[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 27 Dec 2020 00:10:32 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d91627b2 by security tracker role at 2020-12-27T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-35732
+       RESERVED
+CVE-2020-35731
+       RESERVED
+CVE-2020-35730
+       RESERVED
+CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell 
metacharacters ...)
+       TODO: check
+CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       TODO: check
+CVE-2020-35727
+       RESERVED
+CVE-2020-35726
+       RESERVED
+CVE-2020-35725
+       RESERVED
+CVE-2020-35724
+       RESERVED
+CVE-2020-35723
+       RESERVED
+CVE-2020-35722
+       RESERVED
+CVE-2020-35721
+       RESERVED
+CVE-2020-35720
+       RESERVED
+CVE-2020-35719
+       RESERVED
 CVE-2020-35718
        RESERVED
 CVE-2020-35717
@@ -87,8 +115,8 @@ CVE-2020-35679 (smtpd/table.c in OpenSMTPD before 6.8.0p1 
lacks a certain regfre
        - opensmtpd <unfixed> (bug #978038)
        NOTE: 
https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043
        NOTE: https://www.mail-archive.com/[email protected]/msg05188.html
-CVE-2020-35678
-       RESERVED
+CVE-2020-35678 (Autobahn|Python before 20.12.3 allows redirect header 
injection. ...)
+       TODO: check
 CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately 
sanitiz ...)
        NOT-FOR-US: BigProf Online Invoicing System
 CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly 
sanitize ...)
@@ -3460,8 +3488,8 @@ CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer 
dereference in the D-Bus hand
        NOTE: 
https://github.com/gobby/gobby/commit/6f34307bff645eb2935d82deee0119ec89866118
 CVE-2020-35449
        RESERVED
-CVE-2020-35448
-       RESERVED
+CVE-2020-35448 (An issue was discovered in the Binary File Descriptor (BFD) 
library (a ...)
+       TODO: check
 CVE-2020-35447
        RESERVED
 CVE-2020-35446
@@ -3871,14 +3899,14 @@ CVE-2020-35247
        RESERVED
 CVE-2020-35246
        RESERVED
-CVE-2020-35245
-       RESERVED
-CVE-2020-35244
-       RESERVED
-CVE-2020-35243
-       RESERVED
-CVE-2020-35242
-       RESERVED
+CVE-2020-35245 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL 
injection vulne ...)
+       TODO: check
+CVE-2020-35244 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL 
injection vulne ...)
+       TODO: check
+CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL 
injection vulne ...)
+       TODO: check
+CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL 
injection vulne ...)
+       TODO: check
 CVE-2020-35241
        RESERVED
 CVE-2020-35240
@@ -6845,8 +6873,8 @@ CVE-2020-29301
        RESERVED
 CVE-2020-29300
        RESERVED
-CVE-2020-29299
-       RESERVED
+CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via 
an inpu ...)
+       TODO: check
 CVE-2020-29298
        RESERVED
 CVE-2020-29297
@@ -6943,10 +6971,10 @@ CVE-2020-29252
        RESERVED
 CVE-2020-29251
        RESERVED
-CVE-2020-29250
-       RESERVED
-CVE-2020-29249
-       RESERVED
+CVE-2020-29250 (CXUUCMS V3 allows XSS via the first and third input fields to 
/public/ ...)
+       TODO: check
+CVE-2020-29249 (CXUUCMS V3 allows class="layui-input" XSS. ...)
+       TODO: check
 CVE-2020-29248
        RESERVED
 CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in 
the Admin ...)
@@ -7035,10 +7063,10 @@ CVE-2020-29206
        RESERVED
 CVE-2020-29205
        RESERVED
-CVE-2020-29204
-       RESERVED
-CVE-2020-29203
-       RESERVED
+CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 
20-charact ...)
+       TODO: check
+CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow 
because ...)
+       TODO: check
 CVE-2020-29202
        RESERVED
 CVE-2020-29201
@@ -60247,10 +60275,10 @@ CVE-2020-8292
        RESERVED
 CVE-2020-8291
        RESERVED
-CVE-2020-8290
-       RESERVED
-CVE-2020-8289
-       RESERVED
+CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 
suffer  ...)
+       TODO: check
+CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS 
before  ...)
+       TODO: check
 CVE-2020-8288
        RESERVED
 CVE-2020-8287
@@ -61532,8 +61560,8 @@ CVE-2020-7847
        RESERVED
 CVE-2020-7846
        RESERVED
-CVE-2020-7845
-       RESERVED
+CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow 
vulnerabi ...)
+       TODO: check
 CVE-2020-7844
        RESERVED
 CVE-2020-7843



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91627b2b10f1ed0d614643b032f490e5d47c7c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91627b2b10f1ed0d614643b032f490e5d47c7c4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to