Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b9b02e9 by security tracker role at 2020-12-25T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-35708 (phpList 3.5.9 allows SQL injection by admins who provide a
crafted fou ...)
+ TODO: check
+CVE-2020-35707 (Daybyday 2.1.0 allows stored XSS via the Company Name
parameter to the ...)
+ TODO: check
+CVE-2020-35706 (Daybyday 2.1.0 allows stored XSS via the Title parameter to
the New Pr ...)
+ TODO: check
+CVE-2020-35705 (Daybyday 2.1.0 allows stored XSS via the Name parameter to the
New Use ...)
+ TODO: check
+CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the Title parameter to
the New Le ...)
+ TODO: check
+CVE-2020-35703
+ RESERVED
+CVE-2020-35702 (DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a
heap-base ...)
+ TODO: check
+CVE-2020-35701
+ RESERVED
+CVE-2020-35700
+ RESERVED
+CVE-2020-35699
+ RESERVED
+CVE-2020-35698
+ RESERVED
+CVE-2020-35697
+ RESERVED
CVE-2020-35696
RESERVED
CVE-2020-35695
@@ -6386,12 +6410,12 @@ CVE-2020-29476
RESERVED
CVE-2020-29475
RESERVED
-CVE-2020-29474
- RESERVED
+CVE-2020-29474 (EGavilan Media EGM Address Book 1.0 contains a SQL injection
vulnerabi ...)
+ TODO: check
CVE-2020-29473
RESERVED
-CVE-2020-29472
- RESERVED
+CVE-2020-29472 (EGavilan Media Under Construction page with cPanel 1.0
contains a SQL ...)
+ TODO: check
CVE-2020-29471
RESERVED
CVE-2020-29470
@@ -6893,8 +6917,8 @@ CVE-2020-29249
RESERVED
CVE-2020-29248
RESERVED
-CVE-2020-29247
- RESERVED
+CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in
the Admin ...)
+ TODO: check
CVE-2020-29246
RESERVED
CVE-2020-29245
@@ -7643,8 +7667,7 @@ CVE-2020-28914 (An improper file permissions
vulnerability affects Kata Containe
NOT-FOR-US: Kata Containers
CVE-2020-28913
RESERVED
-CVE-2020-28912
- RESERVED
+CVE-2020-28912 (With MariaDB running on Windows, when local clients connect to
the ser ...)
- mariadb-10.5 <not-affected> (Only affects MariaDB on Windows)
- mariadb-10.3 <not-affected> (Only affects MariaDB on Windows)
- mariadb-10.1 <not-affected> (Only affects MariaDB on Windows)
@@ -16888,8 +16911,8 @@ CVE-2020-26284 (Hugo is a fast and Flexible Static Site
Generator built in Go. H
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq
CVE-2020-26283
RESERVED
-CVE-2020-26282
- RESERVED
+CVE-2020-26282 (BrowserUp Proxy allows you to manipulate HTTP requests and
responses, ...)
+ TODO: check
CVE-2020-26281 (async-h1 is an asynchronous HTTP/1.1 parser for Rust
(crates.io). Ther ...)
NOT-FOR-US: Rust async-h1
CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly
system for m ...)
@@ -52767,8 +52790,8 @@ CVE-2020-11095 (In FreeRDP before version 2.1.2, an out
of bound reads occurs re
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains
a featur ...)
NOT-FOR-US: October CMS
-CVE-2020-11093
- RESERVED
+CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed
ledger pu ...)
+ TODO: check
CVE-2020-11092
RESERVED
CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a
process a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b9b02e92a90ace053daa2714b3888cb4c39b98c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b9b02e92a90ace053daa2714b3888cb4c39b98c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
