[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 11 Jan 2021 00:12:24 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
beafc1aa by security tracker role at 2021-01-11T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-3123
+       RESERVED
+CVE-2021-3122
+       RESERVED
+CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. 
plugin/unmarsha ...)
+       TODO: check
+CVE-2021-3120
+       RESERVED
+CVE-2021-3119
+       RESERVED
+CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS 
Imaging) ...)
+       TODO: check
+CVE-2021-3117
+       RESERVED
+CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py 
in prox ...)
+       TODO: check
+CVE-2021-3115
+       RESERVED
+CVE-2021-3114
+       RESERVED
+CVE-2021-23834
+       RESERVED
+CVE-2021-23833
+       RESERVED
+CVE-2021-23832
+       RESERVED
+CVE-2021-23831
+       RESERVED
+CVE-2021-23830
+       RESERVED
+CVE-2021-23829
+       RESERVED
+CVE-2021-23828
+       RESERVED
+CVE-2021-23827
+       RESERVED
+CVE-2021-23826
+       RESERVED
 CVE-2021-23825
        RESERVED
 CVE-2021-23824
@@ -5874,24 +5912,24 @@ CVE-2020-35728 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2999
        NOTE: Starting from 2.10 series mitigated as Safe Default Typing is 
enabled by default
        NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-35727
-       RESERVED
-CVE-2020-35726
-       RESERVED
-CVE-2020-35725
-       RESERVED
-CVE-2020-35724
-       RESERVED
-CVE-2020-35723
-       RESERVED
-CVE-2020-35722
-       RESERVED
-CVE-2020-35721
-       RESERVED
-CVE-2020-35720
-       RESERVED
-CVE-2020-35719
-       RESERVED
+CVE-2020-35727 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
+CVE-2020-35726 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
+CVE-2020-35725 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
+CVE-2020-35724 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
+CVE-2020-35723 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
+CVE-2020-35722 (** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager 
in Ques ...)
+       TODO: check
+CVE-2020-35721 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
+CVE-2020-35720 (** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy 
Authority 8 ...)
+       TODO: check
+CVE-2020-35719 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
 CVE-2020-35718
        RESERVED
 CVE-2020-35717 (zonote through 0.4.0 allows XSS via a crafted note, with 
resultant Rem ...)
@@ -9940,14 +9978,14 @@ CVE-2020-35208 (** DISPUTED ** An issue was discovered 
in the LogMein LastPass P
        NOT-FOR-US: LogMein LastPass Password Manager (aka 
com.lastpass.ilastpass) app for iOS
 CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass 
Passwor ...)
        NOT-FOR-US: LogMein LastPass Password Manager (aka 
com.lastpass.ilastpass) app for iOS
-CVE-2020-35206
-       RESERVED
-CVE-2020-35205
-       RESERVED
-CVE-2020-35204
-       RESERVED
-CVE-2020-35203
-       RESERVED
+CVE-2020-35206 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web 
Compliance Manage ...)
+       TODO: check
+CVE-2020-35205 (** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery 
(SSRF) in  ...)
+       TODO: check
+CVE-2020-35204 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy 
Authorit ...)
+       TODO: check
+CVE-2020-35203 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web 
Compliance Manage ...)
+       TODO: check
 CVE-2020-35202 (Ignite Realtime Openfire 4.6.0 has 
plugins/dbaccess/db-access.jsp sql  ...)
        NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-35201 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users 
Stored XS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beafc1aaf25c59b783266991552f80ec05da743f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beafc1aaf25c59b783266991552f80ec05da743f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to