[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Dec 29 08:10:31 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1853e5bf by security tracker role at 2020-12-29T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-35769 (miniserv.pl in Webmin 1.962 on Windows mishandles special characters i ...)
+	TODO: check
+CVE-2020-35768
+	RESERVED
+CVE-2020-35767
+	RESERVED
+CVE-2020-35766 (The test suite in libopendkim in OpenDKIM through 2.10.3 allows local  ...)
+	TODO: check
 CVE-2020-35765
 	RESERVED
 CVE-2020-35764
@@ -69,8 +77,7 @@ CVE-2020-35732
 	RESERVED
 CVE-2020-35731
 	RESERVED
-CVE-2020-35730 [Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content]
-	RESERVED
+CVE-2020-35730 (linkref_addindex in rcube_string_replacer.php in Roundcube Webmail bef ...)
 	{DSA-4821-1 DLA-2508-1}
 	- roundcube 1.4.10+dfsg.1-1 (bug #978491)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d (1.4.10)
@@ -981,20 +988,20 @@ CVE-2020-35618
 	RESERVED
 CVE-2020-35617
 	RESERVED
-CVE-2020-35616
-	RESERVED
-CVE-2020-35615
-	RESERVED
-CVE-2020-35614
-	RESERVED
-CVE-2020-35613
-	RESERVED
-CVE-2020-35612
-	RESERVED
-CVE-2020-35611
-	RESERVED
-CVE-2020-35610
-	RESERVED
+CVE-2020-35616 (An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input ...)
+	TODO: check
+CVE-2020-35615 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing tok ...)
+	TODO: check
+CVE-2020-35614 (An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper hand ...)
+	TODO: check
+CVE-2020-35613 (An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filt ...)
+	TODO: check
+CVE-2020-35612 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder pa ...)
+	TODO: check
+CVE-2020-35611 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal c ...)
+	TODO: check
+CVE-2020-35610 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosugge ...)
+	TODO: check
 CVE-2020-35609 (A denial-of-service vulnerability exists in the asynchronous ioctl fun ...)
 	NOT-FOR-US: Microsoft Azure Sphere
 CVE-2020-35608 (A code execution vulnerability exists in the normal world’s sign ...)
@@ -15059,8 +15066,8 @@ CVE-2020-27174 (In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.
 	NOT-FOR-US: Firecracker
 CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to unlimi ...)
 	NOT-FOR-US: vm-superio
-CVE-2020-27172
-	RESERVED
+CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...)
+	TODO: check
 CVE-2020-27171
 	RESERVED
 CVE-2020-27170
@@ -17062,16 +17069,16 @@ CVE-2020-26292
 	RESERVED
 CVE-2020-26291
 	RESERVED
-CVE-2020-26290
-	RESERVED
+CVE-2020-26290 (Dex is a federated OpenID Connect provider written in Go. In Dex befor ...)
+	TODO: check
 CVE-2020-26289 (date-and-time is an npm package for manipulating date and time. In dat ...)
 	TODO: check
 CVE-2020-26288
 	RESERVED
-CVE-2020-26287
-	RESERVED
-CVE-2020-26286
-	RESERVED
+CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
+	TODO: check
+CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
+	TODO: check
 CVE-2020-26285
 	RESERVED
 CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ...)
@@ -19054,8 +19061,8 @@ CVE-2020-25509
 	RESERVED
 CVE-2020-25508
 	RESERVED
-CVE-2020-25507
-	RESERVED
+CVE-2020-25507 (An incorrect permission assignment (chmod 777) of /etc/environment dur ...)
+	TODO: check
 CVE-2020-25506
 	RESERVED
 CVE-2020-25505
@@ -45718,14 +45725,14 @@ CVE-2020-13478
 	RESERVED
 CVE-2020-13477
 	RESERVED
-CVE-2020-13476
-	RESERVED
+CVE-2020-13476 (NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the ...)
+	TODO: check
 CVE-2020-13475
 	RESERVED
-CVE-2020-13474
-	RESERVED
-CVE-2020-13473
-	RESERVED
+CVE-2020-13474 (In NCH Express Accounts 8.24 and earlier, an authenticated low-privile ...)
+	TODO: check
+CVE-2020-13473 (NCH Express Accounts 8.24 and earlier allows local users to discover t ...)
+	TODO: check
 CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...)
 	NOT-FOR-US: Gigadevice GD32F103 devices
 CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1853e5bf98e2e2e96e710f67412ae956b53b9048

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1853e5bf98e2e2e96e710f67412ae956b53b9048
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201229/f440e7ac/attachment.html>

More information about the debian-security-tracker-commits mailing list