[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 23 09:10:29 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95f5b4ca by security tracker role at 2020-06-23T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,23 @@
-CVE-2020-14983
+CVE-2020-14992
RESERVED
+CVE-2020-14991
+ RESERVED
+CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...)
+ TODO: check
+CVE-2020-14989
+ RESERVED
+CVE-2020-14988
+ RESERVED
+CVE-2020-14987
+ RESERVED
+CVE-2020-14986
+ RESERVED
+CVE-2020-14985
+ RESERVED
+CVE-2020-14984
+ RESERVED
+CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...)
+ TODO: check
CVE-2020-14982
RESERVED
CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
@@ -70,14 +88,14 @@ CVE-2020-14948
RESERVED
CVE-2020-14947
RESERVED
-CVE-2020-14946
- RESERVED
-CVE-2020-14945
- RESERVED
-CVE-2020-14944
- RESERVED
-CVE-2020-14943
- RESERVED
+CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...)
+ TODO: check
+CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...)
+ TODO: check
+CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...)
+ TODO: check
+CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...)
+ TODO: check
CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...)
NOT-FOR-US: Tendenci
CVE-2020-14941
@@ -5310,8 +5328,8 @@ CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the c
NOT-FOR-US: cPanel
CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...)
NOT-FOR-US: cPanel
-CVE-2020-12782
- RESERVED
+CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...)
+ TODO: check
CVE-2020-12781
RESERVED
CVE-2020-12780
@@ -7159,8 +7177,8 @@ CVE-2020-12055
RESERVED
CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...)
NOT-FOR-US: Catch Breadcrumb plugin for WordPress
-CVE-2020-12053
- RESERVED
+CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...)
+ TODO: check
CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS. ...)
- grafana <removed>
CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...)
@@ -10578,28 +10596,23 @@ CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection.
NOT-FOR-US: odata4j
CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...)
NOT-FOR-US: odata4j
-CVE-2020-11099 [OOB Read in license_read_new_or_upgrade_license_packet]
- RESERVED
+CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
-CVE-2020-11098 [Out-of-bound read in glyph_cache_put]
- RESERVED
+CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
-CVE-2020-11097 [ OOB read in ntlm_av_pair_get]
- RESERVED
+CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
-CVE-2020-11096 [Global OOB read in update_read_cache_bitmap_v3_order]
- RESERVED
+CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
-CVE-2020-11095 [Global OOB read in update_recv_primary_order]
- RESERVED
+CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
@@ -18682,8 +18695,8 @@ CVE-2019-20411
RESERVED
CVE-2019-20410
RESERVED
-CVE-2019-20409
- RESERVED
+CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...)
+ TODO: check
CVE-2019-20408
RESERVED
CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
@@ -27943,23 +27956,19 @@ CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versio
TODO: check
CVE-2020-4034
RESERVED
-CVE-2020-4033 [OOB Read in RLEDECOMPRESS]
- RESERVED
+CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
-CVE-2020-4032 [Integer casting vulnerability in `update_recv_secondary_order`]
- RESERVED
+CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
-CVE-2020-4031 [Use-After-Free in gdi_SelectObject]
- RESERVED
+CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
-CVE-2020-4030 [OOB read in `TrioParse`]
- RESERVED
+CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95f5b4ca34d92d3f0763a150d5307d338514e483
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95f5b4ca34d92d3f0763a150d5307d338514e483
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200623/d7dc4a90/attachment.html>
More information about the debian-security-tracker-commits
mailing list