[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
87d4901a by security tracker role at 2021-02-13T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-27211
+	RESERVED
+CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...)
+	TODO: check
+CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221 devices,  ...)
+	TODO: check
+CVE-2021-27208
+	RESERVED
+CVE-2021-27207
+	RESERVED
+CVE-2021-27206
+	RESERVED
+CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
+	TODO: check
 CVE-2021-3411
 	RESERVED
 CVE-2021-3410
@@ -37,7 +51,7 @@ CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable
 	NOT-FOR-US: Node get-ip-range
 CVE-2021-3408
 	RESERVED
-CVE-2021-27190 (PEEL Shopping cart 9.3.0 allows utilisateurs/change_params.php Address ...)
+CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...)
 	NOT-FOR-US: PEEL Shopping cart
 CVE-2021-27189
 	RESERVED
@@ -980,12 +994,12 @@ CVE-2021-26755
 	RESERVED
 CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for server-side t ...)
 	NOT-FOR-US: wpDataTables WordPress plugin
-CVE-2021-26753
-	RESERVED
-CVE-2021-26752
-	RESERVED
-CVE-2021-26751
-	RESERVED
+CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in the Syste ...)
+	TODO: check
+CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating system com ...)
+	TODO: check
+CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...)
+	TODO: check
 CVE-2021-26750
 	RESERVED
 CVE-2021-26749
@@ -9456,8 +9470,8 @@ CVE-2021-22986
 	RESERVED
 CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2021-22984
-	RESERVED
+CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x  ...)
+	TODO: check
 CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...)
@@ -9468,10 +9482,10 @@ CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.
 	NOT-FOR-US: F5 BIG-IP
 CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2021-22978
-	RESERVED
-CVE-2021-22977
-	RESERVED
+CVE-2021-22978 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...)
+	TODO: check
+CVE-2021-22977 (On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation betwe ...)
+	TODO: check
 CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and  ...)
@@ -10578,8 +10592,8 @@ CVE-2021-22506
 	RESERVED
 CVE-2021-22505
 	RESERVED
-CVE-2021-22504
-	RESERVED
+CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...)
+	TODO: check
 CVE-2021-22503
 	RESERVED
 CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...)
@@ -58301,7 +58315,7 @@ CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Re
 	NOTE: Fixed upstream in 6.0~rc2 and 5.0.8
 CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...)
 	NOT-FOR-US: KumbiaPHP
-CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepan ...)
+CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...)
 	- openssh <unfixed> (unimportant)
 	NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
 	NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
@@ -58841,8 +58855,8 @@ CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeeti
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2020-13950
 	RESERVED
-CVE-2020-13949
-	RESERVED
+CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...)
+	TODO: check
 CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...)
 	NOT-FOR-US: Apache Superset
 CVE-2020-13947 (An instance of a cross-site scripting vulnerability was identified to  ...)
@@ -66406,7 +66420,7 @@ CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine Dat
 	NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
 CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...)
 	NOT-FOR-US: Chop Slider 3 WordPress plugin
-CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...)
+CVE-2020-11529 (Common/Grav.php in Grav before 1.7 has an Open Redirect. This is parti ...)
 	NOT-FOR-US: Grav CMS
 CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write)  ...)
 	NOT-FOR-US: bit2spr



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87d4901abd84efe9fe26fc21b1be53a7c11f8834

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87d4901abd84efe9fe26fc21b1be53a7c11f8834
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210213/aea7e36b/attachment.html>