├── gsd-experimental ├── README.md └── experiment_1 │ ├── Tracking Changes.md │ ├── MVP Requirements.md │ ├── UVI-2021-1002351.json │ └── UVI-2021-1000001.json ├── .gitignore ├── wardley-maps ├── vulnerability-handling-2022-02-26.png.png ├── vulnerability-info.wm └── vulnerability-handling.wm ├── README.md ├── scope-coverage └── examples.md ├── postmortems ├── CVE 2021 no affected version in data raw list.md ├── accidental-deletions.md ├── Wrong-description-for-CVE-2021-25978.md ├── abnormal-gsd-entries.md ├── vim is vulnerable to Heap-based Buffer Overflow.md ├── README.md ├── cves-with-inconsistent-json-formatting.md ├── Use of CVE to differentiate text.md ├── CVE-2021-41773.md ├── CVE-2021-38467.md ├── Use of the exact same text.md └── CVE-2021-no-affected-version-in-data-raw-list.txt ├── TODO.md ├── CONTRIBUTING.md ├── analysis └── cve │ ├── nvd-cve-assigner-data.sh │ ├── nvd-json-urls.txt │ ├── CVE-Data-Sources.md │ ├── nvd-cve-assigner-data.py │ ├── mitre-cve-by-current-and-past-years.py │ └── cve-by-year-assigner.csv ├── Vulnerability Identifier Landscape.md ├── examples └── GSD-2021-1002352-description.txt ├── CODE_OF_CONDUCT.md ├── data-formats └── Thoughts-on-data-formats.md ├── LICENSE └── comments-on-docs └── Comments-on-NIST-SP-800-216.md /gsd-experimental/README.md: -------------------------------------------------------------------------------- 1 | # gsd-experimental 2 | GSD Experimentation Repo 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Script generated content 2 | analysis/cve/allitems.csv 3 | analysis/cve/nvdcve-1.1-20*.json 4 | 5 | # Obsidian.md config 6 | .obsidian 7 | -------------------------------------------------------------------------------- /wardley-maps/vulnerability-handling-2022-02-26.png.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CloudSecurityAlliance/gsd-project/HEAD/wardley-maps/vulnerability-handling-2022-02-26.png.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Global Security Database Project Plans 2 | 3 | This repo has been merged into gsd-tools: https://github.com/cloudsecurityalliance/gsd-tools/tree/main/gsd-project 4 | 5 | For the GSD Database, please see: https://github.com/cloudsecurityalliance/gsd-database 6 | For everything else, please see: https://github.com/cloudsecurityalliance/gsd-tools 7 | -------------------------------------------------------------------------------- /scope-coverage/examples.md: -------------------------------------------------------------------------------- 1 | # Crypto scams 2 | 3 | https://twitter.com/brianmcmichael/status/1473318960674312206 4 | 5 | Email with public and private key, to retrieve the value you need to transfer some money in, but then it gets taken by the attacker. Classic scam. 6 | 7 | IOC:Includes wallet addresses 8 | 9 | # SMS phishing 10 | 11 | Do we want to cover phishing scams such as SMS messages (you have a refund/etc.)? 12 | 13 | IOC: includes website URL 14 | -------------------------------------------------------------------------------- /gsd-experimental/experiment_1/Tracking Changes.md: -------------------------------------------------------------------------------- 1 | Don't do this: 2 | 3 | ```json 4 | { 5 | "GSD-ID": "GSD-2021-1234567" 6 | "CHANGE_LOG": { 7 | "id": "GSD-2021-1234567", 8 | "changes": [ 9 | { 10 | "OLD": {}, 11 | "NEW": {}, 12 | "CHANGED_BY": {}, 13 | "TIMESTAMP": "" 14 | } 15 | ] 16 | } 17 | } 18 | ``` 19 | 20 | For now we'll rely entirely on Git for version control/history/blame related data. Long term we don't want to cement ourselves within Git, but it serves our needs for now. -------------------------------------------------------------------------------- /postmortems/CVE 2021 no affected version in data raw list.md: -------------------------------------------------------------------------------- 1 | # CVE 2021 no affected version in data raw list 2 | 3 | Many 2021 CVE's contain no meta data about the affected product/version. A raw list is: 4 | 5 | CVE-2021-no-affected-version-raw-list.txt 6 | 7 | Many do not have vulnerability text in the CVE description either, meaning you must go to the original source material to determine what is/is not affected. 8 | 9 | # Reccomendations: 10 | 11 | 1. Ensure meta data is present or explain why it is not present (e.g. Cloud services may legitimately have no version data) 12 | -------------------------------------------------------------------------------- /TODO.md: -------------------------------------------------------------------------------- 1 | # GSD Projects 2 | 3 | The gsd-project repo is designed to support the project, meeting times, agendas, minutes, planning, roadmaps, vision, etc. are contained here. 4 | ### Todo 5 | - [ ] Update README.md 6 | - [ ] Policy - Policy mostly doesn't exist today. We need to write down a lot of what's happening in the project as well as future goals. This TODO list should probably exist there too. You can find the closest thing to a policy repo here https://github.com/cloudsecurityalliance/gsd-project-plans It's very disorganized and needs organization. 7 | - [ ] GSD needs a logo 8 | 9 | ### In progress 10 | 11 | ### Completed 12 | 13 | ### Cancelled 14 | -------------------------------------------------------------------------------- /postmortems/accidental-deletions.md: -------------------------------------------------------------------------------- 1 | # Accidental deletions of data 2 | 3 | https://github.com/CVEProject/cvelist/commits/master/2021/43xxx/CVE-2021-43566.json 4 | 5 | On Nov 9, 2021 MSRC accientally deleted around 1,028 files from the cvelist git repo as well as a lot of content, it appears they forgot to use a branch? 6 | 7 | https://github.com/CVEProject/cvelist/commit/938debeed0dc5ff4eff0a7b3a8b4f39c8881b6bd#diff-7e001bbd4c1efff3745bc4f2c5dcfa7ab2d192fef03253754eee5134003fae3f 8 | 9 | And then a week later MITRE reverted the commit to fix it mostly: 10 | 11 | https://github.com/CVEProject/cvelist/commit/df296d9e014bf68ef22c0583c98da3fbe42ea316#diff-7e001bbd4c1efff3745bc4f2c5dcfa7ab2d192fef03253754eee5134003fae3f 12 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution Guide 2 | 3 | Have questions or don't know where to start? Join the forums and/or mailing list 4 | and ask away! 5 | 6 | - [Circle Community (Forums)](https://csaurl.org/gsd-circle) 7 | - [Mailing list](https://csaurl.org/gsd-mailing-list) 8 | 9 | ## Contributing to the database itself 10 | 11 | Please see the [GSD Database Contribution Guide](https://github.com/cloudsecurityalliance/gsd-database/blob/main/CONTRIBUTING.md). 12 | 13 | ## Contributing to the tooling and/or interfaces 14 | 15 | Please see the [GSD Tools Contribution Guide](https://github.com/cloudsecurityalliance/gsd-tools/blob/main/CONTRIBUTING.md). 16 | 17 | ## Other ways to contribute to the GSD project 18 | 19 | TODO 20 | -------------------------------------------------------------------------------- /analysis/cve/nvd-cve-assigner-data.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Quick and dirty way to generate a csv of data 4 | 5 | wget -q -i nvd-json-urls.txt 6 | gzip -d nvdcve-1.1-20*.gz 7 | 8 | echo "count,year,assigner" 9 | 10 | grep ASSIGNER nvdcve-1.1-20* | sort | uniq -c | sed 's/ nvdcve-1.1-/,/' | sed 's/\.json:\s*"ASSIGNER" : "/,/' | sed 's/^\s*//' | sed 's/"//' 11 | 12 | # TODO: convert this to python 13 | # TODO: output data in table format for easier excel parsing 14 | # TODO: generate some reports: 15 | # CNAs no longer active by year (e.g. last year active), yearly average before that 16 | # CNAs in decline, e.g. what year did they peak, what was the average, what was the last year 17 | # CNAs in growth, e.g. what year did they peak, what was the average, what was the last year 18 | # Reminder: ignore 2022 data for now (to early) 19 | -------------------------------------------------------------------------------- /Vulnerability Identifier Landscape.md: -------------------------------------------------------------------------------- 1 | # Vulnerability Identifier Landscape 2 | 3 | This list may be incomplete. If there is a project that you feel should be listed but is currently missing, please open a pull request to add it! 4 | 5 | - SBOM Formats 6 | - [CycloneDX](https://cyclonedx.org/) 7 | - [SPDX](https://spdx.dev/) 8 | - Software ID Formats 9 | - [cpe](https://nvd.nist.gov/products/cpe) 10 | - [pURL](https://github.com/package-url/purl-spec) 11 | - Vulnerability Applicability 12 | - [VEX](https://cyclonedx.org/capabilities/vex/) 13 | - Vulnerability ID Formats 14 | - [OSV Schema](https://ossf.github.io/osv-schema/) 15 | - [CSAF](https://oasis-open.github.io/csaf-documentation/) 16 | - Vuln ID Centralization 17 | - [GSD](https://globalsecuritydatabase.org) 18 | - [OSV Database](https://osv.dev) 19 | - [GitHub Advisory Database](https://github.com/github/advisory-database) 20 | -------------------------------------------------------------------------------- /wardley-maps/vulnerability-info.wm: -------------------------------------------------------------------------------- 1 | title Vulnerability Info 2 | 3 | component MachineReadableData [0.91, 0.36] inertia label [10, -20] 4 | evolve MachineReadableData 0.9 label [10, -20] 5 | 6 | component HumanReadableData [0.90, 0.20] 7 | 8 | component SourceURL [0.56, 0.55] 9 | component Affected [0.12, 0.53] 10 | component Fixed [0.37, 0.53] 11 | 12 | component Workaround [0.81, 0.27] label [5, -10] 13 | component VendorFix [0.98, 0.51] 14 | 15 | component VulnDetails [0.67, 0.35] 16 | component ExploitCode [0.39, 0.27] 17 | component Severity [0.30, 0.37] 18 | 19 | component SBOM [0.21, 0.34] 20 | component DepChain [0.28, 0.23] 21 | 22 | MachineReadableData->HumanReadableData 23 | SourceURL->VulnDetails 24 | VulnDetails->MachineReadableData 25 | VulnDetails->Workaround 26 | Affected->VulnDetails 27 | Fixed->VulnDetails 28 | ExploitCode->VulnDetails 29 | Severity->ExploitCode 30 | Severity->VulnDetails 31 | Affected->Fixed 32 | VendorFix->MachineReadable 33 | Affected->SBOM 34 | SBOM->DepChain 35 | 36 | 37 | -------------------------------------------------------------------------------- /postmortems/Wrong-description-for-CVE-2021-25978.md: -------------------------------------------------------------------------------- 1 | # Wrong description for CVE-2021-25978 2 | 3 | Add CVE-2021-25978 4 | Date: Sun Nov 7 18:51:38 2021 +0200 5 | https://github.com/CVEProject/cvelist/commit/6b7303286d9b9f008a5f8805eb192f759f53aaf5#diff-6e7fe5fcf7616300514ee62059e29deafddaa4ee65276e5adadc31dde8dee997 6 | 7 | "value": "Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed." 8 | 9 | Revert 10 | Date: Sun Nov 7 19:07:01 2021 +0200 11 | https://github.com/CVEProject/cvelist/commit/d4743e1a03ee6a7ad9507286ce29ec8d793970c0#diff-6e7fe5fcf7616300514ee62059e29deafddaa4ee65276e5adadc31dde8dee997 12 | 13 | Add CVE-2021-25979 14 | Date: Mon Nov 8 16:15:09 2021 +0200 15 | https://github.com/CVEProject/cvelist/commit/1aa30aa67748717c182c22ca06c5f25f513edfa3 16 | 17 | "value": "Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions." 18 | -------------------------------------------------------------------------------- /postmortems/abnormal-gsd-entries.md: -------------------------------------------------------------------------------- 1 | # Abnormal GSD entries that need cleanup: 2 | 3 | ## 2021/1002xxx/GSD-2021-1002352.json 4 | 5 | Duplicate of GSD-2021-44228 needs better meta data 6 | 7 | ## 2021/1002xxx/GSD-2021-1002353.json 8 | 9 | Duplicate of GSD-2021-45105 needs better meta data 10 | 11 | ## 2022/1000xxx/GSD-2022-1000000.json 12 | 13 | Needs conversion to OSV format 14 | 15 | ## 2022/1000xxx/GSD-2022-1000001.json 16 | 17 | Needs conversion to OSV format 18 | 19 | ## 2022/1000xxx/GSD-2022-1000002.json 20 | 21 | Needs conversion to OSV format 22 | 23 | ## 2022/1000xxx/GSD-2022-1000003.json 24 | 25 | Needs conversion to OSV format 26 | 27 | ## 2022/1000xxx/GSD-2022-1000004.json 28 | 29 | Needs conversion to OSV format 30 | 31 | ## 2022/1000xxx/GSD-2022-1000005.json 32 | 33 | Needs conversion to OSV format 34 | 35 | ## 2022/1000xxx/GSD-2022-1000006.json 36 | 37 | GSD-2021-42392 38 | 39 | ## 2022/1000xxx/GSD-2022-1000066.json 40 | 41 | Needs conversion to OSV format 42 | 43 | ## 2022/1000xxx/GSD-2022-1000067.json 44 | 45 | Needs conversion to OSV format 46 | 47 | ## 2022/1000xxx/GSD-2022-1000068.json 48 | 49 | Needs conversion to OSV format 50 | 51 | ## 2022/1000xxx/GSD-2022-1000292.json 52 | 53 | Duplicate of GSD-2022-1000293 needs better meta data 54 | 55 | ## 2022/1002xxx/GSD-2022-1002526.json 56 | 57 | Duplicate of GSD-2022-2274 needs better meta data 58 | -------------------------------------------------------------------------------- /postmortems/vim is vulnerable to Heap-based Buffer Overflow.md: -------------------------------------------------------------------------------- 1 | # "vim is vulnerable to Heap-based Buffer Overflow" 2 | 3 | https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=vim+is+vulnerable+to+Heap-based+Buffer+Overflow&search_type=all&isCpeNameSearch=false 4 | 5 | These CVE's all have the exact same description: 6 | 7 | * CVE-2021-3927 - https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0/ - Oct 26th 2021 8 | * CVE-2021-3903 - https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8/ - Oct 24th 2021 9 | * CVE-2021-3872 - https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8/ - Oct 7th 2021 10 | * CVE-2021-3875 - https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/ - Oct 5th 2021 11 | * CVE-2021-3778 - https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273/ - Sep 7th 2021 12 | * CVE-2021-3770 - https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/ - Sep 3rd 2021 13 | 14 | It appears someone fuzzed vim and then released the results piecemeal resul;ting in multiple CVEs rather than a single CVE for multiple issues within the same version/vulnerability type, etc. 15 | 16 | TODO: confirm same reporter, timelines 17 | 18 | TODO: The CVSS scores are all different, this needs investigation. 19 | 20 | # Recommendations: 21 | 22 | 1. Include data about related Security Identifiers and what the relationship is (e.g. parent/child/sibling?) 23 | -------------------------------------------------------------------------------- /analysis/cve/nvd-json-urls.txt: -------------------------------------------------------------------------------- 1 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2022.json.gz 2 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2021.json.gz 3 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.json.gz 4 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2019.json.gz 5 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2018.json.gz 6 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2017.json.gz 7 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.json.gz 8 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.json.gz 9 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2014.json.gz 10 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2013.json.gz 11 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2012.json.gz 12 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2011.json.gz 13 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.gz 14 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2009.json.gz 15 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.json.gz 16 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2007.json.gz 17 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2006.json.gz 18 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2005.json.gz 19 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2004.json.gz 20 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.json.gz 21 | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2002.json.gz 22 | -------------------------------------------------------------------------------- /postmortems/README.md: -------------------------------------------------------------------------------- 1 | # Postmortems 2 | 3 | Use #postmortemCVE on Twitter if it's a CVE postmortem 4 | 5 | Each one is fun and unique. 6 | 7 | ## CVE 2021 no affected version in data raw list 8 | 9 | No machine readable data for affected version. The human text description may or may not contain the data. 10 | 11 | [CVE 2021 no affected version in data raw list](CVE 2021 no affected version in data raw list.md) 12 | 13 | [The raw data](CVE-2021-no-affected-version-in-data-raw-list.txt) 14 | 15 | ## CVE-2021-38467 16 | 17 | Affected version is different across several CVE datasets and original data. 18 | 19 | [CVE-2021-38467](CVE-2021-38467.md) 20 | 21 | ## CVE-2021-41773 22 | 23 | Apache timeline 24 | 25 | [CVE-2021-41773](CVE-2021-41773.md) 26 | 27 | ## Use of CVE to differentiate text 28 | 29 | The text based descriptions contain no real data other than "this is different than CVE X" 30 | 31 | [Use of CVE to differentiate text](Use%20of%20CVE%20to%20differentiate%20text.md) 32 | 33 | ## Use of the exact same text 34 | 35 | The exact same description text is used, in one case 61 times. 36 | 37 | [Use of the exact same text](Use%20of%20the%20exact%20same%20text.md) 38 | 39 | ## vim is vulnerable to Heap-based Buffer Overflow 40 | 41 | Trickling out of results in order to get multiple CVEs, and there is no linking data to indicate they are related. 42 | 43 | [vim is vulnerable to Heap-based Buffer Overflow](vim%20is%20vulnerable%20to%20Heap-based%20Buffer%20Overflow.md) 44 | 45 | -------------------------------------------------------------------------------- /postmortems/cves-with-inconsistent-json-formatting.md: -------------------------------------------------------------------------------- 1 | # CVEs with inconsistent JSON formatting 2 | 3 | The typical JSON formatting in MITRE's CVE JSON is 4 | 5 | ``` 6 | "foo": "bar" 7 | ``` 8 | 9 | However the following CVEs have spaces, e.g.: 10 | 11 | ``` 12 | "data_type" : "CVE", 13 | ``` 14 | 15 | CVE-2021-1052 16 | CVE-2021-1053 17 | CVE-2021-1054 18 | CVE-2021-1055 19 | CVE-2021-1057 20 | CVE-2021-1058 21 | CVE-2021-1059 22 | CVE-2021-1060 23 | CVE-2021-1061 24 | CVE-2021-1062 25 | CVE-2021-1063 26 | CVE-2021-1064 27 | CVE-2021-1065 28 | CVE-2021-1066 29 | CVE-2021-1067 30 | CVE-2021-1068 31 | CVE-2021-1070 32 | CVE-2021-1071 33 | CVE-2021-1074 34 | CVE-2021-1075 35 | CVE-2021-1077 36 | CVE-2021-1078 37 | CVE-2021-1088 38 | CVE-2021-1105 39 | CVE-2021-1115 40 | CVE-2021-1116 41 | CVE-2021-1117 42 | CVE-2021-1118 43 | CVE-2021-1119 44 | CVE-2021-1120 45 | CVE-2021-1121 46 | CVE-2021-1122 47 | CVE-2021-1123 48 | CVE-2021-1125 49 | CVE-2021-20336 50 | CVE-2021-20392 51 | CVE-2021-20403 52 | CVE-2021-20439 53 | CVE-2021-20474 54 | CVE-2021-20487 55 | CVE-2021-20576 56 | CVE-2021-23175 57 | CVE-2021-23201 58 | CVE-2021-23217 59 | CVE-2021-23219 60 | CVE-2021-29665 61 | CVE-2021-29677 62 | CVE-2021-29696 63 | CVE-2021-29697 64 | CVE-2021-29704 65 | CVE-2021-29713 66 | CVE-2021-29725 67 | CVE-2021-29735 68 | CVE-2021-29753 69 | CVE-2021-29800 70 | CVE-2021-29802 71 | CVE-2021-29844 72 | CVE-2021-34399 73 | CVE-2021-34400 74 | CVE-2021-34401 75 | CVE-2021-34402 76 | CVE-2021-34403 77 | CVE-2021-34404 78 | CVE-2021-34405 79 | CVE-2021-34406 80 | CVE-2021-38972 81 | CVE-2021-38973 82 | CVE-2021-38985 83 | CVE-2021-38999 84 | 85 | These CVEs are all from 2 CNAs: psirt@nvidia.com and psirt@us.ibm.com, and represent a subset of all their CVEs, so it appear either tooling was broken for a while or there was some error for a period of time (but not for any other CNAs). 86 | -------------------------------------------------------------------------------- /wardley-maps/vulnerability-handling.wm: -------------------------------------------------------------------------------- 1 | title Mapping vulnerabilities to components 2 | 3 | component Vulnerability to componentt mapping with actionable information [0.95, 0.26] 4 | 5 | component Vendor Security Contact [0.20, 0.13] 6 | component Vendor ChangeLog [0.35, 0.21] 7 | component GitHub SECURITY.md [0.14, 0.42] 8 | component Bug Bounty [0.66, 0.66] 9 | component Security Scanner [0.80, 0.66] 10 | 11 | 12 | component Machine Readable Presentation [0.65, 0.50] 13 | component Human Readable Presentation [0.78, 0.47] 14 | 15 | component Vendor Advisory [0.42, 0.22] 16 | component Vendor Advisory GitHub [0.44, 0.51] 17 | 18 | component Vendor Issue [0.08, 0.22] 19 | component Vendor Issue GitHub [0.12, 0.51] 20 | 21 | component ID Vendor [0.14, 0.27] 22 | component ID GitHub [0.20, 0.38] 23 | component ID CVE [0.51, 0.30] 24 | component ID GSD [0.57, 0.57] 25 | 26 | component SBOM [0.71, 0.28] 27 | component DepChain [0.75, 0.20] 28 | 29 | Vendor Issue->ID Vendor 30 | Vendor Issue->Vendor Advisory 31 | Vendor Issue->Vendor ChangeLog 32 | ID Vendor->ID 3rd Party 33 | ID Vendor->ID CVE 34 | ID Vendor->ID GitHub 35 | ID Vendor->ID GSD 36 | ID GSD->Machine Readable Presentation 37 | Machine Readable Presentation->Human Readable Presentation 38 | Machine Readable Presentation->Vulnerability to componentt mapping with actionable information 39 | Human Readable Presentation->Vulnerability to componentt mapping with actionable information 40 | SBOM->Vulnerability to componentt mapping with actionable information 41 | SBOM->DepChain 42 | 43 | 44 | component Security Patch [0.66, 0.11] 45 | component New Release [0.78, 0.32] 46 | 47 | component Press Articles [0.85, 0.46] 48 | Human Readable Presentation->Press Articles 49 | 50 | townplanners [0.46, 0.37, 0.09, 0.55] 51 | pioneers [0.45, 0.10, 0.05, 0.30] 52 | settlers [0.80, 0.44, 0.55, 0.60] 53 | 54 | note GlobalSecurityDatabase [0.81, 0.43] 55 | note OSSF/LinuxFoundation [0.46, 0.10] 56 | note GitHub/GitLabs [0.47, 0.40] 57 | -------------------------------------------------------------------------------- /analysis/cve/CVE-Data-Sources.md: -------------------------------------------------------------------------------- 1 | # Notes on CVE Data Sources 2 | 3 | Not all CVE Data Sources are equal. 4 | 5 | | Data | MITRE - GitHub (JSON) | MITRE - Download page | NVD - Download page | 6 | | --- | --- | --- | --- | 7 | |URL | https://github.com/cveproject/cvelist | https://cve.mitre.org/data/downloads/index.html | https://nvd.nist.gov/vuln/data-feeds | 8 | |FORMAT|JSON|CSV/HTML/TXT/XML|JSON| 9 | |Example| https://github.com/CVEProject/cvelist/blob/master/2021/44xxx/CVE-2021-44228.json | https://cve.mitre.org/data/downloads/allitems.csv | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2021.json.gz | 10 | |ID|YES|YES|YES| 11 | |STATE|YES|In Description|ALWAYS PUBLIC| 12 | |description|YES|YES|YES| 13 | |MACHINE_affects|YES|NO|CPE FORMAT| 14 | |MACHINE_credit|YES|NO|NO| 15 | |MACHINE_impact|YES|NO|YES| 16 | |MACHINE_cvss|YES|NO|YES| 17 | |MACHINE_problemtype|YES|NO|YES| 18 | |MACHINE_references|YES|YES|YES| 19 | |MACHINE_source|YES|NO|NO| 20 | |publishedDate|NO|Assigned|YES| 21 | |lastmodifiedDate|NO|NO|YES| 22 | |ASSIGNER|YES|NO|YES| 23 | |MACHINE_CPE|NO|NO|YES| 24 | 25 | ## NVD API 26 | 27 | The NVD API (https://nvd.nist.gov/developers/vulnerabilities) appears to serve identical JSON as is in the JSON downloads. 28 | 29 | # In summary: 30 | 31 | * The MITRE Download page files (CSV/HTML/TXT/XML|JSON) contain far less data than the MITRE GitHub repo and the NVD JSON files. Don't use them. 32 | * MITRE only publishes the "publishedDate" which is whhen the CVE was assigned OR RESERVED, so it can be months in advance of the CVE actually being used 33 | * MITRE's machine readable affected data is usually incomplete, and missing in roughly 25% of entries, NVD has analysts add affected data in CPE format 34 | * The NVD publishedDate and the MITRE Assigned data are often different, it appears sometimes NVD uses the date of the first source becoming public (sometimes years or a decade in advance) 35 | 36 | The best source of CVE data that contains information (e.g. STATE is PUBLIC) is the NVD files/API. If you want to track RESERVED and so on you will want to get the MITRE GitHub JSON data. 37 | -------------------------------------------------------------------------------- /analysis/cve/nvd-cve-assigner-data.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Reminder: loading all the files into json takes 30 seconds or so 4 | 5 | import os 6 | import json 7 | import pprint 8 | 9 | # download files true or false 10 | download_files=False 11 | 12 | 13 | 14 | file_year_list=["2002", "2003", "2004", "2005", "2006", "2007", "2008", "2009", "2010", "2011", "2012", "2013", "2014", "2015", "2016", "2017", "2018", "2019", "2020", "2021", "2022"] 15 | 16 | # Ignore 2022 for now. 17 | data_year_list=["1999", "2000", "2001", "2002", "2003", "2004", "2005", "2006", "2007", "2008", "2009", "2010", "2011", "2012", "2013", "2014", "2015", "2016", "2017", "2018", "2019", "2020", "2021"] 18 | 19 | file_year_data=[] 20 | 21 | for year in file_year_list: 22 | file="nvdcve-1.1-" + str(year) + ".json" 23 | url="https://nvd.nist.gov/feeds/json/cve/1.1/" + file + ".gz" 24 | if download_files == True: 25 | os.system("wget -q " + url) 26 | os.system("gzip -d " + file + ".gz") 27 | 28 | file_handle = open(file) 29 | json_data = json.load(file_handle) 30 | for CVE_Items in json_data["CVE_Items"]: 31 | assigner = CVE_Items["cve"]["CVE_data_meta"]["ASSIGNER"] 32 | cve_id = CVE_Items["cve"]["CVE_data_meta"]["ID"] 33 | publishedDate = CVE_Items["publishedDate"] 34 | # use logic to assign assigned year (CVEID YEAR if > published date year) 35 | print(assigner + "," + cve_id + "," + publishedDate) 36 | # create an array with assigner ID's. then create sub arrays of data_year_list (1999 to now), set to 0 by default, set how many ID's assigned (count+1) 37 | # Then analyze the array and add: 38 | # first_year_seen (first non 0 year) 39 | # last_year_seen (last non 0 year) 40 | # lifespan (years in between last_year_seen and first_year_seen) 41 | # years_since_last_id (many are dead in 2020 and later) 42 | # cve_assigned_0 (any 0 years between first_year_seen and last_year_seen) 43 | # cve_assigned_min lowest non 0 year 44 | # cve_assigned_max higest year 45 | # cve_assigned_average (so total count divided by lifespan) 46 | # cve_assigned_last_year (last year #) 47 | -------------------------------------------------------------------------------- /gsd-experimental/experiment_1/MVP Requirements.md: -------------------------------------------------------------------------------- 1 | # MVP Requirements 2 | ## NOT a requirement 3 | 4 | - Machine readable changelog / git blame 5 | 6 | ## Data format 7 | 8 | [We use OSV by default, and may use other data formats or unspecified formats as well.](https://github.com/cloudsecurityalliance/gsd-project/blob/main/data-formats/Thoughts-on-data-formats.md) We will indicate what format we're using within the GSD, e.g.: 9 | 10 | **Generalized format:** 11 | ```json 12 | { 13 | "data_format": "NAMESPACE", 14 | "data_type": "NAME_OF_DATA_FORMAT", 15 | "data_version": "x.y.z" 16 | } 17 | ``` 18 | 19 | **OSV Format example:** 20 | ```json 21 | { 22 | "data_format": "osv.dev", 23 | "data_type": "OSV", 24 | "data_version": "1.0" 25 | } 26 | ``` 27 | 28 | **CVE Format example:** 29 | ```json 30 | { 31 | "data_format": "MITRE", 32 | "data_type": "CVE", 33 | "data_version": "4.0" 34 | } 35 | ``` 36 | 37 | ## Human Web Interface 38 | 39 | Example identifiers: 40 | - GSD ID - https://globalsecuritydatabase.org/identifier/GSD-2021-1000XXX 41 | - CVE ID - https://globalsecuritydatabase.org/identifier/CVE-2021-1337 42 | - GHSA ID - https://globalsecuritydatabase.org/identifier/GHSA-jc8m-cxhj-668x 43 | - Git commit hash - https://globalsecuritydatabase.org/identifier/d3a83576378b4c904f711598dde2c5e881c4295c 44 | - Named vuln 45 | - Heartbleed - https://globalsecuritydatabase.org/identifier/Heartbleed 46 | - BigSig - https://globalsecuritydatabase.org/identifier/BigSig 47 | - Log4Shell - https://globalsecuritydatabase.org/identifier/Log4Shell 48 | 49 | --- 50 | 51 | - [ ] Present the data, in a nice / well formatted manner 52 | - [ ] Allow updates/corrections of the data (from web interface) 53 | - Requires Github login & Github ID attached to update/data (via OAuth) 54 | - Show the GSD updates by default, and show the original data (we can discuss presentation options) 55 | - [ ] Search GSDs 56 | - Present single/multiple results if exists 57 | - Otherwise allow creation of new GSD 58 | - When searching by identifier, match GSDs by "equivalent" not by "related" 59 | - [ ] Guided process / web form for creation of new GSDs 60 | 61 | ## Machine Readable API 62 | 63 | - [ ] Parsed json blob (GSD world view w/ GSD updates to referenced data by default) 64 | - https://api.globalsecuritydatabase.io/GSD-2021-1000XXX 65 | 66 | -------------------------------------------------------------------------------- /gsd-experimental/experiment_1/UVI-2021-1002351.json: -------------------------------------------------------------------------------- 1 | { 2 | "uvi": { 3 | "vendor_name": "Linux", 4 | "product_name": "Kernel", 5 | "product_version": "versions from to before v5.15.4", 6 | "vulnerability_type": "unspecified", 7 | "affected_component": "unspecified", 8 | "attack_vector": "unspecified", 9 | "impact": "unspecified", 10 | "credit": "", 11 | "references": [ 12 | "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ef2590a5305e0b8e9342f84c2214aa478ee7f28e" 13 | ], 14 | "extended_references": [ 15 | { 16 | "type": "commit", 17 | "value": "ef2590a5305e0b8e9342f84c2214aa478ee7f28e", 18 | "note": "fixed" 19 | } 20 | ], 21 | "reporter": "joshbressers", 22 | "reporter_id": 1692786, 23 | "notes": "", 24 | "description": "thermal: Fix NULL pointer dereferences in of_thermal_ functions\n\nThis is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven.\nThis ID is fixed in Linux Kernel version v5.15.4 by commit ef2590a5305e0b8e9342f84c2214aa478ee7f28e. For more details please see the references link.", 25 | "EXPERIMENTAL_UPDATE": { 26 | "OSV": { 27 | "affected": [ 28 | { 29 | "package": { 30 | "name": "Kernel", 31 | "ecosystem": "Linux" 32 | }, 33 | "versions": ["5.15.3" 34 | ] 35 | } 36 | ] 37 | } 38 | } 39 | }, 40 | "OSV": { 41 | "id": "UVI-2021-1002351", 42 | "summary": "thermal: Fix NULL pointer dereferences in of_thermal_ functions", 43 | "details": "thermal: Fix NULL pointer dereferences in of_thermal_ functions\n\nThis is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven.\nThis ID is fixed in Linux Kernel version v5.15.4 by commit ef2590a5305e0b8e9342f84c2214aa478ee7f28e. For more details please see the references link.", 44 | "modified": "2021-11-29T02:40:01.773239Z", 45 | "published": "2021-11-29T02:40:01.773239Z", 46 | "affected": [ 47 | { 48 | "package": { 49 | "name": "Kernel", 50 | "ecosystem": "Linux" 51 | }, 52 | "ranges": [ 53 | { 54 | "type": "GIT", 55 | "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/", 56 | "events": [ 57 | { 58 | "introduced": "0" 59 | }, 60 | { 61 | "limit": "ef2590a5305e0b8e9342f84c2214aa478ee7f28e" 62 | } 63 | ] 64 | } 65 | ], 66 | "versions": [] 67 | } 68 | ] 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /postmortems/Use of CVE to differentiate text.md: -------------------------------------------------------------------------------- 1 | # Use of CVE ID to differentiate text describing CVE ID 2 | 3 | A lot of CVE text descriptions (especially from Microsoft) are now largely devoid of information, so much so that they must list other CVE ID's in order to differentiate the ID's: 4 | 5 | ``` 6 | wget https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2021.json.gz 7 | gzip -d nvdcve-1.1-2021.json.gz 8 | grep -A 2 "\"description_data\"" nvdcve-1.1-2021.json | grep "\"value\"" | grep "CVE-2021-" | grep -v " REJECT " | grep "\(unique\|different\|similar\)" | sort 9 | ``` 10 | Example data: 11 | 12 | Search for: "Storage Spaces Controller Elevation of Privilege Vulnerability" (https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=Storage+Spaces+Controller+Elevation+of+Privilege+Vulnerability&search_type=all&isCpeNameSearch=false) 13 | 14 | |CVE ID|Text Description| 15 | |------|----------------| 16 | |CVE-2021-41345|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.| 17 | |CVE-2021-40489|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345.| 18 | |CVE-2021-40488|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345.| 19 | |CVE-2021-40478|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.| 20 | |CVE-2021-26441|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.| 21 | |CVE-2021-34536|Storage Spaces Controller Elevation of Privilege Vulnerability| 22 | |CVE-2021-34460|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.| 23 | |CVE-2021-34513|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34510, CVE-2021-34512.| 24 | |CVE-2021-34512|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34510, CVE-2021-34513.| 25 | |CVE-2021-34510|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34512, CVE-2021-34513.| 26 | |CVE-2021-33751|Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34460, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.| 27 | |CVE-2021-26880|Storage Spaces Controller Elevation of Privilege Vulnerability| 28 | 29 | # Recommendations: 30 | 31 | 1. Ensure Security Identifiers have sufficient original sourcing in order to determine what they are/apply to. 32 | 2. For many Security ID's the description text doesn't matter that much 33 | -------------------------------------------------------------------------------- /postmortems/CVE-2021-41773.md: -------------------------------------------------------------------------------- 1 | # CVE-2021-41773 Post mortem 2 | 3 | ## Raw data 4 | 5 | Raw data 6 | 7 | ### Apache Security Web Page 8 | https://httpd.apache.org/security/vulnerabilities_24.html 9 | 10 | CVE-2021-41773 11 | https://web.archive.org/web/2021 10 05 192245/https://httpd.apache.org/security/vulnerabilities_24.html 12 | important: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773) 13 | 14 | CVE-2021-42013 15 | https://web.archive.org/web/2021 10 07 164605/https://httpd.apache.org/security/vulnerabilities_24.html 16 | critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) 17 | 18 | ### Apache mailing list 19 | 20 | http://mail-archives.apache.org/mod_mbox/www-announce/202110.mbox/browser 21 | 22 | CVE-2021-41773 23 | Tue, 05 Oct, 2021 09:03 GMT 24 | http://mail-archives.apache.org/mod_mbox/www-announce/202110.mbox/ajax/%3Ce377474b-8d81-035a-bd74-3c20e4a7c144%40apache.org%3E 25 | 26 | CVE-2021-42013 27 | Thu, 07 Oct 2021 15:24:32 GMT 28 | http://mail-archives.apache.org/mod_mbox/www-announce/202110.mbox/ajax/%3C7c4d9498-09ce-c4b4-b1c7-d55512fdc0b0%40apache.org%3E 29 | 30 | ### https://github.com/CVEProject/cvelist/ 31 | 32 | This reflects the website cve.mitre.org but has better time stamps 33 | 34 | https://github.com/CVEProject/cvelist/commits/master/2021/41xxx/CVE-2021-41773.json 35 | 36 | CVE-2021-41773 37 | https://github.com/CVEProject/cvelist/commit/04bf0a13d49b1b3fd57bee42b35c531d81474a60#diff-239e714021457d8852d0204b478dc59f66c90c48ff079a37f777af0cdbb22e32 38 | 39 | RCE (source info, no text) 40 | https://github.com/CVEProject/cvelist/commit/8f86aac9105e481cab7ff0fb074201e781a2bbc9#diff-239e714021457d8852d0204b478dc59f66c90c48ff079a37f777af0cdbb22e32 41 | 42 | RCE (source info, no text, RCE in url) 43 | https://github.com/CVEProject/cvelist/commit/4e45ffec8edeb016fb28f22ab8ed1fb0989b4f47#diff-239e714021457d8852d0204b478dc59f66c90c48ff079a37f777af0cdbb22e32 44 | 45 | Incomplete fix (source info, no text) 46 | https://github.com/CVEProject/cvelist/commit/354f1e56fa8e0dd2ba63baef34e3ef22891870bc#diff-239e714021457d8852d0204b478dc59f66c90c48ff079a37f777af0cdbb22e32 47 | 48 | RCE added to CVE text 49 | https://github.com/CVEProject/cvelist/commit/d1cf3ee6d81501890347071bb47f115eeed55671#diff-239e714021457d8852d0204b478dc59f66c90c48ff079a37f777af0cdbb22e32 50 | 51 | RCE added to CVE text pushed to repo 52 | https://github.com/CVEProject/cvelist/commit/951178fb7dd7b866e724923301d4f08439a02b23#diff-239e714021457d8852d0204b478dc59f66c90c48ff079a37f777af0cdbb22e32 53 | 54 | ### https://nvd.nist.gov/vuln/detail/CVE-2021-41773 55 | 56 | https://nvd.nist.gov/vuln/detail/CVE-2021-41773#VulnChangeHistorySection 57 | 58 | ### OSS-Security 59 | 60 | CVE-2021-41773 61 | Date: Tue, 05 Oct 2021 09:03:14 +0000 62 | https://www.openwall.com/lists/oss-security/2021/10/05/2 63 | 64 | RCE 65 | Date: Thu, 7 Oct 2021 06:01:43 +0000 66 | https://www.openwall.com/lists/oss-security/2021/10/07/1 67 | 68 | CVE-2021-42013 69 | Date: Thu, 07 Oct 2021 15:24:32 +0000 70 | https://www.openwall.com/lists/oss-security/2021/10/07/6 71 | 72 | RCE 73 | Date: Fri, 8 Oct 2021 03:18:14 +0200 74 | https://www.openwall.com/lists/oss-security/2021/10/08/1 75 | 76 | ### Twitter 77 | 78 | Change times to GMT -7 offset 79 | 80 | File inclusion 81 | 9:34 AM · Oct 5, 2021 82 | https://twitter.com/HackerGautam/status/1445412108863041544 83 | 84 | RCE 85 | 5:30 PM · Oct 5, 2021 86 | https://twitter.com/hackerfantastic/status/1445531829985968137 87 | 88 | ### Another postmortem: 89 | 90 | https://twitter.com/icing/status/1446504661448593408 91 | https://github.com/icing/blog/blob/main/httpd-2.4.50.md 92 | 93 | # Recommendations: 94 | 95 | 1. Lack of updated text about Apache httpd 2.4.49 gave the impression that the vulnerability was only an inclusion in 2.4.49, and an RCE in 2.4.50 when in fact it was an RCE in 2.4.49. 96 | 2. Watching "official" sources meant 2 days before learning it was an RCE, also that the RCE fits into a tweet 97 | -------------------------------------------------------------------------------- /gsd-experimental/experiment_1/UVI-2021-1000001.json: -------------------------------------------------------------------------------- 1 | { 2 | "UVI": { 3 | "vendor_name": "https://github.com/justdan96/tsMuxer", 4 | "product_name": "tsMuxer", 5 | "product_version": "2.6.16", 6 | "vulnerability_type": "Denial of service", 7 | "affected_component": "tsMuxer", 8 | "attack_vector": "mp4", 9 | "impact": "DoS", 10 | "credit": "huangxiao", 11 | "references": [ 12 | "https://github.com/justdan96/tsMuxer/issues/395" 13 | ], 14 | "reporter": "NigelX", 15 | "notes": "", 16 | "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-26805. Reason: This candidate is a duplicate of CVE-2021-26805. Notes: All CVE users should reference CVE-2021-26805 instead of this candidate.", 17 | "EXPERIMENTAL_UPDATE": { 18 | "cve.org": { 19 | "affects": { 20 | "vendor": { 21 | "vendor_data": [ 22 | { 23 | "vendor_name": "justdan96", 24 | "product": { 25 | "product_data": [ 26 | { 27 | "product_name": "tsMuxer", 28 | "version": { 29 | "version_data": [ 30 | { 31 | "version_value": "2.6.16" 32 | } 33 | ] 34 | } 35 | } 36 | ] 37 | } 38 | } 39 | ] 40 | } 41 | }, 42 | "problemtype": { 43 | "problemtype_data": [ 44 | { 45 | "description": [ 46 | { 47 | "lang": "eng", 48 | "value": "invalid delete error" 49 | } 50 | ] 51 | } 52 | ] 53 | } 54 | } 55 | } 56 | }, 57 | "OSV": { 58 | "id": "UVI-2021-1000001", 59 | "summary": "Denial of service in tsMuxer version 2.6.16", 60 | "details": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-26805. Reason: This candidate is a duplicate of CVE-2021-26805. Notes: All CVE users should reference CVE-2021-26805 instead of this candidate.", 61 | "modified": "2021-06-24T22:55:39.024188Z", 62 | "published": "2021-05-31T15:39:45.031586Z", 63 | "references": [ 64 | { 65 | "type": "WEB", 66 | "url": "https://github.com/justdan96/tsMuxer/issues/395" 67 | } 68 | ], 69 | "affected": [ 70 | { 71 | "package": { 72 | "name": "tsMuxer", 73 | "ecosystem": "DWF" 74 | }, 75 | "versions": [ 76 | "2.6.16" 77 | ] 78 | } 79 | ] 80 | }, 81 | "cve.org": { 82 | "CVE_data_meta": { 83 | "ASSIGNER": "cve@mitre.org", 84 | "ID": "CVE-2021-26805", 85 | "STATE": "PUBLIC" 86 | }, 87 | "affects": { 88 | "vendor": { 89 | "vendor_data": [ 90 | { 91 | "product": { 92 | "product_data": [ 93 | { 94 | "product_name": "n/a", 95 | "version": { 96 | "version_data": [ 97 | { 98 | "version_value": "n/a" 99 | } 100 | ] 101 | } 102 | } 103 | ] 104 | }, 105 | "vendor_name": "n/a" 106 | } 107 | ] 108 | } 109 | }, 110 | "data_format": "MITRE", 111 | "data_type": "CVE", 112 | "data_version": "4.0", 113 | "description": { 114 | "description_data": [ 115 | { 116 | "lang": "eng", 117 | "value": "Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file." 118 | } 119 | ] 120 | }, 121 | "problemtype": { 122 | "problemtype_data": [ 123 | { 124 | "description": [ 125 | { 126 | "lang": "eng", 127 | "value": "n/a" 128 | } 129 | ] 130 | } 131 | ] 132 | }, 133 | "references": { 134 | "reference_data": [ 135 | { 136 | "url": "https://github.com/justdan96/tsMuxer/issues/395", 137 | "refsource": "MISC", 138 | "name": "https://github.com/justdan96/tsMuxer/issues/395" 139 | } 140 | ] 141 | } 142 | } 143 | } 144 | -------------------------------------------------------------------------------- /analysis/cve/mitre-cve-by-current-and-past-years.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import csv 4 | import re 5 | import os 6 | 7 | os.system("wget -q https://cve.mitre.org/data/downloads/allitems.csv.gz") 8 | os.system("gzip -d allitems.csv.gz") 9 | 10 | CVEAssignedYears = {1999: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 11 | 2000: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 12 | 2001: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 13 | 2002: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 14 | 2003: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 15 | 2004: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 16 | 2005: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 17 | 2006: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 18 | 2007: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 19 | 2008: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 20 | 2009: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 21 | 2010: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 22 | 2011: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 23 | 2012: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 24 | 2013: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 25 | 2014: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 26 | 2015: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 27 | 2016: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 28 | 2017: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 29 | 2018: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 30 | 2019: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 31 | 2020: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 32 | 2021: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0}, 33 | 2022: {"CVEAssignmentsforCurrentYear":0, "CVEAssignmentsForPreviousYears":0} 34 | } 35 | 36 | with open('allitems.csv', newline='', encoding='ISO-8859-1') as csvfile: 37 | cvereader= csv.reader(csvfile, delimiter=',', quotechar='"') 38 | for row in cvereader: 39 | if re.search('^CVE-', row[0]): 40 | # Ignore reserved 41 | if re.search('^\*\* RESERVED \*\* ', row[2]): 42 | pass 43 | else: 44 | # Get the CVE ID Year 45 | CVEIDYear=re.sub('^CVE-', '', row[0]) 46 | CVEIDYear=re.sub('-[0-9]*$', '', CVEIDYear) 47 | 48 | # If we have an assignedDate value use it, and modify for prior reserved CVEs 49 | if re.search('Assigned \(', row[4]): 50 | assignedDateYear=re.sub('^Assigned \(', '', row[4]) 51 | assignedDateYear=re.sub('[0-9][0-9][0-9][0-9]\)$', '', assignedDateYear) 52 | 53 | # Add logic to check for reserved IDs from prior years, if so bump it up to the CVE Year in the ID itself 54 | if int(assignedDateYear) < int(CVEIDYear): 55 | assignedDateYear = CVEIDYear 56 | 57 | # If we do not have an assignedDate use the CVE year 58 | else: 59 | assignedDateYear=CVEIDYear 60 | 61 | # Write to the correct year counter if assigned in later years 62 | if int(assignedDateYear) > int(CVEIDYear): 63 | CVEAssignedYears[int(assignedDateYear)]["CVEAssignmentsForPreviousYears"] += 1 64 | else: 65 | CVEAssignedYears[int(assignedDateYear)]["CVEAssignmentsforCurrentYear"] += 1 66 | 67 | print("Year,CVEAssignmentsForPreviousYears,CVEAssignmentsforCurrentYear") 68 | 69 | for entry in CVEAssignedYears: 70 | print(str(entry) + "," + str(CVEAssignedYears[entry]["CVEAssignmentsForPreviousYears"]) + "," + str(CVEAssignedYears[entry]["CVEAssignmentsforCurrentYear"])) 71 | 72 | # To make this a nice excel chart 73 | # Open this in Excel 74 | # Select the headers and data for 1999-2020 75 | # Insert chart, bar, stacked 76 | # Right click on chart, "Select Data" 77 | # Click one orf the two Legend Entries and click "Edit" on the right side ("Horizontal (Category) Axis Labels") and select the years 78 | # Rename "Chart Title" to "CVE Activity" 79 | -------------------------------------------------------------------------------- /examples/GSD-2021-1002352-description.txt: -------------------------------------------------------------------------------- 1 | This vulnerability was not correctly fixed "in certain non-default configuration" and a new vulnerability and patch have been released, please see GSD-2021-1002353 (CVE-2021-45046). Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. 2 | 3 | In log4j 2.15.1 and later JNDI will be disabled by default: 4 | 5 | "Dealing with CVE-2021-44228 has shown the JNDI has significant security issues. While we have mitigated what we are aware of it would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it. Those who are will need to specify -Dlog4j2.enableJndi=true or the environment variable form of it to use any JNDI components." (https://issues.apache.org/jira/browse/LOG4J2-3208) 6 | 7 | In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to "true" or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false". 8 | 9 | Later versions of the Oracle Java JDK are not affected by the LDAP attack vector, but other vectors are available for exploitation: "JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector but please note this still leaves other attack vectors. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to "false" meaning JNDI cannot load remote code using LDAP." (https://www.lunasec.io/docs/blog/log4j-zero-day/) 10 | 11 | Also please note that log4j version 1.x is not affected by this specific vulnerability it does have a number of known serious security flaws and likely also contains Remote Code Execution vulnerabilities, upgrading it should be investigated. 12 | 13 | Hot patches: 14 | 15 | There are currently several projects providing hot patches that can modify a running system to remove the vulnerability and are OpenSource licensed allowing them to be easily audited: 16 | 17 | Log4jHotPatch 18 | 19 | This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup()". It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j without restarting the Java process. The dynamic and static agents are known to run on JDK 8 & 11 on Linux whereas on JDK 17 only the static agent is working (see below)" (https://github.com/corretto/hotpatch-for-apache-log4j2) 20 | 21 | Logout4Shell 22 | 23 | "However, enabling these system property requires access to the vulnerable servers as well as a restart. The Cybereason research team has developed the following code that exploits the same vulnerability and the payload therein forces the logger to reconfigure itself with the vulnerable setting disabled - this effectively blocks any further attempt to exploit Log4Shell on this server." (https://github.com/Cybereason/Logout4Shell) 24 | 25 | Detection 26 | 27 | Please see the GSD reference links tagged with "DETECTION" for more information (there are to many to list here). 28 | 29 | TOP LINKS: 30 | 31 | Best list of vulnerable software: https://github.com/NCSC-NL/log4shell/tree/main/software 32 | 33 | Best list of vulnerable services: https://github.com/YfryTchsGD/Log4jAttackSurface 34 | 35 | Best hotpatch: 36 | 37 | https://github.com/corretto/hotpatch-for-apache-log4j2 38 | 39 | Best detection: 40 | 41 | grep: https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b 42 | 43 | jarhashes: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes 44 | 45 | semgrep: https://github.com/returntocorp/semgrep-rules/pull/1650/commits/ecfc32623eec718d61ec83b9196574f333191008/ 46 | 47 | yara: https://github.com/timb-machine/log4j/ 48 | 49 | burpsuite: https://github.com/silentsignal/burp-log4shell 50 | 51 | Nmap NSE: https://github.com/Diverto/nse-log4shell 52 | 53 | Scanners: 54 | https://github.com/alexbakker/log4shell-tools 55 | https://github.com/fullhunt/log4j-scan 56 | https://github.com/takito1812/log4j-detect 57 | 58 | Exploitation: 59 | 60 | An exploit kit is available at https://github.com/pimps/JNDI-Exploit-Kit and it has also been reported that omitting the closing } can result in data from other requests being sent as some servers with log4j2 will apparently keep sending data until they find a closing }. 61 | -------------------------------------------------------------------------------- /postmortems/CVE-2021-38467.md: -------------------------------------------------------------------------------- 1 | # Postmortem on CVE-2021-38467 2 | 3 | While reviewing CVEs I ran across CVE-2021-38467 which has a number of problems 4 | 5 | ## Lack of vendor, product, vulnerability and fixed data: 6 | 7 | The CVE text description reads: 8 | 9 | > A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition. 10 | 11 | I was under the impression that the text description must include this data (CVE CNA rules 2.0 https://cve.mitre.org/cve/cna/CNA_Rules_v2.0.pdf specifically "Appendix B CVE Information Format") 12 | 13 | This is no longer the case, under the CVE CNA rules 3.0 (https://cve.mitre.org/cve/cna/rules.html specifically "8.2 Prose Description Requirements") this is no longer the case: 14 | 15 | > 8.2.1 MUST provide enough information for a reader to have a reasonable understanding of what products are affected. If the affected products are not explicitly listed in the description, then the CNA MUST provide a reference that points to the known affected products. 16 | 17 | > 8.2.2 SHOULD include the affected or fixed version(s). 18 | 19 | > 8.2.3 MUST include one of the following: 20 | 21 | > Vulnerability Type 22 | > Root Cause 23 | > Impact 24 | 25 | As such the text description with no vendor, product or affected version is allowed. 26 | 27 | ## Information about affected version 28 | 29 | Obviously which product and version are affected by a CVE are a central and critical issue (is this a Windows issue? Apache? Some OpenSource library? A commercial product?). 30 | 31 | Also the version affected is critical, are you running an affected version? Do you need to upgrade, and if so to what version specifically? 32 | 33 | ### https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38467 34 | 35 | No data, you must click original reference to find it 36 | 37 | AFFECTED: "NO DATA" 38 | FIXED: "NO DATA" 39 | 40 | ### https://www.cve.org/CVERecord?id=CVE-2021-38467 41 | 42 | > Vendor: AUVESY 43 | > Product: Versiondog 44 | > Versions Affected: 45 | > <=8.0: affects 8.0 and prior versions 46 | 47 | Note the web page includes the JSON, but it is not displayed by default 48 | 49 | AFFECTED: "<=8.0" 50 | FIXED: ">=8.1" (you must manually open and read the JSON data) 51 | 52 | ### https://github.com/CVEProject/cvelist/blob/master/2021/38xxx/CVE-2021-38467.json 53 | 54 | The JSON data says: 55 | 56 | > { 57 | > "vendor": { 58 | > "vendor_data": [ 59 | > { 60 | > "vendor_name": "AUVESY", 61 | > "product": { 62 | > "product_data": [ 63 | > { 64 | > "product_name": "Versiondog", 65 | > "version": { 66 | > "version_data": [ 67 | > { 68 | > "version_affected": "<=", 69 | > "version_name": "All", 70 | > "version_value": "8.0" 71 | 72 | and later on: 73 | 74 | > "solution": [ 75 | > { 76 | > "lang": "eng", 77 | > "value": "AUVESY recommends upgrading Versiondog to Version 8.1 or later (login required)." 78 | 79 | AFFECTED: "<=8.0.0" 80 | FIXED: ">=8.1" 81 | 82 | ### https://nvd.nist.gov/vuln/detail/CVE-2021-38467 83 | 84 | The CPE data says: 85 | 86 | > cpe:2.3:a:auvesy:versiondog:*:*:*:*:*:*:*:* 87 | > Up to (excluding) 88 | > 8.0.0 89 | 90 | AFFECTED: "<8.0.0" 91 | FIXED: "NO DATA" 92 | 93 | ### https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01 94 | 95 | The original report says: 96 | 97 | > 3.1 AFFECTED PRODUCTS 98 | > The following versions of Versiondog, a data management software for automated production, are affected: 99 | > Versiondog: All versions prior to v8.0 100 | 101 | But it also says later on: 102 | 103 | > 4. MITIGATIONS 104 | > AUVESY recommends upgrading Versiondog to Version 8.1 or later (login required). 105 | 106 | AFFECTED: "<8.0" 107 | FIXED: ">=8.1" 108 | 109 | ## Conclusion about product/version affected 110 | 111 | Based on the original source material form CISA: 112 | 113 | Versiondog prior to 8.0 is definitely affected. 114 | 115 | Versiondog 8.1 and later are definitely fixed. 116 | 117 | Verisondog 8.0 is probably vulnerable, but we can't be sure, someone needs to contact CISA, clarify this, and update the CVE. 118 | 119 | Verisondog 8.0.0 is probably vulnerable, but we can't be sure, someone needs to contact CISA, clarify this, and update the CVE. It is probably the same as 8.0. 120 | 121 | Based on the data from Mitre/NVD/etc. it's clear that there are problems in the parsing and interpretation of the data and that original source data is not being checked or verified. 122 | 123 | Based on the CISA and CVE/JSON data it's clear that CISA/MITRE has some mismatch in the source data and the CVE data. 124 | 125 | ## Recommendations: 126 | 127 | 1. Have a feedback method to indicate there is a problem 128 | 2. Have a feedback method to provide feedback on the problem 129 | 3. Have a feedback method to provide a solution for the problem (if applicable) 130 | 4. Provide links to contact original vulnerability reporter, vulnerability id requestor, and source material reporter, direct links (e.g. mailto) will result in a lack of transparency and no idea if the person has been contacted or not, so some form of ticketing system that also pushes out email/etc. 131 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, caste, color, religion, or sexual 10 | identity and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the overall 26 | community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or advances of 31 | any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email address, 35 | without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | codeofconduct@globalsecuritydatabase.org. 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series of 86 | actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or permanent 93 | ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within the 113 | community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.1, available at 119 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. 120 | 121 | Community Impact Guidelines were inspired by 122 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. 123 | 124 | For answers to common questions about this code of conduct, see the FAQ at 125 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at 126 | [https://www.contributor-covenant.org/translations][translations]. 127 | 128 | [homepage]: https://www.contributor-covenant.org 129 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html 130 | [Mozilla CoC]: https://github.com/mozilla/diversity 131 | [FAQ]: https://www.contributor-covenant.org/faq 132 | [translations]: https://www.contributor-covenant.org/translations 133 | -------------------------------------------------------------------------------- /data-formats/Thoughts-on-data-formats.md: -------------------------------------------------------------------------------- 1 | # Thoughts on data formats 2 | 3 | This is not a final document nor an official statement on the data format(s) used by the GSD. This is designed to help structure and encourage discussion around vulnerbaility identifer data formats. 4 | 5 | The GSD can use other peoples data formats, especially if we clearly label them as such. We can also provide mappings, e.g. OSV:affected:package:name maps to CVE:product:product_name to translate the data and make it easier to consume. 6 | 7 | # Compariong data formats 8 | 9 | [Google Sheet - Data Formats and versions Compared](https://docs.google.com/spreadsheets/d/14VHXigdynIGB8okW3jyvtNj-LE0fxEsoBNMvswX4Kwg/edit?usp=sharing) 10 | 11 | # GSD Identifer data components 12 | 13 | What data components MUST/SHOULD/CAN a GSD identifier have, what is the bare minimum to make these useful? 14 | 15 | ## a GSD Identifier MUST have: 16 | 17 | * Identifier 18 | * Meta data (time assigned, who requested it, etc.) 19 | * Reference URL (optional: type of URL, copy of data, etc.) OR Source (e.g. a namespace and an identifier, "redhat.com:RHSA-2021-1234" OR known exploit OR known exploitation 20 | 21 | Essentially we need some path of discoverability and some data with a degree of confidence indicated (e.g. confirmed, rumour, etc.). 22 | 23 | ## a GSD Identifier SHOULD have 24 | 25 | * Affected / Fixed / Vulnerable / Not Vulnerable products/services (CPE? JSON? Purl?) 26 | * Vulnerbaility information/type (e.g. CWE) 27 | * An overall confidence score between 0 and 10 based on sources, confirmation, etc. 28 | 29 | And ideally we want some information to make the security identifier directly useful for systems and humans beings that consume the data. 30 | 31 | ## a GSD Identifier CAN have: 32 | 33 | * Text description 34 | * Severity scores 35 | * Relationship data (parent/child/sibling/etc of) 36 | * Exploits (code/reproducers) 37 | * Exploitation (knowledge of exploitation) 38 | * Patches 39 | * Workarounds 40 | * Configuration related information 41 | 42 | # String and value handling - multiple values 43 | 44 | Anything that is a string or a value that can be more than one value needs to be a list so that multiple values can be clearly supported. A perfect example of this is [GSD-2021-1002352.json](https://github.com/cloudsecurityalliance/gsd-database/blob/main/2021/1002xxx/GSD-2021-1002352.json) which is called "log4j" and "log4j2" by Apache and other organizations use the names interchangeably it appears. This means that anything that is not clearly defined as having only a single possible value (e.g. the GSD ID itself, the assigned time) must be assumed to potentially be a list of values. 45 | 46 | # Human-readable vs machine-readable data 47 | 48 | The JSON data should contain both the human and machine readable data. Ideally a strong distinction should be made, e.g. machine readable affected product data should be highly structured, but a human readable text description should be allowed (e.g. the current style of CVE text description), and any human readable data MUST allow basic formatting, I think standardizing on Markdown is the most sensible solution. The current mess that is CVE text descriptions (overly short, some unreadable due to "ths is not CVE-FOO" and so on) and the experience of turning the text description in GSD-2021-1002352 into something more readable comes to mind. It should be noted that MITRE doesn't even allow line returns to split text up into paragraphs/etc (if you submit a CVE JSON entry they strip the line returns). 49 | 50 | # Types of fields 51 | 52 | ## Unique vs multiple occurances 53 | 54 | Some fields must be unique across the GSD database, e.g. the GSD identifier for a specific GSD must be unique. But for example relationship data could contain multiple instances of a GSD identiifier across multiple different GSD identifiers 55 | 56 | Some fields are expected to have non unique values, e.g. timestamps, lists of affected products, etc. 57 | 58 | ## Human-readable vs machine-readable 59 | 60 | All fields should be assumed to be primarily machine readable (and ideally machine generated) except where specifically noted such as the description, or notes fields. 61 | 62 | ## Generated vs manually created 63 | 64 | Ideally fields should be generated with tools rather than being manually entered where possible, e.g. timestamps, or extracting data from a vendor advisory. 65 | 66 | Many fields SHOULD (MUST?) support manual overrides, e.g. affected product lists, very few fields should not allow a manual override (GSD Identifier even? Timestamps?) 67 | 68 | # Namespacing 69 | 70 | All data must exist within a namespace, the two primary ones are "GSD" and "OSV", additional namespaces would typically be represented by a domain name, an email address, a URL, or a GitHub username/id combination (since names can change). Namespaces are available for entities, and entity can be an individual, a group, a company, an organization, an automated tool/AI/ML, etc. 71 | 72 | # Other security data format examples: 73 | 74 | * CSAF2 https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.html 75 | * CVE https://github.com/CVEProject/cve-schema/tree/master/schema 76 | * CVRF https://www.icasi.org/cvrf/ 77 | * OSV https://ossf.github.io/osv-schema/ 78 | * OVAL https://oval.mitre.org/ 79 | 80 | # Other security data format examples for specific subtypes of data: 81 | 82 | * CPE https://nvd.nist.gov/products/cpe (Product ID) 83 | * CVSS https://www.first.org/cvss/ (Vulnerability Impact) 84 | * CWE https://cwe.mitre.org/community/submissions/guidelines.html (Vulnerability Type) 85 | * EPSS https://www.first.org/epss/ (Exploitation Prediction) 86 | * purl https://github.com/package-url/purl-spec (Product ID) 87 | * NIST Vulnerability Ontology https://github.com/usnistgov/vulntology 88 | * VEX https://github.com/CycloneDX/bom-examples/tree/master/VEX https://cyclonedx.org/capabilities/vex/ 89 | 90 | # Top Level Tagging 91 | 92 | I think some top level tagging such as "vulnerability" would be useful to allow people to more easily sort/view data, some clusters: 93 | 94 | * exposure 95 | * vulnerability 96 | * weakness 97 | 98 | * availability 99 | * confidentiality 100 | * integrity 101 | 102 | * backdoor 103 | * deceptive software 104 | * malware 105 | 106 | * closed source 107 | * cloud 108 | * on premises 109 | * open source 110 | * service 111 | 112 | * could have been worse 113 | 114 | * exploit 115 | * exploitation 116 | * exploit code 117 | * exposure 118 | * incident 119 | * ioc 120 | 121 | * rugpull 122 | * scam 123 | * spam 124 | 125 | * state actor 126 | 127 | * configuration 128 | * hardening 129 | * enhancement 130 | * patch 131 | * removal of unsafe feature 132 | * workaround 133 | 134 | * project 135 | * publisher 136 | * researcher 137 | * vendor 138 | 139 | 140 | 141 | -------------------------------------------------------------------------------- /postmortems/Use of the exact same text.md: -------------------------------------------------------------------------------- 1 | # Use of the exact same text 2 | 3 | Please note this is just 2021 data, I haven't bothered to look at older data. 4 | 5 | Many CVEs are now using the exact same text, here is a sample of those using the same text 10 times or more in 2021. For 2021 there are 371 CVE text descriptions used more than once for 1429 CVE entries (as of 2021-11-15). 6 | 7 | ``` 8 | wget https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2021.json.gz 9 | gzip -d nvdcve-1.1-2021.json.gz 10 | grep -A 2 "\"description_data\"" nvdcve-1.1-2021.json | grep "\"value\"" | sort | uniq -d | wc -l 11 | grep -A 2 "\"description_data\"" nvdcve-1.1-2021.json | grep "\"value\"" | sort | uniq -cd | cut -d"\"" -f1 | sed 's/ //g' | awk '{s+=$1} END {print s}' 12 | ``` 13 | 14 | ## Specific examples of same text 15 | 16 | |# of occurances | CVE description text | 17 | | ------------- | ------------- | 18 | |11|"Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."| 19 | |13|"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."| 20 | |13|"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."| 21 | |15|"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."| 22 | |20|"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."| 23 | |30|"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device."| 24 | |61|"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities."| 25 | 26 | To search for these just cut and paste the entire text into the NIST NVD search page https://nvd.nist.gov/vuln/search and click "Exact Match" to get the results: 27 | 28 | https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=Multiple+vulnerabilities+in+the+web-based+management+interface+of+Cisco+Small+Business+RV110W%2C+RV130%2C+RV130W%2C+and+RV215W+Routers+could+allow+an+authenticated%2C+remote+attacker+to+execute+arbitrary+code+or+cause+an+affected+device+to+restart+unexpectedly.+The+vulnerabilities+are+due+to+improper+validation+of+user-supplied+input+in+the+web-based+management+interface.+An+attacker+could+exploit+these+vulnerabilities+by+sending+crafted+HTTP+requests+to+an+affected+device.+A+successful+exploit+could+allow+the+atta&queryType=phrase&search_type=all&isCpeNameSearch=false 29 | 30 | # Recommendations: 31 | 32 | 1. CVE text descriptions are no longer important, under CNA 3.0 rules they don't even need to have a Vendor/Product/Version. Ironically you must use CVE ID's to differentiate CVE ID's from each other using the description text since there is no relational data included in the CVE data. 33 | 2. The CNA rule changes from 2 to 3 now mean that for many CVE ID's you must go to the JSON data or the original source material in order to determine what is going on (affected versions, vulnerability, etc.) 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Creative Commons Legal Code 2 | 3 | CC0 1.0 Universal 4 | 5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE 6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN 7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS 8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES 9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS 10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM 11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED 12 | HEREUNDER. 13 | 14 | Statement of Purpose 15 | 16 | The laws of most jurisdictions throughout the world automatically confer 17 | exclusive Copyright and Related Rights (defined below) upon the creator 18 | and subsequent owner(s) (each and all, an "owner") of an original work of 19 | authorship and/or a database (each, a "Work"). 20 | 21 | Certain owners wish to permanently relinquish those rights to a Work for 22 | the purpose of contributing to a commons of creative, cultural and 23 | scientific works ("Commons") that the public can reliably and without fear 24 | of later claims of infringement build upon, modify, incorporate in other 25 | works, reuse and redistribute as freely as possible in any form whatsoever 26 | and for any purposes, including without limitation commercial purposes. 27 | These owners may contribute to the Commons to promote the ideal of a free 28 | culture and the further production of creative, cultural and scientific 29 | works, or to gain reputation or greater distribution for their Work in 30 | part through the use and efforts of others. 31 | 32 | For these and/or other purposes and motivations, and without any 33 | expectation of additional consideration or compensation, the person 34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she 35 | is an owner of Copyright and Related Rights in the Work, voluntarily 36 | elects to apply CC0 to the Work and publicly distribute the Work under its 37 | terms, with knowledge of his or her Copyright and Related Rights in the 38 | Work and the meaning and intended legal effect of CC0 on those rights. 39 | 40 | 1. Copyright and Related Rights. A Work made available under CC0 may be 41 | protected by copyright and related or neighboring rights ("Copyright and 42 | Related Rights"). Copyright and Related Rights include, but are not 43 | limited to, the following: 44 | 45 | i. the right to reproduce, adapt, distribute, perform, display, 46 | communicate, and translate a Work; 47 | ii. moral rights retained by the original author(s) and/or performer(s); 48 | iii. publicity and privacy rights pertaining to a person's image or 49 | likeness depicted in a Work; 50 | iv. rights protecting against unfair competition in regards to a Work, 51 | subject to the limitations in paragraph 4(a), below; 52 | v. rights protecting the extraction, dissemination, use and reuse of data 53 | in a Work; 54 | vi. database rights (such as those arising under Directive 96/9/EC of the 55 | European Parliament and of the Council of 11 March 1996 on the legal 56 | protection of databases, and under any national implementation 57 | thereof, including any amended or successor version of such 58 | directive); and 59 | vii. other similar, equivalent or corresponding rights throughout the 60 | world based on applicable law or treaty, and any national 61 | implementations thereof. 62 | 63 | 2. Waiver. To the greatest extent permitted by, but not in contravention 64 | of, applicable law, Affirmer hereby overtly, fully, permanently, 65 | irrevocably and unconditionally waives, abandons, and surrenders all of 66 | Affirmer's Copyright and Related Rights and associated claims and causes 67 | of action, whether now known or unknown (including existing as well as 68 | future claims and causes of action), in the Work (i) in all territories 69 | worldwide, (ii) for the maximum duration provided by applicable law or 70 | treaty (including future time extensions), (iii) in any current or future 71 | medium and for any number of copies, and (iv) for any purpose whatsoever, 72 | including without limitation commercial, advertising or promotional 73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each 74 | member of the public at large and to the detriment of Affirmer's heirs and 75 | successors, fully intending that such Waiver shall not be subject to 76 | revocation, rescission, cancellation, termination, or any other legal or 77 | equitable action to disrupt the quiet enjoyment of the Work by the public 78 | as contemplated by Affirmer's express Statement of Purpose. 79 | 80 | 3. Public License Fallback. Should any part of the Waiver for any reason 81 | be judged legally invalid or ineffective under applicable law, then the 82 | Waiver shall be preserved to the maximum extent permitted taking into 83 | account Affirmer's express Statement of Purpose. In addition, to the 84 | extent the Waiver is so judged Affirmer hereby grants to each affected 85 | person a royalty-free, non transferable, non sublicensable, non exclusive, 86 | irrevocable and unconditional license to exercise Affirmer's Copyright and 87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the 88 | maximum duration provided by applicable law or treaty (including future 89 | time extensions), (iii) in any current or future medium and for any number 90 | of copies, and (iv) for any purpose whatsoever, including without 91 | limitation commercial, advertising or promotional purposes (the 92 | "License"). The License shall be deemed effective as of the date CC0 was 93 | applied by Affirmer to the Work. Should any part of the License for any 94 | reason be judged legally invalid or ineffective under applicable law, such 95 | partial invalidity or ineffectiveness shall not invalidate the remainder 96 | of the License, and in such case Affirmer hereby affirms that he or she 97 | will not (i) exercise any of his or her remaining Copyright and Related 98 | Rights in the Work or (ii) assert any associated claims and causes of 99 | action with respect to the Work, in either case contrary to Affirmer's 100 | express Statement of Purpose. 101 | 102 | 4. Limitations and Disclaimers. 103 | 104 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 105 | surrendered, licensed or otherwise affected by this document. 106 | b. Affirmer offers the Work as-is and makes no representations or 107 | warranties of any kind concerning the Work, express, implied, 108 | statutory or otherwise, including without limitation warranties of 109 | title, merchantability, fitness for a particular purpose, non 110 | infringement, or the absence of latent or other defects, accuracy, or 111 | the present or absence of errors, whether or not discoverable, all to 112 | the greatest extent permissible under applicable law. 113 | c. Affirmer disclaims responsibility for clearing rights of other persons 114 | that may apply to the Work or any use thereof, including without 115 | limitation any person's Copyright and Related Rights in the Work. 116 | Further, Affirmer disclaims responsibility for obtaining any necessary 117 | consents, permissions or other rights required for any use of the 118 | Work. 119 | d. Affirmer understands and acknowledges that Creative Commons is not a 120 | party to this document and has no duty or obligation with respect to 121 | this CC0 or use of the Work. 122 | -------------------------------------------------------------------------------- /comments-on-docs/Comments-on-NIST-SP-800-216.md: -------------------------------------------------------------------------------- 1 | # Comments on NIST SP 800-216 2 | 3 | https://csrc.nist.gov/publications/detail/sp/800-216/draft 4 | 5 | https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-216-draft.pdf 6 | 7 | Public comment period: June 7, 2021 through August 9, 2021 8 | 9 | Email: sp800-216-comments@nist.gov 10 | 11 | Please put the section name and line numbers when quoting text. 12 | 13 | # General comments 14 | 15 | The language in this draft is not clear, e.g. is SHOULD/MUST being used in accordance with RFC2119? 16 | 17 | The draft appears to focus exclusively on traditional software products run by end users and appears to ignore cloud services and other newer technologies and delivery methods. 18 | 19 | # Specific comments below 20 | 21 | Section: 234 1. U.S. Government Vulnerability Disclosure 22 | 23 | ``` 24 | 235 Thousands of security vulnerabilities in computer software and systems are discovered and 25 | 236 publicly disclosed every year. Likely, even more are discovered by developers and quietly fixed 26 | ``` 27 | Thousands is on the low end, there are ~16000 CVEs assigned yearly (by CVE Identifier YEAR, for the last 4 years. For example a quick search of GitHub shows hundreds of thousands: https://github.com/search?q=%22security+fix%22 and this ignores the cloud services, and non english speaking world largely. 28 | 29 | ``` 30 | 237 without anyone ever being aware. In 2020 alone, there were over 18,000 publicly listed 31 | ``` 32 | 33 | This number is unclear. By Assigned data and by YEAR in the CVE ID: 34 | 35 | ``` 36 | curl https://cve.mitre.org/data/downloads/allitems.csv | grep -a "^CVE-2020-" | grep -v "\* RESERVED \*" | wc -l 37 | 17802 38 | 39 | curl https://cve.mitre.org/data/downloads/allitems.csv | grep -a "Assigned (2020[0-9][0-9][0-9][0-9]" | grep -v "\* RESERVED \*" | wc -l 40 | 17000 41 | ``` 42 | 43 | The git repo may have different data but walking all the files to extract the time they actually went public with data needs to be done at some point. 44 | 45 | Section: 334 1.1. Usage of Document Terminology 46 | 47 | ``` 48 | 335 In the context of this document, the term “vulnerability” refers to a security vulnerability in a 49 | 336 digital product. It does not refer to other kinds of vulnerabilities that may pertain to, for example, 50 | 337 physical security, economic security, or foreign policy issues. 51 | ``` 52 | 53 | Assuming digital products includes cloud services then physical security is a valid concern. Please note that the word "cloud" only occurs once in the document in a reference to ISO IEC 27017. This creates a significant blindspot as 1) many government agencuies use cloud services and 2) many software and "digital products" make use of cloud services (licensing management, updates, data storage and processing, etc.). 54 | 55 | Section: 396 2.1.1. Create Vulnerability Report Receipt Capability 56 | 57 | ``` 58 | 397 Each FCB participant should develop the ability to receive vulnerability reports from reporters, 59 | 398 maintain a database of received reports, and engage in secure communications (e.g., using a 60 | 399 report tracking system). The expectation for communication should be established, including the 61 | 400 initial acknowledgment, status updates, and agreed method of communication. The actual receipt 62 | 401 of a vulnerability report may take multiple forms (e.g., email, web forms, or a phone hotline) and 63 | 402 should be stated in a public policy 64 | ``` 65 | 66 | Where will these policies be published, and how will people find them? There are no generally accepted standards here, e.g. do they use domain.tld/security/ or domain.tld/.well-known/security.txt (https://securitytxt.org/) or simply rely on al ink in the front page or the "contact us" page? Discovery of how to report an issue is problematic and can result in people giving up and not reporting issues, or extra time being required during an emergency to find out whom to contact and how to contact them. 67 | 68 | ``` 69 | 408 Vulnerability reports should include a description of the product or service affected; how the 70 | 409 potential vulnerability can be identified, demonstrated, or reproduced; and what type of 71 | 410 functional impact the vulnerability allows. Due to the sensitivity of the information, agencies 72 | 411 should provide mechanisms for confidentially receiving additional information within the reports 73 | 412 (e.g., web forms, bug or issue tracking systems, vulnerability reporting services, email, or role 74 | 413 address independent of any individual). To facilitate verification of the vulnerability, agencies 75 | 414 should design the reporting mechanisms that lead to better information in assessing the validity, 76 | 415 severity, scope, and impact of vulnerabilities. This information could include: 77 | ``` 78 | 79 | No mention is made of reporting formats or standards, e.g. CVE JSON format? CSAF? OSV? UVI? 80 | 81 | Section: 429 2.1.2. Determine Scope and Obtain Contacts 82 | 83 | ``` 84 | 430 Prior to the receipt of any vulnerabilities, each FCB participant will determine which government 85 | 431 VDPOs fall within the scope of their services. The FCB entity will then obtain and maintain a list 86 | 432 of VDPO contacts within the relevant government agencies that receive and handle vulnerability 87 | ``` 88 | 89 | This appears to assume a traditional top down pyramid structure, is there any thought giving to lateral reporting or more of a matrix style layout to allow multiple pathways? Top-down reporting strucutres tend to suffer from the fact they are entirely comprised of a chain of single paths of failure. 90 | 91 | Section: 516 2.7.1. Determination of Public Disclosure 92 | 93 | ``` 94 | 521 Public disclosure may be considered if: 95 | 522 • The specific vulnerability is not publicly known (i.e., does not have a CVE number); 96 | ``` 97 | 98 | It is not clear if this advice implies that a CVE identifier should be obtained or not. 99 | 100 | ``` 101 | 531 In many cases, public disclosure might not be necessary or even recommended. For example, 102 | 532 publication is likely unnecessary if the vulnerable system is a service that government staff have 103 | 533 fixed and they can verify that the vulnerability was not exploited. Vulnerabilities that have been 104 | 534 fixed and had no impact on the system userbase should likely not be publicly disclosed in order 105 | 535 to enable the advisory systems to focus on vulnerabilities that require user action for continued 106 | 536 security and privacy. 107 | ``` 108 | 109 | This may create an incentive to cover security vulnerabilities up with a "we fixed it and we're pretty sure nobody exploited it" creating a false sense of security for end users. I would suggest it is better to report incidents, even onces that have been fully handled and pose no significant risk, and 1) label them as such "no action required" and 2) it allows for the creation of actual data and statistics, e.g. a system has 100 security vulnerabilities that were closed out before they became a problem, is this an indication of a security team that is really on the ball, or a team that is covering up real vulnerabilities as "not a problem" and so on? Without any data and reporting there is a strong possibility for institutional rot to set in. 110 | 111 | Section: 627 2.7.3.2. National Vulnerability Database 112 | 113 | ``` 114 | 628 The National Vulnerability Database [NVD] is the U.S. Government repository of standards- 115 | 629 based vulnerability management data. It contains a database of almost all publicly disclosed 116 | 630 vulnerabilities — more specifically, all vulnerabilities included within the Common 117 | 631 Vulnerabilities and Exposures (CVE) dictionary [CVE]. NVD staff analyzes vulnerability 118 | ``` 119 | 120 | The CVE database is missing a huge amount of content: 121 | 122 | 1) CVEs that have been assigned, but the data not pushed back to the database (some of which is over 10 years old): https://github.com/distributedweaknessfiling/distributedweaknessfiling.org/tree/main/reserved-but-public 123 | 2) Many CNAs have security vulnerabilities and advisories with no CVE IDs, e.g. XEN (goto https://xenbits.xen.org/xsa/ and look for "none (yet) assigned") 124 | 3) Non CNA data sources with in scope content 125 | 4) Non CNA sources with "out of scope" but useful data (e.g. services, malware, backdoors, etc.) 126 | 127 | Section: 683 2.9. Technical Approaches and Resources 128 | 129 | ``` 130 | 689 The CVE naming scheme should be used when referencing publicly disclosed vulnerabilities. 131 | 690 The CVE website is focused on providing unique identification for each vulnerability to maintain 132 | 691 the CVE list. It is not intended to act as an advisory service. When referencing a CVE 133 | 692 vulnerability, the NVD link should be used since it provides an analysis of each CVE and any 134 | 693 referenced information. 135 | ``` 136 | 137 | This will require the CVE system to be much more responsive and cover a much wider scope of vulnerabilities. It's also not clear on what will happen if a CNA refuses to create CVE identifiers, I can only assume the CVE dispute process will be invoked. The reality is the US Government uses a LOT of OpenSource software for which there is poor, if any, CVE coverage currently. 138 | 139 | 140 | Section: 794 3.2.2. Monitoring of Vulnerability Reports 141 | 142 | ``` 143 | 795 VDPOs should monitor their reporting mechanisms for new reports and communications related 144 | 796 to existing reports. VDPOs should also monitor public sources for vulnerability reports and 145 | 797 organizational communications channels that are likely to receive vulnerability reports, such as 146 | 798 customer service and support. 147 | ``` 148 | 149 | The CVE database doesn't support this well, witness the 20,000+ missing SUSE URLs: https://github.com/distributedweaknessfiling/securitylist/commit/b690b4b1de7afba26c849e12b4aaadafc95e7e81 and 20,000+ missing Red Hat URLs: https://github.com/distributedweaknessfiling/securitylist/commit/e0a8925c90b1b4e6203fecbc6f61dcefe1b4accc and the hundreds (thousands?) of publicly used CVEs that are not in the database https://github.com/distributedweaknessfiling/securitylist/blob/main/missing-data/cvelist-missing-items-RESERVED-found-in-allitems.csv or the CVEs in wide use for days or weeks (by the press even) prior to being entered into the CVE database. 150 | 151 | Section: 799 3.2.3. Development of the Capability to Receive Vulnerability Disclosure Reports 152 | 153 | ``` 154 | 800 Each VDPO should develop the capability to receive vulnerability reports from their associated 155 | 801 FCB participant. This includes the ability to communicate and enable coordination in 156 | 802 vulnerability reporting resolution, which requires the development of both technical and 157 | 803 personnel/procedural capabilities. If the FCB participant provides technical mechanisms to 158 | 804 streamline this process, the VDPO should use the provided mechanisms. 159 | ``` 160 | 161 | Where will these policies be published, and how will people find them? There are no generally accepted standards here, e.g. do they use domain.tld/security/ or domain.tld/.well-known/security.txt (https://securitytxt.org/) or simply rely on al ink in the front page or the "contact us" page? Discovery of how to report an issue is problematic and can result in people giving up and not reporting issues, or extra time being required during an emergency to find out whom to contact and how to contact them. 162 | 163 | Section: 819 3.2.4. Development of Vulnerability Disclosure Handling Policies 164 | 165 | ``` 166 | 820 Each VDPO should develop and maintain an internal vulnerability handling policy to define and 167 | 821 clarify its intentions for investigating and remediating vulnerabilities as part of a vulnerability 168 | 822 handling process. 169 | ``` 170 | 171 | Is there any prescriptive help here, e.g. beyond ISO standards, any best practices for governments/agencies? It seems like a lot of reinventing the wheel will take place here, not all of it compatible or good. 172 | 173 | Section: 838 3.2.5.1. Receipt of Vulnerability Disclosure Reports 174 | 175 | ``` 176 | 841 to identify the potentially vulnerable systems and software. Every vulnerability report should 177 | 842 have a priority rating, assigned by the FCB participant, that is used to optimize resource 178 | 843 allocations and determine the urgency of handling each report. If a VDPO permits the direct 179 | ``` 180 | 181 | No mention is made of any system to prioritize reports, e.g. is it severity times number of deployed systems times impact? There is no generally accepted guidance here, nor even a good list of the metrics or dimensions, e.g. vulnerability impact, PII exposure, operational requirements, etc. While prioritization is critical to direct resourcing appropriately the complete lack of any framework or guidelines is problematic. 182 | 183 | Section: 773 3.2.1. Development of Vulnerability Disclosure Report Acceptance Policies 184 | 185 | ``` 186 | 786 The internal policy details the rules and procedures for handling, coordinating, and resolving 187 | 787 received vulnerability reports (further described in Section 3.1); the mechanisms used to track 188 | 788 reports; and expectations for communication with reporters and other stakeholders. It should 189 | 789 specify expected response and remediation timelines when handling vulnerability reports as well 190 | ``` 191 | 192 | No mention is made of dealing with externally imposed deadlines, e.g. Google project 0 https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html and the lack of any guidance in the public policy may be problematic. This also dovetails with the publishing of metrics which are useful when reporting, e.g. is the entity responsive or slow? 193 | 194 | Section: 846 3.2.5.2. Identification of Potentially Vulnerable Systems and Software 195 | 196 | ``` 197 | 847 The first step to addressing a received vulnerability report is to identify the potentially vulnerable 198 | 848 software as well as the agency IT systems to which the report belongs. To enable this, each 199 | 849 VDPO should maintain a current list or database of contacts for each system within its purview. 200 | 850 In some cases, A VDPO that has received a vulnerability report may need to coordinate with 201 | 851 multiple system owners (or their security officer) to determine which system or software is 202 | 852 potentially vulnerable. This step does not involve verifying the existence of the vulnerability but 203 | 853 merely identifying to which system the report belongs. 204 | 854 Many products are complex systems that include or are dependent on other products or 205 | 855 components. Therefore, the initial analysis may not result in a clear understanding of which 206 | 856 products are affected by the vulnerability. It may take multiple iterations of discovery and 207 | 857 research before a determination can be made that the vulnerability exists within government858 produced software or commercial/open-source software used by the Government. 208 | ``` 209 | 210 | The lack of any prescriptive guidance or standards here is problematic and should be addressed (as evidenced by the direct mention of this very problem in the 2021-05-12 "Executive Order on Improving the Nation’s Cybersecurity" https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ which mentions SBOM/etc. 211 | 212 | Section: 955 3.3.4. Integration of Contractor Support into the VDPO 213 | 214 | ``` 215 | 956 Policy considerations pertaining to the handling, resolution, and correction of vulnerability 216 | 957 disclosure information should be developed to include in any contracts that support an 217 | 958 information system in order to mitigate or resolve the vulnerability. 218 | ``` 219 | 220 | Guidance around the use of bug bounties especially will be needed here. 221 | -------------------------------------------------------------------------------- /analysis/cve/cve-by-year-assigner.csv: -------------------------------------------------------------------------------- 1 | count,year,assigner 2 | 6765,2002,cve@mitre.org 3 | 4,2002,secalert@redhat.com 4 | 1543,2003,cve@mitre.org 5 | 6,2003,secalert@redhat.com 6 | 1,2003,security@debian.org 7 | 2702,2004,cve@mitre.org 8 | 4,2004,secalert@redhat.com 9 | 1,2004,security@ubuntu.com 10 | 17,2005,cert@cert.org 11 | 4320,2005,cve@mitre.org 12 | 260,2005,secalert@redhat.com 13 | 6,2005,secteam@freebsd.org 14 | 49,2005,secure@microsoft.com 15 | 112,2005,security@debian.org 16 | 50,2006,PSIRT-CNA@flexerasoftware.com 17 | 21,2006,cert@cert.org 18 | 6604,2006,cve@mitre.org 19 | 268,2006,secalert@redhat.com 20 | 13,2006,secteam@freebsd.org 21 | 129,2006,secure@microsoft.com 22 | 54,2006,security@debian.org 23 | 1,2006,security@ubuntu.com 24 | 55,2007,PSIRT-CNA@flexerasoftware.com 25 | 67,2007,cert@cert.org 26 | 6081,2007,cve@mitre.org 27 | 5,2007,psirt@cisco.com 28 | 243,2007,secalert@redhat.com 29 | 1,2007,secalert_us@oracle.com 30 | 5,2007,secteam@freebsd.org 31 | 107,2007,secure@microsoft.com 32 | 12,2007,security@ubuntu.com 33 | 53,2008,PSIRT-CNA@flexerasoftware.com 34 | 36,2008,cert@cert.org 35 | 6500,2008,cve@mitre.org 36 | 77,2008,psirt@cisco.com 37 | 278,2008,secalert@redhat.com 38 | 72,2008,secalert_us@oracle.com 39 | 4,2008,secteam@freebsd.org 40 | 143,2008,secure@microsoft.com 41 | 1,2008,security@debian.org 42 | 6,2008,security@ubuntu.com 43 | 36,2009,PSIRT-CNA@flexerasoftware.com 44 | 37,2009,cert@cert.org 45 | 4177,2009,cve@mitre.org 46 | 20,2009,hp-security-alert@hp.com 47 | 31,2009,psirt@adobe.com 48 | 81,2009,psirt@cisco.com 49 | 1,2009,psirt@us.ibm.com 50 | 347,2009,secalert@redhat.com 51 | 113,2009,secalert_us@oracle.com 52 | 2,2009,secteam@freebsd.org 53 | 2,2009,secure@dell.com 54 | 169,2009,secure@microsoft.com 55 | 6,2009,security@ubuntu.com 56 | 1,2009,vultures@jpcert.or.jp 57 | 72,2010,PSIRT-CNA@flexerasoftware.com 58 | 27,2010,cert@cert.org 59 | 3098,2010,cve@mitre.org 60 | 112,2010,hp-security-alert@hp.com 61 | 1,2010,ics-cert@hq.dhs.gov 62 | 273,2010,product-security@apple.com 63 | 180,2010,psirt@adobe.com 64 | 118,2010,psirt@cisco.com 65 | 649,2010,secalert@redhat.com 66 | 324,2010,secalert_us@oracle.com 67 | 2,2010,secteam@freebsd.org 68 | 9,2010,secure@dell.com 69 | 267,2010,secure@microsoft.com 70 | 1,2010,security@apache.org 71 | 1,2010,security@suse.com 72 | 24,2010,security@ubuntu.com 73 | 32,2010,vultures@jpcert.or.jp 74 | 38,2011,PSIRT-CNA@flexerasoftware.com 75 | 106,2011,cert@cert.org 76 | 4,2011,chrome-cve-admin@google.com 77 | 2262,2011,cve@mitre.org 78 | 132,2011,hp-security-alert@hp.com 79 | 226,2011,product-security@apple.com 80 | 175,2011,psirt@adobe.com 81 | 160,2011,psirt@cisco.com 82 | 6,2011,psirt@us.ibm.com 83 | 888,2011,secalert@redhat.com 84 | 248,2011,secalert_us@oracle.com 85 | 3,2011,secteam@freebsd.org 86 | 24,2011,secure@dell.com 87 | 218,2011,secure@microsoft.com 88 | 1,2011,security@debian.org 89 | 234,2011,security@google.com 90 | 8,2011,security@suse.com 91 | 25,2011,security@ubuntu.com 92 | 69,2011,vultures@jpcert.or.jp 93 | 25,2012,PSIRT-CNA@flexerasoftware.com 94 | 210,2012,cert@cert.org 95 | 2354,2012,cve@mitre.org 96 | 109,2012,hp-security-alert@hp.com 97 | 84,2012,ics-cert@hq.dhs.gov 98 | 265,2012,product-security@apple.com 99 | 133,2012,psirt@adobe.com 100 | 223,2012,psirt@cisco.com 101 | 226,2012,psirt@us.ibm.com 102 | 1276,2012,secalert@redhat.com 103 | 415,2012,secalert_us@oracle.com 104 | 42,2012,secure@dell.com 105 | 147,2012,secure@microsoft.com 106 | 1,2012,secure@symantec.com 107 | 2,2012,security@apache.org 108 | 32,2012,security@debian.org 109 | 170,2012,security@google.com 110 | 3,2012,security@suse.com 111 | 20,2012,security@ubuntu.com 112 | 98,2012,vultures@jpcert.or.jp 113 | 111,2013,PSIRT-CNA@flexerasoftware.com 114 | 134,2013,cert@cert.org 115 | 2302,2013,cve@mitre.org 116 | 129,2013,hp-security-alert@hp.com 117 | 94,2013,ics-cert@hq.dhs.gov 118 | 3,2013,larry0@me.com 119 | 174,2013,product-security@apple.com 120 | 143,2013,psirt@adobe.com 121 | 375,2013,psirt@cisco.com 122 | 433,2013,psirt@us.ibm.com 123 | 1258,2013,secalert@redhat.com 124 | 547,2013,secalert_us@oracle.com 125 | 45,2013,secure@dell.com 126 | 3,2013,secure@intel.com 127 | 321,2013,secure@microsoft.com 128 | 30,2013,secure@symantec.com 129 | 1,2013,security@android.com 130 | 1,2013,security@apache.org 131 | 31,2013,security@debian.org 132 | 199,2013,security@google.com 133 | 162,2013,security@mozilla.org 134 | 1,2013,security@suse.com 135 | 26,2013,security@ubuntu.com 136 | 119,2013,vultures@jpcert.or.jp 137 | 1505,2014,cert@cert.org 138 | 1,2014,chrome-cve-admin@google.com 139 | 5,2014,cve-assignments@hackerone.com 140 | 3615,2014,cve@mitre.org 141 | 73,2014,hp-security-alert@hp.com 142 | 132,2014,ics-cert@hq.dhs.gov 143 | 298,2014,product-security@apple.com 144 | 132,2014,psirt@adobe.com 145 | 364,2014,psirt@cisco.com 146 | 18,2014,psirt@huawei.com 147 | 450,2014,psirt@us.ibm.com 148 | 667,2014,secalert@redhat.com 149 | 446,2014,secalert_us@oracle.com 150 | 69,2014,secure@dell.com 151 | 2,2014,secure@intel.com 152 | 347,2014,secure@microsoft.com 153 | 31,2014,secure@symantec.com 154 | 54,2014,security.cna@qualcomm.com 155 | 106,2014,security@android.com 156 | 1,2014,security@apache.org 157 | 91,2014,security@debian.org 158 | 146,2014,security@google.com 159 | 126,2014,security@mozilla.org 160 | 8,2014,security@suse.com 161 | 21,2014,security@ubuntu.com 162 | 138,2014,vultures@jpcert.or.jp 163 | 234,2015,cert@cert.org 164 | 1,2015,chrome-cve-admin@google.com 165 | 5,2015,contact@wpscan.com 166 | 12,2015,cve-assignments@hackerone.com 167 | 3421,2015,cve@mitre.org 168 | 68,2015,hp-security-alert@hp.com 169 | 147,2015,ics-cert@hq.dhs.gov 170 | 2,2015,larry0@me.com 171 | 579,2015,product-security@apple.com 172 | 488,2015,psirt@adobe.com 173 | 495,2015,psirt@cisco.com 174 | 5,2015,psirt@huawei.com 175 | 404,2015,psirt@us.ibm.com 176 | 637,2015,secalert@redhat.com 177 | 439,2015,secalert_us@oracle.com 178 | 79,2015,secure@dell.com 179 | 8,2015,secure@intel.com 180 | 527,2015,secure@microsoft.com 181 | 38,2015,secure@symantec.com 182 | 168,2015,security.cna@qualcomm.com 183 | 144,2015,security@android.com 184 | 1,2015,security@apache.org 185 | 81,2015,security@debian.org 186 | 1,2015,security@elastic.co 187 | 150,2015,security@google.com 188 | 179,2015,security@mozilla.org 189 | 31,2015,security@suse.com 190 | 4,2015,security@synology.com 191 | 33,2015,security@ubuntu.com 192 | 1,2015,security@vmware.com 193 | 1,2015,vuln@ca.com 194 | 178,2015,vultures@jpcert.or.jp 195 | 1,2016,PSIRT-CNA@flexerasoftware.com 196 | 8,2016,browser-security@yandex-team.ru 197 | 256,2016,cert@cert.org 198 | 1,2016,chrome-cve-admin@google.com 199 | 210,2016,cve-assignments@hackerone.com 200 | 3,2016,cve@checkpoint.com 201 | 3947,2016,cve@mitre.org 202 | 3,2016,cve@rapid7.com 203 | 19,2016,f5sirt@f5.com 204 | 4,2016,hp-security-alert@hp.com 205 | 206,2016,ics-cert@hq.dhs.gov 206 | 3,2016,larry0@me.com 207 | 2,2016,openssl-security@openssl.org 208 | 426,2016,product-security@apple.com 209 | 7,2016,productcert@siemens.com 210 | 537,2016,psirt@adobe.com 211 | 340,2016,psirt@cisco.com 212 | 7,2016,psirt@fortinet.com 213 | 49,2016,psirt@huawei.com 214 | 16,2016,psirt@lenovo.com 215 | 40,2016,psirt@nvidia.com 216 | 640,2016,psirt@us.ibm.com 217 | 640,2016,secalert@redhat.com 218 | 704,2016,secalert_us@oracle.com 219 | 5,2016,secure@blackberry.com 220 | 102,2016,secure@dell.com 221 | 30,2016,secure@intel.com 222 | 459,2016,secure@microsoft.com 223 | 51,2016,secure@symantec.com 224 | 43,2016,security-alert@hpe.com 225 | 1,2016,security-alert@netapp.com 226 | 1,2016,security-officer@isc.org 227 | 132,2016,security.cna@qualcomm.com 228 | 590,2016,security@android.com 229 | 47,2016,security@apache.org 230 | 125,2016,security@debian.org 231 | 5,2016,security@elastic.co 232 | 210,2016,security@google.com 233 | 177,2016,security@mozilla.org 234 | 3,2016,security@puppet.com 235 | 78,2016,security@suse.com 236 | 3,2016,security@synology.com 237 | 15,2016,security@ubuntu.com 238 | 8,2016,security@vmware.com 239 | 8,2016,sirt@brocade.com 240 | 13,2016,sirt@juniper.net 241 | 65,2016,talos-cna@cisco.com 242 | 231,2016,vultures@jpcert.or.jp 243 | 14,2017,PSIRT-CNA@flexerasoftware.com 244 | 3,2017,browser-security@yandex-team.ru 245 | 75,2017,cert@cert.org 246 | 2,2017,chrome-cve-admin@google.com 247 | 12,2017,cna@sap.com 248 | 1,2017,contact@wpscan.com 249 | 6,2017,cve-assign@distributedweaknessfiling.org 250 | 271,2017,cve-assignments@hackerone.com 251 | 1,2017,cve-coordination@incibe.es 252 | 2,2017,cve-request@iojs.org 253 | 7,2017,cve@checkpoint.com 254 | 8351,2017,cve@mitre.org 255 | 32,2017,cve@rapid7.com 256 | 4,2017,cybersecurity@dahuatech.com 257 | 25,2017,cybersecurity@schneider-electric.com 258 | 45,2017,f5sirt@f5.com 259 | 12,2017,hp-security-alert@hp.com 260 | 257,2017,ics-cert@hq.dhs.gov 261 | 34,2017,larry0@me.com 262 | 8,2017,openssl-security@openssl.org 263 | 503,2017,product-security@apple.com 264 | 36,2017,productcert@siemens.com 265 | 358,2017,psirt@adobe.com 266 | 455,2017,psirt@cisco.com 267 | 42,2017,psirt@fortinet.com 268 | 2,2017,psirt@hcl.com 269 | 330,2017,psirt@huawei.com 270 | 32,2017,psirt@lenovo.com 271 | 15,2017,psirt@mcafee.com 272 | 98,2017,psirt@nvidia.com 273 | 500,2017,psirt@us.ibm.com 274 | 8,2017,psirt@zte.com.cn 275 | 293,2017,secalert@redhat.com 276 | 828,2017,secalert_us@oracle.com 277 | 8,2017,secteam@freebsd.org 278 | 11,2017,secure@blackberry.com 279 | 111,2017,secure@dell.com 280 | 63,2017,secure@intel.com 281 | 694,2017,secure@microsoft.com 282 | 30,2017,secure@symantec.com 283 | 181,2017,security-alert@hpe.com 284 | 7,2017,security-alert@netapp.com 285 | 11,2017,security-officer@isc.org 286 | 391,2017,security.cna@qualcomm.com 287 | 632,2017,security@android.com 288 | 157,2017,security@apache.org 289 | 74,2017,security@atlassian.com 290 | 65,2017,security@debian.org 291 | 17,2017,security@drupal.org 292 | 5,2017,security@duo.com 293 | 10,2017,security@eclipse.org 294 | 24,2017,security@elastic.co 295 | 169,2017,security@google.com 296 | 3,2017,security@kubernetes.io 297 | 191,2017,security@mozilla.org 298 | 11,2017,security@puppet.com 299 | 22,2017,security@qnap.com 300 | 84,2017,security@suse.com 301 | 49,2017,security@synology.com 302 | 10,2017,security@tibco.com 303 | 40,2017,security@trendmicro.com 304 | 5,2017,security@ubuntu.com 305 | 1,2017,security@vaadin.com 306 | 56,2017,security@vmware.com 307 | 6,2017,sirt@brocade.com 308 | 73,2017,sirt@juniper.net 309 | 260,2017,talos-cna@cisco.com 310 | 2,2017,vuln@ca.com 311 | 3,2017,vulnerabilities@zephyrproject.org 312 | 9,2017,vulnerability@kaspersky.com 313 | 7,2017,vulnreport@tenable.com 314 | 266,2017,vultures@jpcert.or.jp 315 | 108,2017,zdi-disclosures@trendmicro.com 316 | 25,2018,PSIRT-CNA@flexerasoftware.com 317 | 2,2018,PSIRT@sonicwall.com 318 | 5,2018,browser-security@yandex-team.ru 319 | 31,2018,cert@cert.org 320 | 3,2018,chrome-cve-admin@google.com 321 | 5,2018,cna@mongodb.com 322 | 131,2018,cna@sap.com 323 | 1,2018,contact@wpscan.com 324 | 19,2018,cve-assign@fb.com 325 | 114,2018,cve-assignments@hackerone.com 326 | 14,2018,cve-request@iojs.org 327 | 1,2018,cve@cert.org.tw 328 | 25,2018,cve@checkpoint.com 329 | 9043,2018,cve@mitre.org 330 | 2,2018,cve@navercorp.com 331 | 6,2018,cve@rapid7.com 332 | 115,2018,cybersecurity@schneider-electric.com 333 | 76,2018,f5sirt@f5.com 334 | 6,2018,hp-security-alert@hp.com 335 | 2,2018,hsrc@hikvision.com 336 | 305,2018,ics-cert@hq.dhs.gov 337 | 15,2018,larry0@me.com 338 | 6,2018,openssl-security@openssl.org 339 | 368,2018,product-security@apple.com 340 | 74,2018,productcert@siemens.com 341 | 479,2018,psirt@adobe.com 342 | 480,2018,psirt@cisco.com 343 | 2,2018,psirt@forcepoint.com 344 | 30,2018,psirt@fortinet.com 345 | 54,2018,psirt@huawei.com 346 | 35,2018,psirt@lenovo.com 347 | 33,2018,psirt@mcafee.com 348 | 27,2018,psirt@nvidia.com 349 | 5,2018,psirt@paloaltonetworks.com 350 | 509,2018,psirt@us.ibm.com 351 | 12,2018,psirt@zte.com.cn 352 | 10,2018,report@snyk.io 353 | 297,2018,secalert@redhat.com 354 | 719,2018,secalert_us@oracle.com 355 | 18,2018,secteam@freebsd.org 356 | 5,2018,secure@blackberry.com 357 | 166,2018,secure@dell.com 358 | 143,2018,secure@intel.com 359 | 700,2018,secure@microsoft.com 360 | 30,2018,secure@symantec.com 361 | 60,2018,security-alert@hpe.com 362 | 15,2018,security-alert@netapp.com 363 | 14,2018,security-officer@isc.org 364 | 355,2018,security.cna@qualcomm.com 365 | 1,2018,security@360.cn 366 | 134,2018,security@android.com 367 | 165,2018,security@apache.org 368 | 43,2018,security@atlassian.com 369 | 22,2018,security@debian.org 370 | 3,2018,security@drupal.org 371 | 1,2018,security@duo.com 372 | 16,2018,security@eclipse.org 373 | 20,2018,security@elastic.co 374 | 225,2018,security@google.com 375 | 6,2018,security@kubernetes.io 376 | 165,2018,security@mozilla.org 377 | 9,2018,security@odoo.com 378 | 16,2018,security@puppet.com 379 | 40,2018,security@qnap.com 380 | 93,2018,security@suse.com 381 | 40,2018,security@synology.com 382 | 28,2018,security@tibco.com 383 | 63,2018,security@trendmicro.com 384 | 11,2018,security@ubuntu.com 385 | 1,2018,security@vaadin.com 386 | 27,2018,security@vmware.com 387 | 8,2018,securityalerts@avaya.com 388 | 17,2018,sirt@brocade.com 389 | 60,2018,sirt@juniper.net 390 | 238,2018,talos-cna@cisco.com 391 | 28,2018,vuln@ca.com 392 | 10,2018,vuln@krcert.or.kr 393 | 1,2018,vulnerability@cspcert.ph 394 | 53,2018,vulnerability@kaspersky.com 395 | 50,2018,vulnreport@tenable.com 396 | 246,2018,vultures@jpcert.or.jp 397 | 283,2018,zdi-disclosures@trendmicro.com 398 | 3,2019,PSIRT-CNA@flexerasoftware.com 399 | 15,2019,PSIRT@sonicwall.com 400 | 2,2019,browser-security@yandex-team.ru 401 | 6,2019,cert@airbus.com 402 | 39,2019,cert@cert.org 403 | 43,2019,chrome-cve-admin@google.com 404 | 10,2019,cna@mongodb.com 405 | 121,2019,cna@sap.com 406 | 156,2019,cve-assign@distributedweaknessfiling.org 407 | 40,2019,cve-assign@fb.com 408 | 124,2019,cve-assignments@hackerone.com 409 | 2,2019,cve-request@iojs.org 410 | 9,2019,cve-requests@bitdefender.com 411 | 27,2019,cve@cert.org.tw 412 | 12,2019,cve@checkpoint.com 413 | 7743,2019,cve@mitre.org 414 | 2,2019,cve@navercorp.com 415 | 30,2019,cve@rapid7.com 416 | 26,2019,cybersecurity@ch.abb.com 417 | 7,2019,cybersecurity@dahuatech.com 418 | 51,2019,cybersecurity@schneider-electric.com 419 | 102,2019,f5sirt@f5.com 420 | 31,2019,hp-security-alert@hp.com 421 | 187,2019,ics-cert@hq.dhs.gov 422 | 339,2019,jenkinsci-cert@googlegroups.com 423 | 6,2019,larry0@me.com 424 | 7,2019,openssl-security@openssl.org 425 | 388,2019,product-security@apple.com 426 | 157,2019,productcert@siemens.com 427 | 5,2019,productsecurity@jci.com 428 | 616,2019,psirt@adobe.com 429 | 9,2019,psirt@autodesk.com 430 | 9,2019,psirt@bosch.com 431 | 597,2019,psirt@cisco.com 432 | 8,2019,psirt@forcepoint.com 433 | 42,2019,psirt@fortinet.com 434 | 11,2019,psirt@hcl.com 435 | 104,2019,psirt@huawei.com 436 | 43,2019,psirt@lenovo.com 437 | 58,2019,psirt@mcafee.com 438 | 38,2019,psirt@nvidia.com 439 | 35,2019,psirt@paloaltonetworks.com 440 | 452,2019,psirt@us.ibm.com 441 | 23,2019,psirt@zte.com.cn 442 | 65,2019,report@snyk.io 443 | 310,2019,secalert@redhat.com 444 | 597,2019,secalert_us@oracle.com 445 | 27,2019,secteam@freebsd.org 446 | 3,2019,secure@blackberry.com 447 | 104,2019,secure@dell.com 448 | 209,2019,secure@intel.com 449 | 854,2019,secure@microsoft.com 450 | 34,2019,secure@symantec.com 451 | 29,2019,security-advisories@github.com 452 | 143,2019,security-alert@hpe.com 453 | 24,2019,security-alert@netapp.com 454 | 12,2019,security-officer@isc.org 455 | 1,2019,security-report@netflix.com 456 | 357,2019,security.cna@qualcomm.com 457 | 2,2019,security@360.cn 458 | 475,2019,security@android.com 459 | 120,2019,security@apache.org 460 | 84,2019,security@atlassian.com 461 | 9,2019,security@debian.org 462 | 9,2019,security@documentfoundation.org 463 | 5,2019,security@drupal.org 464 | 30,2019,security@eclipse.org 465 | 14,2019,security@elastic.co 466 | 186,2019,security@google.com 467 | 13,2019,security@kubernetes.io 468 | 47,2019,security@microfocus.com 469 | 130,2019,security@mozilla.org 470 | 7,2019,security@odoo.com 471 | 1,2019,security@opera.com 472 | 17,2019,security@php.net 473 | 26,2019,security@pivotal.io 474 | 2,2019,security@puppet.com 475 | 11,2019,security@qnap.com 476 | 2,2019,security@salesforce.com 477 | 9,2019,security@search-guard.com 478 | 30,2019,security@suse.com 479 | 9,2019,security@synology.com 480 | 30,2019,security@tibco.com 481 | 32,2019,security@trendmicro.com 482 | 23,2019,security@ubuntu.com 483 | 2,2019,security@vaadin.com 484 | 33,2019,security@vmware.com 485 | 7,2019,securityalerts@avaya.com 486 | 10,2019,sirt@brocade.com 487 | 73,2019,sirt@juniper.net 488 | 167,2019,talos-cna@cisco.com 489 | 11,2019,vuln@ca.com 490 | 38,2019,vuln@krcert.or.kr 491 | 45,2019,vulnerability@kaspersky.com 492 | 94,2019,vulnreport@tenable.com 493 | 120,2019,vultures@jpcert.or.jp 494 | 84,2019,zdi-disclosures@trendmicro.com 495 | 7,2020,CybersecurityCOE@eaton.com 496 | 4,2020,PSIRT-CNA@flexerasoftware.com 497 | 20,2020,PSIRT@sonicwall.com 498 | 13,2020,VulnerabilityReporting@secomea.com 499 | 2,2020,browser-security@yandex-team.ru 500 | 19,2020,cert@cert.org 501 | 287,2020,chrome-cve-admin@google.com 502 | 2,2020,cna@cloudflare.com 503 | 9,2020,cna@mongodb.com 504 | 218,2020,cna@sap.com 505 | 5,2020,contact@wpscan.com 506 | 37,2020,cve-assign@fb.com 507 | 184,2020,cve-assignments@hackerone.com 508 | 3,2020,cve-coordination@incibe.es 509 | 24,2020,cve-requests@bitdefender.com 510 | 29,2020,cve@aliasrobotics.com 511 | 58,2020,cve@cert.org.tw 512 | 17,2020,cve@checkpoint.com 513 | 117,2020,cve@gitlab.com 514 | 7896,2020,cve@mitre.org 515 | 3,2020,cve@navercorp.com 516 | 29,2020,cve@rapid7.com 517 | 4,2020,cve@zscaler.com 518 | 36,2020,cybersecurity@ch.abb.com 519 | 4,2020,cybersecurity@dahuatech.com 520 | 112,2020,cybersecurity@schneider-electric.com 521 | 4,2020,disclose@cybersecurityworks.com 522 | 9,2020,disclosures@gallagher.com 523 | 118,2020,f5sirt@f5.com 524 | 3,2020,hp-security-alert@hp.com 525 | 301,2020,ics-cert@hq.dhs.gov 526 | 33,2020,info@cert.vde.com 527 | 235,2020,jenkinsci-cert@googlegroups.com 528 | 3,2020,larry0@me.com 529 | 3,2020,openssl-security@openssl.org 530 | 4,2020,product-cna@github.com 531 | 406,2020,product-security@apple.com 532 | 126,2020,productcert@siemens.com 533 | 7,2020,productsecurity@jci.com 534 | 342,2020,psirt@adobe.com 535 | 32,2020,psirt@amd.com 536 | 7,2020,psirt@autodesk.com 537 | 17,2020,psirt@bosch.com 538 | 491,2020,psirt@cisco.com 539 | 1,2020,psirt@forcepoint.com 540 | 38,2020,psirt@fortinet.com 541 | 46,2020,psirt@hcl.com 542 | 198,2020,psirt@huawei.com 543 | 37,2020,psirt@lenovo.com 544 | 87,2020,psirt@mcafee.com 545 | 45,2020,psirt@nvidia.com 546 | 72,2020,psirt@paloaltonetworks.com 547 | 4,2020,psirt@sick.de 548 | 1,2020,psirt@tigera.io 549 | 617,2020,psirt@us.ibm.com 550 | 20,2020,psirt@zte.com.cn 551 | 236,2020,report@snyk.io 552 | 3,2020,responsibledisclosure@mattermost.com 553 | 436,2020,secalert@redhat.com 554 | 810,2020,secalert_us@oracle.com 555 | 28,2020,secteam@freebsd.org 556 | 2,2020,secure@blackberry.com 557 | 97,2020,secure@dell.com 558 | 1,2020,secure@ea.com 559 | 312,2020,secure@intel.com 560 | 1253,2020,secure@microsoft.com 561 | 23,2020,secure@symantec.com 562 | 2,2020,securities@openeuler.org 563 | 523,2020,security-advisories@github.com 564 | 124,2020,security-alert@hpe.com 565 | 19,2020,security-alert@netapp.com 566 | 10,2020,security-officer@isc.org 567 | 6,2020,security-report@netflix.com 568 | 264,2020,security.cna@qualcomm.com 569 | 3,2020,security@360.cn 570 | 527,2020,security@android.com 571 | 152,2020,security@apache.org 572 | 65,2020,security@atlassian.com 573 | 2,2020,security@craftersoftware.com 574 | 3,2020,security@debian.org 575 | 3,2020,security@documentfoundation.org 576 | 8,2020,security@drupal.org 577 | 10,2020,security@eclipse.org 578 | 13,2020,security@elastic.co 579 | 31,2020,security@google.com 580 | 7,2020,security@joomla.org 581 | 17,2020,security@kubernetes.io 582 | 33,2020,security@microfocus.com 583 | 148,2020,security@mozilla.org 584 | 1,2020,security@odoo.com 585 | 6,2020,security@openvpn.net 586 | 2,2020,security@opera.com 587 | 9,2020,security@oppo.com 588 | 15,2020,security@otrs.com 589 | 13,2020,security@php.net 590 | 32,2020,security@pivotal.io 591 | 4,2020,security@puppet.com 592 | 25,2020,security@qnap.com 593 | 3,2020,security@salesforce.com 594 | 21,2020,security@suse.com 595 | 13,2020,security@synology.com 596 | 2,2020,security@tcpdump.org 597 | 10,2020,security@teradici.com 598 | 13,2020,security@tibco.com 599 | 70,2020,security@trendmicro.com 600 | 35,2020,security@ubuntu.com 601 | 3,2020,security@vaadin.com 602 | 3,2020,security@vivo.com 603 | 64,2020,security@vmware.com 604 | 17,2020,security@xiaomi.com 605 | 9,2020,securityalerts@avaya.com 606 | 1,2020,sep@nlnetlabs.nl 607 | 19,2020,sirt@brocade.com 608 | 82,2020,sirt@juniper.net 609 | 8,2020,sirt@silver-peak.com 610 | 232,2020,talos-cna@cisco.com 611 | 14,2020,vuln@ca.com 612 | 71,2020,vuln@krcert.or.kr 613 | 11,2020,vuln@vdoo.com 614 | 28,2020,vulnerabilities@zephyrproject.org 615 | 16,2020,vulnerability@kaspersky.com 616 | 17,2020,vulnerabilitylab@whitesourcesoftware.com 617 | 93,2020,vulnreport@tenable.com 618 | 158,2020,vultures@jpcert.or.jp 619 | 220,2020,zdi-disclosures@trendmicro.com 620 | 6,2021,CybersecurityCOE@eaton.com 621 | 23,2021,Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp 622 | 1,2021,PSIRT-CNA@flexerasoftware.com 623 | 29,2021,PSIRT@sonicwall.com 624 | 2,2021,SecurityResponse@netmotionsoftware.com 625 | 3,2021,VulnerabilityReporting@secomea.com 626 | 1,2021,alibaba-cna@list.alibaba-inc.com 627 | 30,2021,audit@patchstack.com 628 | 1,2021,browser-security@yandex-team.ru 629 | 8,2021,cert@cert.org 630 | 334,2021,chrome-cve-admin@google.com 631 | 7,2021,cna@cloudflare.com 632 | 8,2021,cna@cyber.gov.il 633 | 11,2021,cna@mongodb.com 634 | 198,2021,cna@sap.com 635 | 735,2021,contact@wpscan.com 636 | 16,2021,cve-assign@fb.com 637 | 110,2021,cve-assignments@hackerone.com 638 | 18,2021,cve-coordination@incibe.es 639 | 20,2021,cve-notifications-us@f-secure.com 640 | 11,2021,cve-requests@bitdefender.com 641 | 165,2021,cve@cert.org.tw 642 | 6,2021,cve@checkpoint.com 643 | 180,2021,cve@gitlab.com 644 | 4591,2021,cve@mitre.org 645 | 3,2021,cve@navercorp.com 646 | 20,2021,cve@rapid7.com 647 | 3,2021,cve@usom.gov.tr 648 | 3,2021,cve_disclosure@tech.gov.sg 649 | 4,2021,cybersecurity@ch.abb.com 650 | 2,2021,cybersecurity@dahuatech.com 651 | 3,2021,cybersecurity@hitachi-powergrids.com 652 | 6,2021,cybersecurity@hitachienergy.com 653 | 86,2021,cybersecurity@schneider-electric.com 654 | 2,2021,disclose@cybersecurityworks.com 655 | 7,2021,disclosure@synopsys.com 656 | 13,2021,disclosures@gallagher.com 657 | 5,2021,dl_cve@linecorp.com 658 | 82,2021,f5sirt@f5.com 659 | 8,2021,hp-security-alert@hp.com 660 | 1,2021,hsrc@hikvision.com 661 | 256,2021,ics-cert@hq.dhs.gov 662 | 2,2021,iletisim@usom.gov.tr 663 | 3,2021,info@appcheck-ng.com 664 | 79,2021,info@cert.vde.com 665 | 5,2021,infosec@edk2.groups.io 666 | 103,2021,jenkinsci-cert@googlegroups.com 667 | 198,2021,mobile.security@samsung.com 668 | 8,2021,openssl-security@openssl.org 669 | 2,2021,prodsec@nozominetworks.com 670 | 10,2021,product-cna@github.com 671 | 322,2021,product-security@apple.com 672 | 4,2021,product-security@axis.com 673 | 229,2021,productcert@siemens.com 674 | 11,2021,productsecurity@jci.com 675 | 427,2021,psirt@adobe.com 676 | 23,2021,psirt@amd.com 677 | 7,2021,psirt@arista.com 678 | 25,2021,psirt@autodesk.com 679 | 16,2021,psirt@bosch.com 680 | 585,2021,psirt@cisco.com 681 | 22,2021,psirt@esri.com 682 | 1,2021,psirt@forcepoint.com 683 | 107,2021,psirt@fortinet.com 684 | 2,2021,psirt@hcl.com 685 | 305,2021,psirt@huawei.com 686 | 34,2021,psirt@lenovo.com 687 | 47,2021,psirt@mcafee.com 688 | 107,2021,psirt@nvidia.com 689 | 37,2021,psirt@paloaltonetworks.com 690 | 4,2021,psirt@sick.de 691 | 32,2021,psirt@solarwinds.com 692 | 3,2021,psirt@thalesgroup.com 693 | 401,2021,psirt@us.ibm.com 694 | 30,2021,psirt@zte.com.cn 695 | 14,2021,reefs@jfrog.com 696 | 141,2021,report@snyk.io 697 | 5,2021,responsibledisclosure@mattermost.com 698 | 259,2021,secalert@redhat.com 699 | 585,2021,secalert_us@oracle.com 700 | 6,2021,secteam@freebsd.org 701 | 9,2021,secure@blackberry.com 702 | 136,2021,secure@dell.com 703 | 102,2021,secure@intel.com 704 | 870,2021,secure@microsoft.com 705 | 2,2021,secure@symantec.com 706 | 1,2021,securities@openeuler.org 707 | 1040,2021,security-advisories@github.com 708 | 171,2021,security-alert@hpe.com 709 | 20,2021,security-alert@netapp.com 710 | 8,2021,security-alert@sophos.com 711 | 6,2021,security-officer@isc.org 712 | 2,2021,security-report@netflix.com 713 | 116,2021,security.cna@qualcomm.com 714 | 7,2021,security@acronis.com 715 | 523,2021,security@android.com 716 | 149,2021,security@apache.org 717 | 47,2021,security@atlassian.com 718 | 7,2021,security@craftersoftware.com 719 | 1,2021,security@deepsurface.com 720 | 1,2021,security@devolutions.net 721 | 4,2021,security@documentfoundation.org 722 | 26,2021,security@eclipse.org 723 | 44,2021,security@elastic.co 724 | 1,2021,security@eset.com 725 | 4,2021,security@fidelissecurity.com 726 | 17,2021,security@google.com 727 | 169,2021,security@huntr.dev 728 | 3,2021,security@jfrog.com 729 | 24,2021,security@joomla.org 730 | 6,2021,security@kubernetes.io 731 | 6,2021,security@mautic.org 732 | 30,2021,security@microfocus.com 733 | 133,2021,security@mozilla.org 734 | 8,2021,security@octopus.com 735 | 4,2021,security@openvpn.net 736 | 1,2021,security@opera.com 737 | 2,2021,security@oppo.com 738 | 17,2021,security@otrs.com 739 | 2,2021,security@pega.com 740 | 6,2021,security@php.net 741 | 9,2021,security@puppet.com 742 | 41,2021,security@qnap.com 743 | 1,2021,security@replicated.com 744 | 5,2021,security@salesforce.com 745 | 1,2021,security@snowsoftware.com 746 | 17,2021,security@suse.com 747 | 33,2021,security@synology.com 748 | 10,2021,security@teradici.com 749 | 30,2021,security@tibco.com 750 | 73,2021,security@trendmicro.com 751 | 26,2021,security@ubuntu.com 752 | 14,2021,security@vaadin.com 753 | 86,2021,security@vmware.com 754 | 155,2021,security@wordfence.com 755 | 24,2021,security@xen.org 756 | 20,2021,security@zoom.us 757 | 9,2021,security@zyxel.com.tw 758 | 8,2021,securityalerts@avaya.com 759 | 4,2021,sep@nlnetlabs.nl 760 | 5,2021,sirt@brocade.com 761 | 134,2021,sirt@juniper.net 762 | 177,2021,talos-cna@cisco.com 763 | 1,2021,vuln@ca.com 764 | 11,2021,vuln@krcert.or.kr 765 | 12,2021,vulnerabilities@zephyrproject.org 766 | 3,2021,vulnerability@kaspersky.com 767 | 17,2021,vulnerability@ncsc.ch 768 | 77,2021,vulnerabilitylab@whitesourcesoftware.com 769 | 109,2021,vulnreport@tenable.com 770 | 250,2021,vultures@jpcert.or.jp 771 | 179,2021,zdi-disclosures@trendmicro.com 772 | 1,2022,cve@mitre.org 773 | 2,2022,security@huntr.dev 774 | -------------------------------------------------------------------------------- /postmortems/CVE-2021-no-affected-version-in-data-raw-list.txt: -------------------------------------------------------------------------------- 1 | CVE-2021-1126 2 | CVE-2021-1127 3 | CVE-2021-1128 4 | CVE-2021-1129 5 | CVE-2021-1130 6 | CVE-2021-1131 7 | CVE-2021-1133 8 | CVE-2021-1134 9 | CVE-2021-1135 10 | CVE-2021-1136 11 | CVE-2021-1137 12 | CVE-2021-1138 13 | CVE-2021-1139 14 | CVE-2021-1140 15 | CVE-2021-1141 16 | CVE-2021-1142 17 | CVE-2021-1143 18 | CVE-2021-1144 19 | CVE-2021-1145 20 | CVE-2021-1146 21 | CVE-2021-1147 22 | CVE-2021-1148 23 | CVE-2021-1149 24 | CVE-2021-1150 25 | CVE-2021-1151 26 | CVE-2021-1152 27 | CVE-2021-1153 28 | CVE-2021-1154 29 | CVE-2021-1155 30 | CVE-2021-1156 31 | CVE-2021-1157 32 | CVE-2021-1158 33 | CVE-2021-1159 34 | CVE-2021-1160 35 | CVE-2021-1161 36 | CVE-2021-1162 37 | CVE-2021-1163 38 | CVE-2021-1164 39 | CVE-2021-1165 40 | CVE-2021-1166 41 | CVE-2021-1167 42 | CVE-2021-1168 43 | CVE-2021-1169 44 | CVE-2021-1170 45 | CVE-2021-1171 46 | CVE-2021-1172 47 | CVE-2021-1173 48 | CVE-2021-1174 49 | CVE-2021-1175 50 | CVE-2021-1176 51 | CVE-2021-1177 52 | CVE-2021-1178 53 | CVE-2021-1179 54 | CVE-2021-1180 55 | CVE-2021-1181 56 | CVE-2021-1182 57 | CVE-2021-1183 58 | CVE-2021-1184 59 | CVE-2021-1185 60 | CVE-2021-1186 61 | CVE-2021-1187 62 | CVE-2021-1188 63 | CVE-2021-1189 64 | CVE-2021-1190 65 | CVE-2021-1191 66 | CVE-2021-1192 67 | CVE-2021-1193 68 | CVE-2021-1194 69 | CVE-2021-1195 70 | CVE-2021-1196 71 | CVE-2021-1197 72 | CVE-2021-1198 73 | CVE-2021-1199 74 | CVE-2021-1200 75 | CVE-2021-1201 76 | CVE-2021-1202 77 | CVE-2021-1203 78 | CVE-2021-1204 79 | CVE-2021-1205 80 | CVE-2021-1206 81 | CVE-2021-1207 82 | CVE-2021-1208 83 | CVE-2021-1209 84 | CVE-2021-1210 85 | CVE-2021-1211 86 | CVE-2021-1212 87 | CVE-2021-1213 88 | CVE-2021-1214 89 | CVE-2021-1215 90 | CVE-2021-1216 91 | CVE-2021-1217 92 | CVE-2021-1218 93 | CVE-2021-1219 94 | CVE-2021-1220 95 | CVE-2021-1221 96 | CVE-2021-1222 97 | CVE-2021-1223 98 | CVE-2021-1224 99 | CVE-2021-1225 100 | CVE-2021-1226 101 | CVE-2021-1227 102 | CVE-2021-1228 103 | CVE-2021-1229 104 | CVE-2021-1230 105 | CVE-2021-1231 106 | CVE-2021-1233 107 | CVE-2021-1235 108 | CVE-2021-1236 109 | CVE-2021-1237 110 | CVE-2021-1238 111 | CVE-2021-1239 112 | CVE-2021-1240 113 | CVE-2021-1241 114 | CVE-2021-1242 115 | CVE-2021-1243 116 | CVE-2021-1244 117 | CVE-2021-1245 118 | CVE-2021-1246 119 | CVE-2021-1247 120 | CVE-2021-1248 121 | CVE-2021-1249 122 | CVE-2021-1250 123 | CVE-2021-1251 124 | CVE-2021-1253 125 | CVE-2021-1254 126 | CVE-2021-1255 127 | CVE-2021-1256 128 | CVE-2021-1257 129 | CVE-2021-1258 130 | CVE-2021-1259 131 | CVE-2021-1260 132 | CVE-2021-1261 133 | CVE-2021-1262 134 | CVE-2021-1263 135 | CVE-2021-1264 136 | CVE-2021-1265 137 | CVE-2021-1266 138 | CVE-2021-1267 139 | CVE-2021-1268 140 | CVE-2021-1269 141 | CVE-2021-1270 142 | CVE-2021-1271 143 | CVE-2021-1272 144 | CVE-2021-1273 145 | CVE-2021-1274 146 | CVE-2021-1275 147 | CVE-2021-1276 148 | CVE-2021-1277 149 | CVE-2021-1278 150 | CVE-2021-1279 151 | CVE-2021-1280 152 | CVE-2021-1281 153 | CVE-2021-1282 154 | CVE-2021-1283 155 | CVE-2021-1284 156 | CVE-2021-1286 157 | CVE-2021-1287 158 | CVE-2021-1288 159 | CVE-2021-1289 160 | CVE-2021-1290 161 | CVE-2021-1291 162 | CVE-2021-1292 163 | CVE-2021-1293 164 | CVE-2021-1294 165 | CVE-2021-1295 166 | CVE-2021-1296 167 | CVE-2021-1297 168 | CVE-2021-1298 169 | CVE-2021-1299 170 | CVE-2021-1300 171 | CVE-2021-1301 172 | CVE-2021-1302 173 | CVE-2021-1303 174 | CVE-2021-1304 175 | CVE-2021-1305 176 | CVE-2021-1306 177 | CVE-2021-1307 178 | CVE-2021-1308 179 | CVE-2021-1309 180 | CVE-2021-1310 181 | CVE-2021-1311 182 | CVE-2021-1312 183 | CVE-2021-1313 184 | CVE-2021-1314 185 | CVE-2021-1315 186 | CVE-2021-1316 187 | CVE-2021-1317 188 | CVE-2021-1318 189 | CVE-2021-1319 190 | CVE-2021-1320 191 | CVE-2021-1321 192 | CVE-2021-1322 193 | CVE-2021-1323 194 | CVE-2021-1324 195 | CVE-2021-1325 196 | CVE-2021-1326 197 | CVE-2021-1327 198 | CVE-2021-1328 199 | CVE-2021-1329 200 | CVE-2021-1330 201 | CVE-2021-1331 202 | CVE-2021-1332 203 | CVE-2021-1333 204 | CVE-2021-1334 205 | CVE-2021-1335 206 | CVE-2021-1336 207 | CVE-2021-1337 208 | CVE-2021-1338 209 | CVE-2021-1339 210 | CVE-2021-1340 211 | CVE-2021-1341 212 | CVE-2021-1342 213 | CVE-2021-1343 214 | CVE-2021-1344 215 | CVE-2021-1345 216 | CVE-2021-1346 217 | CVE-2021-1347 218 | CVE-2021-1348 219 | CVE-2021-1349 220 | CVE-2021-1350 221 | CVE-2021-1351 222 | CVE-2021-1352 223 | CVE-2021-1353 224 | CVE-2021-1354 225 | CVE-2021-1355 226 | CVE-2021-1356 227 | CVE-2021-1357 228 | CVE-2021-1358 229 | CVE-2021-1359 230 | CVE-2021-1360 231 | CVE-2021-1361 232 | CVE-2021-1362 233 | CVE-2021-1363 234 | CVE-2021-1364 235 | CVE-2021-1365 236 | CVE-2021-1366 237 | CVE-2021-1367 238 | CVE-2021-1368 239 | CVE-2021-1369 240 | CVE-2021-1370 241 | CVE-2021-1371 242 | CVE-2021-1372 243 | CVE-2021-1373 244 | CVE-2021-1374 245 | CVE-2021-1375 246 | CVE-2021-1376 247 | CVE-2021-1377 248 | CVE-2021-1378 249 | CVE-2021-1380 250 | CVE-2021-1381 251 | CVE-2021-1382 252 | CVE-2021-1383 253 | CVE-2021-1384 254 | CVE-2021-1385 255 | CVE-2021-1386 256 | CVE-2021-1387 257 | CVE-2021-1388 258 | CVE-2021-1389 259 | CVE-2021-1390 260 | CVE-2021-1391 261 | CVE-2021-1392 262 | CVE-2021-1393 263 | CVE-2021-1394 264 | CVE-2021-1395 265 | CVE-2021-1396 266 | CVE-2021-1397 267 | CVE-2021-1398 268 | CVE-2021-1399 269 | CVE-2021-1400 270 | CVE-2021-1401 271 | CVE-2021-1402 272 | CVE-2021-1403 273 | CVE-2021-1406 274 | CVE-2021-1407 275 | CVE-2021-1408 276 | CVE-2021-1409 277 | CVE-2021-1411 278 | CVE-2021-1412 279 | CVE-2021-1413 280 | CVE-2021-1414 281 | CVE-2021-1415 282 | CVE-2021-1416 283 | CVE-2021-1417 284 | CVE-2021-1418 285 | CVE-2021-1419 286 | CVE-2021-1420 287 | CVE-2021-1421 288 | CVE-2021-1422 289 | CVE-2021-1423 290 | CVE-2021-1426 291 | CVE-2021-1427 292 | CVE-2021-1428 293 | CVE-2021-1429 294 | CVE-2021-1430 295 | CVE-2021-1431 296 | CVE-2021-1432 297 | CVE-2021-1433 298 | CVE-2021-1434 299 | CVE-2021-1435 300 | CVE-2021-1436 301 | CVE-2021-1437 302 | CVE-2021-1438 303 | CVE-2021-1439 304 | CVE-2021-1441 305 | CVE-2021-1442 306 | CVE-2021-1443 307 | CVE-2021-1445 308 | CVE-2021-1446 309 | CVE-2021-1447 310 | CVE-2021-1448 311 | CVE-2021-1449 312 | CVE-2021-1450 313 | CVE-2021-1451 314 | CVE-2021-1452 315 | CVE-2021-1453 316 | CVE-2021-1454 317 | CVE-2021-1455 318 | CVE-2021-1456 319 | CVE-2021-1457 320 | CVE-2021-1458 321 | CVE-2021-1459 322 | CVE-2021-1460 323 | CVE-2021-1463 324 | CVE-2021-1467 325 | CVE-2021-1468 326 | CVE-2021-1469 327 | CVE-2021-1471 328 | CVE-2021-1472 329 | CVE-2021-1473 330 | CVE-2021-1474 331 | CVE-2021-1475 332 | CVE-2021-1476 333 | CVE-2021-1477 334 | CVE-2021-1478 335 | CVE-2021-1479 336 | CVE-2021-1480 337 | CVE-2021-1485 338 | CVE-2021-1486 339 | CVE-2021-1487 340 | CVE-2021-1488 341 | CVE-2021-1489 342 | CVE-2021-1490 343 | CVE-2021-1493 344 | CVE-2021-1495 345 | CVE-2021-1496 346 | CVE-2021-1497 347 | CVE-2021-1498 348 | CVE-2021-1499 349 | CVE-2021-1501 350 | CVE-2021-1502 351 | CVE-2021-1503 352 | CVE-2021-1504 353 | CVE-2021-1505 354 | CVE-2021-1506 355 | CVE-2021-1507 356 | CVE-2021-1508 357 | CVE-2021-1509 358 | CVE-2021-1510 359 | CVE-2021-1511 360 | CVE-2021-1512 361 | CVE-2021-1513 362 | CVE-2021-1514 363 | CVE-2021-1515 364 | CVE-2021-1516 365 | CVE-2021-1517 366 | CVE-2021-1518 367 | CVE-2021-1519 368 | CVE-2021-1520 369 | CVE-2021-1521 370 | CVE-2021-1522 371 | CVE-2021-1523 372 | CVE-2021-1524 373 | CVE-2021-1525 374 | CVE-2021-1526 375 | CVE-2021-1527 376 | CVE-2021-1528 377 | CVE-2021-1529 378 | CVE-2021-1530 379 | CVE-2021-1531 380 | CVE-2021-1532 381 | CVE-2021-1534 382 | CVE-2021-1535 383 | CVE-2021-1536 384 | CVE-2021-1537 385 | CVE-2021-1538 386 | CVE-2021-1539 387 | CVE-2021-1540 388 | CVE-2021-1541 389 | CVE-2021-1542 390 | CVE-2021-1543 391 | CVE-2021-1544 392 | CVE-2021-1546 393 | CVE-2021-1547 394 | CVE-2021-1548 395 | CVE-2021-1549 396 | CVE-2021-1550 397 | CVE-2021-1551 398 | CVE-2021-1552 399 | CVE-2021-1553 400 | CVE-2021-1554 401 | CVE-2021-1555 402 | CVE-2021-1557 403 | CVE-2021-1558 404 | CVE-2021-1559 405 | CVE-2021-1560 406 | CVE-2021-1561 407 | CVE-2021-1562 408 | CVE-2021-1563 409 | CVE-2021-1564 410 | CVE-2021-1565 411 | CVE-2021-1566 412 | CVE-2021-1567 413 | CVE-2021-1568 414 | CVE-2021-1569 415 | CVE-2021-1570 416 | CVE-2021-1571 417 | CVE-2021-1572 418 | CVE-2021-1574 419 | CVE-2021-1575 420 | CVE-2021-1576 421 | CVE-2021-1577 422 | CVE-2021-1578 423 | CVE-2021-1579 424 | CVE-2021-1580 425 | CVE-2021-1581 426 | CVE-2021-1582 427 | CVE-2021-1583 428 | CVE-2021-1584 429 | CVE-2021-1585 430 | CVE-2021-1586 431 | CVE-2021-1587 432 | CVE-2021-1588 433 | CVE-2021-1589 434 | CVE-2021-1590 435 | CVE-2021-1591 436 | CVE-2021-1592 437 | CVE-2021-1593 438 | CVE-2021-1594 439 | CVE-2021-1595 440 | CVE-2021-1596 441 | CVE-2021-1597 442 | CVE-2021-1598 443 | CVE-2021-1599 444 | CVE-2021-1600 445 | CVE-2021-1601 446 | CVE-2021-1602 447 | CVE-2021-1603 448 | CVE-2021-1604 449 | CVE-2021-1605 450 | CVE-2021-1606 451 | CVE-2021-1607 452 | CVE-2021-1609 453 | CVE-2021-1610 454 | CVE-2021-1611 455 | CVE-2021-1612 456 | CVE-2021-1614 457 | CVE-2021-1615 458 | CVE-2021-1616 459 | CVE-2021-1617 460 | CVE-2021-1618 461 | CVE-2021-1619 462 | CVE-2021-1620 463 | CVE-2021-1621 464 | CVE-2021-1622 465 | CVE-2021-1623 466 | CVE-2021-1624 467 | CVE-2021-1625 468 | CVE-2021-1639 469 | CVE-2021-1643 470 | CVE-2021-1644 471 | CVE-2021-1663 472 | CVE-2021-1670 473 | CVE-2021-1677 474 | CVE-2021-1691 475 | CVE-2021-1703 476 | CVE-2021-1705 477 | CVE-2021-1724 478 | CVE-2021-1725 479 | CVE-2021-1728 480 | CVE-2021-1730 481 | CVE-2021-1733 482 | CVE-2021-20441 483 | CVE-2021-20442 484 | CVE-2021-21494 485 | CVE-2021-21495 486 | CVE-2021-22144 487 | CVE-2021-22145 488 | CVE-2021-22146 489 | CVE-2021-22152 490 | CVE-2021-22153 491 | CVE-2021-22154 492 | CVE-2021-22155 493 | CVE-2021-22157 494 | CVE-2021-22158 495 | CVE-2021-22159 496 | CVE-2021-22161 497 | CVE-2021-22267 498 | CVE-2021-22492 499 | CVE-2021-22494 500 | CVE-2021-22495 501 | CVE-2021-22543 502 | CVE-2021-23018 503 | CVE-2021-23239 504 | CVE-2021-23240 505 | CVE-2021-23241 506 | CVE-2021-23242 507 | CVE-2021-23270 508 | CVE-2021-23827 509 | CVE-2021-23835 510 | CVE-2021-23836 511 | CVE-2021-23837 512 | CVE-2021-23838 513 | CVE-2021-23899 514 | CVE-2021-23900 515 | CVE-2021-23906 516 | CVE-2021-23907 517 | CVE-2021-23908 518 | CVE-2021-23909 519 | CVE-2021-23910 520 | CVE-2021-23921 521 | CVE-2021-23922 522 | CVE-2021-23923 523 | CVE-2021-23924 524 | CVE-2021-23925 525 | CVE-2021-23927 526 | CVE-2021-23928 527 | CVE-2021-23929 528 | CVE-2021-23930 529 | CVE-2021-23931 530 | CVE-2021-23932 531 | CVE-2021-23933 532 | CVE-2021-23934 533 | CVE-2021-23935 534 | CVE-2021-23936 535 | CVE-2021-24075 536 | CVE-2021-24085 537 | CVE-2021-24087 538 | CVE-2021-24089 539 | CVE-2021-24090 540 | CVE-2021-24100 541 | CVE-2021-24105 542 | CVE-2021-24109 543 | CVE-2021-24110 544 | CVE-2021-24113 545 | CVE-2021-24114 546 | CVE-2021-24115 547 | CVE-2021-24116 548 | CVE-2021-24117 549 | CVE-2021-24119 550 | CVE-2021-25173 551 | CVE-2021-25174 552 | CVE-2021-25175 553 | CVE-2021-25176 554 | CVE-2021-25177 555 | CVE-2021-25178 556 | CVE-2021-25179 557 | CVE-2021-25197 558 | CVE-2021-25200 559 | CVE-2021-25201 560 | CVE-2021-25202 561 | CVE-2021-25203 562 | CVE-2021-25204 563 | CVE-2021-25205 564 | CVE-2021-25206 565 | CVE-2021-25207 566 | CVE-2021-25208 567 | CVE-2021-25209 568 | CVE-2021-25210 569 | CVE-2021-25211 570 | CVE-2021-25212 571 | CVE-2021-25213 572 | CVE-2021-25274 573 | CVE-2021-25275 574 | CVE-2021-25276 575 | CVE-2021-25277 576 | CVE-2021-25278 577 | CVE-2021-25281 578 | CVE-2021-25282 579 | CVE-2021-25283 580 | CVE-2021-25284 581 | CVE-2021-25287 582 | CVE-2021-25288 583 | CVE-2021-25289 584 | CVE-2021-25290 585 | CVE-2021-25291 586 | CVE-2021-25292 587 | CVE-2021-25293 588 | CVE-2021-25294 589 | CVE-2021-25295 590 | CVE-2021-25296 591 | CVE-2021-25297 592 | CVE-2021-25298 593 | CVE-2021-25299 594 | CVE-2021-25306 595 | CVE-2021-25309 596 | CVE-2021-25310 597 | CVE-2021-25311 598 | CVE-2021-25312 599 | CVE-2021-25323 600 | CVE-2021-25324 601 | CVE-2021-25325 602 | CVE-2021-25326 603 | CVE-2021-25327 604 | CVE-2021-25328 605 | CVE-2021-25643 606 | CVE-2021-25644 607 | CVE-2021-25645 608 | CVE-2021-25647 609 | CVE-2021-25648 610 | CVE-2021-25679 611 | CVE-2021-25680 612 | CVE-2021-25681 613 | CVE-2021-25693 614 | CVE-2021-25694 615 | CVE-2021-25755 616 | CVE-2021-25756 617 | CVE-2021-25757 618 | CVE-2021-25758 619 | CVE-2021-25759 620 | CVE-2021-25760 621 | CVE-2021-25761 622 | CVE-2021-25762 623 | CVE-2021-25763 624 | CVE-2021-25764 625 | CVE-2021-25765 626 | CVE-2021-25766 627 | CVE-2021-25767 628 | CVE-2021-25768 629 | CVE-2021-25769 630 | CVE-2021-25770 631 | CVE-2021-25771 632 | CVE-2021-25772 633 | CVE-2021-25773 634 | CVE-2021-25774 635 | CVE-2021-25775 636 | CVE-2021-25776 637 | CVE-2021-25777 638 | CVE-2021-25778 639 | CVE-2021-25779 640 | CVE-2021-25780 641 | CVE-2021-25790 642 | CVE-2021-25791 643 | CVE-2021-25801 644 | CVE-2021-25802 645 | CVE-2021-25803 646 | CVE-2021-25804 647 | CVE-2021-25808 648 | CVE-2021-25809 649 | CVE-2021-25810 650 | CVE-2021-25811 651 | CVE-2021-25812 652 | CVE-2021-25829 653 | CVE-2021-25830 654 | CVE-2021-25831 655 | CVE-2021-25832 656 | CVE-2021-25833 657 | CVE-2021-25834 658 | CVE-2021-25835 659 | CVE-2021-25836 660 | CVE-2021-25837 661 | CVE-2021-25838 662 | CVE-2021-25839 663 | CVE-2021-25845 664 | CVE-2021-25846 665 | CVE-2021-25847 666 | CVE-2021-25848 667 | CVE-2021-25849 668 | CVE-2021-25863 669 | CVE-2021-25864 670 | CVE-2021-25893 671 | CVE-2021-25894 672 | CVE-2021-25898 673 | CVE-2021-25899 674 | CVE-2021-25900 675 | CVE-2021-25901 676 | CVE-2021-25902 677 | CVE-2021-25903 678 | CVE-2021-25904 679 | CVE-2021-25905 680 | CVE-2021-25906 681 | CVE-2021-25907 682 | CVE-2021-25908 683 | CVE-2021-26023 684 | CVE-2021-26024 685 | CVE-2021-26025 686 | CVE-2021-26026 687 | CVE-2021-26119 688 | CVE-2021-26120 689 | CVE-2021-26122 690 | CVE-2021-26123 691 | CVE-2021-26194 692 | CVE-2021-26195 693 | CVE-2021-26197 694 | CVE-2021-26198 695 | CVE-2021-26199 696 | CVE-2021-26200 697 | CVE-2021-26201 698 | CVE-2021-26215 699 | CVE-2021-26216 700 | CVE-2021-26220 701 | CVE-2021-26221 702 | CVE-2021-26222 703 | CVE-2021-26223 704 | CVE-2021-26224 705 | CVE-2021-26226 706 | CVE-2021-26227 707 | CVE-2021-26228 708 | CVE-2021-26229 709 | CVE-2021-26230 710 | CVE-2021-26231 711 | CVE-2021-26232 712 | CVE-2021-26233 713 | CVE-2021-26234 714 | CVE-2021-26235 715 | CVE-2021-26236 716 | CVE-2021-26237 717 | CVE-2021-26266 718 | CVE-2021-26267 719 | CVE-2021-26271 720 | CVE-2021-26272 721 | CVE-2021-26273 722 | CVE-2021-26274 723 | CVE-2021-26275 724 | CVE-2021-26276 725 | CVE-2021-26293 726 | CVE-2021-26294 727 | CVE-2021-26303 728 | CVE-2021-26304 729 | CVE-2021-26305 730 | CVE-2021-26306 731 | CVE-2021-26307 732 | CVE-2021-26308 733 | CVE-2021-26309 734 | CVE-2021-26310 735 | CVE-2021-26421 736 | CVE-2021-26422 737 | CVE-2021-26428 738 | CVE-2021-26429 739 | CVE-2021-26430 740 | CVE-2021-26431 741 | CVE-2021-26434 742 | CVE-2021-26436 743 | CVE-2021-26437 744 | CVE-2021-26439 745 | CVE-2021-26444 746 | CVE-2021-26471 747 | CVE-2021-26472 748 | CVE-2021-26473 749 | CVE-2021-26474 750 | CVE-2021-26475 751 | CVE-2021-26476 752 | CVE-2021-26528 753 | CVE-2021-26529 754 | CVE-2021-26530 755 | CVE-2021-26539 756 | CVE-2021-26540 757 | CVE-2021-26541 758 | CVE-2021-26543 759 | CVE-2021-26549 760 | CVE-2021-26550 761 | CVE-2021-26551 762 | CVE-2021-26593 763 | CVE-2021-26594 764 | CVE-2021-26595 765 | CVE-2021-26596 766 | CVE-2021-26597 767 | CVE-2021-26675 768 | CVE-2021-26676 769 | CVE-2021-26687 770 | CVE-2021-26688 771 | CVE-2021-26689 772 | CVE-2021-26698 773 | CVE-2021-26699 774 | CVE-2021-26700 775 | CVE-2021-26702 776 | CVE-2021-26703 777 | CVE-2021-26704 778 | CVE-2021-26705 779 | CVE-2021-26707 780 | CVE-2021-26708 781 | CVE-2021-26709 782 | CVE-2021-26710 783 | CVE-2021-26711 784 | CVE-2021-26712 785 | CVE-2021-26713 786 | CVE-2021-26714 787 | CVE-2021-26715 788 | CVE-2021-26716 789 | CVE-2021-26717 790 | CVE-2021-26719 791 | CVE-2021-26720 792 | CVE-2021-26722 793 | CVE-2021-26723 794 | CVE-2021-26746 795 | CVE-2021-26747 796 | CVE-2021-26750 797 | CVE-2021-26751 798 | CVE-2021-26752 799 | CVE-2021-26753 800 | CVE-2021-26754 801 | CVE-2021-26758 802 | CVE-2021-26762 803 | CVE-2021-26764 804 | CVE-2021-26765 805 | CVE-2021-26776 806 | CVE-2021-26788 807 | CVE-2021-26794 808 | CVE-2021-26795 809 | CVE-2021-26797 810 | CVE-2021-26799 811 | CVE-2021-26804 812 | CVE-2021-26805 813 | CVE-2021-26807 814 | CVE-2021-26809 815 | CVE-2021-26810 816 | CVE-2021-26812 817 | CVE-2021-26813 818 | CVE-2021-26814 819 | CVE-2021-26822 820 | CVE-2021-26824 821 | CVE-2021-26825 822 | CVE-2021-26826 823 | CVE-2021-26827 824 | CVE-2021-26828 825 | CVE-2021-26829 826 | CVE-2021-26830 827 | CVE-2021-26832 828 | CVE-2021-26833 829 | CVE-2021-26834 830 | CVE-2021-26835 831 | CVE-2021-26843 832 | CVE-2021-26845 833 | CVE-2021-26859 834 | CVE-2021-26867 835 | CVE-2021-26900 836 | CVE-2021-26902 837 | CVE-2021-26903 838 | CVE-2021-26904 839 | CVE-2021-26905 840 | CVE-2021-26906 841 | CVE-2021-26910 842 | CVE-2021-26911 843 | CVE-2021-26912 844 | CVE-2021-26913 845 | CVE-2021-26914 846 | CVE-2021-26915 847 | CVE-2021-26916 848 | CVE-2021-26917 849 | CVE-2021-26918 850 | CVE-2021-26921 851 | CVE-2021-26923 852 | CVE-2021-26924 853 | CVE-2021-26925 854 | CVE-2021-26928 855 | CVE-2021-26929 856 | CVE-2021-26930 857 | CVE-2021-26931 858 | CVE-2021-26932 859 | CVE-2021-26933 860 | CVE-2021-26934 861 | CVE-2021-26935 862 | CVE-2021-26936 863 | CVE-2021-26937 864 | CVE-2021-26938 865 | CVE-2021-26939 866 | CVE-2021-26943 867 | CVE-2021-26951 868 | CVE-2021-26952 869 | CVE-2021-26953 870 | CVE-2021-26954 871 | CVE-2021-26955 872 | CVE-2021-26956 873 | CVE-2021-26957 874 | CVE-2021-26958 875 | CVE-2021-27047 876 | CVE-2021-27048 877 | CVE-2021-27049 878 | CVE-2021-27050 879 | CVE-2021-27051 880 | CVE-2021-27058 881 | CVE-2021-27060 882 | CVE-2021-27061 883 | CVE-2021-27062 884 | CVE-2021-27064 885 | CVE-2021-27066 886 | CVE-2021-27068 887 | CVE-2021-27070 888 | CVE-2021-27074 889 | CVE-2021-27075 890 | CVE-2021-27080 891 | CVE-2021-27081 892 | CVE-2021-27082 893 | CVE-2021-27083 894 | CVE-2021-27084 895 | CVE-2021-27090 896 | CVE-2021-27097 897 | CVE-2021-27098 898 | CVE-2021-27099 899 | CVE-2021-27101 900 | CVE-2021-27102 901 | CVE-2021-27103 902 | CVE-2021-27104 903 | CVE-2021-27112 904 | CVE-2021-27113 905 | CVE-2021-27114 906 | CVE-2021-27124 907 | CVE-2021-27129 908 | CVE-2021-27130 909 | CVE-2021-27132 910 | CVE-2021-27135 911 | CVE-2021-27138 912 | CVE-2021-27139 913 | CVE-2021-27140 914 | CVE-2021-27141 915 | CVE-2021-27142 916 | CVE-2021-27143 917 | CVE-2021-27144 918 | CVE-2021-27145 919 | CVE-2021-27146 920 | CVE-2021-27147 921 | CVE-2021-27148 922 | CVE-2021-27149 923 | CVE-2021-27150 924 | CVE-2021-27151 925 | CVE-2021-27152 926 | CVE-2021-27153 927 | CVE-2021-27154 928 | CVE-2021-27155 929 | CVE-2021-27156 930 | CVE-2021-27157 931 | CVE-2021-27158 932 | CVE-2021-27159 933 | CVE-2021-27160 934 | CVE-2021-27161 935 | CVE-2021-27162 936 | CVE-2021-27163 937 | CVE-2021-27164 938 | CVE-2021-27165 939 | CVE-2021-27166 940 | CVE-2021-27167 941 | CVE-2021-27168 942 | CVE-2021-27169 943 | CVE-2021-27170 944 | CVE-2021-27171 945 | CVE-2021-27172 946 | CVE-2021-27173 947 | CVE-2021-27174 948 | CVE-2021-27175 949 | CVE-2021-27176 950 | CVE-2021-27177 951 | CVE-2021-27178 952 | CVE-2021-27179 953 | CVE-2021-27180 954 | CVE-2021-27181 955 | CVE-2021-27182 956 | CVE-2021-27183 957 | CVE-2021-27184 958 | CVE-2021-27185 959 | CVE-2021-27186 960 | CVE-2021-27187 961 | CVE-2021-27188 962 | CVE-2021-27189 963 | CVE-2021-27190 964 | CVE-2021-27191 965 | CVE-2021-27192 966 | CVE-2021-27193 967 | CVE-2021-27194 968 | CVE-2021-27195 969 | CVE-2021-27196 970 | CVE-2021-27197 971 | CVE-2021-27198 972 | CVE-2021-27200 973 | CVE-2021-27201 974 | CVE-2021-27203 975 | CVE-2021-27204 976 | CVE-2021-27205 977 | CVE-2021-27208 978 | CVE-2021-27209 979 | CVE-2021-27210 980 | CVE-2021-27211 981 | CVE-2021-27212 982 | CVE-2021-27213 983 | CVE-2021-27214 984 | CVE-2021-27215 985 | CVE-2021-27216 986 | CVE-2021-27217 987 | CVE-2021-27218 988 | CVE-2021-27219 989 | CVE-2021-27220 990 | CVE-2021-27221 991 | CVE-2021-27222 992 | CVE-2021-27224 993 | CVE-2021-27225 994 | CVE-2021-27228 995 | CVE-2021-27229 996 | CVE-2021-27230 997 | CVE-2021-27231 998 | CVE-2021-27232 999 | CVE-2021-27233 1000 | CVE-2021-27234 1001 | CVE-2021-27235 1002 | CVE-2021-27236 1003 | CVE-2021-27237 1004 | CVE-2021-27279 1005 | CVE-2021-27288 1006 | CVE-2021-27290 1007 | CVE-2021-27291 1008 | CVE-2021-27292 1009 | CVE-2021-27293 1010 | CVE-2021-27306 1011 | CVE-2021-27308 1012 | CVE-2021-27309 1013 | CVE-2021-27310 1014 | CVE-2021-27314 1015 | CVE-2021-27315 1016 | CVE-2021-27316 1017 | CVE-2021-27317 1018 | CVE-2021-27318 1019 | CVE-2021-27319 1020 | CVE-2021-27320 1021 | CVE-2021-27328 1022 | CVE-2021-27329 1023 | CVE-2021-27330 1024 | CVE-2021-27332 1025 | CVE-2021-27335 1026 | CVE-2021-27338 1027 | CVE-2021-27340 1028 | CVE-2021-27341 1029 | CVE-2021-27342 1030 | CVE-2021-27343 1031 | CVE-2021-27345 1032 | CVE-2021-27347 1033 | CVE-2021-27349 1034 | CVE-2021-27351 1035 | CVE-2021-27352 1036 | CVE-2021-27357 1037 | CVE-2021-27358 1038 | CVE-2021-27362 1039 | CVE-2021-27363 1040 | CVE-2021-27364 1041 | CVE-2021-27365 1042 | CVE-2021-27367 1043 | CVE-2021-27368 1044 | CVE-2021-27369 1045 | CVE-2021-27370 1046 | CVE-2021-27371 1047 | CVE-2021-27372 1048 | CVE-2021-27374 1049 | CVE-2021-27375 1050 | CVE-2021-27376 1051 | CVE-2021-27377 1052 | CVE-2021-27378 1053 | CVE-2021-27379 1054 | CVE-2021-27400 1055 | CVE-2021-27401 1056 | CVE-2021-27402 1057 | CVE-2021-27403 1058 | CVE-2021-27404 1059 | CVE-2021-27405 1060 | CVE-2021-27506 1061 | CVE-2021-27509 1062 | CVE-2021-27513 1063 | CVE-2021-27514 1064 | CVE-2021-27515 1065 | CVE-2021-27516 1066 | CVE-2021-27517 1067 | CVE-2021-27519 1068 | CVE-2021-27520 1069 | CVE-2021-27522 1070 | CVE-2021-27526 1071 | CVE-2021-27527 1072 | CVE-2021-27528 1073 | CVE-2021-27529 1074 | CVE-2021-27530 1075 | CVE-2021-27531 1076 | CVE-2021-27544 1077 | CVE-2021-27545 1078 | CVE-2021-27549 1079 | CVE-2021-27550 1080 | CVE-2021-27556 1081 | CVE-2021-27557 1082 | CVE-2021-27558 1083 | CVE-2021-27559 1084 | CVE-2021-27561 1085 | CVE-2021-27562 1086 | CVE-2021-27564 1087 | CVE-2021-27565 1088 | CVE-2021-27568 1089 | CVE-2021-27569 1090 | CVE-2021-27570 1091 | CVE-2021-27571 1092 | CVE-2021-27572 1093 | CVE-2021-27573 1094 | CVE-2021-27574 1095 | CVE-2021-27579 1096 | CVE-2021-27581 1097 | CVE-2021-27582 1098 | CVE-2021-27583 1099 | CVE-2021-27645 1100 | CVE-2021-27668 1101 | CVE-2021-27670 1102 | CVE-2021-27671 1103 | CVE-2021-27672 1104 | CVE-2021-27673 1105 | CVE-2021-27676 1106 | CVE-2021-27677 1107 | CVE-2021-27678 1108 | CVE-2021-27679 1109 | CVE-2021-27691 1110 | CVE-2021-27692 1111 | CVE-2021-27695 1112 | CVE-2021-27697 1113 | CVE-2021-27698 1114 | CVE-2021-27705 1115 | CVE-2021-27706 1116 | CVE-2021-27707 1117 | CVE-2021-27708 1118 | CVE-2021-27710 1119 | CVE-2021-27730 1120 | CVE-2021-27731 1121 | CVE-2021-27733 1122 | CVE-2021-27734 1123 | CVE-2021-27736 1124 | CVE-2021-27741 1125 | CVE-2021-27746 1126 | CVE-2021-27799 1127 | CVE-2021-27803 1128 | CVE-2021-27804 1129 | CVE-2021-27811 1130 | CVE-2021-27815 1131 | CVE-2021-27817 1132 | CVE-2021-27821 1133 | CVE-2021-27822 1134 | CVE-2021-27823 1135 | CVE-2021-27828 1136 | CVE-2021-27839 1137 | CVE-2021-27845 1138 | CVE-2021-27847 1139 | CVE-2021-27876 1140 | CVE-2021-27877 1141 | CVE-2021-27878 1142 | CVE-2021-27884 1143 | CVE-2021-27885 1144 | CVE-2021-27886 1145 | CVE-2021-27887 1146 | CVE-2021-27888 1147 | CVE-2021-27889 1148 | CVE-2021-27890 1149 | CVE-2021-27891 1150 | CVE-2021-27892 1151 | CVE-2021-27893 1152 | CVE-2021-27899 1153 | CVE-2021-27900 1154 | CVE-2021-27901 1155 | CVE-2021-27902 1156 | CVE-2021-27903 1157 | CVE-2021-27904 1158 | CVE-2021-27918 1159 | CVE-2021-27919 1160 | CVE-2021-27921 1161 | CVE-2021-27922 1162 | CVE-2021-27923 1163 | CVE-2021-27924 1164 | CVE-2021-27925 1165 | CVE-2021-27927 1166 | CVE-2021-27928 1167 | CVE-2021-27930 1168 | CVE-2021-27931 1169 | CVE-2021-27933 1170 | CVE-2021-27935 1171 | CVE-2021-27938 1172 | CVE-2021-27940 1173 | CVE-2021-27941 1174 | CVE-2021-27942 1175 | CVE-2021-27943 1176 | CVE-2021-27944 1177 | CVE-2021-27945 1178 | CVE-2021-27946 1179 | CVE-2021-27947 1180 | CVE-2021-27948 1181 | CVE-2021-27949 1182 | CVE-2021-27950 1183 | CVE-2021-27952 1184 | CVE-2021-27953 1185 | CVE-2021-27954 1186 | CVE-2021-27956 1187 | CVE-2021-27962 1188 | CVE-2021-27963 1189 | CVE-2021-27964 1190 | CVE-2021-27965 1191 | CVE-2021-27969 1192 | CVE-2021-27973 1193 | CVE-2021-27989 1194 | CVE-2021-27990 1195 | CVE-2021-27999 1196 | CVE-2021-28000 1197 | CVE-2021-28001 1198 | CVE-2021-28002 1199 | CVE-2021-28006 1200 | CVE-2021-28007 1201 | CVE-2021-28021 1202 | CVE-2021-28026 1203 | CVE-2021-28027 1204 | CVE-2021-28028 1205 | CVE-2021-28029 1206 | CVE-2021-28030 1207 | CVE-2021-28031 1208 | CVE-2021-28032 1209 | CVE-2021-28033 1210 | CVE-2021-28034 1211 | CVE-2021-28035 1212 | CVE-2021-28036 1213 | CVE-2021-28037 1214 | CVE-2021-28038 1215 | CVE-2021-28039 1216 | CVE-2021-28040 1217 | CVE-2021-28041 1218 | CVE-2021-28042 1219 | CVE-2021-28047 1220 | CVE-2021-28048 1221 | CVE-2021-28053 1222 | CVE-2021-28054 1223 | CVE-2021-28055 1224 | CVE-2021-28060 1225 | CVE-2021-28070 1226 | CVE-2021-28075 1227 | CVE-2021-28079 1228 | CVE-2021-28088 1229 | CVE-2021-28089 1230 | CVE-2021-28090 1231 | CVE-2021-28091 1232 | CVE-2021-28092 1233 | CVE-2021-28093 1234 | CVE-2021-28094 1235 | CVE-2021-28095 1236 | CVE-2021-28098 1237 | CVE-2021-28109 1238 | CVE-2021-28110 1239 | CVE-2021-28111 1240 | CVE-2021-28112 1241 | CVE-2021-28113 1242 | CVE-2021-28114 1243 | CVE-2021-28115 1244 | CVE-2021-28116 1245 | CVE-2021-28117 1246 | CVE-2021-28119 1247 | CVE-2021-28121 1248 | CVE-2021-28122 1249 | CVE-2021-28123 1250 | CVE-2021-28124 1251 | CVE-2021-28126 1252 | CVE-2021-28127 1253 | CVE-2021-28128 1254 | CVE-2021-28130 1255 | CVE-2021-28132 1256 | CVE-2021-28133 1257 | CVE-2021-28134 1258 | CVE-2021-28135 1259 | CVE-2021-28136 1260 | CVE-2021-28139 1261 | CVE-2021-28141 1262 | CVE-2021-28142 1263 | CVE-2021-28143 1264 | CVE-2021-28144 1265 | CVE-2021-28145 1266 | CVE-2021-28146 1267 | CVE-2021-28147 1268 | CVE-2021-28148 1269 | CVE-2021-28149 1270 | CVE-2021-28150 1271 | CVE-2021-28151 1272 | CVE-2021-28152 1273 | CVE-2021-28153 1274 | CVE-2021-28154 1275 | CVE-2021-28155 1276 | CVE-2021-28156 1277 | CVE-2021-28157 1278 | CVE-2021-28160 1279 | CVE-2021-28233 1280 | CVE-2021-28242 1281 | CVE-2021-28245 1282 | CVE-2021-28246 1283 | CVE-2021-28247 1284 | CVE-2021-28248 1285 | CVE-2021-28249 1286 | CVE-2021-28250 1287 | CVE-2021-28269 1288 | CVE-2021-28271 1289 | CVE-2021-28280 1290 | CVE-2021-28293 1291 | CVE-2021-28294 1292 | CVE-2021-28295 1293 | CVE-2021-28300 1294 | CVE-2021-28302 1295 | CVE-2021-28305 1296 | CVE-2021-28306 1297 | CVE-2021-28307 1298 | CVE-2021-28308 1299 | CVE-2021-28324 1300 | CVE-2021-28361 1301 | CVE-2021-28362 1302 | CVE-2021-28363 1303 | CVE-2021-28372 1304 | CVE-2021-28373 1305 | CVE-2021-28374 1306 | CVE-2021-28375 1307 | CVE-2021-28378 1308 | CVE-2021-28379 1309 | CVE-2021-28380 1310 | CVE-2021-28381 1311 | CVE-2021-28382 1312 | CVE-2021-28399 1313 | CVE-2021-28417 1314 | CVE-2021-28418 1315 | CVE-2021-28419 1316 | CVE-2021-28420 1317 | CVE-2021-28423 1318 | CVE-2021-28424 1319 | CVE-2021-28448 1320 | CVE-2021-28457 1321 | CVE-2021-28458 1322 | CVE-2021-28459 1323 | CVE-2021-28460 1324 | CVE-2021-28461 1325 | CVE-2021-28464 1326 | CVE-2021-28465 1327 | CVE-2021-28466 1328 | CVE-2021-28468 1329 | CVE-2021-28469 1330 | CVE-2021-28470 1331 | CVE-2021-28471 1332 | CVE-2021-28472 1333 | CVE-2021-28473 1334 | CVE-2021-28475 1335 | CVE-2021-28477 1336 | CVE-2021-28484 1337 | CVE-2021-28490 1338 | CVE-2021-28492 1339 | CVE-2021-28543 1340 | CVE-2021-28650 1341 | CVE-2021-28651 1342 | CVE-2021-28652 1343 | CVE-2021-28653 1344 | CVE-2021-28658 1345 | CVE-2021-28660 1346 | CVE-2021-28661 1347 | CVE-2021-28662 1348 | CVE-2021-28663 1349 | CVE-2021-28664 1350 | CVE-2021-28665 1351 | CVE-2021-28667 1352 | CVE-2021-28668 1353 | CVE-2021-28669 1354 | CVE-2021-28670 1355 | CVE-2021-28671 1356 | CVE-2021-28672 1357 | CVE-2021-28673 1358 | CVE-2021-28674 1359 | CVE-2021-28675 1360 | CVE-2021-28676 1361 | CVE-2021-28677 1362 | CVE-2021-28678 1363 | CVE-2021-28681 1364 | CVE-2021-28682 1365 | CVE-2021-28683 1366 | CVE-2021-28684 1367 | CVE-2021-28685 1368 | CVE-2021-28686 1369 | CVE-2021-28789 1370 | CVE-2021-28790 1371 | CVE-2021-28791 1372 | CVE-2021-28792 1373 | CVE-2021-28793 1374 | CVE-2021-28794 1375 | CVE-2021-28796 1376 | CVE-2021-28831 1377 | CVE-2021-28832 1378 | CVE-2021-28833 1379 | CVE-2021-28834 1380 | CVE-2021-28838 1381 | CVE-2021-28839 1382 | CVE-2021-28840 1383 | CVE-2021-28841 1384 | CVE-2021-28842 1385 | CVE-2021-28843 1386 | CVE-2021-28844 1387 | CVE-2021-28845 1388 | CVE-2021-28846 1389 | CVE-2021-28847 1390 | CVE-2021-28848 1391 | CVE-2021-28855 1392 | CVE-2021-28856 1393 | CVE-2021-28857 1394 | CVE-2021-28858 1395 | CVE-2021-28860 1396 | CVE-2021-28874 1397 | CVE-2021-28875 1398 | CVE-2021-28876 1399 | CVE-2021-28877 1400 | CVE-2021-28878 1401 | CVE-2021-28879 1402 | CVE-2021-28890 1403 | CVE-2021-28899 1404 | CVE-2021-28901 1405 | CVE-2021-28902 1406 | CVE-2021-28903 1407 | CVE-2021-28904 1408 | CVE-2021-28905 1409 | CVE-2021-28906 1410 | CVE-2021-28909 1411 | CVE-2021-28910 1412 | CVE-2021-28911 1413 | CVE-2021-28912 1414 | CVE-2021-28913 1415 | CVE-2021-28914 1416 | CVE-2021-28918 1417 | CVE-2021-28924 1418 | CVE-2021-28925 1419 | CVE-2021-28927 1420 | CVE-2021-28931 1421 | CVE-2021-28935 1422 | CVE-2021-28936 1423 | CVE-2021-28937 1424 | CVE-2021-28938 1425 | CVE-2021-28940 1426 | CVE-2021-28941 1427 | CVE-2021-28950 1428 | CVE-2021-28951 1429 | CVE-2021-28952 1430 | CVE-2021-28953 1431 | CVE-2021-28954 1432 | CVE-2021-28955 1433 | CVE-2021-28956 1434 | CVE-2021-28957 1435 | CVE-2021-28958 1436 | CVE-2021-28959 1437 | CVE-2021-28960 1438 | CVE-2021-28961 1439 | CVE-2021-28963 1440 | CVE-2021-28964 1441 | CVE-2021-28965 1442 | CVE-2021-28966 1443 | CVE-2021-28967 1444 | CVE-2021-28968 1445 | CVE-2021-28969 1446 | CVE-2021-28970 1447 | CVE-2021-28971 1448 | CVE-2021-28972 1449 | CVE-2021-28973 1450 | CVE-2021-28975 1451 | CVE-2021-28976 1452 | CVE-2021-28977 1453 | CVE-2021-28979 1454 | CVE-2021-28993 1455 | CVE-2021-28994 1456 | CVE-2021-29002 1457 | CVE-2021-29003 1458 | CVE-2021-29004 1459 | CVE-2021-29005 1460 | CVE-2021-29006 1461 | CVE-2021-29008 1462 | CVE-2021-29009 1463 | CVE-2021-29010 1464 | CVE-2021-29011 1465 | CVE-2021-29012 1466 | CVE-2021-29022 1467 | CVE-2021-29023 1468 | CVE-2021-29024 1469 | CVE-2021-29025 1470 | CVE-2021-29026 1471 | CVE-2021-29027 1472 | CVE-2021-29028 1473 | CVE-2021-29029 1474 | CVE-2021-29030 1475 | CVE-2021-29031 1476 | CVE-2021-29032 1477 | CVE-2021-29033 1478 | CVE-2021-29039 1479 | CVE-2021-29040 1480 | CVE-2021-29041 1481 | CVE-2021-29043 1482 | CVE-2021-29044 1483 | CVE-2021-29045 1484 | CVE-2021-29046 1485 | CVE-2021-29047 1486 | CVE-2021-29048 1487 | CVE-2021-29049 1488 | CVE-2021-29051 1489 | CVE-2021-29052 1490 | CVE-2021-29053 1491 | CVE-2021-29054 1492 | CVE-2021-29056 1493 | CVE-2021-29059 1494 | CVE-2021-29060 1495 | CVE-2021-29061 1496 | CVE-2021-29063 1497 | CVE-2021-29065 1498 | CVE-2021-29066 1499 | CVE-2021-29067 1500 | CVE-2021-29068 1501 | CVE-2021-29069 1502 | CVE-2021-29070 1503 | CVE-2021-29071 1504 | CVE-2021-29072 1505 | CVE-2021-29073 1506 | CVE-2021-29074 1507 | CVE-2021-29075 1508 | CVE-2021-29076 1509 | CVE-2021-29077 1510 | CVE-2021-29078 1511 | CVE-2021-29079 1512 | CVE-2021-29080 1513 | CVE-2021-29081 1514 | CVE-2021-29082 1515 | CVE-2021-29133 1516 | CVE-2021-29136 1517 | CVE-2021-29154 1518 | CVE-2021-29155 1519 | CVE-2021-29156 1520 | CVE-2021-29157 1521 | CVE-2021-29158 1522 | CVE-2021-29159 1523 | CVE-2021-29238 1524 | CVE-2021-29239 1525 | CVE-2021-29240 1526 | CVE-2021-29241 1527 | CVE-2021-29242 1528 | CVE-2021-29245 1529 | CVE-2021-29246 1530 | CVE-2021-29247 1531 | CVE-2021-29248 1532 | CVE-2021-29249 1533 | CVE-2021-29250 1534 | CVE-2021-29251 1535 | CVE-2021-29252 1536 | CVE-2021-29253 1537 | CVE-2021-29255 1538 | CVE-2021-29256 1539 | CVE-2021-29258 1540 | CVE-2021-29261 1541 | CVE-2021-29263 1542 | CVE-2021-29264 1543 | CVE-2021-29265 1544 | CVE-2021-29266 1545 | CVE-2021-29267 1546 | CVE-2021-29271 1547 | CVE-2021-29272 1548 | CVE-2021-29274 1549 | CVE-2021-29279 1550 | CVE-2021-29280 1551 | CVE-2021-29294 1552 | CVE-2021-29295 1553 | CVE-2021-29296 1554 | CVE-2021-29297 1555 | CVE-2021-29298 1556 | CVE-2021-29300 1557 | CVE-2021-29302 1558 | CVE-2021-29313 1559 | CVE-2021-29337 1560 | CVE-2021-29338 1561 | CVE-2021-29343 1562 | CVE-2021-29349 1563 | CVE-2021-29350 1564 | CVE-2021-29357 1565 | CVE-2021-29358 1566 | CVE-2021-29360 1567 | CVE-2021-29361 1568 | CVE-2021-29362 1569 | CVE-2021-29363 1570 | CVE-2021-29364 1571 | CVE-2021-29365 1572 | CVE-2021-29366 1573 | CVE-2021-29367 1574 | CVE-2021-29369 1575 | CVE-2021-29370 1576 | CVE-2021-29376 1577 | CVE-2021-29377 1578 | CVE-2021-29379 1579 | CVE-2021-29387 1580 | CVE-2021-29388 1581 | CVE-2021-29399 1582 | CVE-2021-29400 1583 | CVE-2021-29414 1584 | CVE-2021-29415 1585 | CVE-2021-29416 1586 | CVE-2021-29417 1587 | CVE-2021-29418 1588 | CVE-2021-29421 1589 | CVE-2021-29424 1590 | CVE-2021-29641 1591 | CVE-2021-29642 1592 | CVE-2021-29643 1593 | CVE-2021-29644 1594 | CVE-2021-29645 1595 | CVE-2021-29646 1596 | CVE-2021-29647 1597 | CVE-2021-29648 1598 | CVE-2021-29649 1599 | CVE-2021-29650 1600 | CVE-2021-29651 1601 | CVE-2021-29652 1602 | CVE-2021-29653 1603 | CVE-2021-29654 1604 | CVE-2021-29657 1605 | CVE-2021-29658 1606 | CVE-2021-29659 1607 | CVE-2021-29660 1608 | CVE-2021-29661 1609 | CVE-2021-29662 1610 | CVE-2021-29663 1611 | CVE-2021-29921 1612 | CVE-2021-29922 1613 | CVE-2021-29923 1614 | CVE-2021-29929 1615 | CVE-2021-29930 1616 | CVE-2021-29931 1617 | CVE-2021-29932 1618 | CVE-2021-29933 1619 | CVE-2021-29934 1620 | CVE-2021-29935 1621 | CVE-2021-29936 1622 | CVE-2021-29937 1623 | CVE-2021-29938 1624 | CVE-2021-29939 1625 | CVE-2021-29940 1626 | CVE-2021-29941 1627 | CVE-2021-29942 1628 | CVE-2021-29995 1629 | CVE-2021-29996 1630 | CVE-2021-29997 1631 | CVE-2021-29998 1632 | CVE-2021-29999 1633 | CVE-2021-30000 1634 | CVE-2021-30002 1635 | CVE-2021-30003 1636 | CVE-2021-30004 1637 | CVE-2021-30005 1638 | CVE-2021-30006 1639 | CVE-2021-30014 1640 | CVE-2021-30015 1641 | CVE-2021-30019 1642 | CVE-2021-3002 1643 | CVE-2021-30020 1644 | CVE-2021-30022 1645 | CVE-2021-30027 1646 | CVE-2021-3003 1647 | CVE-2021-30030 1648 | CVE-2021-30034 1649 | CVE-2021-30039 1650 | CVE-2021-3004 1651 | CVE-2021-30042 1652 | CVE-2021-30044 1653 | CVE-2021-30045 1654 | CVE-2021-30046 1655 | CVE-2021-30048 1656 | CVE-2021-30049 1657 | CVE-2021-3005 1658 | CVE-2021-30055 1659 | CVE-2021-30056 1660 | CVE-2021-30057 1661 | CVE-2021-30058 1662 | CVE-2021-3006 1663 | CVE-2021-3007 1664 | CVE-2021-30072 1665 | CVE-2021-30074 1666 | CVE-2021-30081 1667 | CVE-2021-30082 1668 | CVE-2021-30083 1669 | CVE-2021-30086 1670 | CVE-2021-3010 1671 | CVE-2021-30108 1672 | CVE-2021-30109 1673 | CVE-2021-3011 1674 | CVE-2021-30110 1675 | CVE-2021-30111 1676 | CVE-2021-30112 1677 | CVE-2021-30113 1678 | CVE-2021-30114 1679 | CVE-2021-30116 1680 | CVE-2021-30117 1681 | CVE-2021-30118 1682 | CVE-2021-30119 1683 | CVE-2021-3012 1684 | CVE-2021-30120 1685 | CVE-2021-30121 1686 | CVE-2021-30123 1687 | CVE-2021-30124 1688 | CVE-2021-30125 1689 | CVE-2021-30126 1690 | CVE-2021-30127 1691 | CVE-2021-3013 1692 | CVE-2021-30130 1693 | CVE-2021-30133 1694 | CVE-2021-30137 1695 | CVE-2021-30139 1696 | CVE-2021-3014 1697 | CVE-2021-30140 1698 | CVE-2021-30141 1699 | CVE-2021-30144 1700 | CVE-2021-30145 1701 | CVE-2021-30146 1702 | CVE-2021-30147 1703 | CVE-2021-30149 1704 | CVE-2021-30150 1705 | CVE-2021-30151 1706 | CVE-2021-30152 1707 | CVE-2021-30154 1708 | CVE-2021-30155 1709 | CVE-2021-30156 1710 | CVE-2021-30157 1711 | CVE-2021-30158 1712 | CVE-2021-30159 1713 | CVE-2021-30161 1714 | CVE-2021-30162 1715 | CVE-2021-30163 1716 | CVE-2021-30164 1717 | CVE-2021-3017 1718 | CVE-2021-30175 1719 | CVE-2021-30176 1720 | CVE-2021-30177 1721 | CVE-2021-30178 1722 | CVE-2021-3018 1723 | CVE-2021-30183 1724 | CVE-2021-30184 1725 | CVE-2021-30185 1726 | CVE-2021-30186 1727 | CVE-2021-30187 1728 | CVE-2021-30188 1729 | CVE-2021-30189 1730 | CVE-2021-3019 1731 | CVE-2021-30190 1732 | CVE-2021-30191 1733 | CVE-2021-30192 1734 | CVE-2021-30193 1735 | CVE-2021-30194 1736 | CVE-2021-30195 1737 | CVE-2021-30199 1738 | CVE-2021-30201 1739 | CVE-2021-30209 1740 | CVE-2021-3021 1741 | CVE-2021-30211 1742 | CVE-2021-30212 1743 | CVE-2021-30213 1744 | CVE-2021-30214 1745 | CVE-2021-30218 1746 | CVE-2021-30219 1747 | CVE-2021-3022 1748 | CVE-2021-30224 1749 | CVE-2021-30227 1750 | CVE-2021-30228 1751 | CVE-2021-30229 1752 | CVE-2021-30230 1753 | CVE-2021-30231 1754 | CVE-2021-30232 1755 | CVE-2021-30233 1756 | CVE-2021-30234 1757 | CVE-2021-3024 1758 | CVE-2021-30246 1759 | CVE-2021-3025 1760 | CVE-2021-3026 1761 | CVE-2021-3027 1762 | CVE-2021-3028 1763 | CVE-2021-3029 1764 | CVE-2021-30454 1765 | CVE-2021-30455 1766 | CVE-2021-30456 1767 | CVE-2021-30457 1768 | CVE-2021-30458 1769 | CVE-2021-30459 1770 | CVE-2021-30461 1771 | CVE-2021-30462 1772 | CVE-2021-30463 1773 | CVE-2021-30464 1774 | CVE-2021-30465 1775 | CVE-2021-30473 1776 | CVE-2021-30474 1777 | CVE-2021-30475 1778 | CVE-2021-30476 1779 | CVE-2021-30477 1780 | CVE-2021-30478 1781 | CVE-2021-30479 1782 | CVE-2021-30480 1783 | CVE-2021-30481 1784 | CVE-2021-30482 1785 | CVE-2021-30483 1786 | CVE-2021-30485 1787 | CVE-2021-30486 1788 | CVE-2021-30487 1789 | CVE-2021-30493 1790 | CVE-2021-30494 1791 | CVE-2021-30496 1792 | CVE-2021-30502 1793 | CVE-2021-30503 1794 | CVE-2021-30504 1795 | CVE-2021-30606 1796 | CVE-2021-30607 1797 | CVE-2021-30608 1798 | CVE-2021-30609 1799 | CVE-2021-30610 1800 | CVE-2021-30611 1801 | CVE-2021-30612 1802 | CVE-2021-30613 1803 | CVE-2021-30614 1804 | CVE-2021-30615 1805 | CVE-2021-30616 1806 | CVE-2021-30617 1807 | CVE-2021-30618 1808 | CVE-2021-30619 1809 | CVE-2021-30620 1810 | CVE-2021-30621 1811 | CVE-2021-30622 1812 | CVE-2021-30623 1813 | CVE-2021-30624 1814 | CVE-2021-30635 1815 | CVE-2021-30637 1816 | CVE-2021-3109 1817 | CVE-2021-3110 1818 | CVE-2021-3111 1819 | CVE-2021-3113 1820 | CVE-2021-3114 1821 | CVE-2021-3115 1822 | CVE-2021-31152 1823 | CVE-2021-31153 1824 | CVE-2021-31154 1825 | CVE-2021-31155 1826 | CVE-2021-31158 1827 | CVE-2021-31159 1828 | CVE-2021-3116 1829 | CVE-2021-31160 1830 | CVE-2021-31162 1831 | CVE-2021-31165 1832 | CVE-2021-31166 1833 | CVE-2021-31168 1834 | CVE-2021-31169 1835 | CVE-2021-3118 1836 | CVE-2021-31185 1837 | CVE-2021-3119 1838 | CVE-2021-31192 1839 | CVE-2021-3120 1840 | CVE-2021-31200 1841 | CVE-2021-31205 1842 | CVE-2021-31208 1843 | CVE-2021-3121 1844 | CVE-2021-31211 1845 | CVE-2021-31213 1846 | CVE-2021-31214 1847 | CVE-2021-31215 1848 | CVE-2021-31216 1849 | CVE-2021-31217 1850 | CVE-2021-3122 1851 | CVE-2021-31220 1852 | CVE-2021-31221 1853 | CVE-2021-31222 1854 | CVE-2021-31223 1855 | CVE-2021-31224 1856 | CVE-2021-31225 1857 | CVE-2021-31226 1858 | CVE-2021-31227 1859 | CVE-2021-31228 1860 | CVE-2021-31229 1861 | CVE-2021-31231 1862 | CVE-2021-31232 1863 | CVE-2021-3124 1864 | CVE-2021-31245 1865 | CVE-2021-31249 1866 | CVE-2021-3125 1867 | CVE-2021-31250 1868 | CVE-2021-31251 1869 | CVE-2021-31252 1870 | CVE-2021-31254 1871 | CVE-2021-31255 1872 | CVE-2021-31256 1873 | CVE-2021-31257 1874 | CVE-2021-31258 1875 | CVE-2021-31259 1876 | CVE-2021-31260 1877 | CVE-2021-31261 1878 | CVE-2021-31262 1879 | CVE-2021-3127 1880 | CVE-2021-31272 1881 | CVE-2021-31274 1882 | CVE-2021-3128 1883 | CVE-2021-3129 1884 | CVE-2021-31292 1885 | CVE-2021-3130 1886 | CVE-2021-3131 1887 | CVE-2021-31315 1888 | CVE-2021-31316 1889 | CVE-2021-31317 1890 | CVE-2021-31318 1891 | CVE-2021-31319 1892 | CVE-2021-31320 1893 | CVE-2021-31321 1894 | CVE-2021-31322 1895 | CVE-2021-31323 1896 | CVE-2021-31324 1897 | CVE-2021-31327 1898 | CVE-2021-31329 1899 | CVE-2021-3133 1900 | CVE-2021-3134 1901 | CVE-2021-31347 1902 | CVE-2021-31348 1903 | CVE-2021-3135 1904 | CVE-2021-3137 1905 | CVE-2021-3138 1906 | CVE-2021-3139 1907 | CVE-2021-31399 1908 | CVE-2021-31400 1909 | CVE-2021-31401 1910 | CVE-2021-31402 1911 | CVE-2021-3141 1912 | CVE-2021-31414 1913 | CVE-2021-3144 1914 | CVE-2021-3145 1915 | CVE-2021-3146 1916 | CVE-2021-3148 1917 | CVE-2021-3149 1918 | CVE-2021-3150 1919 | CVE-2021-3151 1920 | CVE-2021-3152 1921 | CVE-2021-31523 1922 | CVE-2021-31525 1923 | CVE-2021-3153 1924 | CVE-2021-31530 1925 | CVE-2021-31531 1926 | CVE-2021-31532 1927 | CVE-2021-31535 1928 | CVE-2021-31537 1929 | CVE-2021-31538 1930 | CVE-2021-31539 1931 | CVE-2021-3154 1932 | CVE-2021-31540 1933 | CVE-2021-31542 1934 | CVE-2021-31545 1935 | CVE-2021-31546 1936 | CVE-2021-31547 1937 | CVE-2021-31548 1938 | CVE-2021-31549 1939 | CVE-2021-31550 1940 | CVE-2021-31551 1941 | CVE-2021-31552 1942 | CVE-2021-31553 1943 | CVE-2021-31554 1944 | CVE-2021-31555 1945 | CVE-2021-31556 1946 | CVE-2021-3156 1947 | CVE-2021-31571 1948 | CVE-2021-31572 1949 | CVE-2021-31583 1950 | CVE-2021-31584 1951 | CVE-2021-31585 1952 | CVE-2021-31586 1953 | CVE-2021-3159 1954 | CVE-2021-31590 1955 | CVE-2021-31597 1956 | CVE-2021-31598 1957 | CVE-2021-3160 1958 | CVE-2021-31604 1959 | CVE-2021-31605 1960 | CVE-2021-31606 1961 | CVE-2021-31607 1962 | CVE-2021-31609 1963 | CVE-2021-31610 1964 | CVE-2021-31611 1965 | CVE-2021-31612 1966 | CVE-2021-31613 1967 | CVE-2021-31615 1968 | CVE-2021-31616 1969 | CVE-2021-3162 1970 | CVE-2021-31624 1971 | CVE-2021-31627 1972 | CVE-2021-3163 1973 | CVE-2021-31630 1974 | CVE-2021-3164 1975 | CVE-2021-31641 1976 | CVE-2021-31642 1977 | CVE-2021-31643 1978 | CVE-2021-31646 1979 | CVE-2021-31649 1980 | CVE-2021-3165 1981 | CVE-2021-31655 1982 | CVE-2021-31658 1983 | CVE-2021-31659 1984 | CVE-2021-3166 1985 | CVE-2021-31660 1986 | CVE-2021-31661 1987 | CVE-2021-31662 1988 | CVE-2021-31663 1989 | CVE-2021-31664 1990 | CVE-2021-3167 1991 | CVE-2021-31671 1992 | CVE-2021-31682 1993 | CVE-2021-31684 1994 | CVE-2021-3169 1995 | CVE-2021-31698 1996 | CVE-2021-31701 1997 | CVE-2021-31702 1998 | CVE-2021-31703 1999 | CVE-2021-31712 2000 | CVE-2021-31718 2001 | CVE-2021-31721 2002 | CVE-2021-31726 2003 | CVE-2021-31727 2004 | CVE-2021-31728 2005 | CVE-2021-31731 2006 | CVE-2021-31737 2007 | CVE-2021-31738 2008 | CVE-2021-31755 2009 | CVE-2021-31756 2010 | CVE-2021-31757 2011 | CVE-2021-31758 2012 | CVE-2021-3176 2013 | CVE-2021-31760 2014 | CVE-2021-31761 2015 | CVE-2021-31762 2016 | CVE-2021-31769 2017 | CVE-2021-3177 2018 | CVE-2021-31771 2019 | CVE-2021-31776 2020 | CVE-2021-31777 2021 | CVE-2021-31778 2022 | CVE-2021-31779 2023 | CVE-2021-3178 2024 | CVE-2021-31780 2025 | CVE-2021-31783 2026 | CVE-2021-31784 2027 | CVE-2021-31785 2028 | CVE-2021-31786 2029 | CVE-2021-31791 2030 | CVE-2021-31792 2031 | CVE-2021-31793 2032 | CVE-2021-31794 2033 | CVE-2021-31795 2034 | CVE-2021-31796 2035 | CVE-2021-31797 2036 | CVE-2021-31798 2037 | CVE-2021-31799 2038 | CVE-2021-31800 2039 | CVE-2021-31802 2040 | CVE-2021-31803 2041 | CVE-2021-31804 2042 | CVE-2021-31806 2043 | CVE-2021-31807 2044 | CVE-2021-31808 2045 | CVE-2021-3181 2046 | CVE-2021-31810 2047 | CVE-2021-31813 2048 | CVE-2021-31815 2049 | CVE-2021-3182 2050 | CVE-2021-31826 2051 | CVE-2021-31827 2052 | CVE-2021-31828 2053 | CVE-2021-31829 2054 | CVE-2021-3183 2055 | CVE-2021-3184 2056 | CVE-2021-31855 2057 | CVE-2021-31856 2058 | CVE-2021-31857 2059 | CVE-2021-31859 2060 | CVE-2021-3186 2061 | CVE-2021-31862 2062 | CVE-2021-31863 2063 | CVE-2021-31864 2064 | CVE-2021-31865 2065 | CVE-2021-31866 2066 | CVE-2021-31870 2067 | CVE-2021-31871 2068 | CVE-2021-31872 2069 | CVE-2021-31873 2070 | CVE-2021-31874 2071 | CVE-2021-31875 2072 | CVE-2021-31876 2073 | CVE-2021-31878 2074 | CVE-2021-31879 2075 | CVE-2021-3188 2076 | CVE-2021-3189 2077 | CVE-2021-31897 2078 | CVE-2021-31898 2079 | CVE-2021-31899 2080 | CVE-2021-3190 2081 | CVE-2021-31900 2082 | CVE-2021-31901 2083 | CVE-2021-31902 2084 | CVE-2021-31903 2085 | CVE-2021-31904 2086 | CVE-2021-31905 2087 | CVE-2021-31906 2088 | CVE-2021-31907 2089 | CVE-2021-31908 2090 | CVE-2021-31909 2091 | CVE-2021-3191 2092 | CVE-2021-31910 2093 | CVE-2021-31911 2094 | CVE-2021-31912 2095 | CVE-2021-31913 2096 | CVE-2021-31914 2097 | CVE-2021-31915 2098 | CVE-2021-31919 2099 | CVE-2021-31920 2100 | CVE-2021-31921 2101 | CVE-2021-31922 2102 | CVE-2021-31924 2103 | CVE-2021-31925 2104 | CVE-2021-31926 2105 | CVE-2021-31927 2106 | CVE-2021-31928 2107 | CVE-2021-31929 2108 | CVE-2021-3193 2109 | CVE-2021-31930 2110 | CVE-2021-31933 2111 | CVE-2021-31934 2112 | CVE-2021-31935 2113 | CVE-2021-31936 2114 | CVE-2021-31938 2115 | CVE-2021-31942 2116 | CVE-2021-31943 2117 | CVE-2021-31944 2118 | CVE-2021-31945 2119 | CVE-2021-31946 2120 | CVE-2021-31947 2121 | CVE-2021-3195 2122 | CVE-2021-3196 2123 | CVE-2021-31960 2124 | CVE-2021-31967 2125 | CVE-2021-3197 2126 | CVE-2021-31978 2127 | CVE-2021-31980 2128 | CVE-2021-31983 2129 | CVE-2021-31984 2130 | CVE-2021-31985 2131 | CVE-2021-3199 2132 | CVE-2021-31996 2133 | CVE-2021-3200 2134 | CVE-2021-32012 2135 | CVE-2021-32013 2136 | CVE-2021-32014 2137 | CVE-2021-32015 2138 | CVE-2021-32016 2139 | CVE-2021-32017 2140 | CVE-2021-32018 2141 | CVE-2021-32019 2142 | CVE-2021-32020 2143 | CVE-2021-32030 2144 | CVE-2021-32032 2145 | CVE-2021-32033 2146 | CVE-2021-3204 2147 | CVE-2021-32051 2148 | CVE-2021-32052 2149 | CVE-2021-32053 2150 | CVE-2021-32054 2151 | CVE-2021-32055 2152 | CVE-2021-32056 2153 | CVE-2021-32062 2154 | CVE-2021-32066 2155 | CVE-2021-32067 2156 | CVE-2021-32068 2157 | CVE-2021-32069 2158 | CVE-2021-32070 2159 | CVE-2021-32071 2160 | CVE-2021-32072 2161 | CVE-2021-32073 2162 | CVE-2021-32074 2163 | CVE-2021-32075 2164 | CVE-2021-32077 2165 | CVE-2021-32078 2166 | CVE-2021-32089 2167 | CVE-2021-32090 2168 | CVE-2021-32091 2169 | CVE-2021-32092 2170 | CVE-2021-32093 2171 | CVE-2021-32094 2172 | CVE-2021-32095 2173 | CVE-2021-32096 2174 | CVE-2021-32098 2175 | CVE-2021-32099 2176 | CVE-2021-3210 2177 | CVE-2021-32100 2178 | CVE-2021-32101 2179 | CVE-2021-32102 2180 | CVE-2021-32103 2181 | CVE-2021-32104 2182 | CVE-2021-32106 2183 | CVE-2021-32122 2184 | CVE-2021-32132 2185 | CVE-2021-32134 2186 | CVE-2021-32135 2187 | CVE-2021-32136 2188 | CVE-2021-32137 2189 | CVE-2021-32138 2190 | CVE-2021-32139 2191 | CVE-2021-32172 2192 | CVE-2021-32198 2193 | CVE-2021-32202 2194 | CVE-2021-3223 2195 | CVE-2021-32233 2196 | CVE-2021-32234 2197 | CVE-2021-32238 2198 | CVE-2021-3224 2199 | CVE-2021-32243 2200 | CVE-2021-32244 2201 | CVE-2021-32245 2202 | CVE-2021-32263 2203 | CVE-2021-32265 2204 | CVE-2021-32268 2205 | CVE-2021-32269 2206 | CVE-2021-32270 2207 | CVE-2021-32271 2208 | CVE-2021-32272 2209 | CVE-2021-32273 2210 | CVE-2021-32274 2211 | CVE-2021-32275 2212 | CVE-2021-32276 2213 | CVE-2021-32277 2214 | CVE-2021-32278 2215 | CVE-2021-32280 2216 | CVE-2021-32281 2217 | CVE-2021-32282 2218 | CVE-2021-32283 2219 | CVE-2021-32284 2220 | CVE-2021-32285 2221 | CVE-2021-32286 2222 | CVE-2021-32287 2223 | CVE-2021-32288 2224 | CVE-2021-32289 2225 | CVE-2021-3229 2226 | CVE-2021-32294 2227 | CVE-2021-32297 2228 | CVE-2021-32298 2229 | CVE-2021-32299 2230 | CVE-2021-32305 2231 | CVE-2021-3239 2232 | CVE-2021-32399 2233 | CVE-2021-32402 2234 | CVE-2021-32403 2235 | CVE-2021-32424 2236 | CVE-2021-32426 2237 | CVE-2021-3243 2238 | CVE-2021-32437 2239 | CVE-2021-32438 2240 | CVE-2021-32439 2241 | CVE-2021-32440 2242 | CVE-2021-3246 2243 | CVE-2021-32470 2244 | CVE-2021-32471 2245 | CVE-2021-32484 2246 | CVE-2021-32485 2247 | CVE-2021-32486 2248 | CVE-2021-32487 2249 | CVE-2021-32489 2250 | CVE-2021-3252 2251 | CVE-2021-32558 2252 | CVE-2021-32559 2253 | CVE-2021-3256 2254 | CVE-2021-32560 2255 | CVE-2021-32561 2256 | CVE-2021-32563 2257 | CVE-2021-32569 2258 | CVE-2021-32571 2259 | CVE-2021-32572 2260 | CVE-2021-32573 2261 | CVE-2021-32574 2262 | CVE-2021-32575 2263 | CVE-2021-32576 2264 | CVE-2021-32577 2265 | CVE-2021-32578 2266 | CVE-2021-32579 2267 | CVE-2021-3258 2268 | CVE-2021-32580 2269 | CVE-2021-32581 2270 | CVE-2021-32582 2271 | CVE-2021-32604 2272 | CVE-2021-32605 2273 | CVE-2021-32606 2274 | CVE-2021-32607 2275 | CVE-2021-32608 2276 | CVE-2021-32610 2277 | CVE-2021-32611 2278 | CVE-2021-32612 2279 | CVE-2021-32615 2280 | CVE-2021-3264 2281 | CVE-2021-3271 2282 | CVE-2021-3272 2283 | CVE-2021-3273 2284 | CVE-2021-3275 2285 | CVE-2021-3277 2286 | CVE-2021-3278 2287 | CVE-2021-3279 2288 | CVE-2021-3281 2289 | CVE-2021-3282 2290 | CVE-2021-3283 2291 | CVE-2021-3285 2292 | CVE-2021-3286 2293 | CVE-2021-3287 2294 | CVE-2021-3291 2295 | CVE-2021-32917 2296 | CVE-2021-32918 2297 | CVE-2021-32919 2298 | CVE-2021-32920 2299 | CVE-2021-32921 2300 | CVE-2021-32923 2301 | CVE-2021-32924 2302 | CVE-2021-32925 2303 | CVE-2021-3293 2304 | CVE-2021-3294 2305 | CVE-2021-3297 2306 | CVE-2021-3298 2307 | CVE-2021-33026 2308 | CVE-2021-33027 2309 | CVE-2021-33031 2310 | CVE-2021-33032 2311 | CVE-2021-33033 2312 | CVE-2021-33034 2313 | CVE-2021-33038 2314 | CVE-2021-3304 2315 | CVE-2021-33041 2316 | CVE-2021-33054 2317 | CVE-2021-33055 2318 | CVE-2021-33056 2319 | CVE-2021-3308 2320 | CVE-2021-3309 2321 | CVE-2021-3310 2322 | CVE-2021-3311 2323 | CVE-2021-3312 2324 | CVE-2021-3313 2325 | CVE-2021-3314 2326 | CVE-2021-3315 2327 | CVE-2021-3317 2328 | CVE-2021-3318 2329 | CVE-2021-33185 2330 | CVE-2021-33186 2331 | CVE-2021-33194 2332 | CVE-2021-33195 2333 | CVE-2021-33196 2334 | CVE-2021-33197 2335 | CVE-2021-33198 2336 | CVE-2021-33199 2337 | CVE-2021-33200 2338 | CVE-2021-33203 2339 | CVE-2021-33204 2340 | CVE-2021-33205 2341 | CVE-2021-33211 2342 | CVE-2021-33212 2343 | CVE-2021-33213 2344 | CVE-2021-33214 2345 | CVE-2021-33215 2346 | CVE-2021-33216 2347 | CVE-2021-33217 2348 | CVE-2021-33218 2349 | CVE-2021-33219 2350 | CVE-2021-33220 2351 | CVE-2021-33221 2352 | CVE-2021-3325 2353 | CVE-2021-33256 2354 | CVE-2021-3326 2355 | CVE-2021-3327 2356 | CVE-2021-3328 2357 | CVE-2021-33285 2358 | CVE-2021-33286 2359 | CVE-2021-33287 2360 | CVE-2021-33289 2361 | CVE-2021-3331 2362 | CVE-2021-3332 2363 | CVE-2021-33320 2364 | CVE-2021-33321 2365 | CVE-2021-33322 2366 | CVE-2021-33323 2367 | CVE-2021-33324 2368 | CVE-2021-33325 2369 | CVE-2021-33326 2370 | CVE-2021-33327 2371 | CVE-2021-33328 2372 | CVE-2021-3333 2373 | CVE-2021-33330 2374 | CVE-2021-33331 2375 | CVE-2021-33332 2376 | CVE-2021-33333 2377 | CVE-2021-33334 2378 | CVE-2021-33335 2379 | CVE-2021-33336 2380 | CVE-2021-33337 2381 | CVE-2021-33338 2382 | CVE-2021-33339 2383 | CVE-2021-33346 2384 | CVE-2021-33347 2385 | CVE-2021-33348 2386 | CVE-2021-33356 2387 | CVE-2021-33357 2388 | CVE-2021-33358 2389 | CVE-2021-33359 2390 | CVE-2021-3336 2391 | CVE-2021-33361 2392 | CVE-2021-33362 2393 | CVE-2021-33363 2394 | CVE-2021-33364 2395 | CVE-2021-33365 2396 | CVE-2021-33366 2397 | CVE-2021-3337 2398 | CVE-2021-3339 2399 | CVE-2021-33393 2400 | CVE-2021-33394 2401 | CVE-2021-3340 2402 | CVE-2021-33403 2403 | CVE-2021-33408 2404 | CVE-2021-3341 2405 | CVE-2021-3342 2406 | CVE-2021-33425 2407 | CVE-2021-3345 2408 | CVE-2021-3346 2409 | CVE-2021-33469 2410 | CVE-2021-3347 2411 | CVE-2021-33470 2412 | CVE-2021-33477 2413 | CVE-2021-33478 2414 | CVE-2021-3348 2415 | CVE-2021-33483 2416 | CVE-2021-33484 2417 | CVE-2021-33485 2418 | CVE-2021-33486 2419 | CVE-2021-3349 2420 | CVE-2021-33496 2421 | CVE-2021-33497 2422 | CVE-2021-3350 2423 | CVE-2021-33500 2424 | CVE-2021-33501 2425 | CVE-2021-33502 2426 | CVE-2021-33503 2427 | CVE-2021-33505 2428 | CVE-2021-33506 2429 | CVE-2021-33507 2430 | CVE-2021-33508 2431 | CVE-2021-33509 2432 | CVE-2021-3351 2433 | CVE-2021-33510 2434 | CVE-2021-33511 2435 | CVE-2021-33512 2436 | CVE-2021-33513 2437 | CVE-2021-33514 2438 | CVE-2021-33515 2439 | CVE-2021-33516 2440 | CVE-2021-3352 2441 | CVE-2021-33525 2442 | CVE-2021-3355 2443 | CVE-2021-33557 2444 | CVE-2021-33558 2445 | CVE-2021-33560 2446 | CVE-2021-33561 2447 | CVE-2021-33562 2448 | CVE-2021-33563 2449 | CVE-2021-33564 2450 | CVE-2021-33570 2451 | CVE-2021-33571 2452 | CVE-2021-33574 2453 | CVE-2021-33575 2454 | CVE-2021-33576 2455 | CVE-2021-33577 2456 | CVE-2021-33578 2457 | CVE-2021-33582 2458 | CVE-2021-33583 2459 | CVE-2021-33586 2460 | CVE-2021-33587 2461 | CVE-2021-33590 2462 | CVE-2021-33617 2463 | CVE-2021-33618 2464 | CVE-2021-33620 2465 | CVE-2021-33622 2466 | CVE-2021-33623 2467 | CVE-2021-33624 2468 | CVE-2021-33626 2469 | CVE-2021-33629 2470 | CVE-2021-33739 2471 | CVE-2021-3374 2472 | CVE-2021-33741 2473 | CVE-2021-3375 2474 | CVE-2021-33753 2475 | CVE-2021-33760 2476 | CVE-2021-33762 2477 | CVE-2021-33767 2478 | CVE-2021-33768 2479 | CVE-2021-3377 2480 | CVE-2021-33772 2481 | CVE-2021-33775 2482 | CVE-2021-33776 2483 | CVE-2021-33777 2484 | CVE-2021-33778 2485 | CVE-2021-3378 2486 | CVE-2021-33790 2487 | CVE-2021-33792 2488 | CVE-2021-33793 2489 | CVE-2021-33794 2490 | CVE-2021-33795 2491 | CVE-2021-3380 2492 | CVE-2021-33806 2493 | CVE-2021-33807 2494 | CVE-2021-33813 2495 | CVE-2021-33815 2496 | CVE-2021-33816 2497 | CVE-2021-33818 2498 | CVE-2021-3382 2499 | CVE-2021-33820 2500 | CVE-2021-33822 2501 | CVE-2021-33823 2502 | CVE-2021-33824 2503 | CVE-2021-33829 2504 | CVE-2021-33831 2505 | CVE-2021-33833 2506 | CVE-2021-33838 2507 | CVE-2021-33839 2508 | CVE-2021-3384 2509 | CVE-2021-33840 2510 | CVE-2021-33879 2511 | CVE-2021-33880 2512 | CVE-2021-33881 2513 | CVE-2021-33882 2514 | CVE-2021-33883 2515 | CVE-2021-33884 2516 | CVE-2021-33885 2517 | CVE-2021-33886 2518 | CVE-2021-33887 2519 | CVE-2021-33889 2520 | CVE-2021-33894 2521 | CVE-2021-33895 2522 | CVE-2021-33896 2523 | CVE-2021-33898 2524 | CVE-2021-33903 2525 | CVE-2021-33904 2526 | CVE-2021-33909 2527 | CVE-2021-3391 2528 | CVE-2021-33910 2529 | CVE-2021-33911 2530 | CVE-2021-33923 2531 | CVE-2021-33924 2532 | CVE-2021-33928 2533 | CVE-2021-33929 2534 | CVE-2021-33930 2535 | CVE-2021-33938 2536 | CVE-2021-3394 2537 | CVE-2021-3395 2538 | CVE-2021-3396 2539 | CVE-2021-33981 2540 | CVE-2021-33982 2541 | CVE-2021-33988 2542 | CVE-2021-3401 2543 | CVE-2021-34066 2544 | CVE-2021-34067 2545 | CVE-2021-34068 2546 | CVE-2021-34069 2547 | CVE-2021-34070 2548 | CVE-2021-34071 2549 | CVE-2021-34074 2550 | CVE-2021-34075 2551 | CVE-2021-34110 2552 | CVE-2021-34128 2553 | CVE-2021-34129 2554 | CVE-2021-34143 2555 | CVE-2021-34144 2556 | CVE-2021-34145 2557 | CVE-2021-34146 2558 | CVE-2021-34147 2559 | CVE-2021-34148 2560 | CVE-2021-34149 2561 | CVE-2021-34150 2562 | CVE-2021-34165 2563 | CVE-2021-34166 2564 | CVE-2021-34170 2565 | CVE-2021-34173 2566 | CVE-2021-34174 2567 | CVE-2021-34183 2568 | CVE-2021-34184 2569 | CVE-2021-34185 2570 | CVE-2021-34187 2571 | CVE-2021-34190 2572 | CVE-2021-34201 2573 | CVE-2021-34202 2574 | CVE-2021-34203 2575 | CVE-2021-34204 2576 | CVE-2021-34207 2577 | CVE-2021-34215 2578 | CVE-2021-34218 2579 | CVE-2021-34220 2580 | CVE-2021-34223 2581 | CVE-2021-34228 2582 | CVE-2021-34243 2583 | CVE-2021-34244 2584 | CVE-2021-34254 2585 | CVE-2021-34259 2586 | CVE-2021-34260 2587 | CVE-2021-34261 2588 | CVE-2021-34262 2589 | CVE-2021-34267 2590 | CVE-2021-34268 2591 | CVE-2021-34270 2592 | CVE-2021-34272 2593 | CVE-2021-34273 2594 | CVE-2021-34280 2595 | CVE-2021-34363 2596 | CVE-2021-34364 2597 | CVE-2021-34369 2598 | CVE-2021-34370 2599 | CVE-2021-34371 2600 | CVE-2021-34451 2601 | CVE-2021-34453 2602 | CVE-2021-34461 2603 | CVE-2021-34464 2604 | CVE-2021-34471 2605 | CVE-2021-34474 2606 | CVE-2021-34477 2607 | CVE-2021-34479 2608 | CVE-2021-34481 2609 | CVE-2021-34513 2610 | CVE-2021-34521 2611 | CVE-2021-34522 2612 | CVE-2021-34528 2613 | CVE-2021-34529 2614 | CVE-2021-34539 2615 | CVE-2021-34540 2616 | CVE-2021-34546 2617 | CVE-2021-34547 2618 | CVE-2021-34548 2619 | CVE-2021-34549 2620 | CVE-2021-34550 2621 | CVE-2021-34551 2622 | CVE-2021-34552 2623 | CVE-2021-34553 2624 | CVE-2021-34555 2625 | CVE-2021-34556 2626 | CVE-2021-34557 2627 | CVE-2021-34558 2628 | CVE-2021-34675 2629 | CVE-2021-34676 2630 | CVE-2021-34679 2631 | CVE-2021-34682 2632 | CVE-2021-34683 2633 | CVE-2021-34687 2634 | CVE-2021-34688 2635 | CVE-2021-34689 2636 | CVE-2021-34690 2637 | CVE-2021-34691 2638 | CVE-2021-34692 2639 | CVE-2021-34693 2640 | CVE-2021-34696 2641 | CVE-2021-34697 2642 | CVE-2021-34698 2643 | CVE-2021-34699 2644 | CVE-2021-34700 2645 | CVE-2021-34702 2646 | CVE-2021-34703 2647 | CVE-2021-34705 2648 | CVE-2021-34706 2649 | CVE-2021-34707 2650 | CVE-2021-34708 2651 | CVE-2021-34709 2652 | CVE-2021-34710 2653 | CVE-2021-34711 2654 | CVE-2021-34712 2655 | CVE-2021-34713 2656 | CVE-2021-34714 2657 | CVE-2021-34715 2658 | CVE-2021-34716 2659 | CVE-2021-34718 2660 | CVE-2021-34719 2661 | CVE-2021-34720 2662 | CVE-2021-34721 2663 | CVE-2021-34722 2664 | CVE-2021-34723 2665 | CVE-2021-34724 2666 | CVE-2021-34725 2667 | CVE-2021-34726 2668 | CVE-2021-34727 2669 | CVE-2021-34728 2670 | CVE-2021-34729 2671 | CVE-2021-34730 2672 | CVE-2021-34732 2673 | CVE-2021-34733 2674 | CVE-2021-34734 2675 | CVE-2021-34735 2676 | CVE-2021-34736 2677 | CVE-2021-34737 2678 | CVE-2021-34738 2679 | CVE-2021-34740 2680 | CVE-2021-34742 2681 | CVE-2021-34743 2682 | CVE-2021-34744 2683 | CVE-2021-34746 2684 | CVE-2021-34748 2685 | CVE-2021-34749 2686 | CVE-2021-34754 2687 | CVE-2021-34755 2688 | CVE-2021-34756 2689 | CVE-2021-34757 2690 | CVE-2021-34758 2691 | CVE-2021-34759 2692 | CVE-2021-34760 2693 | CVE-2021-34761 2694 | CVE-2021-34762 2695 | CVE-2021-34763 2696 | CVE-2021-34764 2697 | CVE-2021-34765 2698 | CVE-2021-34766 2699 | CVE-2021-34767 2700 | CVE-2021-34768 2701 | CVE-2021-34769 2702 | CVE-2021-34770 2703 | CVE-2021-34771 2704 | CVE-2021-34772 2705 | CVE-2021-34775 2706 | CVE-2021-34776 2707 | CVE-2021-34777 2708 | CVE-2021-34778 2709 | CVE-2021-34779 2710 | CVE-2021-34780 2711 | CVE-2021-34781 2712 | CVE-2021-34782 2713 | CVE-2021-34783 2714 | CVE-2021-34785 2715 | CVE-2021-34786 2716 | CVE-2021-34787 2717 | CVE-2021-34788 2718 | CVE-2021-34789 2719 | CVE-2021-34790 2720 | CVE-2021-34791 2721 | CVE-2021-34792 2722 | CVE-2021-34793 2723 | CVE-2021-34794 2724 | CVE-2021-34801 2725 | CVE-2021-34802 2726 | CVE-2021-34803 2727 | CVE-2021-34807 2728 | CVE-2021-34813 2729 | CVE-2021-34814 2730 | CVE-2021-34815 2731 | CVE-2021-34816 2732 | CVE-2021-34817 2733 | CVE-2021-34820 2734 | CVE-2021-34821 2735 | CVE-2021-34823 2736 | CVE-2021-34824 2737 | CVE-2021-34825 2738 | CVE-2021-35037 2739 | CVE-2021-35039 2740 | CVE-2021-35041 2741 | CVE-2021-35042 2742 | CVE-2021-35043 2743 | CVE-2021-35045 2744 | CVE-2021-35046 2745 | CVE-2021-35054 2746 | CVE-2021-35056 2747 | CVE-2021-35059 2748 | CVE-2021-35060 2749 | CVE-2021-35061 2750 | CVE-2021-35062 2751 | CVE-2021-35063 2752 | CVE-2021-35064 2753 | CVE-2021-35066 2754 | CVE-2021-35067 2755 | CVE-2021-35193 2756 | CVE-2021-35196 2757 | CVE-2021-35197 2758 | CVE-2021-35198 2759 | CVE-2021-35199 2760 | CVE-2021-35200 2761 | CVE-2021-35201 2762 | CVE-2021-35202 2763 | CVE-2021-35203 2764 | CVE-2021-35204 2765 | CVE-2021-35205 2766 | CVE-2021-35206 2767 | CVE-2021-35207 2768 | CVE-2021-35208 2769 | CVE-2021-35209 2770 | CVE-2021-35210 2771 | CVE-2021-35265 2772 | CVE-2021-35266 2773 | CVE-2021-35267 2774 | CVE-2021-35268 2775 | CVE-2021-35269 2776 | CVE-2021-35296 2777 | CVE-2021-35297 2778 | CVE-2021-35298 2779 | CVE-2021-35299 2780 | CVE-2021-35300 2781 | CVE-2021-35301 2782 | CVE-2021-35302 2783 | CVE-2021-35303 2784 | CVE-2021-35306 2785 | CVE-2021-35307 2786 | CVE-2021-35312 2787 | CVE-2021-35323 2788 | CVE-2021-35324 2789 | CVE-2021-35325 2790 | CVE-2021-35326 2791 | CVE-2021-35327 2792 | CVE-2021-35331 2793 | CVE-2021-35336 2794 | CVE-2021-35337 2795 | CVE-2021-35342 2796 | CVE-2021-35343 2797 | CVE-2021-35358 2798 | CVE-2021-35360 2799 | CVE-2021-35361 2800 | CVE-2021-35392 2801 | CVE-2021-35393 2802 | CVE-2021-35394 2803 | CVE-2021-35395 2804 | CVE-2021-35397 2805 | CVE-2021-35438 2806 | CVE-2021-35440 2807 | CVE-2021-35448 2808 | CVE-2021-35449 2809 | CVE-2021-35450 2810 | CVE-2021-35451 2811 | CVE-2021-35456 2812 | CVE-2021-35458 2813 | CVE-2021-35463 2814 | CVE-2021-35464 2815 | CVE-2021-35465 2816 | CVE-2021-35469 2817 | CVE-2021-35472 2818 | CVE-2021-35475 2819 | CVE-2021-35477 2820 | CVE-2021-35478 2821 | CVE-2021-35479 2822 | CVE-2021-35482 2823 | CVE-2021-35491 2824 | CVE-2021-35492 2825 | CVE-2021-35501 2826 | CVE-2021-35502 2827 | CVE-2021-35503 2828 | CVE-2021-35504 2829 | CVE-2021-35505 2830 | CVE-2021-35506 2831 | CVE-2021-35508 2832 | CVE-2021-35512 2833 | CVE-2021-35513 2834 | CVE-2021-35514 2835 | CVE-2021-35520 2836 | CVE-2021-35521 2837 | CVE-2021-35522 2838 | CVE-2021-35523 2839 | CVE-2021-35525 2840 | CVE-2021-35941 2841 | CVE-2021-35942 2842 | CVE-2021-35943 2843 | CVE-2021-35944 2844 | CVE-2021-35945 2845 | CVE-2021-35946 2846 | CVE-2021-35947 2847 | CVE-2021-35948 2848 | CVE-2021-35949 2849 | CVE-2021-35955 2850 | CVE-2021-35956 2851 | CVE-2021-35957 2852 | CVE-2021-35958 2853 | CVE-2021-35959 2854 | CVE-2021-35970 2855 | CVE-2021-35971 2856 | CVE-2021-35973 2857 | CVE-2021-35976 2858 | CVE-2021-35977 2859 | CVE-2021-35979 2860 | CVE-2021-36080 2861 | CVE-2021-36081 2862 | CVE-2021-36082 2863 | CVE-2021-36083 2864 | CVE-2021-36084 2865 | CVE-2021-36085 2866 | CVE-2021-36086 2867 | CVE-2021-36087 2868 | CVE-2021-36088 2869 | CVE-2021-36089 2870 | CVE-2021-36121 2871 | CVE-2021-36122 2872 | CVE-2021-36123 2873 | CVE-2021-36124 2874 | CVE-2021-36125 2875 | CVE-2021-36126 2876 | CVE-2021-36127 2877 | CVE-2021-36128 2878 | CVE-2021-36129 2879 | CVE-2021-36130 2880 | CVE-2021-36131 2881 | CVE-2021-36132 2882 | CVE-2021-36134 2883 | CVE-2021-36143 2884 | CVE-2021-36144 2885 | CVE-2021-36145 2886 | CVE-2021-36146 2887 | CVE-2021-36147 2888 | CVE-2021-36148 2889 | CVE-2021-36150 2890 | CVE-2021-36153 2891 | CVE-2021-36154 2892 | CVE-2021-36155 2893 | CVE-2021-36156 2894 | CVE-2021-36157 2895 | CVE-2021-36158 2896 | CVE-2021-36159 2897 | CVE-2021-36165 2898 | CVE-2021-36209 2899 | CVE-2021-36212 2900 | CVE-2021-36213 2901 | CVE-2021-36218 2902 | CVE-2021-36219 2903 | CVE-2021-36221 2904 | CVE-2021-36222 2905 | CVE-2021-36230 2906 | CVE-2021-36231 2907 | CVE-2021-36232 2908 | CVE-2021-36233 2909 | CVE-2021-36234 2910 | CVE-2021-36235 2911 | CVE-2021-36260 2912 | CVE-2021-36351 2913 | CVE-2021-36352 2914 | CVE-2021-36356 2915 | CVE-2021-36357 2916 | CVE-2021-36359 2917 | CVE-2021-36363 2918 | CVE-2021-36364 2919 | CVE-2021-36365 2920 | CVE-2021-36366 2921 | CVE-2021-36367 2922 | CVE-2021-36370 2923 | CVE-2021-36371 2924 | CVE-2021-36376 2925 | CVE-2021-36377 2926 | CVE-2021-36380 2927 | CVE-2021-36381 2928 | CVE-2021-36382 2929 | CVE-2021-36383 2930 | CVE-2021-36385 2931 | CVE-2021-36386 2932 | CVE-2021-36387 2933 | CVE-2021-36388 2934 | CVE-2021-36389 2935 | CVE-2021-36440 2936 | CVE-2021-36454 2937 | CVE-2021-36455 2938 | CVE-2021-36483 2939 | CVE-2021-36512 2940 | CVE-2021-36513 2941 | CVE-2021-36530 2942 | CVE-2021-36531 2943 | CVE-2021-36542 2944 | CVE-2021-36543 2945 | CVE-2021-36547 2946 | CVE-2021-36548 2947 | CVE-2021-36550 2948 | CVE-2021-36551 2949 | CVE-2021-36563 2950 | CVE-2021-36581 2951 | CVE-2021-36582 2952 | CVE-2021-36584 2953 | CVE-2021-36601 2954 | CVE-2021-36605 2955 | CVE-2021-36621 2956 | CVE-2021-36622 2957 | CVE-2021-36623 2958 | CVE-2021-36624 2959 | CVE-2021-36654 2960 | CVE-2021-36690 2961 | CVE-2021-36691 2962 | CVE-2021-36692 2963 | CVE-2021-36695 2964 | CVE-2021-36696 2965 | CVE-2021-36701 2966 | CVE-2021-36702 2967 | CVE-2021-36703 2968 | CVE-2021-36705 2969 | CVE-2021-36706 2970 | CVE-2021-36707 2971 | CVE-2021-36708 2972 | CVE-2021-36716 2973 | CVE-2021-36740 2974 | CVE-2021-36746 2975 | CVE-2021-36747 2976 | CVE-2021-36748 2977 | CVE-2021-36753 2978 | CVE-2021-36754 2979 | CVE-2021-36755 2980 | CVE-2021-36756 2981 | CVE-2021-36758 2982 | CVE-2021-36762 2983 | CVE-2021-36763 2984 | CVE-2021-36764 2985 | CVE-2021-36765 2986 | CVE-2021-36766 2987 | CVE-2021-36767 2988 | CVE-2021-36769 2989 | CVE-2021-36770 2990 | CVE-2021-36771 2991 | CVE-2021-36772 2992 | CVE-2021-36773 2993 | CVE-2021-36785 2994 | CVE-2021-36786 2995 | CVE-2021-36787 2996 | CVE-2021-36788 2997 | CVE-2021-36789 2998 | CVE-2021-36790 2999 | CVE-2021-36791 3000 | CVE-2021-36792 3001 | CVE-2021-36793 3002 | CVE-2021-36795 3003 | CVE-2021-36797 3004 | CVE-2021-36798 3005 | CVE-2021-36799 3006 | CVE-2021-36921 3007 | CVE-2021-36928 3008 | CVE-2021-36929 3009 | CVE-2021-36930 3010 | CVE-2021-36931 3011 | CVE-2021-36943 3012 | CVE-2021-36945 3013 | CVE-2021-36946 3014 | CVE-2021-36949 3015 | CVE-2021-36952 3016 | CVE-2021-36956 3017 | CVE-2021-36958 3018 | CVE-2021-36976 3019 | CVE-2021-36977 3020 | CVE-2021-36978 3021 | CVE-2021-36979 3022 | CVE-2021-36980 3023 | CVE-2021-36981 3024 | CVE-2021-36982 3025 | CVE-2021-36983 3026 | CVE-2021-37144 3027 | CVE-2021-37145 3028 | CVE-2021-37146 3029 | CVE-2021-37152 3030 | CVE-2021-37153 3031 | CVE-2021-37154 3032 | CVE-2021-37155 3033 | CVE-2021-37156 3034 | CVE-2021-37157 3035 | CVE-2021-37158 3036 | CVE-2021-37159 3037 | CVE-2021-37160 3038 | CVE-2021-37161 3039 | CVE-2021-37162 3040 | CVE-2021-37163 3041 | CVE-2021-37164 3042 | CVE-2021-37165 3043 | CVE-2021-37166 3044 | CVE-2021-37167 3045 | CVE-2021-37218 3046 | CVE-2021-37219 3047 | CVE-2021-37220 3048 | CVE-2021-37221 3049 | CVE-2021-37222 3050 | CVE-2021-37223 3051 | CVE-2021-37231 3052 | CVE-2021-37232 3053 | CVE-2021-37254 3054 | CVE-2021-37267 3055 | CVE-2021-37270 3056 | CVE-2021-37271 3057 | CVE-2021-37273 3058 | CVE-2021-37274 3059 | CVE-2021-37326 3060 | CVE-2021-37330 3061 | CVE-2021-37331 3062 | CVE-2021-37333 3063 | CVE-2021-37334 3064 | CVE-2021-37343 3065 | CVE-2021-37344 3066 | CVE-2021-37345 3067 | CVE-2021-37346 3068 | CVE-2021-37347 3069 | CVE-2021-37348 3070 | CVE-2021-37349 3071 | CVE-2021-37350 3072 | CVE-2021-37351 3073 | CVE-2021-37352 3074 | CVE-2021-37353 3075 | CVE-2021-37358 3076 | CVE-2021-37363 3077 | CVE-2021-37364 3078 | CVE-2021-37365 3079 | CVE-2021-37366 3080 | CVE-2021-37367 3081 | CVE-2021-37371 3082 | CVE-2021-37372 3083 | CVE-2021-37381 3084 | CVE-2021-37388 3085 | CVE-2021-37389 3086 | CVE-2021-37390 3087 | CVE-2021-37391 3088 | CVE-2021-37392 3089 | CVE-2021-37393 3090 | CVE-2021-37394 3091 | CVE-2021-37402 3092 | CVE-2021-37403 3093 | CVE-2021-37412 3094 | CVE-2021-37414 3095 | CVE-2021-37415 3096 | CVE-2021-37416 3097 | CVE-2021-37417 3098 | CVE-2021-37419 3099 | CVE-2021-37420 3100 | CVE-2021-37421 3101 | CVE-2021-37422 3102 | CVE-2021-37423 3103 | CVE-2021-37424 3104 | CVE-2021-37425 3105 | CVE-2021-37436 3106 | CVE-2021-37439 3107 | CVE-2021-37440 3108 | CVE-2021-37441 3109 | CVE-2021-37442 3110 | CVE-2021-37443 3111 | CVE-2021-37444 3112 | CVE-2021-37445 3113 | CVE-2021-37446 3114 | CVE-2021-37447 3115 | CVE-2021-37448 3116 | CVE-2021-37449 3117 | CVE-2021-37450 3118 | CVE-2021-37451 3119 | CVE-2021-37452 3120 | CVE-2021-37453 3121 | CVE-2021-37454 3122 | CVE-2021-37455 3123 | CVE-2021-37456 3124 | CVE-2021-37457 3125 | CVE-2021-37458 3126 | CVE-2021-37459 3127 | CVE-2021-37460 3128 | CVE-2021-37461 3129 | CVE-2021-37462 3130 | CVE-2021-37463 3131 | CVE-2021-37464 3132 | CVE-2021-37465 3133 | CVE-2021-37466 3134 | CVE-2021-37467 3135 | CVE-2021-37468 3136 | CVE-2021-37469 3137 | CVE-2021-37470 3138 | CVE-2021-37471 3139 | CVE-2021-37473 3140 | CVE-2021-37475 3141 | CVE-2021-37476 3142 | CVE-2021-37477 3143 | CVE-2021-37478 3144 | CVE-2021-37534 3145 | CVE-2021-37538 3146 | CVE-2021-37539 3147 | CVE-2021-37540 3148 | CVE-2021-37541 3149 | CVE-2021-37542 3150 | CVE-2021-37543 3151 | CVE-2021-37544 3152 | CVE-2021-37545 3153 | CVE-2021-37546 3154 | CVE-2021-37547 3155 | CVE-2021-37548 3156 | CVE-2021-37549 3157 | CVE-2021-37550 3158 | CVE-2021-37551 3159 | CVE-2021-37552 3160 | CVE-2021-37553 3161 | CVE-2021-37554 3162 | CVE-2021-37555 3163 | CVE-2021-37556 3164 | CVE-2021-37557 3165 | CVE-2021-37558 3166 | CVE-2021-37573 3167 | CVE-2021-37576 3168 | CVE-2021-37586 3169 | CVE-2021-37587 3170 | CVE-2021-37588 3171 | CVE-2021-37593 3172 | CVE-2021-37594 3173 | CVE-2021-37595 3174 | CVE-2021-37596 3175 | CVE-2021-37597 3176 | CVE-2021-37598 3177 | CVE-2021-37599 3178 | CVE-2021-37600 3179 | CVE-2021-37601 3180 | CVE-2021-37604 3181 | CVE-2021-37605 3182 | CVE-2021-37606 3183 | CVE-2021-37614 3184 | CVE-2021-37741 3185 | CVE-2021-37742 3186 | CVE-2021-37743 3187 | CVE-2021-37746 3188 | CVE-2021-37748 3189 | CVE-2021-37749 3190 | CVE-2021-37750 3191 | CVE-2021-37759 3192 | CVE-2021-37760 3193 | CVE-2021-37761 3194 | CVE-2021-37762 3195 | CVE-2021-37777 3196 | CVE-2021-37786 3197 | CVE-2021-37788 3198 | CVE-2021-37794 3199 | CVE-2021-37803 3200 | CVE-2021-37805 3201 | CVE-2021-37806 3202 | CVE-2021-37807 3203 | CVE-2021-37808 3204 | CVE-2021-37832 3205 | CVE-2021-37833 3206 | CVE-2021-37840 3207 | CVE-2021-37841 3208 | CVE-2021-37843 3209 | CVE-2021-37847 3210 | CVE-2021-37848 3211 | CVE-2021-37914 3212 | CVE-2021-37915 3213 | CVE-2021-37916 3214 | CVE-2021-37918 3215 | CVE-2021-37919 3216 | CVE-2021-37920 3217 | CVE-2021-37921 3218 | CVE-2021-37922 3219 | CVE-2021-37923 3220 | CVE-2021-37924 3221 | CVE-2021-37925 3222 | CVE-2021-37926 3223 | CVE-2021-37927 3224 | CVE-2021-37928 3225 | CVE-2021-37929 3226 | CVE-2021-37930 3227 | CVE-2021-37931 3228 | CVE-2021-37933 3229 | CVE-2021-38084 3230 | CVE-2021-38085 3231 | CVE-2021-38086 3232 | CVE-2021-38087 3233 | CVE-2021-38088 3234 | CVE-2021-38090 3235 | CVE-2021-38091 3236 | CVE-2021-38092 3237 | CVE-2021-38093 3238 | CVE-2021-38094 3239 | CVE-2021-38095 3240 | CVE-2021-38096 3241 | CVE-2021-38097 3242 | CVE-2021-38098 3243 | CVE-2021-38099 3244 | CVE-2021-38100 3245 | CVE-2021-38101 3246 | CVE-2021-38102 3247 | CVE-2021-38103 3248 | CVE-2021-38104 3249 | CVE-2021-38105 3250 | CVE-2021-38106 3251 | CVE-2021-38107 3252 | CVE-2021-38108 3253 | CVE-2021-38109 3254 | CVE-2021-38110 3255 | CVE-2021-38111 3256 | CVE-2021-38112 3257 | CVE-2021-38113 3258 | CVE-2021-38114 3259 | CVE-2021-38115 3260 | CVE-2021-38136 3261 | CVE-2021-38137 3262 | CVE-2021-38138 3263 | CVE-2021-38140 3264 | CVE-2021-38142 3265 | CVE-2021-38143 3266 | CVE-2021-38144 3267 | CVE-2021-38145 3268 | CVE-2021-38148 3269 | CVE-2021-38149 3270 | CVE-2021-38151 3271 | CVE-2021-38152 3272 | CVE-2021-38154 3273 | CVE-2021-38155 3274 | CVE-2021-38156 3275 | CVE-2021-38157 3276 | CVE-2021-38159 3277 | CVE-2021-38160 3278 | CVE-2021-38165 3279 | CVE-2021-38166 3280 | CVE-2021-38167 3281 | CVE-2021-38168 3282 | CVE-2021-38169 3283 | CVE-2021-38171 3284 | CVE-2021-38173 3285 | CVE-2021-38174 3286 | CVE-2021-38185 3287 | CVE-2021-38186 3288 | CVE-2021-38187 3289 | CVE-2021-38188 3290 | CVE-2021-38189 3291 | CVE-2021-38190 3292 | CVE-2021-38191 3293 | CVE-2021-38192 3294 | CVE-2021-38193 3295 | CVE-2021-38194 3296 | CVE-2021-38195 3297 | CVE-2021-38196 3298 | CVE-2021-38197 3299 | CVE-2021-38198 3300 | CVE-2021-38199 3301 | CVE-2021-38200 3302 | CVE-2021-38201 3303 | CVE-2021-38202 3304 | CVE-2021-38203 3305 | CVE-2021-38204 3306 | CVE-2021-38205 3307 | CVE-2021-38206 3308 | CVE-2021-38207 3309 | CVE-2021-38208 3310 | CVE-2021-38209 3311 | CVE-2021-38258 3312 | CVE-2021-38260 3313 | CVE-2021-38290 3314 | CVE-2021-38291 3315 | CVE-2021-38297 3316 | CVE-2021-38298 3317 | CVE-2021-38299 3318 | CVE-2021-38300 3319 | CVE-2021-38302 3320 | CVE-2021-38303 3321 | CVE-2021-38304 3322 | CVE-2021-38305 3323 | CVE-2021-38306 3324 | CVE-2021-38311 3325 | CVE-2021-38365 3326 | CVE-2021-38366 3327 | CVE-2021-38370 3328 | CVE-2021-38371 3329 | CVE-2021-38372 3330 | CVE-2021-38373 3331 | CVE-2021-38379 3332 | CVE-2021-38380 3333 | CVE-2021-38381 3334 | CVE-2021-38382 3335 | CVE-2021-38383 3336 | CVE-2021-38384 3337 | CVE-2021-38385 3338 | CVE-2021-38386 3339 | CVE-2021-38387 3340 | CVE-2021-38490 3341 | CVE-2021-38511 3342 | CVE-2021-38512 3343 | CVE-2021-38513 3344 | CVE-2021-38514 3345 | CVE-2021-38515 3346 | CVE-2021-38516 3347 | CVE-2021-38517 3348 | CVE-2021-38518 3349 | CVE-2021-38519 3350 | CVE-2021-38520 3351 | CVE-2021-38521 3352 | CVE-2021-38522 3353 | CVE-2021-38523 3354 | CVE-2021-38524 3355 | CVE-2021-38525 3356 | CVE-2021-38526 3357 | CVE-2021-38527 3358 | CVE-2021-38528 3359 | CVE-2021-38529 3360 | CVE-2021-38530 3361 | CVE-2021-38531 3362 | CVE-2021-38532 3363 | CVE-2021-38533 3364 | CVE-2021-38534 3365 | CVE-2021-38535 3366 | CVE-2021-38536 3367 | CVE-2021-38537 3368 | CVE-2021-38538 3369 | CVE-2021-38539 3370 | CVE-2021-38543 3371 | CVE-2021-38544 3372 | CVE-2021-38545 3373 | CVE-2021-38546 3374 | CVE-2021-38547 3375 | CVE-2021-38548 3376 | CVE-2021-38549 3377 | CVE-2021-38553 3378 | CVE-2021-38554 3379 | CVE-2021-38556 3380 | CVE-2021-38557 3381 | CVE-2021-38559 3382 | CVE-2021-38562 3383 | CVE-2021-38563 3384 | CVE-2021-38564 3385 | CVE-2021-38565 3386 | CVE-2021-38566 3387 | CVE-2021-38567 3388 | CVE-2021-38568 3389 | CVE-2021-38569 3390 | CVE-2021-38570 3391 | CVE-2021-38571 3392 | CVE-2021-38572 3393 | CVE-2021-38573 3394 | CVE-2021-38574 3395 | CVE-2021-38583 3396 | CVE-2021-38584 3397 | CVE-2021-38585 3398 | CVE-2021-38586 3399 | CVE-2021-38587 3400 | CVE-2021-38588 3401 | CVE-2021-38589 3402 | CVE-2021-38590 3403 | CVE-2021-38591 3404 | CVE-2021-38592 3405 | CVE-2021-38593 3406 | CVE-2021-38597 3407 | CVE-2021-38598 3408 | CVE-2021-38599 3409 | CVE-2021-38602 3410 | CVE-2021-38603 3411 | CVE-2021-38604 3412 | CVE-2021-38606 3413 | CVE-2021-38607 3414 | CVE-2021-38608 3415 | CVE-2021-38611 3416 | CVE-2021-38612 3417 | CVE-2021-38613 3418 | CVE-2021-38614 3419 | CVE-2021-38615 3420 | CVE-2021-38616 3421 | CVE-2021-38617 3422 | CVE-2021-38618 3423 | CVE-2021-38619 3424 | CVE-2021-38621 3425 | CVE-2021-38623 3426 | CVE-2021-38641 3427 | CVE-2021-38642 3428 | CVE-2021-38644 3429 | CVE-2021-38645 3430 | CVE-2021-38647 3431 | CVE-2021-38648 3432 | CVE-2021-38649 3433 | CVE-2021-38656 3434 | CVE-2021-38657 3435 | CVE-2021-38659 3436 | CVE-2021-38661 3437 | CVE-2021-38669 3438 | CVE-2021-38672 3439 | CVE-2021-38698 3440 | CVE-2021-38699 3441 | CVE-2021-38702 3442 | CVE-2021-38703 3443 | CVE-2021-38704 3444 | CVE-2021-38705 3445 | CVE-2021-38706 3446 | CVE-2021-38707 3447 | CVE-2021-38708 3448 | CVE-2021-38709 3449 | CVE-2021-38710 3450 | CVE-2021-38711 3451 | CVE-2021-38712 3452 | CVE-2021-38713 3453 | CVE-2021-38714 3454 | CVE-2021-38721 3455 | CVE-2021-38723 3456 | CVE-2021-38725 3457 | CVE-2021-38727 3458 | CVE-2021-38751 3459 | CVE-2021-38752 3460 | CVE-2021-38753 3461 | CVE-2021-38754 3462 | CVE-2021-38755 3463 | CVE-2021-38756 3464 | CVE-2021-38757 3465 | CVE-2021-38758 3466 | CVE-2021-38822 3467 | CVE-2021-38823 3468 | CVE-2021-38833 3469 | CVE-2021-38840 3470 | CVE-2021-38841 3471 | CVE-2021-39240 3472 | CVE-2021-39241 3473 | CVE-2021-39242 3474 | CVE-2021-39243 3475 | CVE-2021-39244 3476 | CVE-2021-39245 3477 | CVE-2021-39246 3478 | CVE-2021-39247 3479 | CVE-2021-39248 3480 | CVE-2021-39249 3481 | CVE-2021-39250 3482 | CVE-2021-39251 3483 | CVE-2021-39252 3484 | CVE-2021-39253 3485 | CVE-2021-39254 3486 | CVE-2021-39255 3487 | CVE-2021-39256 3488 | CVE-2021-39257 3489 | CVE-2021-39258 3490 | CVE-2021-39259 3491 | CVE-2021-39260 3492 | CVE-2021-39261 3493 | CVE-2021-39262 3494 | CVE-2021-39263 3495 | CVE-2021-39267 3496 | CVE-2021-39268 3497 | CVE-2021-39271 3498 | CVE-2021-39272 3499 | CVE-2021-39273 3500 | CVE-2021-39274 3501 | CVE-2021-39278 3502 | CVE-2021-39279 3503 | CVE-2021-39282 3504 | CVE-2021-39283 3505 | CVE-2021-39285 3506 | CVE-2021-39286 3507 | CVE-2021-39289 3508 | CVE-2021-39290 3509 | CVE-2021-39291 3510 | CVE-2021-39296 3511 | CVE-2021-39302 3512 | CVE-2021-39303 3513 | CVE-2021-39304 3514 | CVE-2021-39307 3515 | CVE-2021-39358 3516 | CVE-2021-39359 3517 | CVE-2021-39360 3518 | CVE-2021-39361 3519 | CVE-2021-39362 3520 | CVE-2021-39365 3521 | CVE-2021-39367 3522 | CVE-2021-39368 3523 | CVE-2021-39371 3524 | CVE-2021-39373 3525 | CVE-2021-39375 3526 | CVE-2021-39376 3527 | CVE-2021-39377 3528 | CVE-2021-39378 3529 | CVE-2021-39379 3530 | CVE-2021-39391 3531 | CVE-2021-39392 3532 | CVE-2021-39402 3533 | CVE-2021-39404 3534 | CVE-2021-39433 3535 | CVE-2021-39458 3536 | CVE-2021-39459 3537 | CVE-2021-39474 3538 | CVE-2021-39486 3539 | CVE-2021-39496 3540 | CVE-2021-39497 3541 | CVE-2021-39499 3542 | CVE-2021-39500 3543 | CVE-2021-39501 3544 | CVE-2021-39503 3545 | CVE-2021-39509 3546 | CVE-2021-39510 3547 | CVE-2021-39514 3548 | CVE-2021-39515 3549 | CVE-2021-39516 3550 | CVE-2021-39517 3551 | CVE-2021-39518 3552 | CVE-2021-39519 3553 | CVE-2021-39520 3554 | CVE-2021-39521 3555 | CVE-2021-39522 3556 | CVE-2021-39523 3557 | CVE-2021-39525 3558 | CVE-2021-39527 3559 | CVE-2021-39528 3560 | CVE-2021-39530 3561 | CVE-2021-39531 3562 | CVE-2021-39532 3563 | CVE-2021-39533 3564 | CVE-2021-39534 3565 | CVE-2021-39535 3566 | CVE-2021-39536 3567 | CVE-2021-39537 3568 | CVE-2021-39538 3569 | CVE-2021-39539 3570 | CVE-2021-39540 3571 | CVE-2021-39541 3572 | CVE-2021-39542 3573 | CVE-2021-39543 3574 | CVE-2021-39544 3575 | CVE-2021-39545 3576 | CVE-2021-39546 3577 | CVE-2021-39547 3578 | CVE-2021-39548 3579 | CVE-2021-39549 3580 | CVE-2021-39550 3581 | CVE-2021-39551 3582 | CVE-2021-39552 3583 | CVE-2021-39553 3584 | CVE-2021-39554 3585 | CVE-2021-39555 3586 | CVE-2021-39556 3587 | CVE-2021-39557 3588 | CVE-2021-39558 3589 | CVE-2021-39559 3590 | CVE-2021-39561 3591 | CVE-2021-39562 3592 | CVE-2021-39563 3593 | CVE-2021-39564 3594 | CVE-2021-39569 3595 | CVE-2021-39574 3596 | CVE-2021-39575 3597 | CVE-2021-39577 3598 | CVE-2021-39579 3599 | CVE-2021-39582 3600 | CVE-2021-39583 3601 | CVE-2021-39584 3602 | CVE-2021-39585 3603 | CVE-2021-39587 3604 | CVE-2021-39588 3605 | CVE-2021-39589 3606 | CVE-2021-39590 3607 | CVE-2021-39591 3608 | CVE-2021-39592 3609 | CVE-2021-39593 3610 | CVE-2021-39594 3611 | CVE-2021-39595 3612 | CVE-2021-39596 3613 | CVE-2021-39597 3614 | CVE-2021-39598 3615 | CVE-2021-39599 3616 | CVE-2021-39602 3617 | CVE-2021-39608 3618 | CVE-2021-39609 3619 | CVE-2021-39613 3620 | CVE-2021-39614 3621 | CVE-2021-39615 3622 | CVE-2021-40083 3623 | CVE-2021-40084 3624 | CVE-2021-40085 3625 | CVE-2021-40086 3626 | CVE-2021-40087 3627 | CVE-2021-40088 3628 | CVE-2021-40089 3629 | CVE-2021-40097 3630 | CVE-2021-40098 3631 | CVE-2021-40099 3632 | CVE-2021-40100 3633 | CVE-2021-40102 3634 | CVE-2021-40103 3635 | CVE-2021-40104 3636 | CVE-2021-40105 3637 | CVE-2021-40106 3638 | CVE-2021-40108 3639 | CVE-2021-40109 3640 | CVE-2021-40114 3641 | CVE-2021-40116 3642 | CVE-2021-40117 3643 | CVE-2021-40118 3644 | CVE-2021-40121 3645 | CVE-2021-40122 3646 | CVE-2021-40123 3647 | CVE-2021-40125 3648 | CVE-2021-40142 3649 | CVE-2021-40143 3650 | CVE-2021-40145 3651 | CVE-2021-40147 3652 | CVE-2021-40153 3653 | CVE-2021-40172 3654 | CVE-2021-40173 3655 | CVE-2021-40174 3656 | CVE-2021-40175 3657 | CVE-2021-40176 3658 | CVE-2021-40177 3659 | CVE-2021-40178 3660 | CVE-2021-40188 3661 | CVE-2021-40189 3662 | CVE-2021-40191 3663 | CVE-2021-40214 3664 | CVE-2021-40222 3665 | CVE-2021-40223 3666 | CVE-2021-40238 3667 | CVE-2021-40239 3668 | CVE-2021-40284 3669 | CVE-2021-40292 3670 | CVE-2021-40309 3671 | CVE-2021-40310 3672 | CVE-2021-40323 3673 | CVE-2021-40324 3674 | CVE-2021-40325 3675 | CVE-2021-40330 3676 | CVE-2021-40343 3677 | CVE-2021-40344 3678 | CVE-2021-40345 3679 | CVE-2021-40346 3680 | CVE-2021-40347 3681 | CVE-2021-40349 3682 | CVE-2021-40350 3683 | CVE-2021-40352 3684 | CVE-2021-40353 3685 | CVE-2021-40371 3686 | CVE-2021-40373 3687 | CVE-2021-40377 3688 | CVE-2021-40378 3689 | CVE-2021-40379 3690 | CVE-2021-40380 3691 | CVE-2021-40381 3692 | CVE-2021-40382 3693 | CVE-2021-40385 3694 | CVE-2021-40387 3695 | CVE-2021-40440 3696 | CVE-2021-40448 3697 | CVE-2021-40457 3698 | CVE-2021-40468 3699 | CVE-2021-40490 3700 | CVE-2021-40491 3701 | CVE-2021-40492 3702 | CVE-2021-40493 3703 | CVE-2021-40494 3704 | CVE-2021-40509 3705 | CVE-2021-40516 3706 | CVE-2021-40517 3707 | CVE-2021-40518 3708 | CVE-2021-40519 3709 | CVE-2021-40520 3710 | CVE-2021-40521 3711 | CVE-2021-40523 3712 | CVE-2021-40524 3713 | CVE-2021-40526 3714 | CVE-2021-40527 3715 | CVE-2021-40528 3716 | CVE-2021-40529 3717 | CVE-2021-40530 3718 | CVE-2021-40531 3719 | CVE-2021-40532 3720 | CVE-2021-40537 3721 | CVE-2021-40539 3722 | CVE-2021-40540 3723 | CVE-2021-40541 3724 | CVE-2021-40542 3725 | CVE-2021-40543 3726 | CVE-2021-40577 3727 | CVE-2021-40617 3728 | CVE-2021-40618 3729 | CVE-2021-40639 3730 | CVE-2021-40651 3731 | CVE-2021-40654 3732 | CVE-2021-40655 3733 | CVE-2021-40669 3734 | CVE-2021-40670 3735 | CVE-2021-40674 3736 | CVE-2021-40683 3737 | CVE-2021-40684 3738 | CVE-2021-40797 3739 | CVE-2021-40812 3740 | CVE-2021-40814 3741 | CVE-2021-40818 3742 | CVE-2021-40823 3743 | CVE-2021-40824 3744 | CVE-2021-40825 3745 | CVE-2021-40839 3746 | CVE-2021-40842 3747 | CVE-2021-40843 3748 | CVE-2021-40845 3749 | CVE-2021-40847 3750 | CVE-2021-40854 3751 | CVE-2021-40862 3752 | CVE-2021-40864 3753 | CVE-2021-40866 3754 | CVE-2021-40867 3755 | CVE-2021-40868 3756 | CVE-2021-40870 3757 | CVE-2021-40871 3758 | CVE-2021-40872 3759 | CVE-2021-40873 3760 | CVE-2021-40875 3761 | CVE-2021-40881 3762 | CVE-2021-40884 3763 | CVE-2021-40886 3764 | CVE-2021-40887 3765 | CVE-2021-40888 3766 | CVE-2021-40889 3767 | CVE-2021-40921 3768 | CVE-2021-40922 3769 | CVE-2021-40923 3770 | CVE-2021-40924 3771 | CVE-2021-40925 3772 | CVE-2021-40926 3773 | CVE-2021-40927 3774 | CVE-2021-40928 3775 | CVE-2021-40960 3776 | CVE-2021-40964 3777 | CVE-2021-40965 3778 | CVE-2021-40966 3779 | CVE-2021-40968 3780 | CVE-2021-40969 3781 | CVE-2021-40970 3782 | CVE-2021-40971 3783 | CVE-2021-40972 3784 | CVE-2021-40973 3785 | CVE-2021-40975 3786 | CVE-2021-40978 3787 | CVE-2021-40981 3788 | CVE-2021-41054 3789 | CVE-2021-41055 3790 | CVE-2021-41057 3791 | CVE-2021-41061 3792 | CVE-2021-41072 3793 | CVE-2021-41073 3794 | CVE-2021-41075 3795 | CVE-2021-41077 3796 | CVE-2021-41078 3797 | CVE-2021-41080 3798 | CVE-2021-41081 3799 | CVE-2021-41285 3800 | CVE-2021-41286 3801 | CVE-2021-41288 3802 | CVE-2021-41314 3803 | CVE-2021-41315 3804 | CVE-2021-41316 3805 | CVE-2021-41317 3806 | CVE-2021-41318 3807 | CVE-2021-41320 3808 | CVE-2021-41322 3809 | CVE-2021-41323 3810 | CVE-2021-41324 3811 | CVE-2021-41325 3812 | CVE-2021-41326 3813 | CVE-2021-41329 3814 | CVE-2021-41334 3815 | CVE-2021-41336 3816 | CVE-2021-41339 3817 | CVE-2021-41346 3818 | CVE-2021-41348 3819 | CVE-2021-41350 3820 | CVE-2021-41351 3821 | CVE-2021-41352 3822 | CVE-2021-41355 3823 | CVE-2021-41357 3824 | CVE-2021-41363 3825 | CVE-2021-41372 3826 | CVE-2021-41373 3827 | CVE-2021-41374 3828 | CVE-2021-41375 3829 | CVE-2021-41376 3830 | CVE-2021-41380 3831 | CVE-2021-41381 3832 | CVE-2021-41382 3833 | CVE-2021-41383 3834 | CVE-2021-41385 3835 | CVE-2021-41387 3836 | CVE-2021-41390 3837 | CVE-2021-41391 3838 | CVE-2021-41392 3839 | CVE-2021-41393 3840 | CVE-2021-41394 3841 | CVE-2021-41395 3842 | CVE-2021-41426 3843 | CVE-2021-41427 3844 | CVE-2021-41456 3845 | CVE-2021-41457 3846 | CVE-2021-41459 3847 | CVE-2021-41461 3848 | CVE-2021-41462 3849 | CVE-2021-41463 3850 | CVE-2021-41464 3851 | CVE-2021-41465 3852 | CVE-2021-41467 3853 | CVE-2021-41503 3854 | CVE-2021-41504 3855 | CVE-2021-41511 3856 | CVE-2021-41525 3857 | CVE-2021-41553 3858 | CVE-2021-41554 3859 | CVE-2021-41555 3860 | CVE-2021-41558 3861 | CVE-2021-41573 3862 | CVE-2021-41578 3863 | CVE-2021-41579 3864 | CVE-2021-41580 3865 | CVE-2021-41581 3866 | CVE-2021-41583 3867 | CVE-2021-41584 3868 | CVE-2021-41586 3869 | CVE-2021-41587 3870 | CVE-2021-41588 3871 | CVE-2021-41589 3872 | CVE-2021-41590 3873 | CVE-2021-41591 3874 | CVE-2021-41592 3875 | CVE-2021-41593 3876 | CVE-2021-41595 3877 | CVE-2021-41596 3878 | CVE-2021-41611 3879 | CVE-2021-41617 3880 | CVE-2021-41619 3881 | CVE-2021-41643 3882 | CVE-2021-41644 3883 | CVE-2021-41645 3884 | CVE-2021-41647 3885 | CVE-2021-41648 3886 | CVE-2021-41649 3887 | CVE-2021-41651 3888 | CVE-2021-41653 3889 | CVE-2021-41674 3890 | CVE-2021-41675 3891 | CVE-2021-41676 3892 | CVE-2021-41720 3893 | CVE-2021-41728 3894 | CVE-2021-41729 3895 | CVE-2021-41732 3896 | CVE-2021-41744 3897 | CVE-2021-41745 3898 | CVE-2021-41747 3899 | CVE-2021-41753 3900 | CVE-2021-41764 3901 | CVE-2021-41765 3902 | CVE-2021-41770 3903 | CVE-2021-41790 3904 | CVE-2021-41791 3905 | CVE-2021-41792 3906 | CVE-2021-41794 3907 | CVE-2021-41795 3908 | CVE-2021-41798 3909 | CVE-2021-41799 3910 | CVE-2021-41800 3911 | CVE-2021-41801 3912 | CVE-2021-41802 3913 | CVE-2021-41821 3914 | CVE-2021-41824 3915 | CVE-2021-41825 3916 | CVE-2021-41826 3917 | CVE-2021-41827 3918 | CVE-2021-41828 3919 | CVE-2021-41829 3920 | CVE-2021-41833 3921 | CVE-2021-41845 3922 | CVE-2021-41847 3923 | CVE-2021-41861 3924 | CVE-2021-41862 3925 | CVE-2021-41864 3926 | CVE-2021-41865 3927 | CVE-2021-41866 3928 | CVE-2021-41867 3929 | CVE-2021-41868 3930 | CVE-2021-41869 3931 | CVE-2021-41872 3932 | CVE-2021-41873 3933 | CVE-2021-41878 3934 | CVE-2021-41916 3935 | CVE-2021-41917 3936 | CVE-2021-41918 3937 | CVE-2021-41919 3938 | CVE-2021-41920 3939 | CVE-2021-41931 3940 | CVE-2021-41947 3941 | CVE-2021-41950 3942 | CVE-2021-41951 3943 | CVE-2021-41990 3944 | CVE-2021-41991 3945 | CVE-2021-42002 3946 | CVE-2021-42006 3947 | CVE-2021-42008 3948 | CVE-2021-42040 3949 | CVE-2021-42041 3950 | CVE-2021-42042 3951 | CVE-2021-42043 3952 | CVE-2021-42044 3953 | CVE-2021-42053 3954 | CVE-2021-42054 3955 | CVE-2021-42055 3956 | CVE-2021-42071 3957 | CVE-2021-42084 3958 | CVE-2021-42085 3959 | CVE-2021-42086 3960 | CVE-2021-42087 3961 | CVE-2021-42088 3962 | CVE-2021-42089 3963 | CVE-2021-42090 3964 | CVE-2021-42091 3965 | CVE-2021-42092 3966 | CVE-2021-42093 3967 | CVE-2021-42094 3968 | CVE-2021-42095 3969 | CVE-2021-42096 3970 | CVE-2021-42097 3971 | CVE-2021-42109 3972 | CVE-2021-42111 3973 | CVE-2021-42112 3974 | CVE-2021-42134 3975 | CVE-2021-42135 3976 | CVE-2021-42137 3977 | CVE-2021-42139 3978 | CVE-2021-42169 3979 | CVE-2021-42223 3980 | CVE-2021-42224 3981 | CVE-2021-42227 3982 | CVE-2021-42228 3983 | CVE-2021-42237 3984 | CVE-2021-42252 3985 | CVE-2021-42257 3986 | CVE-2021-42258 3987 | CVE-2021-42260 3988 | CVE-2021-42261 3989 | CVE-2021-42286 3990 | CVE-2021-42296 3991 | CVE-2021-42298 3992 | CVE-2021-42300 3993 | CVE-2021-42301 3994 | CVE-2021-42302 3995 | CVE-2021-42303 3996 | CVE-2021-42304 3997 | CVE-2021-42319 3998 | CVE-2021-42321 3999 | CVE-2021-42322 4000 | CVE-2021-42323 4001 | CVE-2021-42325 4002 | CVE-2021-42326 4003 | CVE-2021-42327 4004 | CVE-2021-42341 4005 | CVE-2021-42342 4006 | CVE-2021-42343 4007 | CVE-2021-42369 4008 | CVE-2021-42556 4009 | CVE-2021-42563 4010 | CVE-2021-42565 4011 | CVE-2021-42566 4012 | CVE-2021-42574 4013 | CVE-2021-42575 4014 | CVE-2021-42576 4015 | CVE-2021-42580 4016 | CVE-2021-42650 4017 | CVE-2021-42662 4018 | CVE-2021-42664 4019 | CVE-2021-42666 4020 | CVE-2021-42670 4021 | CVE-2021-42715 4022 | CVE-2021-42716 4023 | CVE-2021-42739 4024 | CVE-2021-42740 4025 | CVE-2021-42762 4026 | CVE-2021-42764 4027 | CVE-2021-42765 4028 | CVE-2021-42766 4029 | CVE-2021-42771 4030 | CVE-2021-42772 4031 | CVE-2021-42773 4032 | CVE-2021-42774 4033 | CVE-2021-42775 4034 | CVE-2021-42836 4035 | CVE-2021-42840 4036 | CVE-2021-42847 4037 | CVE-2021-42954 4038 | CVE-2021-42955 4039 | CVE-2021-42956 4040 | CVE-2021-43056 4041 | CVE-2021-43057 4042 | CVE-2021-43130 4043 | CVE-2021-43136 4044 | CVE-2021-43140 4045 | CVE-2021-43208 4046 | CVE-2021-43209 4047 | CVE-2021-43272 4048 | CVE-2021-43273 4049 | CVE-2021-43274 4050 | CVE-2021-43275 4051 | CVE-2021-43276 4052 | CVE-2021-43277 4053 | CVE-2021-43278 4054 | CVE-2021-43279 4055 | CVE-2021-43280 4056 | CVE-2021-43331 4057 | CVE-2021-43332 4058 | CVE-2021-43336 4059 | CVE-2021-43337 4060 | CVE-2021-43339 4061 | CVE-2021-43390 4062 | CVE-2021-43391 4063 | CVE-2021-43396 4064 | CVE-2021-43397 4065 | CVE-2021-43492 4066 | CVE-2021-43493 4067 | CVE-2021-43494 4068 | CVE-2021-43495 4069 | CVE-2021-43496 4070 | CVE-2021-43523 4071 | CVE-2021-43561 4072 | CVE-2021-43562 4073 | CVE-2021-43563 4074 | CVE-2021-43564 4075 | CVE-2021-43573 4076 | CVE-2021-43574 4077 | CVE-2021-43610 4078 | CVE-2021-43611 4079 | CVE-2021-43616 4080 | CVE-2021-43617 4081 | CVE-2021-43618 4082 | CVE-2021-43620 4083 | CVE-2021-43975 4084 | CVE-2021-43976 4085 | CVE-2021-43977 4086 | --------------------------------------------------------------------------------