[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 19 Dec 2020 00:10:31 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
43df0540 by security tracker role at 2020-12-19T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,203 @@
+CVE-2021-21105
+       RESERVED
+CVE-2021-21104
+       RESERVED
+CVE-2021-21103
+       RESERVED
+CVE-2021-21102
+       RESERVED
+CVE-2021-21101
+       RESERVED
+CVE-2021-21100
+       RESERVED
+CVE-2021-21099
+       RESERVED
+CVE-2021-21098
+       RESERVED
+CVE-2021-21097
+       RESERVED
+CVE-2021-21096
+       RESERVED
+CVE-2021-21095
+       RESERVED
+CVE-2021-21094
+       RESERVED
+CVE-2021-21093
+       RESERVED
+CVE-2021-21092
+       RESERVED
+CVE-2021-21091
+       RESERVED
+CVE-2021-21090
+       RESERVED
+CVE-2021-21089
+       RESERVED
+CVE-2021-21088
+       RESERVED
+CVE-2021-21087
+       RESERVED
+CVE-2021-21086
+       RESERVED
+CVE-2021-21085
+       RESERVED
+CVE-2021-21084
+       RESERVED
+CVE-2021-21083
+       RESERVED
+CVE-2021-21082
+       RESERVED
+CVE-2021-21081
+       RESERVED
+CVE-2021-21080
+       RESERVED
+CVE-2021-21079
+       RESERVED
+CVE-2021-21078
+       RESERVED
+CVE-2021-21077
+       RESERVED
+CVE-2021-21076
+       RESERVED
+CVE-2021-21075
+       RESERVED
+CVE-2021-21074
+       RESERVED
+CVE-2021-21073
+       RESERVED
+CVE-2021-21072
+       RESERVED
+CVE-2021-21071
+       RESERVED
+CVE-2021-21070
+       RESERVED
+CVE-2021-21069
+       RESERVED
+CVE-2021-21068
+       RESERVED
+CVE-2021-21067
+       RESERVED
+CVE-2021-21066
+       RESERVED
+CVE-2021-21065
+       RESERVED
+CVE-2021-21064
+       RESERVED
+CVE-2021-21063
+       RESERVED
+CVE-2021-21062
+       RESERVED
+CVE-2021-21061
+       RESERVED
+CVE-2021-21060
+       RESERVED
+CVE-2021-21059
+       RESERVED
+CVE-2021-21058
+       RESERVED
+CVE-2021-21057
+       RESERVED
+CVE-2021-21056
+       RESERVED
+CVE-2021-21055
+       RESERVED
+CVE-2021-21054
+       RESERVED
+CVE-2021-21053
+       RESERVED
+CVE-2021-21052
+       RESERVED
+CVE-2021-21051
+       RESERVED
+CVE-2021-21050
+       RESERVED
+CVE-2021-21049
+       RESERVED
+CVE-2021-21048
+       RESERVED
+CVE-2021-21047
+       RESERVED
+CVE-2021-21046
+       RESERVED
+CVE-2021-21045
+       RESERVED
+CVE-2021-21044
+       RESERVED
+CVE-2021-21043
+       RESERVED
+CVE-2021-21042
+       RESERVED
+CVE-2021-21041
+       RESERVED
+CVE-2021-21040
+       RESERVED
+CVE-2021-21039
+       RESERVED
+CVE-2021-21038
+       RESERVED
+CVE-2021-21037
+       RESERVED
+CVE-2021-21036
+       RESERVED
+CVE-2021-21035
+       RESERVED
+CVE-2021-21034
+       RESERVED
+CVE-2021-21033
+       RESERVED
+CVE-2021-21032
+       RESERVED
+CVE-2021-21031
+       RESERVED
+CVE-2021-21030
+       RESERVED
+CVE-2021-21029
+       RESERVED
+CVE-2021-21028
+       RESERVED
+CVE-2021-21027
+       RESERVED
+CVE-2021-21026
+       RESERVED
+CVE-2021-21025
+       RESERVED
+CVE-2021-21024
+       RESERVED
+CVE-2021-21023
+       RESERVED
+CVE-2021-21022
+       RESERVED
+CVE-2021-21021
+       RESERVED
+CVE-2021-21020
+       RESERVED
+CVE-2021-21019
+       RESERVED
+CVE-2021-21018
+       RESERVED
+CVE-2021-21017
+       RESERVED
+CVE-2021-21016
+       RESERVED
+CVE-2021-21015
+       RESERVED
+CVE-2021-21014
+       RESERVED
+CVE-2021-21013
+       RESERVED
+CVE-2021-21012
+       RESERVED
+CVE-2021-21011
+       RESERVED
+CVE-2021-21010
+       RESERVED
+CVE-2021-21009
+       RESERVED
+CVE-2021-21008
+       RESERVED
+CVE-2021-21007
+       RESERVED
+CVE-2021-21006
+       RESERVED
 CVE-2020-35570
        RESERVED
 CVE-2020-35569
@@ -11852,8 +12052,7 @@ CVE-2020-27783 (A XSS vulnerability was discovered in 
python-lxml's clean module
        NOTE: 
https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7 
(lxml-4.6.2)
 CVE-2020-27782
        RESERVED
-CVE-2020-27781
-       RESERVED
+CVE-2020-27781 (User credentials can be manipulated and stolen by Native 
CephFS consum ...)
        - ceph <unfixed>
        NOTE: https://bugs.launchpad.net/manila/+bug/1904015
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1900109
@@ -34017,8 +34216,7 @@ CVE-2020-17521 (Apache Groovy provides extension 
methods to aid with creating te
        NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
        NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1
        NOTE: 
https://github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e
 (GROOVY_2_4_21)
-CVE-2020-17520
-       RESERVED
+CVE-2020-17520 (In the Pulsar manager 0.1.0 version, malicious users will be 
able to b ...)
        NOT-FOR-US: Apache Pulsar
 CVE-2020-17519
        RESERVED
@@ -42219,8 +42417,8 @@ CVE-2020-14273
        RESERVED
 CVE-2020-14272
        RESERVED
-CVE-2020-14271
-       RESERVED
+CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored 
Cross-Site Scrip ...)
+       TODO: check
 CVE-2020-14270
        RESERVED
 CVE-2020-14269
@@ -42313,8 +42511,8 @@ CVE-2020-14226
        RESERVED
 CVE-2020-14225
        RESERVED
-CVE-2020-14224
-       RESERVED
+CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes 
v9 clien ...)
+       TODO: check
 CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to 
cross-site scri ...)
        NOT-FOR-US: HCL Digital Experience
 CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross 
site scri ...)
@@ -44243,8 +44441,8 @@ CVE-2020-13537 (An exploitable local privilege 
elevation vulnerability exists in
        NOT-FOR-US: Moxa
 CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists 
in the f ...)
        NOT-FOR-US: Microsoft
-CVE-2020-13535
-       RESERVED
+CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware 
LinkMaster 3.0. ...)
+       TODO: check
 CVE-2020-13534
        RESERVED
 CVE-2020-13533
@@ -44275,22 +44473,22 @@ CVE-2020-13521
        REJECTED
 CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the 
way Pix ...)
        NOT-FOR-US: Pixar OpenUSD
-CVE-2020-13519
-       RESERVED
+CVE-2020-13519 (A privilege escalation vulnerability exists in the WinRing0x64 
Driver  ...)
+       TODO: check
 CVE-2020-13518 (An information disclosure vulnerability exists in the 
WinRing0x64 Driv ...)
        TODO: check
 CVE-2020-13517 (An information disclosure vulnerability exists in the 
WinRing0x64 Driv ...)
        TODO: check
 CVE-2020-13516 (An information disclosure vulnerability exists in the 
WinRing0x64 Driv ...)
        TODO: check
-CVE-2020-13515
-       RESERVED
-CVE-2020-13514
-       RESERVED
-CVE-2020-13513
-       RESERVED
-CVE-2020-13512
-       RESERVED
+CVE-2020-13515 (A privilege escalation vulnerability exists in the WinRing0x64 
Driver  ...)
+       TODO: check
+CVE-2020-13514 (A privilege escalation vulnerability exists in the WinRing0x64 
Driver  ...)
+       TODO: check
+CVE-2020-13513 (A privilege escalation vulnerability exists in the WinRing0x64 
Driver  ...)
+       TODO: check
+CVE-2020-13512 (A privilege escalation vulnerability exists in the WinRing0x64 
Driver  ...)
+       TODO: check
 CVE-2020-13511 (An information disclosure vulnerability exists in the 
WinRing0x64 Driv ...)
        TODO: check
 CVE-2020-13510 (An information disclosure vulnerability exists in the 
WinRing0x64 Driv ...)
@@ -48252,8 +48450,8 @@ CVE-2020-11976 (By crafting a special URL it is 
possible to make Wicket deliver
        NOT-FOR-US: Apache Wicket
 CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which 
offers the  ...)
        NOT-FOR-US: Apache Unomi
-CVE-2020-11974
-       RESERVED
+CVE-2020-11974 (In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a 
remote co ...)
+       TODO: check
 CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. 
Apache Cam ...)
        NOT-FOR-US: Apache Camel
 CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. 
Apache  ...)
@@ -59033,15 +59231,18 @@ CVE-2020-8288
 CVE-2020-8287
        RESERVED
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check 
for cert ...)
+       {DLA-2500-1}
        - curl <unfixed> (bug #977161)
        NOTE: https://curl.se/docs/CVE-2020-8286.html
        NOTE: 
https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 
(curl-7_74_0)
 CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to 
uncontrolled recu ...)
+       {DLA-2500-1}
        - curl <unfixed> (bug #977162)
        NOTE: https://curl.se/docs/CVE-2020-8285.html
        NOTE: https://github.com/curl/curl/issues/6255
        NOTE: 
https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d 
(curl-7_74_0)
 CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 
7.73.0  ...)
+       {DLA-2500-1}
        - curl <unfixed> (bug #977163)
        NOTE: https://curl.se/docs/CVE-2020-8284.html
        NOTE: 
https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 
(curl-7_74_0)
@@ -60724,7 +60925,7 @@ CVE-2020-7663 (websocket-extensions ruby module prior 
to 0.1.5 allows Denial of
        - ruby-websocket-extensions 0.1.5-1 (bug #964274)
        NOTE: 
https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
        NOTE: 
https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
-CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of 
Servic ...)
+CVE-2020-7662 (websocket-extensions npm module prior to 0.1.4 allows Denial of 
Servic ...)
        NOT-FOR-US: Node websocket-extensions
 CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression 
Denial  ...)
        NOT-FOR-US: Node url-regex
@@ -61751,14 +61952,14 @@ CVE-2020-7205 (A potential security vulnerability has 
been identified in HPE Int
        NOT-FOR-US: HPE
 CVE-2020-7204
        RESERVED
-CVE-2020-7203
-       RESERVED
+CVE-2020-7203 (A potential security vulnerability has been identified in HPE 
iLO Ampl ...)
+       TODO: check
 CVE-2020-7202
        RESERVED
-CVE-2020-7201
-       RESERVED
-CVE-2020-7200
-       RESERVED
+CVE-2020-7201 (A potential security vulnerability has been identified in the 
HPE Stor ...)
+       TODO: check
+CVE-2020-7200 (A potential security vulnerability has been identified in HPE 
Systems  ...)
+       TODO: check
 CVE-2020-7199 (A security vulnerability has been identified in the HPE 
Edgeline Infra ...)
        NOT-FOR-US: HPE
 CVE-2020-7198 (There is a remote escalation of privilege possible for a 
malicious use ...)
@@ -65423,8 +65624,8 @@ CVE-2020-5805
        RESERVED
 CVE-2020-5804
        RESERVED
-CVE-2020-5803
-       RESERVED
+CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 
5.5.0.74 allow ...)
+       TODO: check
 CVE-2020-5802
        RESERVED
 CVE-2020-5801
@@ -69570,8 +69771,8 @@ CVE-2020-4082 (The HCL Connections 5.5 help system is 
vulnerable to cross-site s
        NOT-FOR-US: HCL Connections
 CVE-2020-4081
        RESERVED
-CVE-2020-4080
-       RESERVED
+CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site 
Scripting  ...)
+       TODO: check
 CVE-2020-4079
        RESERVED
 CVE-2020-4078



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df054009e7c304509ae9d163213d624cad61ed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df054009e7c304509ae9d163213d624cad61ed
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to