[Git][security-tracker-team/security-tracker][master] automatic update

Tue Aug 25 09:10:31 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aec6be33 by security tracker role at 2020-08-25T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...)
+	TODO: check
+CVE-2020-24612 (An issue was discovered in the selinux-policy (aka Reference Policy) p ...)
+	TODO: check
+CVE-2020-24611
+	RESERVED
+CVE-2020-24610
+	RESERVED
+CVE-2020-24609
+	RESERVED
 CVE-2020-24608
 	RESERVED
 CVE-2020-24607
@@ -70,8 +80,8 @@ CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 al
 	NOT-FOR-US: GOG Galaxy client
 CVE-2020-24573
 	RESERVED
-CVE-2020-24572
-	RESERVED
+CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5. With ...)
+	TODO: check
 CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...)
 	NOT-FOR-US: NexusDB
 CVE-2020-24570
@@ -39312,6 +39322,7 @@ CVE-2020-7925
 CVE-2020-7924
 	RESERVED
 CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...)
+	{DLA-2344-1}
 	- mongodb <removed>
 	NOTE: https://jira.mongodb.org/browse/SERVER-47773
 CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
@@ -40583,10 +40594,10 @@ CVE-2020-7379
 	RESERVED
 CVE-2020-7378
 	RESERVED
-CVE-2020-7377
-	RESERVED
-CVE-2020-7376
-	RESERVED
+CVE-2020-7377 (The Metasploit Framework module "auxiliary/admin/http/telpho10_credent ...)
+	TODO: check
+CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx module" is a ...)
+	TODO: check
 CVE-2020-7375
 	RESERVED
 CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...)
@@ -44994,10 +45005,10 @@ CVE-2020-5622
 	RESERVED
 CVE-2020-5621
 	RESERVED
-CVE-2020-5620
-	RESERVED
-CVE-2020-5619
-	RESERVED
+CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...)
+	TODO: check
+CVE-2020-5619 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...)
+	TODO: check
 CVE-2020-5618
 	RESERVED
 CVE-2020-5617 (Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12 ...)
@@ -45152,10 +45163,10 @@ CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQ
 	NOT-FOR-US: Mitsubishi
 CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2020-5541
-	RESERVED
-CVE-2020-5540
-	RESERVED
+CVE-2020-5541 (Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows re ...)
+	TODO: check
+CVE-2020-5540 (Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x al ...)
+	TODO: check
 CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...)
 	NOT-FOR-US: GRANDIT
 CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aec6be330172ab952147aeb060a3128204211570

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aec6be330172ab952147aeb060a3128204211570
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200825/25ed0f6e/attachment.html>
