Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
87d4901a by security tracker role at 2021-02-13T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-27211
+ RESERVED
+CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers
to retri ...)
+ TODO: check
+CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221
devices, ...)
+ TODO: check
+CVE-2021-27208
+ RESERVED
+CVE-2021-27207
+ RESERVED
+CVE-2021-27206
+ RESERVED
+CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS
share is ...)
+ TODO: check
CVE-2021-3411
RESERVED
CVE-2021-3410
@@ -37,7 +51,7 @@ CVE-2021-27191 (The get-ip-range package before 4.0.0 for
Node.js is vulnerable
NOT-FOR-US: Node get-ip-range
CVE-2021-3408
RESERVED
-CVE-2021-27190 (PEEL Shopping cart 9.3.0 allows utilisateurs/change_params.php
Address ...)
+CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was
discovered in PEE ...)
NOT-FOR-US: PEEL Shopping cart
CVE-2021-27189
RESERVED
@@ -980,12 +994,12 @@ CVE-2021-26755
RESERVED
CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for
server-side t ...)
NOT-FOR-US: wpDataTables WordPress plugin
-CVE-2021-26753
- RESERVED
-CVE-2021-26752
- RESERVED
-CVE-2021-26751
- RESERVED
+CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in
the Syste ...)
+ TODO: check
+CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating
system com ...)
+ TODO: check
+CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL
Injection in t ...)
+ TODO: check
CVE-2021-26750
RESERVED
CVE-2021-26749
@@ -9456,8 +9470,8 @@ CVE-2021-22986
RESERVED
CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain
conditions ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2021-22984
- RESERVED
+CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2,
15.0.x ...)
+ TODO: check
CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before
14.1.3.1, an ...)
NOT-FOR-US: F5 BIG-IP
CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all
versions ...)
@@ -9468,10 +9482,10 @@ CVE-2021-22980 (In Edge Client version 7.2.x before
7.2.1.1, 7.1.9.x before 7.1.
NOT-FOR-US: F5 BIG-IP
CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1,
14.1.x b ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2021-22978
- RESERVED
-CVE-2021-22977
- RESERVED
+CVE-2021-22978 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1,
14.1.x b ...)
+ TODO: check
+CVE-2021-22977 (On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3,
cooperation betwe ...)
+ TODO: check
CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1,
15.1.x ...)
NOT-FOR-US: F5 BIG-IP
CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before
15.1.2.1, and ...)
@@ -10578,8 +10592,8 @@ CVE-2021-22506
RESERVED
CVE-2021-22505
RESERVED
-CVE-2021-22504
- RESERVED
+CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus
Operations Bridg ...)
+ TODO: check
CVE-2021-22503
RESERVED
CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation
Bridge Re ...)
@@ -58301,7 +58315,7 @@ CVE-2020-14147 (An integer overflow in the getnum
function in lua_struct.c in Re
NOTE: Fixed upstream in 6.0~rc2 and 5.0.8
CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via
the publi ...)
NOT-FOR-US: KumbiaPHP
-CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable
Discrepan ...)
+CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.4 has an Observable
Discrepan ...)
- openssh <unfixed> (unimportant)
NOTE:
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
@@ -58841,8 +58855,8 @@ CVE-2020-13951 (Attackers can use public NetTest web
service of Apache OpenMeeti
NOT-FOR-US: Apache OpenMeetings
CVE-2020-13950
RESERVED
-CVE-2020-13949
- RESERVED
+CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could
send sho ...)
+ TODO: check
CVE-2020-13948 (While investigating a bug report on Apache Superset, it was
determined ...)
NOT-FOR-US: Apache Superset
CVE-2020-13947 (An instance of a cross-site scripting vulnerability was
identified to ...)
@@ -66406,7 +66420,7 @@ CVE-2020-11531 (The DataEngine Xnode Server application
in Zoho ManageEngine Dat
NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider
3, a Wor ...)
NOT-FOR-US: Chop Slider 3 WordPress plugin
-CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect.
...)
+CVE-2020-11529 (Common/Grav.php in Grav before 1.7 has an Open Redirect. This
is parti ...)
NOT-FOR-US: Grav CMS
CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte
write) ...)
NOT-FOR-US: bit2spr
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87d4901abd84efe9fe26fc21b1be53a7c11f8834
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87d4901abd84efe9fe26fc21b1be53a7c11f8834
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
