[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 28 Dec 2020 12:10:47 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3335023c by security tracker role at 2020-12-28T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2020-35765
+       RESERVED
+CVE-2020-35764
+       RESERVED
+CVE-2020-35763
+       RESERVED
+CVE-2020-35762
+       RESERVED
+CVE-2020-35761
+       RESERVED
+CVE-2020-35760
+       RESERVED
+CVE-2020-35759
+       RESERVED
+CVE-2020-35758
+       RESERVED
+CVE-2020-35757
+       RESERVED
+CVE-2020-35756
+       RESERVED
+CVE-2020-35755
+       RESERVED
+CVE-2020-35754
+       RESERVED
+CVE-2020-35753
+       RESERVED
+CVE-2020-35752
+       RESERVED
+CVE-2020-35751
+       RESERVED
+CVE-2020-35750
+       RESERVED
+CVE-2020-35749
+       RESERVED
+CVE-2020-35748
+       RESERVED
+CVE-2020-35747
+       RESERVED
+CVE-2020-35746
+       RESERVED
+CVE-2020-35745
+       RESERVED
+CVE-2020-35744
+       RESERVED
+CVE-2020-35743
+       RESERVED
+CVE-2020-35742
+       RESERVED
+CVE-2020-35741
+       RESERVED
+CVE-2020-35740
+       RESERVED
 CVE-2020-35739
        RESERVED
 CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples 
in pack ...)
@@ -19,6 +71,7 @@ CVE-2020-35731
        RESERVED
 CVE-2020-35730 [Stored cross-site scripting (XSS) via HTML or plain text 
messages with malicious content]
        RESERVED
+       {DSA-4821-1 DLA-2508-1}
        - roundcube 1.4.10+dfsg.1-1 (bug #978491)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d
 (1.4.10)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e
 (1.3.16)
@@ -84,7 +137,7 @@ CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the 
Title parameter to the
        NOT-FOR-US: Daybyday
 CVE-2020-35703
        RESERVED
-CVE-2020-35702 (DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a 
heap-base ...)
+CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 
20.12.1  ...)
        - poppler <not-affected> (Vulnerable code introduced later)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011
        NOTE: Introduced by: 
https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69
@@ -643,8 +696,8 @@ CVE-2021-21235
        RESERVED
 CVE-2021-21234
        RESERVED
-CVE-2020-35627
-       RESERVED
+CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file 
upload vul ...)
+       TODO: check
 CVE-2021-21233
        RESERVED
 CVE-2021-21232
@@ -7013,8 +7066,8 @@ CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site 
scripting (XSS) in the
        NOT-FOR-US: WonderCMS
 CVE-2020-29246
        RESERVED
-CVE-2020-29245
-       RESERVED
+CVE-2020-29245 (dhowden tag before 2020-11-19 allows "panic: runtime error: 
slice boun ...)
+       TODO: check
 CVE-2020-29244 (dhowden tag before 2020-11-19 allows "panic: runtime error: 
slice boun ...)
        NOT-FOR-US: dhowden tag
 CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error: 
index out  ...)
@@ -7183,12 +7236,12 @@ CVE-2020-29162
        RESERVED
 CVE-2020-29161
        RESERVED
-CVE-2020-29160
-       RESERVED
-CVE-2020-29159
-       RESERVED
-CVE-2020-29158
-       RESERVED
+CVE-2020-29160 (An issue was discovered in Zammad before 3.5.1. A REST API 
call allows ...)
+       TODO: check
+CVE-2020-29159 (An issue was discovered in Zammad before 3.5.1. The default 
signup Rol ...)
+       TODO: check
+CVE-2020-29158 (An issue was discovered in Zammad before 3.5.1. An Agent with 
Customer ...)
+       TODO: check
 CVE-2020-29157
        RESERVED
 CVE-2020-29156 (The WooCommerce plugin before 4.7.0 for WordPress allows 
remote attack ...)
@@ -12931,8 +12984,7 @@ CVE-2020-27839
 CVE-2020-27838
        RESERVED
        NOT-FOR-US: Keycloak
-CVE-2020-27837 [lock screen bypass when autologin is set]
-       RESERVED
+CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race 
conditio ...)
        - gdm3 3.38.2.1-1
        [buster] - gdm3 <no-dsa> (Minor issue)
        [stretch] - gdm3 <no-dsa> (Minor issue)
@@ -16396,8 +16448,8 @@ CVE-2020-26570 (The Oberthur smart card software driver 
in OpenSC before 0.21.0-
        [stretch] - opensc <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e
 (0.21.0-rc1)
-CVE-2020-26569
-       RESERVED
+CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets 
can lea ...)
+       TODO: check
 CVE-2020-26568
        RESERVED
 CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B 
devices. The C ...)
@@ -16989,8 +17041,8 @@ CVE-2020-26291
        RESERVED
 CVE-2020-26290
        RESERVED
-CVE-2020-26289
-       RESERVED
+CVE-2020-26289 (date-and-time is an npm package for manipulating date and 
time. In dat ...)
+       TODO: check
 CVE-2020-26288
        RESERVED
 CVE-2020-26287
@@ -17608,22 +17660,22 @@ CVE-2020-26037
        RESERVED
 CVE-2020-26036
        RESERVED
-CVE-2020-26035
-       RESERVED
-CVE-2020-26034
-       RESERVED
-CVE-2020-26033
-       RESERVED
-CVE-2020-26032
-       RESERVED
-CVE-2020-26031
-       RESERVED
-CVE-2020-26030
-       RESERVED
-CVE-2020-26029
-       RESERVED
-CVE-2020-26028
-       RESERVED
+CVE-2020-26035 (An issue was discovered in Zammad before 3.4.1. There is 
Stored XSS vi ...)
+       TODO: check
+CVE-2020-26034 (An account-enumeration issue was discovered in Zammad before 
3.4.1. Th ...)
+       TODO: check
+CVE-2020-26033 (An issue was discovered in Zammad before 3.4.1. The Tag and 
Link REST  ...)
+       TODO: check
+CVE-2020-26032 (An SSRF issue was discovered in Zammad before 3.4.1. The SMS 
configura ...)
+       TODO: check
+CVE-2020-26031 (An issue was discovered in Zammad before 3.4.1. The 
global-search feat ...)
+       TODO: check
+CVE-2020-26030 (An issue was discovered in Zammad before 3.4.1. There is an 
authentica ...)
+       TODO: check
+CVE-2020-26029 (An issue was discovered in Zammad before 3.4.1. There are 
wrong author ...)
+       TODO: check
+CVE-2020-26028 (An issue was discovered in Zammad before 3.4.1. Admin Users 
without a  ...)
+       TODO: check
 CVE-2020-26027
        RESERVED
 CVE-2020-26026
@@ -21521,8 +21573,8 @@ CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to 
execute shell code via E
        {DLA-2393-1}
        - snmptt 1.4.2-1
        NOTE: 
https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a
-CVE-2020-24360
-       RESERVED
+CVE-2020-24360 (An issue with ARP packets in Arista&#8217;s EOS affecting the 
7800R3,  ...)
+       TODO: check
 CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6 
incorrect ...)
        NOT-FOR-US: vault-ssh-helper
 CVE-2020-24358
@@ -38939,8 +38991,8 @@ CVE-2020-15900 (A memory corruption issue was found in 
Artifex Ghostscript 9.50
        NOTE: Fixed by: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
 (9.53.0rc1)
 CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data 
related to ...)
        NOT-FOR-US: Grin
-CVE-2020-15898
-       RESERVED
+CVE-2020-15898 (In Arista EOS malformed packets can be incorrectly forwarded 
across VL ...)
+       TODO: check
 CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x 
before 4.23. ...)
        NOT-FOR-US: Arista EOS
 CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link 
DAP-1522 devic ...)
@@ -40521,7 +40573,8 @@ CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 
3.1.1 has a hardcoded ECDSA
        NOT-FOR-US: Zyxel
 CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA 
SSH key ...)
        NOT-FOR-US: Zyxel
-CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php 
download para ...)
+CVE-2020-15311
+       REJECTED
        NOT-FOR-US: Stash
 CVE-2020-15310
        RESERVED
@@ -43488,8 +43541,8 @@ CVE-2020-14275
        RESERVED
 CVE-2020-14274
        RESERVED
-CVE-2020-14273
-       RESERVED
+CVE-2020-14273 (HCL Domino v10 and v11 is susceptible to a Denial of Service 
(DoS) vul ...)
+       TODO: check
 CVE-2020-14272
        RESERVED
 CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored 
Cross-Site Scrip ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3335023cc0add507fcada5035fd43c60f3ae5304

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3335023cc0add507fcada5035fd43c60f3ae5304
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to