[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 30 20:10:36 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e3cf40b by security tracker role at 2020-12-30T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-35853
+ RESERVED
+CVE-2020-35852
+ RESERVED
+CVE-2020-35851
+ RESERVED
CVE-2021-21443
RESERVED
CVE-2021-21442
@@ -21,8 +27,8 @@ CVE-2021-21434
CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
- cockpit <unfixed>
NOTE: https://github.com/cockpit-project/cockpit/issues/15077
-CVE-2020-35849
- RESERVED
+CVE-2020-35849 (An issue was discovered in MantisBT before 2.24.4. An incorrect access ...)
+ TODO: check
CVE-2020-35848 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
NOT-FOR-US: Agentejo Cockpit
CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
@@ -263,7 +269,7 @@ CVE-2020-35732
RESERVED
CVE-2020-35731
RESERVED
-CVE-2020-35730 (linkref_addindex in rcube_string_replacer.php in Roundcube Webmail bef ...)
+CVE-2020-35730 (An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x ...)
{DSA-4821-1 DLA-2508-1}
- roundcube 1.4.10+dfsg.1-1 (bug #978491)
NOTE: https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d (1.4.10)
@@ -4213,10 +4219,10 @@ CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection
NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
NOT-FOR-US: Flamingo (aka FlamingoIM)
-CVE-2020-35241
- RESERVED
-CVE-2020-35240
- RESERVED
+CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog ...)
+ TODO: check
+CVE-2020-35240 (FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Con ...)
+ TODO: check
CVE-2020-35239
RESERVED
CVE-2020-35238
@@ -4351,8 +4357,8 @@ CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP m
NOT-FOR-US: Frappe Framework
CVE-2020-35174
RESERVED
-CVE-2020-35173
- RESERVED
+CVE-2020-35173 (The Amaze File Manager application before 3.4.2 for Android does not p ...)
+ TODO: check
CVE-2020-35172
RESERVED
CVE-2020-35171
@@ -6777,8 +6783,8 @@ CVE-2021-1627
RESERVED
CVE-2021-1626
RESERVED
-CVE-2020-29477
- RESERVED
+CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in ...)
+ TODO: check
CVE-2020-29476
RESERVED
CVE-2020-29475 (nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in th ...)
@@ -6793,8 +6799,8 @@ CVE-2020-29471 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in th
NOT-FOR-US: OpenCart
CVE-2020-29470 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subj ...)
NOT-FOR-US: OpenCart
-CVE-2020-29469
- RESERVED
+CVE-2020-29469 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu ...)
+ TODO: check
CVE-2020-29468
RESERVED
CVE-2020-29467
@@ -7318,18 +7324,18 @@ CVE-2020-29235
RESERVED
CVE-2020-29234
RESERVED
-CVE-2020-29233
- RESERVED
+CVE-2020-29233 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page ...)
+ TODO: check
CVE-2020-29232
RESERVED
-CVE-2020-29231
- RESERVED
-CVE-2020-29230
- RESERVED
+CVE-2020-29231 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
+ TODO: check
+CVE-2020-29230 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
+ TODO: check
CVE-2020-29229
RESERVED
-CVE-2020-29228
- RESERVED
+CVE-2020-29228 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
+ TODO: check
CVE-2020-29227 (An issue was discovered in Car Rental Management System 1.0. An unauth ...)
NOT-FOR-US: Car Rental Management System
CVE-2020-29226
@@ -8001,8 +8007,8 @@ CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote co
- minidlna 1.2.1+dfsg-3 (bug #976595)
NOTE: https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
NOTE: https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0)
-CVE-2020-28925
- RESERVED
+CVE-2020-28925 (Bolt before 3.7.2 does not restrict filter options in a Request in the ...)
+ TODO: check
CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use of a w ...)
- rclone 1.53.3-1 (bug #975324)
[buster] - rclone <not-affected> (Vulnerable code introduced later)
@@ -8407,12 +8413,12 @@ CVE-2020-28738
RESERVED
CVE-2020-28737
RESERVED
-CVE-2020-28736
- RESERVED
-CVE-2020-28735
- RESERVED
-CVE-2020-28734
- RESERVED
+CVE-2020-28736 (Plone before 5.2.3 allows XXE attacks via a feature that is protected ...)
+ TODO: check
+CVE-2020-28735 (Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (onl ...)
+ TODO: check
+CVE-2020-28734 (Plone before 5.2.3 allows XXE attacks via a feature that is explicitly ...)
+ TODO: check
CVE-2020-28733
RESERVED
CVE-2020-28732
@@ -10342,8 +10348,8 @@ CVE-2020-28366 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection
[stretch] - golang-1.7 <ignored> (Minor issue, too intrusive to backport)
NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
NOTE: https://github.com/golang/go/issues/42559
-CVE-2020-28365
- RESERVED
+CVE-2020-28365 (** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Sit ...)
+ TODO: check
CVE-2020-28364 (A stored cross-site scripting (XSS) vulnerability affects the Web UI i ...)
NOT-FOR-US: Locust
CVE-2020-28363
@@ -13178,8 +13184,8 @@ CVE-2020-27850
RESERVED
CVE-2020-27849
RESERVED
-CVE-2020-27848
- RESERVED
+CVE-2020-27848 (dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /ap ...)
+ TODO: check
CVE-2020-27847
RESERVED
NOT-FOR-US: github.com/dexidp/dex
@@ -17373,8 +17379,8 @@ CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web dash
NOT-FOR-US: Red Discord Bot Dashboard
CVE-2020-26248 (In the PrestaShop module "productcomments" before version 4.2.1, an at ...)
NOT-FOR-US: PrestaShop module
-CVE-2020-26247
- RESERVED
+CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
+ TODO: check
CVE-2020-26246 (Pimcore is an open source digital experience platform. In Pimcore befo ...)
NOT-FOR-US: Pimcore
CVE-2020-26245 (npm package systeminformation before version 4.30.5 is vulnerable to P ...)
@@ -66980,12 +66986,12 @@ CVE-2020-5813
RESERVED
CVE-2020-5812
RESERVED
-CVE-2020-5811
- RESERVED
-CVE-2020-5810
- RESERVED
-CVE-2020-5809
- RESERVED
+CVE-2020-5811 (An authenticated path traversal vulnerability exists during package in ...)
+ TODO: check
+CVE-2020-5810 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or curren ...)
+ TODO: check
+CVE-2020-5809 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or curren ...)
+ TODO: check
CVE-2020-5808 (In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could po ...)
NOT-FOR-US: Tenable
CVE-2020-5807 (An unauthenticated remote attacker can send data to RsvcHost.exe liste ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e3cf40bda5f7b74ab7d89d6d368980ac113a6b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e3cf40bda5f7b74ab7d89d6d368980ac113a6b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201230/7e90445c/attachment.html>
More information about the debian-security-tracker-commits
mailing list