[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 29 Dec 2020 00:10:39 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1853e5bf by security tracker role at 2020-12-29T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-35769 (miniserv.pl in Webmin 1.962 on Windows mishandles special 
characters i ...)
+       TODO: check
+CVE-2020-35768
+       RESERVED
+CVE-2020-35767
+       RESERVED
+CVE-2020-35766 (The test suite in libopendkim in OpenDKIM through 2.10.3 
allows local  ...)
+       TODO: check
 CVE-2020-35765
        RESERVED
 CVE-2020-35764
@@ -69,8 +77,7 @@ CVE-2020-35732
        RESERVED
 CVE-2020-35731
        RESERVED
-CVE-2020-35730 [Stored cross-site scripting (XSS) via HTML or plain text 
messages with malicious content]
-       RESERVED
+CVE-2020-35730 (linkref_addindex in rcube_string_replacer.php in Roundcube 
Webmail bef ...)
        {DSA-4821-1 DLA-2508-1}
        - roundcube 1.4.10+dfsg.1-1 (bug #978491)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d
 (1.4.10)
@@ -981,20 +988,20 @@ CVE-2020-35618
        RESERVED
 CVE-2020-35617
        RESERVED
-CVE-2020-35616
-       RESERVED
-CVE-2020-35615
-       RESERVED
-CVE-2020-35614
-       RESERVED
-CVE-2020-35613
-       RESERVED
-CVE-2020-35612
-       RESERVED
-CVE-2020-35611
-       RESERVED
-CVE-2020-35610
-       RESERVED
+CVE-2020-35616 (An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack 
of input ...)
+       TODO: check
+CVE-2020-35615 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. A 
missing tok ...)
+       TODO: check
+CVE-2020-35614 (An issue was discovered in Joomla! 3.9.0 through 3.9.22. 
Improper hand ...)
+       TODO: check
+CVE-2020-35613 (An issue was discovered in Joomla! 3.0.0 through 3.9.22. 
Improper filt ...)
+       TODO: check
+CVE-2020-35612 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The 
folder pa ...)
+       TODO: check
+CVE-2020-35611 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The 
globlal c ...)
+       TODO: check
+CVE-2020-35610 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The 
autosugge ...)
+       TODO: check
 CVE-2020-35609 (A denial-of-service vulnerability exists in the asynchronous 
ioctl fun ...)
        NOT-FOR-US: Microsoft Azure Sphere
 CVE-2020-35608 (A code execution vulnerability exists in the normal 
world&#8217;s sign ...)
@@ -15059,8 +15066,8 @@ CVE-2020-27174 (In Amazon AWS Firecracker before 
0.21.3, and 0.22.x before 0.22.
        NOT-FOR-US: Firecracker
 CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow 
to unlimi ...)
        NOT-FOR-US: vm-superio
-CVE-2020-27172
-       RESERVED
+CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using 
Symbolic link ...)
+       TODO: check
 CVE-2020-27171
        RESERVED
 CVE-2020-27170
@@ -17062,16 +17069,16 @@ CVE-2020-26292
        RESERVED
 CVE-2020-26291
        RESERVED
-CVE-2020-26290
-       RESERVED
+CVE-2020-26290 (Dex is a federated OpenID Connect provider written in Go. In 
Dex befor ...)
+       TODO: check
 CVE-2020-26289 (date-and-time is an npm package for manipulating date and 
time. In dat ...)
        TODO: check
 CVE-2020-26288
        RESERVED
-CVE-2020-26287
-       RESERVED
-CVE-2020-26286
-       RESERVED
+CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing 
markdown. ...)
+       TODO: check
+CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing 
markdown. ...)
+       TODO: check
 CVE-2020-26285
        RESERVED
 CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. 
Hugo de ...)
@@ -19054,8 +19061,8 @@ CVE-2020-25509
        RESERVED
 CVE-2020-25508
        RESERVED
-CVE-2020-25507
-       RESERVED
+CVE-2020-25507 (An incorrect permission assignment (chmod 777) of 
/etc/environment dur ...)
+       TODO: check
 CVE-2020-25506
        RESERVED
 CVE-2020-25505
@@ -45718,14 +45725,14 @@ CVE-2020-13478
        RESERVED
 CVE-2020-13477
        RESERVED
-CVE-2020-13476
-       RESERVED
+CVE-2020-13476 (NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected 
XSS in the ...)
+       TODO: check
 CVE-2020-13475
        RESERVED
-CVE-2020-13474
-       RESERVED
-CVE-2020-13473
-       RESERVED
+CVE-2020-13474 (In NCH Express Accounts 8.24 and earlier, an authenticated 
low-privile ...)
+       TODO: check
+CVE-2020-13473 (NCH Express Accounts 8.24 and earlier allows local users to 
discover t ...)
+       TODO: check
 CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 
devices all ...)
        NOT-FOR-US: Gigadevice GD32F103 devices
 CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical 
attackers to ex ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1853e5bf98e2e2e96e710f67412ae956b53b9048

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1853e5bf98e2e2e96e710f67412ae956b53b9048
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to