[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 28 20:10:37 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3335023c by security tracker role at 2020-12-28T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2020-35765
+ RESERVED
+CVE-2020-35764
+ RESERVED
+CVE-2020-35763
+ RESERVED
+CVE-2020-35762
+ RESERVED
+CVE-2020-35761
+ RESERVED
+CVE-2020-35760
+ RESERVED
+CVE-2020-35759
+ RESERVED
+CVE-2020-35758
+ RESERVED
+CVE-2020-35757
+ RESERVED
+CVE-2020-35756
+ RESERVED
+CVE-2020-35755
+ RESERVED
+CVE-2020-35754
+ RESERVED
+CVE-2020-35753
+ RESERVED
+CVE-2020-35752
+ RESERVED
+CVE-2020-35751
+ RESERVED
+CVE-2020-35750
+ RESERVED
+CVE-2020-35749
+ RESERVED
+CVE-2020-35748
+ RESERVED
+CVE-2020-35747
+ RESERVED
+CVE-2020-35746
+ RESERVED
+CVE-2020-35745
+ RESERVED
+CVE-2020-35744
+ RESERVED
+CVE-2020-35743
+ RESERVED
+CVE-2020-35742
+ RESERVED
+CVE-2020-35741
+ RESERVED
+CVE-2020-35740
+ RESERVED
CVE-2020-35739
RESERVED
CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...)
@@ -19,6 +71,7 @@ CVE-2020-35731
RESERVED
CVE-2020-35730 [Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content]
RESERVED
+ {DSA-4821-1 DLA-2508-1}
- roundcube 1.4.10+dfsg.1-1 (bug #978491)
NOTE: https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d (1.4.10)
NOTE: https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e (1.3.16)
@@ -84,7 +137,7 @@ CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the
NOT-FOR-US: Daybyday
CVE-2020-35703
RESERVED
-CVE-2020-35702 (DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-base ...)
+CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 ...)
- poppler <not-affected> (Vulnerable code introduced later)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011
NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69
@@ -643,8 +696,8 @@ CVE-2021-21235
RESERVED
CVE-2021-21234
RESERVED
-CVE-2020-35627
- RESERVED
+CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vul ...)
+ TODO: check
CVE-2021-21233
RESERVED
CVE-2021-21232
@@ -7013,8 +7066,8 @@ CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the
NOT-FOR-US: WonderCMS
CVE-2020-29246
RESERVED
-CVE-2020-29245
- RESERVED
+CVE-2020-29245 (dhowden tag before 2020-11-19 allows "panic: runtime error: slice boun ...)
+ TODO: check
CVE-2020-29244 (dhowden tag before 2020-11-19 allows "panic: runtime error: slice boun ...)
NOT-FOR-US: dhowden tag
CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out ...)
@@ -7183,12 +7236,12 @@ CVE-2020-29162
RESERVED
CVE-2020-29161
RESERVED
-CVE-2020-29160
- RESERVED
-CVE-2020-29159
- RESERVED
-CVE-2020-29158
- RESERVED
+CVE-2020-29160 (An issue was discovered in Zammad before 3.5.1. A REST API call allows ...)
+ TODO: check
+CVE-2020-29159 (An issue was discovered in Zammad before 3.5.1. The default signup Rol ...)
+ TODO: check
+CVE-2020-29158 (An issue was discovered in Zammad before 3.5.1. An Agent with Customer ...)
+ TODO: check
CVE-2020-29157
RESERVED
CVE-2020-29156 (The WooCommerce plugin before 4.7.0 for WordPress allows remote attack ...)
@@ -12931,8 +12984,7 @@ CVE-2020-27839
CVE-2020-27838
RESERVED
NOT-FOR-US: Keycloak
-CVE-2020-27837 [lock screen bypass when autologin is set]
- RESERVED
+CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race conditio ...)
- gdm3 3.38.2.1-1
[buster] - gdm3 <no-dsa> (Minor issue)
[stretch] - gdm3 <no-dsa> (Minor issue)
@@ -16396,8 +16448,8 @@ CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-
[stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e (0.21.0-rc1)
-CVE-2020-26569
- RESERVED
+CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets can lea ...)
+ TODO: check
CVE-2020-26568
RESERVED
CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...)
@@ -16989,8 +17041,8 @@ CVE-2020-26291
RESERVED
CVE-2020-26290
RESERVED
-CVE-2020-26289
- RESERVED
+CVE-2020-26289 (date-and-time is an npm package for manipulating date and time. In dat ...)
+ TODO: check
CVE-2020-26288
RESERVED
CVE-2020-26287
@@ -17608,22 +17660,22 @@ CVE-2020-26037
RESERVED
CVE-2020-26036
RESERVED
-CVE-2020-26035
- RESERVED
-CVE-2020-26034
- RESERVED
-CVE-2020-26033
- RESERVED
-CVE-2020-26032
- RESERVED
-CVE-2020-26031
- RESERVED
-CVE-2020-26030
- RESERVED
-CVE-2020-26029
- RESERVED
-CVE-2020-26028
- RESERVED
+CVE-2020-26035 (An issue was discovered in Zammad before 3.4.1. There is Stored XSS vi ...)
+ TODO: check
+CVE-2020-26034 (An account-enumeration issue was discovered in Zammad before 3.4.1. Th ...)
+ TODO: check
+CVE-2020-26033 (An issue was discovered in Zammad before 3.4.1. The Tag and Link REST ...)
+ TODO: check
+CVE-2020-26032 (An SSRF issue was discovered in Zammad before 3.4.1. The SMS configura ...)
+ TODO: check
+CVE-2020-26031 (An issue was discovered in Zammad before 3.4.1. The global-search feat ...)
+ TODO: check
+CVE-2020-26030 (An issue was discovered in Zammad before 3.4.1. There is an authentica ...)
+ TODO: check
+CVE-2020-26029 (An issue was discovered in Zammad before 3.4.1. There are wrong author ...)
+ TODO: check
+CVE-2020-26028 (An issue was discovered in Zammad before 3.4.1. Admin Users without a ...)
+ TODO: check
CVE-2020-26027
RESERVED
CVE-2020-26026
@@ -21521,8 +21573,8 @@ CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via E
{DLA-2393-1}
- snmptt 1.4.2-1
NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a
-CVE-2020-24360
- RESERVED
+CVE-2020-24360 (An issue with ARP packets in Arista’s EOS affecting the 7800R3, ...)
+ TODO: check
CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrect ...)
NOT-FOR-US: vault-ssh-helper
CVE-2020-24358
@@ -38939,8 +38991,8 @@ CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50
NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b (9.53.0rc1)
CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...)
NOT-FOR-US: Grin
-CVE-2020-15898
- RESERVED
+CVE-2020-15898 (In Arista EOS malformed packets can be incorrectly forwarded across VL ...)
+ TODO: check
CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
NOT-FOR-US: Arista EOS
CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...)
@@ -40521,7 +40573,8 @@ CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA
NOT-FOR-US: Zyxel
CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
NOT-FOR-US: Zyxel
-CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php download para ...)
+CVE-2020-15311
+ REJECTED
NOT-FOR-US: Stash
CVE-2020-15310
RESERVED
@@ -43488,8 +43541,8 @@ CVE-2020-14275
RESERVED
CVE-2020-14274
RESERVED
-CVE-2020-14273
- RESERVED
+CVE-2020-14273 (HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vul ...)
+ TODO: check
CVE-2020-14272
RESERVED
CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3335023cc0add507fcada5035fd43c60f3ae5304
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3335023cc0add507fcada5035fd43c60f3ae5304
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201228/2e542d3a/attachment.html>
More information about the debian-security-tracker-commits
mailing list