[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 23 Jun 2020 01:11:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
95f5b4ca by security tracker role at 2020-06-23T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,23 @@
-CVE-2020-14983
+CVE-2020-14992
        RESERVED
+CVE-2020-14991
+       RESERVED
+CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users 
to gain p ...)
+       TODO: check
+CVE-2020-14989
+       RESERVED
+CVE-2020-14988
+       RESERVED
+CVE-2020-14987
+       RESERVED
+CVE-2020-14986
+       RESERVED
+CVE-2020-14985
+       RESERVED
+CVE-2020-14984
+       RESERVED
+CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 
doesn't valid ...)
+       TODO: check
 CVE-2020-14982
        RESERVED
 CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 
for iOS ha ...)
@@ -70,14 +88,14 @@ CVE-2020-14948
        RESERVED
 CVE-2020-14947
        RESERVED
-CVE-2020-14946
-       RESERVED
-CVE-2020-14945
-       RESERVED
-CVE-2020-14944
-       RESERVED
-CVE-2020-14943
-       RESERVED
+CVE-2020-14946 (downloadFile.ashx in the Administrator section of the 
Surveillance mod ...)
+       TODO: check
+CVE-2020-14945 (A privilege escalation vulnerability exists within Global 
RADAR BSA Ra ...)
+       TODO: check
+CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid 
authoriz ...)
+       TODO: check
+CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA 
Radar 1.6.72 ...)
+       TODO: check
 CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in 
apps\helpdesk\ ...)
        NOT-FOR-US: Tendenci
 CVE-2020-14941
@@ -5310,8 +5328,8 @@ CVE-2020-12785 (cPanel before 86.0.14 allows attackers to 
obtain access to the c
        NOT-FOR-US: cPanel
 CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a 
bandwidth s ...)
        NOT-FOR-US: cPanel
-CVE-2020-12782
-       RESERVED
+CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when 
receiving e ...)
+       TODO: check
 CVE-2020-12781
        RESERVED
 CVE-2020-12780
@@ -7159,8 +7177,8 @@ CVE-2020-12055
        RESERVED
 CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows 
Reflecte ...)
        NOT-FOR-US: Catch Breadcrumb plugin for WordPress
-CVE-2020-12053
-       RESERVED
+CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if 
certificate-ba ...)
+       TODO: check
 CVE-2020-12052 (Grafana version &lt; 6.7.3 is vulnerable for annotation popup 
XSS. ...)
        - grafana <removed>
 CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows 
remote  ...)
@@ -10578,28 +10596,23 @@ CVE-2016-11024 (odata4j 0.7.0 allows 
ExecuteJPQLQueryCommand.java SQL injection.
        NOT-FOR-US: odata4j
 CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL 
injection. NOTE ...)
        NOT-FOR-US: odata4j
-CVE-2020-11099 [OOB Read in license_read_new_or_upgrade_license_packet]
-       RESERVED
+CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds 
read in lic ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
-CVE-2020-11098 [Out-of-bound read in glyph_cache_put]
-       RESERVED
+CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read 
in glyp ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
-CVE-2020-11097 [ OOB read in ntlm_av_pair_get]
-       RESERVED
+CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs 
resultin ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
-CVE-2020-11096 [Global OOB read in update_read_cache_bitmap_v3_order]
-       RESERVED
+CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in 
update_ ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
-CVE-2020-11095 [Global OOB read in update_recv_primary_order]
-       RESERVED
+CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs 
resultin ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
@@ -18682,8 +18695,8 @@ CVE-2019-20411
        RESERVED
 CVE-2019-20410
        RESERVED
-CVE-2019-20409
-       RESERVED
+CVE-2019-20409 (The way in which velocity templates were used in Atlassian 
Jira Server ...)
+       TODO: check
 CVE-2019-20408
        RESERVED
 CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira 
Software ...)
@@ -27943,23 +27956,19 @@ CVE-2020-4035 (In WatermelonDB (NPM package 
"@nozbe/watermelondb") before versio
        TODO: check
 CVE-2020-4034
        RESERVED
-CVE-2020-4033 [OOB Read in RLEDECOMPRESS]
-       RESERVED
+CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read 
in RLE ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
-CVE-2020-4032 [Integer casting vulnerability in `update_recv_secondary_order`]
-       RESERVED
+CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting 
vulnerabi ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
-CVE-2020-4031 [Use-After-Free in gdi_SelectObject]
-       RESERVED
+CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in 
gdi_Sele ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
-CVE-2020-4030 [OOB read in `TrioParse`]
-       RESERVED
+CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read 
in Tri ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95f5b4ca34d92d3f0763a150d5307d338514e483

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95f5b4ca34d92d3f0763a150d5307d338514e483
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to