[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 21 09:10:26 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd57b7e8 by security tracker role at 2020-08-21T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2020-24582
+	RESERVED
+CVE-2020-24581
+	RESERVED
+CVE-2020-24580
+	RESERVED
+CVE-2020-24579
+	RESERVED
+CVE-2020-24578
+	RESERVED
+CVE-2020-24577
+	RESERVED
+CVE-2020-24576
+	RESERVED
+CVE-2020-24575
+	RESERVED
+CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows l ...)
+	TODO: check
+CVE-2020-24573
+	RESERVED
+CVE-2020-24572
+	RESERVED
+CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...)
+	TODO: check
+CVE-2020-24570
+	RESERVED
+CVE-2020-24569
+	RESERVED
+CVE-2020-24568
+	RESERVED
+CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...)
+	TODO: check
+CVE-2020-24566
+	RESERVED
+CVE-2020-24565
+	RESERVED
+CVE-2020-24564
+	RESERVED
+CVE-2020-24563
+	RESERVED
+CVE-2020-24562
+	RESERVED
+CVE-2020-24561
+	RESERVED
+CVE-2020-24560
+	RESERVED
+CVE-2020-24559
+	RESERVED
+CVE-2020-24558
+	RESERVED
+CVE-2020-24557
+	RESERVED
+CVE-2020-24556
+	RESERVED
 CVE-2020-XXXX [fossil RCE]
 	- fossil 1:2.12.1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1
@@ -19534,8 +19588,8 @@ CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based
 	- phplist <itp> (bug #612288)
 CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS  ...)
 	NOT-FOR-US: Symphony CMS
-CVE-2020-15070
-	RESERVED
+CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a privileged at ...)
+	TODO: check
 CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...)
 	NOT-FOR-US: Sophos
 CVE-2020-15068
@@ -21818,8 +21872,8 @@ CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is
 	- libvncserver 0.9.11+dfsg-1.2
 	NOTE: https://github.com/LibVNC/libvncserver/issues/253
 	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
-CVE-2020-14215
-	RESERVED
+CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 0198_pr ...)
+	TODO: check
 CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...)
 	- zammad <itp> (bug #841355)
 CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only  ...)
@@ -21873,8 +21927,8 @@ CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-14194
-	RESERVED
+CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...)
+	TODO: check
 CVE-2020-14193
 	RESERVED
 CVE-2020-14192
@@ -25507,8 +25561,8 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer over
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...)
 	NOT-FOR-US: OpenNMS
-CVE-2020-12759
-	RESERVED
+CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...)
+	TODO: check
 CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...)
 	- consul 1.7.4+dfsg1-1
 	[buster] - consul <not-affected> (Vulnerable code not present)
@@ -25900,10 +25954,10 @@ CVE-2020-12621
 	RESERVED
 CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...)
 	NOT-FOR-US: Pi-hole
-CVE-2020-12619
-	RESERVED
-CVE-2020-12618
-	RESERVED
+CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...)
+	TODO: check
+CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME certificate ...)
+	TODO: check
 CVE-2020-12617
 	RESERVED
 CVE-2020-12616



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd57b7e881d8434488ca173fe47c2994a6029ff1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd57b7e881d8434488ca173fe47c2994a6029ff1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200821/5fa883c1/attachment.html>

More information about the debian-security-tracker-commits mailing list