[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 27 08:10:22 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d91627b2 by security tracker role at 2020-12-27T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-35732
+ RESERVED
+CVE-2020-35731
+ RESERVED
+CVE-2020-35730
+ RESERVED
+CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell metacharacters ...)
+ TODO: check
+CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ TODO: check
+CVE-2020-35727
+ RESERVED
+CVE-2020-35726
+ RESERVED
+CVE-2020-35725
+ RESERVED
+CVE-2020-35724
+ RESERVED
+CVE-2020-35723
+ RESERVED
+CVE-2020-35722
+ RESERVED
+CVE-2020-35721
+ RESERVED
+CVE-2020-35720
+ RESERVED
+CVE-2020-35719
+ RESERVED
CVE-2020-35718
RESERVED
CVE-2020-35717
@@ -87,8 +115,8 @@ CVE-2020-35679 (smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfre
- opensmtpd <unfixed> (bug #978038)
NOTE: https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043
NOTE: https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html
-CVE-2020-35678
- RESERVED
+CVE-2020-35678 (Autobahn|Python before 20.12.3 allows redirect header injection. ...)
+ TODO: check
CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately sanitiz ...)
NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly sanitize ...)
@@ -3460,8 +3488,8 @@ CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus hand
NOTE: https://github.com/gobby/gobby/commit/6f34307bff645eb2935d82deee0119ec89866118
CVE-2020-35449
RESERVED
-CVE-2020-35448
- RESERVED
+CVE-2020-35448 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
+ TODO: check
CVE-2020-35447
RESERVED
CVE-2020-35446
@@ -3871,14 +3899,14 @@ CVE-2020-35247
RESERVED
CVE-2020-35246
RESERVED
-CVE-2020-35245
- RESERVED
-CVE-2020-35244
- RESERVED
-CVE-2020-35243
- RESERVED
-CVE-2020-35242
- RESERVED
+CVE-2020-35245 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ TODO: check
+CVE-2020-35244 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ TODO: check
+CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ TODO: check
+CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ TODO: check
CVE-2020-35241
RESERVED
CVE-2020-35240
@@ -6845,8 +6873,8 @@ CVE-2020-29301
RESERVED
CVE-2020-29300
RESERVED
-CVE-2020-29299
- RESERVED
+CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via an inpu ...)
+ TODO: check
CVE-2020-29298
RESERVED
CVE-2020-29297
@@ -6943,10 +6971,10 @@ CVE-2020-29252
RESERVED
CVE-2020-29251
RESERVED
-CVE-2020-29250
- RESERVED
-CVE-2020-29249
- RESERVED
+CVE-2020-29250 (CXUUCMS V3 allows XSS via the first and third input fields to /public/ ...)
+ TODO: check
+CVE-2020-29249 (CXUUCMS V3 allows class="layui-input" XSS. ...)
+ TODO: check
CVE-2020-29248
RESERVED
CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin ...)
@@ -7035,10 +7063,10 @@ CVE-2020-29206
RESERVED
CVE-2020-29205
RESERVED
-CVE-2020-29204
- RESERVED
-CVE-2020-29203
- RESERVED
+CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...)
+ TODO: check
+CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...)
+ TODO: check
CVE-2020-29202
RESERVED
CVE-2020-29201
@@ -60247,10 +60275,10 @@ CVE-2020-8292
RESERVED
CVE-2020-8291
RESERVED
-CVE-2020-8290
- RESERVED
-CVE-2020-8289
- RESERVED
+CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer ...)
+ TODO: check
+CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before ...)
+ TODO: check
CVE-2020-8288
RESERVED
CVE-2020-8287
@@ -61532,8 +61560,8 @@ CVE-2020-7847
RESERVED
CVE-2020-7846
RESERVED
-CVE-2020-7845
- RESERVED
+CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...)
+ TODO: check
CVE-2020-7844
RESERVED
CVE-2020-7843
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91627b2b10f1ed0d614643b032f490e5d47c7c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91627b2b10f1ed0d614643b032f490e5d47c7c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201227/e51928ce/attachment.html>
More information about the debian-security-tracker-commits
mailing list