cloud">Grafana Cloud</a> been vulnerable.</p>
	  <p><strong>The vulnerable URL path is:</strong> <code>/api/plugins/.*/markdown/.*</code> for <code>.md</code> files</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43813</cvename>
      <url>https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/</url>
    </references>
    <dates>
      <discovery>2021-12-09</discovery>
      <entry>2021-12-12</entry>
    </dates>
  </vuln>

  <vuln vid="e33880ed-5802-11ec-8398-6c3be5272acd">
    <topic>Grafana -- Path Traversal</topic>
    <affects>
      <package>
	<name>grafana8</name>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>8.0.7</lt></range>
	<range><ge>8.1.0</ge><lt>8.1.8</lt></range>
	<range><ge>8.2.0</ge><lt>8.2.7</lt></range>
	<range><ge>8.3.0</ge><lt>8.3.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/">
	  <p>Grafana is vulnerable to directory traversal, allowing access to local files. We have confirmed this for versions v8.0.0-beta1 to v8.3.0. Thanks to our defense-in-depth approach, at no time has <a href="https://grafana.com/cloud/?pg=blog">Grafana Cloud</a> been vulnerable.</p>
	  <p><strong>The vulnerable URL path is:</strong> &lt;grafana_host_url&gt;<em>/public/plugins/&lt;“plugin-id”&gt;</em> where <em>&lt;“plugin-id”&gt;</em> is the plugin ID for any installed plugin.</p>
	  <p>Every Grafana instance comes with pre-installed plugins like the Prometheus plugin or MySQL plugin so the following URLs are vulnerable for every instance:</p>
	  <ul>
	    <li>&lt;grafana_host_url&gt;/public/plugins/alertlist/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/annolist/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/barchart/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/bargauge/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/candlestick/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/cloudwatch/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/dashlist/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/elasticsearch/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/gauge/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/geomap/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/gettingstarted/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/grafana-azure-monitor-datasource/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/graph/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/heatmap/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/histogram/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/influxdb/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/jaeger/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/logs/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/loki/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/mssql/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/mysql/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/news/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/nodeGraph/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/opentsdb</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/piechart/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/pluginlist/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/postgres/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/prometheus/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/stackdriver/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/stat/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/state-timeline/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/status-history/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/table/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/table-old/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/tempo/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/testdata/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/text/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/timeseries/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/welcome/</li>
	    <li>&lt;grafana_host_url&gt;/public/plugins/zipkin/</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43798</cvename>
      <url>https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/</url>
    </references>
    <dates>
      <discovery>2021-12-03</discovery>
      <entry>2021-12-11</entry>
    </dates>
  </vuln>

  <vuln vid="99bff2bd-4852-11ec-a828-6c3be5272acd">
    <topic>Grafana -- Incorrect Access Control</topic>
    <affects>
      <package>
	<name>grafana8</name>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>8.2.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/">
	  <p>When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41244</cvename>
      <url>https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/</url>
    </references>
    <dates>
      <discovery>2021-11-02</discovery>
      <entry>2021-12-11</entry>
    </dates>
  </vuln>

  <vuln vid="4b478274-47a0-11ec-bd24-6c3be5272acd">
    <topic>Grafana -- XSS</topic>
    <affects>
      <package>
	<name>grafana8</name>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>8.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2021/11/03/grafana-8.2.3-released-with-medium-severity-security-fix-cve-2021-41174-grafana-xss/">
	  <p>If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim’s browser.</p>
	  <p>The user visiting the malicious link must be unauthenticated, and the link must be for a page that contains the login button in the menu bar.</p>
	  <p>There are two ways an unauthenticated user can open a page in Grafana that contains the login button:</p>
	  <ul>
	    <li>Anonymous authentication is enabled. This means all pages in Grafana would be open for the attack.</li>
	    <li>The link is to an unauthenticated page. The following pages are vulnerable:
	      <ul>
		<li><code>/dashboard-solo/snapshot/*</code></li>
		<li><code>/dashboard/snapshot/*</code></li>
		<li><code>/invite/:code</code></li>
	      </ul>
	    </li>
	  </ul>
	  <p>The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: <code>{{ }}</code></p>
	  <p>An example of an expression would be: <code>{{constructor.constructor(‘alert(1)’)()}}</code>. This can be included in the link URL like this:</p>
	  <p><a href="https://play.grafana.org/dashboard/snapshot/%7B%7Bconstructor.constructor('alert(1)')()%7D%7D?orgId=1">https://play.grafana.org/dashboard/snapshot/%7B%7Bconstructor.constructor('alert(1)')()%7D%7D?orgId=1</a></p>
	  <p>When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated, and the AngularJS rendering engine will execute the JavaScript expression contained in the URL.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41174</cvename>
      <url>https://grafana.com/blog/2021/11/03/grafana-8.2.3-released-with-medium-severity-security-fix-cve-2021-41174-grafana-xss/</url>
    </references>
    <dates>
      <discovery>2021-10-21</discovery>
      <entry>2021-12-11</entry>
    </dates>
  </vuln>

  <vuln vid="942fff11-5ac4-11ec-89ea-c85b76ce9b5a">
    <topic>p7zip -- usage of uninitialized memory</topic>
    <affects>
      <package>
	<name>p7zip</name>
	<range><lt>18.05</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2018-10115">
      <p>
       Incorrect initialization logic of RAR decoder objects in
       7-Zip 18.03 and before can lead to usage of
       uninitialized memory, allowing remote attackers to cause
       a denial of service (segmentation fault) or execute
       arbitrary code via a crafted RAR archive.
      </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2018-10115</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2018-10115</url>
    </references>
    <dates>
      <discovery>2018-05-02</discovery>
      <entry>2021-12-11</entry>
    </dates>
  </vuln>

  <vuln vid="3fadd7e4-f8fb-45a0-a218-8fd6423c338f">
      <topic>graylog -- include log4j patches</topic>
    <affects>
      <package>
	<name>graylog</name>
	<range><lt>4.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Apache Software Foundation repos:</p>
	<blockquote cite="https://logging.apache.org/log4j/2.x/security.html">
      <p>Apache Log4j2 JNDI features do not protect against attacker
       controlled LDAP and other JNDI related endpoints. An attacker
       who can control log messages or paramters can execute arbitrary
       code from attacker-controller LDAP servers when message lookup
       substitution is enabled.
      </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44228</cvename>
      <url>https://github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a</url>
      <url>https://logging.apache.org/log4j/2.x/security.html</url>
    </references>
    <dates>
      <discovery>2021-12-10</discovery>
      <entry>2021-12-11</entry>
    </dates>
  </vuln>

  <vuln vid="720505fe-593f-11ec-9ba8-002324b2fba8">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.17.5,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
  <blockquote cite="https://github.com/golang/go/issues/50058">
	  <p>net/http: limit growth of header canonicalization cache. An
	    attacker can cause unbounded memory growth in a Go server accepting
	    HTTP/2 requests.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/50057">
	  <p>syscall: don’t close fd 0 on ForkExec error. When a Go program
	    running on a Unix system is out of file descriptors and calls
	    syscall.ForkExec (including indirectly by using the os/exec
	    package), syscall.ForkExec can close file descriptor 0 as it fails.
	    If this happens (or can be provoked) repeatedly, it can result in
	    misdirected I/O such as writing network traffic intended for one
	    connection to a different connection, or content intended for one
	    file to a different one.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44716</cvename>
      <url>https://github.com/golang/go/issues/50058</url>
      <cvename>CVE-2021-44717</cvename>
      <url>https://github.com/golang/go/issues/50057</url>
    </references>
    <dates>
      <discovery>2021-12-08</discovery>
      <entry>2021-12-09</entry>
    </dates>
  </vuln>

  <vuln vid="18ac074c-579f-11ec-aac7-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>96.0.4664.93</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html">
	  <p>This release contains 22 security fixes, including:</p>
	  <ul>
	    <li>[1267661] High CVE-2021-4052: Use after free in web apps.
	      Reported by Wei Yuan of MoyunSec VLab on 2021-11-07</li>
	    <li>[1267791] High CVE-2021-4053: Use after free in UI. Reported by
	      Rox on 2021-11-08</li>
	    <li>[1265806] High CVE-2021-4079: Out of bounds write in WebRTC.
	      Reported by Brendon Tiszka on 2021-11-01</li>
	    <li>[1239760] High CVE-2021-4054: Incorrect security UI in autofill.
	      Reported by Alesandro Ortiz on 2021-08-13</li>
	    <li>[1268738] High CVE-2021-4078: Type confusion in V8. Reported by
	      Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on
	      2021-11-09</li>
	    <li>[1266510] High CVE-2021-4055: Heap buffer overflow in
	      extensions. Reported by Chen Rong on 2021-11-03</li>
	    <li>[1260939] High CVE-2021-4056: Type Confusion in loader. Reported
	      by @__R0ng of 360 Alpha Lab on 2021-10-18</li>
	    <li>[1262183] High CVE-2021-4057: Use after free in file API.
	      Reported by Sergei Glazunov of Google Project Zero on
	      2021-10-21</li>
	    <li>[1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE.
	      Reported by Abraruddin Khan and Omair on 2021-11-06</li>
	    <li>[1270990] High CVE-2021-4059: Insufficient data validation in
	      loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17</li>
	    <li>[1271456] High CVE-2021-4061: Type Confusion in V8. Reported by
	      Paolo Severini on 2021-11-18</li>
	    <li>[1272403] High CVE-2021-4062: Heap buffer overflow in BFCache.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-11-22</li>
	    <li>[1273176] High CVE-2021-4063: Use after free in developer tools.
	      Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
	      Research on 2021-11-23</li>
	    <li>[1273197] High CVE-2021-4064: Use after free in screen capture.
	      Reported by @ginggilBesel on 2021-11-23</li>
	    <li>[1273674] High CVE-2021-4065: Use after free in autofill.
	      Reported by 5n1p3r0010 on 2021-11-25</li>
	    <li>[1274499] High CVE-2021-4066: Integer underflow in ANGLE.
	      Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29</li>
	    <li>[1274641] High CVE-2021-4067: Use after free in window manager.
	      Reported by @ginggilBesel on 2021-11-29</li>
	    <li>[1265197] Low CVE-2021-4068: Insufficient validation of
	      untrusted input in new tab page. Reported by NDevTK on
	      2021-10-31</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-4052</cvename>
      <cvename>CVE-2021-4053</cvename>
      <cvename>CVE-2021-4054</cvename>
      <cvename>CVE-2021-4055</cvename>
      <cvename>CVE-2021-4056</cvename>
      <cvename>CVE-2021-4057</cvename>
      <cvename>CVE-2021-4058</cvename>
      <cvename>CVE-2021-4059</cvename>
      <cvename>CVE-2021-4061</cvename>
      <cvename>CVE-2021-4062</cvename>
      <cvename>CVE-2021-4063</cvename>
      <cvename>CVE-2021-4064</cvename>
      <cvename>CVE-2021-4065</cvename>
      <cvename>CVE-2021-4066</cvename>
      <cvename>CVE-2021-4067</cvename>
      <cvename>CVE-2021-4068</cvename>
      <cvename>CVE-2021-4078</cvename>
      <cvename>CVE-2021-4079</cvename>
      <url>https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-12-06</discovery>
      <entry>2021-12-07</entry>
    </dates>
  </vuln>

  <vuln vid="b299417a-5725-11ec-a587-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.5.0</ge><lt>14.5.2</lt></range>
	<range><ge>14.4.0</ge><lt>14.4.4</lt></range>
	<range><ge>0</ge><lt>14.3.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/">
	  <p>Group members with developer role can escalate their privilege to maintainer on projects that they import</p>
	  <p>When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint API</p>
	  <p>Collision in access memoization leads to potential elevated privileges on groups and projects</p>
	  <p>Project access token names are returned for unauthenticated requesters</p>
	  <p>Sensitive info disclosure in logs</p>
	  <p>Disclosure of a user's custom project and group templates</p>
	  <p>ReDoS in Maven package version</p>
	  <p>Potential denial of service via the Diff feature</p>
	  <p>Regular Expression Denial of Service via user comments</p>
	  <p>Service desk email accessible by any project member</p>
	  <p>Regular Expression Denial of Service via quick actions</p>
	  <p>IDOR in "external status check" API leaks data about any status check on the instance</p>
	  <p>Default branch name visible in public projects restricting access to the source code repository</p>
	  <p>Deploy token allows access to disabled project Wiki</p>
	  <p>Regular Expression Denial of Service via deploy Slash commands</p>
	  <p>Users can reply to Vulnerability Report discussions despite Only Project Members settings</p>
	  <p>Unauthorised deletion of protected branches</p>
	  <p>Author can approve Merge Request after having access revoked</p>
	  <p>HTML Injection via Swagger UI</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39944</cvename>
      <cvename>CVE-2021-39935</cvename>
      <cvename>CVE-2021-39937</cvename>
      <cvename>CVE-2021-39915</cvename>
      <cvename>CVE-2021-39919</cvename>
      <cvename>CVE-2021-39930</cvename>
      <cvename>CVE-2021-39940</cvename>
      <cvename>CVE-2021-39932</cvename>
      <cvename>CVE-2021-39933</cvename>
      <cvename>CVE-2021-39934</cvename>
      <cvename>CVE-2021-39917</cvename>
      <cvename>CVE-2021-39916</cvename>
      <cvename>CVE-2021-39941</cvename>
      <cvename>CVE-2021-39936</cvename>
      <cvename>CVE-2021-39938</cvename>
      <cvename>CVE-2021-39918</cvename>
      <cvename>CVE-2021-39931</cvename>
      <cvename>CVE-2021-39945</cvename>
      <cvename>CVE-2021-39910</cvename>
      <url>https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/</url>
    </references>
    <dates>
      <discovery>2021-12-06</discovery>
      <entry>2021-12-07</entry>
    </dates>
  </vuln>

  <vuln vid="47695a9c-5377-11ec-8be6-d4c9ef517024">
    <topic>NSS -- Memory corruption</topic>
    <affects>
      <package>
	<name>nss</name>
	<range><lt>3.73</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla project reports:</p>
	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/">
	  <p>Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures (Critical)</p>
	  <p>NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR
	    are vulnerable to a heap overflow when handling DER-encoded DSA or
	    RSA-PSS signatures. Applications using NSS for handling signatures
	    encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be
	    impacted. Applications using NSS for certificate validation or other
	    TLS, X.509, OCSP or CRL functionality may be impacted, depending on
	    how they configure NSS.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43527</cvename>
      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/</url>
    </references>
    <dates>
      <discovery>2021-12-01</discovery>
      <entry>2021-12-02</entry>
    </dates>
  </vuln>

  <vuln vid="0d6efbe3-52d9-11ec-9472-e3667ed6088e">
	  <topic>mailman &lt; 2.1.38 -- CSRF vulnerability of list mod or member against list admin page</topic>
    <affects>
      <package>
	<name>mailman</name>
	<range><lt>2.1.38</lt></range>
      </package>
      <package>
	<name>mailman-exim4</name>
	<range><lt>2.1.38</lt></range>
      </package>
      <package>
	<name>mailman-exim4-with-htdig</name>
	<range><lt>2.1.38</lt></range>
      </package>
      <package>
	<name>mailman-postfix</name>
	<range><lt>2.1.38</lt></range>
      </package>
      <package>
	<name>mailman-postfix-with-htdig</name>
	<range><lt>2.1.38</lt></range>
      </package>
      <package>
	<name>mailman-with-htdig</name>
	<range><lt>2.1.38</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mark Sapiro reports:</p>
	<blockquote cite="https://bugs.launchpad.net/mailman/+bug/1952384">
	  <p>A list moderator or list member can potentially carry out a CSRF attack
	    by getting a list admin to visit a crafted web page.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44227</cvename>
      <url>https://bugs.launchpad.net/mailman/+bug/1952384</url>
      <url>https://www.mail-archive.com/mailman-users@python.org/msg73979.html</url>
    </references>
    <dates>
      <discovery>2021-11-25</discovery>
      <entry>2021-12-01</entry>
    </dates>
  </vuln>

  <vuln vid="4548ec97-4d38-11ec-a539-0800270512f4">
    <topic>rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.6.0,1</ge><lt>2.6.9,1</lt></range>
	<range><ge>2.7.0,1</ge><lt>2.7.5,1</lt></range>
	<range><ge>3.0.0,1</ge><lt>3.0.3,1</lt></range>
      </package>
      <package>
	<name>ruby26</name>
	<range><ge>2.6.0,1</ge><lt>2.6.9,1</lt></range>
      </package>
      <package>
	<name>ruby27</name>
	<range><ge>2.7.0,1</ge><lt>2.7.5,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><ge>3.0.0,1</ge><lt>3.0.3,1</lt></range>
      </package>
      <package>
	<name>rubygem-cgi</name>
	<range><lt>0.3.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ooooooo_q reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/">
	  <p>
	    The old versions of <code>CGI::Cookie.parse</code> applied
	    URL decoding to cookie names. An attacker could exploit
	    this vulnerability to spoof security prefixes in cookie
	    names, which may be able to trick a vulnerable
	    application.
	  </p>
	  <p>
	    By this fix, <code>CGI::Cookie.parse</code> no longer
	    decodes cookie names. Note that this is an incompatibility
	    if cookie names that you are using include
	    non-alphanumeric characters that are URL-encoded.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41819</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/</url>
    </references>
    <dates>
      <discovery>2021-11-24</discovery>
      <entry>2021-11-24</entry>
    </dates>
  </vuln>

  <vuln vid="2c6af5c3-4d36-11ec-a539-0800270512f4">
    <topic>rubygem-cgi -- buffer overrun in CGI.escape_html</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.7.0,1</ge><lt>2.7.5,1</lt></range>
	<range><ge>3.0.0,1</ge><lt>3.0.3,1</lt></range>
      </package>
      <package>
	<name>ruby27</name>
	<range><ge>2.7.0,1</ge><lt>2.7.5,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><ge>3.0.0,1</ge><lt>3.0.3,1</lt></range>
      </package>
      <package>
	<name>rubygem-cgi</name>
	<range><lt>0.3.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>chamal reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/">
	  <p>
	    A security vulnerability that causes buffer overflow when
	    you pass a very large string (&gt; 700 MB) to
	    <code>CGI.escape_html</code> on a platform where
	    <code>long</code> type takes 4 bytes, typically, Windows.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41816</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/</url>
    </references>
    <dates>
      <discovery>2021-11-24</discovery>
      <entry>2021-11-24</entry>
    </dates>
  </vuln>

  <vuln vid="27aa2253-4c72-11ec-b6b9-e86a64caca56">
    <topic>py-matrix-synapse -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-matrix-synapse</name>
	<name>py37-matrix-synapse</name>
	<name>py38-matrix-synapse</name>
	<name>py39-matrix-synapse</name>
	<name>py310-matrix-synapse</name>
	<range><lt>1.47.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2021/11/23/synapse-1-47-1-released">
	    <p>This release patches one high severity issue affecting
    Synapse installations 1.47.0 and earlier using the media repository.
    An attacker could cause these Synapses to download a remote file
    and store it in a directory outside the media repository.</p>
      <p>Note that:</p>
    <ul>
      <li>This only affects homeservers using Synapse's built-in media
      repository, as opposed to synapse-s3-storage-provider or
      matrix-media-repo.</li>
      <li>Attackers cannot control the exact name or destination of the
      stored file.</li>
    </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdpr>ports/259994</freebsdpr>
      <cvename>CVE-2021-41281</cvename>
      <url>https://matrix.org/blog/2021/11/23/synapse-1-47-1-released</url>
    </references>
    <dates>
      <discovery>2021-11-18</discovery>
      <entry>2021-11-23</entry>
    </dates>
  </vuln>

  <vuln vid="0bf816f6-3cfe-11ec-86cd-dca632b19f10">
    <topic>advancecomp -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>advancecomp</name>
	<range><lt>2.1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Joonun Jang reports:</p>
	<blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270">
	  <p>heap buffer overflow running advzip with "-l poc" option</p>
	  <p>Running 'advzip -l poc' with the attached file raises heap buffer overflow
	  which may allow a remote attacker to cause unspecified impact including denial-of-service attack.
	  I expected the program to terminate without segfault, but the program crashes as follow. [...]
	  </p>
	</blockquote>
	<p>and other vulnerabilities.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2018-1056</cvename>
      <cvename>CVE-2019-8379</cvename>
      <cvename>CVE-2019-8383</cvename>
      <cvename>CVE-2019-9210</cvename>
    </references>
    <dates>
      <discovery>2018-07-29</discovery>
      <entry>2021-11-19</entry>
    </dates>
  </vuln>

  <vuln vid="b8c0cbca-472d-11ec-83dc-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>96.0.4664.45</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html">
	  <p>This release contains 25 security fixes, including:</p>
	  <ul>
	    <li>[1263620] High CVE-2021-38008: Use after free in media. Reported
	      by Marcin Towalski of Cisco Talos on 2021-10-26</li>
	    <li>[1260649] High CVE-2021-38009: Inappropriate implementation in
	      cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16</li>
	    <li>[1240593] High CVE-2021-38006: Use after free in storage
	      foundation. Reported by Sergei Glazunov of Google Project Zero on
	      2021-08-17</li>
	    <li>[1254189] High CVE-2021-38007: Type Confusion in V8. Reported by
	      Polaris Feng and SGFvamll at Singular Security Lab on
	      2021-09-29</li>
	    <li>[1241091] High CVE-2021-38005: Use after free in loader.
	      Reported by Sergei Glazunov of Google Project Zero on
	      2021-08-18</li>
	    <li>[1264477] High CVE-2021-38010: Inappropriate implementation in
	      service workers. Reported by Sergei Glazunov of Google Project
	      Zero on 2021-10-28</li>
	    <li>[1268274] High CVE-2021-38011: Use after free in storage
	      foundation. Reported by Sergei Glazunov of Google Project Zero on
	      2021-11-09</li>
	    <li>[1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported
	      by Yonghwi Jin (@jinmo123) on 2021-10-24</li>
	    <li>[1242392] Medium CVE-2021-38013: Heap buffer overflow in
	      fingerprint recognition. Reported by raven (@raid_akame) on
	      2021-08-23</li>
	    <li>[1248567] Medium CVE-2021-38014: Out of bounds write in
	      Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10</li>
	    <li>[957553] Medium CVE-2021-38015: Inappropriate implementation in
	      input. Reported by David Erceg on 2019-04-29</li>
	    <li>[1244289] Medium CVE-2021-38016: Insufficient policy
	      enforcement in background fetch. Reported by Maurice Dauer on
	      2021-08-28</li>
	    <li>[1256822] Medium CVE-2021-38017: Insufficient policy enforcement
	      in iframe sandbox. Reported by NDevTK on 2021-10-05</li>
	    <li>[1197889] Medium CVE-2021-38018: Inappropriate implementation in
	      navigation. Reported by Alesandro Ortiz on 2021-04-11</li>
	    <li>[1251179] Medium CVE-2021-38019: Insufficient policy enforcement
	      in CORS. Reported by Maurice Dauer on 2021-09-20</li>
	    <li>[1259694] Medium CVE-2021-38020: Insufficient policy enforcement
	      in contacts picker. Reported by Luan Herrera (@lbherrera_) on
	      2021-10-13</li>
	    <li>[1233375] Medium CVE-2021-38021: Inappropriate implementation in
	      referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on
	      2021-07-27</li>
	    <li>[1248862] Low CVE-2021-38022: Inappropriate implementation in
	      WebAuthentication. Reported by Michal Kepkowski on 2021-09-13</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-38005</cvename>
      <cvename>CVE-2021-38006</cvename>
      <cvename>CVE-2021-38007</cvename>
      <cvename>CVE-2021-38008</cvename>
      <cvename>CVE-2021-38009</cvename>
      <cvename>CVE-2021-38010</cvename>
      <cvename>CVE-2021-38011</cvename>
      <cvename>CVE-2021-38012</cvename>
      <cvename>CVE-2021-38013</cvename>
      <cvename>CVE-2021-38014</cvename>
      <cvename>CVE-2021-38015</cvename>
      <cvename>CVE-2021-38016</cvename>
      <cvename>CVE-2021-38017</cvename>
      <cvename>CVE-2021-38018</cvename>
      <cvename>CVE-2021-38019</cvename>
      <cvename>CVE-2021-38020</cvename>
      <cvename>CVE-2021-38021</cvename>
      <cvename>CVE-2021-38022</cvename>
      <url>https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-11-15</discovery>
      <entry>2021-11-16</entry>
    </dates>
  </vuln>

  <vuln vid="6916ea94-4628-11ec-bbe2-0800270512f4">
    <topic>rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.6.0,1</ge><lt>2.6.9,1</lt></range>
	<range><ge>2.7.0,1</ge><lt>2.7.5,1</lt></range>
	<range><ge>3.0.0,1</ge><lt>3.0.3,1</lt></range>
      </package>
      <package>
	<name>ruby26</name>
	<range><ge>2.6.0,1</ge><lt>2.6.9,1</lt></range>
      </package>
      <package>
	<name>ruby27</name>
	<range><ge>2.7.0,1</ge><lt>2.7.5,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><ge>3.0.0,1</ge><lt>3.0.3,1</lt></range>
      </package>
      <package>
	<name>rubygem-date</name>
	<range><lt>3.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Stanislav Valkanov reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/">
	  <p>
	    Date's parsing methods including <code>Date.parse</code>
	    are using Regexps internally, some of which are vulnerable
	    against regular expression denial of service. Applications
	    and libraries that apply such methods to untrusted input
	    may be affected.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41817</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/</url>
    </references>
    <dates>
      <discovery>2021-11-15</discovery>
      <entry>2021-11-15</entry>
      <modified>2021-11-24</modified>
    </dates>
  </vuln>

  <vuln vid="42a4d82d-4603-11ec-8be6-d4c9ef517024">
    <topic>Roundcube -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>roundcube</name>
	<range><lt>1.4.12,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Roundcube project reports:</p>
	<blockquote cite="https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released">
	  <p>XSS issue in handling attachment filename extension in mimetype mismatch warning</p>
	  <p>possible SQL injection via some session variables</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released</url>
    </references>
    <dates>
      <discovery>2021-11-12</discovery>
      <entry>2021-11-15</entry>
    </dates>
  </vuln>

  <vuln vid="9d7a2b54-4468-11ec-8532-0d24c37c72c8">
    <topic>mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password</topic>
    <affects>
      <package>
	<name>mailman</name>
	<range><lt>2.1.37</lt></range>
      </package>
      <package>
	<name>mailman-exim4</name>
	<range><lt>2.1.37</lt></range>
      </package>
      <package>
	<name>mailman-exim4-with-htdig</name>
	<range><lt>2.1.37</lt></range>
      </package>
      <package>
	<name>mailman-postfix</name>
	<range><lt>2.1.37</lt></range>
      </package>
      <package>
	<name>mailman-postfix-with-htdig</name>
	<range><lt>2.1.37</lt></range>
      </package>
      <package>
	<name>mailman-with-htdig</name>
	<range><lt>2.1.37</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mark Sapiro reports:</p>
	<blockquote cite="https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8">
	  <p>A potential XSS attack via the user options page has been reported by
	    Harsh Jaiswal.  This is fixed.  CVE-2021-43331 (LP: #1949401).</p>
	  <p>A potential for for a list moderator to carry out an off-line brute force
	    attack to obtain the list admin password has been reported by Andre
	    Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
	    CVE-2021-43332 (LP: #1949403)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43331</cvename>
      <cvename>CVE-2021-43332</cvename>
      <url>https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8</url>
      <url>https://bugs.launchpad.net/mailman/+bug/1949401</url>
      <url>https://bugs.launchpad.net/mailman/+bug/1949403</url>
    </references>
    <dates>
      <discovery>2021-11-01</discovery>
      <entry>2021-11-13</entry>
    </dates>
  </vuln>

  <vuln vid="2ccd71bd-426b-11ec-87db-6cc21735f730">
    <topic>PostgreSQL -- Possible man-in-the-middle attacks</topic>
    <affects>
      <package>
	<name>postgresql14-server</name>
	<range><lt>14.1</lt></range>
      </package>
      <package>
	<name>postgresql13-server</name>
	<range><lt>13.5</lt></range>
      </package>
      <package>
	<name>postgresql12-server</name>
	<range><lt>12.9</lt></range>
      </package>
      <package>
	<name>postgresql11-server</name>
	<range><lt>11.14</lt></range>
      </package>
       <package>
	<name>postgresql10-server</name>
	<range><lt>10.19</lt></range>
      </package>
      <package>
	<name>postgresql96-server</name>
	<range><lt>9.6.24</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/">
	  <p> CVE-2021-23214: A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.) </p>
	  <p> CVE-2021-23222: A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session.  This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds.  A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session.  That has been shown to be possible with a server vulnerable to CVE-2021-23214. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-23214</cvename>
      <cvename>CVE-2021-23222</cvename>
    </references>
    <dates>
      <discovery>2021-11-08</discovery>
      <entry>2021-11-10</entry>
    </dates>
  </vuln>

  <vuln vid="bfea59e0-41ee-11ec-9bac-589cfc007716">
    <topic>puppet -- Silent Configuration Failure</topic>
    <affects>
      <package>
	<name>puppet6</name>
	<range><lt>6.25.1</lt></range>
      </package>
      <package>
	<name>puppet7</name>
	<range><lt>7.12.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Puppet reports:</p>
	<blockquote cite="https://puppet.com/security/cve/cve-2021-27025">
	  <p>A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first pluginsync.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-27025</cvename>
      <url>https://puppet.com/security/cve/cve-2021-27025</url>
    </references>
    <dates>
      <discovery>2021-11-09</discovery>
      <entry>2021-11-10</entry>
    </dates>
  </vuln>

  <vuln vid="3bd3c9f8-41ee-11ec-9bac-589cfc007716">
    <topic>puppet -- Unsafe HTTP Redirect</topic>
    <affects>
      <package>
	<name>puppet6</name>
	<range><lt>6.25.1</lt></range>
      </package>
      <package>
	<name>puppet7</name>
	<range><lt>7.12.1</lt></range>
      </package>
      <package>
	<name>puppetserver6</name>
	<range><lt>6.17.1</lt></range>
      </package>
      <package>
	<name>puppetserver7</name>
	<range><lt>7.4.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Puppet reports:</p>
	<blockquote cite="https://puppet.com/security/cve/cve-2021-27023">
	  <p>A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-27023</cvename>
      <url>https://puppet.com/security/cve/cve-2021-27023</url>
    </references>
    <dates>
      <discovery>2021-11-09</discovery>
      <entry>2021-11-10</entry>
    </dates>
  </vuln>

  <vuln vid="646923b0-41c7-11ec-a3b2-005056a311d1">
    <topic>samba -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>samba413</name>
	<range><lt>4.13.14</lt></range>
      </package>
      <package>
	<name>samba414</name>
	<range><lt>4.14.10</lt></range>
      </package>
      <package>
	<name>samba415</name>
	<range><lt>4.15.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/history/security.html">
	  <ul>
	  <li>CVE-2020-25717: A user in an AD Domain could become root on domain
	      members.</li>
	  <li>CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
	      tickets issued by an RODC.</li>
	  <li>CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC
	      in Kerberos tickets.</li>
	  <li>CVE-2020-25721: Kerberos acceptors need easy access to stable
	      AD identifiers (eg objectSid).</li>
	  <li>CVE-2020-25722: Samba AD DC did not do sufficient access and
	      conformance checking of data stored.</li>
	  <li>CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
	      authentication.</li>
	  <li>CVE-2021-3738: Use after free in Samba AD DC RPC server.</li>
	  <li>CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25717</cvename>
      <cvename>CVE-2020-25718</cvename>
      <cvename>CVE-2020-25719</cvename>
      <cvename>CVE-2020-25721</cvename>
      <cvename>CVE-2020-25722</cvename>
      <cvename>CVE-2016-2124</cvename>
      <cvename>CVE-2021-3738</cvename>
      <cvename>CVE-2021-23192</cvename>
      <url>https://www.samba.org/samba/security/CVE-2020-25717.html</url>
      <url>https://www.samba.org/samba/security/CVE-2020-25718.html</url>
      <url>https://www.samba.org/samba/security/CVE-2020-25719.html</url>
      <url>https://www.samba.org/samba/security/CVE-2020-25721.html</url>
      <url>https://www.samba.org/samba/security/CVE-2020-25722.html</url>
      <url>https://www.samba.org/samba/security/CVE-2016-2124.html</url>
      <url>https://www.samba.org/samba/security/CVE-2021-3738.html</url>
      <url>https://www.samba.org/samba/security/CVE-2021-23192.html</url>
    </references>
    <dates>
      <discovery>2021-11-10</discovery>
      <entry>2021-11-10</entry>
    </dates>
  </vuln>

  <vuln vid="17702e54-3da0-11ec-b7e0-3085a9a95629">
    <topic>pyrad -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-pyrad</name>
	<name>py37-pyrad</name>
	<name>py38-pyrad</name>
	<name>py39-pyrad</name>
	<name>py310-pyrad</name>
	<range><lt>2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Nathaniel McCallum reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=911682">
	  <p>packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.</p>
	</blockquote>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=911685">
	  <p>The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-0294</cvename>
      <cvename>CVE-2013-0342</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=911682</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=911685</url>
    </references>
    <dates>
      <discovery>2013-01-15</discovery>
      <entry>2021-11-05</entry>
    </dates>
  </vuln>

  <vuln vid="930def19-3e05-11ec-9ba8-002324b2fba8">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.17.3,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/48990">
	  <p>debug/macho fails out when loading a file that contains a dynamic
	    symbol table command that indicates a larger number of symbols than
	    exist in the loaded symbol table.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/48085">
	  <p>Previously, opening a zip with (*Reader).Open could result in a
	    panic if the zip contained a file whose name was exclusively made up
	    of slash characters or ".." path elements. Open could also panic if
	    passed the empty string directly as an argument.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41771</cvename>
      <url>https://github.com/golang/go/issues/48990</url>
      <cvename>CVE-2021-41772</cvename>
      <url>https://github.com/golang/go/issues/48085</url>
    </references>
    <dates>
      <discovery>2021-11-04</discovery>
      <entry>2021-11-05</entry>
    </dates>
  </vuln>

  <vuln vid="2bf56269-90f8-4a82-b82f-c0e289f2a0dc">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.319</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.303.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-11-04/">
	  <h1>Description</h1>
	  <h5>(Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695</h5>
	  <p>Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control</p>
	  <h5>(High) SECURITY-2423 / CVE-2021-21696</h5>
	  <p>Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin</p>
	  <h5>(High) SECURITY-2428 / CVE-2021-21697</h5>
	  <p>Agent-to-controller access control allows reading/writing most content of build directories</p>
	  <h5>(Medium) SECURITY-2506 / CVE-2021-21698</h5>
	  <p>Path traversal vulnerability in Subversion Plugin allows reading arbitrary files</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21685</cvename>
      <cvename>CVE-2021-21686</cvename>
      <cvename>CVE-2021-21687</cvename>
      <cvename>CVE-2021-21688</cvename>
      <cvename>CVE-2021-21689</cvename>
      <cvename>CVE-2021-21690</cvename>
      <cvename>CVE-2021-21691</cvename>
      <cvename>CVE-2021-21692</cvename>
      <cvename>CVE-2021-21693</cvename>
      <cvename>CVE-2021-21694</cvename>
      <cvename>CVE-2021-21695</cvename>
      <cvename>CVE-2021-21696</cvename>
      <cvename>CVE-2021-21697</cvename>
      <cvename>CVE-2021-21698</cvename>
      <url>https://www.jenkins.io/security/advisory/2021-11-04/</url>
    </references>
    <dates>
      <discovery>2021-11-04</discovery>
      <entry>2021-11-04</entry>
    </dates>
  </vuln>

  <vuln vid="df794e5d-3975-11ec-84e8-0800273f11ea">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.15.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.15.5:</p>
	<blockquote cite="https://blog.gitea.io/2021/10/gitea-1.15.5-is-released/">
	  <ul>
	    <li>Upgrade Bluemonday to v1.0.16 (#17372) (#17374)</li>
	    <li>Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.15.5</url>
      <freebsdpr>ports/259548</freebsdpr>
    </references>
    <dates>
      <discovery>2021-10-21</discovery>
      <entry>2021-11-04</entry>
    </dates>
  </vuln>

  <vuln vid="33557582-3958-11ec-90ba-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.4.0</ge><lt>14.4.1</lt></range>
	<range><ge>14.3.0</ge><lt>14.3.4</lt></range>
	<range><ge>0</ge><lt>14.2.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/">
	  <p>Stored XSS via ipynb files</p>
	  <p>Pipeline schedules on imported projects can be set to automatically active after import</p>
	  <p>Potential Denial of service via Workhorse</p>
	  <p>Improper Access Control allows Merge Request creator to bypass locked status</p>
	  <p>Projects API discloses ID and name of private groups</p>
	  <p>Severity of an incident can be changed by a guest user</p>
	  <p>System root password accidentally written to log file</p>
	  <p>Potential DoS via a malformed TIFF image</p>
	  <p>Bypass of CODEOWNERS Merge Request approval requirement</p>
	  <p>Change project visibility to a restricted option</p>
	  <p>Project exports leak external webhook token value</p>
	  <p>SCIM token is visible after creation</p>
	  <p>Invited group members, with access inherited from parent group, continue to have project access even after invited subgroup is transfered</p>
	  <p>Regular expression denial of service issue when cleaning namespace path</p>
	  <p>Prevent creation of scopeless apps using applications API</p>
	  <p>Webhook data exposes assignee's private email address</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39906</cvename>
      <cvename>CVE-2021-39895</cvename>
      <cvename>CVE-2021-39907</cvename>
      <cvename>CVE-2021-39904</cvename>
      <cvename>CVE-2021-39905</cvename>
      <cvename>CVE-2021-39902</cvename>
      <cvename>CVE-2021-39913</cvename>
      <cvename>CVE-2021-39912</cvename>
      <cvename>CVE-2021-39909</cvename>
      <cvename>CVE-2021-39903</cvename>
      <cvename>CVE-2021-39898</cvename>
      <cvename>CVE-2021-39901</cvename>
      <cvename>CVE-2021-39897</cvename>
      <cvename>CVE-2021-39914</cvename>
      <cvename>CVE-2021-39911</cvename>
      <url>https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/</url>
    </references>
    <dates>
      <discovery>2021-10-28</discovery>
      <entry>2021-10-30</entry>
    </dates>
  </vuln>

  <vuln vid="976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>95.0.4638.69</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html">
	  <p>This release contains 8 security fixes, including:</p>
	  <ul>
	    <li>[1259864] High CVE-2021-37997 : Use after free in Sign-In.
	      Reported by Wei Yuan of MoyunSec VLab on 2021-10-14</li>
	    <li>[1259587] High CVE-2021-37998 : Use after free in Garbage
	      Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO
	      Mobile Telecommunications Corp. Ltd. on 2021-10-13</li>
	    <li>[1251541] High CVE-2021-37999 : Insufficient data validation in
	      New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21</li>
	    <li>[1249962] High CVE-2021-38000 : Insufficient validation of
	      untrusted input in Intents. Reported by Clement Lecigne, Neel
	      Mehta, and Maddie Stone of Google Threat Analysis Group on
	      2021-09-15</li>
	    <li>[1260577] High CVE-2021-38001 : Type Confusion in V8. Reported
	      by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16</li>
	    <li>[1260940] High CVE-2021-38002 : Use after free in Web Transport.
	      Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on
	      2021-10-16</li>
	    <li>[1263462] High CVE-2021-38003 : Inappropriate implementation in
	      V8. Reported by Clément Lecigne from Google TAG and Samuel Gross
	      from Google Project Zero on 2021-10-26</li>
	  </ul>
	  <p>Google is aware that exploits for CVE-2021-38000 and
	    CVE-2021-38003 exist in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37997</cvename>
      <cvename>CVE-2021-37998</cvename>
      <cvename>CVE-2021-37999</cvename>
      <cvename>CVE-2021-38000</cvename>
      <cvename>CVE-2021-38001</cvename>
      <cvename>CVE-2021-38002</cvename>
      <cvename>CVE-2021-38003</cvename>
      <url>https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html</url>
    </references>
    <dates>
      <discovery>2021-10-28</discovery>
      <entry>2021-10-29</entry>
    </dates>
  </vuln>

  <vuln vid="c848059a-318b-11ec-aa15-0800270512f4">
    <topic>fail2ban -- possible RCE vulnerability in mailing action using mailutils</topic>
    <affects>
      <package>
	<name>py36-fail2ban</name>
	<name>py37-fail2ban</name>
	<name>py38-fail2ban</name>
	<name>py39-fail2ban</name>
	<name>py310-fail2ban</name>
	<range><lt>0.11.2_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jakub Żoczek reports:</p>
	<blockquote cite="https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm">
	  <p>
	    Command <code>mail</code> from mailutils package used in mail actions
	    like <code>mail-whois</code> can execute command if unescaped sequences
	    (<code>\n~</code>) are available in "foreign" input (for instance in
	    whois output).
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32749</cvename>
      <url>https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm</url>
    </references>
    <dates>
      <discovery>2021-07-16</discovery>
      <entry>2021-10-28</entry>
    </dates>
  </vuln>

  <vuln vid="757ee63b-269a-11ec-a616-6c3be5272acd">
    <topic>Grafana -- Snapshot authentication bypass</topic>
    <affects>
      <package>
	<name>grafana8</name>
	<name>grafana7</name>
	<name>grafana6</name>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>8.1.6</lt></range>
	<range><ge>2.0.1</ge><lt>7.5.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/">
	  <p>Unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths:</p>
	  <ul>
	    <li><code>/dashboard/snapshot/:key</code>, or</li>
	    <li><code>/api/snapshots/:key</code></li>
	  </ul>
	  <p>If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path:</p>
	  <ul>
	    <li><code>/api/snapshots-delete/:deleteKey</code></li>
	  </ul>
	  <p>Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths:</p>
	  <ul>
	    <li><code>/api/snapshots/:key</code>, or</li>
	    <li><code>/api/snapshots-delete/:deleteKey</code></li>
	  </ul>
	  <p>The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39226</cvename>
      <url>https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/</url>
    </references>
    <dates>
      <discovery>2021-09-15</discovery>
      <entry>2021-10-06</entry>
    </dates>
  </vuln>

  <vuln vid="f4b15f7d-d33a-4cd0-a97b-709d6af0e43e">
    <topic>minio -- policy restriction issue</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2021.10.23.03.28.24</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>minio developers report:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c">
	  <p>Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts.</p>
	  <ul>
	    <li>svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true'</li>
	    <li>sts accounts have always been using right permissions, do not need an explicit lookup</li>
	    <li>regular users always have proper policy mapping</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41137</cvename>
      <url>https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c</url>
    </references>
    <dates>
      <discovery>2021-10-12</discovery>
      <entry>2021-10-23</entry>
    </dates>
  </vuln>

  <vuln vid="8d65aa3b-31ce-11ec-8c32-a14e8e520dc7">
    <topic>mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35</topic>
    <affects>
      <package>
	<name>mailman</name>
	<range><lt>2.1.35</lt></range>
      </package>
      <package>
	<name>mailman-with-htdig</name>
	<range><lt>2.1.35</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mark Sapiro reports:</p>
	<blockquote cite="https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8">
	  <p>A potential for for a list member to carry out an off-line brute
	    force attack to obtain the list admin password has been reported by
	    Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is
	    fixed.</p>
	  <p>A CSRF attack via the user options page could allow takeover of a
	      users account. This is fixed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-42096</cvename>
      <cvename>CVE-2021-42097</cvename>
      <url>https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8</url>
      <url>https://bugs.launchpad.net/mailman/+bug/1947639</url>
      <url>https://bugs.launchpad.net/mailman/+bug/1947640</url>
    </references>
    <dates>
      <discovery>2021-10-18</discovery>
      <entry>2021-10-20</entry>
    </dates>
  </vuln>

  <vuln vid="bdaecfad-3117-11ec-b3b0-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>95.0.4638.54</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html">
	  <p>This release contains 19 security fixes, including:</p>
	  <ul>
	    <li>[1246631] High CVE-2021-37981: Heap buffer overflow in Skia.
	      Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04</li>
	    <li>[1248661] High CVE-2021-37982: Use after free in Incognito.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group on 2021-09-11</li>
	    <li>[1249810] High CVE-2021-37983: Use after free in Dev Tools.
	      Reported by Zhihua Yao of KunLun Lab on 2021-09-15</li>
	    <li>[1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.
	      Reported by Antti Levomäki, Joonas Pihlaja andChristian Jali
	      from Forcepoint on 2021-09-27</li>
	    <li>[1241860] High CVE-2021-37985: Use after free in V8. Reported
	      by Yangkang (@dnpushme) of 360 ATA on 2021-08-20</li>
	    <li>[1242404] Medium CVE-2021-37986: Heap buffer overflow in
	      Settings. Reported by raven (@raid_akame) on 2021-08-23</li>
	    <li>[1206928] Medium CVE-2021-37987: Use after free in Network APIs.
	      Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08</li>
	    <li>[1228248] Medium CVE-2021-37988: Use after free in Profiles.
	      Reported by raven (@raid_akame) on 2021-07-12</li>
	    <li>[1233067] Medium CVE-2021-37989: Inappropriate implementation
	      in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26</li>
	    <li>[1247395] Medium CVE-2021-37990: Inappropriate implementation
	      in WebView. Reported by Kareem Selim of CyShield on
	      2021-09-07</li>
	    <li>[1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel
	      Gross of Google Project Zero on 2021-09-17</li>
	    <li>[1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.
	      Reported by sunburst@Ant Security Light-Year Lab on
	      2021-09-28</li>
	    <li>[1255332] Medium CVE-2021-37993: Use after free in PDF
	      Accessibility. Reported by Cassidy Kim of Amber Security Lab,
	      OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02</li>
	    <li>[1243020] Medium CVE-2021-37996: Insufficient validation of
	      untrusted input in Downloads. Reported by Anonymous on
	      2021-08-24</li>
	    <li>[1100761] Low CVE-2021-37994: Inappropriate implementation in
	      iFrame Sandbox. Reported by David Erceg on 2020-06-30</li>
	    <li>[1242315] Low CVE-2021-37995: Inappropriate implementation in
	      WebApp Installer. Reported by Terence Eden on 2021-08-23</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37981</cvename>
      <cvename>CVE-2021-37982</cvename>
      <cvename>CVE-2021-37983</cvename>
      <cvename>CVE-2021-37984</cvename>
      <cvename>CVE-2021-37985</cvename>
      <cvename>CVE-2021-37986</cvename>
      <cvename>CVE-2021-37987</cvename>
      <cvename>CVE-2021-37988</cvename>
      <cvename>CVE-2021-37989</cvename>
      <cvename>CVE-2021-37990</cvename>
      <cvename>CVE-2021-37991</cvename>
      <cvename>CVE-2021-37992</cvename>
      <cvename>CVE-2021-37993</cvename>
      <cvename>CVE-2021-37994</cvename>
      <cvename>CVE-2021-37995</cvename>
      <cvename>CVE-2021-37996</cvename>
      <url>https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html</url>
    </references>
    <dates>
      <discovery>2021-10-19</discovery>
      <entry>2021-10-19</entry>
    </dates>
  </vuln>

  <vuln vid="c9387e4d-2f5f-11ec-8be6-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql57-server</name>
	<range><lt>5.7.36</lt></range>
      </package>
      <package>
	<name>mysql80-client</name>
	<range><lt>8.0.27</lt></range>
      </package>
      <package>
	<name>mysql-connector-java</name>
	<range><lt>8.0.27</lt></range>
      </package>
      <package>
	<name>mysql80-server</name>
	<range><lt>8.0.27</lt></range>
      </package>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.32</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.22</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2021.html">
	  <p>This Critical Patch Update contains 66 new security patches for
	    Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable
	    without authentication, i.e., may be exploited over a network without
	    requiring user credentials.<br/>
	    The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
	    MySQL is 9.8.</p>
	  <p>Note: MariaDB only vulnerable against CVE-2021-35604</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.oracle.com/security-alerts/cpuoct2021.html</url>
      <cvename>CVE-2021-22931</cvename>
      <cvename>CVE-2021-3711</cvename>
      <cvename>CVE-2021-22926</cvename>
      <cvename>CVE-2021-36222</cvename>
      <cvename>CVE-2021-35583</cvename>
      <cvename>CVE-2021-35610</cvename>
      <cvename>CVE-2021-35597</cvename>
      <cvename>CVE-2021-35607</cvename>
      <cvename>CVE-2021-2481</cvename>
      <cvename>CVE-2021-35590</cvename>
      <cvename>CVE-2021-35592</cvename>
      <cvename>CVE-2021-35593</cvename>
      <cvename>CVE-2021-35594</cvename>
      <cvename>CVE-2021-35598</cvename>
      <cvename>CVE-2021-35621</cvename>
      <cvename>CVE-2021-2471</cvename>
      <cvename>CVE-2021-35604</cvename>
      <cvename>CVE-2021-35612</cvename>
      <cvename>CVE-2021-35608</cvename>
      <cvename>CVE-2021-35602</cvename>
      <cvename>CVE-2021-35577</cvename>
      <cvename>CVE-2021-2478</cvename>
      <cvename>CVE-2021-2479</cvename>
      <cvename>CVE-2021-35537</cvename>
      <cvename>CVE-2021-35591</cvename>
      <cvename>CVE-2021-35596</cvename>
      <cvename>CVE-2021-35648</cvename>
      <cvename>CVE-2021-35631</cvename>
      <cvename>CVE-2021-35626</cvename>
      <cvename>CVE-2021-35627</cvename>
      <cvename>CVE-2021-35628</cvename>
      <cvename>CVE-2021-35629</cvename>
      <cvename>CVE-2021-35575</cvename>
      <cvename>CVE-2021-35634</cvename>
      <cvename>CVE-2021-35635</cvename>
      <cvename>CVE-2021-35636</cvename>
      <cvename>CVE-2021-35638</cvename>
      <cvename>CVE-2021-35641</cvename>
      <cvename>CVE-2021-35642</cvename>
      <cvename>CVE-2021-35643</cvename>
      <cvename>CVE-2021-35644</cvename>
      <cvename>CVE-2021-35645</cvename>
      <cvename>CVE-2021-35646</cvename>
      <cvename>CVE-2021-35647</cvename>
      <cvename>CVE-2021-35630</cvename>
      <cvename>CVE-2021-35637</cvename>
      <cvename>CVE-2021-35546</cvename>
      <cvename>CVE-2021-35622</cvename>
      <cvename>CVE-2021-35624</cvename>
      <cvename>CVE-2021-35639</cvename>
      <cvename>CVE-2021-35632</cvename>
      <cvename>CVE-2021-35584</cvename>
      <cvename>CVE-2021-35613</cvename>
      <cvename>CVE-2021-35640</cvename>
      <cvename>CVE-2021-35633</cvename>
      <cvename>CVE-2021-35625</cvename>
      <cvename>CVE-2021-35623</cvename>
      <cvename>CVE-2021-35618</cvename>
    </references>
    <dates>
      <discovery>2021-10-16</discovery>
      <entry>2021-10-17</entry>
      <modified>2021-11-09</modified>
    </dates>
  </vuln>

  <vuln vid="a9c5e89d-2d15-11ec-8363-0022489ad614">
    <topic>Node.js -- October 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node</name>
	<range><lt>16.11.1</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.18.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/">
	  <h1>HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)</h1>
	  <p>The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).</p>
	  <h1>HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)</h1>
	  <p>The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22959</cvename>
      <cvename>CVE-2021-22960</cvename>
      <url>https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/</url>
    </references>
    <dates>
      <discovery>2021-10-12</discovery>
      <entry>2021-10-14</entry>
    </dates>
  </vuln>

  <vuln vid="2a1b931f-2b86-11ec-8acd-c80aa9043978">
    <topic>OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand</topic>
    <affects>
      <package>
	<name>openssh-portable</name>
	<name>openssh-portable-hpn</name>
	<name>openssh-portable-gssapi</name>
	<range><ge>6.2.p1,1</ge><lt>8.7.p1_2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenBSD Project reports:</p>
	<blockquote cite="https://www.openssh.com/txt/release-8.8">
	    <p>
		sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
		supplemental groups when executing an AuthorizedKeysCommand or
		AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
		AuthorizedPrincipalsCommandUser directive has been set to run the
		command as a different user. Instead these commands would inherit
		the groups that sshd(8) was started with.
	    </p>
	    <p>
		Depending on system configuration, inherited groups may allow
		AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
		gain unintended privilege.
	    </p>
	    <p>
		Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
		enabled by default in sshd_config(5).
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41617</cvename>
      <url>https://www.openssh.com/txt/release-8.8</url>
    </references>
    <dates>
      <discovery>2021-09-26</discovery>
      <entry>2021-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="a7dd4c2d-77e4-46de-81a2-c453c317f9de">
    <topic>couchdb -- user privilege escalation</topic>
    <affects>
      <package>
	<name>couchdb</name>
	<range><lt>3.1.2,2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cory Sabol reports:</p>
    <blockquote cite="https://docs.couchdb.org/en/stable/cve/2021-38295.html">
      <p>A malicious user with permission to create documents in a
       database is able to attach a HTML attachment to a document.
       If a CouchDB admin opens that attachment in a browser, e.g.
       via the CouchDB admin interface Fauxton, any JavaScript code
       embedded in that HTML attachment will be executed within the
       security context of that admin. A similar route is available
       with the already deprecated _show and _list functionality.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39205</cvename>
      <url>https://docs.couchdb.org/en/stable/cve/2021-38295.html</url>
    </references>
    <dates>
      <discovery>2021-08-09</discovery>
      <entry>2021-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="9a8514f3-2ab8-11ec-b3a1-8c164582fbac">
    <topic>Ansible -- Ansible user credentials disclosure in ansible-connection module</topic>
    <affects>
      <package>
	<name>py36-ansible-core</name>
	<name>py37-ansible-core</name>
	<name>py38-ansible-core</name>
	<name>py39-ansible-core</name>
	<name>py310-ansible-core</name>
	<range><lt>2.11.6</lt></range>
      </package>
      <package>
	<name>py36-ansible-base</name>
	<name>py37-ansible-base</name>
	<name>py38-ansible-base</name>
	<name>py39-ansible-base</name>
	<name>py310-ansible-base</name>
	<range><lt>2.10.15</lt></range>
      </package>
      <package>
	<name>py36-ansible2</name>
	<name>py37-ansible2</name>
	<name>py38-ansible2</name>
	<name>py39-ansible2</name>
	<name>py310-ansible2</name>
	<range><lt>2.9.27</lt></range>
      </package>
      <package>
	<name>py36-ansible</name>
	<name>py37-ansible</name>
	<name>py38-ansible</name>
	<name>py39-ansible</name>
	<name>py310-ansible</name>
	<range><lt>2.9.27</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Red Hat reports:</p>
	<blockquote cite="">
       <p>A flaw was found in Ansible Engine's ansible-connection
       module, where sensitive information such as the Ansible
       user credentials is disclosed by default in the traceback
       error message. The highest threat from this vulnerability
       is to confidentiality.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3620</cvename>
      <url>https://access.redhat.com/security/cve/CVE-2021-3620</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-3620</url>
      <url>https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#v2-9-27</url>
      <url>https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#v2-10-15</url>
      <url>https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#v2-11-6</url>
    </references>
    <dates>
      <discovery>2021-06-25</discovery>
      <entry>2021-10-11</entry>
    </dates>
  </vuln>

  <vuln vid="04d2cf7f-2942-11ec-b48c-1c1b0d9ea7e6">
    <topic>Apache OpenOffice -- multiple vulnerabilities.</topic>
    <affects>
      <package>
	<name>apache-openoffice</name>
	<range><lt>4.1.11</lt></range>
      </package>
      <package>
	<name>apache-openoffice-devel</name>
	<range><lt>4.2.1633255994,4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Openoffice project reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33035">
	  <p>Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41830">
	  <p>It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory </p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41831">
	  <p>It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41832">
	  <p>It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33035</cvename>
      <cvename>CVE-2021-41830</cvename>
      <cvename>CVE-2021-41831</cvename>
      <cvename>CVE-2021-41832</cvename>
      <url>https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.11+Release+Notes/#AOO4.1.11ReleaseNotes-Security</url>
    </references>
    <dates>
      <discovery>2021-05-04</discovery>
      <entry>2021-10-09</entry>
    </dates>
  </vuln>

  <vuln vid="4fce9635-28c0-11ec-9ba8-002324b2fba8">
    <topic>go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.17.2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/48797">
	  <p>When invoking functions from WASM modules, built using GOARCH=wasm
	  GOOS=js, passing very large arguments can cause portions of the module
	  to be overwritten with data from the arguments.</p>
	  <p>If using wasm_exec.js to execute WASM modules, users will need to
	  replace their copy after rebuilding any modules.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-38297</cvename>
      <url>https://github.com/golang/go/issues/48797</url>
    </references>
    <dates>
      <discovery>2021-10-06</discovery>
      <entry>2021-10-09</entry>
    </dates>
  </vuln>

  <vuln vid="7d3d94d3-2810-11ec-9c51-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>94.0.4606.81</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html">
	  <p>This release contains 4 security fixes, including:</p>
	  <ul>
	    <li>[1252878] High CVE-2021-37977: Use after free in Garbage
	      Collection. Reported by Anonymous on 2021-09-24</li>
	    <li>[1236318] High CVE-2021-37978: Heap buffer overflow in Blink.
	      Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04</li>
	    <li>[1247260] High CVE-2021-37979: Heap buffer overflow in WebRTC.
	      Reported by Marcin Towalski of Cisco Talos on 2021-09-07</li>
	    <li>[1254631] High CVE-2021-37980: Inappropriate implementation in
	      Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37977</cvename>
      <cvename>CVE-2021-37978</cvename>
      <cvename>CVE-2021-37979</cvename>
      <cvename>CVE-2021-37980</cvename>
      <url>https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-10-07</discovery>
      <entry>2021-10-08</entry>
    </dates>
  </vuln>

  <vuln vid="d001c189-2793-11ec-8fb1-206a8a720317">
    <topic>Apache httpd -- Path Traversal and Remote Code Execution</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><ge>2.4.49</ge><lt>2.4.51</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache http server project reports:</p>
	<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
	  <p>critical: Path Traversal and Remote Code Execution in Apache HTTP
	  Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
	  (CVE-2021-42013).</p>
	  <p>It was found that the fix for CVE-2021-41773 in Apache HTTP
	  Server 2.4.50 was insufficient. An attacker could use a path
	  traversal attack to map URLs to files outside the directories
	  configured by Alias-like directives.</p>
	  <p>If files outside of these directories are not protected by the
	  usual default configuration "require all denied", these requests
	  can succeed. If CGI scripts are also enabled for these aliased
	  pathes, this could allow for remote code execution.</p>
	  <p>This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
	  earlier versions.</p>
	  <p>Acknowledgements: Reported by Juan Escobar from Dreamlab
	  Technologies, Fernando Munoz from NULL Life CTF Team, and
	  Shungo Kumasaka</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-42013</cvename>
    </references>
    <dates>
      <discovery>2021-10-07</discovery>
      <entry>2021-10-07</entry>
    </dates>
  </vuln>

  <vuln vid="9bad457e-b396-4452-8773-15bec67e1ceb">
    <topic>jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.315</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.303.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-10-06/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-2475 / CVE-2014-3577</h5>
	  <p>Jenkins core bundles vulnerable version of the commons-httpclient library</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3577</cvename>
      <url>https://www.jenkins.io/security/advisory/2021-10-06/</url>
    </references>
    <dates>
      <discovery>2021-10-06</discovery>
      <entry>2021-10-07</entry>
    </dates>
  </vuln>

  <vuln vid="25b78bdd-25b8-11ec-a341-d4c9ef517024">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><ge>2.4.49</ge><lt>2.4.50</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache http server project reports:</p>
	<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
	  <ul>
	    <li>moderate: null pointer dereference in h2 fuzzing
	      (CVE-2021-41524)</li>
	    <li>important: Path traversal and file disclosure vulnerability in
	      Apache HTTP Server 2.4.49 (CVE-2021-41773)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41524</cvename>
      <cvename>CVE-2021-41773</cvename>
      <url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
    </references>
    <dates>
      <discovery>2021-10-05</discovery>
      <entry>2021-10-05</entry>
      <modified>2021-10-06</modified>
    </dates>
  </vuln>

  <vuln vid="f05dbd1f-2599-11ec-91be-001b217b3468">
    <topic>Bacula-Web -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>bacula-web</name>
	<range><lt>8.4.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Bacula-Web reports:</p>
	<blockquote cite="https://www.bacula-web.org/releases/2021-07-11-bacula-web-8.4.2/">
	  <p>Address Smarty CVE</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26119</cvename>
      <cvename>CVE-2021-26120</cvename>
      <url>https://www.bacula-web.org/releases/2021-07-11-bacula-web-8.4.2/</url>
    </references>
    <dates>
      <discovery>2021-07-11</discovery>
      <entry>2021-10-05</entry>
    </dates>
  </vuln>

  <vuln vid="9b4806c1-257f-11ec-9db5-0800270512f4">
    <topic>redis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.0.20211005</lt></range>
      </package>
      <package>
	<name>redis</name>
	<range><lt>6.2.6</lt></range>
      </package>
      <package>
	<name>redis6</name>
	<range><lt>6.0.16</lt></range>
      </package>
      <package>
	<name>redis5</name>
	<range><lt>5.0.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Redis Team reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/GS_9L2KCk9g/m/Q7ZN1R1cDAAJ">
	  <dl>
	    <dt>CVE-2021-41099</dt>
	    <dd>
	      Integer to heap buffer overflow handling certain string commands
	      and network payloads, when proto-max-bulk-len is manually configured.
	    </dd>
	    <dt>CVE-2021-32762</dt>
	    <dd>
	      Integer to heap buffer overflow issue in redis-cli and redis-sentinel
	      parsing large multi-bulk replies on some older and less common platforms.
	    </dd>
	    <dt>CVE-2021-32687</dt>
	    <dd>
	      Integer to heap buffer overflow with intsets, when set-max-intset-entries
	      is manually configured to a non-default, very large value.
	    </dd>
	    <dt>CVE-2021-32675</dt>
	    <dd>
	      Denial Of Service when processing RESP request payloads with a large
	      number of elements on many connections.
	    </dd>
	    <dt>CVE-2021-32672</dt>
	    <dd>
	      Random heap reading issue with Lua Debugger.
	    </dd>
	    <dt>CVE-2021-32628</dt>
	    <dd>
	      Integer to heap buffer overflow handling ziplist-encoded data types,
	      when configuring a large, non-default value for hash-max-ziplist-entries,
	      hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value.
	    </dd>
	    <dt>CVE-2021-32627</dt>
	    <dd>
	      Integer to heap buffer overflow issue with streams, when configuring
	      a non-default, large value for proto-max-bulk-len and
	      client-query-buffer-limit.
	    </dd>
	    <dt>CVE-2021-32626</dt>
	    <dd>
	      Specially crafted Lua scripts may result with Heap buffer overflow.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41099</cvename>
      <cvename>CVE-2021-32762</cvename>
      <cvename>CVE-2021-32687</cvename>
      <cvename>CVE-2021-32675</cvename>
      <cvename>CVE-2021-32672</cvename>
      <cvename>CVE-2021-32628</cvename>
      <cvename>CVE-2021-32627</cvename>
      <cvename>CVE-2021-32626</cvename>
      <url>https://groups.google.com/g/redis-db/c/GS_9L2KCk9g</url>
    </references>
    <dates>
      <discovery>2021-10-04</discovery>
      <entry>2021-10-05</entry>
    </dates>
  </vuln>

  <vuln vid="f84ab297-2285-11ec-9e79-08002789875b">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki131</name>
	<range><lt>1.31.16</lt></range>
      </package>
      <package>
	<name>mediawiki135</name>
	<range><lt>1.35.4</lt></range>
      </package>
      <package>
	<name>mediawiki136</name>
	<range><lt>1.36.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawiki reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/">
	  <p>(T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.</p>
	  <p>(T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
	    table scan.</p>
	  <p>(T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
	    Special:Contributions.</p>
	  <p>(T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing
	    actions if the user no longer has the correct permission (such as by being
	    blocked).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41798</cvename>
      <cvename>CVE-2021-41799</cvename>
      <cvename>CVE-2021-41800</cvename>
      <cvename>CVE-2021-41801</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/</url>
    </references>
    <dates>
      <discovery>2021-06-24</discovery>
      <entry>2021-10-01</entry>
    </dates>
  </vuln>

  <vuln vid="777edbbe-2230-11ec-8869-704d7b472482">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>94.0.4606.71</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases/Stable updates reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html">
	  <p>This release contains 4 security fixes, including:</p>
	  <ul>
	    <li>[1245578] High CVE-2021-37974: Use after free in Safe Browsing.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group on 2021-09-01</li>
	    <li>[1252918] High CVE-2021-37975: Use after free in V8. Reported by
	      Anonymous on 2021-09-24</li>
	    <li>[1251787] Medium CVE-2021-37976: Information leak in core.
	       Reported by Clement Lecigne from Google TAG, with technical
	       assistance from Sergei Glazunov and Mark Brand from Google
	       Project Zero on 2021-09-21</li>
	  </ul>
	  <p>Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976
	    exist in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37974</cvename>
      <cvename>CVE-2021-37975</cvename>
      <cvename>CVE-2021-37976</cvename>
      <url>https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html</url>
    </references>
    <dates>
      <discovery>2021-09-30</discovery>
      <entry>2021-09-30</entry>
    </dates>
  </vuln>

  <vuln vid="1bdd4db6-2223-11ec-91be-001b217b3468">
    <topic>Gitlab -- vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.3.0</ge><lt>14.3.1</lt></range>
	<range><ge>14.2.0</ge><lt>14.2.5</lt></range>
	<range><ge>0</ge><lt>14.1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/">
	  <p>Stored XSS in merge request creation page</p>
	  <p>Denial-of-service attack in Markdown parser</p>
	  <p>Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown</p>
	  <p>DNS Rebinding vulnerability in Gitea importer</p>
	  <p>Exposure of trigger tokens on project exports</p>
	  <p>Improper access control for users with expired password</p>
	  <p>Access tokens are not cleared after impersonation</p>
	  <p>Reflected Cross-Site Scripting in Jira Integration</p>
	  <p>DNS Rebinding vulnerability in Fogbugz importer</p>
	  <p>Access tokens persist after project deletion</p>
	  <p>User enumeration vulnerability</p>
	  <p>Potential DOS via API requests</p>
	  <p>Pending invitations of public groups and public projects are visible to any user</p>
	  <p>Bypass Disabled Repo by URL Project Creation</p>
	  <p>Low privileged users can see names of the private groups shared in projects</p>
	  <p>API discloses sensitive info to low privileged users</p>
	  <p>Epic listing do not honour group memberships</p>
	  <p>Insecure Direct Object Reference vulnerability may lead to protected branch names getting disclosed</p>
	  <p>Low privileged users can import users from projects that they they are not a maintainer on</p>
	  <p>Potential DOS via dependencies API</p>
	  <p>Create a project with unlimited repository size through malicious Project Import</p>
	  <p>Bypass disabled Bitbucket Server import source project creation</p>
	  <p>Requirement to enforce 2FA is not honored when using git commands</p>
	  <p>Content spoofing vulnerability</p>
	  <p>Improper session management in impersonation feature</p>
	  <p>Create OAuth application with arbitrary scopes through content spoofing</p>
	  <p>Lack of account lockout on change password functionality</p>
	  <p>Epic reference was not updated while moved between groups</p>
	  <p>Missing authentication allows disabling of two-factor authentication</p>
	  <p>Information disclosure in SendEntry</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39885</cvename>
      <cvename>CVE-2021-39877</cvename>
      <cvename>CVE-2021-39887</cvename>
      <cvename>CVE-2021-39867</cvename>
      <cvename>CVE-2021-39869</cvename>
      <cvename>CVE-2021-39872</cvename>
      <cvename>CVE-2021-39878</cvename>
      <cvename>CVE-2021-39866</cvename>
      <cvename>CVE-2021-39882</cvename>
      <cvename>CVE-2021-39875</cvename>
      <cvename>CVE-2021-39870</cvename>
      <cvename>CVE-2021-39884</cvename>
      <cvename>CVE-2021-39883</cvename>
      <cvename>CVE-2021-22259</cvename>
      <cvename>CVE-2021-39868</cvename>
      <cvename>CVE-2021-39871</cvename>
      <cvename>CVE-2021-39874</cvename>
      <cvename>CVE-2021-39873</cvename>
      <cvename>CVE-2021-39881</cvename>
      <cvename>CVE-2021-39886</cvename>
      <cvename>CVE-2021-39879</cvename>
      <url>https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/</url>
    </references>
    <dates>
      <discovery>2021-09-30</discovery>
      <entry>2021-09-30</entry>
    </dates>
  </vuln>

  <vuln vid="5436f9a2-2190-11ec-a90b-0cc47a49470e">
    <topic>ha -- Directory traversals</topic>
    <affects>
      <package>
	<name>ha</name>
	<range><lt>0.999b_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Alexander Cherepanov reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2015/01/18/8">
	  <p>Version 0.999b and older of ha archiver is susceptible to directory
	  traversal vulnerabilities via absolute and relative paths.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-1198</cvename>
      <url>http://www.openwall.com/lists/oss-security/2015/01/18/8</url>
    </references>
    <dates>
      <discovery>2015-01-18</discovery>
      <entry>2021-09-30</entry>
    </dates>
  </vuln>

  <vuln vid="730e922f-20e7-11ec-a574-080027eedc6a">
    <topic>nexus2-oss -- Apache ActiveMQ JMX vulnerability</topic>
    <affects>
      <package>
	<name>nexus2-oss</name>
	<range><lt>2.14.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Sonatype reports:</p>
	<blockquote cite="https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManage">
		<ul><li>CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack</li></ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-13920</cvename>
      <url>https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManage</url>
    </references>
    <dates>
      <discovery>2020-12-28</discovery>
      <entry>2021-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="b2f1f86f-20e6-11ec-a574-080027eedc6a">
    <topic>nexus2-oss -- NXRM2 Directory Traversal vulnerability</topic>
    <affects>
      <package>
	<name>nexus2-oss</name>
	<range><lt>2.14.19</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Sonatype reports:</p>
	<blockquote cite="https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManager2.14.20">
		<ul><li>CVE-2020-15012: NXRM2 Directory Traversal vulnerability</li></ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-15012</cvename>
      <url>https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManage</url>
    </references>
    <dates>
      <discovery>2020-06-23</discovery>
      <entry>2021-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="576aa394-1d85-11ec-8b7d-4f5b624574e2">
    <topic>webkit2-gtk3 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>webkit2-gtk3</name>
	<range><lt>2.32.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The WebKitGTK project reports vulnerabilities:</p>
	<blockquote cite="https://webkitgtk.org/security/WSA-2021-0005.html">
		<ul><li>CVE-2021-30858: Processing maliciously crafted web content may lead to arbitrary code execution.</li></ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30858</cvename>
      <url>https://webkitgtk.org/security/WSA-2021-0005.html</url>
    </references>
    <dates>
      <discovery>2021-09-20</discovery>
      <entry>2021-09-24</entry>
    </dates>
  </vuln>

  <vuln vid="b6c875f1-1d76-11ec-ae80-704d7b472482">
    <topic>chromium -- use after free in Portals</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>94.0.4606.61</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html">
	  <p>][1251727] High CVE-2021-37973 : Use after free in Portals.
	    Reported by Clement Lecigne from Google TAG, with technical
	    assistance from Sergei Glazunov and Mark Brand from Google Project
	    Zero on 2021-09-21</p>
	  <p>Google is aware that an exploit for CVE-2021-37973 exists in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37973</cvename>
      <url>https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html</url>
    </references>
    <dates>
      <discovery>2021-09-24</discovery>
      <entry>2021-09-24</entry>
    </dates>
  </vuln>

  <vuln vid="d4d21998-bdc4-4a09-9849-2898d9b41459">
    <topic>zeek -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>4.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.4">
	  <p> Paths from log stream make it into system() unchecked,
	  potentially leading to commands being run on the system
	  unintentionally. This requires either bad scripting or a
	  malicious package to be installed, and is considered low
	  severity. </p>
	  <p> Fix potential unbounded state growth in the PIA
	  analyzer when receiving a connection with either a large
	  number of zero-length packets, or one which continues
	  ack-ing unseen segments. It is possible to run Zeek out
	  of memory in these instances and cause it to crash. Due
	  to the possibility of this happening with packets received
	  from the network, this is a potential DoS vulnerability.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v4.0.4</url>
    </references>
    <dates>
      <discovery>2021-08-26</discovery>
      <entry>2021-09-22</entry>
    </dates>
  </vuln>

  <vuln vid="7bba5b3b-1b7f-11ec-b335-d4c9ef517024">
    <topic>mod_auth_mellon -- Redirect URL validation bypass</topic>
    <affects>
      <package>
	<name>mod_auth_mellon</name>
	<range><lt>0.18.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jakub Hrozek reports:</p>
	<blockquote cite="https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0">
	  <p>Version 0.17.0 and older of mod_auth_mellon allows the redirect URL
	    validation to be bypassed by specifying an URL formatted as
	    ///fishing-site.example.com/logout.html</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-13038</cvename>
      <url>https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0</url>
    </references>
    <dates>
      <discovery>2021-07-30</discovery>
      <entry>2021-09-22</entry>
    </dates>
  </vuln>

  <vuln vid="7062bce0-1b17-11ec-9d9d-0022489ad614">
    <topic>Node.js -- August 2021 Security Releases (2)</topic>
    <affects>
      <package>
	<name>node14</name>
	<range><lt>14.17.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/">
	  <h1>npm 6 update - node-tar, arborist, npm cli modules</h1>
	  <p>These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32803</cvename>
      <cvename>CVE-2021-32804</cvename>
      <cvename>CVE-2021-37701</cvename>
      <cvename>CVE-2021-37712</cvename>
      <cvename>CVE-2021-37713</cvename>
      <cvename>CVE-2021-39134</cvename>
      <cvename>CVE-2021-39135</cvename>
      <url>https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/</url>
    </references>
    <dates>
      <discovery>2021-08-31</discovery>
      <entry>2021-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="b092bd4f-1b16-11ec-9d9d-0022489ad614">
    <topic>Node.js -- August 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node14</name>
	<range><lt>14.17.4</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>16.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/">
	  <h1>cares upgrade - Improper handling of untypical characters in domain names (High) (CVE-2021-22931)</h1>
	  <p>Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.</p>
	  <h1>Use after free on close http2 on stream canceling (High) (CVE-2021-22940)</h1>
	  <p>Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. The issue is a follow on to CVE-2021-22930 as the issue was not completely resolved in the fix for CVE-2021-22930.</p>
	  <h1>Incomplete validation of rejectUnauthorized parameter (Low) (CVE-2021-22939)</h1>
	  <p>If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22931</cvename>
      <cvename>CVE-2021-22940</cvename>
      <cvename>CVE-2021-22939</cvename>
      <url>https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/</url>
    </references>
    <dates>
      <discovery>2021-08-11</discovery>
      <entry>2021-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="f53dab71-1b15-11ec-9d9d-0022489ad614">
    <topic>Node.js -- July 2021 Security Releases (2)</topic>
    <affects>
      <package>
	<name>node14</name>
	<range><lt>14.17.4</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>16.6.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="ihttps://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/">
	  <h1>Use after free on close http2 on stream canceling (High) (CVE-2021-22930)</h1>
	  <p>Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22930</cvename>
      <url>https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/</url>
    </references>
    <dates>
      <discovery>2021-07-29</discovery>
      <entry>2021-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="c174118e-1b11-11ec-9d9d-0022489ad614">
    <topic>Node.js -- July 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node14</name>
	<range><lt>14.17.2</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>16.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/">
	  <h1>libuv upgrade - Out of bounds read (Medium) (CVE-2021-22918)</h1>
	  <p>Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes.</p>
	  <h1>Windows installer - Node Installer Local Privilege Escalation (Medium) (CVE-2021-22921)</h1>
	  <p>Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.</p>
	  <h1>npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High) (CVE-2021-27290)</h1>
	  <p>This is a vulnerability in the ssri npm module which may be vulnerable to denial of service attacks.</p>
	  <h1>npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium) (CVE-2021-23362)</h1>
	  <p>This is a vulnerability in the hosted-git-info npm module which may be vulnerable to denial of service attacks.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22918</cvename>
      <cvename>CVE-2021-22921</cvename>
      <cvename>CVE-2021-27290</cvename>
      <cvename>CVE-2021-23362</cvename>
      <url>https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/</url>
    </references>
    <dates>
      <discovery>2021-07-01</discovery>
      <entry>2021-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="3551e106-1b17-11ec-a8a7-704d7b472482">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>94.0.4606.54</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html">
	  <p>This update contains 19 security fixes, including:</p>
	  <ul>
	    <li>[1243117] High CVE-2021-37956: Use after free in Offline use.
	      Reported by Huyna at Viettel Cyber Security on 2021-08-24</li>
	    <li>[1242269] High CVE-2021-37957: Use after free in WebGPU.
	      Reported by Looben Yang on 2021-08-23</li>
	    <li>[1223290] High CVE-2021-37958: Inappropriate implementation in
	      Navigation. Reported by James Lee (@Windowsrcer) on
	      2021-06-24</li>
	    <li>[1229625] High CVE-2021-37959: Use after free in Task Manager.
	      Reported by raven (@raid_akame) on 2021-07-15</li>
	    <li>[1247196] High CVE-2021-37960: Inappropriate implementation in
	      Blink graphics. Reported by Atte Kettunen of OUSPG on
	      2021-09-07</li>
	    <li>[1228557] Medium CVE-2021-37961: Use after free in Tab Strip.
	      Reported by Khalil Zhani on 2021-07-13</li>
	    <li>[1231933] Medium CVE-2021-37962: Use after free in Performance
	      Manager. Reported by Sri on 2021-07-22</li>
	    <li>[1199865] Medium CVE-2021-37963: Side-channel information
	      leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal,
	      University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv
	      University, Sioli O'Connell, University of Adelaide, and Jason
	      Kim, Georgia Institute of Technology  on 2021-04-16</li>
	    <li>[1203612] Medium CVE-2021-37964: Inappropriate implementation in
	      ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the
	      Chinese University of Hong Kong on 2021-04-28</li>
	    <li>[1239709] Medium CVE-2021-37965: Inappropriate implementation in
	      Background Fetch API. Reported by Maurice Dauer on 2021-08-13</li>
	    <li>[1238944] Medium CVE-2021-37966: Inappropriate implementation in
	      Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11</li>
	    <li>[1243622] Medium CVE-2021-37967: Inappropriate implementation in
	      Background Fetch API. Reported by SorryMybad (@S0rryMybad) of
	      Kunlun Lab on 2021-08-26</li>
	    <li>[1245053] Medium CVE-2021-37968: Inappropriate implementation in
	      Background Fetch API. Reported by Maurice Dauer on 2021-08-30</li>
	    <li>[1245879] Medium CVE-2021-37969: Inappropriate implementation in
	      Google Updater. Reported by Abdelhamid Naceri (halov) on
	      2021-09-02</li>
	    <li>[1248030] Medium CVE-2021-37970: Use after free in File System
	      API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
	      2021-09-09</li>
	    <li>[1219354] Low CVE-2021-37971: Incorrect security UI in Web
	      Browser UI. Reported by Rayyan Bijoora on 2021-06-13</li>
	    <li>[1234259] Low CVE-2021-37972: Out of bounds read in
	      libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from
	      Panguite-Forensics-Lab of Qianxin on 2021-07-29</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37956</cvename>
      <cvename>CVE-2021-37957</cvename>
      <cvename>CVE-2021-37958</cvename>
      <cvename>CVE-2021-37959</cvename>
      <cvename>CVE-2021-37960</cvename>
      <cvename>CVE-2021-37961</cvename>
      <cvename>CVE-2021-37962</cvename>
      <cvename>CVE-2021-37963</cvename>
      <cvename>CVE-2021-37964</cvename>
      <cvename>CVE-2021-37965</cvename>
      <cvename>CVE-2021-37966</cvename>
      <cvename>CVE-2021-37967</cvename>
      <cvename>CVE-2021-37968</cvename>
      <cvename>CVE-2021-37969</cvename>
      <cvename>CVE-2021-37970</cvename>
      <cvename>CVE-2021-37971</cvename>
      <cvename>CVE-2021-37972</cvename>
      <url>https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html</url>
    </references>
    <dates>
      <discovery>2021-09-21</discovery>
      <entry>2021-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="57b1ee25-1a7c-11ec-9376-0800272221cc">
    <topic>libssh -- possible heap-buffer overflow vulnerability</topic>
    <affects>
      <package>
	<name>libssh</name>
	<range><ge>0.9.1</ge><le>0.9.5</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>libssh security advisories:</p>
	<blockquote cite="https://www.libssh.org/security/advisories/CVE-2021-3634.txt">
	  <p>The SSH protocol keeps track of two shared secrets during the lifetime
	    of the session. One of them is called `secret_hash` and and the other
	    `session_id`. Initially, both of them are the same, but after key
	    re-exchange, previous `session_id` is kept and used as an input to new
	    `secret_hash`.</p>
	  <p>Historically, both of these buffers had shared length variable, which
	    worked as long as these buffers were same. But the key re-exchange
	    operation can also change the key exchange method, which can be based on
	    hash of different size, eventually creating `secret_hash` of different
	    size than the `session_id` has.</p>
	  <p>This becomes an issue when the `session_id` memory is zeroized or when
	    it is used again during second key re-exchange.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3634</cvename>
      <url>https://www.libssh.org/security/advisories/CVE-2021-3634.txt</url>
      <url>https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/</url>
    </references>
    <dates>
      <discovery>2021-08-26</discovery>
      <entry>2021-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="882a38f9-17dd-11ec-b335-d4c9ef517024">
    <topic>Apache httpd -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.49</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache project reports:</p>
	<blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">
	  <ul>
	    <li>moderate: Request splitting via HTTP/2 method injection and
	      mod_proxy (CVE-2021-33193)</li>
	    <li>moderate: NULL pointer dereference in httpd core
	      (CVE-2021-34798)</li>
	    <li>moderate: mod_proxy_uwsgi out of bound read (CVE-2021-36160)</li>
	    <li>low: ap_escape_quotes buffer overflow (CVE-2021-39275)</li>
	    <li>high: mod_proxy SSRF (CVE-2021-40438)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33193</cvename>
      <cvename>CVE-2021-34798</cvename>
      <cvename>CVE-2021-36160</cvename>
      <cvename>CVE-2021-39275</cvename>
      <cvename>CVE-2021-40438</cvename>
      <url>http://httpd.apache.org/security/vulnerabilities_24.html</url>
    </references>
    <dates>
      <discovery>2021-09-16</discovery>
      <entry>2021-09-17</entry>
      <modified>2021-09-28</modified>
    </dates>
  </vuln>

  <vuln vid="c9221ec9-17a2-11ec-b335-d4c9ef517024">
    <topic>cURL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>curl</name>
       <range><ge>7.20.0</ge><lt>7.79.0</lt></range>
     </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The cURL project reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <ul>
	    <li>UAF and double-free in MQTT sending (CVE-2021-22945)</li>
	    <li>Protocol downgrade required TLS bypassed (CVE-2021-22946)</li>
	    <li>STARTTLS protocol injection via MITM (CVE-2021-22945)</li>
	  </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22945</cvename>
      <cvename>CVE-2021-22946</cvename>
      <cvename>CVE-2021-22947</cvename>
      <url>https://curl.se/docs/security.html</url>
    </references>
    <dates>
      <discovery>2021-09-15</discovery>
      <entry>2021-09-17</entry>
      <modified>2021-09-28</modified>
    </dates>
  </vuln>

  <vuln vid="15e74795-0fd7-11ec-9f2e-dca632b19f10">
    <topic>libpano13 -- arbitrary memory access through format string vulnerability</topic>
    <affects>
      <package>
	<name>libpano13</name>
	<range><lt>2.9.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>libpano13 developers reports:</p>
	<blockquote cite="https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/README.txt">
	  <p>Fix crash and security issue caused by malformed filename prefix</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-20307</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-20307</url>
    </references>
    <dates>
      <discovery>2021-05-04</discovery>
      <entry>2021-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="49c35943-0eeb-421c-af4f-78e04582e5fb">
    <topic>seatd-launch -- privilege escalation with SUID</topic>
    <affects>
      <package>
	<name>seatd</name>
	<range><ge>0.6.0</ge><lt>0.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Kenny Levinsen reports:</p>
	<blockquote cite="https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E">
	  <p>seatd-launch used execlp, which reads the PATH environment variable to
	     search for the requested executable, to execute seatd. This meant that
	     the caller could freely control what executable was loaded by adding a
	     user-writable directory to PATH.</p>
	  <p>If seatd-launch had the SUID bit set, this could be used by a
	     malicious user with the ability to execute seatd-launch to mount a
	     privilege escalation attack to the owner of seatd-launch, which is
	     likely root.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E</url>
      <cvename>CVE-2021-41387</cvename>
    </references>
    <dates>
      <discovery>2021-09-15</discovery>
      <entry>2021-09-16</entry>
      <modified>2021-09-18</modified>
    </dates>
  </vuln>

  <vuln vid="47b571f2-157b-11ec-ae98-704d7b472482">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>93.0.4577.82</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html">
	  <p>This release includes 11 security fixes, including:</p>
	  <ul>
	    <li>[1237533] High CVE-2021-30625: Use after free in Selection API.
	      Reported by Marcin Towalski of Cisco Talos on 2021-08-06</li>
	    <li>[1241036] High CVE-2021-30626: Out of bounds memory access in
	      ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18</li>
	    <li>[1245786] High CVE-2021-30627: Type Confusion in Blink layout.
	      Reported by Aki Helin of OUSPG on 2021-09-01</li>
	    <li>[1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE.
	      Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18</li>
	    <li>[1243646] High CVE-2021-30629: Use after free in Permissions.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
	      at Qi'anxin Group on 2021-08-26</li>
	    <li>[1244568] High CVE-2021-30630: Inappropriate implementation in
	      Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
	      2021-08-30</li>
	    <li>[1246932] High CVE-2021-30631: Type Confusion in Blink layout.
	      Reported by Atte Kettunen of OUSPG on 2021-09-06</li>
	    <li>[1247763] High CVE-2021-30632: Out of bounds write in V8.
	      Reported by Anonymous on 2021-09-08</li>
	    <li>[1247766] High CVE-2021-30633: Use after free in Indexed DB API.
	      Reported by Anonymous on 2021-09-08</li>
	  </ul>
	  <p>Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633
	     exist in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30625</cvename>
      <cvename>CVE-2021-30626</cvename>
      <cvename>CVE-2021-30627</cvename>
      <cvename>CVE-2021-30628</cvename>
      <cvename>CVE-2021-30629</cvename>
      <cvename>CVE-2021-30630</cvename>
      <cvename>CVE-2021-30631</cvename>
      <cvename>CVE-2021-30632</cvename>
      <cvename>CVE-2021-30633</cvename>
      <url>https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-09-13</discovery>
      <entry>2021-09-14</entry>
    </dates>
  </vuln>

  <vuln vid="93eb0e48-14ba-11ec-875e-901b0e9408dc">
    <topic>Matrix clients -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>cinny</name>
	<range><lt>1.2.1</lt></range>
      </package>
      <package>
	<name>element-web</name>
	<range><lt>1.8.3</lt></range>
      </package>
      <package>
	<name>nheko</name>
	<range><le>0.8.2_2</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing">
	  <p>Today we are disclosing a critical security issue affecting
	  multiple Matrix clients and libraries including Element
	  (Web/Desktop/Android), FluffyChat, Nheko, Cinny, and SchildiChat.</p>
	  <p>Specifically, in certain circumstances it may be possible to
	  trick vulnerable clients into disclosing encryption keys for
	  messages previously sent by that client to user accounts later
	  compromised by an attacker.</p>
	  <p>Exploiting this vulnerability to read encrypted messages requires
	  gaining control over the recipient’s account. This requires either
	  compromising their credentials directly or compromising their homeserver.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-40823</cvename>
      <cvename>CVE-2021-40824</cvename>
      <url>https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing</url>
    </references>
    <dates>
      <discovery>2021-08-23</discovery>
      <entry>2021-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="376df2f1-1295-11ec-859e-000c292ee6b8">
    <topic>consul -- rpc: authorize raft requests</topic>
    <affects>
      <package>
	<name>consul</name>
	<range><lt>1.10.2</lt></range>
	<range><lt>1.9.9</lt></range>
	<range><lt>1.8.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Hashicorp reports:</p>
	<blockquote cite="https://github.com/hashicorp/consul/releases/tag/v1.9.9">
	  <p>HashiCorp Consul Raft RPC layer allows non-server agents with a
	    valid certificate signed by the same CA to access server-only
	    functionality, enabling privilege escalation.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37219</cvename>
      <url>https://github.com/hashicorp/consul/releases/tag/v1.9.9</url>
    </references>
    <dates>
      <discovery>2021-08-27</discovery>
      <entry>2021-09-11</entry>
    </dates>
  </vuln>

  <vuln vid="4ea1082a-1259-11ec-b4fa-dd5a552bdd17">
    <topic>go -- archive/zip: overflow in preallocation check can cause OOM panic</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.17.1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/47801">
	  <p>An oversight in the previous fix still allows for an OOM
	  panic when the indicated directory size in the archive
	  header is so large that subtracting it from the archive
	  size overflows a uint64, effectively bypassing the check
	  that the number of files in the archive is reasonable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39293</cvename>
      <url>https://github.com/golang/go/issues/47801</url>
    </references>
    <dates>
      <discovery>2021-08-18</discovery>
      <entry>2021-09-10</entry>
    </dates>
  </vuln>

  <vuln vid="145ce848-1165-11ec-ac7e-08002789875b">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python38</name>
	<range><lt>3.8.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://docs.python.org/3.8/whatsnew/changelog.html#changelog">
	  <p>bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid
	    a potential race condition.</p>
	<p>bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
	    fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used
	    on Windows and macOS.</p>
	<p>bpo-43124: Made the internal putcmd function in smtplib sanitize input for
	    presence of \r and \n characters to avoid (unlikely) command injection.</p>
	<p>bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address
	    strings. Leading zeros are ambiguous and interpreted as octal notation by some
	    libraries. For example the legacy function socket.inet_aton() treats leading
	    zeros as octal notation. glibc implementation of modern inet_pton() does not
	    accept any leading zeros. For a while the ipaddress module used to accept ambiguous
	    leading zeros.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://docs.python.org/3.8/whatsnew/changelog.html#changelog</url>
    </references>
    <dates>
      <discovery>2021-08-30</discovery>
      <entry>2021-09-09</entry>
    </dates>
  </vuln>

  <vuln vid="f55921aa-10c9-11ec-8647-00e0670f2660">
    <topic>MPD5 PPPoE Server remotely exploitable crash</topic>
    <affects>
      <package>
	<name>mpd5</name>
	<range><ge>5.0</ge><lt>5.9_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Version 5.9_2 contains security fix for PPPoE servers.
	Insufficient validation of incoming PPPoE Discovery request
	specially crafted by unauthenticated user might lead to unexpected
	termination of the process. The problem affects mpd versions
	since 5.0. Installations not using PPPoE server configuration
	were not affected.</p>
      </body>
    </description>
    <references>
	<url>http://mpd.sourceforge.net/doc5/mpd4.html#4</url>
    </references>
    <dates>
      <discovery>2021-09-04</discovery>
      <entry>2021-09-09</entry>
    </dates>
  </vuln>

  <vuln vid="0e561173-0fa9-11ec-a2fa-080027948c12">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python36</name>
	<range><lt>3.6.15</lt></range>
      </package>
      <package>
	<name>python37</name>
	<range><lt>3.7.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://docs.python.org/3.6/whatsnew/changelog.html#changelog">
	  <p>bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
	    fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used
	    on Windows and macOS.</p>
	  <p>bpo-43124: Made the internal putcmd function in smtplib sanitize input for
	    presence of \r and \n characters to avoid (unlikely) command injection.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://docs.python.org/3.6/whatsnew/changelog.html#changelog</url>
      <url>https://docs.python.org/3.7/whatsnew/changelog.html#changelog</url>
    </references>
    <dates>
      <discovery>2021-08-30</discovery>
      <entry>2021-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="65f05b71-0e3c-11ec-b335-d4c9ef517024">
    <topic>WeeChat -- Crash when decoding a malformed websocket frame in relay plugin.</topic>
    <affects>
      <package>
	<name>weechat</name>
	<range><lt>3.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The WeeChat project reports:</p>
	<blockquote cite="https://weechat.org/doc/security/">
	  <p>Crash when decoding a malformed websocket frame in relay plugin.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://weechat.org/doc/security/</url>
      <url>https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b</url>
    </references>
    <dates>
      <discovery>2021-09-04</discovery>
      <entry>2021-09-05</entry>
    </dates>
  </vuln>

  <vuln vid="a67e358c-0bf6-11ec-875e-901b0e9408dc">
    <topic>py-matrix-synapse -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-matrix-synapse</name>
	<name>py37-matrix-synapse</name>
	<name>py38-matrix-synapse</name>
	<name>py39-matrix-synapse</name>
	<name>py310-matrix-synapse</name>
	<range><lt>1.41.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2021/08/31/synapse-1-41-1-released">
	  <p>This release patches two moderate severity issues which
	  could reveal metadata about private rooms:</p>
	  <ul>
	    <li>CVE-2021-39164: Enumerating a private room's list of
	    members and their display names.</li>
	    <li>CVE-2021-39163: Disclosing a private room's name,
	    avatar, topic, and number of members.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdpr>ports/258187</freebsdpr>
      <cvename>CVE-2021-39164</cvename>
      <cvename>CVE-2021-39163</cvename>
      <url>https://matrix.org/blog/2021/08/31/synapse-1-41-1-released</url>
    </references>
    <dates>
      <discovery>2021-08-31</discovery>
      <entry>2021-09-02</entry>
    </dates>
  </vuln>

  <vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python39</name>
	<range><lt>3.9.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://docs.python.org/release/3.9.7/whatsnew/changelog.html">
	  <p>bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid
	    a potential race condition.</p>
	  <p>bpo-41180: Add auditing events to the marshal module, and stop raising
	    code.__init__ events for every unmarshalled code object. Directly instantiated
	    code objects will continue to raise an event, and audit event handlers should
	    inspect or collect the raw marshal data. This reduces a significant performance
	    overhead when loading from .pyc files.</p>
	  <p>bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
	    fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used
	    on Windows and macOS.</p>
	  <p>bpo-43124: Made the internal putcmd function in smtplib sanitize input for
	    presence of \r and \n characters to avoid (unlikely) command injection.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://docs.python.org/release/3.9.7/whatsnew/changelog.html</url>
    </references>
    <dates>
      <discovery>2021-08-30</discovery>
      <entry>2021-09-02</entry>
    </dates>
  </vuln>

  <vuln vid="a7732806-0b2a-11ec-836b-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>93.0.4577.63</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html">
	  <p>This release contains 27 security fixes, including:</p>
	  <ul>
	    <li>[1233975] High CVE-2021-30606: Use after free in Blink. Reported
	      by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360
	      Alpha Lab on 2021-07-28</li>
	    <li>[1235949] High CVE-2021-30607: Use after free in Permissions.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group on 2021-08-03</li>
	    <li>[1219870] High CVE-2021-30608: Use after free in Web Share.
	      Reported by Huyna at Viettel Cyber Security on 2021-06-15</li>
	    <li>[1239595] High CVE-2021-30609: Use after free in Sign-In.
	      Reported by raven (@raid_akame) on 2021-08-13</li>
	    <li>[1200440] High CVE-2021-30610: Use after free in Extensions API.
	      Reported by Igor Bukanov from Vivaldi on 2021-04-19</li>
	    <li>[1233942] Medium CVE-2021-30611: Use after free in WebRTC.
	      Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of
	      360 Alpha Lab on 2021-07-28</li>
	    <li>[1234284] Medium CVE-2021-30612: Use after free in WebRTC.
	      Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of
	      360 Alpha Lab on 2021-07-29</li>
	    <li>[1209622] Medium CVE-2021-30613: Use after free in Base
	      internals. Reported by Yangkang (@dnpushme) of 360 ATA on
	      2021-05-16</li>
	    <li>[1207315] Medium CVE-2021-30614: Heap buffer overflow in
	      TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab,
	      OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10</li>
	    <li>[1208614] Medium CVE-2021-30615: Cross-origin data leak in
	      Navigation. Reported by NDevTK on 2021-05-12</li>
	    <li>[1231432] Medium CVE-2021-30616: Use after free in Media.
	      Reported by Anonymous on 2021-07-21</li>
	    <li>[1226909] Medium CVE-2021-30617: Policy bypass in Blink.
	      Reported by NDevTK on 2021-07-07</li>
	    <li>[1232279] Medium CVE-2021-30618: Inappropriate implementation in
	      DevTools. Reported by @DanAmodio and @mattaustin from Contrast
	      Security on 2021-07-23</li>
	    <li>[1235222] Medium CVE-2021-30619: UI Spoofing in Autofill.
	      Reported by Alesandro Ortiz on 2021-08-02</li>
	    <li>[1063518] Medium CVE-2021-30620: Insufficient policy enforcement
	      in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
	      Research on 2020-03-20</li>
	    <li>[1204722] Medium CVE-2021-30621: UI Spoofing in Autofill.
	      Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
	      Research on 2021-04-30</li>
	    <li>[1224419] Medium CVE-2021-30622: Use after free in WebApp
	      Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
	      Research on 2021-06-28</li>
	    <li>[1223667] Low CVE-2021-30623: Use after free in Bookmarks.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-06-25</li>
	    <li>[1230513] Low CVE-2021-30624: Use after free in Autofill.
	      Reported by Wei Yuan of MoyunSec VLab on 2021-07-19</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30606</cvename>
      <cvename>CVE-2021-30607</cvename>
      <cvename>CVE-2021-30608</cvename>
      <cvename>CVE-2021-30609</cvename>
      <cvename>CVE-2021-30610</cvename>
      <cvename>CVE-2021-30611</cvename>
      <cvename>CVE-2021-30612</cvename>
      <cvename>CVE-2021-30613</cvename>
      <cvename>CVE-2021-30614</cvename>
      <cvename>CVE-2021-30615</cvename>
      <cvename>CVE-2021-30616</cvename>
      <cvename>CVE-2021-30617</cvename>
      <cvename>CVE-2021-30618</cvename>
      <cvename>CVE-2021-30619</cvename>
      <cvename>CVE-2021-30620</cvename>
      <cvename>CVE-2021-30621</cvename>
      <cvename>CVE-2021-30622</cvename>
      <cvename>CVE-2021-30623</cvename>
      <cvename>CVE-2021-30624</cvename>
      <url>https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html</url>
    </references>
    <dates>
      <discovery>2021-08-31</discovery>
      <entry>2021-09-01</entry>
    </dates>
  </vuln>

  <vuln vid="3d915d96-0b1f-11ec-8d9f-080027415d17">
    <topic>cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction</topic>
    <affects>
      <package>
	<name>cyrus-imapd34</name>
	<range><lt>3.4.2</lt></range>
      </package>
      <package>
	<name>cyrus-imapd32</name>
	<range><lt>3.2.8</lt></range>
      </package>
      <package>
	<name>cyrus-imapd30</name>
	<range><lt>3.0.16</lt></range>
      </package>
      <package>
	<name>cyrus-imapd25</name>
	<name>cyrus-imapd24</name>
	<name>cyrus-imapd23</name>
	<range><gt>0</gt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cyrus IMAP 3.4.2 Release Notes states:</p>
	<blockquote cite="https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.2.html">
	  <p>Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a single bucket. Each subsequent insertion to the same bucket requires a strcmp of every other entry in it. At tens of thousands of entries, each new insertion could keep the CPU busy in a strcmp loop for minutes.
The string hashing algorithm has been replaced with a better one, and now also uses a random seed per hash table, so malicious inputs cannot be precomputed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33582</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582</url>
    </references>
    <dates>
      <discovery>2021-05-26</discovery>
      <entry>2021-09-01</entry>
    </dates>
  </vuln>

  <vuln vid="6c22bb39-0a9a-11ec-a265-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.2.0</ge><lt>14.2.2</lt></range>
	<range><ge>14.1.0</ge><lt>14.1.4</lt></range>
	<range><ge>0</ge><lt>14.0.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/">
	  <p>Stored XSS in DataDog Integration</p>
	  <p>Invited group members continue to have project access even after invited group is deleted</p>
	  <p>Specially crafted requests to apollo_upload_server middleware leads to denial of service</p>
	  <p>Privilege escalation of an external user through project token</p>
	  <p>Missing access control allows non-admin users to add/remove Jira Connect Namespaces</p>
	  <p>User enumeration on private instances</p>
	  <p>Member e-mails can be revealed via project import/export feature</p>
	  <p>Stored XSS in Jira integration</p>
	  <p>Stored XSS in markdown via the Design reference</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22257</cvename>
      <cvename>CVE-2021-22258</cvename>
      <cvename>CVE-2021-22238</cvename>
      <url>https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/</url>
    </references>
    <dates>
      <discovery>2021-08-31</discovery>
      <entry>2021-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="1d6410e8-06c1-11ec-a35d-03ca114d16d6">
    <topic>fetchmail -- STARTTLS bypass vulnerabilities</topic>
    <affects>
      <package>
	<name>fetchmail</name>
	<range><lt>6.4.22.r1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Problem:</p>
	<blockquote cite="https://www.fetchmail.info/fetchmail-SA-2021-02.txt">
	  <p>In certain circumstances, fetchmail 6.4.21 and older would
	    not encrypt the session using STARTTLS/STLS, and might not have
	    cleared session state across the TLS negotiation.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39272</cvename>
      <url>https://www.fetchmail.info/fetchmail-SA-2021-02.txt</url>
    </references>
    <dates>
      <discovery>2021-08-10</discovery>
      <entry>2021-08-26</entry>
    </dates>
  </vuln>

  <vuln vid="d22b336d-0567-11ec-b69d-4062311215d5">
    <topic>FreeBSD -- libfetch out of bounds read</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_4</lt></range>
	<range><ge>12.2</ge><lt>12.2_10</lt></range>
	<range><ge>11.4</ge><lt>11.4_13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The passive mode in FTP communication allows an out of boundary read while
	libfetch uses strtol to parse the relevant numbers into address bytes.  It
	does not check if the line ends prematurely.  If it does, the for-loop
	condition checks for *p == '\0' one byte too late because p++ was already
	performed.</p>
	<h1>Impact:</h1>
	<p>The connection buffer size can be controlled by a malicious FTP server
	because the size is increased until a newline is encountered (or no more
	characters are read).  This also allows to move the buffer into more
	interesting areas within the address space, potentially parsing relevant
	numbers for the attacker.  Since these bytes become available to the server
	in form of a new TCP connection to a constructed port number or even part of
	the IPv6 address this is a potential information leak.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-36159</cvename>
      <freebsdsa>SA-21:15.libfetch</freebsdsa>
    </references>
    <dates>
      <discovery>2021-08-24</discovery>
      <entry>2021-08-25</entry>
    </dates>
  </vuln>

  <vuln vid="3e9d2fde-0567-11ec-b69d-4062311215d5">
    <topic>FreeBSD -- Remote code execution in ggatec(8)</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_4</lt></range>
	<range><ge>12.2</ge><lt>12.2_10</lt></range>
	<range><ge>11.4</ge><lt>11.4_13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The ggatec(8) daemon does not validate the size of a response before writing
	it to a fixed-sized buffer.  This allows to overwrite the stack of ggatec(8).</p>
	<h1>Impact:</h1>
	<p>A malicious ggated(8) or an attacker in a priviledged network position can
	overwrite the stack with crafted content and potentially execute arbitrary
	code.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29630</cvename>
      <freebsdsa>SA-21:14.ggatec</freebsdsa>
    </references>
    <dates>
      <discovery>2021-08-24</discovery>
      <entry>2021-08-25</entry>
    </dates>
  </vuln>

  <vuln vid="a6d5d4c1-0564-11ec-b69d-4062311215d5">
    <topic>FreeBSD -- Missing error handling in bhyve(8) device models</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_4</lt></range>
	<range><ge>12.2</ge><lt>12.2_10</lt></range>
	<range><ge>11.4</ge><lt>11.4_13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Certain VirtIO-based device models failed to handle errors when fetching
	I/O descriptors.  Such errors could be triggered by a malicious guest.
	As a result, the device model code could be tricked into operating on
	uninitialized I/O vectors, leading to memory corruption.</p>
	<h1>Impact:</h1>
	<p>A malicious guest may be able to crash the bhyve process.  It may be
	possible to exploit the memory corruption bugs to achieve arbitrary code
	execution in the bhyve process.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29631</cvename>
      <freebsdsa>SA-21:13.bhyve</freebsdsa>
    </references>
    <dates>
      <discovery>2021-08-24</discovery>
      <entry>2021-08-25</entry>
    </dates>
  </vuln>

  <vuln vid="96811d4a-04ec-11ec-9b84-d4c9ef517024">
    <topic>OpenSSL -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1l,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.0.b3</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_4</lt></range>
	<range><ge>12.2</ge><lt>12.2_10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20210824.txt">
	  <p>SM2 Decryption Buffer Overflow (CVE-2021-3711: High)</p>
	  <p>Read buffer overruns processing ASN.1 strings (CVE-2021-3712:
	    Moderate)
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3711</cvename>
      <cvename>CVE-2021-3712</cvename>
      <url>https://www.openssl.org/news/secadv/20210824.txt</url>
      <freebsdsa>SA-21:16.openssl</freebsdsa>
    </references>
    <dates>
      <discovery>2021-08-24</discovery>
      <entry>2021-08-24</entry>
      <modified>2021-08-25</modified>
    </dates>
  </vuln>

  <vuln vid="d3180f02-031e-11ec-875f-0800273f11ea">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.15.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.15.0:</p>
	<blockquote cite="https://blog.gitea.io/2021/08/gitea-1.15.0-is-released/">
	  <ul>
	    <li>Encrypt LDAP bind password in db with SECRET_KEY (#15547)</li>
	    <li>Remove random password in Dockerfiles (#15362)</li>
	    <li>Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)</li>
	    <li>Correctly create of git-daemon-export-ok files (#16508) (#16514)</li>
	    <li>Don't show private user's repo in explore view (#16550) (#16554)</li>
	    <li>Update node tar dependency to 6.1.6 (#16622) (#16623)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.15.0</url>
      <freebsdpr>ports/257994</freebsdpr>
    </references>
    <dates>
      <discovery>2021-04-29</discovery>
      <entry>2021-08-22</entry>
    </dates>
  </vuln>

  <vuln vid="733afd81-01cf-11ec-aec9-0800273f11ea">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.14.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.14.6:</p>
	<blockquote cite="https://blog.gitea.io/2021/08/gitea-1.14.6-is-released/">
	  <ul>
	    <li>Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)</li>
	    <li>Switch to maintained JWT lib (#16532) (#16535)</li>
	    <li>Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.14.6</url>
      <freebsdpr>ports/257973</freebsdpr>
    </references>
    <dates>
      <discovery>2021-07-24</discovery>
      <entry>2021-08-20</entry>
    </dates>
  </vuln>

  <vuln vid="70e71a24-0151-11ec-bf0c-080027eedc6a">
    <topic>bouncycastle15 -- bcrypt password checking vulnerability</topic>
    <affects>
      <package>
	<name>bouncycastle15</name>
	<range><ge>1.65</ge><lt>1.67</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Bouncy Castle team reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052">
	  <p>
	    The OpenBSDBCrypt.checkPassword utility method compared incorrect
	    data when checking the password, allowing incorrect passwords to
	    indicate they were matching with previously hashed ones that were
	    different.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-28052</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052</url>
    </references>
    <dates>
      <discovery>2020-11-02</discovery>
      <entry>2021-08-20</entry>
    </dates>
  </vuln>

  <vuln vid="89d5bca6-0150-11ec-bf0c-080027eedc6a">
    <topic>The Bouncy Castle Crypto APIs -- EC math vulnerability</topic>
    <affects>
      <package>
	<name>bouncycastle15</name>
	<range><lt>1.66</lt></range>
      </package>
      <package>
	<name>bouncycastle</name>
	<range><lt>1.66</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Bouncy Castle team reports::</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522">
	  <p>
	    Bouncy Castle BC Java before 1.66 has a timing issue within the EC
	    math library that can expose information about the private key when
	    an attacker is able to observe timing information for the generation
	    of multiple deterministic ECDSA signatures.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-15522</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522</url>
    </references>
    <dates>
      <discovery>2020-07-04</discovery>
      <entry>2021-08-20</entry>
    </dates>
  </vuln>

  <vuln vid="f4c54b81-bcc8-11eb-a7a6-080027f515ea">
    <topic>binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()</topic>
    <affects>
      <package>
	<name>binutils</name>
	<range><lt>2.33.1_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Hao Wang reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487">
	  <p>
	    There's a flaw in the BFD library of binutils in versions before 2.36.
	    An attacker who supplies a crafted file to an application linked with BFD,
	    and using the DWARF functionality, could cause an impact to system
	    availability by way of excessive memory consumption.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3487</cvename>
      <url>https://sourceware.org/bugzilla/show_bug.cgi?id=26946</url>
    </references>
    <dates>
      <discovery>2020-11-25</discovery>
      <entry>2021-08-13</entry>
    </dates>
  </vuln>

  <vuln vid="128deba6-ff56-11eb-8514-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>92.0.4515.159</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html">
	  <p>This release contains 9 security fixes, including:</p>
	  <ul>
	    <li>[1234764] High CVE-2021-30598: Type Confusion in V8. Reported by
	      Manfred Paul on 2021-07-30</li>
	    <li>[1234770] High CVE-2021-30599: Type Confusion in V8. Reported by
	      Manfred Paul on 2021-07-30</li>
	    <li>[1231134] High CVE-2021-30600: Use after free in Printing.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-07-20</li>
	    <li>[1234009] High CVE-2021-30601: Use after free in Extensions API.
	      Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of
	      360 Alpha Lab on 2021-07-28</li>
	    <li>[1230767] High CVE-2021-30602: Use after free in WebRTC.
	      Reported by Marcin Towalski of Cisco Talos on 2021-07-19</li>
	    <li>[1233564] High CVE-2021-30603: Race in WebAudio. Reported by
	      Sergei Glazunov of Google Project Zero on 2021-07-27</li>
	    <li>[1234829] High CVE-2021-30604: Use after free in ANGLE. Reported
	      by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30598</cvename>
      <cvename>CVE-2021-30599</cvename>
      <cvename>CVE-2021-30600</cvename>
      <cvename>CVE-2021-30601</cvename>
      <cvename>CVE-2021-30602</cvename>
      <cvename>CVE-2021-30603</cvename>
      <cvename>CVE-2021-30604</cvename>
      <url>https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-08-16</discovery>
      <entry>2021-08-17</entry>
    </dates>
  </vuln>

  <vuln vid="e9200f8e-fd34-11eb-afb1-c85b76ce9b5a">
    <topic>lynx -- SSL certificate validation error</topic>
    <affects>
      <package>
	<name>ja-lynx</name>
	<range><lt>2.8.10</lt></range>
      </package>
      <package>
	<name>ja-lynx-current</name>
	<range><lt>2.9.0d9</lt></range>
      </package>
      <package>
	<name>lynx</name>
	<range><lt>2.8.10</lt></range>
      </package>
      <package>
	<name>lynx-current</name>
	<range><lt>2.9.0d9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Axel Beckert reports:</p>
	<blockquote cite="https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html">
	  <p>[...] I was able to capture the password given on the commandline in traffic
of an TLS handshake using tcpdump and analysing it with Wireshark: [...]</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html</url>
    </references>
    <dates>
      <discovery>2021-08-07</discovery>
      <entry>2021-08-14</entry>
      <modified>2021-08-15</modified>
    </dates>
  </vuln>

  <vuln vid="b471130b-fb86-11eb-87db-6cc21735f730">
    <topic>PostgreSQL server -- Memory disclosure in certain queries</topic>
    <affects>
      <package>
	<name>postgresql13-server</name>
	<range><lt>13.4</lt></range>
      </package>
      <package>
	<name>postgresql12-server</name>
	<range><lt>12.8</lt></range>
      </package>
      <package>
	<name>postgresql11-server</name>
	<range><lt>11.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2021-3677/">
	  <p>
	   A purpose-crafted query can read arbitrary bytes of
	   server memory. In the default configuration, any
	   authenticated database user can complete this attack at
	   will. The attack does not require the ability to create
	   objects. If server settings include
	   max_worker_processes=0, the known versions of this
	   attack are infeasible. However, undiscovered variants of
	   the attack may be independent of that setting.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3677</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2021-3677/</url>
    </references>
    <dates>
      <discovery>2021-08-12</discovery>
      <entry>2021-08-12</entry>
    </dates>
  </vuln>

  <vuln vid="e80073d7-f8ba-11eb-b141-589cfc007716">
    <topic>xtrlock -- xtrlock does not block multitouch events</topic>
    <affects>
      <package>
	<name>xtrlock</name>
	<range><lt>2.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Debian reports:</p>
	<blockquote cite="https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html">
	  <p>xtrlock did not block multitouch events so an attacker could still
	  input and thus control various programs such as Chromium, etc. via
	  so-called "multitouch" events including pan scrolling, "pinch and
	  zoom" or even being able to provide regular mouse clicks by
	  depressing the touchpad once and then clicking with a secondary
	  finger.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2016-10894</cvename>
      <url>https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html</url>
    </references>
    <dates>
      <discovery>2016-07-10</discovery>
      <entry>2021-08-09</entry>
    </dates>
  </vuln>

  <vuln vid="848bdd06-f93a-11eb-9f7d-206a8a720317">
    <topic>x11/cde -- Local privilege escalation via CDE dtsession</topic>
    <affects>
      <package>
	<name>cde</name>
	<range><lt>2.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Marco Ivaldi (marco.ivaldi () mediaservice net) reports:</p>
	<blockquote cite="https://seclists.org/bugtraq/2020/Jan/22">
	  <p>A buffer overflow in the CheckMonitor() function in the Common
	  Desktop Environment 2.3.1 and earlier and 1.6 and earlier,
	  as distributed with Oracle Solaris 10 1/13 (Update 11) and
	  earlier, allows local users to gain root privileges via a long
	  palette name passed to dtsession in a malicious .Xdefaults
	  file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-2696</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2696</url>
    </references>
    <dates>
      <discovery>2020-01-15</discovery>
      <entry>2021-08-09</entry>
    </dates>
  </vuln>

  <vuln vid="880552c4-f63f-11eb-9d56-7186043316e9">
    <topic>go -- net/http: panic due to racy read of persistConn after handler panic</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.16.7,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/46866">
	  <p>A net/http/httputil ReverseProxy can panic due to a race
	  condition if its Handler aborts with ErrAbortHandler, for
	  example due to an error in copying the response body. An
	  attacker might be able to force the conditions leading to
	  the race condition.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-36221</cvename>
      <url>https://github.com/golang/go/issues/46866</url>
    </references>
    <dates>
      <discovery>2021-06-21</discovery>
      <entry>2021-08-05</entry>
    </dates>
  </vuln>

  <vuln vid="1d651770-f4f5-11eb-ba49-001b217b3468">
    <topic>Gitlab -- Gitlab</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.1.0</ge><lt>14.1.2</lt></range>
	<range><ge>14.0.0</ge><lt>14.0.7</lt></range>
	<range><ge>0</ge><lt>13.12.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/">
	  <p>Stored XSS in Mermaid when viewing Markdown files</p>
	  <p>Stored XSS in default branch name</p>
	  <p>Perform Git actions with an impersonation token even if impersonation is disabled</p>
	  <p>Tag and branch name confusion allows Developer to access protected CI variables</p>
	  <p>New subscriptions generate OAuth tokens on an incorrect OAuth client application</p>
	  <p>Ability to list and delete impersonation tokens for your own user</p>
	  <p>Pipelines page is partially visible for users that have no right to see CI/CD</p>
	  <p>Improper email validation on an invite URL</p>
	  <p>Unauthorised user was able to add meta data upon issue creation</p>
	  <p>Unauthorized user can trigger deployment to a protected environment</p>
	  <p>Guest in private project can see CI/CD Analytics</p>
	  <p>Guest users can create issues for Sentry errors and track their status</p>
	  <p>Private user email disclosure via group invitation</p>
	  <p>Projects are allowed to add members with email address domain that should be blocked by group settings</p>
	  <p>Misleading username could lead to impersonation in using SSH Certificates</p>
	  <p>Unauthorized user is able to access and view project vulnerability reports</p>
	  <p>Denial of service in repository caused by malformed commit author</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22237</cvename>
      <cvename>CVE-2021-22236</cvename>
      <cvename>CVE-2021-22239</cvename>
      <url>https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/</url>
    </references>
    <dates>
      <discovery>2021-08-03</discovery>
      <entry>2021-08-04</entry>
    </dates>
  </vuln>

  <vuln vid="5ef14250-f47c-11eb-8f13-5b4de959822e">
    <topic>Prosody -- Remote Information Disclosure</topic>
    <affects>
      <package>
	<name>prosody</name>
	<range><lt>0.11.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>A Prosody XMPP server advisory reports:</p>
	<blockquote cite="https://prosody.im/security/advisory_20210722/">
	<p>It was discovered that Prosody allows any entity to access the list of
	admins, members, owners and banned entities of any federated XMPP group chat
	of which they know the address.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37601</cvename>
      <url>https://prosody.im/security/advisory_20210722/</url>
    </references>
    <dates>
      <discovery>2021-07-22</discovery>
      <entry>2021-08-03</entry>
    </dates>
  </vuln>

  <vuln vid="c3c6c4a3-f47d-11eb-b632-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>92.0.4515.131</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/search/label/Stable%20updates">
	  <p>This release contains 10 security fixes, including:</p>
	  <ul>
	    <li>[1227777] High CVE-2021-30590: Heap buffer overflow in
	      Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-07-09</li>
	    <li>[1229298] High CVE-2021-30591: Use after free in File System
	      API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
	      2021-07-14</li>
	    <li>[1209469] High CVE-2021-30592: Out of bounds write in Tab
	      Groups. Reported by David Erceg on 2021-05-15</li>
	    <li>[1209616] High CVE-2021-30593: Out of bounds read in Tab Strip.
	      Reported by David Erceg on 2021-05-16</li>
	    <li>[1218468] High CVE-2021-30594: Use after free in Page Info UI.
	      Reported by raven (@raid_akame) on 2021-06-10</li>
	    <li>[1214481] Medium CVE-2021-30596: Incorrect security UI in
	      Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29</li>
	    <li>[1232617] Medium CVE-2021-30597: Use after free in Browser UI.
	      Reported by raven (@raid_akame) on 2021-07-24</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30590</cvename>
      <cvename>CVE-2021-30591</cvename>
      <cvename>CVE-2021-30592</cvename>
      <cvename>CVE-2021-30593</cvename>
      <cvename>CVE-2021-30594</cvename>
      <cvename>CVE-2021-30596</cvename>
      <cvename>CVE-2021-30597</cvename>
      <url>https://chromereleases.googleblog.com/search/label/Stable%20updates</url>
    </references>
    <dates>
      <discovery>2021-08-02</discovery>
      <entry>2021-08-03</entry>
    </dates>
  </vuln>

  <vuln vid="b1aa54ae-74cb-42a0-b462-cbb6831c5c50">
    <topic>RabbitMQ -- Denial of Service in AMQP1.0 plugin</topic>
    <affects>
      <package>
	<name>rabbitmq</name>
	<range><lt>3.8.16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Pivotal.io reports:</p>
	<blockquote cite="https://tanzu.vmware.com/security/cve-2021-22116">
	<p>All versions prior to 3.8.16 are prone to a denial of
	   service vulnerability due to improper input validation
	   in AMQP 1.0 client connection endpoint.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2016-9877</cvename>
      <url>https://tanzu.vmware.com/security/cve-2021-22116</url>
      <url>https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.8.19</url>
    </references>
    <dates>
      <discovery>2021-05-10</discovery>
      <entry>2021-05-10</entry>
    </dates>
  </vuln>

  <vuln vid="d34bef0b-f312-11eb-b12b-fc4dd43e2b6a">
    <topic>tomcat -- HTTP request smuggling in multiple versions</topic>
    <affects>
      <package>
	<name>tomcat85</name>
	<range><ge>8.5.0</ge><le>8.5.66</le></range>
      </package>
      <package>
	<name>tomcat9</name>
	<range><ge>9.0.0</ge><le>9.0.46</le></range>
      </package>
      <package>
	<name>tomcat10</name>
	<range><ge>10.0.0</ge><le>10.0.6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports:</p>
	<blockquote cite="https://tomcat.apache.org/security.html">
	  <p>Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored the transfer-encoding header if the client declared it would only accept an HTTP/1.0 response; Tomcat honoured the identify encoding; and Tomcat did not ensure that, if present, the chunked encoding was the final encoding.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33037</cvename>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037</url>
    </references>
    <dates>
      <discovery>2021-05-07</discovery>
      <entry>2021-08-01</entry>
    </dates>
  </vuln>

  <vuln vid="8b571fb2-f311-11eb-b12b-fc4dd43e2b6a">
    <topic>tomcat -- JNDI Realm Authentication Weakness in multiple versions</topic>
    <affects>
      <package>
	<name>tomcat7</name>
	<range><ge>7.0.0</ge><le>7.0.108</le></range>
      </package>
      <package>
	<name>tomcat85</name>
	<range><ge>8.5.0</ge><le>8.5.65</le></range>
      </package>
      <package>
	<name>tomcat9</name>
	<range><ge>9.0.0</ge><le>9.0.45</le></range>
      </package>
      <package>
	<name>tomcat10</name>
	<range><ge>10.0.0</ge><le>10.0.5</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ilja.farber reports:</p>
	<blockquote cite="https://tomcat.apache.org/security.html">
	  <p>Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data (eg user names) as well as configuration data provided by an administrator.
In limited circumstances it was possible for users to authenticate using variations of their user name and/or to bypass some of the protection provided by the LockOut Realm.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30640</cvename>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640</url>
    </references>
    <dates>
      <discovery>2021-04-08</discovery>
      <entry>2021-08-01</entry>
    </dates>
  </vuln>

  <vuln vid="cc7c85d9-f30a-11eb-b12b-fc4dd43e2b6a">
    <topic>tomcat -- Remote Denial of Service in multiple versions</topic>
    <affects>
      <package>
	<name>tomcat85</name>
	<range><eq>8.5.64</eq></range>
      </package>
      <package>
	<name>tomcat9</name>
	<range><eq>9.0.44</eq></range>
      </package>
      <package>
	<name>tomcat10</name>
	<range><ge>10.0.3</ge><le>10.0.4</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>rbeaudry reports:</p>
	<blockquote cite="https://tomcat.apache.org/security.html">
	  <p>A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS.</p>
	  <p>Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30639</cvename>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639</url>
    </references>
    <dates>
      <discovery>2021-03-24</discovery>
      <entry>2021-08-01</entry>
    </dates>
  </vuln>

  <vuln vid="cbfd1874-efea-11eb-8fe9-036bd763ff35">
    <topic>fetchmail -- 6.4.19 and older denial of service or information disclosure</topic>
    <affects>
      <package>
	<name>fetchmail</name>
	<range><lt>6.3.9</lt></range>
	<range><ge>6.3.17</ge><lt>6.4.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matthias Andree reports:</p>
	<blockquote cite="https://sourceforge.net/p/fetchmail/mailman/message/37327392/">
	  <p>When a log message exceeds c. 2 kByte in size, for instance, with very long
	  header contents, and depending on verbosity option, fetchmail can crash or
	  misreport each first log message that requires a buffer reallocation.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-36386</cvename>
      <cvename>CVE-2008-2711</cvename>
      <url>https://sourceforge.net/p/fetchmail/mailman/message/37327392/</url>
    </references>
    <dates>
      <discovery>2021-07-07</discovery>
      <entry>2021-07-28</entry>
      <modified>2021-08-03</modified>
    </dates>
  </vuln>

  <vuln vid="c561ce49-eabc-11eb-9c3f-0800270512f4">
    <topic>redis -- Integer overflow issues with BITFIELD command on 32-bit systems</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>6.0.15</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>6.2.5</lt></range>
      </package>
      <package>
	<name>redis5</name>
	<range><lt>5.0.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Huang Zhw reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj">
	  <p>
	    On 32-bit versions, Redis BITFIELD command is vulnerable to integer
	    overflow that can potentially be exploited to corrupt the heap,
	    leak arbitrary heap contents or trigger remote code execution.
	    The vulnerability involves constructing specially crafted bit
	    commands which overflow the bit offset.
	  </p>
	  <p>
	    This problem only affects 32-bit versions of Redis.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32761</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj</url>
    </references>
    <dates>
      <discovery>2021-07-04</discovery>
      <entry>2021-07-27</entry>
    </dates>
  </vuln>

  <vuln vid="ce79167f-ee1c-11eb-9785-b42e99a1b9c3">
    <topic>powerdns -- remotely triggered crash</topic>
    <affects>
      <package>
	<name>powerdns</name>
	<range><eq>4.5.0</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>powerdns reports:</p>
	<blockquote cite="https://www.powerdns.com/news.html#20210726">
	  <p>PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-36754</cvename>
      <url>https://blog.powerdns.com/2021/07/26/security-advisory-2021-01-for-powerdns-authoritative-server-4-5-0/</url>
    </references>
    <dates>
      <discovery>2021-07-26</discovery>
      <entry>2021-07-27</entry>
    </dates>
  </vuln>

  <vuln vid="cc553d79-e1f0-4b94-89f2-bacad42ee826">
    <topic>mosquitto -- NULL pointer dereference</topic>
    <affects>
      <package>
	<name>mosquitto</name>
	<range><ge>2.0.0</ge><lt>2.0.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Roger Light reports:</p>
	<blockquote cite="https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt">
	  <p>If an authenticated client connected with MQTT v5 sent
	  a malformed CONNACK message to the broker a NULL pointer
	  dereference occurred, most likely resulting in a
	  segfault.</p>
	  <p>(Note: a CVE is referenced in the github commit but it
	  appears to be for a python-bleach vulnerability so it is
	  not included here.)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt</url>
    </references>
    <dates>
      <discovery>2021-04-10</discovery>
      <entry>2021-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="92ad12b8-ec09-11eb-aef1-0897988a1c07">
    <topic>pjsip -- Race condition in SSL socket server</topic>
    <affects>
      <package>
	<name>pjsip</name>
	<range><lt>2.11.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>pjsip reports:</p>
	<blockquote cite="https://github.com/pjsip/pjproject/security/advisories">
	  <p>There are a couple of issues found in the SSL socket:</p>
	  <ul>
	    <li>A race condition between callback and destroy, due to the accepted socket having no group lock.</li>
	    <li>SSL socket parent/listener may get destroyed during handshake.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32686</cvename>
      <url>https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr</url>
    </references>
    <dates>
      <discovery>2021-07-23</discovery>
      <entry>2021-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="53fbffe6-ebf7-11eb-aef1-0897988a1c07">
    <topic>asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><lt>13.38.3</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><lt>16.19.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>Depending on the timing, it's possible for Asterisk to
	  crash when using a TLS connection if the underlying socket
	  parent/listener gets destroyed during the handshake.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32686</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-009.html</url>
    </references>
    <dates>
      <discovery>2021-05-05</discovery>
      <entry>2021-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="fb3455be-ebf6-11eb-aef1-0897988a1c07">
    <topic>asterisk -- Remote crash when using IAX2 channel driver</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><lt>13.38.3</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><lt>16.19.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>If the IAX2 channel driver receives a packet that
	  contains an unsupported media format it can cause a crash
	  to occur in Asterisk.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32558</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-008.html</url>
    </references>
    <dates>
      <discovery>2021-04-13</discovery>
      <entry>2021-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="ffa364e1-ebf5-11eb-aef1-0897988a1c07">
    <topic>asterisk -- Remote Crash Vulnerability in PJSIP channel driver</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><ge>16.17.0</ge><lt>16.19.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.3.0</ge><lt>18.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>When Asterisk receives a re-INVITE without SDP after
	  having sent a BYE request a crash will occur. This occurs
	  due to the Asterisk channel no longer being present while
	  code assumes it is.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-31878</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-007.html</url>
    </references>
    <dates>
      <discovery>2021-04-06</discovery>
      <entry>2021-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="76487640-ea29-11eb-a686-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>92.0.4515.107</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html">
	  <p>This release contains 35 security fixes, including:</p>
	  <ul>
	    <li>][1210985] High CVE-2021-30565: Out of bounds write in Tab
	      Groups. Reported by David Erceg on 2021-05-19</li>
	    <li>[1202661] High CVE-2021-30566: Stack buffer overflow in
	      Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-04-26</li>
	    <li>[1211326] High CVE-2021-30567: Use after free in DevTools.
	      Reported by DDV_UA on 2021-05-20</li>
	    <li>[1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.
	      Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15</li>
	    <li>[1218707] High CVE-2021-30569: Use after free in sqlite.
	      Reported by Chris Salls (@salls) of Makai Security on
	      2021-06-11</li>
	    <li>[1101897] High CVE-2021-30571: Insufficient policy enforcement
	      in DevTools. Reported by David Erceg on 2020-07-03</li>
	    <li>[1214234] High CVE-2021-30572: Use after free in Autofill.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group on 2021-05-28</li>
	    <li>[1216822] High CVE-2021-30573: Use after free in GPU. Reported
	      by Security For Everyone Team - https://securityforeveryone.com on
	      2021-06-06</li>
	    <li>[1227315] High CVE-2021-30574: Use after free in protocol
	      handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-07-08</li>
	    <li>[1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-05-26</li>
	    <li>[1194896] Medium CVE-2021-30576: Use after free in DevTools.
	      Reported by David Erceg on 2021-04-01</li>
	    <li>[1204811] Medium CVE-2021-30577: Insufficient policy enforcement
	      in Installer. Reported by Jan van der Put (REQON B.V) on
	      2021-05-01</li>
	    <li>[1201074] Medium CVE-2021-30578: Uninitialized Use in Media.
	      Reported by Chaoyuan Peng  on 2021-04-21</li>
	    <li>[1207277] Medium CVE-2021-30579: Use after free in UI framework.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group on 2021-05-10</li>
	    <li>[1189092] Medium CVE-2021-30580: Insufficient policy enforcement
	      in Android intents. Reported by @retsew0x01 on 2021-03-17</li>
	    <li>[1194431] Medium CVE-2021-30581: Use after free in DevTools.
	      Reported by David Erceg on 2021-03-31</li>
	    <li>[1205981] Medium CVE-2021-30582: Inappropriate implementation in
	      Animation. Reported by George Liu  on 2021-05-05</li>
	    <li>[1179290] Medium CVE-2021-30583: Insufficient policy enforcement
	      in image handling on Windows. Reported by Muneaki Nishimura
	      (nishimunea) on 2021-02-17</li>
	    <li>[1213350] Medium CVE-2021-30584: Incorrect security UI in
	      Downloads. Reported by @retsew0x01 on 2021-05-26</li>
	    <li>[1023503] Medium CVE-2021-30585: Use after free in sensor
	      handling. Reported by niarci on 2019-11-11</li>
	    <li>[1201032] Medium CVE-2021-30586: Use after free in dialog box
	      handling on Windows. Reported by kkomdal with kkwon and neodal on
	      2021-04-21</li>
	    <li>[1204347] Medium CVE-2021-30587: Inappropriate implementation in
	      Compositing on Windows. Reported by Abdulrahman Alqabandi,
	      Microsoft Browser Vulnerability Research on 2021-04-30</li>
	    <li>[1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by
	      Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04</li>
	    <li>[1180510] Low CVE-2021-30589: Insufficient validation of
	      untrusted input in Sharing. Reported by Kirtikumar Anandrao
	      Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on
	      2021-02-20</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30565</cvename>
      <cvename>CVE-2021-30566</cvename>
      <cvename>CVE-2021-30567</cvename>
      <cvename>CVE-2021-30568</cvename>
      <cvename>CVE-2021-30569</cvename>
      <cvename>CVE-2021-30571</cvename>
      <cvename>CVE-2021-30572</cvename>
      <cvename>CVE-2021-30573</cvename>
      <cvename>CVE-2021-30574</cvename>
      <cvename>CVE-2021-30575</cvename>
      <cvename>CVE-2021-30576</cvename>
      <cvename>CVE-2021-30577</cvename>
      <cvename>CVE-2021-30578</cvename>
      <cvename>CVE-2021-30579</cvename>
      <cvename>CVE-2021-30580</cvename>
      <cvename>CVE-2021-30581</cvename>
      <cvename>CVE-2021-30582</cvename>
      <cvename>CVE-2021-30583</cvename>
      <cvename>CVE-2021-30584</cvename>
      <cvename>CVE-2021-30585</cvename>
      <cvename>CVE-2021-30586</cvename>
      <cvename>CVE-2021-30587</cvename>
      <cvename>CVE-2021-30588</cvename>
      <cvename>CVE-2021-30589</cvename>
      <url>https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html</url>
    </references>
    <dates>
      <discovery>2021-07-20</discovery>
      <entry>2021-07-21</entry>
    </dates>
  </vuln>

  <vuln vid="aa646c01-ea0d-11eb-9b84-d4c9ef517024">
    <topic>cURL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>7.78.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The cURL project reports:</p>
	<blockquote cite="https://curl.se/docs/vuln-7.77.0.html">
	  <p>CURLOPT_SSLCERT mixup with Secure Transport (CVE-2021-22926)</p>
	  <p>TELNET stack contents disclosure again (CVE-2021-22925)</p>
	  <p>Bad connection reuse due to flawed path name checks (CVE-2021-92254)</p>
	  <p>Metalink download sends credentials (CVE-2021-92253)</p>
	  <p>Wrong content via metalink not discarded (CVE-2021-92252)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22922</cvename>
      <cvename>CVE-2021-22923</cvename>
      <cvename>CVE-2021-22924</cvename>
      <cvename>CVE-2021-22925</cvename>
      <cvename>CVE-2021-22926</cvename>
      <url>https://curl.se/docs/vuln-7.77.0.html</url>
    </references>
    <dates>
      <discovery>2021-07-21</discovery>
      <entry>2021-07-21</entry>
    </dates>
  </vuln>

  <vuln vid="38a4a043-e937-11eb-9b84-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql57-server</name>
	<range><lt>5.7.35</lt></range>
      </package>
      <package>
	<name>mysql80-server</name>
	<range><lt>8.0.26</lt></range>
      </package>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.31</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.21</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2021.html">
	  <p>This Critical Patch Update contains 41 new security patches for
	    Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable
	    without authentication, i.e., may be exploited over a network without
	    requiring user credentials.<br/>
	    The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
	    MySQL is 8.8.</p>
	  <p>MariaDB is affected by CVE-2021-2372 and CVE-2021-2389 only.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.oracle.com/security-alerts/cpujul2021.html</url>
      <cvename>CVE-2019-17543</cvename>
      <cvename>CVE-2021-2339</cvename>
      <cvename>CVE-2021-2340</cvename>
      <cvename>CVE-2021-2342</cvename>
      <cvename>CVE-2021-2352</cvename>
      <cvename>CVE-2021-2354</cvename>
      <cvename>CVE-2021-2356</cvename>
      <cvename>CVE-2021-2357</cvename>
      <cvename>CVE-2021-2367</cvename>
      <cvename>CVE-2021-2370</cvename>
      <cvename>CVE-2021-2372</cvename>
      <cvename>CVE-2021-2374</cvename>
      <cvename>CVE-2021-2383</cvename>
      <cvename>CVE-2021-2384</cvename>
      <cvename>CVE-2021-2385</cvename>
      <cvename>CVE-2021-2387</cvename>
      <cvename>CVE-2021-2389</cvename>
      <cvename>CVE-2021-2390</cvename>
      <cvename>CVE-2021-2399</cvename>
      <cvename>CVE-2021-2402</cvename>
      <cvename>CVE-2021-2410</cvename>
      <cvename>CVE-2021-2411</cvename>
      <cvename>CVE-2021-2412</cvename>
      <cvename>CVE-2021-2417</cvename>
      <cvename>CVE-2021-2418</cvename>
      <cvename>CVE-2021-2422</cvename>
      <cvename>CVE-2021-2424</cvename>
      <cvename>CVE-2021-2425</cvename>
      <cvename>CVE-2021-2426</cvename>
      <cvename>CVE-2021-2427</cvename>
      <cvename>CVE-2021-2429</cvename>
      <cvename>CVE-2021-2437</cvename>
      <cvename>CVE-2021-2440</cvename>
      <cvename>CVE-2021-2441</cvename>
      <cvename>CVE-2021-2444</cvename>
      <cvename>CVE-2021-3450</cvename>
      <cvename>CVE-2021-22884</cvename>
      <cvename>CVE-2021-22901</cvename>
    </references>
    <dates>
      <discovery>2021-07-20</discovery>
      <entry>2021-07-20</entry>
      <modified>2021-08-04</modified>
    </dates>
  </vuln>

  <vuln vid="943d23b6-e65e-11eb-ad30-0800273f11ea">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.14.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.14.5:</p>
	<blockquote cite="https://blog.gitea.io/2021/07/gitea-1.14.5-is-released/">
	  <ul>
	    <li>Hide mirror passwords on repo settings page (#16022) (#16355)</li>
	    <li>Update bluemonday to v1.0.15 (#16379) (#16380)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.14.5</url>
      <freebsdpr>ports/257221</freebsdpr>
    </references>
    <dates>
      <discovery>2021-05-16</discovery>
      <entry>2021-07-18</entry>
    </dates>
  </vuln>

  <vuln vid="1ba21ff1-e672-11eb-a686-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>91.0.4472.164</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html">
	  <p>This release contains 8 security fixes, including:</p>
	  <ul>
	    <li>[1219082] High CVE-2021-30559: Out of bounds write in ANGLE.
	      Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
	      2021-06-11</li>
	    <li>[1214842] High CVE-2021-30541: Use after free in V8. Reported by
	      Richard Wheeldon on 2021-05-31</li>
	    <li>[1219209] High CVE-2021-30560: Use after free in Blink XSLT.
	      Reported by Nick Wellnhofer on 2021-06-12</li>
	    <li>[1219630] High CVE-2021-30561: Type Confusion in V8. Reported by
	      Sergei Glazunov of Google Project Zero on 2021-06-14</li>
	    <li>[1220078] High CVE-2021-30562: Use after free in WebSerial.
	      Reported by Anonymous on 2021-06-15</li>
	    <li>[1228407] High CVE-2021-30563: Type Confusion in V8. Reported by
	      Anonymous on 2021-07-12</li>
	    <li>[1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR.
	      Reported by Ali Merchant, iQ3Connect VR Platform on
	      2021-06-17</li>
	  </ul>
	  <p>Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30541</cvename>
      <cvename>CVE-2021-30559</cvename>
      <cvename>CVE-2021-30560</cvename>
      <cvename>CVE-2021-30561</cvename>
      <cvename>CVE-2021-30562</cvename>
      <cvename>CVE-2021-30563</cvename>
      <cvename>CVE-2021-30564</cvename>
      <url>https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-07-15</discovery>
      <entry>2021-07-16</entry>
    </dates>
  </vuln>

  <vuln vid="7ed5779c-e4c7-11eb-91d7-08002728f74c">
    <topic>Ruby -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>ruby26</name>
	<range><lt>2.6.8,1</lt></range>
      </package>
      <package>
	<name>ruby</name>
	<range><lt>2.7.4,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><lt>3.0.2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ruby news:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/">
	  <p>This release includes security fixes. Please check the topics below for details.</p>
	  <p>CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP</p>
	  <p>CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP</p>
	  <p>CVE-2021-31799: A command injection vulnerability in RDoc</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-31799</cvename>
      <cvename>CVE-2021-31810</cvename>
      <cvename>CVE-2021-32066</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-6-8-released/</url>
      <url>https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/</url>
      <url>https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/</url>
      <url>https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/</url>
      <url>https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/</url>
      <url>https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/</url>
    </references>
    <dates>
      <discovery>2021-07-07</discovery>
      <entry>2021-07-14</entry>
    </dates>
  </vuln>

  <vuln vid="c365536d-e3cf-11eb-9d8d-b37b683944c2">
    <topic>go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.16.6,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/47143">
		<p>crypto/tls clients can panic when provided a certificate of
		 the wrong type for the negotiated parameters. net/http clients
		 performing HTTPS requests are also affected. The panic can be
		 triggered by an attacker in a privileged network position
		 without access to the server certificate's private key, as
		 long as a trusted ECDSA or Ed25519 certificate for the server
		 exists (or can be issued), or the client is configured with
		 Config.InsecureSkipVerify. Clients that disable all TLS_RSA
		 cipher suites (that is, TLS 1.0–1.2 cipher suites without
		 ECDHE), as well as TLS 1.3-only clients, are unaffected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-34558</cvename>
      <url>https://github.com/golang/go/issues/47143</url>
    </references>
    <dates>
      <discovery>2021-07-07</discovery>
      <entry>2021-07-12</entry>
    </dates>
  </vuln>

  <vuln vid="9b1699ff-d84c-11eb-92d6-1b6ff3dfe4d3">
    <topic>mantis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mantis-php73</name>
	<name>mantis-php74</name>
	<name>mantis-php80</name>
	<range><lt>2.25.2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mantis 2.25.1 and 2.25.2 releases report:</p>
	<blockquote cite="https://mantisbt.org/bugs/changelog_page.php?version_id=362">
	  <p>Security and maintenance release, PHPMailer update to 6.5.0</p>
	  <ul>
	    <li>0028552: XSS in manage_custom_field_edit_page.php (CVE-2021-33557)</li>
	    <li>0028821: Update PHPMailer to 6.5.0 (CVE-2021-3603, CVE-2020-36326)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33557</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33557</url>
      <cvename>CVE-2021-3603</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3603</url>
      <cvename>CVE-2020-36326</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-36326</url>
    </references>
    <dates>
      <discovery>2021-04-28</discovery>
      <entry>2021-07-09</entry>
    </dates>
  </vuln>

  <vuln vid="01974420-dfaf-11eb-ba49-001b217b3468">
    <topic>Gitlab -- vulnerability</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.0.0</ge><lt>14.0.4</lt></range>
	<range><ge>13.12.0</ge><lt>13.12.8</lt></range>
	<range><ge>13.11.0</ge><lt>13.11.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/">
	  <p>Arbitrary file read via design feature</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/</url>
    </references>
    <dates>
      <discovery>2021-07-07</discovery>
      <entry>2021-07-08</entry>
    </dates>
  </vuln>

  <vuln vid="d49f86ab-d9c7-11eb-a200-00155d01f201">
    <topic>Exiv2 -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>exiv2</name>
	<range><lt>0.27.4,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Exiv2 teams reports:</p>
	<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories">
	  <p>Multiple vulnerabilities covering buffer overflows, out-of-bounds,
	    read of uninitialized memory and denial of serivce. The heap
	    overflow is triggered when Exiv2 is used to read the metadata of
	    a crafted image file. An attacker could potentially exploit the
	    vulnerability to gain code execution, if they can trick the victim
	    into running Exiv2 on a crafted image file. The out-of-bounds read
	    is triggered when Exiv2 is used to write metadata into a crafted
	    image file. An attacker could potentially exploit the vulnerability
	    to cause a denial of service by crashing Exiv2, if they can trick
	    the victim into running Exiv2 on a crafted image file. The read of
	    uninitialized memory is triggered when Exiv2 is used to read the
	    metadata of a crafted image file. An attacker could potentially
	    exploit the vulnerability to leak a few bytes of stack memory, if
	    they can trick the victim into running Exiv2 on a crafted image
	    file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29457</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm</url>
      <cvename>CVE-2021-29458</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5</url>
      <cvename>CVE-2021-29463</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr</url>
      <cvename>CVE-2021-29464</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p</url>
      <cvename>CVE-2021-29470</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj</url>
      <cvename>CVE-2021-29473</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2</url>
      <cvename>CVE-2021-29623</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v</url>
      <cvename>CVE-2021-32617</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj</url>
      <cvename>CVE-2021-3482</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9</url>
    </references>
    <dates>
      <discovery>2021-04-25</discovery>
      <entry>2021-06-30</entry>
    </dates>
  </vuln>

  <vuln vid="f2596f27-db4c-11eb-8bc6-c556d71493c9">
    <topic>openexr v3.0.5 -- fixes miscellaneous security issues</topic>
    <affects>
      <package>
	<name>openexr</name>
	<range><lt>3.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cary Phillips reports:</p>
	<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5">
	  <ul>
	    <li>1038 fix/extend part number validation in MultiPart methods</li>
	    <li>1037 verify data size in deepscanlines with NO_COMPRESSION</li>
	    <li>1036 detect buffer overflows in RleUncompress</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5</url>
    </references>
    <dates>
      <discovery>2021-06-03</discovery>
      <entry>2021-07-02</entry>
    </dates>
  </vuln>

  <vuln vid="8ba8278d-db06-11eb-ba49-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.0.0</ge><lt>14.0.2</lt></range>
	<range><ge>13.12.0</ge><lt>13.12.6</lt></range>
	<range><ge>8.0.0</ge><lt>13.11.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/">
	  <p>DoS using Webhook connections</p>
	  <p>CSRF on GraphQL API allows executing mutations through GET requests</p>
	  <p>Private projects information disclosure</p>
	  <p>Denial of service of user profile page</p>
	  <p>Single sign-on users not getting blocked</p>
	  <p>Some users can push to Protected Branch with Deploy keys</p>
	  <p>A deactivated user can access data through GraphQL</p>
	  <p>Reflected XSS in release edit page</p>
	  <p>Clipboard DOM-based XSS</p>
	  <p>Stored XSS on Audit Log</p>
	  <p>Forks of public projects by project members could leak codebase</p>
	  <p>Improper text rendering</p>
	  <p>HTML Injection in full name field</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/</url>
    </references>
    <dates>
      <discovery>2021-07-01</discovery>
      <entry>2021-07-02</entry>
    </dates>
  </vuln>

  <vuln vid="9d271bab-da22-11eb-86f0-94c691a700a6">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.300</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.289.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-06-30/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-2278 / CVE-2021-21670</h5>
	  <p>Improper permission checks allow canceling queue items and aborting builds</p>
	  <h5>(High) SECURITY-2371 / CVE-2021-21671</h5>
	  <p>Session fixation vulnerability</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21670</cvename>
      <cvename>CVE-2021-21671</cvename>
      <url>https://www.jenkins.io/security/advisory/2021-06-30/</url>
    </references>
    <dates>
      <discovery>2021-06-30</discovery>
      <entry>2021-07-01</entry>
    </dates>
  </vuln>

  <vuln vid="7003b62d-7252-46ff-a9df-1b1900f1e65b">
    <topic>RabbitMQ -- Denial of Service via improper input validation</topic>
    <affects>
      <package>
	<name>rabbitmq</name>
	<range><lt>3.8.16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jonathon Knudsen of Synopsys Cybersecurity Research Center reports:</p>
	<blockquote cite="https://tanzu.vmware.com/security/cve-2021-22116">
      <p>All versions prior to 3.8.16 are prone to a denial of service
	  vulnerability due to improper input validation in AMQP 1.0 client
	  connection endpoint. A malicious client can exploit the vulnerability
	  by sending malicious AMQP messages to the target RabbitMQ instance
	  having the AMQP 1.0 plugin enabled.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22116</cvename>
      <url>https://tanzu.vmware.com/security/cve-2021-22116</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22116</url>
    </references>
    <dates>
      <discovery>2021-05-10</discovery>
      <entry>2021-06-28</entry>
    </dates>
  </vuln>

  <vuln vid="7c555ce3-658d-4589-83dd-4b6a31c5d610">
    <topic>RabbitMQ-C -- integer overflow leads to heap corruption</topic>
    <affects>
      <package>
	<name>rabbitmq-c</name>
	<name>rabbitmq-c-devel</name>
	<range><lt>0.10.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>alanxz reports:</p>
	<blockquote cite="https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a">
	  <p>When parsing a frame header, validate that the frame_size is less than
	or equal to INT32_MAX. Given frame_max is limited between 0 and
	INT32_MAX in amqp_login and friends, this does not change the API.
	This prevents a potential buffer overflow when a malicious client sends
	a frame_size that is close to UINT32_MAX, in which causes an overflow
	when computing state-&gt;target_size resulting in a small value there. A
	buffer is then allocated with the small amount, then memcopy copies the
	frame_size writing to memory beyond the end of the buffer.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-18609</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18609</url>
    </references>
    <dates>
      <discovery>2019-10-29</discovery>
      <entry>2021-06-25</entry>
    </dates>
</vuln>

  <vuln vid="41bc849f-d5ef-11eb-ae37-589cfc007716">
    <topic>PuppetDB -- SQL Injection</topic>
    <affects>
      <package>
       <name>puppetdb6</name>
       <range><lt>6.17.0</lt></range>
      </package>
      <package>
       <name>puppetdb7</name>
       <range><lt>7.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Puppet reports:</p>
       <blockquote cite="https://puppet.com/docs/puppetdb/latest/release_notes.html#security-fixes">
	<p>Fixed an issue where someone with the ability to query PuppetDB
	    could arbitrarily write, update, or delete data CVE-2021-27021
	    PDB-5138.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-27021</cvename>
      <url>https://puppet.com/security/cve/cve-2021-27021/</url>
      <url>https://tickets.puppetlabs.com/browse/PDB-5138</url>
    </references>
    <dates>
      <discovery>2021-06-24</discovery>
      <entry>2021-06-25</entry>
    </dates>
  </vuln>

  <vuln vid="4c9159ea-d4c9-11eb-aeee-8c164582fbac">
    <topic>Ansible -- Templating engine bug</topic>
    <affects>
      <package>
	<name>py36-ansible-core</name>
	<name>py37-ansible-core</name>
	<name>py38-ansible-core</name>
	<name>py39-ansible-core</name>
	<range><lt>2.11.2</lt></range>
      </package>
      <package>
	<name>py36-ansible-base</name>
	<name>py37-ansible-base</name>
	<name>py38-ansible-base</name>
	<name>py39-ansible-base</name>
	<range><lt>2.10.11</lt></range>
      </package>
      <package>
	<name>py36-ansible2</name>
	<name>py37-ansible2</name>
	<name>py38-ansible2</name>
	<name>py39-ansible2</name>
	<range><lt>2.9.23</lt></range>
      </package>
      <package>
	<name>py36-ansible</name>
	<name>py37-ansible</name>
	<name>py38-ansible</name>
	<name>py39-ansible</name>
	<range><lt>2.9.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ansible developers report:</p>
	<blockquote cite="https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#security-fixes">
	  <p>Templating engine fix for not preserving usnafe status
	    when trying to preserve newlines.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3583</cvename>
      <url>https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#security-fixes</url>
      <url>https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#security-fixes</url>
      <url>https://github.com/ansible/ansible/pull/74960</url>
      <url>https://groups.google.com/g/ansible-announce/c/tmIgD1DpZJg</url>
    </references>
    <dates>
      <discovery>2021-06-10</discovery>
      <entry>2021-06-24</entry>
      <modified>2021-06-25</modified>
    </dates>
  </vuln>

  <vuln vid="f3fc2b50-d36a-11eb-a32c-00a0989e4ec1">
    <topic>dovecot-pigeonhole -- Sieve excessive resource usage</topic>
    <affects>
      <package>
	<name>dovecot-pigeonhole</name>
	<range><lt>0.5.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dovecot team reports reports:</p>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html">
	  <p>Sieve interpreter is not protected against abusive
	    scripts that claim excessive resource usage. Fixed by limiting the
	    user CPU time per single script execution and cumulatively over
	    several script runs within a configurable timeout period. Sufficiently
	    large CPU time usage is summed in the Sieve script binary and execution
	    is blocked when the sum exceeds the limit within that time. The block
	    is lifted when the script is updated after the resource usage times out.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-28200</cvename>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html</url>
    </references>
    <dates>
      <discovery>2020-09-23</discovery>
      <entry>2021-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="d18f431d-d360-11eb-a32c-00a0989e4ec1">
    <topic>dovecot -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dovecot</name>
	<range><ge>2.3.11</ge><lt>2.3.14.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dovecot team reports:</p>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html">
	    <p>CVE-2021-29157: Dovecot does not correctly escape kid and azp
	      fields in JWT tokens.
	      This may be used to supply attacker controlled keys to validate
	      tokens in some configurations. This requires attacker
	      to be able to write files to
	      local disk.</p>
	</blockquote>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html">
	    <p>CVE-2021-33515: On-path attacker could inject plaintext commands
	      before STARTTLS negotiation that would be executed after STARTTLS
	      finished with the client. Only the SMTP submission service is
	      affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29157</cvename>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html</url>
      <cvename>CVE-2021-33515</cvename>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html</url>
    </references>
    <dates>
      <discovery>2021-03-22</discovery>
      <entry>2021-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="0e561c06-d13a-11eb-92be-0800273f11ea">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.14.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.14.3:</p>
	<blockquote cite="https://blog.gitea.io/2021/06/gitea-1.14.3-is-released/">
	  <ul>
	    <li>Encrypt migration credentials at rest (#15895) (#16187)</li>
	    <li>Only check access tokens if they are likely to be tokens
	      (#16164) (#16171)</li>
	    <li>Add missing SameSite settings for the i_like_gitea cookie
	      (#16037) (#16039)</li>
	    <li>Fix setting of SameSite on cookies (#15989) (#15991)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.14.3</url>
      <freebsdpr>ports/256720</freebsdpr>
    </references>
    <dates>
      <discovery>2021-05-16</discovery>
      <entry>2021-06-19</entry>
    </dates>
  </vuln>

  <vuln vid="afdc7579-d023-11eb-bcad-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>91.0.4472.114</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html">
	  <p>This release includes 4 security fixes, including:</p>
	  <ul>
	    <li>[1219857] High CVE-2021-30554: Use after free in WebGL. Reported
	      by anonymous on 2021-06-15</li>
	    <li>[1215029] High CVE-2021-30555: Use after free in Sharing.
	      Reported by David Erceg on 2021-06-01</li>
	    <li>[1212599] High CVE-2021-30556: Use after free in WebAudio.
	      Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24</li>
	    <li>[1202102] High CVE-2021-30557: Use after free in TabGroups.
	      Reported by David Erceg on 2021-04-23</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30554</cvename>
      <cvename>CVE-2021-30555</cvename>
      <cvename>CVE-2021-30556</cvename>
      <cvename>CVE-2021-30557</cvename>
      <url>https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html</url>
    </references>
    <dates>
      <discovery>2021-06-17</discovery>
      <entry>2021-06-18</entry>
    </dates>
  </vuln>

  <vuln vid="9f27ac74-cdee-11eb-930d-fc4dd43e2b6a">
    <topic>ircII -- denial of service</topic>
    <affects>
      <package>
	<name>ircii</name>
	<range><lt>20210314</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michael Ortmann reports:</p>
	<blockquote cite="https://www.openwall.com/lists/oss-security/2021/03/24/2">
	  <p>ircii has a bug in parsing CTCP UTC messages.</p>
	  <p>Its unknown if this could also be used for arbitrary code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29376</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29376</url>
    </references>
    <dates>
      <discovery>2021-03-02</discovery>
      <entry>2021-03-30</entry>
    </dates>
  </vuln>

  <vuln vid="cce76eca-ca16-11eb-9b84-d4c9ef517024">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.48</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd reports:</p>
	<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
	  <ul>
	    <li>moderate: mod_proxy_wstunnel tunneling of non Upgraded
	      connections (CVE-2019-17567)</li>
	    <li>moderate: Improper Handling of Insufficient Privileges
	      (CVE-2020-13938)</li>
	    <li>low: mod_proxy_http NULL pointer dereference
	      (CVE-2020-13950)</li>
	    <li>low: mod_auth_digest possible stack overflow by one nul byte
	      (CVE-2020-35452)</li>
	    <li>low: mod_session NULL pointer dereference (CVE-2021-26690)</li>
	    <li>low: mod_session response handling heap overflow (CVE-2021-26691)</li>
	    <li>moderate: Unexpected URL matching with 'MergeSlashes OFF'
	      (CVE-2021-30641)</li>
	    <li>important: NULL pointer dereference on specially crafted HTTP/2
	      request (CVE-2021-31618)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-17567</cvename>
      <cvename>CVE-2020-13938</cvename>
      <cvename>CVE-2020-13950</cvename>
      <cvename>CVE-2020-35452</cvename>
      <cvename>CVE-2021-26690</cvename>
      <cvename>CVE-2021-26691</cvename>
      <cvename>CVE-2021-30641</cvename>
      <cvename>CVE-2021-31618</cvename>
      <url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
    </references>
    <dates>
      <discovery>2021-06-09</discovery>
      <entry>2021-06-10</entry>
    </dates>
  </vuln>

  <vuln vid="c9e2a1a7-caa1-11eb-904f-14dae9d5a9d2">
    <topic>dragonfly -- argument injection</topic>
    <affects>
      <package>
	<name>rubygem-dragonfly</name>
	<range><lt>2.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-33564">
	  <p>An argument injection vulnerability in the Dragonfly
	  gem before 1.4.0 for Ruby allows remote attackers to read
	  and write to arbitrary files via a crafted URL when the
	  verify_url option is disabled. This may lead to code
	  execution. The problem occurs because the generate and
	  process features mishandle use of the ImageMagick convert
	  utility.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33564</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-33564</url>
      <url>https://github.com/mlr0p/CVE-2021-33564</url>
      <url>https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33564</url>
    </references>
    <dates>
      <discovery>2021-05-24</discovery>
      <entry>2021-06-11</entry>
    </dates>
  </vuln>

  <vuln vid="e4cd0b38-c9f9-11eb-87e1-08002750c711">
    <topic>cacti -- SQL Injection was possible due to incorrect validation order</topic>
    <affects>
      <package>
	<name>cacti</name>
	<range><ge>1.2</ge><lt>1.2.17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cati team reports:</p>
	<blockquote cite="https://github.com/Cacti/cacti/issues/4022">
	  <p>Due to a lack of validation, data_debug.php can be the source of a SQL injection.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-35701</cvename>
      <url>https://github.com/Cacti/cacti/issues/4022</url>
    </references>
    <dates>
      <discovery>2020-12-24</discovery>
      <entry>2021-06-10</entry>
      <modified>2021-06-24</modified>
    </dates>
  </vuln>

  <vuln vid="20b3ab21-c9df-11eb-8558-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>91.0.4472.101</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html">
	  <p>This release contains 14 security fixes, including:</p>
	  <ul>
	    <li>[1212618] Critical CVE-2021-30544: Use after free in BFCache.
	      Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
	      2021-05-24</li>
	    <li>[1201031] High CVE-2021-30545: Use after free in Extensions.
	      Reported by kkwon with everpall and kkomdal on 2021-04-21</li>
	    <li>[1206911] High CVE-2021-30546: Use after free in Autofill.
	      Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
	      Research on 2021-05-08</li>
	    <li>[1210414] High CVE-2021-30547: Out of bounds write in ANGLE.
	      Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
	      2021-05-18</li>
	    <li>[1210487] High CVE-2021-30548: Use after free in Loader.
	      Reported by Yangkang(@dnpushme) &amp; Wanglu of Qihoo360 Qex Team
	      on 2021-05-18</li>
	    <li>[1212498] High CVE-2021-30549: Use after free in Spell check.
	      Reported by David Erceg on 2021-05-23</li>
	    <li>[1212500] High CVE-2021-30550: Use after free in Accessibility.
	      Reported by David Erceg on 2021-05-23</li>
	    <li>[1216437] High CVE-2021-30551: Type Confusion in V8. Reported by
	      Sergei Glazunov of Google Project Zero on 2021-06-04</li>
	    <li>[1200679] Medium CVE-2021-30552: Use after free in Extensions.
	      Reported by David Erceg on 2021-04-20</li>
	    <li>[1209769] Medium CVE-2021-30553: Use after free in Network
	      service. Reported by Anonymous on 2021-05-17</li>
	  </ul>
	  <p>Google is aware that an exploit for CVE-2021-30551 exists in the
	    wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30544</cvename>
      <cvename>CVE-2021-30545</cvename>
      <cvename>CVE-2021-30546</cvename>
      <cvename>CVE-2021-30547</cvename>
      <cvename>CVE-2021-30548</cvename>
      <cvename>CVE-2021-30549</cvename>
      <cvename>CVE-2021-30550</cvename>
      <cvename>CVE-2021-30551</cvename>
      <cvename>CVE-2021-30552</cvename>
      <cvename>CVE-2021-30553</cvename>
      <url>https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-06-10</discovery>
      <entry>2021-06-10</entry>
    </dates>
  </vuln>

  <vuln vid="fc1bcbca-c88b-11eb-9120-f02f74d0e4bd">
    <topic>dino -- Path traversal in Dino file transfers</topic>
    <affects>
      <package>
	<name>dino</name>
	<range><lt>0.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dino team reports:</p>
	<blockquote cite="https://dino.im/security/cve-2021-33896/">
	  <p>It was discovered that when a user receives and downloads
	  a file in Dino, URI-encoded path separators in the file name
	  will be decoded, allowing an attacker to traverse
	  directories and create arbitrary files in the context of the
	  user.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33896</cvename>
      <mlist msgid="392f934a-f937-7b29-5f7f-5df3ee60d8a8@.larma.de">https://marc.info/?l=oss-security&amp;m=162308719412719</mlist>
      <url>https://dino.im/security/cve-2021-33896/</url>
    </references>
    <dates>
      <discovery>2021-06-07</discovery>
      <entry>2021-06-08</entry>
    </dates>
  </vuln>

  <vuln vid="45b8716b-c707-11eb-b9a0-6805ca0b3d42">
    <topic>pglogical -- shell command injection in pglogical.create_subscription()</topic>
    <affects>
      <package>
	<name>pglogical</name>
	<range><lt>2.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>2ndQuadrant reports:</p>
	<blockquote cite="https://github.com/2ndQuadrant/pglogical/releases/tag/REL2_3_4">
	  <ul>
	    <li>
	      Fix pg_dump/pg_restore execution (CVE-2021-3515)<br />
	      <br />
	      Correctly escape the connection string for both pg_dump
	      and pg_restore so that exotic database and user names are
	      handled correctly.<br />
	      <br />
	      Reported by Pedro Gallegos
	    </li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3515</cvename>
      <url>https://github.com/2ndQuadrant/pglogical/releases/tag/REL2_3_4</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1954112</url>
    </references>
    <dates>
      <discovery>2021-06-01</discovery>
      <entry>2021-06-06</entry>
    </dates>
  </vuln>

  <vuln vid="f70ab05e-be06-11eb-b983-000c294bb613">
    <topic>drupal7 -- fix possible CSS</topic>
    <affects>
      <package>
	<name>drupal7</name>
	<range><gt>7.0</gt><lt>7.80</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Drupal Security team reports:</p>
	<blockquote cite="https://www.drupal.org/sa-core-2021-002">
	  <p>Drupal core's sanitization API fails to properly filter
		cross-site scripting under certain circumstances.
		Not all sites and users are affected, but configuration
		changes to prevent the exploit might be impractical
		and will vary between sites. Therefore, we recommend
		all sites update to this release as soon as
		possible.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2020-13672</cvename>
    </references>
    <dates>
      <discovery>2021-04-21</discovery>
      <entry>2021-06-06</entry>
    </dates>
  </vuln>

  <vuln vid="36a35d83-c560-11eb-84ab-e0d55e2a8bf9">
    <topic>polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync</topic>
    <affects>
      <package>
	<name>polkit</name>
	<range><lt>0.119</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cedric Buissart reports:</p>
	<blockquote cite="https://seclists.org/oss-sec/2021/q2/180">
	  <p>The function <code>polkit_system_bus_name_get_creds_sync</code> is used to get the
	  uid and pid of the process requesting the action. It does this by
	  sending the unique bus name of the requesting process, which is
	  typically something like ":1.96", to <code>dbus-daemon</code>. These unique names
	  are assigned and managed by <code>dbus-daemon</code> and cannot be forged, so this
	  is a good way to check the privileges of the requesting process.</p>
	  <p>The vulnerability happens when the requesting process disconnects from
	  <code>dbus-daemon</code> just before the call to
	  <code>polkit_system_bus_name_get_creds_sync</code> starts. In this scenario, the
	  unique bus name is no longer valid, so <code>dbus-daemon</code> sends back an error
	  reply. This error case is handled in
	  <code>polkit_system_bus_name_get_creds_sync</code> by setting the value of the
	  <code>error</code> parameter, but it still returns <code>TRUE</code>, rather than <code>FALSE</code>.
	  This behavior means that all callers of
	  <code>polkit_system_bus_name_get_creds_sync</code> need to carefully check whether
	  an error was set. If the calling function forgets to check for errors
	  then it will think that the uid of the requesting process is 0 (because
	  the <code>AsyncGetBusNameCredsData</code> struct is zero initialized). In other
	  words, it will think that the action was requested by a root process,
	  and will therefore allow it.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3560</cvename>
      <url>https://seclists.org/oss-sec/2021/q2/180</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560</url>
      <url>https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a</url>
    </references>
    <dates>
      <discovery>2021-06-03</discovery>
      <entry>2021-06-04</entry>
    </dates>
  </vuln>

  <vuln vid="69815a1d-c31d-11eb-9633-b42e99a1b9c3">
    <topic>SOGo -- SAML user authentication impersonation</topic>
    <affects>
      <package>
	<name>sogo</name>
	<range><lt>5.1.1</lt></range>
      </package>
      <package>
	<name>sogo-activesync</name>
	<range><lt>5.1.1</lt></range>
      </package>
      <package>
	<name>sogo2</name>
	<range><lt>2.4.1</lt></range>
      </package>
      <package>
	<name>sogo2-activesync</name>
	<range><lt>2.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>sogo.nu reports:</p>
	<blockquote cite="https://www.sogo.nu/news/2021/saml-vulnerability.html">
	  <p>SOGo was not validating the signatures of any SAML assertions it received.</p>
	  <p>This means any actor with network access to the deployment could impersonate</p>
	  <p>users when SAML was the authentication method.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33054</cvename>
      <url>https://www.sogo.nu/news/2021/saml-vulnerability.html</url>
      <url>https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html</url>
    </references>
    <dates>
      <discovery>2021-06-01</discovery>
      <entry>2021-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="c7855866-c511-11eb-ae1d-b42e991fc52e">
    <topic>tauthon -- Regular Expression Denial of Service</topic>
    <affects>
      <package>
	<name>tauthon</name>
	<range><lt>2.8.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p></p>
	<blockquote cite="https://github.com/naftaliharris/tauthon/blob/master/Misc/NEWS.d/2.8.3.rst">
	  <p>The :class:`~urllib.request.AbstractBasicAuthHandler` class
	    of the :mod:`urllib.request` module uses an inefficient
	    regular expression which can be exploited by an
	    attacker to cause a denial of service</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-8492</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8492</url>
    </references>
    <dates>
      <discovery>2020-01-30</discovery>
      <entry>2021-06-04</entry>
    </dates>
  </vuln>

  <vuln vid="417de1e6-c31b-11eb-9633-b42e99a1b9c3">
    <topic>lasso -- signature checking failure</topic>
    <affects>
      <package>
	<name>lasso</name>
	<range><lt>2.7.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>entrouvert reports:</p>
    <blockquote cite="https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0">
      <p>When AuthnResponse messages are not signed (which is
  permitted by the specifiation), all assertion's signatures should be
  checked, but currently after the first signed assertion is checked all
  following assertions are accepted without checking their signature, and
  the last one is considered the main assertion.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28091</cvename>
      <url>https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0</url>
    </references>
    <dates>
      <discovery>2021-06-01</discovery>
      <entry>2021-06-01</entry>
    </dates>
  </vuln>

  <vuln vid="079b3641-c4bd-11eb-a22a-693f0544ae52">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.16.5,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/45910">
	  <p>The SetString and UnmarshalText methods of math/big.Rat may cause a
	    panic or an unrecoverable fatal error if passed inputs with very
	    large exponents.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/46313">
	  <p>ReverseProxy in net/http/httputil could be made to forward certain
	    hop-by-hop headers, including Connection. In case the target of the
	    ReverseProxy was itself a reverse proxy, this would let an attacker
	    drop arbitrary headers, including those set by the
	    ReverseProxy.Director.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/46241">
	  <p>The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr
	    functions in net, and their respective methods on the Resolver type
	    may return arbitrary values retrieved from DNS which do not follow
	    the established RFC 1035 rules for domain names. If these names are
	    used without further sanitization, for instance unsafely included in
	    HTML, they may allow for injection of unexpected content. Note that
	    LookupTXT may still return arbitrary values that could require
	    sanitization before further use.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/46242">
	  <p>The NewReader and OpenReader functions in archive/zip can cause a
	    panic or an unrecoverable fatal error when reading an archive that
	    claims to contain a large number of files, regardless of its actual
	    size.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33198</cvename>
      <url>https://github.com/golang/go/issues/45910</url>
      <cvename>CVE-2021-33197</cvename>
      <url>https://github.com/golang/go/issues/46313</url>
      <cvename>CVE-2021-33195</cvename>
      <url>https://github.com/golang/go/issues/46241</url>
      <cvename>CVE-2021-33196</cvename>
      <url>https://github.com/golang/go/issues/46242</url>
    </references>
    <dates>
      <discovery>2021-05-01</discovery>
      <entry>2021-06-03</entry>
    </dates>
  </vuln>

  <vuln vid="3000acee-c45d-11eb-904f-14dae9d5a9d2">
    <topic>aiohttp -- open redirect vulnerability</topic>
    <affects>
      <package>
	<name>py36-aiohttp</name>
	<name>py37-aiohttp</name>
	<name>py38-aiohttp</name>
	<name>py39-aiohttp</name>
	<range><le>3.7.3</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Sviatoslav Sydorenko reports:</p>
	<blockquote cite="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg">
	  <p>Open redirect vulnerability — a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website.</p>
	  <p>It is caused by a bug in the <code>aiohttp.web_middlewares.normalize_path_middleware</code> middleware.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21330</cvename>
      <url>https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-21330</url>
    </references>
    <dates>
      <discovery>2021-02-25</discovery>
      <entry>2021-06-03</entry>
      <modified>2021-06-23</modified>
    </dates>
  </vuln>

  <vuln vid="a550d62c-f78d-4407-97d9-93876b6741b9">
    <topic>zeek -- several potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>4.0.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.2">
	  <p> Fix potential Undefined Behavior in decode_netbios_name()
	  and decode_netbios_name_type() BIFs. The latter has a
	  possibility of a remote heap-buffer-overread, making this
	  a potential DoS vulnerability.</p>
	  <p> Add some extra length checking when parsing mobile
	  ipv6 packets. Due to the possibility of reading invalid
	  headers from remote sources, this is a potential DoS
	  vulnerability. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v4.0.2</url>
    </references>
    <dates>
      <discovery>2021-04-30</discovery>
      <entry>2021-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="c7ec6375-c3cf-11eb-904f-14dae9d5a9d2">
    <topic>PyYAML -- arbitrary code execution</topic>
    <affects>
      <package>
	<name>py36-yaml</name>
	<name>py37-yaml</name>
	<name>py38-yaml</name>
	<name>py39-yaml</name>
	<range><lt>5.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>A vulnerability was discovered in the PyYAML library
	in versions before 5.4, where it is susceptible to arbitrary
	code execution when it processes untrusted YAML files
	through the full_load method or with the FullLoader loader.
	Applications that use the library to process untrusted
	input may be vulnerable to this flaw. This flaw allows
	an attacker to execute arbitrary code on the system by
	abusing the python/object/new constructor. This flaw is
	due to an incomplete fix for CVE-2020-1747.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-14343</cvename>
      <url>https://github.com/yaml/pyyaml/issues/420</url>
      <url>https://access.redhat.com/security/cve/CVE-2020-14343</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1860466</url>
    </references>
    <dates>
      <discovery>2020-07-22</discovery>
      <entry>2021-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="e24fb8f8-c39a-11eb-9370-b42e99a1b9c3">
    <topic>isc-dhcp -- remotely exploitable vulnerability</topic>
    <affects>
      <package>
	<name>isc-dhcp44-relay</name>
	<range><lt>4.4.2-P1</lt></range>
      </package>
      <package>
	<name>isc-dhcp44-server</name>
	<range><lt>4.4.2-P1</lt></range>
      </package>
      <package>
	<name>isc-dhcp44-client</name>
	<range><lt>4.4.2-P1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michael McNally reports:</p>
	<blockquote cite="https://seclists.org/oss-sec/2021/q2/170">
	  <p>Program code used by the ISC DHCP package to read and parse stored leases</p>
	  <p>has a defect that can be exploited by an attacker to cause one of several
	     undesirable outcomes</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-25217</cvename>
      <url>https://kb.isc.org/docs/cve-2021-25217</url>
    </references>
    <dates>
      <discovery>2021-05-26</discovery>
      <entry>2021-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="5f52d646-c31f-11eb-8dcf-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.12.0</ge><lt>13.12.2</lt></range>
	<range><ge>13.11.0</ge><lt>13.11.5</lt></range>
	<range><ge>7.10.0</ge><lt>13.10.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/">
	  <p>Stealing GitLab OAuth access tokens using XSLeaks in Safari</p>
	  <p>Denial of service through recursive triggered pipelines</p>
	  <p>Unauthenticated CI lint API may lead to information disclosure and SSRF</p>
	  <p>Server-side DoS through rendering crafted Markdown documents</p>
	  <p>Issue and merge request length limit is not being enforced</p>
	  <p>Insufficient Expired Password Validation</p>
	  <p>XSS in blob viewer of notebooks</p>
	  <p>Logging of Sensitive Information</p>
	  <p>On-call rotation information exposed when removing a member</p>
	  <p>Spoofing commit author for signed commits</p>
	  <p>Enable qsh verification for Atlassian Connect</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22181</cvename>
      <url>https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/</url>
    </references>
    <dates>
      <discovery>2021-06-01</discovery>
      <entry>2021-06-01</entry>
    </dates>
  </vuln>

  <vuln vid="8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c">
    <topic>redis -- integer overflow</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>6.0.0</ge><lt>6.0.14</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><ge>6.2.0</ge><lt>6.2.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis development team reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/RLTwi1kKsCI">
	  <p>An integer overflow bug in Redis version 6.0 or newer can be
	    exploited using the STRALGO LCS command to corrupt the heap and
	    potentially result with remote code execution. This is a result
	    of an incomplete fix by CVE-2021-29477.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32625</cvename>
      <url>https://groups.google.com/g/redis-db/c/RLTwi1kKsCI</url>
    </references>
    <dates>
      <discovery>2021-06-01</discovery>
      <entry>2021-06-01</entry>
    </dates>
  </vuln>

  <vuln vid="58d6ed66-c2e8-11eb-9fb0-6451062f0f7a">
    <topic>libX11 -- Arbitrary code execution</topic>
    <affects>
      <package>
	<name>libX11</name>
	<range><lt>1.7.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.org project reports:</p>
	<blockquote cite="https://lists.freedesktop.org/archives/xorg/2021-May/060699.html">
	  <p>XLookupColor() and other X libraries function lack proper validation
	    of the length of their string parameters. If those parameters can be
	    controlled by an external application (for instance a color name that
	    can be emitted via a terminal control sequence) it can lead to the
	    emission of extra X protocol requests to the X server.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-31535</cvename>
      <url>https://lists.freedesktop.org/archives/xorg/2021-May/060699.html</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-31535</url>
    </references>
    <dates>
      <discovery>2021-05-11</discovery>
      <entry>2021-06-01</entry>
    </dates>
  </vuln>

  <vuln vid="59ab72fb-bccf-11eb-a38d-6805ca1caf5c">
    <topic>Prometheus -- arbitrary redirects</topic>
    <affects>
      <package>
	<name>prometheus2</name>
	<range><ge>2.23.0</ge><lt>2.26.1</lt></range>
	<range><eq>2.27.0</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Prometheus reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-29622">
	  <p>
	    Prometheus is an open-source monitoring system and time series
	    database. In 2.23.0, Prometheus changed its default UI to the New
	    ui. To ensure a seamless transition, the URL's prefixed by /new
	    redirect to /. Due to a bug in the code, it is possible for an
	    attacker to craft an URL that can redirect to any other URL, in the
	    /new endpoint. If a user visits a prometheus server with a
	    specially crafted address, they can be redirected to an arbitrary
	    URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In
	    2.28.0, the /new endpoint will be removed completely. The
	    workaround is to disable access to /new via a reverse proxy in
	    front of Prometheus.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29622</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-29622</url>
    </references>
    <dates>
      <discovery>2021-05-18</discovery>
      <entry>2021-06-01</entry>
    </dates>
  </vuln>

  <vuln vid="fd24a530-c202-11eb-b217-b42e99639323">
    <topic>wayland -- integer overflow</topic>
    <affects>
      <package>
	<name>wayland</name>
	<range><lt>1.19.0_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tobias Stoeckmann reports:</p>
	<blockquote
	  cite="https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133">
	  <p>The libXcursor fix for CVE-2013-2003 has never been imported into wayland, leaving it vulnerable to it.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-2003</cvename>
      <url>https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133</url>
      <freebsdpr>ports/256273</freebsdpr>
    </references>
    <dates>
      <discovery>2021-05-02</discovery>
      <entry>2021-05-31</entry>
    </dates>
  </vuln>

  <vuln vid="107c7a76-beaa-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Missing message validation in libradius(3)</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_1</lt></range>
	<range><ge>12.2</ge><lt>12.2_7</lt></range>
	<range><ge>11.4</ge><lt>11.4_10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>libradius did not perform sufficient validation of received messages.</p>
	<p>rad_get_attr(3) did not verify that the attribute length is valid before
	subtracting the length of the Type and Length fields.  As a result, it
	could return success while also providing a bogus length of SIZE_T_MAX -
	2 for the Value field.</p>
	<p>When processing attributes to find an optional authenticator,
	is_valid_response() failed to verify that each attribute length is
	non-zero and could thus enter an infinite loop.</p>
	<h1>Impact:</h1>
	<p>A server may use libradius(3) to process messages from RADIUS clients.
	In this case, a malicious client could trigger a denial-of-service in
	the server.  A client using libradius(3) to process messages from a
	server is susceptible to the same problem.</p>
	<p>The impact of the rad_get_attr(3) bug depends on how the returned length
	is validated and used by the consumer.  It is possible that libradius(3)
	applications will crash or enter an infinite loop when calling
	rad_get_attr(3) on untrusted RADIUS messages.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29629</cvename>
      <freebsdsa>SA-21:12.libradius</freebsdsa>
    </references>
    <dates>
      <discovery>2021-05-27</discovery>
      <entry>2021-05-27</entry>
    </dates>
  </vuln>

  <vuln vid="d1ac6a6a-bea8-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD-kernel -- SMAP bypass</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.0</ge><lt>13.0_1</lt></range>
	<range><ge>12.2</ge><lt>12.2_7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The FreeBSD kernel enables SMAP during boot when the CPU reports that
	the SMAP capability is present.  Subroutines such as copyin() and
	copyout() are responsible for disabling SMAP around the sections of code
	that perform user memory accesses.</p>
	<p>Such subroutines must handle page faults triggered when user memory is
	not mapped.  The kernel's page fault handler checks the validity of the
	fault, and if it is indeed valid it will map a page and resume copying.
	If the fault is invalid, the fault handler returns control to a
	trampoline which aborts the operation and causes an error to be
	returned.  In this second scenario, a bug in the implementation of SMAP
	support meant that SMAP would remain disabled until the thread returns
	to user mode.</p>
	<h1>Impact:</h1>
	<p>This bug may be used to bypass the protections provided by SMAP for the
	duration of a system call.  It could thus be combined with other kernel
	bugs to craft an exploit.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29628</cvename>
      <freebsdsa>SA-21:11.smap</freebsdsa>
    </references>
    <dates>
      <discovery>2021-05-27</discovery>
      <entry>2021-05-27</entry>
    </dates>
  </vuln>

  <vuln vid="674ed047-be0a-11eb-b927-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>91.0.4472.77</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html">
	  <p>This release contains 32 security fixes, including:</p>
	  <ul>
	    <li>[1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.
	      Reported by ZhanJia Song on 2021-05-13</li>
	    <li>[1176218] High CVE-2021-30522: Use after free in WebAudio.
	      Reported by Piotr Bania of Cisco Talos on 2021-02-09</li>
	    <li>[1187797] High CVE-2021-30523: Use after free in WebRTC.
	      Reported by Tolyan Korniltsev on 2021-03-13</li>
	    <li>[1197146] High CVE-2021-30524: Use after free in TabStrip.
	      Reported by David Erceg on 2021-04-08</li>
	    <li>[1197888] High CVE-2021-30525: Use after free in TabGroups.
	      Reported by David Erceg on 2021-04-11</li>
	    <li>[1198717] High CVE-2021-30526: Out of bounds write in
	      TabStrip. Reported by David Erceg on 2021-04-13</li>
	    <li>[1199198] High CVE-2021-30527: Use after free in WebUI.
	      Reported by David Erceg on 2021-04-15</li>
	    <li>[1206329] High CVE-2021-30528: Use after free in
	      WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on
	      2021-05-06</li>
	    <li>[1195278] Medium CVE-2021-30529: Use after free in Bookmarks.
	      Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of
	      360 Alpha Lab on 2021-04-02</li>
	    <li>[1201033] Medium CVE-2021-30530: Out of bounds memory access
	      in WebAudio. Reported by kkwon on 2021-04-21</li>
	    <li>[1115628] Medium CVE-2021-30531: Insufficient policy
	      enforcement in Content Security Policy. Reported by Philip Papurt on
	      2020-08-12</li>
	    <li>[1117687] Medium CVE-2021-30532: Insufficient policy
	      enforcement in Content Security Policy. Reported by Philip Papurt on
	      2020-08-18</li>
	    <li>[1145553] Medium CVE-2021-30533: Insufficient policy
	      enforcement in PopupBlocker. Reported by Eliya Stein on
	      2020-11-04</li>
	    <li>[1151507] Medium CVE-2021-30534: Insufficient policy
	      enforcement in iFrameSandbox. Reported by Alesandro Ortiz on
	      2020-11-20</li>
	    <li>[1194899] Medium CVE-2021-30535: Double free in ICU. Reported
	      by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on
	      2021-04-01</li>
	    <li>[1145024] Medium CVE-2021-21212: Insufficient data validation
	      in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese
	      University of Hong Kong on 2020-11-03</li>
	    <li>[1194358] Low CVE-2021-30536: Out of bounds read in V8.
	      Reported by Chris Salls (@salls) on 2021-03-31</li>
	    <li>[830101] Low CVE-2021-30537: Insufficient policy enforcement
	      in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06</li>
	    <li>[1115045] Low CVE-2021-30538: Insufficient policy enforcement
	      in content security policy. Reported by Tianze Ding (@D1iv3) of
	      Tencent Security Xuanwu Lab on 2020-08-11</li>
	    <li>[971231] Low CVE-2021-30539: Insufficient policy enforcement
	      in content security policy. Reported by unnamed researcher on
	      2019-06-05</li>
	    <li>[1184147] Low CVE-2021-30540: Incorrect security UI in
	      payments. Reported by @retsew0x01 on 2021-03-03</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30521</cvename>
      <cvename>CVE-2021-30522</cvename>
      <cvename>CVE-2021-30523</cvename>
      <cvename>CVE-2021-30524</cvename>
      <cvename>CVE-2021-30525</cvename>
      <cvename>CVE-2021-30526</cvename>
      <cvename>CVE-2021-30527</cvename>
      <cvename>CVE-2021-30528</cvename>
      <cvename>CVE-2021-30529</cvename>
      <cvename>CVE-2021-30530</cvename>
      <cvename>CVE-2021-30531</cvename>
      <cvename>CVE-2021-30532</cvename>
      <cvename>CVE-2021-30533</cvename>
      <cvename>CVE-2021-30534</cvename>
      <cvename>CVE-2021-30535</cvename>
      <cvename>CVE-2021-21212</cvename>
      <cvename>CVE-2021-30536</cvename>
      <cvename>CVE-2021-30537</cvename>
      <cvename>CVE-2021-30538</cvename>
      <cvename>CVE-2021-30539</cvename>
      <cvename>CVE-2021-30540</cvename>
      <url>https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html</url>
    </references>
    <dates>
      <discovery>2021-05-25</discovery>
      <entry>2021-05-26</entry>
    </dates>
  </vuln>

  <vuln vid="21ec4428-bdaa-11eb-a04e-641c67a117d8">
    <topic>libzmq4 -- Denial of Service</topic>
    <affects>
      <package>
	<name>libzmq4</name>
	<range><lt>4.3.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Google's oss-fuzz project reports:</p>
	<blockquote cite="https://github.com/zeromq/libzmq/releases/tag/v4.3.3">
	  <p>Denial-of-Service on CURVE/ZAP-protected servers by
	    unauthenticated clients.
	    If a raw TCP socket is opened and connected to an endpoint that is fully
	    configured with CURVE/ZAP, legitimate clients will not be able to exchange
	    any message. Handshakes complete successfully, and messages are delivered to
	    the library, but the server application never receives them.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-15166</cvename>
      <url>https://github.com/zeromq/libzmq/releases/tag/v4.3.3</url>
      <url>https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m</url>
      <freebsdpr>ports/255102</freebsdpr>
    </references>
    <dates>
      <discovery>2020-09-07</discovery>
      <entry>2021-05-25</entry>
    </dates>
  </vuln>

  <vuln vid="6954a2b0-bda8-11eb-a04e-641c67a117d8">
    <topic>libzmq4 -- Stack overflow</topic>
    <affects>
      <package>
	<name>libzmq4</name>
	<range><lt>4.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Fang-Pen Lin reports:</p>
	<blockquote cite="https://github.com/zeromq/libzmq/releases/tag/v4.3.2">
	  <p>A remote, unauthenticated client connecting to a
	    libzmq application, running with a socket listening with CURVE
	    encryption/authentication enabled, may cause a stack overflow and
	    overwrite the stack with arbitrary data, due to a buffer overflow in
	    the library. Users running public servers with the above configuration
	    are highly encouraged to upgrade as soon as possible, as there are no
	    known mitigations.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-13132</cvename>
      <url>https://github.com/zeromq/libzmq/releases/tag/v4.3.2</url>
      <url>https://github.com/zeromq/libzmq/issues/3558</url>
      <freebsdpr>ports/255102</freebsdpr>
    </references>
    <dates>
      <discovery>2019-06-27</discovery>
      <entry>2021-05-25</entry>
    </dates>
  </vuln>

  <vuln vid="0882f019-bd60-11eb-9bdd-8c164567ca3c">
    <topic>NGINX -- 1-byte memory overwrite in resolver</topic>
    <affects>
      <package>
	<name>nginx</name>
	<range><lt>1.20.1,2</lt></range>
      </package>
      <package>
	<name>nginx-devel</name>
	<range><lt>1.21.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NGINX team reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017">
	  <p>1-byte memory overwrite might occur during DNS server response
	   processing if the "resolver" directive was used, allowing an
	   attacker who is able to forge UDP packets from the DNS server
	   to cause worker process crash or, potentially, arbitrary code
	   execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-23017</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017</url>
    </references>
    <dates>
      <discovery>2021-05-25</discovery>
      <entry>2021-05-25</entry>
    </dates>
  </vuln>

  <vuln vid="58b22f3a-bc71-11eb-b9c9-6cc21735f730">
    <topic>PG Partition Manager -- arbitrary code execution</topic>
    <affects>
      <package>
	<name>pg_partman</name>
	<range><lt>4.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PG Partition Manager reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-33204">
	  <p>
	    In the pg_partman (aka PG Partition Manager) extension before 4.5.1
	    for PostgreSQL, arbitrary code execution can be achieved via
	    SECURITY DEFINER functions because an explicit search_path is not
	    set.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33204</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-33204</url>
    </references>
    <dates>
      <discovery>2021-05-21</discovery>
      <entry>2021-05-24</entry>
    </dates>
  </vuln>

  <vuln vid="5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9">
    <topic>texproc/expat2 -- billion laugh attack</topic>
    <affects>
      <package>
	<name>expat</name>
	<range><lt>2.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Kurt Seifried reports:</p>
	<blockquote cite="https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/">
	  <p>So here are the CVE's for the two big ones, libxml2 and expat.
	     Both are affected by the expansion of internal entities
	     (which can be used to consume resources) and external entities
	     (which can cause a denial of service against other services, be
	     used to port scan, etc.).</p>
	   <p>A billion laughs attack is a type of denial-of-service attack
	     which is aimed at parsers of XML documents.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-0340</cvename>
	<url>https://www.openwall.com/lists/oss-security/2013/02/22/3</url>
	<url>https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/</url>
	<url>https://nvd.nist.gov/vuln/detail/CVE-2013-0340</url>
    </references>
    <dates>
      <discovery>2013-02-21</discovery>
      <entry>2021-05-24</entry>
    </dates>
  </vuln>

  <vuln vid="524bd03a-bb75-11eb-bf35-080027f515ea">
    <topic>libxml2 -- Possible denial of service</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.9.10_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Daniel Veillard reports:</p>
	<blockquote cite="https://ubuntu.com/security/CVE-2021-3541">
	  <p>
	    A flaw was found in libxml2. Exponential entity expansion attack
	    its possible bypassing all existing protection mechanisms and
	    leading to denial of service.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3541</cvename>
      <url>https://ubuntu.com/security/CVE-2021-3541</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e</url>
    </references>
    <dates>
      <discovery>2021-05-18</discovery>
      <entry>2021-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="62da9702-b4cc-11eb-b9c9-6cc21735f730">
    <topic>PostgreSQL server -- two security issues</topic>
    <affects>
      <package>
	<name>postgresql13-server</name>
	<range><lt>13.3</lt></range>
      </package>
      <package>
	<name>postgresql12-server</name>
	<range><lt>12.7</lt></range>
      </package>
      <package>
	<name>postgresql11-server</name>
	<range><lt>11.12</lt></range>
      </package>
      <package>
	<name>postgresql10-server</name>
	<range><lt>10.17</lt></range>
      </package>
      <package>
	<name>postgresql96-server</name>
	<range><lt>9.6.22</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PostgreSQL project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2021-32028/">
	  <p>Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE</p>
	  <p>
	    Using an INSERT ... ON CONFLICT ... DO UPDATE command on a
	    purpose-crafted table, an attacker can read arbitrary bytes of
	    server memory. In the default configuration, any authenticated
	    database user can create prerequisite objects and complete this
	    attack at will. A user lacking the CREATE and TEMPORARY privileges
	    on all databases and the CREATE privilege on all schemas cannot use
	    this attack at will..
	  </p>
	</blockquote>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2021-32027/">
	  <p>
	    Buffer overrun from integer overflow in array subscripting
	    calculations
	  </p>
	  <p>
	    While modifying certain SQL array values, missing bounds checks let
	    authenticated database users write arbitrary bytes to a wide area of
	    server memory.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.postgresql.org/support/security/CVE-2021-32027/</url>
      <url>https://www.postgresql.org/support/security/CVE-2021-32028/</url>
    </references>
    <dates>
      <discovery>2021-05-13</discovery>
      <entry>2021-05-14</entry>
    </dates>
  </vuln>

  <vuln vid="76e0bb86-b4cb-11eb-b9c9-6cc21735f730">
    <topic>PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING</topic>
    <affects>
      <package>
	<name>postgresql13-server</name>
	<range><lt>13.3</lt></range>
      </package>
      <package>
	<name>postgresql12-server</name>
	<range><lt>12.7</lt></range>
      </package>
      <package>
	<name>postgresql11-server</name>
	<range><lt>11.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PostgreSQL project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2021-32029/">
	  <p>
	    Using an UPDATE ... RETURNING on a purpose-crafted partitioned
	    table, an attacker can read arbitrary bytes of server memory. In the
	    default configuration, any authenticated database user can create
	    prerequisite objects and complete this attack at will. A user
	    lacking the CREATE and TEMPORARY privileges on all databases and the
	    CREATE privilege on all schemas typically cannot use this attack at
	    will.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.postgresql.org/support/security/CVE-2021-32029/</url>
    </references>
    <dates>
      <discovery>2021-05-13</discovery>
      <entry>2021-05-14</entry>
    </dates>
  </vuln>

  <vuln vid="fc75570a-b417-11eb-a23d-c7ab331fd711">
    <topic>Prosody -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>prosody</name>
	<range><lt>0.11.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Prosody security advisory 2021-05-12 reports:</p>
	<blockquote cite="https://prosody.im/security/advisory_20210512/">
	  <p>
	    This advisory details 5 new security vulnerabilities discovered in the
	    Prosody.im XMPP server software. All issues are fixed in the 0.11.9
	    release default configuration.
	  </p>
	  <ul>
	    <li>CVE-2021-32918: DoS via insufficient memory consumption controls</li>
	    <li>CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU consumption</li>
	    <li>CVE-2021-32921: Use of timing-dependent string comparison with sensitive values</li>
	    <li>CVE-2021-32917: Use of mod_proxy65 is unrestricted in default configuration</li>
	    <li>CVE-2021-32919: Undocumented dialback-without-dialback option insecure</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32918</cvename>
      <cvename>CVE-2021-32920</cvename>
      <cvename>CVE-2021-32921</cvename>
      <cvename>CVE-2021-32917</cvename>
      <cvename>CVE-2021-32919</cvename>
    </references>
    <dates>
      <discovery>2021-05-12</discovery>
      <entry>2021-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="3e0ca488-b3f6-11eb-a5f7-a0f3c100ae18">
    <topic>ImageMagick6 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>ImageMagick6</name>
	<name>ImageMagick6-nox11</name>
	<range><lt>6.9.12.12,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CVE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ImageMagick">
	  <p>Several vulnerabilities have been discovered in ImageMagick:</p>
	  <ul>
	    <li>CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12,
	    where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger
	    undefined behavior via a crafted image file submitted to an application using ImageMagick.</li>
	    <li>CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 in gem.c.
	    This flaw allows an attacker who submits a crafted file that is processed by ImageMagick
	    to trigger undefined behavior through a division by zero.</li>
	    <li>CVE-2020-29599: ImageMagick before 6.9.11-40  mishandles the -authenticate option,
	    which allows setting a password for password-protected PDF files.</li>
	    <li>And maybe some others…</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-29599</cvename>
      <cvename>CVE-2021-20176</cvename>
      <cvename>CVE-2021-20309</cvename>
    </references>
    <dates>
      <discovery>2020-12-17</discovery>
      <entry>2021-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="a7c60af1-b3f1-11eb-a5f7-a0f3c100ae18">
    <topic>ImageMagick7 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>ImageMagick7</name>
	<name>ImageMagick7-nox11</name>
	<range><lt>7.0.11.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CVE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ImageMagick">
	  <p>Several vulnerabilities have been discovered in ImageMagick:</p>
	  <ul>
	    <li>CVE-2021-20313: A flaw was found in ImageMagick in versions before 7.0.11.
	    A potential cipher leak when the calculate signatures in TransformSignature is possible.</li>
	    <li>CVE-2021-20312: A flaw was found in ImageMagick in versions 7.0.11,
	    where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger
	    undefined behavior via a crafted image file that is submitted by an attacker and
	    processed by an application using ImageMagick.</li>
	    <li>CVE-2021-20311: A flaw was found in ImageMagick in versions before 7.0.11,
	    where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c
	    may trigger undefined behavior via a crafted image file that is submitted by an
	    attacker processed by an application using ImageMagick.</li>
	    <li>CVE-2021-20310: A flaw was found in ImageMagick in versions before 7.0.11,
	    where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger
	    undefined behavior via a crafted image file that is submitted by an attacker
	    and processed by an application using ImageMagick.</li>
	    <li>CVE-2021-20309: A flaw was found in ImageMagick in versions before 7.0.11,
	    where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger
	    undefined behavior via a crafted image file submitted to an application using ImageMagick.</li>
	    <li>And several others…</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-27829</cvename>
      <cvename>CVE-2020-29599</cvename>
      <cvename>CVE-2021-20176</cvename>
      <cvename>CVE-2021-20241</cvename>
      <cvename>CVE-2021-20243</cvename>
      <cvename>CVE-2021-20244</cvename>
      <cvename>CVE-2021-20245</cvename>
      <cvename>CVE-2021-20246</cvename>
      <cvename>CVE-2021-20309</cvename>
      <cvename>CVE-2021-20310</cvename>
      <cvename>CVE-2021-20311</cvename>
      <cvename>CVE-2021-20312</cvename>
      <cvename>CVE-2021-20313</cvename>
    </references>
    <dates>
      <discovery>2020-10-27</discovery>
      <entry>2021-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="f947aa26-b2f9-11eb-a5f7-a0f3c100ae18">
    <topic>Pillow -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py38-pillow</name>
	<range><lt>8.2.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>python-pillow reports:</p>
	<blockquote cite="https://github.com/python-pillow/Pillow/pull/5377/commits/8ec027867f19633d9adfc5c8b7504d9b609fc5f1">
	  <p>This release fixes several vulnerabilities found with `OSS-Fuzz`.</p>
	  <ul>
	    <li>`CVE-2021-25288`: Fix OOB read in Jpeg2KDecode.
	    This dates to Pillow 2.4.0.</li>
	    <li>`CVE-2021-28675`: Fix DOS in PsdImagePlugin.
	    This dates to the PIL fork.</li>
	    <li>`CVE-2021-28676`: Fix FLI DOS.
	    This dates to the PIL fork.</li>
	    <li>`CVE-2021-28677`: Fix EPS DOS on _open.
	    This dates to the PIL fork.</li>
	    <li>`CVE-2021-28678`: Fix BLP DOS.
	    This dates to Pillow 5.1.0.</li>
	    <li>Fix memory DOS in ImageFont.
	    This dates to the PIL fork.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-25288</cvename>
      <cvename>CVE-2021-28675</cvename>
      <cvename>CVE-2021-28676</cvename>
      <cvename>CVE-2021-28677</cvename>
      <cvename>CVE-2021-28678</cvename>
    </references>
    <dates>
      <discovery>2021-04-01</discovery>
      <entry>2021-05-12</entry>
    </dates>
  </vuln>

  <vuln vid="3cac007f-b27e-11eb-97a0-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>90.0.4430.212</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html">
	  <p>This release contains 19 security fixes, including:</p>
	  <ul>
	    <li>[1180126] High CVE-2021-30506: Incorrect security UI in Web App
	      Installs. Reported by @retsew0x01 on 2021-02-19</li>
	    <li>[1178202] High CVE-2021-30507: Inappropriate implementation in
	      Offline. Reported by Alison Huffman, Microsoft Browser
	      Vulnerability Research on 2021-02-14</li>
	    <li>[1195340] High CVE-2021-30508: Heap buffer overflow in Media
	      Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-04-02</li>
	    <li>[1196309] High CVE-2021-30509: Out of bounds write in Tab Strip.
	      Reported by David Erceg on 2021-04-06</li>
	    <li>[1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng
	      Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group
	      on 2021-04-09</li>
	    <li>[1197875] High CVE-2021-30511: Out of bounds read in Tab Groups.
	      Reported by David Erceg on 2021-04-10</li>
	    <li>[1200019] High CVE-2021-30512: Use after free in Notifications.
	      Reported by ZhanJia Song on 2021-04-17</li>
	    <li>[1200490] High CVE-2021-30513: Type Confusion in V8. Reported by
	      Man Yue Mo of GitHub Security Lab on 2021-04-19</li>
	    <li>[1200766] High CVE-2021-30514: Use after free in Autofill.
	      Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of
	      360 Alpha Lab on 2021-04-20</li>
	    <li>[1201073] High CVE-2021-30515: Use after free in File API.
	      Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
	      2021-04-21</li>
	    <li>[1201446] High CVE-2021-30516: Heap buffer overflow in History.
	      Reported by ZhanJia Song on 2021-04-22</li>
	    <li>[1203122] High CVE-2021-30517: Type Confusion in V8. Reported by
	      laural on 2021-04-27</li>
	    <li>[1203590] High CVE-2021-30518: Heap buffer overflow in Reader
	      Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
	      Research on 2021-04-28</li>
	    <li>[1194058] Medium CVE-2021-30519: Use after free in Payments.
	      Reported by asnine on 2021-03-30</li>
	    <li>[1193362] Medium CVE-2021-30520: Use after free in Tab Strip.
	      Reported by Khalil Zhani on 2021-04-03</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-30506</cvename>
      <cvename>CVE-2021-30507</cvename>
      <cvename>CVE-2021-30508</cvename>
      <cvename>CVE-2021-30509</cvename>
      <cvename>CVE-2021-30510</cvename>
      <cvename>CVE-2021-30511</cvename>
      <cvename>CVE-2021-30512</cvename>
      <cvename>CVE-2021-30513</cvename>
      <cvename>CVE-2021-30514</cvename>
      <cvename>CVE-2021-30515</cvename>
      <cvename>CVE-2021-30516</cvename>
      <cvename>CVE-2021-30517</cvename>
      <cvename>CVE-2021-30518</cvename>
      <cvename>CVE-2021-30519</cvename>
      <cvename>CVE-2021-30520</cvename>
      <url>https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-05-10</discovery>
      <entry>2021-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="278561d7-b261-11eb-b788-901b0e934d69">
    <topic>py-matrix-synapse -- malicious push rules may be used for a denial of service attack.</topic>
    <affects>
      <package>
	<name>py36-matrix-synapse</name>
	<name>py37-matrix-synapse</name>
	<name>py38-matrix-synapse</name>
	<name>py39-matrix-synapse</name>
	<range><lt>1.33.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85">
	  <p>"Push rules" can specify conditions under which they will match,
	    including event_match, which matches event content against a
	    pattern including wildcards.
	    Certain patterns can cause very poor performance in the matching
	    engine, leading to a denial-of-service when processing moderate
	    length events.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29471</cvename>
      <url>https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85</url>
    </references>
    <dates>
      <discovery>2021-05-11</discovery>
      <entry>2021-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="12156786-b18a-11eb-8cba-080027b00c2e">
    <topic>cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.</topic>
    <affects>
      <package>
	<name>cyrus-imapd34</name>
	<range><ge>3.4.0</ge><lt>3.4.1</lt></range>
      </package>
      <package>
	<name>cyrus-imapd32</name>
	<range><ge>3.2.0</ge><lt>3.2.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cyrus IMAP 3.4.1 Release Notes states:</p>
	<blockquote cite="https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html">
	  <p>Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote authenticated user could stall replication, requiring administrator intervention.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32056</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32056</url>
    </references>
    <dates>
      <discovery>2021-05-05</discovery>
      <entry>2021-05-10</entry>
    </dates>
  </vuln>

  <vuln vid="49346de2-b015-11eb-9bdf-f8b156b6dcc8">
    <topic>FLAC -- out-of-bounds read</topic>
    <affects>
      <package>
	<name>flac</name>
	<range><lt>1.3.3_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oss-Fuzz reports:</p>
	<blockquote cite="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069">
	  <p>There is a possible out of bounds read due to a heap
	    buffer overflow in FLAC__bitreader_read_rice_signed_block
	    of bitreader.c.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069</url>
      <cvename>CVE-2020-0499</cvename>
    </references>
    <dates>
      <discovery>2019-09-08</discovery>
      <entry>2021-05-08</entry>
    </dates>
  </vuln>

  <vuln vid="f7a00ad7-ae75-11eb-8113-08002728f74c">
    <topic>Rails -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-actionpack52</name>
	<range><lt>5.2.6</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack60</name>
	<range><lt>6.0.3.7</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack61</name>
	<range><lt>6.1.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ruby on Rails blog:</p>
	<blockquote cite="https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/">
	  <p>Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These
	    releases contain important security fixes. Here is a list of the issues
	    fixed:</p>
	  <p>CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack</p>
	  <p>CVE-2021-22902: Possible Denial of Service vulnerability in Action Dispatch</p>
	  <p>CVE-2021-22903: Possible Open Redirect Vulnerability in Action Pack</p>
	  <p>CVE-2021-22904: Possible DoS Vulnerability in Action Controller Token Authentication</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22885-possible-information-disclosure-unintended-method-execution-in-action-pack/77868</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869</url>
      <cvename>CVE-2021-22885</cvename>
      <cvename>CVE-2021-22902</cvename>
      <cvename>CVE-2021-22903</cvename>
      <cvename>CVE-2021-22904</cvename>
    </references>
    <dates>
      <discovery>2021-05-05</discovery>
      <entry>2021-05-07</entry>
    </dates>
  </vuln>

  <vuln vid="7f242313-aea5-11eb-8151-67f74cf7c704">
    <topic>go -- net/http: ReadRequest can stack overflow due to recursion with very large headers</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.16.4,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/45710">
	  <p>http.ReadRequest can stack overflow due to recursion when given a
	    request with a very large header (~8-10MB depending on the
	    architecture). A http.Server which overrides the default max header
	    of 1MB by setting Server.MaxHeaderBytes to a much larger value could
	    also be vulnerable in the same way.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-31525</cvename>
      <url>https://github.com/golang/go/issues/45710</url>
    </references>
    <dates>
      <discovery>2021-04-22</discovery>
      <entry>2021-05-06</entry>
    </dates>
  </vuln>

  <vuln vid="50ec3a01-ad77-11eb-8528-8c164582fbac">
    <topic>Ansible -- Insecure Temporary File</topic>
    <affects>
      <package>
	<name>py36-ansible</name>
	<name>py37-ansible</name>
	<name>py38-ansible</name>
	<name>py39-ansible</name>
	<name>py36-ansible27</name>
	<range><ge>2.9.0</ge><le>2.9.9</le></range>
      </package>
      <package>
	<name>py37-ansible27</name>
	<name>py38-ansible27</name>
	<name>py39-ansible27</name>
	<range><ge>2.7.0</ge><le>2.7.18</le></range>
      </package>
      <package>
	<name>py36-ansible28</name>
	<name>py37-ansible28</name>
	<name>py38-ansible28</name>
	<name>py39-ansible28</name>
	<range><ge>2.8.0</ge><le>2.8.12</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-10744">
	<p>
	  An incomplete fix was found for the fix of the flaw CVE-2020-1733
	  ansible: insecure temporary directory when running become_user from
	  become directive. The provided fix is insufficient to prevent the
	  race condition on systems using ACLs and FUSE filesystems..
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-10744</url>
      <cvename>CVE-2020-10744</cvename>
    </references>
    <dates>
      <discovery>2020-05-15</discovery>
      <entry>2021-05-05</entry>
    </dates>
  </vuln>

  <vuln vid="1766359c-ad6e-11eb-b2a4-080027e50e6d">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-django22</name>
	<name>py37-django22</name>
	<name>py38-django22</name>
	<name>py39-django22</name>
	<range><lt>2.2.21</lt></range>
      </package>
      <package>
	<name>py36-django31</name>
	<name>py37-django31</name>
	<name>py38-django31</name>
	<name>py39-django31</name>
	<range><lt>3.1.9</lt></range>
      </package>
      <package>
	<name>py36-django32</name>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<range><lt>3.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django Release reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2021/may/04/security-releases/">
	  <p>CVE-2021-31542:Potential directory-traversal via uploaded files.</p>
	  <p>MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal
	    via uploaded files with suitably crafted file names.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.djangoproject.com/weblog/2021/may/04/security-releases/</url>
      <cvename>CVE-2021-31542</cvename>
    </references>
    <dates>
      <discovery>2021-04-22</discovery>
      <entry>2021-05-05</entry>
    </dates>
  </vuln>

  <vuln vid="bffa40db-ad50-11eb-86b8-080027846a02">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python38</name>
	<range><lt>3.8.10</lt></range>
      </package>
      <package>
	<name>python39</name>
	<range><lt>3.9.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://docs.python.org/3/whatsnew/changelog.html#changelog">
	  <p>bpo-43434: Creating a sqlite3.Connection object now also produces a
	    sqlite3.connect auditing event. Previously this event was only produced
	    by sqlite3.connect() calls. Patch by Erlend E. Aasland.</p>
	  <p>bpo-43882: The presence of newline or tab characters in parts of a URL
	    could allow some forms of attacks.Following the controlling specification
	    for URLs defined by WHATWG urllib.parse() now removes A SCII newlines
	    and tabs from URLs, preventing such attacks.</p>
	  <p>bpo-43472: Ensures interpreter-level audit hooks receive the cpython.
	    PyInterpreterState_New event when called through the _xxsubinterpreters
	    module.</p>
	  <p>bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4
	    address strings. Leading zeros are ambiguous and interpreted as octal
	    notation by some libraries. For example the legacy function socket.inet_aton()
	    treats leading zeros as octal notatation. glibc implementation of modern
	    inet_pton() does not accept any leading zeros. For a while the ipaddress
	    module used to accept ambiguous leading zeros.</p>
	  <p>bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
	    in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has
	    quadratic worst-case complexity and it allows cause a denial of service
	    when identifying crafted invalid RFCs. This ReDoS issue is on the client
	    side and needs remote attackers to control the HTTP server.</p>
	  <p>bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
	    and generator code/frame attribute access.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://docs.python.org/3/whatsnew/changelog.html#changelog</url>
      <url>https://docs.python.org/3.8/whatsnew/changelog.html#changelog</url>
    </references>
    <dates>
      <discovery>2021-03-08</discovery>
      <entry>2021-05-05</entry>
    </dates>
  </vuln>

  <vuln vid="1606b03b-ac57-11eb-9bdd-8c164567ca3c">
    <topic>redis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>6.0.0</ge><lt>6.0.13</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><ge>6.2.0</ge><lt>6.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis project reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/6GSWzTW0PR8">
	  <dl>
	    <dt>Vulnerability in the STRALGO LCS command</dt>
	    <dd>
	      An integer overflow bug in Redis version 6.0 or newer could be
	      exploited using the STRALGO LCS command to corrupt the heap and
	      potentially result with remote code execution.
	    </dd>
	    <dt>Vulnerability in the COPY command for large intsets</dt>
	    <dd>
	      An integer overflow bug in Redis 6.2 could be exploited to corrupt
	      the heap and potentially result with remote code execution.
	      The vulnerability involves changing the default set-max-intset-entries
	      configuration value, creating a large set key that consists of
	      integer values and using the COPY command to duplicate it.
	      The integer overflow bug exists in all versions of Redis starting
	      with 2.6, where it could result with a corrupted RDB or DUMP payload,
	      but not exploited through COPY (which did not exist before 6.2).
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29477</cvename>
      <cvename>CVE-2021-29478</cvename>
      <url>https://groups.google.com/g/redis-db/c/6GSWzTW0PR8</url>
    </references>
    <dates>
      <discovery>2021-05-03</discovery>
      <entry>2021-05-03</entry>
    </dates>
  </vuln>

  <vuln vid="57027417-ab7f-11eb-9596-080027f515ea">
    <topic>RDoc -- command injection vulnerability</topic>
    <affects>
      <package>
	<name>rubygem-rdoc</name>
	<range><lt>6.3.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Alexandr Savca reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/">
	  <p>
	    RDoc used to call Kernel#open to open a local file. If a Ruby project
	    has a file whose name starts with | and ends with tags, the command
	    following the pipe character is executed. A malicious Ruby project
	    could exploit it to run an arbitrary command execution against a user
	    who attempts to run rdoc command.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-31799</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/</url>
    </references>
    <dates>
      <discovery>2021-05-02</discovery>
      <entry>2021-05-02</entry>
    </dates>
  </vuln>

  <vuln vid="0add6e6b-6883-11eb-b0cb-f8b156c2bfe9">
    <topic>sympa -- Unauthorised full access via SOAP API due to illegal cookie</topic>
    <affects>
      <package>
	<name>sympa</name>
	<range><lt>6.2.60</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Sympa community reports:</p>
	<blockquote cite="https://github.com/sympa-community/sympa/issues/1041">
	  <p>Unauthorised full access via SOAP API due to illegal cookie</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-29668</cvename>
      <url>https://sympa-community.github.io/security/2020-003.html</url>
    </references>
    <dates>
      <discovery>2020-11-24</discovery>
      <entry>2021-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="6f33d38b-aa18-11eb-b3f1-005056a311d1">
    <topic>samba -- negative idmap cache entries vulnerability</topic>
    <affects>
      <package>
	<name>samba412</name>
	<range><lt>4.12.15</lt></range>
      </package>
      <package>
	<name>samba413</name>
	<range><lt>4.13.8</lt></range>
      </package>
      <package>
	<name>samba414</name>
	<range><lt>4.14.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/history/security.html">
	  <ul>
	  <li>CVE-2021-20254: Negative idmap cache entries can cause incorrect
	      group entries in the Samba file server process token.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.samba.org/samba/security/CVE-2021-20254.html</url>
      <cvename>CVE-2021-20254</cvename>
    </references>
    <dates>
      <discovery>2021-04-29</discovery>
      <entry>2021-05-01</entry>
    </dates>
  </vuln>

  <vuln vid="518a119c-a864-11eb-8ddb-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.11.0</ge><lt>13.11.2</lt></range>
	<range><ge>13.10.0</ge><lt>13.10.4</lt></range>
	<range><ge>11.6.0</ge><lt>13.9.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/">
	  <p>Read API scoped tokens can execute mutations</p>
	  <p>Pull mirror credentials were exposed</p>
	  <p>Denial of Service when querying repository branches API</p>
	  <p>Non-owners can set system_note_timestamp when creating / updating issues</p>
	  <p>DeployToken will impersonate a User with the same ID when using Dependency Proxy</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/</url>
      <cvename>CVE-2021-22209</cvename>
      <cvename>CVE-2021-22206</cvename>
      <cvename>CVE-2021-22210</cvename>
      <cvename>CVE-2021-22208</cvename>
      <cvename>CVE-2021-22211</cvename>
    </references>
    <dates>
      <discovery>2021-04-28</discovery>
      <entry>2021-04-28</entry>
    </dates>
  </vuln>

  <vuln vid="76a07f31-a860-11eb-8ddb-001b217b3468">
    <topic>Carrierwave -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-carrierwave</name>
	<range><lt>1.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Community reports:</p>
	<blockquote cite="https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08">
	  <p>Fix Code Injection vulnerability in CarrierWave::RMagick</p>
	  <p>Fix SSRF vulnerability in the remote file download feature</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08</url>
      <cvename>CVE-2021-21288</cvename>
      <cvename>CVE-2021-21305</cvename>
    </references>
    <dates>
      <discovery>2021-02-08</discovery>
      <entry>2021-04-28</entry>
    </dates>
  </vuln>

  <vuln vid="31a7ffb1-a80a-11eb-b159-f8b156c2bfe9">
    <topic>sympa -- Inappropriate use of the cookie parameter can be a security threat. This parameter may also not provide sufficient security.</topic>
    <affects>
      <package>
	<name>sympa</name>
	<range><lt>6.2.62</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Earlier versions of Sympa require a parameter named cookie in sympa.conf
	configuration file.</p>
	<blockquote cite="https://sympa-community.github.io/security/2021-001.html">
	<p>This parameter was used to make some identifiers generated by the system
	unpredictable. For example, it was used as following:</p>
	<ul><li>To be used as a salt to encrypt passwords stored in the database by
	the RC4 symmetric key algorithm.
	<p>Note that RC4 is no longer considered secure enough and is not supported
	in the current version of Sympa.</p></li>
	<li>To prevent attackers from sending crafted messages to achieve XSS and
	so on in message archives.</li></ul>
	<p>There were the following problems with the use of this parameter.</p>
	<ol><li>This parameter, for its purpose, should be different for each
	installation, and once set, it cannot be changed. As a result, some sites
	have been operating without setting this parameter. This completely
	invalidates the security measures described above.</li>
	<li>Even if this parameter is properly set, it may be considered not being
	strong enough against brute force attacks.</li></ol>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://sympa-community.github.io/security/2021-001.html</url>
    </references>
    <dates>
      <discovery>2021-04-27</discovery>
      <entry>2021-04-27</entry>
    </dates>
  </vuln>

  <vuln vid="9fba80e0-a771-11eb-97a0-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>90.0.4430.93</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html">
	  <p>This release contains 9 security fixes, including:</p>
	  <ul>
	    <li>[1199345] High CVE-2021-21227: Insufficient data validation in
	      V8. Reported by Gengming Liu of Singular Security Lab on
	      2021-04-15</li>
	    <li>[1175058] High CVE-2021-21232: Use after free in Dev Tools.
	      Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
	      Research on 2021-02-05</li>
	    <li>[1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE.
	      Reported by Omair on 2021-02-26</li>
	    <li>[1139156] Medium CVE-2021-21228: Insufficient policy enforcement
	      in extensions. Reported by Rob Wu on 2020-10-16</li>
	    <li>[$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in
	      downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12</li>
	    <li>[1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported
	      by Manfred Paul on 2021-04-13</li>
	    <li>[1198696] Low CVE-2021-21231: Insufficient data validation in
	      V8. Reported by Sergei Glazunov of Google Project Zero on
	      2021-04-13</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21227</cvename>
      <cvename>CVE-2021-21228</cvename>
      <cvename>CVE-2021-21229</cvename>
      <cvename>CVE-2021-21230</cvename>
      <cvename>CVE-2021-21231</cvename>
      <cvename>CVE-2021-21232</cvename>
      <cvename>CVE-2021-21233</cvename>
      <url>https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html</url>
    </references>
    <dates>
      <discovery>2021-04-26</discovery>
      <entry>2021-04-27</entry>
    </dates>
  </vuln>

  <vuln vid="e4403051-a667-11eb-b9c9-6cc21735f730">
    <topic>sbibboleth-sp -- denial of service vulnerability</topic>
    <affects>
      <package>
	<name>shibboleth-sp</name>
	<range>
	  <ge>3.0.0</ge>
	  <lt>3.2.1_1</lt>
	</range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
      <p>Shibboleth project reports:</p>
      <blockquote cite="https://shibboleth.net/community/advisories/secadv_20210426.txt">
	<p>Session recovery feature contains a null pointer deference.</p>
	<p>
	  The cookie-based session recovery feature added in V3.0 contains a
	  flaw that is exploitable on systems *not* using the feature if a
	  specially crafted cookie is supplied.
	</p>
	<p>
	  This manifests as a crash in the shibd daemon/service process.
	</p>
	<p>
	  Because it is very simple to trigger this condition remotely, it
	  results in a potential denial of service condition exploitable by
	  a remote, unauthenticated attacker.
	</p>
      </blockquote>
      </body>
    </description>
    <references>
      <url>https://shibboleth.net/community/advisories/secadv_20210426.txt</url>
    </references>
    <dates>
      <discovery>2021-04-23</discovery>
      <entry>2021-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b">
    <topic>zeek -- null-pointer dereference vulnerability</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>4.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jon Siwek of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.1">
	  <p>Fix null-pointer dereference when encountering an
	  invalid enum name in a config/input file that tries to
	  read it into a set[enum].  For those that have such an
	  input feed whose contents may come from external/remote
	  sources, this is a potential DoS vulnerability. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v4.0.1</url>
    </references>
    <dates>
      <discovery>2021-04-01</discovery>
      <entry>2021-04-21</entry>
    </dates>
  </vuln>

  <vuln vid="efb965be-a2c0-11eb-8956-1951a8617e30">
    <topic>openvpn -- deferred authentication can be bypassed in specific circumstances</topic>
    <affects>
      <package>
	<name>openvpn</name>
	<range><lt>2.5.2</lt></range>
      </package>
      <package>
	<name>openvpn-mbedtls</name>
	<range><lt>2.5.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gert Döring reports:</p>
	<blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2020-15078">
	  <p>
	    OpenVPN 2.5.1 and earlier versions allows a remote attackers to
	    bypass authentication and access control channel data on servers
	    configured with deferred authentication, which can be used to
	    potentially trigger further information leaks.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://community.openvpn.net/openvpn/wiki/CVE-2020-15078</url>
      <url>https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252</url>
      <cvename>CVE-2020-15078</cvename>
    </references>
    <dates>
      <discovery>2021-03-02</discovery>
      <entry>2021-04-21</entry>
    </dates>
  </vuln>

  <vuln vid="cb13a765-a277-11eb-97a0-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>90.0.4430.85</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Reelases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html">
	  <p>This release includes 7 security fixes, including:</p>
	  <ul>
	    <li>1194046] High CVE-2021-21222: Heap buffer overflow in V8.
	     Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30</li>
	    <li>[1195308] High CVE-2021-21223: Integer overflow in Mojo.
	      Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02</li>
	    <li>[1195777] High CVE-2021-21224: Type Confusion in V8. Reported
	      by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05</li>
	    <li>[1195977] High CVE-2021-21225: Out of bounds memory access in
	      V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on
	      2021-04-05</li>
	    <li>[1197904] High CVE-2021-21226: Use after free in navigation.
	      Reported by Brendon Tiszka (@btiszka) supporting the EFF on
	      2021-04-11</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21222</cvename>
      <cvename>CVE-2021-21223</cvename>
      <cvename>CVE-2021-21224</cvename>
      <cvename>CVE-2021-21225</cvename>
      <cvename>CVE-2021-21226</cvename>
      <url>https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html</url>
    </references>
    <dates>
      <discovery>2021-04-20</discovery>
      <entry>2021-04-21</entry>
    </dates>
  </vuln>

  <vuln vid="e358b470-b37d-4e47-bc8a-2cd9adbeb63c">
    <topic>jenkins -- Denial of service vulnerability in bundled Jetty</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.286</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.277.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-04-20/">
	  <h1>Description</h1>
	  <h5>(High) JENKINS-65280 / CVE-2021-28165</h5>
	  <p>Denial of service vulnerability in bundled Jetty</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-04-20/</url>
      <cvename>CVE-2021-28165</cvename>
    </references>
    <dates>
      <discovery>2021-04-20</discovery>
      <entry>2021-04-20</entry>
    </dates>
  </vuln>

  <vuln vid="56ba4513-a1be-11eb-9072-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.29</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.19</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.10</lt></range>
      </package>
      <package>
	<name>mysql56-server</name>
	<range><lt>5.6.52</lt></range>
      </package>
      <package>
	<name>mysql57-server</name>
	<range><lt>5.7.34</lt></range>
      </package>
      <package>
	<name>mysql80-server</name>
	<range><lt>8.0.24</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpuapr2021.html">
	  <p>This Critical Patch Update contains 49 new security patches for
	    Oracle MySQL.  10 of these vulnerabilities may be remotely exploitable
	    without authentication, i.e., may be exploited over a network without
	    requiring user credentials.<br/>
	    The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
	    MySQL is 9.8.</p>
	  <p>MariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.oracle.com/security-alerts/cpuapr2021.html</url>
      <url>https://mariadb.com/kb/en/mariadb-10510-release-notes/</url>
      <cvename>CVE-2020-8277</cvename>
      <cvename>CVE-2020-1971</cvename>
      <cvename>CVE-2021-3449</cvename>
      <cvename>CVE-2020-28196</cvename>
      <cvename>CVE-2021-23841</cvename>
      <cvename>CVE-2021-2144</cvename>
      <cvename>CVE-2021-2172</cvename>
      <cvename>CVE-2021-2298</cvename>
      <cvename>CVE-2021-2178</cvename>
      <cvename>CVE-2021-2202</cvename>
      <cvename>CVE-2021-2307</cvename>
      <cvename>CVE-2021-2304</cvename>
      <cvename>CVE-2021-2180</cvename>
      <cvename>CVE-2021-2194</cvename>
      <cvename>CVE-2021-2154</cvename>
      <cvename>CVE-2021-2166</cvename>
      <cvename>CVE-2021-2196</cvename>
      <cvename>CVE-2021-2300</cvename>
      <cvename>CVE-2021-2305</cvename>
      <cvename>CVE-2021-2179</cvename>
      <cvename>CVE-2021-2226</cvename>
      <cvename>CVE-2021-2160</cvename>
      <cvename>CVE-2021-2164</cvename>
      <cvename>CVE-2021-2169</cvename>
      <cvename>CVE-2021-2170</cvename>
      <cvename>CVE-2021-2193</cvename>
      <cvename>CVE-2021-2203</cvename>
      <cvename>CVE-2021-2212</cvename>
      <cvename>CVE-2021-2213</cvename>
      <cvename>CVE-2021-2278</cvename>
      <cvename>CVE-2021-2299</cvename>
      <cvename>CVE-2021-2230</cvename>
      <cvename>CVE-2021-2146</cvename>
      <cvename>CVE-2021-2201</cvename>
      <cvename>CVE-2021-2208</cvename>
      <cvename>CVE-2021-2215</cvename>
      <cvename>CVE-2021-2217</cvename>
      <cvename>CVE-2021-2293</cvename>
      <cvename>CVE-2021-2174</cvename>
      <cvename>CVE-2021-2171</cvename>
      <cvename>CVE-2021-2162</cvename>
      <cvename>CVE-2021-2301</cvename>
      <cvename>CVE-2021-2308</cvename>
      <cvename>CVE-2021-2232</cvename>
    </references>
    <dates>
      <discovery>2021-04-20</discovery>
      <entry>2021-04-20</entry>
      <modified>2021-05-04</modified>
    </dates>
  </vuln>

  <vuln vid="e87c2647-a188-11eb-8806-1c1b0d9ea7e6">
    <topic>All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.</topic>
    <affects>
      <package>
       <name>apache-openoffice</name>
       <range><lt>4.1.10</lt></range>
      </package>
      <package>
       <name>apache-openoffice-devel</name>
       <range><lt>4.2.1619649022,4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Openofffice project reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30245">
	  <p>The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30245</url>
      <cvename>CVE-2021-30245</cvename>
    </references>
    <dates>
      <discovery>2021-01-25</discovery>
      <entry>2021-04-20</entry>
    </dates>
  </vuln>

  <vuln vid="20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a">
    <topic>Apache Maven -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>maven</name>
	<range><lt>3.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Maven project reports:</p>
	<blockquote cite="http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291">
	  <p>We received a report from Jonathan Leitschuh about a vulnerability
	    of custom repositories in dependency POMs. We've split this up
	    into three separate issues:</p>
	  <ul>
	    <li>Possible Man-In-The-Middle-Attack due to custom repositories
	    using HTTP.

	    More and more repositories use HTTPS nowadays, but this
	    hasn't always been the case. This means that Maven Central contains
	    POMs with custom repositories that refer to a URL over HTTP. This
	    makes downloads via such repository a target for a MITM attack. At
	    the same time, developers are probably not aware that for some
	    downloads an insecure URL is being used. Because uploaded POMs to
	    Maven Central are immutable, a change for Maven was required. To
	    solve this, we extended the mirror configuration with blocked
	    parameter, and we added a new external:http:* mirror selector (like
	    existing external:*), meaning "any external URL using HTTP".

	    The decision was made to block such external HTTP repositories by default:
	    this is done by providing a mirror in the conf/settings.xml blocking
	    insecure HTTP external URLs.</li>
	    <li>Possible Domain Hijacking due to custom repositories using abandoned
	    domains

	    Sonatype has analyzed which domains were abandoned and has claimed these
	    domains.</li>
	    <li>Possible hijacking of downloads by redirecting to custom repositories

	    This one was the hardest to analyze and explain. The short story is:
	    you're safe, dependencies are only downloaded from repositories within
	    their context. So there are two main questions: what is the context and
	    what is the order? The order is described on the Repository Order page.
	    The first group of repositories are defined in the settings.xml (both user
	    and global). The second group of repositories are based on inheritence,
	    with ultimately the super POM containing the URL to Maven Central. The
	    third group is the most complex one but is important to understand the
	    term context: repositories from the effective POMs from the dependency
	    path to the artifact. So if a dependency was defined by another dependency
	    or by a Maven project, it will also include their repositories. In the end
	    this is not a bug, but a design feature.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291</url>
	<cvename>CVE-2021-26291</cvename>
	<cvename>CVE-2020-13956</cvename>
    </references>
    <dates>
      <discovery>2021-04-04</discovery>
      <entry>2021-04-19</entry>
    </dates>
  </vuln>

  <vuln vid="093a6baf-9f99-11eb-b150-000c292ee6b8">
    <topic>Consul -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>consul</name>
	<range><lt>1.9.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Hashicorp reports:</p>
	<blockquote cite="https://github.com/hashicorp/consul/releases/tag/v1.9.5">
	  <p>Add content-type headers to raw KV responses to prevent XSS attacks
	  (CVE-2020-25864).  audit-logging: Parse endpoint URL to prevent
	  requests from bypassing the audit log (CVE-2021-28156).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/hashicorp/consul/releases/tag/v1.9.5</url>
      <cvename>CVE-2020-25864</cvename>
      <cvename>CVE-2021-28156</cvename>
    </references>
    <dates>
      <discovery>2021-04-15</discovery>
      <entry>2021-04-17</entry>
    </dates>
  </vuln>

  <vuln vid="75aae50b-9e3c-11eb-9bc3-8c164582fbac">
    <topic>AccountService -- Insufficient path check in user_change_icon_file_authorized_cb()</topic>
    <affects>
      <package>
	<name>accountsservice</name>
	<range><lt>0.6.50</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2018-14036">
	  <p>
	    Directory Traversal with ../ sequences occurs in AccountsService
	    before 0.6.50 because of an insufficient path check in
	    user_change_icon_file_authorized_cb() in user.c.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.openwall.com/lists/oss-security/2018/07/02/2</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2018-14036</url>
      <url>https://www.securityfocus.com/bid/104757</url>
      <url>https://bugs.freedesktop.org/show_bug.cgi?id=107085</url>
      <url>https://bugzilla.suse.com/show_bug.cgi?id=1099699</url>
      <url>https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a</url>
      <cvename>CVE-2018-14036</cvename>
    </references>
    <dates>
      <discovery>2018-07-13</discovery>
      <entry>2021-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="40b481a9-9df7-11eb-9bc3-8c164582fbac">
    <topic>mdbook -- XSS in mdBook's search page</topic>
    <affects>
      <package>
	<name>mdbook</name>
	<range><lt>0.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Rust Security Response Working Group reports:</p>
	<blockquote cite="https://github.com/rust-lang/mdBook/security/advisories/GHSA-gx5w-rrhp-f436">
	  <p>
	    The search feature of mdBook (introduced in version 0.1.4) was
	    affected by a cross site scripting vulnerability that allowed an
	    attacker to execute arbitrary JavaScript code on an user's browser
	    by tricking the user into typing a malicious search query, or
	    tricking the user into clicking a link to the search page with the
	    malicious search query prefilled.

	    mdBook 0.4.5 fixes the vulnerability by properly escaping the search
	    query.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/rust-lang/mdBook/blob/master/CHANGELOG.md#mdbook-045</url>
      <url>https://github.com/rust-lang/mdBook/commit/32abeef088e98327ca0dfccdad92e84afa9d2e9b</url>
      <url>https://github.com/rust-lang/mdBook/security/advisories/GHSA-gx5w-rrhp-f436</url>
      <url>https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0?pli=1</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-26297</url>
      <cvename>CVE-2020-26297</cvename>
    </references>
    <dates>
      <discovery>2021-04-01</discovery>
      <entry>2021-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="fb6e53ae-9df6-11eb-ba8c-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.10.0</ge><lt>13.10.3</lt></range>
	<range><ge>13.9.0</ge><lt>13.9.6</lt></range>
	<range><ge>7.12</ge><lt>13.8.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/">
	  <p>Remote code execution when uploading specially crafted image files</p>
	  <p>Update Rexml</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/</url>
      <cvename>CVE-2021-28965</cvename>
    </references>
    <dates>
      <discovery>2021-04-14</discovery>
      <entry>2021-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="f3d86439-9def-11eb-97a0-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>90.0.4430.72</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html">
	  <p>This release contains 37 security fixes, including:</p>
	  <ul>
	    <li>[1025683] High CVE-2021-21201: Use after free in permissions.
	      Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security
	      Lab on 2019-11-18</li>
	    <li>[1188889] High CVE-2021-21202: Use after free in extensions.
	      Reported by David Erceg on 2021-03-16</li>
	    <li>[1192054] High CVE-2021-21203: Use after free in Blink.
	      Reported by asnine on 2021-03-24</li>
	    <li>[1189926] High CVE-2021-21204: Use after free in Blink.
	      Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily
	      Voigtlander of Seesaw on 2021-03-19</li>
	    <li>[1165654] High CVE-2021-21205: Insufficient policy enforcement
	     in navigation. Reported by Alison Huffman, Microsoft Browser
	      Vulnerability Research on 2021-01-12</li>
	    <li>[1195333] High CVE-2021-21221: Insufficient validation of
	      untrusted input in Mojo. Reported by Guang Gong of Alpha Lab,
	      Qihoo 360 on 2021-04-02</li>
	    <li>[1185732] Medium CVE-2021-21207: Use after free in IndexedDB.
	      Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13)
	      of 360 Alpha Lab on 2021-03-08</li>
	    <li>[1039539] Medium CVE-2021-21208: Insufficient data validation
	      in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on
	      2020-01-07</li>
	    <li>[1143526] Medium CVE-2021-21209: Inappropriate implementation
	      in storage. Reported by Tom Van Goethem (@tomvangoethem) on
	      2020-10-29</li>
	    <li>[1184562] Medium CVE-2021-21210: Inappropriate implementation
	      in Network. Reported by @bananabr on 2021-03-04</li>
	    <li>[1103119] Medium CVE-2021-21211: Inappropriate implementation
	      in Navigation. Reported by Akash Labade (m0ns7er) on
	      2020-07-08</li>
	    <li>[1145024] Medium CVE-2021-21212: Incorrect security UI in
	      Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the
	      Chinese University of Hong Kong on 2020-11-03</li>
	    <li>[1161806] Medium CVE-2021-21213: Use after free in WebMIDI.
	      Reported by raven (@raid_akame) on 2020-12-25</li>
	    <li>[1170148] Medium CVE-2021-21214: Use after free in Network API.
	      Reported by Anonymous on 2021-01-24</li>
	    <li>[1172533] Medium CVE-2021-21215: Inappropriate implementation
	      in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-01-30</li>
	    <li>[1173297] Medium CVE-2021-21216: Inappropriate implementation
	      in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-02</li>
	    <li>[1166462] Low CVE-2021-21217: Uninitialized Use in PDFium.
	      Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
	      2021-01-14</li>
	    <li>[1166478] Low CVE-2021-21218: Uninitialized Use in PDFium.
	      Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
	      2021-01-14</li>
	    <li>[1166972] Low CVE-2021-21219: Uninitialized Use in PDFium.
	      Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
	      2021-01-15</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21201</cvename>
      <cvename>CVE-2021-21202</cvename>
      <cvename>CVE-2021-21203</cvename>
      <cvename>CVE-2021-21204</cvename>
      <cvename>CVE-2021-21205</cvename>
      <cvename>CVE-2021-21221</cvename>
      <cvename>CVE-2021-21207</cvename>
      <cvename>CVE-2021-21208</cvename>
      <cvename>CVE-2021-21209</cvename>
      <cvename>CVE-2021-21210</cvename>
      <cvename>CVE-2021-21211</cvename>
      <cvename>CVE-2021-21212</cvename>
      <cvename>CVE-2021-21213</cvename>
      <cvename>CVE-2021-21214</cvename>
      <cvename>CVE-2021-21215</cvename>
      <cvename>CVE-2021-21216</cvename>
      <cvename>CVE-2021-21217</cvename>
      <cvename>CVE-2021-21218</cvename>
      <cvename>CVE-2021-21219</cvename>
      <url>https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2021-04-14</discovery>
      <entry>2021-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="7c0d71a9-9d48-11eb-97a0-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>89.0.4389.128</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html">
	  <p>This release contains two security fixes:</p>
	  <ul>
	    <li>[1196781] High CVE-2021-21206: Use after free in Blink. Reported
	      by Anonymous on 2021-04-07</li>
	    <li>[1196683] High CVE-2021-21220: Insufficient validation of
	      untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth_)
	      and Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it)
	      via ZDI (ZDI-CAN-13569) on 2021-04-07></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21206</cvename>
      <cvename>CVE-2021-21220</cvename>
      <url>https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-04-13</discovery>
      <entry>2021-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="465db5b6-9c6d-11eb-8e8a-bc542f4bd1dd">
    <topic>xorg-server -- Input validation failures in X server XInput extension</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<range><lt>1.20.11,1</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>1.20.11,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><le>1.20.0.877</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>X.Org server security reports for release 1.20.11:</p>
	<blockquote cite="https://lists.x.org/archives/xorg/2021-April/060678.html">
	  <ul>
	    <li>Fix XChangeFeedbackControl() request underflow</li>
	  </ul>
	  <p>.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-1.20.11</url>
    </references>
    <dates>
      <discovery>2021-04-13</discovery>
      <entry>2021-04-13</entry>
    </dates>
  </vuln>

  <vuln vid="094fb2ec-9aa3-11eb-83cb-0800278d94f0">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.14.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.14.0:</p>
	<blockquote cite="https://blog.gitea.io/2021/04/gitea-1.14.0-is-released/">
	  <ul>
	    <li>Validate email in external authenticator registration form</li>
	    <li>Ensure validation occurs on clone addresses too</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.14.0</url>
      <freebsdpr>ports/254976</freebsdpr>
    </references>
    <dates>
      <discovery>2021-03-11</discovery>
      <entry>2021-04-11</entry>
    </dates>
  </vuln>

  <vuln vid="9ee01e60-6045-43df-98e5-a794007e54ef">
    <topic>syncthing -- crash due to malformed relay protocol message</topic>
    <affects>
      <package>
	<name>syncthing</name>
	<range><lt>1.15.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>syncthing developers report:</p>
	<blockquote cite="https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h">
	  <p>syncthing can be caused to crash and exit if sent a malformed relay protocol
	    message message with a negative length field.</p>
	  <p>The relay server strelaysrv can be caused to crash and exit if sent a malformed
	    relay protocol message with a negative length field.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21404</cvename>
      <url>https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h</url>
    </references>
    <dates>
      <discovery>2021-04-06</discovery>
      <entry>2021-04-12</entry>
    </dates>
  </vuln>

  <vuln vid="f671c282-95ef-11eb-9c34-080027f515ea">
    <topic>python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem</topic>
    <affects>
      <package>
	<name>python38</name>
	<range><lt>3.8.9</lt></range>
      </package>
      <package>
	<name>python39</name>
	<range><lt>3.9.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>David Schwörer reports:</p>
	<blockquote cite="https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html">
	  <p>
	    Remove the getfile feature of the pydoc module which could be
	    abused to read arbitrary files on the disk (directory traversal
	    vulnerability). Moreover, even source code of Python modules
	    can contain sensitive data like passwords.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3426</cvename>
      <url>https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html</url>
      <url>https://bugs.python.org/issue42988</url>
    </references>
    <dates>
      <discovery>2021-01-21</discovery>
      <entry>2021-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="d10fc771-958f-11eb-9c34-080027f515ea">
    <topic>curl -- TLS 1.3 session ticket proxy host mixup</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><ge>7.63.0</ge><lt>7.76.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Daniel Stenberg reports:</p>
	<blockquote cite="https://curl.se/docs/CVE-2021-22890.html">
	  <p>
	    Enabled by default, libcurl supports the use of TLS 1.3 session
	    tickets to resume previous TLS sessions to speed up subsequent
	    TLS handshakes.
	  </p>
	  <p>
	    When using a HTTPS proxy and TLS 1.3, libcurl can confuse session
	    tickets arriving from the HTTPS proxy but work as if they arrived
	    from the remote server and then wrongly "short-cut" the host
	    handshake. The reason for this confusion is the modified sequence
	    from TLS 1.2 when the session ids would provided only during the
	    TLS handshake, while in TLS 1.3 it happens post hand-shake and
	    the code was not updated to take that changed behavior into account.
	  </p>
	  <p>
	    When confusing the tickets, a HTTPS proxy can trick libcurl to use
	    the wrong session ticket resume for the host and thereby circumvent
	    the server TLS certificate check and make a MITM attack to be
	    possible to perform unnoticed.
	  </p>
	  <p>
	    This flaw can allow a malicious HTTPS proxy to MITM the traffic.
	    Such a malicious HTTPS proxy needs to provide a certificate that
	    curl will accept for the MITMed server for an attack to work -
	    unless curl has been told to ignore the server certificate check.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22890</cvename>
      <url>https://curl.se/docs/CVE-2021-22890.html</url>
    </references>
    <dates>
      <discovery>2021-03-31</discovery>
      <entry>2021-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="b1194286-958e-11eb-9c34-080027f515ea">
    <topic>curl -- Automatic referer leaks credentials</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><ge>7.1.1</ge><lt>7.76.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Daniel Stenberg reports:</p>
	<blockquote cite="https://curl.se/docs/CVE-2021-22876.html">
	  <p>
	    libcurl does not strip off user credentials from the URL when
	    automatically populating the Referer: HTTP request header field
	    in outgoing HTTP requests, and therefore risks leaking sensitive
	    data to the server that is the target of the second HTTP request.
	  </p>
	  <p>
	    libcurl automatically sets the Referer: HTTP request header field
	    in outgoing HTTP requests if the CURLOPT_AUTOREFERER option is set.
	    With the curl tool, it is enabled with --referer ";auto".
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22876</cvename>
      <url>https://curl.se/docs/CVE-2021-22876.html</url>
    </references>
    <dates>
      <discovery>2021-03-31</discovery>
      <entry>2021-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="8ba23a62-997d-11eb-9f0e-0800278d94f0">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.7:</p>
	<blockquote cite="https://blog.gitea.io/2021/04/gitea-1.13.7-is-released/">
	  <ul>
	    <li>Update to bluemonday-1.0.6</li>
	    <li>Clusterfuzz found another way</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.7</url>
      <freebsdpr>ports/254930</freebsdpr>
    </references>
    <dates>
      <discovery>2021-04-07</discovery>
      <entry>2021-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="9ae2c00f-97d0-11eb-8cd6-080027f515ea">
    <topic>clamav -- Multiple vulnerabilites</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>0.103.2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Micah Snyder reports:</p>
	<blockquote cite="https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html">
	  <dl>
	    <dt>CVE-2021-1252</dt>
	    <dd>Excel XLM parser infinite loop</dd>
	    <dt>CVE-2021-1404</dt>
	    <dd>PDF parser buffer over-read; possible crash. </dd>
	    <dt>CVE-2021-1405</dt>
	    <dd>Mail parser NULL-dereference crash. </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-1252</cvename>
      <cvename>CVE-2021-1404</cvename>
      <cvename>CVE-2021-1405</cvename>
      <url>https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html</url>
    </references>
    <dates>
      <discovery>2021-04-07</discovery>
      <entry>2021-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="9595d002-edeb-4602-be2d-791cd654247e">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.287</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.277.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-04-07/">
	  <h1>Description</h1>
	  <h5>(Low) SECURITY-1721 / CVE-2021-21639</h5>
	  <p>Lack of type validation in agent related REST API</p>
	  <h5>(Medium) SECURITY-1871 / CVE-2021-21640</h5>
	  <p>View name validation bypass</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-04-07/</url>
    </references>
    <dates>
      <discovery>2021-04-07</discovery>
      <entry>2021-04-08</entry>
    </dates>
  </vuln>

  <vuln vid="c0c1834c-9761-11eb-acfd-0022489ad614">
    <topic>Node.js -- April 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node10</name>
	<range><lt>10.24.1</lt></range>
      </package>
      <package>
	<name>node12</name>
	<range><lt>12.22.1</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.16.1</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>15.14.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/">
	  <h1>OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)</h1>
	  <p>This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt</p>
	  <h1>OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)</h1>
	  <p>This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt</p>
	  <h1>npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)</h1>
	  <p>This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/</url>
      <url>https://www.openssl.org/news/secadv/20210325.txt</url>
      <url>https://github.com/advisories/GHSA-c4w7-xm78-47vh</url>
      <cvename>CVE-2021-3450</cvename>
      <cvename>CVE-2021-3449</cvename>
      <cvename>CVE-2020-7774</cvename>
    </references>
    <dates>
      <discovery>2021-04-06</discovery>
      <entry>2021-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="a7b97d26-9792-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- jail escape possible by mounting over jail root</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_6</lt></range>
	<range><ge>11.4</ge><lt>11.4_9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Due to a race condition between lookup of ".." and remounting a filesystem,
	a process running inside a jail might access filesystem hierarchy outside
	of jail.</p>
	<h1>Impact:</h1>
	<p>A process with superuser privileges running inside a jail configured
	with the allow.mount permission (not enabled by default) could change the root
	directory outside of the jail, and thus gain full read and write access
	to all files and directories in the system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25584</cvename>
      <freebsdsa>SA-21:10.jail_mount</freebsdsa>
    </references>
    <dates>
      <discovery>2021-04-06</discovery>
      <entry>2021-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="f8e1e2a6-9791-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- double free in accept_filter(9) socket configuration interface</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>An unprivileged process can configure an accept filter on a listening
	socket.  This is done using the setsockopt(2) system call.  The process
	supplies the name of the accept filter which is to be attached to the
	socket, as well as a string containing filter-specific information.</p>
	<p>If the filter implements the accf_create callback, the socket option
	handler attempts to preserve the process-supplied argument string.  A
	bug in the socket option handler caused this string to be freed
	prematurely, leaving a dangling pointer.  Additional operations on the
	socket can turn this into a double free or a use-after-free.</p>
	<h1>Impact:</h1>
	<p>The bug may be exploited to trigger local privilege escalation or
	kernel memory disclosure.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29627</cvename>
      <freebsdsa>SA-21:09.accept_filter</freebsdsa>
    </references>
    <dates>
      <discovery>2021-04-06</discovery>
      <entry>2021-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="13d37672-9791-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Memory disclosure by stale virtual memory mapping</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_6</lt></range>
	<range><ge>11.4</ge><lt>11.4_9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>A particular case of memory sharing is mishandled in the virtual memory
	system.  It is possible and legal to establish a relationship where
	multiple descendant processes share a mapping which shadows memory of an
	ancestor process.  In this scenario, when one process modifies memory
	through such a mapping, the copy-on-write logic fails to invalidate
	other mappings of the source page.  These stale mappings may remain even
	after the mapped pages have been reused for another purpose.</p>
	<h1>Impact:</h1>
	<p>An unprivileged local user process can maintain a mapping of a page
	after it is freed, allowing that process to read private data belonging
	to other processes or the kernel.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29626</cvename>
      <freebsdsa>SA-21:08.vm</freebsdsa>
    </references>
    <dates>
      <discovery>2021-04-06</discovery>
      <entry>2021-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="79fa9f23-9725-11eb-b530-7085c2fb2c14">
    <topic>upnp -- stack overflow vulnerability</topic>
    <affects>
      <package>
	<name>upnp</name>
	<range><lt>1.14.5,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mitre reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28302">
	  <p>
	      A stack overflow in pupnp 1.16.1 can cause the denial of service through the
	      Parser_parseDocument() function. ixmlNode_free() will release a child node
	      recursively, which will consume stack space and lead to a crash.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28302</cvename>
      <url>https://github.com/pupnp/pupnp/issues/249</url>
    </references>
    <dates>
      <discovery>2021-03-12</discovery>
      <entry>2021-04-06</entry>
    </dates>
  </vuln>

  <vuln vid="dec7e4b6-961a-11eb-9c34-080027f515ea">
    <topic>ruby -- XML round-trip vulnerability in REXML</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.5.0,1</ge><lt>2.5.9,1</lt></range>
	<range><ge>2.6.0,1</ge><lt>2.6.7,1</lt></range>
	<range><ge>2.7.0,1</ge><lt>2.7.3,1</lt></range>
	<range><ge>3.0.0.p1,1</ge><lt>3.0.1,1</lt></range>
      </package>
      <package>
	<name>rubygem-rexml</name>
	<range><lt>3.2.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Juho Nurminen  reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/">
	  <p>
	    When parsing and serializing a crafted XML document, REXML gem
	    (including the one bundled with Ruby) can create a wrong XML
	    document whose structure is different from the original one.
	    The impact of this issue highly depends on context, but it may
	    lead to a vulnerability in some programs that are using REXML.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28965</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/</url>
    </references>
    <dates>
      <discovery>2021-04-05</discovery>
      <entry>2021-04-05</entry>
    </dates>
  </vuln>

  <vuln vid="bddadaa4-9227-11eb-99c5-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>89.0.4389.114</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html">
	  <p>This update contains 8 security fixes, including:</p>
	  <ul>
	    <li>[1181228] High CVE-2021-21194: Use after free in screen capture.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-02-23</li>
	    <li>[1182647] High CVE-2021-21195: Use after free in V8.
	      Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent
	      Security Xuanwu Lab on 2021-02-26</li>
	    <li>[1175992] High CVE-2021-21196: Heap buffer overflow in
	      TabStrip. Reported by Khalil Zhani on 2021-02-08</li>
	    <li>[1173903] High CVE-2021-21197: Heap buffer overflow in
	      TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-03</li>
	    <li>[1184399] High CVE-2021-21198: Out of bounds read in IPC.
	      Reported by Mark Brand of Google Project Zero on 2021-03-03</li>
	    <li>[1179635] High CVE-2021-21199: Use Use after free in Aura.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group and Evangelos Foutras</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21194</cvename>
      <cvename>CVE-2021-21195</cvename>
      <cvename>CVE-2021-21196</cvename>
      <cvename>CVE-2021-21197</cvename>
      <cvename>CVE-2021-21198</cvename>
      <cvename>CVE-2021-21199</cvename>
      <url>https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html</url>
    </references>
    <dates>
      <discovery>2021-03-31</discovery>
      <entry>2021-03-31</entry>
    </dates>
  </vuln>

  <vuln vid="56abf87b-96ad-11eb-a218-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.10.0</ge><lt>13.10.1</lt></range>
	<range><ge>13.9.0</ge><lt>13.9.5</lt></range>
	<range><ge>9</ge><lt>13.8.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/">
	  <p>Arbitrary File Read During Project Import</p>
	  <p>Kroki Arbitrary File Read/Write</p>
	  <p>Stored Cross-Site-Scripting in merge requests</p>
	  <p>Access data of an internal project through a public project fork as an anonymous user</p>
	  <p>Incident metric images can be deleted by any user</p>
	  <p>Infinite Loop When a User Access a Merge Request</p>
	  <p>Stored XSS in scoped labels</p>
	  <p>Admin CSRF in System Hooks Execution Through API</p>
	  <p>Update OpenSSL dependency</p>
	  <p>Update PostgreSQL dependency</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/</url>
    </references>
    <dates>
      <discovery>2021-03-31</discovery>
      <entry>2021-04-06</entry>
    </dates>
  </vuln>

  <vuln vid="1f6d97da-8f72-11eb-b3f1-005056a311d1">
    <topic>samba -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>samba411</name>
	<range><le>4.11.15</le></range>
      </package>
      <package>
	<name>samba412</name>
	<range><lt>4.12.14</lt></range>
      </package>
      <package>
	<name>samba413</name>
	<range><lt>4.13.7</lt></range>
      </package>
      <package>
	<name>samba414</name>
	<range><lt>4.14.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/history/security.html">
	  <ul>
	  <li>CVE-2020-27840: An anonymous attacker can crash the Samba AD DC
		LDAP server by sending easily crafted DNs as
		part of a bind request. More serious heap corruption
		is likely also possible.</li>
	  <li>CVE-2021-20277: User-controlled LDAP filter strings against
		the AD DC LDAP server may crash the LDAP server.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.samba.org/samba/security/CVE-2020-27840.html</url>
      <url>https://www.samba.org/samba/security/CVE-2021-20277.html</url>
      <cvename>CVE-2020-27840</cvename>
      <cvename>CVE-2021-20277</cvename>
    </references>
    <dates>
      <discovery>2021-03-24</discovery>
      <entry>2021-03-28</entry>
    </dates>
  </vuln>

  <vuln vid="80f9dbd3-8eec-11eb-b9e8-3525f51429a0">
    <topic>nettle 3.7.2 -- fix serious ECDSA signature verify bug</topic>
    <affects>
      <package>
	<name>nettle</name>
	<range><lt>3.7.2</lt></range>
      </package>
      <package>
	<name>linux-c7-nettle</name>
	<range><lt>3.7.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Niels Möller reports:</p>
	<blockquote cite="https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html">
	  <p>
	    I've prepared a new bug-fix release of Nettle, a low-level
	    cryptographics library, to fix a serious bug in the function to
	    verify ECDSA signatures. Implications include an assertion failure,
	    which could be used for denial-of-service, when verifying signatures
	    on the secp_224r1 and secp521_r1 curves.
	  </p>
	  <p>
	    Even when no assert is triggered in ecdsa_verify, ECC point
	    multiplication may get invalid intermediate values as input, and
	    produce incorrect results. [...] It appears difficult to construct
	    an alleged signature that makes the function misbehave in such a way
	    that an invalid signature is accepted as valid, but such attacks
	    can't be ruled out without further analysis.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html</url>
    </references>
    <dates>
      <discovery>2021-03-21</discovery>
      <entry>2021-03-27</entry>
    </dates>
  </vuln>

  <vuln vid="5a668ab3-8d86-11eb-b8d6-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1k,1</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>12.2</ge><lt>12.2_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20210325.txt">
	  <p>High: CA certificate check bypass with X509_V_FLAG_X509_STRICT
	    (CVE-2021-3450)<br/>The X509_V_FLAG_X509_STRICT flag enables
	    additional security checks of the certificates present in a
	    certificate chain. It is not set by default.</p>
	  <p>High: NULL pointer deref in signature_algorithms processing
	    (CVE-2021-3449)<br/>An OpenSSL TLS server may crash if sent a
	    maliciously crafted renegotiation ClientHello message from a client.
	    If a TLSv1.2 renegotiation ClientHello omits the
	    signature_algorithms extension (where it was present in the initial
	    ClientHello), but includes a signature_algorithms_cert extension
	    then a NULL pointer dereference will result, leading to a crash and
	    a denial of service attack.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.openssl.org/news/secadv/20210325.txt</url>
      <cvename>CVE-2021-3449</cvename>
      <cvename>CVE-2021-3450</cvename>
      <freebsdsa>SA-21:07.openssl</freebsdsa>
    </references>
    <dates>
      <discovery>2021-03-25</discovery>
      <entry>2021-03-26</entry>
      <modified>2021-04-07</modified>
    </dates>
  </vuln>

  <vuln vid="ec04f3d0-8cd9-11eb-bb9f-206a8a720317">
    <topic>spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands</topic>
    <affects>
      <package>
	<name>spamassassin</name>
	<range><lt>3.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache SpamAssassin project reports:</p>
	<blockquote cite="https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E">
	  <p>Apache SpamAssassin 3.4.5 was recently released [1], and fixes
	     an issue of security note where malicious rule configuration (.cf)
	     files can be configured to run system commands.</p>
	  <p>In Apache SpamAssassin before 3.4.5, exploits can be injected in
	     a number of scenarios. In addition to upgrading to SA 3.4.5,
	     users should only use update channels or 3rd party .cf files from
	     trusted places.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://spamassassin.apache.org/news.html</url>
      <url>https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946</url>
      <cvename>CVE-2020-1946</cvename>
    </references>
    <dates>
      <discovery>2021-03-24</discovery>
      <entry>2021-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="c4d2f950-8c27-11eb-a3ae-0800278d94f0">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.6:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.6-is-released/">
	  <ul>
	    <li>Fix bug on avatar middleware</li>
	    <li>Fix another clusterfuzz identified issue</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.5</url>
      <freebsdpr>ports/254515</freebsdpr>
    </references>
    <dates>
      <discovery>2021-03-21</discovery>
      <entry>2021-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="1431a25c-8a70-11eb-bd16-0800278d94f0">
    <topic>gitea -- quoting in markdown text</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.5:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.5-is-released/">
	  <ul>
	    <li>Update to goldmark 1.3.3</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.5</url>
      <freebsdpr>ports/254130</freebsdpr>
    </references>
    <dates>
      <discovery>2021-03-20</discovery>
      <entry>2021-03-21</entry>
    </dates>
  </vuln>

  <vuln vid="76b5068c-8436-11eb-9469-080027f515ea">
    <topic>OpenSSH -- Double-free memory corruption in ssh-agent</topic>
    <affects>
      <package>
	<name>openssh-portable</name>
	<name>openssh-portable-hpn</name>
	<name>openssh-portable-gssapi</name>
	<range><ge>8.2.p1,1</ge><lt>8.4.p1_4,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenBSD Project reports:</p>
	<blockquote cite="https://www.openssh.com/txt/release-8.5">
	  <p>
	    ssh-agent(1): fixed a double-free memory corruption that was
	    introduced in OpenSSH 8.2 . We treat all such memory faults as
	    potentially exploitable. This bug could be reached by an attacker
	    with access to the agent socket.
	  </p>
	  <p>
	    On modern operating systems where the OS can provide information
	    about the user identity connected to a socket, OpenSSH ssh-agent
	    and sshd limit agent socket access only to the originating user
	    and root. Additional mitigation may be afforded by the system's
	    malloc(3)/free(3) implementation, if it detects double-free
	    conditions.
	  </p>
	  <p>
	    The most likely scenario for exploitation is a user forwarding an
	    agent either to an account shared with a malicious user or to a
	    host with an attacker holding root access.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28041</cvename>
      <url>https://www.openssh.com/txt/release-8.5</url>
    </references>
    <dates>
      <discovery>2021-03-03</discovery>
      <entry>2021-03-13</entry>
      <modified>2021-04-20</modified>
    </dates>
  </vuln>

  <vuln vid="50e59056-87f2-11eb-b6a2-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.9.0</ge><lt>13.9.4</lt></range>
	<range><ge>13.8.0</ge><lt>13.8.6</lt></range>
	<range><ge>13.2.0</ge><lt>13.7.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gigtlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/">
	  <p>Remote code execution via unsafe user-controlled markdown rendering options</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/</url>
    </references>
    <dates>
      <discovery>2021-03-17</discovery>
      <entry>2021-03-18</entry>
    </dates>
  </vuln>

  <vuln vid="5b72b1ff-877c-11eb-bd4f-2f1d57dafe46">
    <topic>dnsmasq -- cache poisoning vulnerability in certain configurations</topic>
    <affects>
      <package>
	<name>dnsmasq</name>
	<range><lt>2.85.r1,1</lt></range>
      </package>
      <package>
	<name>dnsmasq-devel</name>
	<range><lt>2.85.r1,3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Kelley reports:</p>
	<blockquote cite="https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html">
	  <p>
	    [In configurations where the forwarding server address contains an @
	    character for specifying a sending interface or source address, the]
	    random source port behavior was disabled, making cache poisoning
	    attacks possible.
	  </p>
	</blockquote>
	<p>
	  This only affects configurations of the form server=1.1.1.1@em0 or
	  server=1.1.1.1@192.0.2.1, i. e. those that specify an interface to
	  send through, or an IP address to send from, or use together with
	  NetworkManager.
	</p>
      </body>
    </description>
    <references>
      <url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html</url>
      <cvename>CVE-2021-3448</cvename>
    </references>
    <dates>
      <discovery>2021-03-17</discovery>
      <entry>2021-03-18</entry>
    </dates>
  </vuln>

  <vuln vid="b073677f-253a-41f9-bf2b-2d16072a25f6">
    <topic>minio -- MITM attack</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2021.03.17.02.33.02</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>minio developer report:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp">
	  <p>
	    This is a security issue because it enables MITM modification of
	    request bodies that are meant to have integrity guaranteed by chunk
	    signatures.
	  </p>
	  <p>
	    In a PUT request using aws-chunked encoding, MinIO ordinarily
	    verifies signatures at the end of a chunk. This check can be skipped
	    if the client sends a false chunk size that is much greater than the
	    actual data sent: the server accepts and completes the request
	    without ever reaching the end of the chunk + thereby without ever
	    checking the chunk signature.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp</url>
    </references>
    <dates>
      <discovery>2021-03-17</discovery>
      <entry>2021-03-17</entry>
    </dates>
  </vuln>

  <vuln vid="eeca52dc-866c-11eb-b8d6-d4c9ef517024">
    <topic>LibreSSL -- use-after-free</topic>
    <affects>
      <package>
	<name>libressl</name>
	<range><lt>3.2.4_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenBSD reports:</p>
	<blockquote cite="https://marc.info/?l=openbsd-announce&amp;m=161582456312832&amp;w=2">
	  <p>A TLS client using session resumption may cause a use-after-free.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://marc.info/?l=openbsd-announce&amp;m=161582456312832&amp;w=2</url>
      <url>https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/017_libssl.patch.sig</url>
    </references>
    <dates>
      <discovery>2021-03-15</discovery>
      <entry>2021-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="b81ad6d6-8633-11eb-99c5-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>89.0.4389.90</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html">
	  <p>This release includes 5 security fixes, including:</p>
	  <ul>
	    <li>[1167357] High CVE-2021-21191: Use after free in WebRTC.
	      Reported by raven (@raid_akame)  on 2021-01-15</li>
	    <li>[1181387] High CVE-2021-21192: Heap buffer overflow in tab
	      groups. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-23</li>
	    <li>[1186287] High CVE-2021-21193: Use after free in Blink.
	      Reported by Anonymous on 2021-03-09</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-11191</cvename>
      <cvename>CVE-2021-11192</cvename>
      <cvename>CVE-2021-11193</cvename>
      <url>https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html</url>
    </references>
    <dates>
      <discovery>2021-03-12</discovery>
      <entry>2021-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="317487c6-85ca-11eb-80fa-14dae938ec40">
    <topic>squashfs-tools -- Integer overflow</topic>
    <affects>
      <package>
	<name>squashfs-tools</name>
	<range><lt>4.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Phillip Lougher reports:</p>
	<blockquote cite="https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1">
	  <p>Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-4645</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2015-4645</url>
    </references>
    <dates>
      <discovery>2017-03-17</discovery>
      <entry>2021-03-15</entry>
    </dates>
  </vuln>

  <vuln vid="72709326-81f7-11eb-950a-00155d646401">
    <topic>go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.16.1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/44913">
	  <p>The Decode, DecodeElement, and Skip methods of an xml.Decoder
	    provided by xml.NewTokenDecoder may enter an infinite loop when
	    operating on a custom xml.TokenReader which returns an EOF in the
	    middle of an open XML element.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/44916">
	  <p>The Reader.Open API, new in Go 1.16, will panic when used on a ZIP
	    archive containing files that start with "../".</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-27918</cvename>
      <url>http://golang.org/issue/44913</url>
      <cvename>CVE-2021-27919</cvename>
      <url>http://golang.org/issue/44916</url>
    </references>
    <dates>
      <discovery>2021-03-05</discovery>
      <entry>2021-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="502ba001-7ffa-11eb-911c-0800278d94f0">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.3:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.3-is-released/">
	  <ul>
	    <li>Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one </li>
	  </ul>
	</blockquote>
	<p>The Gitea Team reports for release 1.13.4:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/">
	  <ul>
	    <li>Fix issue popups</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.3</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.4</url>
      <freebsdpr>ports/254130</freebsdpr>
    </references>
    <dates>
      <discovery>2021-01-07</discovery>
      <entry>2021-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="2dc8927b-54e0-11eb-9342-1c697a013f4b">
    <topic>mantis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mantis-php72</name>
	<name>mantis-php73</name>
	<name>mantis-php74</name>
	<name>mantis-php80</name>
	<range><lt>2.24.4,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mantis 2.24.4 release reports:</p>
	<blockquote cite="https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&amp;version=2.24.4">
	  <p>Security and maintenance release, addressing 6 CVEs:</p>
	  <ul>
	    <li>0027726: CVE-2020-29603: disclosure of private project name</li>
	    <li>0027727: CVE-2020-29605: disclosure of private issue summary</li>
	    <li>0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and attachments</li>
	    <li>0027361: Private category can be access/used by a non member of a private project (IDOR)</li>
	    <li>0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls</li>
	    <li>0026794: User Account - Takeover</li>
	    <li>0027363: Fixed in version can be changed to a version that doesn't exist</li>
	    <li>0027350: When updating an issue, a Viewer user can be set as Reporter</li>
	    <li>0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary</li>
	    <li>0027495: CVE-2020-28413: SQL injection in the parameter "access" on the mc_project_get_users function throught the API SOAP.</li>
	    <li>0027444: Printing unsanitized user input in install.php</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-28413</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28413</url>
      <cvename>CVE-2020-35849</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35849</url>
    </references>
    <dates>
      <discovery>2020-11-10</discovery>
      <entry>2021-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="2f3cd69e-7dee-11eb-b92e-0022489ad614">
    <topic>Node.js -- February 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node10</name>
	<range><lt>10.24.0</lt></range>
      </package>
      <package>
	<name>node12</name>
	<range><lt>12.21.0</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.16.0</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>15.10.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/">
	  <h1>HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883)</h1>
	  <p>Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.</p>
	  <h1>DNS rebinding in --inspect (CVE-2021-22884)</h1>
	  <p>Affected Node.js versions are vulnerable to a DNS rebinding attack when the whitelist includes "localhost6". When "localhost6" is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the "localhost6" domain. As long as the attacker uses the "localhost6" domain, they can still apply the attack described in CVE-2018-7160.</p>
	  <h1>OpenSSL - Integer overflow in CipherUpdate (CVE-2021-23840)</h1>
	  <p>This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/</url>
      <cvename>CVE-2021-22883</cvename>
      <cvename>CVE-2021-22884</cvename>
      <cvename>CVE-2021-23840</cvename>
    </references>
    <dates>
      <discovery>2021-02-23</discovery>
      <entry>2021-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="8bf856ea-7df7-11eb-9aad-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.9.0</ge><lt>13.9.2</lt></range>
	<range><ge>13.8.0</ge><lt>13.8.5</lt></range>
	<range><lt>13.7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/">
	  <p>JWT token leak via Workhorse</p>
	  <p>Stored XSS in wiki pages</p>
	  <p>Group Maintainers are able to use the Group CI/CD Variables API</p>
	  <p>Insecure storage of GitLab session keys</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/</url>
      <cvename>CVE-2021-22185</cvename>
      <cvename>CVE-2021-22186</cvename>
    </references>
    <dates>
      <discovery>2021-03-04</discovery>
      <entry>2021-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="9e8f0766-7d21-11eb-a2be-001999f8d30b">
    <topic>asterisk -- Crash when negotiating T.38 with a zero port</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><lt>16.16.2</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>When Asterisk sends a re-invite initiating T.38 faxing
	  and the endpoint responds with a m=image line and zero
	  port, a crash will occur in Asterisk. This is a reoccurrence
	  of AST-2019-004.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-15297</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-006.html</url>
    </references>
    <dates>
      <discovery>2021-02-20</discovery>
      <entry>2021-03-04</entry>
    </dates>
  </vuln>

  <vuln vid="f00b65d8-7ccb-11eb-b3be-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>89.0.4389.72</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html">
	  <p>This release includes 47 security fixes, including the below.
	  Google is aware of reports that an exploit for CVE-2021-21166 exists
	  in the wild.  Please see URL for details.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21159</cvename>
      <cvename>CVE-2021-21160</cvename>
      <cvename>CVE-2021-21161</cvename>
      <cvename>CVE-2021-21162</cvename>
      <cvename>CVE-2021-21163</cvename>
      <cvename>CVE-2021-21164</cvename>
      <cvename>CVE-2021-21165</cvename>
      <cvename>CVE-2021-21166</cvename>
      <cvename>CVE-2021-21167</cvename>
      <cvename>CVE-2021-21168</cvename>
      <cvename>CVE-2021-21169</cvename>
      <cvename>CVE-2021-21170</cvename>
      <cvename>CVE-2021-21171</cvename>
      <cvename>CVE-2021-21172</cvename>
      <cvename>CVE-2021-21173</cvename>
      <cvename>CVE-2021-21174</cvename>
      <cvename>CVE-2021-21175</cvename>
      <cvename>CVE-2021-21176</cvename>
      <cvename>CVE-2021-21177</cvename>
      <cvename>CVE-2021-21178</cvename>
      <cvename>CVE-2021-21179</cvename>
      <cvename>CVE-2021-21180</cvename>
      <cvename>CVE-2021-21181</cvename>
      <cvename>CVE-2021-21182</cvename>
      <cvename>CVE-2021-21183</cvename>
      <cvename>CVE-2021-21184</cvename>
      <cvename>CVE-2021-21185</cvename>
      <cvename>CVE-2021-21186</cvename>
      <cvename>CVE-2021-21187</cvename>
      <cvename>CVE-2021-21188</cvename>
      <cvename>CVE-2021-21189</cvename>
      <cvename>CVE-2021-21190</cvename>
      <cvename>CVE-2020-27844</cvename>
      <url>https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-03-02</discovery>
      <entry>2021-03-04</entry>
    </dates>
  </vuln>

  <vuln vid="3a469cbc-7a66-11eb-bd3f-08002728f74c">
    <topic>jasper -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jasper</name>
	<range><lt>2.0.25</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>JasPer Releases:</p>
	<blockquote cite="https://github.com/jasper-software/jasper/releases">
	  <p>- Fix memory-related bugs in the JPEG-2000 codec resulting from
	    attempting to decode invalid code streams. (#264, #265)</p>
	  <p>  This fix is associated with CVE-2021-26926 and CVE-2021-26927.</p>
	  <p>- Fix wrong return value under some compilers (#260)</p>
	  <p>- Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/jasper-software/jasper/releases</url>
      <cvename>CVE-2021-26926</cvename>
      <cvename>CVE-2021-26927</cvename>
      <cvename>CVE-2021-3272</cvename>
    </references>
    <dates>
      <discovery>2021-02-07</discovery>
      <entry>2021-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="a1e03a3d-7be0-11eb-b392-20cf30e32f6d">
    <topic>salt -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-salt-2019</name>
	<name>py37-salt-2019</name>
	<name>py38-salt-2019</name>
	<name>py36-salt</name>
	<name>py37-salt</name>
	<name>py38-salt</name>
	<name>py39-salt</name>
	<range><lt>2019.2.8</lt></range>
	<range><ge>3000</ge><lt>3002.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SaltStack reports multiple security vulnerabilities in Salt</p>
	<blockquote cite="https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/">
	  <ul>
	  <li>CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.</li>
	  <li>CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client.</li>
	  <li>CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.</li>
	  <li>CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks.</li>
	  <li>CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion</li>
	  <li>CVE-2021-3148: command injection in salt.utils.thin.gen_thin()</li>
	  <li>CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default.</li>
	  <li>CVE-2021-3144: eauth Token can be used once after expiration.</li>
	  <li>CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack</li>
	  <li>CVE-2020-28243: Local Privilege Escalation in the Minion.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>"https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"</url>
      <cvename>CVE-2021-3197</cvename>
      <cvename>CVE-2021-25281</cvename>
      <cvename>CVE-2021-25282</cvename>
      <cvename>CVE-2021-25283</cvename>
      <cvename>CVE-2021-25284</cvename>
      <cvename>CVE-2021-3148</cvename>
      <cvename>CVE-2020-35662</cvename>
      <cvename>CVE-2021-3144</cvename>
      <cvename>CVE-2020-28972</cvename>
      <cvename>CVE-2020-28243</cvename>
    </references>
    <dates>
      <discovery>2021-02-25</discovery>
      <entry>2021-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="52bd2d59-4ab5-4bef-a599-7aac4e92238b">
    <topic>vault -- unauthenticated license read</topic>
    <affects>
      <package>
	<name>vault</name>
	<range><lt>1.6.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>vault developers report:</p>
	<blockquote cite="https://github.com/hashicorp/vault/releases/tag/v1.6.3">
	  <p>Limited Unauthenticated License Read: We addressed a security vulnerability that allowed for the unauthenticated reading of Vault licenses from DR Secondaries.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-27668</cvename>
      <url>https://github.com/hashicorp/vault/releases/tag/v1.6.3</url>
    </references>
    <dates>
      <discovery>2021-02-26</discovery>
      <entry>2021-02-27</entry>
    </dates>
  </vuln>

  <vuln vid="31ad2f10-7711-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- jail_remove(2) fails to kill all jailed processes</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Due to a race condition in the jail_remove(2) implementation, it
	may fail to kill some of the processes.</p>
	<h1>Impact:</h1>
	<p>A process running inside a jail can avoid being killed during jail
	termination.  If a jail is subsequently started with the same root
	path, a lingering jailed process may be able to exploit the window
	during which a devfs filesystem is mounted but the jail's devfs
	ruleset has not been applied, to access device nodes which are
	ordinarily inaccessible.  If the process is privileged, it may be able
	to escape the jail and gain full access to the system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25581</cvename>
      <freebsdsa>SA-21:04.jail_remove</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="5b8c6e1e-770f-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Xen grant mapping error handling issues</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Grant mapping operations often occur in batch hypercalls, where a
	number of operations are done in a single hypercall, the success or
	failure of each one reported to the backend driver, and the backend
	driver then loops over the results, performing follow-up actions
	based on the success or failure of each operation.</p>
	<p>Unfortunately, when running in HVM/PVH mode, the FreeBSD backend
	drivers mishandle this: Some errors are ignored, effectively implying
	their success from the success of related batch elements. In other
	cases, errors resulting from one batch element lead to further batch
	elements not being inspected, and hence successful ones to not be
	possible to properly unmap upon error recovery.</p>
	<h1>Impact:</h1>
	<p>A malicious or buggy frontend driver may be able to cause resource
	leaks in the domain running the corresponding backend driver.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26932</cvename>
      <freebsdsa>SA-21:06.xen</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="bba850fd-770e-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- jail_attach(2) relies on the caller to change the cwd</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>When a process, such as jexec(8) or killall(1), calls jail_attach(2)
	to enter a jail, the jailed root can attach to it using ptrace(2) before
	the current working directory is changed.</p>
	<h1>Impact:</h1>
	<p>A process with superuser privileges running inside a jail could change
	the root directory outside of the jail, thereby gaining full read and
	writing access to all files and directories in the system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25582</cvename>
      <freebsdsa>SA-21:05.jail_chdir</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="a8654f1d-770d-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- login.access fails to apply rules</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>A regression in the login.access(5) rule processor has the effect
	of causing rules to fail to match even when they should not. This
	means that rules denying access may be ignored.</p>
	<h1>Impact:</h1>
	<p>The configuration in login.access(5) may not be applied, permitting
	login access to users even when the system is configured to deny it.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25580</cvename>
      <freebsdsa>SA-21:03.pam_login_access</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="0e38b8f8-75dd-11eb-83f2-8c164567ca3c">
    <topic>redis -- Integer overflow on 32-bit systems</topic>
    <affects>
      <package>
	<name>redis-devel</name>
	<range><lt>6.2.0</lt></range>
      </package>
      <package>
	<name>redis</name>
	<range><lt>6.0.11</lt></range>
      </package>
      <package>
	<name>redis5</name>
	<range><lt>5.0.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis Development team reports:</p>
	<blockquote cite="https://github.com/redis/redis/releases/tag/6.2.0">
	  <p>Redis 4.0 or newer uses a configurable limit for
	  the maximum supported bulk input size. By default,
	  it is 512MB which is a safe value for all platforms.
	  If the limit is significantly increased, receiving a
	  large request from a client may trigger several
	  integer overflow scenarios, which would result with
	  buffer overflow and heap corruption.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21309</cvename>
    </references>
    <dates>
      <discovery>2021-02-22</discovery>
      <entry>2021-02-23</entry>
    </dates>
  </vuln>

  <vuln vid="3e9624b3-e92b-4460-8a5a-93247c52c5a1">
    <topic>zeek -- Remote crash vulnerability</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>3.0.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jon Siwek of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v3.0.13">
	  <p>Fix ASCII Input reader's treatment of input files
	  containing null-bytes. An input file containing null-bytes
	  could lead to a buffer-over-read, crash Zeek, and be
	  exploited to cause Denial of Service. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v3.0.13</url>
    </references>
    <dates>
      <discovery>2021-02-10</discovery>
      <entry>2021-02-22</entry>
    </dates>
  </vuln>

  <vuln vid="9c03845c-7398-11eb-bc0e-2cf05d620ecc">
    <topic>raptor2 -- malformed input file can lead to a segfault</topic>
    <affects>
      <package>
	<name>raptor2</name>
	<range><lt>2.0.15_17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redland Issue Tracker reports:</p>
	<blockquote cite="https://bugs.librdf.org/mantis/view.php?id=650">
	  <p>due to an out of bounds array access in
raptor_xml_writer_start_element_common.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugs.librdf.org/mantis/view.php?id=650</url>
    </references>
    <dates>
      <discovery>2020-11-24</discovery>
      <entry>2021-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="a45d945a-cc2c-4cd7-a941-fb58fdb1b01e">
    <topic>jenkins -- Privilege escalation vulnerability in bundled Spring Security library</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.280</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-02-19/">
	  <h1>Description</h1>
	  <h5>(high) SECURITY-2195 / CVE-2021-22112</h5>
	  <p>Privilege escalation vulnerability in bundled Spring Security library</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-02-19/</url>
    </references>
    <dates>
      <discovery>2021-02-19</discovery>
      <entry>2021-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="1bb2826b-7229-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote Crash Vulnerability in PJSIP channel driver</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><lt>13.38.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>Given a scenario where an outgoing call is placed from
	  Asterisk to a remote SIP server it is possible for a crash
	  to occur.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26906</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-005.html</url>
    </references>
    <dates>
      <discovery>2021-02-08</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="ca21f5e7-7228-11eb-8386-001999f8d30b">
    <topic>asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><ge>16.16.0</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.2.0</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>Due to a signedness comparison mismatch, an authenticated
	  WebRTC client could cause a stack overflow and Asterisk
	  crash by sending multiple hold/unhold requests in quick
	  succession.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26714</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-004.html</url>
    </references>
    <dates>
      <discovery>2021-02-11</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="5d8ef725-7228-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote attacker could prematurely tear down SRTP calls</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><ge>13.38.1</ge><lt>13.38.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><ge>16.16.0</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.2.0</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>An unauthenticated remote attacker could replay SRTP
	  packets which could cause an Asterisk instance configured
	  without strict RTP validation to tear down calls
	  prematurely.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26712</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-003.html</url>
    </references>
    <dates>
      <discovery>2021-02-18</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="e3894955-7227-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote crash possible when negotiating T.38</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><ge>16.15.0</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.1.0</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>When re-negotiating for T.38 if the initial remote
	  response was delayed just enough Asterisk would send both
	  audio and T.38 in the SDP. If this happened, and the
	  remote responded with a declined T.38 stream then Asterisk
	  would crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26717</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-002.html</url>
    </references>
    <dates>
      <discovery>2021-02-05</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="b330db5f-7225-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote crash in res_pjsip_diversion</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><ge>13.38.1</ge><lt>13.38.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><ge>16.15.1</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.1.1</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>If a registered user is tricked into dialing a malicious
	  number that sends lots of 181 responses to Asterisk, each
	  one will cause a 181 to be sent back to the original
	  caller with an increasing number of entries in the
	  "Supported" header. Eventually the number of entries in
	  the header exceeds the size of the entry array and causes
	  a crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-35776</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-001.html</url>
    </references>
    <dates>
      <discovery>2021-01-04</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="8e670b85-706e-11eb-abb2-08002728f74c">
    <topic>Rails -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-activerecord52</name>
	<range><lt>5.2.4.5</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack60</name>
	<name>rubygem-activerecord60</name>
	<range><lt>6.0.3.5</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack61</name>
	<name>rubygem-activerecord61</name>
	<range><lt>6.1.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ruby on Rails blog:</p>
	<blockquote cite="https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/">
	  <p>Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those
	    version are security releases and addresses two issues:</p>
	  <p>CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter.</p>
	  <p>CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware.</p>
	  <p></p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130</url>
      <cvename>CVE-2021-22880</cvename>
      <cvename>CVE-2021-22881</cvename>
    </references>
    <dates>
      <discovery>2021-02-10</discovery>
      <entry>2021-02-17</entry>
    </dates>
  </vuln>

  <vuln vid="48514901-711d-11eb-9846-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.182</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html">
	  <p>This release contains 10 security fixes, including:</p>
	  <ul>
	    <li>[1138143] High CVE-2021-21149: Stack overflow in Data Transfer.
	      Reported by Ryoya Tsukasaki on 2020-10-14</li>
	    <li>[1172192] High CVE-2021-21150: Use after free in Downloads.
	     Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29</li>
	    <li>[1165624] High CVE-2021-21151: Use after free in Payments.
	      Reported by Khalil Zhani on 2021-01-12</li>
	    <li>[1166504] High CVE-2021-21152: Heap buffer overflow in Media.
	      Reported by Anonymous on 2021-01-14</li>
	    <li>[1155974] High CVE-2021-21153: Stack overflow in GPU Process.
	      Reported by Jan Ruge of ERNW GmbH on 2020-12-06</li>
	    <li>[1173269] High CVE-2021-21154: Heap buffer overflow in Tab
	      Strip. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-01</li>
	    <li>[1175500] High CVE-2021-21155: Heap buffer overflow in Tab
	      Strip. Reported by Khalil Zhani on 2021-02-07</li>
	    <li>[1177341] High CVE-2021-21156: Heap buffer overflow in V8.
	      Reported by Sergei Glazunov of Google Project Zero on
	      2021-02-11</li>
	    <li>[1170657] Medium CVE-2021-21157: Use after free in Web
	      Sockets. Reported by Anonymous on 2021-01-26</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21149</cvename>
      <cvename>CVE-2021-21150</cvename>
      <cvename>CVE-2021-21151</cvename>
      <cvename>CVE-2021-21152</cvename>
      <cvename>CVE-2021-21153</cvename>
      <cvename>CVE-2021-21154</cvename>
      <cvename>CVE-2021-21155</cvename>
      <cvename>CVE-2021-21156</cvename>
      <cvename>CVE-2021-21157</cvename>
      <url>https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html</url>
    </references>
    <dates>
      <discovery>2021-02-16</discovery>
      <entry>2021-02-17</entry>
    </dates>
  </vuln>

  <vuln vid="96a21236-707b-11eb-96d8-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1j,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.0.a12</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>12.2</ge><lt>12.2_10</lt></range>
	<range><ge>11.4</ge><lt>11.4_13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20210216.txt">
	  <p>Null pointer deref in X509_issuer_and_serial_hash()
	    CVE-2021-23841<br/>(Moderate) The OpenSSL public API function
	    X509_issuer_and_serial_hash() attempts to create a unique hash
	    value based on the issuer and serial number data contained within
	    an X509 certificate. However it fails to correctly handle any errors
	    that may occur while parsing the issuer field (which might occur if
	    the issuer field is maliciously constructed). This may subsequently
	    result in a NULL pointer deref and a crash leading to a potential
	    denial of service attack.</p>
	  <p>Integer overflow in CipherUpdate CVE-2021-23840<br/>(Low)
	    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
	    may overflow the output length argument in some cases where the
	    input length is close to the maximum permissable length for an
	    integer on the platform. In such cases the return value from the
	    function call will be 1 (indicating success), but the output length
	    value will be negative. This could cause applications to behave
	    incorrectly or crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.openssl.org/news/secadv/20210216.txt</url>
      <cvename>CVE-2021-23841</cvename>
      <cvename>CVE-2021-23840</cvename>
      <cvename>CVE-2021-23839</cvename>
      <freebsdsa>SA-21:17.openssl</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-16</discovery>
      <entry>2021-02-16</entry>
      <modified>2021-08-25</modified>
    </dates>
  </vuln>

  <vuln vid="98044aba-6d72-11eb-aed7-1b1b8a70cc8b">
    <topic>openexr, ilmbase -- security fixes related to reading corrupted input files</topic>
    <affects>
      <package>
	<name>ilmbase</name>
	<range><lt>2.5.5</lt></range>
      </package>
      <package>
	<name>openexr</name>
	<range><lt>2.5.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cary Phillips reports:</p>
	<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5">
	  <p>Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files[...].</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5</url>
      <!-- updated 2021-05-08 from https://github.com/AcademySoftwareFoundation/openexr/commit/744cdecc87ff3489cc47204411d7903ceeb80be4 -->
      <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.4</url>
      <cvename>CVE-2021-20296</cvename>
      <cvename>CVE-2021-3479</cvename>
      <cvename>CVE-2021-3478</cvename>
      <cvename>CVE-2021-3477</cvename>
      <cvename>CVE-2021-3476</cvename>
      <cvename>CVE-2021-3475</cvename>
      <cvename>CVE-2021-3474</cvename>
    </references>
    <dates>
      <discovery>2021-02-12</discovery>
      <entry>2021-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="1020d401-6d2d-11eb-ab0b-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.8.0</ge><lt>13.8.4</lt></range>
	<range><ge>13.7.0</ge><lt>13.7.7</lt></range>
	<range><ge>10.5</ge><lt>13.6.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/">
	  <p>Improper Certificate Validation for Fortinet OTP</p>
	  <p>Denial of Service Attack on gitlab-shell</p>
	  <p>Resource exhaustion due to pending jobs</p>
	  <p>Confidential issue titles were exposed</p>
	  <p>Improper access control allowed demoted project members to access authored merge requests</p>
	  <p>Improper access control allowed unauthorized users to access analytic pages</p>
	  <p>Unauthenticated CI lint API may lead to information disclosure and SSRF</p>
	  <p>Prometheus integration in Gitlab may lead to SSRF</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/</url>
    </references>
    <dates>
      <discovery>2021-02-11</discovery>
      <entry>2021-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="3003ba60-6cec-11eb-8815-040e3c1b8a02">
    <topic>oauth2-proxy -- domain whitelist could be used as redirect</topic>
    <affects>
      <package>
	<name>oauth2-proxy</name>
	<range><lt>7.0.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-21291">
	  <p>In OAuth2 Proxy before version 7.0.0, for users that use the
	     whitelist domain feature, a domain that ended in a similar way to
	     the intended domain could have been allowed as a redirect.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-21291</url>
    </references>
    <dates>
      <discovery>2021-02-02</discovery>
      <entry>2021-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="06a5abd4-6bc2-11eb-b292-90e2baa3bafc">
    <topic>mod_dav_svn -- server crash</topic>
    <affects>
      <package>
	<name>mod_dav_svn</name>
	<range><ge>1.9.0</ge><le>1.10.6</le></range>
	<range><ge>1.11.0</ge><le>1.14.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion project reports:</p>
	<blockquote cite="https://subversion.apache.org/security/CVE-2020-17525-advisory.txt">
	<p>Subversion's mod_authz_svn module will crash if the server is using
	   in-repository authz rules with the AuthzSVNReposRelativeAccessFile
	   option and a client sends a request for a non-existing repository URL.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://subversion.apache.org/security/CVE-2020-17525-advisory.txt</url>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="cdb10765-6879-11eb-a7d8-08002734b9ed">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.2:</p>
	<blockquote cite="https://blog.gitea.io/2021/02/gitea-1.13.2-is-released/">
	  <ul>
	    <li>Prevent panic on fuzzer provided string</li>
	    <li>Add secure/httpOnly attributes to the lang cookie</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.2</url>
      <freebsdpr>ports/253295</freebsdpr>
    </references>
    <dates>
      <discovery>2021-01-07</discovery>
      <entry>2021-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="3e01aad2-680e-11eb-83e2-e09467587c17">
    <topic>chromium -- heap buffer overflow in V8</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.150</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html">
	  <p>[1170176] High CVE-2021-21148: Heap buffer overflow in V8.
	    Reported by Mattias Buelens on 2021-01-24. Google is aware of
	    reports that an exploit for CVE-2021-21148 exists in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21148</cvename>
      <url>https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html</url>
    </references>
    <dates>
      <discovery>2021-02-04</discovery>
      <entry>2021-02-05</entry>
    </dates>
  </vuln>

  <vuln vid="479fdfda-6659-11eb-83e2-e09467587c17">
    <topic>www/chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.146</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html">
	  <p>This update include 6 security fixes:</p>
	  <ul>
	    <li>1169317] Critical CVE-2021-21142: Use after free in Payments.
	      Reported by Khalil Zhani on 2021-01-21</li>
	    <li>[1163504] High CVE-2021-21143: Heap buffer overflow in
	      Extensions. Reported by Allen Parker and Alex Morgan of MU on
	      2021-01-06</li>
	    <li>[1163845] High CVE-2021-21144: Heap buffer overflow in Tab
	      Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-01-07</li>
	    <li>[1154965] High CVE-2021-21145: Use after free in Fonts. Reported
	      by Anonymous on 2020-12-03</li>
	    <li>[1161705] High CVE-2021-21146: Use after free in Navigation.
	      Reported by Alison Huffman and Choongwoo Han of Microsoft Browser
	      Vulnerability Research on 2020-12-24</li>
	    <li>[1162942] Medium CVE-2021-21147: Inappropriate implementation in
	      Skia. Reported by Roman Starkov on 2021-01-04</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21142</cvename>
      <cvename>CVE-2021-21143</cvename>
      <cvename>CVE-2021-21144</cvename>
      <cvename>CVE-2021-21145</cvename>
      <cvename>CVE-2021-21146</cvename>
      <cvename>CVE-2021-21147</cvename>
      <url>https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-02-02</discovery>
      <entry>2021-02-03</entry>
    </dates>
  </vuln>

  <vuln vid="66d1c277-652a-11eb-bb3f-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.8.0</ge><lt>13.8.2</lt></range>
	<range><ge>13.7.0</ge><lt>13.7.6</lt></range>
	<range><ge>11.8</ge><lt>13.6.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/">
	  <p>Stored XSS in merge request</p>
	  <p>Stored XSS in epic's pages</p>
	  <p>Sensitive GraphQL variables exposed in structured log</p>
	  <p>Guest user can see tag names in private projects</p>
	  <p>Information disclosure via error message</p>
	  <p>DNS rebinding protection bypass</p>
	  <p>Validate existence of private project</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/</url>
      <cvename>CVE-2021-22172</cvename>
      <cvename>CVE-2021-22169</cvename>
    </references>
    <dates>
      <discovery>2021-02-01</discovery>
      <entry>2021-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="8ec7d426-055d-46bc-8f5a-a9d73a5a71ab">
    <topic>minio -- Server Side Request Forgery</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2021.01.30.00.20.58</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Minio developers report:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q">
	  <p>Thanks to @phith0n from our community upon a code review, discovered an SSRF (Server Side Request Forgery) in our Browser API implementation. We have not observed this report/attack in the wild or reported elsewhere in the community at large.</p>
	  <p>All users are advised to upgrade ASAP.</p>
	  <p>The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.).</p>
	  <p>In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q</url>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-01-31</entry>
    </dates>
  </vuln>

  <vuln vid="5d91370b-61fd-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Xen guests can triger backend Out Of Memory</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_3</lt></range>
	<range><ge>12.1</ge><lt>12.1_13</lt></range>
	<range><ge>11.4</ge><lt>11.4_7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch
	events using a single thread.  If the events are received faster than
	the thread is able to handle, they will get queued.</p>
	<p>As the queue is unbound, a guest may be able to trigger a OOM in
	the backend.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-29568</cvename>
      <freebsdsa>SA-21:02.xenoom</freebsdsa>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-01-29</entry>
    </dates>
  </vuln>

  <vuln vid="a9c6e9be-61fb-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Uninitialized kernel stack leaks in several file systems</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_3</lt></range>
	<range><ge>12.1</ge><lt>12.1_13</lt></range>
	<range><ge>11.4</ge><lt>11.4_7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Several file systems were not properly initializing the d_off field
	of the dirent structures returned by VOP_READDIR. In particular,
	tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so.
	As a result, eight uninitialized kernel stack bytes may be leaked to
	userspace by these file systems. This problem is not present in
	FreeBSD 11.</p>
	<p>Additionally, msdosfs(5) was failing to zero-fill a pair of padding
	fields in the dirent structure, resulting in a leak of three
	uninitialized bytes.</p>
	<h1>Impact:</h1>
	<p>Kernel stack disclosures may leak sensitive information which could
	be used to compromise the security of the system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25578</cvename>
      <cvename>CVE-2020-25579</cvename>
      <freebsdsa>SA-21:01.fsdisclosure</freebsdsa>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-01-29</entry>
    </dates>
  </vuln>

  <vuln vid="13ca36b8-6141-11eb-8a36-7085c2fb2c14">
    <topic>pngcheck -- Buffer-overrun vulnerability</topic>
    <affects>
      <package>
	<name>pngcheck</name>
	<range><lt>3.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The libpng project reports:</p>
	<blockquote cite="http://www.libpng.org/pub/png/apps/pngcheck.html">
	  <p>pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun
	    bugs related to the sPLT and PPLT chunks (the latter is a MNG-only
	    chunk, but it gets noticed even in PNG files if the -s option is used).
	    Both bugs are fixed in version 3.0.1, released on 24 January 2021.
	    Again, while all known vulnerabilities are fixed in this version,
	    the code is quite crufty, so it would be safest to assume there are
	    still some problems hidden in there. As always, use at your own risk.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.libpng.org/pub/png/apps/pngcheck.html</url>
    </references>
    <dates>
      <discovery>2021-01-24</discovery>
      <entry>2021-01-28</entry>
    </dates>
  </vuln>

  <vuln vid="f3cf4b33-6013-11eb-9a0e-206a8a720317">
    <topic>sudo -- Multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>sudo</name>
       <range><lt>1.9.5p2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Todd C. Miller reports:</p>
       <blockquote cite="https://www.sudo.ws/stable.html#1.9.5p2">
	 <p>When invoked as sudoedit, the same set of command line options
	    are now accepted as for sudo -e. The -H and -P options are now
	    rejected for sudoedit and sudo -e which matches the sudo 1.7
	    behavior. This is part of the fix for CVE-2021-3156.</p>
	 <p>Fixed a potential buffer overflow when unescaping backslashes in
	    the command's arguments. Normally, sudo escapes special characters
	    when running a command via a shell (sudo -s or sudo -i). However,
	    it was also possible to run sudoedit with the -s or -i flags in
	    which case no escaping had actually been done, making a buffer
	    overflow possible. This fixes CVE-2021-3156.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <url>https://www.sudo.ws/stable.html#1.9.5p2</url>
      <cvename>CVE-2021-3156</cvename>
    </references>
    <dates>
      <discovery>2021-01-26</discovery>
      <entry>2021-01-26</entry>
    </dates>
  </vuln>

  <vuln vid="fb67567a-5d95-11eb-a955-08002728f74c">
    <topic>pysaml2 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-pysaml2</name>
	<name>py37-pysaml2</name>
	<name>py38-pysaml2</name>
	<name>py39-pysaml2</name>
	<range><lt>6.5.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>pysaml2 Releases:</p>
	<blockquote cite="https://github.com/IdentityPython/pysaml2/releases">
	  <p>Fix processing of invalid SAML XML documents - CVE-2021-21238</p>
	  <p>Fix unspecified xmlsec1 key-type preference - CVE-2021-21239</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/IdentityPython/pysaml2/releases</url>
      <url>https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9</url>
      <url>https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62</url>
      <cvename>CVE-2021-21238</cvename>
      <cvename>CVE-2021-21239</cvename>
    </references>
    <dates>
      <discovery>2021-01-20</discovery>
      <entry>2021-01-26</entry>
    </dates>
  </vuln>

  <vuln vid="425f2143-8876-4b0a-af84-e0238c5c2062">
    <topic>jenkins -- Arbitrary file read vulnerability in workspace browsers</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.276</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.263.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-01-26/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-2197 / CVE-2021-21615</h5>
	  <p>Arbitrary file read vulnerability in workspace browsers</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-01-26/</url>
    </references>
    <dates>
      <discovery>2021-01-26</discovery>
      <entry>2021-01-26</entry>
    </dates>
  </vuln>

  <vuln vid="387bbade-5d1d-11eb-bf20-4437e6ad11c4">
    <topic>mutt -- denial of service</topic>
    <affects>
      <package>
	<name>mutt</name>
	<range><lt>2.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tavis Ormandy reports:</p>
	<blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/323">
	  <p>
	    rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a
	    denial of service (mailbox unavailability) by sending email messages
	    with sequences of semicolon characters in RFC822 address fields
	    (aka terminators of empty groups). A small email message from the
	    attacker can cause large memory consumption, and the victim
	    may then be unable to see email messages from other persons.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
    <url>https://gitlab.com/muttmua/mutt/-/issues/323</url>
    <cvename>CVE-2021-3181</cvename>
    </references>
    <dates>
      <discovery>2021-01-17</discovery>
      <entry>2021-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="31344707-5d87-11eb-929d-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql56-client</name>
	<range><lt>5.6.51</lt></range>
      </package>
      <package>
	<name>mysql57-client</name>
	<range><lt>5.7.33</lt></range>
      </package>
      <package>
	<name>mysql80-client</name>
	<range><lt>8.0.23</lt></range>
      </package>
      <package>
	<name>mysql56-server</name>
	<range><lt>5.6.51</lt></range>
      </package>
      <package>
	<name>mysql57-server</name>
	<range><lt>5.7.33</lt></range>
      </package>
      <package>
	<name>mysql80-server</name>
	<range><lt>8.0.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 34 new security patches for
	    Oracle MySQL Server and 4 for MySQL Client. </p>
	  <p>The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
	    MySQL is 6.8.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL</url>
      <url>CVE-2021-2046</url>
      <url>CVE-2021-2020</url>
      <url>CVE-2021-2024</url>
      <url>CVE-2021-2011</url>
      <url>CVE-2021-2006</url>
      <url>CVE-2021-2048</url>
      <url>CVE-2021-2028</url>
      <url>CVE-2021-2122</url>
      <url>CVE-2021-2058</url>
      <url>CVE-2021-2001</url>
      <url>CVE-2021-2016</url>
      <url>CVE-2021-2021</url>
      <url>CVE-2021-2030</url>
      <url>CVE-2021-2031</url>
      <url>CVE-2021-2036</url>
      <url>CVE-2021-2055</url>
      <url>CVE-2021-2060</url>
      <url>CVE-2021-2070</url>
      <url>CVE-2021-2076</url>
      <url>CVE-2021-2065</url>
      <url>CVE-2021-2014</url>
      <url>CVE-2021-2002</url>
      <url>CVE-2021-2012</url>
      <url>CVE-2021-2009</url>
      <url>CVE-2021-2072</url>
      <url>CVE-2021-2081</url>
      <url>CVE-2021-2022</url>
      <url>CVE-2021-2038</url>
      <url>CVE-2021-2061</url>
      <url>CVE-2021-2056</url>
      <url>CVE-2021-2087</url>
      <url>CVE-2021-2088</url>
      <url>CVE-2021-2032</url>
      <url>CVE-2021-2010</url>
      <url>CVE-2021-1998</url>
      <url>CVE-2021-2007</url>
      <url>CVE-2021-2019</url>
      <url>CVE-2021-2042</url>
    </references>
    <dates>
      <discovery>2021-01-23</discovery>
      <entry>2021-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.96</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html">
	  <p>This release contains 36 security fixes, including:</p>
	  <ul>
	    <li>[1137179] Critical CVE-2021-21117: Insufficient policy
	      enforcement in Cryptohome. Reported by Rory McNamara on
	      2020-10-10</li>
	    <li>[1161357] High CVE-2021-21118: Insufficient data validation in
	      V8. Reported by Tyler Nighswander (@tylerni7) of Theori on
	      2020-12-23</li>
	    <li>[1160534] High CVE-2021-21119: Use after free in Media. Reported
	      by Anonymous on 2020-12-20</li>
	    <li>[1160602] High CVE-2021-21120: Use after free in WebSQL.
	      Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha
	      Lab on 2020-12-21</li>
	    <li>[1161143] High CVE-2021-21121: Use after free in Omnibox.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-12-22</li>
	    <li>[1162131] High CVE-2021-21122: Use after free in Blink. Reported
	      by Renata Hodovan on 2020-12-28</li>
	    <li>[1137247] High CVE-2021-21123: Insufficient data validation in
	      File System API. Reported by Maciej Pulikowski on 2020-10-11</li>
	    <li>[1131346] High CVE-2021-21124: Potential user after free in
	      Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from
	      Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23</li>
	    <li>[1152327] High CVE-2021-21125: Insufficient policy enforcement
	      in File System API. Reported by Ron Masas (Imperva) on
	      2020-11-24</li>
	    <li>[1163228] High CVE-2020-16044: Use after free in WebRTC.
	      Reported by Ned Williamson of Project Zero on 2021-01-05</li>
	    <li>[1108126] Medium CVE-2021-21126: Insufficient policy enforcement
	      in extensions. Reported by David Erceg on 2020-07-22</li>
	    <li>[1115590] Medium CVE-2021-21127: Insufficient policy enforcement
	      in extensions. Reported by Jasminder Pal Singh, Web Services Point
	      WSP, Kotkapura on 2020-08-12</li>
	    <li>[1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.
	      Reported by Liang Dong on 2020-10-15</li>
	    <li>[1140403] Medium CVE-2021-21129: Insufficient policy enforcement
	      in File System API. Reported by Maciej Pulikowski on
	      2020-10-20</li>
	    <li>[1140410] Medium CVE-2021-21130: Insufficient policy enforcement
	      in File System API. Reported by Maciej Pulikowski on
	      2020-10-20</li>
	    <li>[1140417] Medium CVE-2021-21131: Insufficient policy enforcement
	      in File System API. Reported by Maciej Pulikowski on
	      2020-10-20</li>
	    <li>[1128206] Medium CVE-2021-21132: Inappropriate implementation in
	      DevTools. Reported by David Erceg on 2020-09-15</li>
	    <li>[1157743] Medium CVE-2021-21133: Insufficient policy enforcement
	      in Downloads. Reported by wester0x01
	      (https://twitter.com/wester0x01) on 2020-12-11</li>
	    <li>[1157800] Medium CVE-2021-21134: Incorrect security UI in Page
	      Info. Reported by wester0x01 (https://twitter.com/wester0x01) on
	      2020-12-11</li>
	    <li>[1157818] Medium CVE-2021-21135: Inappropriate implementation in
	      Performance API. Reported by ndevtk on 2020-12-11</li>
	    <li>[1038002] Low CVE-2021-21136: Insufficient policy enforcement in
	      WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad
	      Mohammed on 2019-12-27</li>
	    <li>[1093791] Low CVE-2021-21137: Inappropriate implementation in
	      DevTools. Reported by bobblybear on 2020-06-11</li>
	    <li>[1122487] Low CVE-2021-21138: Use after free in DevTools.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
	      at Qi'anxin Group on 2020-08-27</li>
	    <li>[1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported
	      by David Manouchehri on 2020-10-08</li>
	    <li>[1140435] Low CVE-2021-21141: Insufficient policy enforcement in
	      File System API. Reported by Maciej Pulikowski on 2020-10-20</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-16044</cvename>
      <cvename>CVE-2021-21117</cvename>
      <cvename>CVE-2021-21118</cvename>
      <cvename>CVE-2021-21119</cvename>
      <cvename>CVE-2021-21120</cvename>
      <cvename>CVE-2021-21121</cvename>
      <cvename>CVE-2021-21122</cvename>
      <cvename>CVE-2021-21123</cvename>
      <cvename>CVE-2021-21124</cvename>
      <cvename>CVE-2021-21125</cvename>
      <cvename>CVE-2021-21126</cvename>
      <cvename>CVE-2021-21127</cvename>
      <cvename>CVE-2021-21128</cvename>
      <cvename>CVE-2021-21129</cvename>
      <cvename>CVE-2021-21130</cvename>
      <cvename>CVE-2021-21131</cvename>
      <cvename>CVE-2021-21132</cvename>
      <cvename>CVE-2021-21133</cvename>
      <cvename>CVE-2021-21134</cvename>
      <cvename>CVE-2021-21135</cvename>
      <cvename>CVE-2021-21136</cvename>
      <cvename>CVE-2021-21137</cvename>
      <cvename>CVE-2021-21138</cvename>
      <cvename>CVE-2021-21139</cvename>
      <cvename>CVE-2021-21140</cvename>
      <cvename>CVE-2021-21141</cvename>
      <url>https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html</url>
    </references>
    <dates>
      <discovery>2021-01-19</discovery>
      <entry>2021-01-22</entry>
    </dates>
  </vuln>

  <vuln vid="35aef72c-5c8e-11eb-8309-4ccc6adda413">
    <topic>chocolate-doom -- Arbitrary code execution</topic>
    <affects>
      <package>
	<name>chocolate-doom</name>
	<range><lt>3.0.1</lt></range>
      </package>
      <package>
	<name>crispy-doom</name>
	<range><lt>5.9.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michal Dardas from LogicalTrust reports:</p>
	<blockquote cite="https://github.com/chocolate-doom/chocolate-doom/issues/1293">
	  <p>
	    The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate
	    the user-controlled num_players value, leading to a buffer overflow. A
	    malicious user can overwrite the server's stack.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/chocolate-doom/chocolate-doom/issues/1293</url>
      <cvename>CVE-2020-14983</cvename>
    </references>
    <dates>
      <discovery>2020-06-22</discovery>
      <entry>2021-01-22</entry>
    </dates>
  </vuln>

  <vuln vid="13c54e6d-5c45-11eb-b4e2-001b217b3468">
    <topic>nokogiri -- Security vulnerability</topic>
    <affects>
      <package>
	<name>rubygem-nokogiri</name>
	<name>rubygem-nokogiri18</name>
	<range><lt>1.11.0.rc3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Nokogiri reports:</p>
	<blockquote cite="https://nokogiri.org/CHANGELOG.html">
	  <p>In Nokogiri versions &lt;= 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nokogiri.org/CHANGELOG.html</url>
      <cvename>CVE-2020-26247</cvename>
    </references>
    <dates>
      <discovery>2021-01-22</discovery>
      <entry>2021-01-22</entry>
    </dates>
  </vuln>

  <vuln vid="5b5cf6e5-5b51-11eb-95ac-7f9491278677">
    <topic>dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities</topic>
    <affects>
      <package>
	<name>dnsmasq</name>
	<range><lt>2.83</lt></range>
      </package>
      <package> <!-- not currently active, but in case that someone had a stale package -->
	<name>dnsmasq-devel</name>
	<range><lt>2.83</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Kelley reports:</p>
	<blockquote cite="http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html">
	  <p>
	    There are broadly two sets of problems. The first is subtle errors
	    in dnsmasq's protections against the chronic weakness of the DNS
	    protocol to cache-poisoning attacks; the Birthday attack, Kaminsky,
	    etc.[...]
	  </p>
	  <p>
	    the second set of errors is a good old fashioned buffer overflow in
	    dnsmasq's DNSSEC code. If DNSSEC validation is enabled, an
	    installation is at risk.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html</url>
      <url>https://www.jsof-tech.com/disclosures/dnspooq/</url>
      <cvename>CVE-2020-25684</cvename>
      <cvename>CVE-2020-25685</cvename>
      <cvename>CVE-2020-25686</cvename>
      <cvename>CVE-2020-25681</cvename>
      <cvename>CVE-2020-25682</cvename>
      <cvename>CVE-2020-25683</cvename>
      <cvename>CVE-2020-25687</cvename>
    </references>
    <dates>
      <discovery>2020-09-16</discovery> <!-- CVE creation date, vuln apparently known since August to JSOF? -->
      <entry>2021-01-20</entry>
    </dates>
  </vuln>

  <vuln vid="6a4805d5-5aaf-11eb-a21d-79f5bc5ef6a9">
    <topic>go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.15.7,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/43783">
	  <p>The go command may execute arbitrary code at build time when cgo is
	    in use on Windows. This may occur when running "go get", or
	    any other command that builds code. Only users who build untrusted
	    code (and don't execute it) are affected. In addition to Windows
	    users, this can also affect Unix users who have "." listed
	    explicitly in their PATH and are running "go get" or build
	    commands outside of a module or with module mode disabled.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/43786">
	  <p>The P224() Curve implementation can in rare circumstances generate
	    incorrect outputs, including returning invalid points from
	    ScalarMult. The crypto/x509 and golang.org/x/crypto/ocsp (but not
	    crypto/tls) packages support P-224 ECDSA keys, but they are not
	    supported by publicly trusted certificate authorities. No other
	    standard library or golang.org/x/crypto package supports or uses the
	    P-224 curve.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3115</cvename>
      <url>http://golang.org/issue/43783</url>
      <cvename>CVE-2021-3114</cvename>
      <url>http://golang.org/issue/43786</url>
    </references>
    <dates>
      <discovery>2021-01-13</discovery>
      <entry>2021-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="8899298f-5a92-11eb-8558-3085a9a47796">
    <topic>cloud-init -- Wrong access permissions of authorized keys</topic>
    <affects>
      <package>
       <name>cloud-init</name>
       <range><ge>20.4</ge><lt>20.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cloud-init reports:</p>
	<blockquote cite="https://bugs.launchpad.net/cloud-init/+bug/1911680">
	 <p>cloud-init release 20.4.1 is now available.  This is a hotfix
	 release, that contains a single patch to address a security issue in
	 cloud-init 20.4.</p>

	 <p>Briefly, for users who provide more than one unique SSH key to
	 cloud-init and have a shared AuthorizedKeysFile configured in
	 sshd_config, cloud-init 20.4 started writing all of these keys to such a
	 file, granting all such keys SSH access as root.</p>

	 <p>It's worth restating this implication: if you are using the default
	 AuthorizedKeysFile setting in /etc/ssh/sshd_config, as most will be,
	 then you are _not_ affected by this issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugs.launchpad.net/cloud-init/+bug/1911680</url>
    </references>
    <dates>
      <discovery>2021-01-14</discovery>
      <entry>2021-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="abed4ff0-7da1-4236-880d-de33e4895315">
    <topic>moinmoin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>moinmoin</name>
	<range><lt>1.9.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MoinMoin reports:</p>
	<blockquote cite="https://github.com/moinwiki/moin-1.9/blob/1.9.11/docs/CHANGES#L13">
	<ul>
	  <li><p>Security fix for CVE-2020-25074: fix remote code execution via cache action</p></li>
	  <li><p>Security fix for CVE-2020-15275: fix malicious SVG attachment causing stored XSS vulnerability</p></li>
	</ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/moinwiki/moin-1.9/blob/1.9.11/docs/CHANGES#L13</url>
      <cvename>CVE-2020-25074</cvename>
      <cvename>CVE-2020-15275</cvename>
    </references>
    <dates>
      <discovery>2020-11-08</discovery>
      <entry>2021-01-18</entry>
    </dates>
  </vuln>

  <vuln vid="62642942-590f-11eb-a0dc-8c164582fbac">
    <topic>Ghostscript -- SAFER Sandbox Breakout</topic>
    <affects>
      <package>
	<name>ghostscript9-agpl-base</name>
	<range><ge>9.50</ge><lt>9.52_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-15900">
	  <p>A memory corruption issue was found in Artifex
	  Ghostscript 9.50 and 9.52. Use of a non-standard
	  PostScript operator can allow overriding of file access
	  controls. The 'rsearch' calculation for the 'post' size
	  resulted in a size that was too large, and could underflow
	  to max uint32_t. This was fixed in commit
	  5d499272b95a6b890a1397e11d20937de000d31b.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-15900</url>
    </references>
    <dates>
      <discovery>2020-07-28</discovery>
      <entry>2021-01-17</entry>
    </dates>
  </vuln>

  <vuln vid="08b553ed-537a-11eb-be6e-0022489ad614">
    <topic>Node.js -- January 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node10</name>
	<range><lt>10.23.1</lt></range>
      </package>
      <package>
	<name>node12</name>
	<range><lt>12.20.1</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.15.4</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>15.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/">
	  <h1>use-after-free in TLSWrap (High) (CVE-2020-8265)</h1>
	  <p>Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.</p>
	  <h1>HTTP Request Smuggling in nodejs (Low) (CVE-2020-8287)</h1>
	  <p>Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.</p>
	  <h1>OpenSSL - EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)</h1>
	  <p>iThis is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/</url>
      <url>https://www.openssl.org/news/secadv/20201208.txt</url>
      <cvename>CVE-2020-8265</cvename>
      <cvename>CVE-2020-8287</cvename>
      <cvename>CVE-2020-1971</cvename>
    </references>
    <dates>
      <discovery>2021-01-04</discovery>
      <entry>2021-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="0a8ebf4a-5660-11eb-b4e2-001b217b3468">
    <topic>Gitlab -- vulnerability</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.7.0</ge><lt>13.7.4</lt></range>
	<range><ge>13.6.0</ge><lt>13.6.5</lt></range>
	<range><ge>12.2</ge><lt>13.5.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/">
	  <p>Ability to steal a user's API access token through GitLab Pages</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/</url>
    </references>
    <dates>
      <discovery>2021-01-14</discovery>
      <entry>2021-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="6d554d6e-5638-11eb-9d36-5404a68ad561">
    <topic>wavpack -- integer overflow in pack_utils.c</topic>
    <affects>
      <package>
	<name>wavpack</name>
	<range><lt>5.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The wavpack project reports:</p>
	<blockquote cite="https://github.com/dbry/WavPack/blob/733616993d53cc1f9a7ffb88a858447ba51eb0ee/ChangeLog">
	  <p>src/pack_utils.c
	    - issue #91: fix integer overflows resulting in buffer overruns (CVE-2020-35738)
	    - sanitize configuration parameters better (improves clarity and aids debugging)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/dbry/WavPack/blob/733616993d53cc1f9a7ffb88a858447ba51eb0ee/ChangeLog</url>
      <cvename>CVE-2020-35738</cvename>
    </references>
    <dates>
      <discovery>2020-12-29</discovery>
      <entry>2021-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="d6f76976-e86d-4f9a-9362-76c849b10db2">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.275</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.263.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-01-13/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-1452 / CVE-2021-21602</h5>
	  <p>Arbitrary file read vulnerability in workspace browsers</p>
	  <h5>(High) SECURITY-1889 / CVE-2021-21603</h5>
	  <p>XSS vulnerability in notification bar</p>
	  <h5>(High) SECURITY-1923 / CVE-2021-21604</h5>
	  <p>Improper handling of REST API XML deserialization errors</p>
	  <h5>(High) SECURITY-2021 / CVE-2021-21605</h5>
	  <p>Path traversal vulnerability in agent names</p>
	  <h5>(Medium) SECURITY-2023 / CVE-2021-21606</h5>
	  <p>Arbitrary file existence check in file fingerprints</p>
	  <h5>(Medium) SECURITY-2025 / CVE-2021-21607</h5>
	  <p>Excessive memory allocation in graph URLs leads to denial of service</p>
	  <h5>(High) SECURITY-2035 / CVE-2021-21608</h5>
	  <p>Stored XSS vulnerability in button labels</p>
	  <h5>(Low) SECURITY-2047 / CVE-2021-21609</h5>
	  <p>Missing permission check for paths with specific prefix</p>
	  <h5>(High) SECURITY-2153 / CVE-2021-21610</h5>
	  <p>Reflected XSS vulnerability in markup formatter preview</p>
	  <h5>(High) SECURITY-2171 / CVE-2021-21611</h5>
	  <p>Stored XSS vulnerability on new item page</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-01-13/</url>
    </references>
    <dates>
      <discovery>2021-01-13</discovery>
      <entry>2021-01-13</entry>
    </dates>
  </vuln>

  <vuln vid="1f655433-551b-11eb-9cda-589cfc0f81b0">
    <topic>phpmyfaq -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><le>3.0.6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2020-12-23">
	  <p> phpMyFAQ does not implement sufficient checks to avoid XSS
	  injection for displaying tags. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.phpmyfaq.de/security/advisory-2020-12-23</url>
    </references>
    <dates>
      <discovery>2020-12-23</discovery>
      <entry>2021-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="6193b3f6-548c-11eb-ba01-206a8a720317">
    <topic>sudo -- Potential information leak in sudoedit</topic>
    <affects>
      <package>
       <name>sudo</name>
       <range><lt>1.9.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Todd C. Miller reports:</p>
       <blockquote cite="https://www.sudo.ws/stable.html#1.9.5">
	 <p>A potential information leak in sudoedit that could be used to
	    test for the existence of directories not normally accessible to
	    the user in certain circumstances. When creating a new file,
	    sudoedit checks to make sure the parent directory of the new file
	    exists before running the editor. However, a race condition exists
	    if the invoking user can replace (or create) the parent directory.
	    If a symbolic link is created in place of the parent directory,
	    sudoedit will run the editor as long as the target of the link
	    exists.If the target of the link does not exist, an error message
	    will be displayed. The race condition can be used to test for the
	    existence of an arbitrary directory. However, it _cannot_ be used
	    to write to an arbitrary location.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <url>https://www.sudo.ws/stable.html#1.9.5</url>
      <cvename>CVE-2021-23239</cvename>
    </references>
    <dates>
      <discovery>2021-01-11</discovery>
      <entry>2021-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="a3cef1e6-51d8-11eb-9b8d-08002728f74c">
    <topic>CairoSVG -- Regular Expression Denial of Service vulnerability</topic>
    <affects>
      <package>
	<name>py36-cairosvg</name>
	<name>py37-cairosvg</name>
	<name>py38-cairosvg</name>
	<name>py39-cairosvg</name>
	<range><ge>2.0.0</ge><lt>2.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CairoSVG security advisories:</p>
	<blockquote cite="https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf">
	  <p>When processing SVG files, the python package CairoSVG uses two regular
	    expressions which are vulnerable to Regular Expression Denial of Service
	    (REDoS).</p>
	  <p>If an attacker provides a malicious SVG, it can make cairosvg get stuck
	    processing the file for a very long time.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf</url>
    </references>
    <dates>
      <discovery>2020-12-30</discovery>
      <entry>2021-01-10</entry>
    </dates>
  </vuln>

  <vuln vid="a2a2b34d-52b4-11eb-87cb-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.7.0</ge><lt>13.7.2</lt></range>
	<range><ge>13.6.0</ge><lt>13.6.4</lt></range>
	<range><ge>12.2</ge><lt>13.5.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/">
	  <p>Ability to steal a user's API access token through GitLab Pages</p>
	  <p>Prometheus denial of service via HTTP request with custom method</p>
	  <p>Unauthorized user is able to access private repository information under specific conditions</p>
	  <p>Regular expression denial of service in NuGet API</p>
	  <p>Regular expression denial of service in package uploads</p>
	  <p>Update curl dependency</p>
	  <p>CVE-2019-3881 mitigation</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/</url>
      <cvename>CVE-2021-22166</cvename>
      <cvename>CVE-2020-26414</cvename>
      <cvename>CVE-2019-3881</cvename>
    </references>
    <dates>
      <discovery>2021-01-07</discovery>
      <entry>2021-01-09</entry>
    </dates>
  </vuln>

  <vuln vid="d153c4d2-50f8-11eb-8046-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>87.0.4280.141</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html">
	  <p>This release includes 16 security fixes, including:</p>
	  <ul>
	    <li>[1148749] High CVE-2021-21106: Use after free in autofill.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group on 2020-11-13</li>
	    <li>[1153595] High CVE-2021-21107: Use after free in drag and
	      drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-11-30</li>
	    <li>[1155426] High CVE-2021-21108: Use after free in media.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-12-04</li>
	    <li>[1152334] High CVE-2021-21109: Use after free in payments.
	      Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
	      2020-11-24</li>
	    <li>[1152451] High CVE-2021-21110: Use after free in safe
	      browsing. Reported by Anonymous on 2020-11-24</li>
	    <li>[1149125] High CVE-2021-21111: Insufficient policy enforcement
	      in WebUI. Reported by Alesandro Ortiz on 2020-11-15</li>
	    <li>[1151298] High CVE-2021-21112: Use after free in Blink.
	     Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on
	      2020-11-20</li>
	    <li>[1155178] High CVE-2021-21113: Heap buffer overflow in Skia.
	      Reported by tsubmunu on 2020-12-03</li>
	    <li>[1148309] High CVE-2020-16043: Insufficient data validation in
	      networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory
	      Vishnepolsky at Armis on 2020-11-12</li>
	    <li>[1150065] High CVE-2021-21114: Use after free in audio.
	      Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17</li>
	    <li>[1157790] High CVE-2020-15995: Out of bounds write in V8.
	      Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu
	      Lab on 2020-12-11</li>
	    <li>[1157814] High CVE-2021-21115: Use after free in safe browsing.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-12-11</li>
	    <li>[1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.
	      Reported by Alison Huffman, Microsoft Browser Vulnerability
	      Research on 2020-11-19</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-15995</cvename>
      <cvename>CVE-2020-16043</cvename>
      <cvename>CVE-2021-21106</cvename>
      <cvename>CVE-2021-21107</cvename>
      <cvename>CVE-2021-21108</cvename>
      <cvename>CVE-2021-21109</cvename>
      <cvename>CVE-2021-21110</cvename>
      <cvename>CVE-2021-21111</cvename>
      <cvename>CVE-2021-21112</cvename>
      <cvename>CVE-2021-21113</cvename>
      <cvename>CVE-2021-21114</cvename>
      <cvename>CVE-2021-21115</cvename>
      <cvename>CVE-2021-21116</cvename>
      <url>https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-01-06</discovery>
      <entry>2021-01-07</entry>
    </dates>
  </vuln>

  <vuln vid="bd98066d-4ea4-11eb-b412-e86a64caca56">
    <topic>mail/dovecot -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dovecot</name>
	<range><lt>2.3.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aki Tuomi reports:</p>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html">
	  <p>When imap hibernation is active, an attacker can cause Dovecot to
	    discover file system directory structure and access other users'
	    emails using specially crafted command.
	    The attacker must have valid credentials to access the
	    mail server.</p>
	</blockquote>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html">
	  <p>Mail delivery / parsing crashed when the 10 000th MIME part was
	    message/rfc822 (or if parent was multipart/digest). This happened
	    due to earlier MIME parsing changes for CVE-2020-12100.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html</url>
      <cvename>CVE-2020-24386</cvename>
      <cvename>CVE-2020-25275</cvename>
    </references>
    <dates>
      <discovery>2020-08-17</discovery>
      <entry>2021-01-04</entry>
    </dates>
  </vuln>