Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
351923c6 by security tracker role at 2020-12-28T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-35739
+ RESERVED
+CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples
in pack ...)
+ TODO: check
+CVE-2020-35737
+ RESERVED
CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without
authentication via ...)
NOT-FOR-US: GateOne
CVE-2020-35735
@@ -7006,12 +7012,12 @@ CVE-2020-29246
RESERVED
CVE-2020-29245
RESERVED
-CVE-2020-29244
- RESERVED
-CVE-2020-29243
- RESERVED
-CVE-2020-29242
- RESERVED
+CVE-2020-29244 (dhowden tag before 2020-11-19 allows "panic: runtime error:
slice boun ...)
+ TODO: check
+CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error:
index out ...)
+ TODO: check
+CVE-2020-29242 (dhowden tag before 2020-11-19 allows "panic: runtime error:
index out ...)
+ TODO: check
CVE-2020-29241
RESERVED
CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An
attacke ...)
@@ -7106,10 +7112,10 @@ CVE-2020-29196
RESERVED
CVE-2020-29195
RESERVED
-CVE-2020-29194
- RESERVED
-CVE-2020-29193
- RESERVED
+CVE-2020-29194 (Panasonic Security System WV-S2231L 4.25 allows a denial of
service of ...)
+ TODO: check
+CVE-2020-29193 (Panasonic Security System WV-S2231L 4.25 has an insecure
hard-coded pa ...)
+ TODO: check
CVE-2020-29192
RESERVED
CVE-2020-29191
@@ -12126,14 +12132,14 @@ CVE-2020-28098
RESERVED
CVE-2020-28097
RESERVED
-CVE-2020-28096
- RESERVED
+CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical
UART acc ...)
+ TODO: check
CVE-2020-28095
RESERVED
-CVE-2020-28094
- RESERVED
-CVE-2020-28093
- RESERVED
+CVE-2020-28094 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the
default set ...)
+ TODO: check
+CVE-2020-28093 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin,
support, ...)
+ TODO: check
CVE-2020-28092 (PESCMS Team 2.3.2 has multiple reflected XSS via the id
parameter:?g=T ...)
NOT-FOR-US: PESCMS Team
CVE-2020-28091 (cxuucms v3 has a SQL injection vulnerability, which can lead
to the le ...)
@@ -17046,10 +17052,12 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables
JupyterHub to spawn single-use
CVE-2020-26260 (BookStack is a platform for storing and organising information
and doc ...)
NOT-FOR-US: BookStack
CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back
again. ...)
+ {DLA-2507-1}
- libxstream-java 1.4.15-1 (bug #977624)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh
NOTE: https://x-stream.github.io/CVE-2020-26259.html
CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back
again. ...)
+ {DLA-2507-1}
- libxstream-java 1.4.15-1 (bug #977625)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
NOTE: https://x-stream.github.io/CVE-2020-26258.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/351923c6e65d3155597a893f4e53e7b08d8c75c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/351923c6e65d3155597a893f4e53e7b08d8c75c1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
