[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 21 Aug 2020 01:10:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cd57b7e8 by security tracker role at 2020-08-21T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2020-24582
+       RESERVED
+CVE-2020-24581
+       RESERVED
+CVE-2020-24580
+       RESERVED
+CVE-2020-24579
+       RESERVED
+CVE-2020-24578
+       RESERVED
+CVE-2020-24577
+       RESERVED
+CVE-2020-24576
+       RESERVED
+CVE-2020-24575
+       RESERVED
+CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 
allows l ...)
+       TODO: check
+CVE-2020-24573
+       RESERVED
+CVE-2020-24572
+       RESERVED
+CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via 
../ dir ...)
+       TODO: check
+CVE-2020-24570
+       RESERVED
+CVE-2020-24569
+       RESERVED
+CVE-2020-24568
+       RESERVED
+CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 
2020-08- ...)
+       TODO: check
+CVE-2020-24566
+       RESERVED
+CVE-2020-24565
+       RESERVED
+CVE-2020-24564
+       RESERVED
+CVE-2020-24563
+       RESERVED
+CVE-2020-24562
+       RESERVED
+CVE-2020-24561
+       RESERVED
+CVE-2020-24560
+       RESERVED
+CVE-2020-24559
+       RESERVED
+CVE-2020-24558
+       RESERVED
+CVE-2020-24557
+       RESERVED
+CVE-2020-24556
+       RESERVED
 CVE-2020-XXXX [fossil RCE]
        - fossil 1:2.12.1-1
        NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1
@@ -19534,8 +19588,8 @@ CVE-2020-15072 (An issue was discovered in phpList 
through 3.5.4. An error-based
        - phplist <itp> (bug #612288)
 CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 
allows XSS  ...)
        NOT-FOR-US: Symphony CMS
-CVE-2020-15070
-       RESERVED
+CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a 
privileged at ...)
+       TODO: check
 CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer 
Overflow an ...)
        NOT-FOR-US: Sophos
 CVE-2020-15068
@@ -21818,8 +21872,8 @@ CVE-2018-21247 (An issue was discovered in LibVNCServer 
before 0.9.13. There is
        - libvncserver 0.9.11+dfsg-1.2
        NOTE: https://github.com/LibVNC/libvncserver/issues/253
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
-CVE-2020-14215
-       RESERVED
+CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 
0198_pr ...)
+       TODO: check
 CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, 
relies o ...)
        - zammad <itp> (bug #841355)
 CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that 
should only  ...)
@@ -21873,8 +21927,8 @@ CVE-2020-14195 (FasterXML jackson-databind 2.x before 
2.9.10.5 mishandles the in
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259
        NOTE: Starting from 2.10 series mitigated as Safe Default Typing is 
enabled by default
        NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-14194
-       RESERVED
+CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a 
topic header ...)
+       TODO: check
 CVE-2020-14193
        RESERVED
 CVE-2020-14192
@@ -25507,8 +25561,8 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 
1.6.0 has an integer over
        NOTE: 
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and 
Meridian ...)
        NOT-FOR-US: OpenNMS
-CVE-2020-12759
-       RESERVED
+CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox 
webhook ...)
+       TODO: check
 CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when 
configured wit ...)
        - consul 1.7.4+dfsg1-1
        [buster] - consul <not-affected> (Vulnerable code not present)
@@ -25900,10 +25954,10 @@ CVE-2020-12621
        RESERVED
 CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to 
/etc/pihole/dns-servers.con ...)
        NOT-FOR-US: Pi-hole
-CVE-2020-12619
-       RESERVED
-CVE-2020-12618
-       RESERVED
+CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME 
certificates and th ...)
+       TODO: check
+CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME 
certificate ...)
+       TODO: check
 CVE-2020-12617
        RESERVED
 CVE-2020-12616



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd57b7e881d8434488ca173fe47c2994a6029ff1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd57b7e881d8434488ca173fe47c2994a6029ff1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to