From 0a0e87cfbcea531954dc3f2c389e50105335acef Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Thu, 4 Mar 2021 20:10:57 +0000
Subject: automatic update

---
 data/CVE/2020.list | 52 ++++++++++++++---------------
 data/CVE/2021.list | 98 +++++++++++++++++++++++++++++++++---------------------
 2 files changed, 86 insertions(+), 64 deletions(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 65725966d5..20e5651e11 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -2262,12 +2262,12 @@ CVE-2020-35331
 	RESERVED
 CVE-2020-35330
 	RESERVED
-CVE-2020-35329
-	RESERVED
-CVE-2020-35328
-	RESERVED
-CVE-2020-35327
-	RESERVED
+CVE-2020-35329 (Courier Management System 1.0 1.0 is affected by SQL Injection via 'MU ...)
+	TODO: check
+CVE-2020-35328 (Courier Management System 1.0 - 'First Name' Stored XSS ...)
+	TODO: check
+CVE-2020-35327 (SQL injection vulnerability was discovered in Courier Management Syste ...)
+	TODO: check
 CVE-2020-35326
 	RESERVED
 CVE-2020-35325
@@ -13911,12 +13911,12 @@ CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is
 	NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
 CVE-2020-24915
 	RESERVED
-CVE-2020-24914
-	RESERVED
-CVE-2020-24913
-	RESERVED
-CVE-2020-24912
-	RESERVED
+CVE-2020-24914 (A PHP object injection bug in profile.php in qcubed (all versions incl ...)
+	TODO: check
+CVE-2020-24913 (A SQL injection vulnerability in qcubed (all versions including 3.1.1) ...)
+	TODO: check
+CVE-2020-24912 (A reflected cross-site scripting (XSS) vulnerability in qcubed (all ve ...)
+	TODO: check
 CVE-2020-24911
 	RESERVED
 CVE-2020-24910
@@ -15832,8 +15832,8 @@ CVE-2020-24038
 	RESERVED
 CVE-2020-24037
 	RESERVED
-CVE-2020-24036
-	RESERVED
+CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in ForkCMS be ...)
+	TODO: check
 CVE-2020-24035
 	RESERVED
 CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...)
@@ -32532,8 +32532,8 @@ CVE-2020-15940
 	RESERVED
 CVE-2020-15939
 	RESERVED
-CVE-2020-15938
-	RESERVED
+CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the ...)
+	TODO: check
 CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...)
 	TODO: check
 CVE-2020-15936
@@ -59774,8 +59774,8 @@ CVE-2020-4977
 	RESERVED
 CVE-2020-4976
 	RESERVED
-CVE-2020-4975
-	RESERVED
+CVE-2020-4975 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	TODO: check
 CVE-2020-4974
 	RESERVED
 CVE-2020-4973
@@ -59992,14 +59992,14 @@ CVE-2020-4868
 	RESERVED
 CVE-2020-4867
 	RESERVED
-CVE-2020-4866
-	RESERVED
+CVE-2020-4866 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	TODO: check
 CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
 	NOT-FOR-US: IBM
 CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...)
 	NOT-FOR-US: IBM
-CVE-2020-4863
-	RESERVED
+CVE-2020-4863 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+	TODO: check
 CVE-2020-4862
 	RESERVED
 CVE-2020-4861
@@ -60010,10 +60010,10 @@ CVE-2020-4859
 	RESERVED
 CVE-2020-4858
 	RESERVED
-CVE-2020-4857
-	RESERVED
-CVE-2020-4856
-	RESERVED
+CVE-2020-4857 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+	TODO: check
+CVE-2020-4856 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+	TODO: check
 CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
 	NOT-FOR-US: IBM
 CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index fd3f0e172f..2a513402d0 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,25 @@
+CVE-2021-27955
+	RESERVED
+CVE-2021-27954
+	RESERVED
+CVE-2021-27953
+	RESERVED
+CVE-2021-27952
+	RESERVED
+CVE-2021-27951
+	RESERVED
+CVE-2021-27950
+	RESERVED
+CVE-2021-27949
+	RESERVED
+CVE-2021-27948
+	RESERVED
+CVE-2021-27947
+	RESERVED
+CVE-2021-27946
+	RESERVED
+CVE-2021-27945
+	RESERVED
 CVE-2021-XXXX [XSA 369]
 	- linux <unfixed> (unimportant)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -1524,8 +1546,8 @@ CVE-2021-27221
 	RESERVED
 CVE-2021-27220
 	RESERVED
-CVE-2021-27217
-	RESERVED
+CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
+	TODO: check
 CVE-2021-27216
 	RESERVED
 CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
@@ -4318,12 +4340,12 @@ CVE-2021-26031
 	RESERVED
 CVE-2021-26030
 	RESERVED
-CVE-2021-26029
-	RESERVED
-CVE-2021-26028
-	RESERVED
-CVE-2021-26027
-	RESERVED
+CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...)
+	TODO: check
+CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...)
+	TODO: check
+CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...)
+	TODO: check
 CVE-2021-3287
 	RESERVED
 CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
@@ -10255,12 +10277,12 @@ CVE-2021-23348
 	RESERVED
 CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0  ...)
 	NOT-FOR-US: argo-cd
-CVE-2021-23346
-	RESERVED
+CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
+	TODO: check
 CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
 	TODO: check
-CVE-2021-23344
-	RESERVED
+CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
+	TODO: check
 CVE-2021-23343
 	RESERVED
 CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
@@ -10679,20 +10701,20 @@ CVE-2021-23134
 	RESERVED
 CVE-2021-23133
 	RESERVED
-CVE-2021-23132
-	RESERVED
-CVE-2021-23131
-	RESERVED
-CVE-2021-23130
-	RESERVED
-CVE-2021-23129
-	RESERVED
-CVE-2021-23128
-	RESERVED
-CVE-2021-23127
-	RESERVED
-CVE-2021-23126
-	RESERVED
+CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...)
+	TODO: check
+CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...)
+	TODO: check
+CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+	TODO: check
+CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+	TODO: check
+CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...)
+	TODO: check
+CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...)
+	TODO: check
+CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the  ...)
+	TODO: check
 CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...)
 	NOT-FOR-US: Joomla!
 CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...)
@@ -12604,8 +12626,8 @@ CVE-2021-22191
 	RESERVED
 CVE-2021-22190
 	RESERVED
-CVE-2021-22189
-	RESERVED
+CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by  ...)
+	TODO: check
 CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
@@ -12616,8 +12638,8 @@ CVE-2021-22185
 	RESERVED
 CVE-2021-22184
 	RESERVED
-CVE-2021-22183
-	RESERVED
+CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2021-22181
@@ -12754,8 +12776,8 @@ CVE-2021-22130
 	RESERVED
 CVE-2021-22129
 	RESERVED
-CVE-2021-22128
-	RESERVED
+CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal  ...)
+	TODO: check
 CVE-2021-22127
 	RESERVED
 CVE-2021-22126
@@ -16586,10 +16608,10 @@ CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulne
 	NOT-FOR-US: IBM
 CVE-2021-20352
 	RESERVED
-CVE-2021-20351
-	RESERVED
-CVE-2021-20350
-	RESERVED
+CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	TODO: check
+CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	TODO: check
 CVE-2021-20349
 	RESERVED
 CVE-2021-20348
@@ -16608,8 +16630,8 @@ CVE-2021-20342
 	RESERVED
 CVE-2021-20341
 	RESERVED
-CVE-2021-20340
-	RESERVED
+CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	TODO: check
 CVE-2021-20339
 	RESERVED
 CVE-2021-20338
-- 
cgit v1.2.3