Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb9c5ec6 by Salvatore Bonaccorso at 2020-02-05T09:40:19+01:00
Add more CVEs for nextcloud-server
There seem to be two nextcloud related ITP's one naming for
src:nextcloud and one for src:nextcloud-server. Are those distinct,
which CVEs need to be re-evaluated?
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30400,13 +30400,13 @@ CVE-2019-15626 (The Deep Security Manager application
(Versions 10.0, 11.0 and 1
CVE-2019-15625 (A memory usage vulnerability exists in Trend Micro Password
Manager 3. ...)
NOT-FOR-US: Trend Micro
CVE-2019-15624 (Improper Input Validation in Nextcloud Server 15.0.7 allows
group admi ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15623 (Exposure of Private Information in Nextcloud Server 16.0.1
causes the ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15622 (Not strictly enough sanitization in the Nextcloud Android app
3.6.0 al ...)
NOT-FOR-US: Nextcloud Android App
CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1
causes sh ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the
existance an ...)
TODO: check
CVE-2019-15619 (Improper neutralization of file names, conversation names and
board na ...)
@@ -30414,7 +30414,7 @@ CVE-2019-15619 (Improper neutralization of file names,
conversation names and bo
CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5
allowed a ...)
TODO: check
CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker
to set ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS
pollution w ...)
TODO: check
CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0
causes a by ...)
@@ -30422,9 +30422,9 @@ CVE-2019-15615 (A wrong check for the system time in
the Android App 3.9.0 cause
CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when
opening ...)
NOT-FOR-US: Nextcloud iOS App
CVE-2019-15613 (A bug in Nextcloud Server 17.0.1 causes the workflow rules to
depend t ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15612 (A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to
not be c ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0
causes the ...)
NOT-FOR-US: Nextcloud iOS App
CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes
retaining acce ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb9c5ec67fd2382020635803c509b499ee014562
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb9c5ec67fd2382020635803c509b499ee014562
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
