automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-02-09 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-02-09 20:10:22 +0000
commit: 8786df5214dec49886af2bc325a644075706d307 (patch)
tree: 78bff78a2051f092d7c05a1af2920b04aa062dd2 /data/CVE
parent: 762c8ced429619050cc472de4bd1c806138a9329 (diff)
3 files changed, 241 insertions, 236 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 8d83d016be..1a2b4d6d79 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -4295,7 +4295,7 @@ CVE-2019-19321
 	RESERVED
 CVE-2019-19320
 	RESERVED
-CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
+CVE-2019-19319 (In the Linux kernel before 5.2, a setxattr operation, after a mount of ...)
 	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.2.6-1
 	[buster] - linux 4.19.87-1
@@ -8568,8 +8568,8 @@ CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys whi
 	NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices
 CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...)
 	NOT-FOR-US: idreamsoft iCMS
-CVE-2019-17582
-	RESERVED
+CVE-2019-17582 (A use-after-free in the _zip_dirent_read function of zip_dirent.c in l ...)
+	TODO: check
 CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...)
 	NOT-FOR-US: tonyy dormsystem
 CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...)
@@ -26339,7 +26339,7 @@ CVE-2019-10944
 	RESERVED
 CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
 	NOT-FOR-US: Siemens
-CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions),  ...)
+CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens
 CVE-2019-10941
 	RESERVED
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c6f14f4a71..bdcb4f02ad 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -736,10 +736,10 @@ CVE-2020-35945 (An issue was discovered in the Divi Builder plugin, Divi theme,
 	NOT-FOR-US: Divi Builder plugin, Divi theme, and Divi Extra theme for WordPress
 CVE-2020-35944 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...)
 	NOT-FOR-US: PageLayer plugin for WordPress
-CVE-2020-35943
-	RESERVED
-CVE-2020-35942
-	RESERVED
+CVE-2020-35943 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...)
+	TODO: check
+CVE-2020-35942 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...)
+	TODO: check
 CVE-2020-35941
 	RESERVED
 CVE-2020-35940
@@ -1556,8 +1556,8 @@ CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-L
 	NOT-FOR-US: TP-Link
 CVE-2020-35574
 	RESERVED
-CVE-2020-35572
-	RESERVED
+CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to the defa ...)
+	TODO: check
 CVE-2020-35571
 	RESERVED
 CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause a deni ...)
@@ -5060,10 +5060,10 @@ CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user coul
 	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2020-28646
 	RESERVED
-CVE-2020-28645
-	RESERVED
-CVE-2020-28644
-	RESERVED
+CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...)
+	TODO: check
+CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...)
+	TODO: check
 CVE-2020-28643
 	RESERVED
 CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail gener ...)
@@ -5592,33 +5592,33 @@ CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All
 	NOT-FOR-US: Siemens
 CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
 	NOT-FOR-US: Siemens
-CVE-2020-28394
-	RESERVED
+CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
 CVE-2020-28393
 	RESERVED
-CVE-2020-28392
-	RESERVED
+CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...)
+	TODO: check
 CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (V8.2), ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28389
 	RESERVED
-CVE-2020-28388
-	RESERVED
+CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All versions &lt;  ...)
+	TODO: check
 CVE-2020-28387
 	RESERVED
-CVE-2020-28386 (A vulnerability has been identified in Solid Edge (All Versions &lt; S ...)
+CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28385
 	RESERVED
-CVE-2020-28384 (A vulnerability has been identified in Solid Edge (All Versions &lt; S ...)
+CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
 	NOT-FOR-US: Siemens
-CVE-2020-28382 (A vulnerability has been identified in Solid Edge (All Versions &lt; S ...)
+CVE-2020-28382 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
-CVE-2020-28381 (A vulnerability has been identified in Solid Edge (All Versions &lt; S ...)
+CVE-2020-28381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28380
 	RESERVED
@@ -6783,12 +6783,12 @@ CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive
 	NOT-FOR-US: NEC ESMPRO Manager
 CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: CA Arcserve
-CVE-2020-27857
-	RESERVED
-CVE-2020-27856
-	RESERVED
-CVE-2020-27855
-	RESERVED
+CVE-2020-27857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-27856 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-27855 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
 CVE-2020-27854
 	RESERVED
 CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...)
@@ -8313,16 +8313,16 @@ CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6
 	NOT-FOR-US: KEPServerEX
 CVE-2020-27262 (Innokas Yhtym&#228; Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
 	NOT-FOR-US: Innokas Yhtyma Oy
-CVE-2020-27261
-	RESERVED
+CVE-2020-27261 (The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based ...)
+	TODO: check
 CVE-2020-27260 (Innokas Yhtym&#228; Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
 	NOT-FOR-US: Innokas Yhtyma Oy
-CVE-2020-27259
-	RESERVED
+CVE-2020-27259 (The Omron CX-One Version 4.60 and prior may allow an attacker to suppl ...)
+	TODO: check
 CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
 	NOT-FOR-US: SOOIL Developments Co., Ltd.
-CVE-2020-27257
-	RESERVED
+CVE-2020-27257 (This vulnerability allows local attackers to execute arbitrary code du ...)
+	TODO: check
 CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
 	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
@@ -8854,63 +8854,63 @@ CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterS
 	NOT-FOR-US: Trend Micro
 CVE-2020-27009
 	RESERVED
-CVE-2020-27008
-	RESERVED
-CVE-2020-27007
-	RESERVED
-CVE-2020-27006
-	RESERVED
-CVE-2020-27005
-	RESERVED
-CVE-2020-27004
-	RESERVED
-CVE-2020-27003
-	RESERVED
-CVE-2020-27002
-	RESERVED
-CVE-2020-27001
-	RESERVED
-CVE-2020-27000
-	RESERVED
-CVE-2020-26999
-	RESERVED
-CVE-2020-26998
-	RESERVED
+CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27007 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27006 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27005 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27004 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27003 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27002 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27001 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-27000 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-26999 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
+CVE-2020-26998 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+	TODO: check
 CVE-2020-26997
 	RESERVED
-CVE-2020-26996 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26996 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26995 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26995 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26994 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26994 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26993 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26993 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26992 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26992 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26991 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26991 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26990 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26990 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
 CVE-2020-26989 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26988 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26988 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26987 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26987 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26986 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26986 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26985 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26985 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26984 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26984 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26983 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26983 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26982 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26982 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26981 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26981 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26980 (A vulnerability has been identified in JT2Go (All Versions &lt; V13.1. ...)
+CVE-2020-26980 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
 	NOT-FOR-US: JT2Go
 CVE-2020-26979 (When a user typed a URL in the address bar or the search bar and quick ...)
 	- firefox 84.0-1
@@ -13044,8 +13044,8 @@ CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 1
 	NOT-FOR-US: Hyland OnBase
 CVE-2020-25246
 	RESERVED
-CVE-2020-25245
-	RESERVED
+CVE-2020-25245 (A vulnerability has been identified in DIGSI 4 (All versions &lt; V4.9 ...)
+	TODO: check
 CVE-2020-25244
 	RESERVED
 CVE-2020-25243
@@ -13058,10 +13058,10 @@ CVE-2020-25240
 	RESERVED
 CVE-2020-25239
 	RESERVED
-CVE-2020-25238
-	RESERVED
-CVE-2020-25237
-	RESERVED
+CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration Console ...)
+	TODO: check
+CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+	TODO: check
 CVE-2020-25236
 	RESERVED
 CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
@@ -18099,10 +18099,10 @@ CVE-2020-22843
 	RESERVED
 CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2020-22841
-	RESERVED
-CVE-2020-22840
-	RESERVED
+CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attac ...)
+	TODO: check
+CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...)
+	TODO: check
 CVE-2020-22839
 	RESERVED
 CVE-2020-22838
@@ -27373,8 +27373,8 @@ CVE-2020-18217
 	RESERVED
 CVE-2020-18216
 	RESERVED
-CVE-2020-18215
-	RESERVED
+CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...)
+	TODO: check
 CVE-2020-18214
 	RESERVED
 CVE-2020-18213
@@ -29002,44 +29002,44 @@ CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and o
 	[stretch] - open-iscsi <no-dsa> (Minor issue)
 	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
 	NOTE: Adressed upstream in 2.1.3 release
-CVE-2020-17436
-	RESERVED
-CVE-2020-17435
-	RESERVED
-CVE-2020-17434
-	RESERVED
-CVE-2020-17433
-	RESERVED
-CVE-2020-17432
-	RESERVED
-CVE-2020-17431
-	RESERVED
-CVE-2020-17430
-	RESERVED
-CVE-2020-17429
-	RESERVED
-CVE-2020-17428
-	RESERVED
-CVE-2020-17427
-	RESERVED
-CVE-2020-17426
-	RESERVED
-CVE-2020-17425
-	RESERVED
-CVE-2020-17424
-	RESERVED
-CVE-2020-17423
-	RESERVED
-CVE-2020-17422
-	RESERVED
-CVE-2020-17421
-	RESERVED
-CVE-2020-17420
-	RESERVED
-CVE-2020-17419
-	RESERVED
-CVE-2020-17418
-	RESERVED
+CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -31737,8 +31737,8 @@ CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in H
 	NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e (1.2.12)
-CVE-2020-16144
-	RESERVED
+CVE-2020-16144 (When using an object storage like S3 as the file store, when a user cr ...)
+	TODO: check
 CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...)
 	- seafile-client <not-affected> (Windows-specific)
 CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...)
@@ -31983,8 +31983,7 @@ CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0
 	TODO: check
 CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...)
 	TODO: check
-CVE-2020-16044
-	RESERVED
+CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...)
 	{DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1}
 	- firefox 84.0.2-1
 	- firefox-esr 78.6.1esr-1
@@ -32758,8 +32757,8 @@ CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch fam
 	NOT-FOR-US: Siemens
 CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens
-CVE-2020-15798
-	RESERVED
+CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...)
+	TODO: check
 CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
 	NOT-FOR-US: DCA Vantage Analyzer
 CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
@@ -39568,8 +39567,8 @@ CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...)
 	NOT-FOR-US: ismartgate PRO
 CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...)
 	NOT-FOR-US: Mikrotik-Router-Monitoring-System
-CVE-2020-13117
-	RESERVED
+CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...)
+	TODO: check
 CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an  ...)
 	NOT-FOR-US: OpenText Carbonite Server Backup Portal
 CVE-2020-13115
@@ -47477,8 +47476,8 @@ CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Man
 	NOT-FOR-US: Siemens
 CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
 	NOT-FOR-US: Siemens
-CVE-2020-10048
-	RESERVED
+CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...)
+	TODO: check
 CVE-2020-10047
 	RESERVED
 CVE-2020-10046
@@ -59560,10 +59559,10 @@ CVE-2020-4998
 	RESERVED
 CVE-2020-4997
 	RESERVED
-CVE-2020-4996
-	RESERVED
-CVE-2020-4995
-	RESERVED
+CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a  ...)
+	TODO: check
+CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not inval ...)
+	TODO: check
 CVE-2020-4994
 	RESERVED
 CVE-2020-4993
@@ -59962,18 +59961,18 @@ CVE-2020-4797
 	RESERVED
 CVE-2020-4796
 	RESERVED
-CVE-2020-4795
-	RESERVED
+CVE-2020-4795 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...)
+	TODO: check
 CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Busines ...)
 	NOT-FOR-US: IBM
 CVE-2020-4793
 	RESERVED
 CVE-2020-4792
 	RESERVED
-CVE-2020-4791
-	RESERVED
-CVE-2020-4790
-	RESERVED
+CVE-2020-4791 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+	TODO: check
+CVE-2020-4790 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a  ...)
+	TODO: check
 CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
 	NOT-FOR-US: IBM
 CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index ab2b62027c..ef6b8be89a 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,43 @@
+CVE-2021-3404
+	RESERVED
+CVE-2021-3403
+	RESERVED
+CVE-2021-26936
+	RESERVED
+CVE-2021-26935
+	RESERVED
+CVE-2021-26934
+	RESERVED
+CVE-2021-26933
+	RESERVED
+CVE-2021-26932
+	RESERVED
+CVE-2021-26931
+	RESERVED
+CVE-2021-26930
+	RESERVED
+CVE-2021-26929
+	RESERVED
+CVE-2021-26928
+	RESERVED
+CVE-2021-26927
+	RESERVED
+CVE-2021-26926
+	RESERVED
+CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets  ...)
+	TODO: check
+CVE-2021-26924
+	RESERVED
+CVE-2021-26923
+	RESERVED
+CVE-2021-26922
+	RESERVED
+CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...)
+	TODO: check
+CVE-2021-26920
+	RESERVED
+CVE-2021-26919
+	RESERVED
 CVE-2021-26918 (The ProBot bot through 2021-02-08 for Discord might allow attackers to ...)
 	NOT-FOR-US: ProBot bot
 CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write  ...)
@@ -417,8 +457,8 @@ CVE-2021-26721
 	RESERVED
 CVE-2021-26720
 	RESERVED
-CVE-2021-26719
-	RESERVED
+CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...)
+	TODO: check
 CVE-2021-26718
 	RESERVED
 CVE-2021-26717
@@ -525,14 +565,12 @@ CVE-2021-3397
 	RESERVED
 CVE-2021-3396
 	RESERVED
-CVE-2021-26676
-	RESERVED
+CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
 	{DSA-4847-1}
 	- connman 1.36-2.1
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
-CVE-2021-26675
-	RESERVED
+CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...)
 	{DSA-4847-1}
 	- connman 1.36-2.1
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
@@ -692,8 +730,8 @@ CVE-2021-26598
 	RESERVED
 CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
 	NOT-FOR-US: Pryaniki
-CVE-2021-3394
-	RESERVED
+CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...)
+	TODO: check
 CVE-2021-3393
 	RESERVED
 CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
@@ -805,10 +843,10 @@ CVE-2021-26552
 	RESERVED
 CVE-2021-26551
 	RESERVED
-CVE-2021-26550
-	RESERVED
-CVE-2021-26549
-	RESERVED
+CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...)
+	TODO: check
+CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to  ...)
+	TODO: check
 CVE-2021-3386
 	RESERVED
 CVE-2021-3385
@@ -2969,8 +3007,8 @@ CVE-2021-3193 (Improper access and command validation in the Nagios Docker Confi
 	NOT-FOR-US: Nagios XI
 CVE-2021-3192
 	RESERVED
-CVE-2021-3191
-	RESERVED
+CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
+	TODO: check
 CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...)
 	NOT-FOR-US: Node async-git
 CVE-2021-25678
@@ -2997,8 +3035,8 @@ CVE-2021-25668
 	RESERVED
 CVE-2021-25667
 	RESERVED
-CVE-2021-25666
-	RESERVED
+CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...)
+	TODO: check
 CVE-2021-25665
 	RESERVED
 CVE-2021-25664
@@ -4189,12 +4227,12 @@ CVE-2021-25143
 	RESERVED
 CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
 	NOT-FOR-US: HPE
-CVE-2021-25141
-	RESERVED
-CVE-2021-25140
-	RESERVED
-CVE-2021-25139
-	RESERVED
+CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...)
+	TODO: check
+CVE-2021-25140 (A potential security vulnerability has been identified in the HPE Moon ...)
+	TODO: check
+CVE-2021-25139 (A potential security vulnerability has been identified in the HPE Moon ...)
+	TODO: check
 CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
 	NOT-FOR-US: HPE
 CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
@@ -7981,8 +8019,8 @@ CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to
 	TODO: check
 CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...)
 	TODO: check
-CVE-2021-23327
-	RESERVED
+CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...)
+	TODO: check
 CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...)
 	NOT-FOR-US: graphql-tools/git-loader
 CVE-2021-23325
@@ -9308,8 +9346,8 @@ CVE-2021-22665
 	RESERVED
 CVE-2021-22664
 	RESERVED
-CVE-2021-22663
-	RESERVED
+CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
+	TODO: check
 CVE-2021-22662
 	RESERVED
 CVE-2021-22661
@@ -10100,8 +10138,8 @@ CVE-2021-22269
 	RESERVED
 CVE-2021-22268
 	RESERVED
-CVE-2021-22267
-	RESERVED
+CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
+	TODO: check
 CVE-2021-22266
 	RESERVED
 CVE-2021-22265
@@ -12426,162 +12464,130 @@ CVE-2021-21150
 	RESERVED
 CVE-2021-21149
 	RESERVED
-CVE-2021-21148
-	RESERVED
+CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 all ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21147
-	RESERVED
+CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to 88.0.43 ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.146-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21146
-	RESERVED
+CVE-2021-21146 (Use after free in Navigation in Google Chrome prior to 88.0.4324.146 a ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.146-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21145
-	RESERVED
+CVE-2021-21145 (Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowe ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.146-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21144
-	RESERVED
+CVE-2021-21144 (Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324 ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.146-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21143
-	RESERVED
+CVE-2021-21143 (Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324 ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.146-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21142
-	RESERVED
+CVE-2021-21142 (Use after free in Payments in Google Chrome on Mac prior to 88.0.4324. ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.146-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21141
-	RESERVED
+CVE-2021-21141 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21140
-	RESERVED
+CVE-2021-21140 (Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowe ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21139
-	RESERVED
+CVE-2021-21139 (Inappropriate implementation in iframe sandbox in Google Chrome prior  ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21138
-	RESERVED
+CVE-2021-21138 (Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allo ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21137
-	RESERVED
+CVE-2021-21137 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21136
-	RESERVED
+CVE-2021-21136 (Insufficient policy enforcement in WebView in Google Chrome on Android ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21135
-	RESERVED
+CVE-2021-21135 (Inappropriate implementation in Performance API in Google Chrome prior ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21134
-	RESERVED
+CVE-2021-21134 (Incorrect security UI in Page Info in Google Chrome on iOS prior to 88 ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21133
-	RESERVED
+CVE-2021-21133 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21132
-	RESERVED
+CVE-2021-21132 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21131
-	RESERVED
+CVE-2021-21131 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21130
-	RESERVED
+CVE-2021-21130 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21129
-	RESERVED
+CVE-2021-21129 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21128
-	RESERVED
+CVE-2021-21128 (Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 a ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21127
-	RESERVED
+CVE-2021-21127 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21126
-	RESERVED
+CVE-2021-21126 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21125
-	RESERVED
+CVE-2021-21125 (Insufficient policy enforcement in File System API in Google Chrome on ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21124
-	RESERVED
+CVE-2021-21124 (Potential user after free in Speech Recognizer in Google Chrome on And ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21123
-	RESERVED
+CVE-2021-21123 (Insufficient data validation in File System API in Google Chrome prior ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21122
-	RESERVED
+CVE-2021-21122 (Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21121
-	RESERVED
+CVE-2021-21121 (Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324 ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21120
-	RESERVED
+CVE-2021-21120 (Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowe ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21119
-	RESERVED
+CVE-2021-21119 (Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21118
-	RESERVED
+CVE-2021-21118 (Insufficient data validation in V8 in Google Chrome prior to 88.0.4324 ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21117
-	RESERVED
+CVE-2021-21117 (Insufficient policy enforcement in Cryptohome in Google Chrome prior t ...)
 	{DSA-4846-1}
 	- chromium 88.0.4324.96-0.1 (bug #980564)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
author	security tracker role <sectracker@soriano.debian.org>	2021-02-09 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-02-09 20:10:22 +0000
commit	8786df5214dec49886af2bc325a644075706d307 (patch)
tree	78bff78a2051f092d7c05a1af2920b04aa062dd2 /data/CVE
parent	762c8ced429619050cc472de4bd1c806138a9329 (diff)