[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Dec 26 08:10:25 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5347a460 by security tracker role at 2020-12-26T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,18 @@
+CVE-2020-35716 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...)
+	TODO: check
+CVE-2020-35715 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenti ...)
+	TODO: check
+CVE-2020-35714 (Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authentic ...)
+	TODO: check
+CVE-2020-35713 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...)
+	TODO: check
+CVE-2020-35712 (Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configura ...)
+	TODO: check
 CVE-2020-35710 (Parallels Remote Application Server (RAS) 18 allows remote attackers t ...)
 	NOT-FOR-US: Parallels Remote Application Server (RAS)
 CVE-2020-35709 (bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with  ...)
 	NOT-FOR-US: bloofoxCMS
-CVE-2020-35711 [arc-swap: Dangling reference in `access::Map` with Constant]
+CVE-2020-35711 (An issue has been discovered in the arc-swap crate before 0.4.8 (and 1 ...)
 	- rust-arc-swap <unfixed>
 	NOTE: https://github.com/vorner/arc-swap/issues/45
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0091.html
@@ -937,8 +947,8 @@ CVE-2020-35577
 	RESERVED
 CVE-2020-35576
 	RESERVED
-CVE-2020-35575
-	RESERVED
+CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-Link de ...)
+	TODO: check
 CVE-2020-35574
 	RESERVED
 CVE-2020-35572
@@ -3436,8 +3446,7 @@ CVE-2020-35452
 	RESERVED
 CVE-2020-35451
 	RESERVED
-CVE-2020-35450 [Null Dereference when set_language is called]
-	RESERVED
+CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler fo ...)
 	- gobby <unfixed>
 	[buster] - gobby <no-dsa> (Minor issue)
 	NOTE: https://github.com/gobby/gobby/issues/183
@@ -3467,8 +3476,8 @@ CVE-2020-35439
 	RESERVED
 CVE-2020-35438
 	RESERVED
-CVE-2020-35437
-	RESERVED
+CVE-2020-35437 (Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through t ...)
+	TODO: check
 CVE-2020-35436
 	RESERVED
 CVE-2020-35435
@@ -3565,8 +3574,8 @@ CVE-2020-35390
 	RESERVED
 CVE-2020-35389
 	RESERVED
-CVE-2020-35388
-	RESERVED
+CVE-2020-35388 (rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive info ...)
+	TODO: check
 CVE-2020-35387
 	RESERVED
 CVE-2020-35386
@@ -3592,8 +3601,8 @@ CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket Reservation
 	NOT-FOR-US: Online Bus Ticket Reservation
 CVE-2020-35377
 	RESERVED
-CVE-2020-35376
-	RESERVED
+CVE-2020-35376 (Xpdf 4.02 allows stack consumption because of an incorrect subroutine  ...)
+	TODO: check
 CVE-2020-35375
 	RESERVED
 CVE-2020-35374
@@ -3620,14 +3629,14 @@ CVE-2020-35364
 	RESERVED
 CVE-2020-35363
 	RESERVED
-CVE-2020-35362
-	RESERVED
+CVE-2020-35362 (DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal ...)
+	TODO: check
 CVE-2020-35361
 	RESERVED
 CVE-2020-35360
 	RESERVED
-CVE-2020-35359
-	RESERVED
+CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server  ...)
+	TODO: check
 CVE-2020-35358
 	RESERVED
 CVE-2020-35357
@@ -3646,14 +3655,14 @@ CVE-2020-35351
 	RESERVED
 CVE-2020-35350
 	RESERVED
-CVE-2020-35349
-	RESERVED
+CVE-2020-35349 (Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_ti ...)
+	TODO: check
 CVE-2020-35348
 	RESERVED
-CVE-2020-35347
-	RESERVED
-CVE-2020-35346
-	RESERVED
+CVE-2020-35347 (CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator  ...)
+	TODO: check
+CVE-2020-35346 (CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allow ...)
+	TODO: check
 CVE-2020-35345
 	RESERVED
 CVE-2020-35344
@@ -3776,8 +3785,8 @@ CVE-2020-35286
 	RESERVED
 CVE-2020-35285
 	RESERVED
-CVE-2020-35284
-	RESERVED
+CVE-2020-35284 (Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory trav ...)
+	TODO: check
 CVE-2020-35283
 	RESERVED
 CVE-2020-35282
@@ -6612,8 +6621,7 @@ CVE-2020-29387
 	RESERVED
 CVE-2020-29386
 	RESERVED
-CVE-2020-29385
-	RESERVED
+CVE-2020-29385 (GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of serv ...)
 	- gdk-pixbuf 2.42.2+dfsg-1 (bug #977166)
 	[buster] - gdk-pixbuf <not-affected> (Vulnerable code not present)
 	[stretch] - gdk-pixbuf <not-affected> (Vulnerable code not present)
@@ -7085,8 +7093,8 @@ CVE-2020-29174
 	RESERVED
 CVE-2020-29173
 	RESERVED
-CVE-2020-29172
-	RESERVED
+CVE-2020-29172 (A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plug ...)
+	TODO: check
 CVE-2020-29171
 	RESERVED
 CVE-2020-29170
@@ -14199,8 +14207,8 @@ CVE-2020-27517
 	RESERVED
 CVE-2020-27516
 	RESERVED
-CVE-2020-27515
-	RESERVED
+CVE-2020-27515 (A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows ...)
+	TODO: check
 CVE-2020-27514
 	RESERVED
 CVE-2020-27513
@@ -15869,8 +15877,8 @@ CVE-2020-26768
 	RESERVED
 CVE-2020-26767
 	RESERVED
-CVE-2020-26766
-	RESERVED
+CVE-2020-26766 (A Cross Site Request Forgery (CSRF) vulnerability exists in the logins ...)
+	TODO: check
 CVE-2020-26765
 	RESERVED
 CVE-2020-26764
@@ -17767,8 +17775,8 @@ CVE-2020-25919
 	RESERVED
 CVE-2020-25918
 	RESERVED
-CVE-2020-25917
-	RESERVED
+CVE-2020-25917 (Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Acce ...)
+	TODO: check
 CVE-2020-25916
 	RESERVED
 CVE-2020-25915
@@ -29390,8 +29398,8 @@ CVE-2020-20414
 	RESERVED
 CVE-2020-20413
 	RESERVED
-CVE-2020-20412
-	RESERVED
+CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12  ...)
+	TODO: check
 CVE-2020-20411
 	RESERVED
 CVE-2020-20410



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5347a4603ee6c22f7d333a491cebac36de786c86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5347a4603ee6c22f7d333a491cebac36de786c86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201226/2addb2c4/attachment.html>

More information about the debian-security-tracker-commits mailing list