[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jun 23 09:10:29 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95f5b4ca by security tracker role at 2020-06-23T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,23 @@
-CVE-2020-14983
+CVE-2020-14992
 	RESERVED
+CVE-2020-14991
+	RESERVED
+CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...)
+	TODO: check
+CVE-2020-14989
+	RESERVED
+CVE-2020-14988
+	RESERVED
+CVE-2020-14987
+	RESERVED
+CVE-2020-14986
+	RESERVED
+CVE-2020-14985
+	RESERVED
+CVE-2020-14984
+	RESERVED
+CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...)
+	TODO: check
 CVE-2020-14982
 	RESERVED
 CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
@@ -70,14 +88,14 @@ CVE-2020-14948
 	RESERVED
 CVE-2020-14947
 	RESERVED
-CVE-2020-14946
-	RESERVED
-CVE-2020-14945
-	RESERVED
-CVE-2020-14944
-	RESERVED
-CVE-2020-14943
-	RESERVED
+CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...)
+	TODO: check
+CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...)
+	TODO: check
+CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...)
+	TODO: check
+CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...)
+	TODO: check
 CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...)
 	NOT-FOR-US: Tendenci
 CVE-2020-14941
@@ -5310,8 +5328,8 @@ CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the c
 	NOT-FOR-US: cPanel
 CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...)
 	NOT-FOR-US: cPanel
-CVE-2020-12782
-	RESERVED
+CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...)
+	TODO: check
 CVE-2020-12781
 	RESERVED
 CVE-2020-12780
@@ -7159,8 +7177,8 @@ CVE-2020-12055
 	RESERVED
 CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...)
 	NOT-FOR-US: Catch Breadcrumb plugin for WordPress
-CVE-2020-12053
-	RESERVED
+CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...)
+	TODO: check
 CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS. ...)
 	- grafana <removed>
 CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote  ...)
@@ -10578,28 +10596,23 @@ CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection.
 	NOT-FOR-US: odata4j
 CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...)
 	NOT-FOR-US: odata4j
-CVE-2020-11099 [OOB Read in license_read_new_or_upgrade_license_packet]
-	RESERVED
+CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
-CVE-2020-11098 [Out-of-bound read in glyph_cache_put]
-	RESERVED
+CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
-CVE-2020-11097 [ OOB read in ntlm_av_pair_get]
-	RESERVED
+CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
-CVE-2020-11096 [Global OOB read in update_read_cache_bitmap_v3_order]
-	RESERVED
+CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
-CVE-2020-11095 [Global OOB read in update_recv_primary_order]
-	RESERVED
+CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
@@ -18682,8 +18695,8 @@ CVE-2019-20411
 	RESERVED
 CVE-2019-20410
 	RESERVED
-CVE-2019-20409
-	RESERVED
+CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...)
+	TODO: check
 CVE-2019-20408
 	RESERVED
 CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
@@ -27943,23 +27956,19 @@ CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versio
 	TODO: check
 CVE-2020-4034
 	RESERVED
-CVE-2020-4033 [OOB Read in RLEDECOMPRESS]
-	RESERVED
+CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
-CVE-2020-4032 [Integer casting vulnerability in `update_recv_secondary_order`]
-	RESERVED
+CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
-CVE-2020-4031 [Use-After-Free in gdi_SelectObject]
-	RESERVED
+CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
-CVE-2020-4030 [OOB read in `TrioParse`]
-	RESERVED
+CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95f5b4ca34d92d3f0763a150d5307d338514e483

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95f5b4ca34d92d3f0763a150d5307d338514e483
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200623/d7dc4a90/attachment.html>


More information about the debian-security-tracker-commits mailing list