[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b9b02e9 by security tracker role at 2020-12-25T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-35708 (phpList 3.5.9 allows SQL injection by admins who provide a crafted fou ...)
+	TODO: check
+CVE-2020-35707 (Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the ...)
+	TODO: check
+CVE-2020-35706 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Pr ...)
+	TODO: check
+CVE-2020-35705 (Daybyday 2.1.0 allows stored XSS via the Name parameter to the New Use ...)
+	TODO: check
+CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Le ...)
+	TODO: check
+CVE-2020-35703
+	RESERVED
+CVE-2020-35702 (DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-base ...)
+	TODO: check
+CVE-2020-35701
+	RESERVED
+CVE-2020-35700
+	RESERVED
+CVE-2020-35699
+	RESERVED
+CVE-2020-35698
+	RESERVED
+CVE-2020-35697
+	RESERVED
 CVE-2020-35696
 	RESERVED
 CVE-2020-35695
@@ -6386,12 +6410,12 @@ CVE-2020-29476
 	RESERVED
 CVE-2020-29475
 	RESERVED
-CVE-2020-29474
-	RESERVED
+CVE-2020-29474 (EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerabi ...)
+	TODO: check
 CVE-2020-29473
 	RESERVED
-CVE-2020-29472
-	RESERVED
+CVE-2020-29472 (EGavilan Media Under Construction page with cPanel 1.0 contains a SQL  ...)
+	TODO: check
 CVE-2020-29471
 	RESERVED
 CVE-2020-29470
@@ -6893,8 +6917,8 @@ CVE-2020-29249
 	RESERVED
 CVE-2020-29248
 	RESERVED
-CVE-2020-29247
-	RESERVED
+CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin ...)
+	TODO: check
 CVE-2020-29246
 	RESERVED
 CVE-2020-29245
@@ -7643,8 +7667,7 @@ CVE-2020-28914 (An improper file permissions vulnerability affects Kata Containe
 	NOT-FOR-US: Kata Containers
 CVE-2020-28913
 	RESERVED
-CVE-2020-28912
-	RESERVED
+CVE-2020-28912 (With MariaDB running on Windows, when local clients connect to the ser ...)
 	- mariadb-10.5 <not-affected> (Only affects MariaDB on Windows)
 	- mariadb-10.3 <not-affected> (Only affects MariaDB on Windows)
 	- mariadb-10.1 <not-affected> (Only affects MariaDB on Windows)
@@ -16888,8 +16911,8 @@ CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. H
 	NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq
 CVE-2020-26283
 	RESERVED
-CVE-2020-26282
-	RESERVED
+CVE-2020-26282 (BrowserUp Proxy allows you to manipulate HTTP requests and responses,  ...)
+	TODO: check
 CVE-2020-26281 (async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). Ther ...)
 	NOT-FOR-US: Rust async-h1
 CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system for m ...)
@@ -52767,8 +52790,8 @@ CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs re
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
 CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...)
 	NOT-FOR-US: October CMS
-CVE-2020-11093
-	RESERVED
+CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed ledger pu ...)
+	TODO: check
 CVE-2020-11092
 	RESERVED
 CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b9b02e92a90ace053daa2714b3888cb4c39b98c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b9b02e92a90ace053daa2714b3888cb4c39b98c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201225/092749b9/attachment.html>