[Git][security-tracker-team/security-tracker][master] automatic update

Mon Dec 28 08:10:29 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
351923c6 by security tracker role at 2020-12-28T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-35739
+	RESERVED
+CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...)
+	TODO: check
+CVE-2020-35737
+	RESERVED
 CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via  ...)
 	NOT-FOR-US: GateOne
 CVE-2020-35735
@@ -7006,12 +7012,12 @@ CVE-2020-29246
 	RESERVED
 CVE-2020-29245
 	RESERVED
-CVE-2020-29244
-	RESERVED
-CVE-2020-29243
-	RESERVED
-CVE-2020-29242
-	RESERVED
+CVE-2020-29244 (dhowden tag before 2020-11-19 allows "panic: runtime error: slice boun ...)
+	TODO: check
+CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out  ...)
+	TODO: check
+CVE-2020-29242 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out  ...)
+	TODO: check
 CVE-2020-29241
 	RESERVED
 CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacke ...)
@@ -7106,10 +7112,10 @@ CVE-2020-29196
 	RESERVED
 CVE-2020-29195
 	RESERVED
-CVE-2020-29194
-	RESERVED
-CVE-2020-29193
-	RESERVED
+CVE-2020-29194 (Panasonic Security System WV-S2231L 4.25 allows a denial of service of ...)
+	TODO: check
+CVE-2020-29193 (Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded pa ...)
+	TODO: check
 CVE-2020-29192
 	RESERVED
 CVE-2020-29191
@@ -12126,14 +12132,14 @@ CVE-2020-28098
 	RESERVED
 CVE-2020-28097
 	RESERVED
-CVE-2020-28096
-	RESERVED
+CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART acc ...)
+	TODO: check
 CVE-2020-28095
 	RESERVED
-CVE-2020-28094
-	RESERVED
-CVE-2020-28093
-	RESERVED
+CVE-2020-28094 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default set ...)
+	TODO: check
+CVE-2020-28093 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, ...)
+	TODO: check
 CVE-2020-28092 (PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=T ...)
 	NOT-FOR-US: PESCMS Team
 CVE-2020-28091 (cxuucms v3 has a SQL injection vulnerability, which can lead to the le ...)
@@ -17046,10 +17052,12 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-use
 CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...)
 	NOT-FOR-US: BookStack
 CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back again.  ...)
+	{DLA-2507-1}
 	- libxstream-java 1.4.15-1 (bug #977624)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh
 	NOTE: https://x-stream.github.io/CVE-2020-26259.html
 CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back again.  ...)
+	{DLA-2507-1}
 	- libxstream-java 1.4.15-1 (bug #977625)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
 	NOTE: https://x-stream.github.io/CVE-2020-26258.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/351923c6e65d3155597a893f4e53e7b08d8c75c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/351923c6e65d3155597a893f4e53e7b08d8c75c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201228/9bd3307b/attachment.html>
