Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5347a460 by security tracker role at 2020-12-26T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,18 @@
+CVE-2020-35716 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote
attacker ...)
+ TODO: check
+CVE-2020-35715 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote
authenti ...)
+ TODO: check
+CVE-2020-35714 (Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote
authentic ...)
+ TODO: check
+CVE-2020-35713 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote
attacker ...)
+ TODO: check
+CVE-2020-35712 (Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some
configura ...)
+ TODO: check
CVE-2020-35710 (Parallels Remote Application Server (RAS) 18 allows remote
attackers t ...)
NOT-FOR-US: Parallels Remote Application Server (RAS)
CVE-2020-35709 (bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php
files (with ...)
NOT-FOR-US: bloofoxCMS
-CVE-2020-35711 [arc-swap: Dangling reference in `access::Map` with Constant]
+CVE-2020-35711 (An issue has been discovered in the arc-swap crate before
0.4.8 (and 1 ...)
- rust-arc-swap <unfixed>
NOTE: https://github.com/vorner/arc-swap/issues/45
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0091.html
@@ -937,8 +947,8 @@ CVE-2020-35577
RESERVED
CVE-2020-35576
RESERVED
-CVE-2020-35575
- RESERVED
+CVE-2020-35575 (A password-disclosure issue in the web interface on certain
TP-Link de ...)
+ TODO: check
CVE-2020-35574
RESERVED
CVE-2020-35572
@@ -3436,8 +3446,7 @@ CVE-2020-35452
RESERVED
CVE-2020-35451
RESERVED
-CVE-2020-35450 [Null Dereference when set_language is called]
- RESERVED
+CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus
handler fo ...)
- gobby <unfixed>
[buster] - gobby <no-dsa> (Minor issue)
NOTE: https://github.com/gobby/gobby/issues/183
@@ -3467,8 +3476,8 @@ CVE-2020-35439
RESERVED
CVE-2020-35438
RESERVED
-CVE-2020-35437
- RESERVED
+CVE-2020-35437 (Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS)
through t ...)
+ TODO: check
CVE-2020-35436
RESERVED
CVE-2020-35435
@@ -3565,8 +3574,8 @@ CVE-2020-35390
RESERVED
CVE-2020-35389
RESERVED
-CVE-2020-35388
- RESERVED
+CVE-2020-35388 (rainrocka xinhu 2.1.9 allows remote attackers to obtain
sensitive info ...)
+ TODO: check
CVE-2020-35387
RESERVED
CVE-2020-35386
@@ -3592,8 +3601,8 @@ CVE-2020-35378 (SQL Injection in the login page in Online
Bus Ticket Reservation
NOT-FOR-US: Online Bus Ticket Reservation
CVE-2020-35377
RESERVED
-CVE-2020-35376
- RESERVED
+CVE-2020-35376 (Xpdf 4.02 allows stack consumption because of an incorrect
subroutine ...)
+ TODO: check
CVE-2020-35375
RESERVED
CVE-2020-35374
@@ -3620,14 +3629,14 @@ CVE-2020-35364
RESERVED
CVE-2020-35363
RESERVED
-CVE-2020-35362
- RESERVED
+CVE-2020-35362 (DEXT5Upload 2.7.1262310 and earlier is affected by Directory
Traversal ...)
+ TODO: check
CVE-2020-35361
RESERVED
CVE-2020-35360
RESERVED
-CVE-2020-35359
- RESERVED
+CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate
server ...)
+ TODO: check
CVE-2020-35358
RESERVED
CVE-2020-35357
@@ -3646,14 +3655,14 @@ CVE-2020-35351
RESERVED
CVE-2020-35350
RESERVED
-CVE-2020-35349
- RESERVED
+CVE-2020-35349 (Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via
field_ti ...)
+ TODO: check
CVE-2020-35348
RESERVED
-CVE-2020-35347
- RESERVED
-CVE-2020-35346
- RESERVED
+CVE-2020-35347 (CXUUCMS V3 3.1 has a CSRF vulnerability that can add an
administrator ...)
+ TODO: check
+CVE-2020-35346 (CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability
that allow ...)
+ TODO: check
CVE-2020-35345
RESERVED
CVE-2020-35344
@@ -3776,8 +3785,8 @@ CVE-2020-35286
RESERVED
CVE-2020-35285
RESERVED
-CVE-2020-35284
- RESERVED
+CVE-2020-35284 (Flamingo (aka FlamingoIM) through 2020-09-29 allows ../
directory trav ...)
+ TODO: check
CVE-2020-35283
RESERVED
CVE-2020-35282
@@ -6612,8 +6621,7 @@ CVE-2020-29387
RESERVED
CVE-2020-29386
RESERVED
-CVE-2020-29385
- RESERVED
+CVE-2020-29385 (GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial
of serv ...)
- gdk-pixbuf 2.42.2+dfsg-1 (bug #977166)
[buster] - gdk-pixbuf <not-affected> (Vulnerable code not present)
[stretch] - gdk-pixbuf <not-affected> (Vulnerable code not present)
@@ -7085,8 +7093,8 @@ CVE-2020-29174
RESERVED
CVE-2020-29173
RESERVED
-CVE-2020-29172
- RESERVED
+CVE-2020-29172 (A cross-site scripting (XSS) vulnerability in the LiteSpeed
Cache plug ...)
+ TODO: check
CVE-2020-29171
RESERVED
CVE-2020-29170
@@ -14199,8 +14207,8 @@ CVE-2020-27517
RESERVED
CVE-2020-27516
RESERVED
-CVE-2020-27515
- RESERVED
+CVE-2020-27515 (A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz
v5.0 allows ...)
+ TODO: check
CVE-2020-27514
RESERVED
CVE-2020-27513
@@ -15869,8 +15877,8 @@ CVE-2020-26768
RESERVED
CVE-2020-26767
RESERVED
-CVE-2020-26766
- RESERVED
+CVE-2020-26766 (A Cross Site Request Forgery (CSRF) vulnerability exists in
the logins ...)
+ TODO: check
CVE-2020-26765
RESERVED
CVE-2020-26764
@@ -17767,8 +17775,8 @@ CVE-2020-25919
RESERVED
CVE-2020-25918
RESERVED
-CVE-2020-25917
- RESERVED
+CVE-2020-25917 (Stratodesk NoTouch Center before 4.4.68 is affected by:
Incorrect Acce ...)
+ TODO: check
CVE-2020-25916
RESERVED
CVE-2020-25915
@@ -29390,8 +29398,8 @@ CVE-2020-20414
RESERVED
CVE-2020-20413
RESERVED
-CVE-2020-20412
- RESERVED
+CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania
5.0.12 ...)
+ TODO: check
CVE-2020-20411
RESERVED
CVE-2020-20410
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5347a4603ee6c22f7d333a491cebac36de786c86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5347a4603ee6c22f7d333a491cebac36de786c86
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
