[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Dec 19 08:10:21 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43df0540 by security tracker role at 2020-12-19T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,203 @@
+CVE-2021-21105
+	RESERVED
+CVE-2021-21104
+	RESERVED
+CVE-2021-21103
+	RESERVED
+CVE-2021-21102
+	RESERVED
+CVE-2021-21101
+	RESERVED
+CVE-2021-21100
+	RESERVED
+CVE-2021-21099
+	RESERVED
+CVE-2021-21098
+	RESERVED
+CVE-2021-21097
+	RESERVED
+CVE-2021-21096
+	RESERVED
+CVE-2021-21095
+	RESERVED
+CVE-2021-21094
+	RESERVED
+CVE-2021-21093
+	RESERVED
+CVE-2021-21092
+	RESERVED
+CVE-2021-21091
+	RESERVED
+CVE-2021-21090
+	RESERVED
+CVE-2021-21089
+	RESERVED
+CVE-2021-21088
+	RESERVED
+CVE-2021-21087
+	RESERVED
+CVE-2021-21086
+	RESERVED
+CVE-2021-21085
+	RESERVED
+CVE-2021-21084
+	RESERVED
+CVE-2021-21083
+	RESERVED
+CVE-2021-21082
+	RESERVED
+CVE-2021-21081
+	RESERVED
+CVE-2021-21080
+	RESERVED
+CVE-2021-21079
+	RESERVED
+CVE-2021-21078
+	RESERVED
+CVE-2021-21077
+	RESERVED
+CVE-2021-21076
+	RESERVED
+CVE-2021-21075
+	RESERVED
+CVE-2021-21074
+	RESERVED
+CVE-2021-21073
+	RESERVED
+CVE-2021-21072
+	RESERVED
+CVE-2021-21071
+	RESERVED
+CVE-2021-21070
+	RESERVED
+CVE-2021-21069
+	RESERVED
+CVE-2021-21068
+	RESERVED
+CVE-2021-21067
+	RESERVED
+CVE-2021-21066
+	RESERVED
+CVE-2021-21065
+	RESERVED
+CVE-2021-21064
+	RESERVED
+CVE-2021-21063
+	RESERVED
+CVE-2021-21062
+	RESERVED
+CVE-2021-21061
+	RESERVED
+CVE-2021-21060
+	RESERVED
+CVE-2021-21059
+	RESERVED
+CVE-2021-21058
+	RESERVED
+CVE-2021-21057
+	RESERVED
+CVE-2021-21056
+	RESERVED
+CVE-2021-21055
+	RESERVED
+CVE-2021-21054
+	RESERVED
+CVE-2021-21053
+	RESERVED
+CVE-2021-21052
+	RESERVED
+CVE-2021-21051
+	RESERVED
+CVE-2021-21050
+	RESERVED
+CVE-2021-21049
+	RESERVED
+CVE-2021-21048
+	RESERVED
+CVE-2021-21047
+	RESERVED
+CVE-2021-21046
+	RESERVED
+CVE-2021-21045
+	RESERVED
+CVE-2021-21044
+	RESERVED
+CVE-2021-21043
+	RESERVED
+CVE-2021-21042
+	RESERVED
+CVE-2021-21041
+	RESERVED
+CVE-2021-21040
+	RESERVED
+CVE-2021-21039
+	RESERVED
+CVE-2021-21038
+	RESERVED
+CVE-2021-21037
+	RESERVED
+CVE-2021-21036
+	RESERVED
+CVE-2021-21035
+	RESERVED
+CVE-2021-21034
+	RESERVED
+CVE-2021-21033
+	RESERVED
+CVE-2021-21032
+	RESERVED
+CVE-2021-21031
+	RESERVED
+CVE-2021-21030
+	RESERVED
+CVE-2021-21029
+	RESERVED
+CVE-2021-21028
+	RESERVED
+CVE-2021-21027
+	RESERVED
+CVE-2021-21026
+	RESERVED
+CVE-2021-21025
+	RESERVED
+CVE-2021-21024
+	RESERVED
+CVE-2021-21023
+	RESERVED
+CVE-2021-21022
+	RESERVED
+CVE-2021-21021
+	RESERVED
+CVE-2021-21020
+	RESERVED
+CVE-2021-21019
+	RESERVED
+CVE-2021-21018
+	RESERVED
+CVE-2021-21017
+	RESERVED
+CVE-2021-21016
+	RESERVED
+CVE-2021-21015
+	RESERVED
+CVE-2021-21014
+	RESERVED
+CVE-2021-21013
+	RESERVED
+CVE-2021-21012
+	RESERVED
+CVE-2021-21011
+	RESERVED
+CVE-2021-21010
+	RESERVED
+CVE-2021-21009
+	RESERVED
+CVE-2021-21008
+	RESERVED
+CVE-2021-21007
+	RESERVED
+CVE-2021-21006
+	RESERVED
 CVE-2020-35570
 	RESERVED
 CVE-2020-35569
@@ -11852,8 +12052,7 @@ CVE-2020-27783 (A XSS vulnerability was discovered in python-lxml's clean module
 	NOTE: https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7 (lxml-4.6.2)
 CVE-2020-27782
 	RESERVED
-CVE-2020-27781
-	RESERVED
+CVE-2020-27781 (User credentials can be manipulated and stolen by Native CephFS consum ...)
 	- ceph <unfixed>
 	NOTE: https://bugs.launchpad.net/manila/+bug/1904015
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1900109
@@ -34017,8 +34216,7 @@ CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating te
 	NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
 	NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1
 	NOTE: https://github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e (GROOVY_2_4_21)
-CVE-2020-17520
-	RESERVED
+CVE-2020-17520 (In the Pulsar manager 0.1.0 version, malicious users will be able to b ...)
 	NOT-FOR-US: Apache Pulsar
 CVE-2020-17519
 	RESERVED
@@ -42219,8 +42417,8 @@ CVE-2020-14273
 	RESERVED
 CVE-2020-14272
 	RESERVED
-CVE-2020-14271
-	RESERVED
+CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...)
+	TODO: check
 CVE-2020-14270
 	RESERVED
 CVE-2020-14269
@@ -42313,8 +42511,8 @@ CVE-2020-14226
 	RESERVED
 CVE-2020-14225
 	RESERVED
-CVE-2020-14224
-	RESERVED
+CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...)
+	TODO: check
 CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...)
 	NOT-FOR-US: HCL Digital Experience
 CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...)
@@ -44243,8 +44441,8 @@ CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in
 	NOT-FOR-US: Moxa
 CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...)
 	NOT-FOR-US: Microsoft
-CVE-2020-13535
-	RESERVED
+CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware LinkMaster 3.0. ...)
+	TODO: check
 CVE-2020-13534
 	RESERVED
 CVE-2020-13533
@@ -44275,22 +44473,22 @@ CVE-2020-13521
 	REJECTED
 CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...)
 	NOT-FOR-US: Pixar OpenUSD
-CVE-2020-13519
-	RESERVED
+CVE-2020-13519 (A privilege escalation vulnerability exists in the WinRing0x64 Driver  ...)
+	TODO: check
 CVE-2020-13518 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
 	TODO: check
 CVE-2020-13517 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
 	TODO: check
 CVE-2020-13516 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
 	TODO: check
-CVE-2020-13515
-	RESERVED
-CVE-2020-13514
-	RESERVED
-CVE-2020-13513
-	RESERVED
-CVE-2020-13512
-	RESERVED
+CVE-2020-13515 (A privilege escalation vulnerability exists in the WinRing0x64 Driver  ...)
+	TODO: check
+CVE-2020-13514 (A privilege escalation vulnerability exists in the WinRing0x64 Driver  ...)
+	TODO: check
+CVE-2020-13513 (A privilege escalation vulnerability exists in the WinRing0x64 Driver  ...)
+	TODO: check
+CVE-2020-13512 (A privilege escalation vulnerability exists in the WinRing0x64 Driver  ...)
+	TODO: check
 CVE-2020-13511 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
 	TODO: check
 CVE-2020-13510 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
@@ -48252,8 +48450,8 @@ CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver
 	NOT-FOR-US: Apache Wicket
 CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the  ...)
 	NOT-FOR-US: Apache Unomi
-CVE-2020-11974
-	RESERVED
+CVE-2020-11974 (In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote co ...)
+	TODO: check
 CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...)
 	NOT-FOR-US: Apache Camel
 CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache  ...)
@@ -59033,15 +59231,18 @@ CVE-2020-8288
 CVE-2020-8287
 	RESERVED
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
+	{DLA-2500-1}
 	- curl <unfixed> (bug #977161)
 	NOTE: https://curl.se/docs/CVE-2020-8286.html
 	NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0)
 CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...)
+	{DLA-2500-1}
 	- curl <unfixed> (bug #977162)
 	NOTE: https://curl.se/docs/CVE-2020-8285.html
 	NOTE: https://github.com/curl/curl/issues/6255
 	NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0)
 CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0  ...)
+	{DLA-2500-1}
 	- curl <unfixed> (bug #977163)
 	NOTE: https://curl.se/docs/CVE-2020-8284.html
 	NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0)
@@ -60724,7 +60925,7 @@ CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of
 	- ruby-websocket-extensions 0.1.5-1 (bug #964274)
 	NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
 	NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
-CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...)
+CVE-2020-7662 (websocket-extensions npm module prior to 0.1.4 allows Denial of Servic ...)
 	NOT-FOR-US: Node websocket-extensions
 CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial  ...)
 	NOT-FOR-US: Node url-regex
@@ -61751,14 +61952,14 @@ CVE-2020-7205 (A potential security vulnerability has been identified in HPE Int
 	NOT-FOR-US: HPE
 CVE-2020-7204
 	RESERVED
-CVE-2020-7203
-	RESERVED
+CVE-2020-7203 (A potential security vulnerability has been identified in HPE iLO Ampl ...)
+	TODO: check
 CVE-2020-7202
 	RESERVED
-CVE-2020-7201
-	RESERVED
-CVE-2020-7200
-	RESERVED
+CVE-2020-7201 (A potential security vulnerability has been identified in the HPE Stor ...)
+	TODO: check
+CVE-2020-7200 (A potential security vulnerability has been identified in HPE Systems  ...)
+	TODO: check
 CVE-2020-7199 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
 	NOT-FOR-US: HPE
 CVE-2020-7198 (There is a remote escalation of privilege possible for a malicious use ...)
@@ -65423,8 +65624,8 @@ CVE-2020-5805
 	RESERVED
 CVE-2020-5804
 	RESERVED
-CVE-2020-5803
-	RESERVED
+CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allow ...)
+	TODO: check
 CVE-2020-5802
 	RESERVED
 CVE-2020-5801
@@ -69570,8 +69771,8 @@ CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site s
 	NOT-FOR-US: HCL Connections
 CVE-2020-4081
 	RESERVED
-CVE-2020-4080
-	RESERVED
+CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting  ...)
+	TODO: check
 CVE-2020-4079
 	RESERVED
 CVE-2020-4078



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df054009e7c304509ae9d163213d624cad61ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df054009e7c304509ae9d163213d624cad61ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201219/23953404/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list