automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-02-17 20:10:29 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-02-17 20:10:29 +0000
commit: 6f3057bf89836494ef28f8d4186e6dd6c6839306 (patch)
tree: 98032307c48c38aa863f8692e797a121d57ca0e4 /data/CVE
parent: 18f0cc9d2e6d404790bbcb49e3977e0e00f3c85b (diff)
3 files changed, 133 insertions, 183 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 53e5f6de62..03fefaf6f2 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -50250,7 +50250,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can f
 	- openssl1.0 <not-affected> (Windows-specific)
 	NOTE: https://www.openssl.org/news/secadv/20190730.txt
 CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...)
-	{DSA-4594-1}
+	{DSA-4855-1 DSA-4594-1}
 	- openssl 1.1.1e-1 (low; bug #947949)
 	[stretch] - openssl <postponed> (Wait until next upstream security release)
 	[jessie] - openssl <not-affected> (Affected modules are not present in Jessie)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 056b8ae847..f9675404c5 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -631,10 +631,10 @@ CVE-2020-36005
 	RESERVED
 CVE-2020-36004
 	RESERVED
-CVE-2020-36003
-	RESERVED
-CVE-2020-36002
-	RESERVED
+CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...)
+	TODO: check
+CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...)
+	TODO: check
 CVE-2020-36001
 	RESERVED
 CVE-2020-36000
@@ -2206,8 +2206,8 @@ CVE-2020-35341
 	RESERVED
 CVE-2020-35340
 	RESERVED
-CVE-2020-35339
-	RESERVED
+CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnerability ...)
+	TODO: check
 CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
 	NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server
 CVE-2020-35337
@@ -4676,7 +4676,7 @@ CVE-2020-28854
 	RESERVED
 CVE-2020-28853
 	RESERVED
-CVE-2020-28852 (In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in  ...)
+CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...)
 	- golang-golang-x-text 0.3.5-1 (bug #980002)
 	- golang-x-text <removed>
 	NOTE: https://github.com/golang/go/issues/42536
@@ -14744,46 +14744,35 @@ CVE-2020-24507
 	RESERVED
 CVE-2020-24506
 	RESERVED
-CVE-2020-24505
-	RESERVED
+CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24504
-	RESERVED
-CVE-2020-24503
-	RESERVED
-CVE-2020-24502
-	RESERVED
-CVE-2020-24501
-	RESERVED
+CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
+	TODO: check
+CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810 Adapter dri ...)
+	TODO: check
+CVE-2020-24502 (Improper input validation in some Intel(R) Ethernet E810 Adapter drive ...)
+	TODO: check
+CVE-2020-24501 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24500
-	RESERVED
+CVE-2020-24500 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
 	NOT-FOR-US: Intel NIC firmware
 CVE-2020-24499
 	RESERVED
-CVE-2020-24498
-	RESERVED
+CVE-2020-24498 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24497
-	RESERVED
+CVE-2020-24497 (Insufficient Access Control in the firmware for Intel(R) E810 Ethernet ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24496
-	RESERVED
+CVE-2020-24496 (Insufficient input validation in the firmware for Intel(R) 722 Etherne ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24495
-	RESERVED
+CVE-2020-24495 (Insufficient access control in the firmware for the Intel(R) 700-serie ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24494
-	RESERVED
+CVE-2020-24494 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24493
-	RESERVED
+CVE-2020-24493 (Insufficient access control in the firmware for the Intel(R) 700-serie ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24492
-	RESERVED
+CVE-2020-24492 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...)
 	NOT-FOR-US: Intel NIC firmware
-CVE-2020-24491
-	RESERVED
+CVE-2020-24491 (Debug message containing addresses of memory transactions in some Inte ...)
 	NOT-FOR-US: Intel
 CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an unauthenticated use ...)
 	{DLA-2420-1}
@@ -14800,21 +14789,17 @@ CVE-2020-24487
 	RESERVED
 CVE-2020-24486
 	RESERVED
-CVE-2020-24485
-	RESERVED
+CVE-2020-24485 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector  ...)
 	NOT-FOR-US: Intel
 CVE-2020-24484
 	RESERVED
 CVE-2020-24483
 	RESERVED
-CVE-2020-24482
-	RESERVED
+CVE-2020-24482 (Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem  ...)
 	NOT-FOR-US: Intel
-CVE-2020-24481
-	RESERVED
+CVE-2020-24481 (Insecure inherited permissions for the Intel(R) Quartus Prime Pro and  ...)
 	NOT-FOR-US: Intel
-CVE-2020-24480
-	RESERVED
+CVE-2020-24480 (Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may al ...)
 	NOT-FOR-US: Intel
 CVE-2020-24479
 	RESERVED
@@ -14850,8 +14835,7 @@ CVE-2020-24464
 	RESERVED
 CVE-2020-24463
 	RESERVED
-CVE-2020-24462
-	RESERVED
+CVE-2020-24462 (Out of bounds write in the Intel(R) Graphics Driver before version 15. ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-24461
 	RESERVED
@@ -14859,8 +14843,7 @@ CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version
 	NOT-FOR-US: Intel
 CVE-2020-24459
 	RESERVED
-CVE-2020-24458
-	RESERVED
+CVE-2020-24458 (Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (T ...)
 	NOT-FOR-US: Intel
 CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...)
 	NOT-FOR-US: Intel
@@ -14874,22 +14857,17 @@ CVE-2020-24455 [FAPI PolicyPCR not instatiating correctly]
 	NOTE: https://github.com/tpm2-software/tpm2-tss/commit/bf24b0ef0fa8de9300a323f70a097a1afd818439 (2.4.5)
 CVE-2020-24454 (Improper Restriction of XML External Entity Reference in subsystem for ...)
 	NOT-FOR-US: Intel
-CVE-2020-24453
-	RESERVED
+CVE-2020-24453 (Improper input validation in the Intel(R) EPID SDK before version 8, m ...)
 	NOT-FOR-US: Intel
-CVE-2020-24452
-	RESERVED
+CVE-2020-24452 (Improper input validation in the Intel(R) SGX Platform Software for Wi ...)
 	NOT-FOR-US: Intel
-CVE-2020-24451
-	RESERVED
+CVE-2020-24451 (Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memo ...)
 	NOT-FOR-US: Intel
-CVE-2020-24450
-	RESERVED
+CVE-2020-24450 (Improper conditions check in some Intel(R) Graphics Drivers before ver ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-24449
 	RESERVED
-CVE-2020-24448
-	RESERVED
+CVE-2020-24448 (Uncaught exception in some Intel(R) Graphics Drivers before version 15 ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...)
 	NOT-FOR-US: Adobe
@@ -38612,6 +38590,7 @@ CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging
 	NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator
 CVE-2020-13558
 	RESERVED
+	{DSA-4854-1}
 	- webkit2gtk 2.30.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.30.5-1
@@ -38620,18 +38599,18 @@ CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine o
 	NOT-FOR-US: Foxit
 CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server  ...)
 	NOT-FOR-US: EIP Stack Group OpENer
-CVE-2020-13555
-	RESERVED
+CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...)
+	TODO: check
 CVE-2020-13554
 	RESERVED
-CVE-2020-13553
-	RESERVED
-CVE-2020-13552
-	RESERVED
-CVE-2020-13551
-	RESERVED
-CVE-2020-13550
-	RESERVED
+CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...)
+	TODO: check
+CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...)
+	TODO: check
+CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in the f ...)
+	TODO: check
+CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...)
+	TODO: check
 CVE-2020-13549
 	RESERVED
 CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...)
@@ -41564,14 +41543,11 @@ CVE-2020-12387 (A race condition when running shutdown code for Web Worker led t
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387
-CVE-2020-12386
-	RESERVED
+CVE-2020-12386 (Out-of-bounds write in some Intel(R) Graphics Drivers before version 1 ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12385
-	RESERVED
+CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers before ver ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12384
-	RESERVED
+CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-12383
 	RESERVED
@@ -41579,65 +41555,48 @@ CVE-2020-12382
 	RESERVED
 CVE-2020-12381
 	RESERVED
-CVE-2020-12380
-	RESERVED
+CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...)
 	NOT-FOR-US: Intel
 CVE-2020-12379
 	RESERVED
 CVE-2020-12378
 	RESERVED
-CVE-2020-12377
-	RESERVED
+CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...)
 	NOT-FOR-US: Intel
-CVE-2020-12376
-	RESERVED
+CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...)
 	NOT-FOR-US: Intel
-CVE-2020-12375
-	RESERVED
+CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...)
 	NOT-FOR-US: Intel
 CVE-2020-12374
 	RESERVED
-CVE-2020-12373
-	RESERVED
+CVE-2020-12373 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12372
-	RESERVED
+CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12371
-	RESERVED
+CVE-2020-12371 (Divide by zero in some Intel(R) Graphics Drivers before version 26.20. ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12370
-	RESERVED
+CVE-2020-12370 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12369
-	RESERVED
+CVE-2020-12369 (Out of bound write in some Intel(R) Graphics Drivers before version 26 ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12368
-	RESERVED
+CVE-2020-12368 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12367
-	RESERVED
+CVE-2020-12367 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12366
-	RESERVED
+CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers before ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12365
-	RESERVED
+CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12364
-	RESERVED
+CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows*  ...)
 	- linux 5.5.13-1
 	NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
-CVE-2020-12363
-	RESERVED
+CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...)
 	- linux 5.5.13-1
 	NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
-CVE-2020-12362
-	RESERVED
+CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...)
 	- linux 5.5.13-1
 	NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
-CVE-2020-12361
-	RESERVED
+CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-12360
 	RESERVED
@@ -41689,8 +41648,7 @@ CVE-2020-12341
 	RESERVED
 CVE-2020-12340
 	RESERVED
-CVE-2020-12339
-	RESERVED
+CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...)
 	NOT-FOR-US: Intel
 CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...)
 	NOT-FOR-US: Intel
@@ -50531,8 +50489,7 @@ CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Qua
 	NOT-FOR-US: Intel
 CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...)
 	NOT-FOR-US: Intel
-CVE-2020-8765
-	RESERVED
+CVE-2020-8765 (Incorrect default permissions in the installer for the Intel(R) RealSe ...)
 	NOT-FOR-US: Intel
 CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors  ...)
 	NOT-FOR-US: Intel
@@ -50660,8 +50617,7 @@ CVE-2020-8703
 	RESERVED
 CVE-2020-8702
 	RESERVED
-CVE-2020-8701
-	RESERVED
+CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...)
 	NOT-FOR-US: Intel
 CVE-2020-8700
 	RESERVED
@@ -50722,8 +50678,7 @@ CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 1
 	NOT-FOR-US: Intel
 CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...)
 	NOT-FOR-US: Intel
-CVE-2020-8678
-	RESERVED
+CVE-2020-8678 (Improper access control for Intel(R) Graphics Drivers before version 1 ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2,  ...)
 	NOT-FOR-US: Intel
@@ -52776,10 +52731,10 @@ CVE-2020-7851
 	RESERVED
 CVE-2020-7850
 	RESERVED
-CVE-2020-7849
-	RESERVED
-CVE-2020-7848
-	RESERVED
+CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
+	TODO: check
+CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
+	TODO: check
 CVE-2020-7847
 	RESERVED
 CVE-2020-7846
@@ -69297,8 +69252,7 @@ CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory
 	NOT-FOR-US: Intel
 CVE-2020-0545 (Integer overflow in subsystem for Intel(R) CSME versions before 11.8.7 ...)
 	NOT-FOR-US: Intel
-CVE-2020-0544
-	RESERVED
+CVE-2020-0544 (Insufficient control flow management in the kernel mode driver for som ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-0543 (Incomplete cleanup from specific special register read operations in s ...)
 	{DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2248-1 DLA-2242-1 DLA-2241-1}
@@ -69341,27 +69295,21 @@ CVE-2020-0527 (Insufficient control flow management in firmware for some Intel(R
 	NOT-FOR-US: Intel
 CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...)
 	NOT-FOR-US: Intel
-CVE-2020-0525
-	RESERVED
+CVE-2020-0525 (Improper access control in firmware for the Intel(R) Ethernet I210 Con ...)
 	NOT-FOR-US: Intel
-CVE-2020-0524
-	RESERVED
+CVE-2020-0524 (Improper default permissions in the firmware for the Intel(R) Ethernet ...)
 	NOT-FOR-US: Intel
-CVE-2020-0523
-	RESERVED
+CVE-2020-0523 (Improper access control in the firmware for the Intel(R) Ethernet I210 ...)
 	NOT-FOR-US: Intel
-CVE-2020-0522
-	RESERVED
+CVE-2020-0522 (Improper initialization in the firmware for the Intel(R) Ethernet I210 ...)
 	NOT-FOR-US: Intel
-CVE-2020-0521
-	RESERVED
+CVE-2020-0521 (Insufficient control flow management in some Intel(R) Graphics Drivers ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...)
 	NOT-FOR-US: Intel
 CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions  ...)
 	NOT-FOR-US: Intel Graphics drivers for Windows
-CVE-2020-0518
-	RESERVED
+CVE-2020-0518 (Improper access control in the Intel(R) HD Graphics Control Panel befo ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...)
 	NOT-FOR-US: Intel Graphics drivers for Windows
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 1bd1140c68..57aa53a4c3 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,7 @@
+CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...)
+	TODO: check
+CVE-2021-27361
+	RESERVED
 CVE-2021-27360
 	RESERVED
 CVE-2021-27359
@@ -272,8 +276,8 @@ CVE-2021-27226
 	RESERVED
 CVE-2021-27225
 	RESERVED
-CVE-2021-27224
-	RESERVED
+CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...)
+	TODO: check
 CVE-2021-27223
 	RESERVED
 CVE-2021-27222
@@ -1186,8 +1190,8 @@ CVE-2021-26811
 	RESERVED
 CVE-2021-26810
 	RESERVED
-CVE-2021-26809
-	RESERVED
+CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote shell  ...)
+	TODO: check
 CVE-2021-26808
 	RESERVED
 CVE-2021-26807
@@ -1420,8 +1424,7 @@ CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5
 	NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446
-CVE-2021-26697
-	RESERVED
+CVE-2021-26697 (The lineage endpoint of the deprecated Experimental API was not protec ...)
 	- airflow <itp> (bug #819700)
 CVE-2021-26696
 	RESERVED
@@ -1736,8 +1739,8 @@ CVE-2021-26561
 	RESERVED
 CVE-2021-26560
 	RESERVED
-CVE-2021-26559
-	RESERVED
+CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API  ...)
+	TODO: check
 CVE-2021-26558
 	RESERVED
 CVE-2021-3391
@@ -3713,10 +3716,10 @@ CVE-2021-25782
 	RESERVED
 CVE-2021-25781
 	RESERVED
-CVE-2021-25780
-	RESERVED
-CVE-2021-25779
-	RESERVED
+CVE-2021-25780 (An arbitrary file upload vulnerability has been identified in posts.ph ...)
+	TODO: check
+CVE-2021-25779 (Baby Care System v1.0 is vulnerable to SQL injection via the 'id' para ...)
+	TODO: check
 CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...)
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...)
@@ -7789,8 +7792,8 @@ CVE-2021-23887
 	RESERVED
 CVE-2021-23886
 	RESERVED
-CVE-2021-23885
-	RESERVED
+CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+	TODO: check
 CVE-2021-23884
 	RESERVED
 CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...)
@@ -7877,12 +7880,14 @@ CVE-2021-23843
 	RESERVED
 CVE-2021-23842
 	RESERVED
-CVE-2021-23841 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
+CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
+	{DSA-4855-1}
 	- openssl 1.1.1j-1
 	- openssl1.0 <removed>
 	NOTE: https://www.openssl.org/news/secadv/20210216.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j)
 CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
+	{DSA-4855-1}
 	- openssl 1.1.1j-1
 	- openssl1.0 <removed>
 	NOTE: https://www.openssl.org/news/secadv/20210216.txt
@@ -8932,8 +8937,8 @@ CVE-2021-23341
 	RESERVED
 CVE-2021-23340
 	RESERVED
-CVE-2021-23339
-	RESERVED
+CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...)
+	TODO: check
 CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...)
 	NOT-FOR-US: qlib
 CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...)
@@ -9889,18 +9894,18 @@ CVE-2021-22860
 	RESERVED
 CVE-2021-22859
 	RESERVED
-CVE-2021-22858
-	RESERVED
-CVE-2021-22857
-	RESERVED
-CVE-2021-22856
-	RESERVED
-CVE-2021-22855
-	RESERVED
-CVE-2021-22854
-	RESERVED
-CVE-2021-22853
-	RESERVED
+CVE-2021-22858 (Attackers can access the CGE account management function without privi ...)
+	TODO: check
+CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...)
+	TODO: check
+CVE-2021-22856 (The CGE property management system contains SQL Injection vulnerabilit ...)
+	TODO: check
+CVE-2021-22855 (The specific function of HR Portal of Soar Cloud System accepts any ty ...)
+	TODO: check
+CVE-2021-22854 (The HR Portal of Soar Cloud System fails to filter specific parameters ...)
+	TODO: check
+CVE-2021-22853 (The HR Portal of Soar Cloud System fails to manage access control. Whi ...)
+	TODO: check
 CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can  ...)
 	NOT-FOR-US: HGiga EIP
 CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can  ...)
@@ -10522,8 +10527,8 @@ CVE-2021-22555
 	RESERVED
 CVE-2021-22554
 	RESERVED
-CVE-2021-22553
-	RESERVED
+CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...)
+	TODO: check
 CVE-2021-22552
 	RESERVED
 CVE-2021-22551
@@ -11280,15 +11285,13 @@ CVE-2021-22176
 	RESERVED
 CVE-2021-22175
 	RESERVED
-CVE-2021-22174 [USB HID dissector could crash]
-	RESERVED
+CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
 	- wireshark 3.4.3-1 (bug #981791)
 	[buster] - wireshark <not-affected> (Affected code not present)
 	[stretch] - wireshark <not-affected> (Affected code not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-02.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17165
-CVE-2021-22173 [USB HID dissector memory leak]
-	RESERVED
+CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows de ...)
 	- wireshark 3.4.3-1 (bug #981791)
 	[buster] - wireshark <not-affected> (Affected code not present)
 	[stretch] - wireshark <not-affected> (Affected code not present)
@@ -18193,16 +18196,16 @@ CVE-2021-1418
 	RESERVED
 CVE-2021-1417
 	RESERVED
-CVE-2021-1416
-	RESERVED
+CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+	TODO: check
 CVE-2021-1415
 	RESERVED
 CVE-2021-1414
 	RESERVED
 CVE-2021-1413
 	RESERVED
-CVE-2021-1412
-	RESERVED
+CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+	TODO: check
 CVE-2021-1411
 	RESERVED
 CVE-2021-1410
@@ -18269,8 +18272,8 @@ CVE-2021-1380
 	RESERVED
 CVE-2021-1379
 	RESERVED
-CVE-2021-1378
-	RESERVED
+CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...)
+	TODO: check
 CVE-2021-1377
 	RESERVED
 CVE-2021-1376
@@ -18281,8 +18284,8 @@ CVE-2021-1374
 	RESERVED
 CVE-2021-1373
 	RESERVED
-CVE-2021-1372
-	RESERVED
+CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...)
+	TODO: check
 CVE-2021-1371
 	RESERVED
 CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...)
@@ -18293,8 +18296,8 @@ CVE-2021-1368
 	RESERVED
 CVE-2021-1367
 	RESERVED
-CVE-2021-1366
-	RESERVED
+CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+	TODO: check
 CVE-2021-1365
 	RESERVED
 CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
@@ -18323,8 +18326,8 @@ CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS cou
 	NOT-FOR-US: Cisco
 CVE-2021-1352
 	RESERVED
-CVE-2021-1351
-	RESERVED
+CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...)
+	TODO: check
 CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
@@ -20836,8 +20839,7 @@ CVE-2021-0111
 	RESERVED
 CVE-2021-0110
 	RESERVED
-CVE-2021-0109
-	RESERVED
+CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
 	NOT-FOR-US: Intel
 CVE-2021-0108
 	RESERVED
author	security tracker role <sectracker@soriano.debian.org>	2021-02-17 20:10:29 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-02-17 20:10:29 +0000
commit	6f3057bf89836494ef28f8d4186e6dd6c6839306 (patch)
tree	98032307c48c38aa863f8692e797a121d57ca0e4 /data/CVE
parent	18f0cc9d2e6d404790bbcb49e3977e0e00f3c85b (diff)