diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-08-30 08:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-08-30 08:10:20 +0000 |
commit | 53137ee506392eff0a4ec5196be13a8c7af61be4 (patch) | |
tree | 5510bcc049ed19775883acfc9cb8b64975275629 /data/CVE | |
parent | b97e2690d8f3aa35c5694cae9beb2e199eda33f0 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2014.list | 1 | ||||
-rw-r--r-- | data/CVE/2020.list | 37 |
2 files changed, 28 insertions, 10 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 0fdeec9b2c..0c8189a9c7 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -24643,6 +24643,7 @@ CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers t CVE-2014-0790 RESERVED CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...) + {DLA-2356-1} - freerdp <removed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941 NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 43dd9d1cdc..497052b298 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,5 @@ +CVE-2020-25024 + RESERVED CVE-2020-25023 RESERVED CVE-2020-25022 @@ -98,8 +100,8 @@ CVE-2020-24974 RESERVED CVE-2020-24973 RESERVED -CVE-2020-24972 - RESERVED +CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...) + TODO: check CVE-2020-24971 RESERVED CVE-2020-24970 @@ -186,8 +188,8 @@ CVE-2020-24930 RESERVED CVE-2020-24929 RESERVED -CVE-2020-24928 - RESERVED +CVE-2020-24928 (managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted ...) + TODO: check CVE-2020-24927 RESERVED CVE-2020-24926 @@ -246,10 +248,10 @@ CVE-2020-24900 RESERVED CVE-2020-24899 RESERVED -CVE-2020-24898 - RESERVED -CVE-2020-24897 - RESERVED +CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...) + TODO: check +CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...) + TODO: check CVE-2020-24896 RESERVED CVE-2020-24895 @@ -19594,6 +19596,7 @@ CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of s CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...) NOT-FOR-US: RaspberryTortoise CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...) + {DLA-2354-1} - ndpi <unfixed> NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780 NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 @@ -24515,16 +24518,19 @@ CVE-2020-13400 CVE-2020-13399 RESERVED CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> @@ -29150,6 +29156,7 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte w CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) NOT-FOR-US: Zoho CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> @@ -29157,6 +29164,7 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2. NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> @@ -29170,18 +29178,21 @@ CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 thro NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820 CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> @@ -30219,6 +30230,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...) + {DLA-2353-1} - bacula 9.6.5-1 [buster] - bacula <no-dsa> (Minor issue; can be fixed via point release) - bareos <unfixed> (bug #968957) @@ -30236,6 +30248,7 @@ CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...) NOT-FOR-US: AEgir CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> @@ -30270,6 +30283,7 @@ CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> @@ -30285,6 +30299,7 @@ CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009 CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> @@ -30292,6 +30307,7 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of- NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> @@ -30312,6 +30328,7 @@ CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...) + {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> @@ -36163,13 +36180,13 @@ CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9. NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22) CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...) - {DSA-4752-1} + {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8623 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22) CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...) - {DSA-4752-1} + {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8622 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6) |