automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-02-03 20:10:23 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-02-03 20:10:23 +0000
commit: 411555260a1176c6ff30a22987e045589a82920a (patch)
tree: 1a76099ce468948aba38f2b47dbc9f1f689095d3 /data
parent: d5f9bb486e35177c16da80314fab1f0de2d0223e (diff)
3 files changed, 297 insertions, 121 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 5020d8571e..70856db57f 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -11799,8 +11799,8 @@ CVE-2019-16270
 	RESERVED
 CVE-2019-16269
 	RESERVED
-CVE-2019-16268
-	RESERVED
+CVE-2019-16268 (Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection vi ...)
+	TODO: check
 CVE-2019-16267
 	RESERVED
 CVE-2019-16266
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6fd9c3c34f..49fb49195f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -19,22 +19,27 @@ CVE-2020-36232
 CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36230 (A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertio ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9423
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793 (OPENLDAP_REL_ENG_2_4_57)
 CVE-2020-36229 (A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 lead ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9425
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 (OPENLDAP_REL_ENG_2_4_57)
 CVE-2020-36228 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading  ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9427
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad (OPENLDAP_REL_ENG_2_4_57)
 CVE-2020-36227 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9428
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5 (OPENLDAP_REL_ENG_2_4_57)
 CVE-2020-36226 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-&gt ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57)
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57)
@@ -43,6 +48,7 @@ CVE-2020-36226 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a mem
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57)
 	NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids
 CVE-2020-36225 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a double fr ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57)
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57)
@@ -51,6 +57,7 @@ CVE-2020-36225 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a dou
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57)
 	NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids
 CVE-2020-36224 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid  ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9409
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57)
@@ -59,10 +66,12 @@ CVE-2020-36224 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an in
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57)
 	NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids
 CVE-2020-36223 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd cra ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9408
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd (OPENLDAP_REL_ENG_2_4_57)
 CVE-2020-36222 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertio ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9406
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57)
@@ -70,6 +79,7 @@ CVE-2020-36222 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an as
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9407
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57)
 CVE-2020-36221 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading  ...)
+	{DSA-4845-1 DLA-2544-1}
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9404
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 (OPENLDAP_REL_ENG_2_4_57)
@@ -1322,8 +1332,8 @@ CVE-2020-35669 (An issue was discovered in the http package through 0.12.2 for D
 	NOT-FOR-US: Dart http
 CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that lead ...)
 	NOT-FOR-US: RedisGraph
-CVE-2020-35667
-	RESERVED
+CVE-2020-35667 (JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that ...)
+	TODO: check
 CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection because the /a ...)
 	NOT-FOR-US: Steedos Platform
 CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...)
@@ -1823,10 +1833,10 @@ CVE-2020-35484
 	RESERVED
 CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on a system ...)
 	NOT-FOR-US: AnyDesk
-CVE-2020-35482
-	RESERVED
-CVE-2020-35481
-	RESERVED
+CVE-2020-35482 (SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. ...)
+	TODO: check
+CVE-2020-35481 (SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection ...)
+	TODO: check
 CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...)
 	{DSA-4816-1 DLA-2504-1}
 	- mediawiki 1:1.35.1-1
@@ -2906,8 +2916,8 @@ CVE-2020-29584
 	RESERVED
 CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an undocumented ac ...)
 	NOT-FOR-US: Zyxel
-CVE-2020-29582
-	RESERVED
+CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for  ...)
+	TODO: check
 CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a blank pa ...)
 	NOT-FOR-US: spiped Docker images
 CVE-2020-29580 (The official storm Docker images before 1.2.1 contain a blank password ...)
@@ -3878,14 +3888,14 @@ CVE-2020-29168
 	RESERVED
 CVE-2020-29167
 	RESERVED
-CVE-2020-29166
-	RESERVED
-CVE-2020-29165
-	RESERVED
-CVE-2020-29164
-	RESERVED
-CVE-2020-29163
-	RESERVED
+CVE-2020-29166 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by fil ...)
+	TODO: check
+CVE-2020-29165 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by inc ...)
+	TODO: check
+CVE-2020-29164 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cro ...)
+	TODO: check
+CVE-2020-29163 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL ...)
+	TODO: check
 CVE-2020-29162
 	RESERVED
 CVE-2020-29161
@@ -4528,8 +4538,8 @@ CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure t
 	[buster] - neomutt 20180716+dfsg.1-1+deb10u2
 	NOTE: https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
 	NOTE: https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
-CVE-2020-28895
-	RESERVED
+CVE-2020-28895 (In Wind River VxWorks, memory allocator has a possible overflow in cal ...)
+	TODO: check
 CVE-2020-28894
 	RESERVED
 CVE-2020-28893
@@ -5019,8 +5029,8 @@ CVE-2020-28655
 	RESERVED
 CVE-2020-28654
 	RESERVED
-CVE-2020-28653
-	RESERVED
+CVE-2020-28653 (Zoho ManageEngine OpManager Stable build before 125203 (and Released b ...)
+	TODO: check
 CVE-2020-28652
 	RESERVED
 CVE-2020-28651
@@ -5341,7 +5351,7 @@ CVE-2020-28500
 	RESERVED
 CVE-2020-28499
 	RESERVED
-CVE-2020-28498 (All versions of package elliptic are vulnerable to Cryptographic Issue ...)
+CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...)
 	TODO: check
 CVE-2020-28497
 	RESERVED
@@ -6122,8 +6132,8 @@ CVE-2020-28146
 	RESERVED
 CVE-2020-28145
 	RESERVED
-CVE-2020-28144
-	RESERVED
+CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...)
+	TODO: check
 CVE-2020-28143
 	RESERVED
 CVE-2020-28142
@@ -6469,8 +6479,8 @@ CVE-2020-28003
 	RESERVED
 CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve authenticat ...)
 	NOT-FOR-US: SonarQube
-CVE-2020-28001
-	RESERVED
+CVE-2020-28001 (SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. ...)
+	TODO: check
 CVE-2020-28000
 	RESERVED
 CVE-2020-27999
@@ -6483,8 +6493,8 @@ CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does n
 	NOT-FOR-US: SmartStoreNET
 CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...)
 	NOT-FOR-US: Zoho ManageEngine
-CVE-2020-27994
-	RESERVED
+CVE-2020-27994 (SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Travers ...)
+	TODO: check
 CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&amp;filename=../ directory tra ...)
 	NOT-FOR-US: Hrsale
 CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse ...)
@@ -8356,8 +8366,8 @@ CVE-2020-27224
 	RESERVED
 CVE-2020-27223
 	RESERVED
-CVE-2020-27222
-	RESERVED
+CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
+	TODO: check
 CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-b ...)
 	NOT-FOR-US: Eclipse OpenJ9
 CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether  ...)
@@ -11443,16 +11453,16 @@ CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior
 	NOT-FOR-US: Qualcomm QCMAP
 CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)
 	NOT-FOR-US: Qualcomm QCMAP
-CVE-2020-25857
-	RESERVED
-CVE-2020-25856
-	RESERVED
-CVE-2020-25855
-	RESERVED
-CVE-2020-25854
-	RESERVED
-CVE-2020-25853
-	RESERVED
+CVE-2020-25857 (The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Modul ...)
+	TODO: check
+CVE-2020-25856 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
+	TODO: check
+CVE-2020-25855 (The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior t ...)
+	TODO: check
+CVE-2020-25854 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
+	TODO: check
+CVE-2020-25853 (The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to  ...)
+	TODO: check
 CVE-2020-25852
 	RESERVED
 CVE-2020-25851
@@ -13097,8 +13107,8 @@ CVE-2020-25210 (In JetBrains YouTrack before 2020.3.7955, an attacker could acce
 	NOT-FOR-US: JetBrains
 CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access control for  ...)
 	NOT-FOR-US: JetBrains
-CVE-2020-25208
-	RESERVED
+CVE-2020-25208 (In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate  ...)
+	TODO: check
 CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Exe ...)
 	NOT-FOR-US: JetBrains
 CVE-2020-25206
@@ -26316,10 +26326,10 @@ CVE-2020-18726
 	RESERVED
 CVE-2020-18725
 	RESERVED
-CVE-2020-18724
-	RESERVED
-CVE-2020-18723
-	RESERVED
+CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...)
+	TODO: check
+CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon  ...)
+	TODO: check
 CVE-2020-18722
 	RESERVED
 CVE-2020-18721
@@ -28733,8 +28743,7 @@ CVE-2020-17525
 	RESERVED
 CVE-2020-17524
 	REJECTED
-CVE-2020-17523
-	RESERVED
+CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...)
 	- shiro <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3
 	NOTE: https://issues.apache.org/jira/browse/SHIRO-797
@@ -28755,8 +28764,7 @@ CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you to
 	NOT-FOR-US: Apache Flink
 CVE-2020-17517
 	RESERVED
-CVE-2020-17516
-	RESERVED
+CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3 ...)
 	- cassandra <itp> (bug #585905)
 CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...)
 	- airflow <itp> (bug #819700)
@@ -48938,12 +48946,12 @@ CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin
 	NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
 CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
 	NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
-CVE-2020-9390
-	RESERVED
-CVE-2020-9389
-	RESERVED
-CVE-2020-9388
-	RESERVED
+CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was able to  ...)
+	TODO: check
+CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before versio ...)
+	TODO: check
+CVE-2020-9388 (CSRF protection was not present in SquaredUp before version 4.6.0. A C ...)
+	TODO: check
 CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...)
 	- mahara <removed>
 CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
@@ -50794,10 +50802,10 @@ CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.E
 	NOT-FOR-US: eG Manager
 CVE-2020-8590
 	RESERVED
-CVE-2020-8589
-	RESERVED
-CVE-2020-8588
-	RESERVED
+CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...)
+	TODO: check
+CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...)
+	TODO: check
 CVE-2020-8587
 	RESERVED
 CVE-2020-8586
@@ -51461,8 +51469,8 @@ CVE-2020-8296
 	RESERVED
 CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
 	- nextcloud-server <itp> (bug #941708)
-CVE-2020-8294
-	RESERVED
+CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...)
+	TODO: check
 CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5,  ...)
 	TODO: check
 CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...)
@@ -52180,10 +52188,12 @@ CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulne
 CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...)
 	NOT-FOR-US: SAP
 CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
+	{DLA-2545-1}
 	- open-build-service <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649
 	NOTE: https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb
 CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
+	{DLA-2545-1}
 	- open-build-service <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439
 	NOTE: https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb
@@ -64796,10 +64806,10 @@ CVE-2020-2509
 	RESERVED
 CVE-2020-2508 (A command injection vulnerability has been reported to affect QTS and  ...)
 	NOT-FOR-US: QNAP
-CVE-2020-2507
-	RESERVED
-CVE-2020-2506
-	RESERVED
+CVE-2020-2507 (The vulnerability have been reported to affect earlier versions of QTS ...)
+	TODO: check
+CVE-2020-2506 (The vulnerability have been reported to affect earlier versions of QTS ...)
+	TODO: check
 CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain sensiti ...)
 	NOT-FOR-US: QNAP
 CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could allow a ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 029134694f..d3c90205cd 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,169 @@
+CVE-2021-3399
+	RESERVED
+CVE-2021-3398
+	RESERVED
+CVE-2021-3397
+	RESERVED
+CVE-2021-3396
+	RESERVED
+CVE-2021-26676
+	RESERVED
+CVE-2021-26675
+	RESERVED
+CVE-2021-26674
+	RESERVED
+CVE-2021-26673
+	RESERVED
+CVE-2021-26672
+	RESERVED
+CVE-2021-26671
+	RESERVED
+CVE-2021-26670
+	RESERVED
+CVE-2021-26669
+	RESERVED
+CVE-2021-26668
+	RESERVED
+CVE-2021-26667
+	RESERVED
+CVE-2021-26666
+	RESERVED
+CVE-2021-26665
+	RESERVED
+CVE-2021-26664
+	RESERVED
+CVE-2021-26663
+	RESERVED
+CVE-2021-26662
+	RESERVED
+CVE-2021-26661
+	RESERVED
+CVE-2021-26660
+	RESERVED
+CVE-2021-26659
+	RESERVED
+CVE-2021-26658
+	RESERVED
+CVE-2021-26657
+	RESERVED
+CVE-2021-26656
+	RESERVED
+CVE-2021-26655
+	RESERVED
+CVE-2021-26654
+	RESERVED
+CVE-2021-26653
+	RESERVED
+CVE-2021-26652
+	RESERVED
+CVE-2021-26651
+	RESERVED
+CVE-2021-26650
+	RESERVED
+CVE-2021-26649
+	RESERVED
+CVE-2021-26648
+	RESERVED
+CVE-2021-26647
+	RESERVED
+CVE-2021-26646
+	RESERVED
+CVE-2021-26645
+	RESERVED
+CVE-2021-26644
+	RESERVED
+CVE-2021-26643
+	RESERVED
+CVE-2021-26642
+	RESERVED
+CVE-2021-26641
+	RESERVED
+CVE-2021-26640
+	RESERVED
+CVE-2021-26639
+	RESERVED
+CVE-2021-26638
+	RESERVED
+CVE-2021-26637
+	RESERVED
+CVE-2021-26636
+	RESERVED
+CVE-2021-26635
+	RESERVED
+CVE-2021-26634
+	RESERVED
+CVE-2021-26633
+	RESERVED
+CVE-2021-26632
+	RESERVED
+CVE-2021-26631
+	RESERVED
+CVE-2021-26630
+	RESERVED
+CVE-2021-26629
+	RESERVED
+CVE-2021-26628
+	RESERVED
+CVE-2021-26627
+	RESERVED
+CVE-2021-26626
+	RESERVED
+CVE-2021-26625
+	RESERVED
+CVE-2021-26624
+	RESERVED
+CVE-2021-26623
+	RESERVED
+CVE-2021-26622
+	RESERVED
+CVE-2021-26621
+	RESERVED
+CVE-2021-26620
+	RESERVED
+CVE-2021-26619
+	RESERVED
+CVE-2021-26618
+	RESERVED
+CVE-2021-26617
+	RESERVED
+CVE-2021-26616
+	RESERVED
+CVE-2021-26615
+	RESERVED
+CVE-2021-26614
+	RESERVED
+CVE-2021-26613
+	RESERVED
+CVE-2021-26612
+	RESERVED
+CVE-2021-26611
+	RESERVED
+CVE-2021-26610
+	RESERVED
+CVE-2021-26609
+	RESERVED
+CVE-2021-26608
+	RESERVED
+CVE-2021-26607
+	RESERVED
+CVE-2021-26606
+	RESERVED
+CVE-2021-26605
+	RESERVED
+CVE-2021-26604
+	RESERVED
+CVE-2021-26603
+	RESERVED
+CVE-2021-26602
+	RESERVED
+CVE-2021-26601
+	RESERVED
+CVE-2021-26600
+	RESERVED
+CVE-2021-26599
+	RESERVED
+CVE-2021-26598
+	RESERVED
 CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
 	NOT-FOR-US: Pryaniki
 CVE-2021-3394
@@ -2060,54 +2226,54 @@ CVE-2021-25780
 	RESERVED
 CVE-2021-25779
 	RESERVED
-CVE-2021-25778
-	RESERVED
-CVE-2021-25777
-	RESERVED
-CVE-2021-25776
-	RESERVED
-CVE-2021-25775
-	RESERVED
-CVE-2021-25774
-	RESERVED
-CVE-2021-25773
-	RESERVED
-CVE-2021-25772
-	RESERVED
-CVE-2021-25771
-	RESERVED
-CVE-2021-25770
-	RESERVED
-CVE-2021-25769
-	RESERVED
-CVE-2021-25768
-	RESERVED
-CVE-2021-25767
-	RESERVED
-CVE-2021-25766
-	RESERVED
-CVE-2021-25765
-	RESERVED
+CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...)
+	TODO: check
+CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...)
+	TODO: check
+CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be exposed in  ...)
+	TODO: check
+CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could create a ...)
+	TODO: check
+CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access to the  ...)
+	TODO: check
+CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on se ...)
+	TODO: check
+CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possibl ...)
+	TODO: check
+CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information could be ...)
+	TODO: check
+CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template injecti ...)
+	TODO: check
+CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator w ...)
+	TODO: check
+CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for attachments  ...)
+	TODO: check
+CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence could b ...)
+	TODO: check
+CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource access che ...)
+	TODO: check
+CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload w ...)
+	TODO: check
 CVE-2021-25764
 	RESERVED
-CVE-2021-25763
-	RESERVED
-CVE-2021-25762
-	RESERVED
-CVE-2021-25761
-	RESERVED
-CVE-2021-25760
-	RESERVED
-CVE-2021-25759
-	RESERVED
-CVE-2021-25758
-	RESERVED
-CVE-2021-25757
-	RESERVED
-CVE-2021-25756
-	RESERVED
-CVE-2021-25755
-	RESERVED
+CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by def ...)
+	TODO: check
+CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. ...)
+	TODO: check
+CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage ke ...)
+	TODO: check
+CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure via the p ...)
+	TODO: check
+CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user can delete ...)
+	TODO: check
+CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deseria ...)
+	TODO: check
+CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was possible. ...)
+	TODO: check
+CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for sev ...)
+	TODO: check
+CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the local netw ...)
+	TODO: check
 CVE-2021-25754
 	RESERVED
 CVE-2021-25753
@@ -3194,12 +3360,12 @@ CVE-2021-25278
 	RESERVED
 CVE-2021-25277
 	RESERVED
-CVE-2021-25276
-	RESERVED
-CVE-2021-25275
-	RESERVED
-CVE-2021-25274
-	RESERVED
+CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory cont ...)
+	TODO: check
+CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various SolarWin ...)
+	TODO: check
+CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...)
+	TODO: check
 CVE-2021-3159
 	RESERVED
 CVE-2021-25273
@@ -7281,8 +7447,8 @@ CVE-2021-23333
 	RESERVED
 CVE-2021-23332
 	RESERVED
-CVE-2021-23331
-	RESERVED
+CVE-2021-23331 (This affects all versions of package com.squareup:connect. The method  ...)
+	TODO: check
 CVE-2021-23330 (All versions of package launchpad are vulnerable to Command Injection  ...)
 	NOT-FOR-US: Node launchpad
 CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to Protot ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-02-03 20:10:23 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-02-03 20:10:23 +0000
commit	411555260a1176c6ff30a22987e045589a82920a (patch)
tree	1a76099ce468948aba38f2b47dbc9f1f689095d3 /data
parent	d5f9bb486e35177c16da80314fab1f0de2d0223e (diff)