[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 6 08:10:35 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e83c53f4 by security tracker role at 2019-11-06T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2019-18786 [media: rcar_drif: fix a memory disclosure]
+CVE-2019-18792
+ RESERVED
+CVE-2019-18791
+ RESERVED
+CVE-2019-18790
+ RESERVED
+CVE-2019-18789
+ RESERVED
+CVE-2019-18788
+ RESERVED
+CVE-2019-18787
+ RESERVED
+CVE-2019-18785
+ RESERVED
+CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...)
+ TODO: check
+CVE-2019-18783
+ RESERVED
+CVE-2019-18782
+ RESERVED
+CVE-2019-18781
+ RESERVED
+CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitial ...)
- linux <unfixed>
NOTE: https://patchwork.linuxtv.org/patch/59542/
CVE-2019-18780 (An arbitrary command injection vulnerability in the Cluster Server com ...)
@@ -2394,8 +2416,8 @@ CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the L
NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1
CVE-2019-18675
RESERVED
-CVE-2019-18674
- RESERVED
+CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...)
+ TODO: check
CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...)
NOT-FOR-US: SHIFT BitBox02 devices
CVE-2019-18672
@@ -2442,8 +2464,8 @@ CVE-2019-18652
RESERVED
CVE-2019-18651
RESERVED
-CVE-2019-18650
- RESERVED
+CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...)
+ TODO: check
CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
- jupyter-notebook 5.7.4-1
NOTE: https://github.com/jupyter/notebook/pull/3341
@@ -3020,12 +3042,15 @@ CVE-2019-18467
CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It resolves ...)
NOT-FOR-US: libpod (podman library used to create container pods)
CVE-2019-18601 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of ser ...)
+ {DLA-1982-1}
- openafs 1.8.5-1 (bug #943587)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
CVE-2019-18602 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an informatio ...)
+ {DLA-1982-1}
- openafs 1.8.5-1 (bug #943587)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt
CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...)
+ {DLA-1982-1}
- openafs 1.8.5-1 (bug #943587)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has be ...)
@@ -3612,7 +3637,7 @@ CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not re
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...)
- {DLA-1974-1}
+ {DSA-4559-1 DLA-1974-1}
- proftpd-dfsg 1.3.6a-2 (bug #942831)
NOTE: https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4
NOTE: https://github.com/proftpd/proftpd/issues/846
@@ -5798,7 +5823,7 @@ CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of
NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...)
NOT-FOR-US: Rambox
-CVE-2019-17624 (In X.Org X Server 1.20.4, there is a stack-based buffer overflow in th ...)
+CVE-2019-17624 ("" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in ...)
- xorg-server <undetermined>
NOTE: https://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html
CVE-2019-17623
@@ -9323,8 +9348,8 @@ CVE-2019-16286
RESERVED
CVE-2019-16285
RESERVED
-CVE-2019-16284
- RESERVED
+CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...)
+ TODO: check
CVE-2019-16283
RESERVED
CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...)
@@ -28311,8 +28336,7 @@ CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector cl
NOTE: https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58
CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...)
NOT-FOR-US: Apache Allura
-CVE-2019-10084
- RESERVED
+CVE-2019-10084 (In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to ...)
NOT-FOR-US: Apache Impala
CVE-2019-10083
RESERVED
@@ -34408,20 +34432,20 @@ CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists i
NOT-FOR-US: Magento
CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...)
NOT-FOR-US: Adobe
-CVE-2019-8233
- RESERVED
-CVE-2019-8232
- RESERVED
-CVE-2019-8231
- RESERVED
-CVE-2019-8230
- RESERVED
-CVE-2019-8229
- RESERVED
-CVE-2019-8228
- RESERVED
-CVE-2019-8227
- RESERVED
+CVE-2019-8233 (In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 ...)
+ TODO: check
+CVE-2019-8232 (In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 pr ...)
+ TODO: check
+CVE-2019-8231 (In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated ...)
+ TODO: check
+CVE-2019-8230 (In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenti ...)
+ TODO: check
+CVE-2019-8229 (In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authent ...)
+ TODO: check
+CVE-2019-8228 (in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...)
+ TODO: check
+CVE-2019-8227 (In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...)
+ TODO: check
CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
@@ -34556,112 +34580,112 @@ CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2
NOT-FOR-US: Adobe
CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-8159
- RESERVED
-CVE-2019-8158
- RESERVED
-CVE-2019-8157
- RESERVED
-CVE-2019-8156
- RESERVED
-CVE-2019-8155
- RESERVED
-CVE-2019-8154
- RESERVED
-CVE-2019-8153
- RESERVED
-CVE-2019-8152
- RESERVED
-CVE-2019-8151
- RESERVED
-CVE-2019-8150
- RESERVED
-CVE-2019-8149
- RESERVED
-CVE-2019-8148
- RESERVED
-CVE-2019-8147
- RESERVED
-CVE-2019-8146
- RESERVED
-CVE-2019-8145
- RESERVED
-CVE-2019-8144
- RESERVED
-CVE-2019-8143
- RESERVED
-CVE-2019-8142
- RESERVED
-CVE-2019-8141
- RESERVED
-CVE-2019-8140
- RESERVED
-CVE-2019-8139
- RESERVED
-CVE-2019-8138
- RESERVED
-CVE-2019-8137
- RESERVED
-CVE-2019-8136
- RESERVED
-CVE-2019-8135
- RESERVED
-CVE-2019-8134
- RESERVED
-CVE-2019-8133
- RESERVED
-CVE-2019-8132
- RESERVED
-CVE-2019-8131
- RESERVED
-CVE-2019-8130
- RESERVED
-CVE-2019-8129
- RESERVED
-CVE-2019-8128
- RESERVED
-CVE-2019-8127
- RESERVED
-CVE-2019-8126
- RESERVED
-CVE-2019-8125
- RESERVED
-CVE-2019-8124
- RESERVED
-CVE-2019-8123
- RESERVED
-CVE-2019-8122
- RESERVED
-CVE-2019-8121
- RESERVED
-CVE-2019-8120
- RESERVED
-CVE-2019-8119
- RESERVED
-CVE-2019-8118
- RESERVED
-CVE-2019-8117
- RESERVED
-CVE-2019-8116
- RESERVED
-CVE-2019-8115
- RESERVED
-CVE-2019-8114
- RESERVED
-CVE-2019-8113
- RESERVED
-CVE-2019-8112
- RESERVED
-CVE-2019-8111
- RESERVED
-CVE-2019-8110
- RESERVED
-CVE-2019-8109
- RESERVED
-CVE-2019-8108
- RESERVED
-CVE-2019-8107
- RESERVED
+CVE-2019-8159 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8158 (An XPath entity injection vulnerability exists in Magento 2.2 prior to ...)
+ TODO: check
+CVE-2019-8157 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8156 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...)
+ TODO: check
+CVE-2019-8155 (Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF ...)
+ TODO: check
+CVE-2019-8154 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8153 (A mitigation bypass to prevent cross-site scripting (XSS) exists in Ma ...)
+ TODO: check
+CVE-2019-8152 (A stored cross-site scripting (XSS) vulnerability exists in in Magento ...)
+ TODO: check
+CVE-2019-8151 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8150 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8149 (Insecure authentication and session management vulnerability exists in ...)
+ TODO: check
+CVE-2019-8148 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8147 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8146 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8145 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8144 (A remote code execution vulnerability exists in Magento 2.3 prior to 2 ...)
+ TODO: check
+CVE-2019-8143 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
+ TODO: check
+CVE-2019-8142 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8141 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
+CVE-2019-8140 (An unrestricted file upload vulnerability exists in Magento 2.2 prior ...)
+ TODO: check
+CVE-2019-8139 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8138 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8137 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8136 (An insecure component vulnerability exists in Magento 2.2 prior to 2.2 ...)
+ TODO: check
+CVE-2019-8135 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8134 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
+ TODO: check
+CVE-2019-8133 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...)
+ TODO: check
+CVE-2019-8132 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8131 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8130 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
+ TODO: check
+CVE-2019-8129 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8128 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8127 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
+ TODO: check
+CVE-2019-8126 (An XML entity injection vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8125 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...)
+ TODO: check
+CVE-2019-8124 (An insufficient logging and monitoring vulnerability exists in Magento ...)
+ TODO: check
+CVE-2019-8123 (An insufficient logging and monitoring vulnerability exists in Magento ...)
+ TODO: check
+CVE-2019-8122 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
+CVE-2019-8121 (An insecure component vulnerability exists in Magento 2.1 prior to 2.1 ...)
+ TODO: check
+CVE-2019-8120 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8119 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
+CVE-2019-8118 (Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 ...)
+ TODO: check
+CVE-2019-8117 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
+ TODO: check
+CVE-2019-8116 (Insecure authentication and session management vulnerability exists in ...)
+ TODO: check
+CVE-2019-8115 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...)
+ TODO: check
+CVE-2019-8114 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...)
+ TODO: check
+CVE-2019-8113 (Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 us ...)
+ TODO: check
+CVE-2019-8112 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...)
+ TODO: check
+CVE-2019-8111 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8110 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8109 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
+ TODO: check
+CVE-2019-8108 (Insecure authentication and session management vulnerability exists in ...)
+ TODO: check
+CVE-2019-8107 (An arbitrary file deletion vulnerability exists in Magento 2.2 prior t ...)
+ TODO: check
CVE-2019-8106 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
NOT-FOR-US: Adobe
CVE-2019-8105 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
@@ -34688,14 +34712,14 @@ CVE-2019-8095 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 20
NOT-FOR-US: Adobe
CVE-2019-8094 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
NOT-FOR-US: Adobe
-CVE-2019-8093
- RESERVED
-CVE-2019-8092
- RESERVED
-CVE-2019-8091
- RESERVED
-CVE-2019-8090
- RESERVED
+CVE-2019-8093 (An arbitrary file access vulnerability exists in Magento 2.2 prior to ...)
+ TODO: check
+CVE-2019-8092 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...)
+ TODO: check
+CVE-2019-8091 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...)
+ TODO: check
+CVE-2019-8090 (An arbitrary file deletion vulnerability exists in Magento 2.1 prior t ...)
+ TODO: check
CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...)
NOT-FOR-US: Adobe
CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...)
@@ -39602,8 +39626,8 @@ CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable th
NOT-FOR-US: Forcepoint
CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...)
NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW)
-CVE-2019-6142
- RESERVED
+CVE-2019-6142 (It has been reported that XSS is possible in Forcepoint Email Security ...)
+ TODO: check
CVE-2019-6141
RESERVED
CVE-2019-6140 (A configuration issue has been discovered in Forcepoint Email Security ...)
@@ -42240,10 +42264,10 @@ CVE-2019-5091
RESERVED
CVE-2019-5090
RESERVED
-CVE-2019-5089
- RESERVED
-CVE-2019-5088
- RESERVED
+CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investintech ...)
+ TODO: check
+CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...)
+ TODO: check
CVE-2019-5087
RESERVED
CVE-2019-5086
@@ -42282,8 +42306,8 @@ CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthen
NOT-FOR-US: eFront LMS
CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
NOT-FOR-US: Epignosis eFront LMS
-CVE-2019-5068
- RESERVED
+CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...)
+ TODO: check
CVE-2019-5067 (An uninitialized memory access vulnerability exists in the way Aspose. ...)
NOT-FOR-US: Aspose
CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW-comp ...)
@@ -51491,16 +51515,16 @@ CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualizat
NOT-FOR-US: Cisco
CVE-2019-1983
RESERVED
-CVE-2019-1982
- RESERVED
-CVE-2019-1981
- RESERVED
-CVE-2019-1980
- RESERVED
+CVE-2019-1982 (A vulnerability in the HTTP traffic filtering component of Cisco Firep ...)
+ TODO: check
+CVE-2019-1981 (A vulnerability in the normalization functionality of Cisco Firepower ...)
+ TODO: check
+CVE-2019-1980 (A vulnerability in the protocol detection component of Cisco Firepower ...)
+ TODO: check
CVE-2019-1979
RESERVED
-CVE-2019-1978
- RESERVED
+CVE-2019-1978 (A vulnerability in the stream reassembly component of Cisco Firepower ...)
+ TODO: check
CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...)
NOT-FOR-US: Cisco
CVE-2019-1976 (A vulnerability in the “plug-and-play” services co ...)
@@ -51701,8 +51725,8 @@ CVE-2019-1879 (A vulnerability in the CLI of Cisco Integrated Management Control
NOT-FOR-US: Cisco
CVE-2019-1878 (A vulnerability in the Cisco Discovery Protocol (CDP) implementation f ...)
NOT-FOR-US: Cisco
-CVE-2019-1877
- RESERVED
+CVE-2019-1877 (A vulnerability in the HTTP API of Cisco Enterprise Chat and Email cou ...)
+ TODO: check
CVE-2019-1876 (A vulnerability in the HTTPS proxy feature of Cisco Wide Area Applicat ...)
NOT-FOR-US: Cisco
CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Prime S ...)
@@ -52011,8 +52035,8 @@ CVE-2019-1736
RESERVED
CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
NOT-FOR-US: Cisco
-CVE-2019-1734
- RESERVED
+CVE-2019-1734 (A vulnerability in the implementation of a CLI diagnostic command in C ...)
+ TODO: check
CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX- ...)
NOT-FOR-US: Cisco
CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco ...)
@@ -57584,38 +57608,38 @@ CVE-2018-19169
RESERVED
CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi (a ...)
NOT-FOR-US: FruityWifi
-CVE-2018-19167
- RESERVED
-CVE-2018-19166
- RESERVED
-CVE-2018-19165
- RESERVED
-CVE-2018-19164
- RESERVED
-CVE-2018-19163
- RESERVED
-CVE-2018-19162
- RESERVED
-CVE-2018-19161
- RESERVED
-CVE-2018-19160
- RESERVED
-CVE-2018-19159
- RESERVED
+CVE-2018-19167 (CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency ...)
+ TODO: check
+CVE-2018-19166 (peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) a ...)
+ TODO: check
+CVE-2018-19165 (neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) all ...)
+ TODO: check
+CVE-2018-19164 (reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) ...)
+ TODO: check
+CVE-2018-19163 (stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) ...)
+ TODO: check
+CVE-2018-19162 (Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allow ...)
+ TODO: check
+CVE-2018-19161 (alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows ...)
+ TODO: check
+CVE-2018-19160 (Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) ...)
+ TODO: check
+CVE-2018-19159 (lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows ...)
+ TODO: check
CVE-2018-19158 (ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurre ...)
NOT-FOR-US: ColossusCoinXT
-CVE-2018-19157
- RESERVED
-CVE-2018-19156
- RESERVED
-CVE-2018-19155
- RESERVED
-CVE-2018-19154
- RESERVED
-CVE-2018-19153
- RESERVED
-CVE-2018-19152
- RESERVED
+CVE-2018-19157 (Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) al ...)
+ TODO: check
+CVE-2018-19156 (PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allo ...)
+ TODO: check
+CVE-2018-19155 (navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) al ...)
+ TODO: check
+CVE-2018-19154 (HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) al ...)
+ TODO: check
+CVE-2018-19153 (particl through 0.17 (a chain-based proof-of-stake cryptocurrency) all ...)
+ TODO: check
+CVE-2018-19152 (emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) all ...)
+ TODO: check
CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows ...)
NOT-FOR-US: qtum
CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...)
@@ -177154,8 +177178,7 @@ CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty)
NOTE: Affects >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1
CVE-2016-4984 (/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...)
- openldap <not-affected> (Red Hat-specific)
-CVE-2016-4983
- RESERVED
+CVE-2016-4983 (A postinstall script in the dovecot rpm allows local users to read the ...)
- dovecot <not-affected> (Specific to Red Hat packaging)
CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows local use ...)
NOT-FOR-US: authd
@@ -249071,8 +249094,7 @@ CVE-2013-5125 (WebKit, as used in Apple iOS before 7, allows remote attackers to
NOT-FOR-US: Apple iOS
CVE-2013-5124
RESERVED
-CVE-2013-5123 [insecure mirroring]
- RESERVED
+CVE-2013-5123 (The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ...)
- python-pip 1.4.1-1 (unimportant)
[squeeze] - python-pip <not-affected> (Support for mirroring introduced in 0.8.1)
NOTE: This is additional hardening / security feature, not a vulnerabily (despite
@@ -291005,10 +291027,10 @@ CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attac
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1461
RESERVED
-CVE-2011-1460
- RESERVED
-CVE-2011-1459
- RESERVED
+CVE-2011-1460 (WebKit in Google Chrome before Blink M11 contains a bad cast to Render ...)
+ TODO: check
+CVE-2011-1459 (The WebKit::WebPluginContainerImpl::handleEvent function in Google Chr ...)
+ TODO: check
CVE-2011-1458
RESERVED
CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
@@ -292515,24 +292537,21 @@ CVE-2011-XXXX [kfreebsd dos]
[lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny)
- kfreebsd-7 <removed>
[lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny)
-CVE-2011-1133 [xinha XSS mode param]
- RESERVED
+CVE-2011-1133 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
- serendipity <removed> (bug #611661)
[lenny] - serendipity <not-affected> (Xinha not yet included)
[squeeze] - serendipity <no-dsa> (Minor issue)
- openacs <not-affected> (PHP bindings not used)
- dotlrn <not-affected> (PHP bindings not used)
NOTE: http://secunia.com/advisories/40669/
-CVE-2011-1134 [xinha XSS image manager]
- RESERVED
+CVE-2011-1134 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
- serendipity <removed> (bug #611661)
[lenny] - serendipity <not-affected> (Xinha not yet included)
[squeeze] - serendipity <no-dsa> (Minor issue)
- openacs <not-affected> (PHP bindings not used)
- dotlrn <not-affected> (PHP bindings not used)
NOTE: http://secunia.com/advisories/40669/
-CVE-2011-1135 [xinha multiple vulns]
- RESERVED
+CVE-2011-1135 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
- serendipity <removed> (bug #611661)
[lenny] - serendipity <not-affected> (Xinha not yet included)
[squeeze] - serendipity <no-dsa> (Minor issue)
@@ -298265,24 +298284,19 @@ CVE-2010-3668 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and
CVE-2010-3669 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows ...)
{DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
-CVE-2010-3670 [Multiple security issues]
- RESERVED
+CVE-2010-3670 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness ...)
{DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
-CVE-2010-3671 [Multiple security issues]
- RESERVED
+CVE-2010-3671 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
{DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
-CVE-2010-3672 [Multiple security issues]
- RESERVED
+CVE-2010-3672 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea v ...)
{DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
-CVE-2010-3673 [Multiple security issues]
- RESERVED
+CVE-2010-3673 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows ...)
{DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
-CVE-2010-3674 [Multiple security issues]
- RESERVED
+CVE-2010-3674 (TYPO3 before 4.4.1 allows XSS in the frontend search box. ...)
{DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-XXXX [piwigo]
@@ -302128,8 +302142,7 @@ CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise Virtuali
NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...)
- vdsm <itp> (bug #668538)
-CVE-2010-2222
- RESERVED
+CVE-2010-2222 (The _ger_parse_control function in Red Hat Directory Server 8 and the ...)
NOT-FOR-US: Red Hat Directory Server
CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...)
- iscsitarget 1.4.20.1-1
@@ -353856,8 +353869,7 @@ CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages
NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...)
NOT-FOR-US: TagIt! Tagboard
-CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
- RESERVED
+CVE-2007-0899 (There is a possible heap overflow in libclamav/fsg.c before 0.100.0. ...)
{DSA-1263-1}
- clamav 0.90-1
[etch] - clamav 0.88.7-2
@@ -362220,14 +362232,12 @@ CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read arbitr ...)
{DSA-1177-1}
- usermin <removed> (bug #374609)
-CVE-2006-4245
- RESERVED
+CVE-2006-4245 (archivemail 0.6.2 uses temporary files insecurely leading to a possibl ...)
- archivemail 0.6.2-2 (bug #385253)
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
{DSA-1239-1}
- sql-ledger 2.6.18-1 (medium; bug #386519)
-CVE-2006-4243 [linux vserver priviledge escalation in remount code]
- RESERVED
+CVE-2006-4243 (linux vserver 2.6 before 2.6.17 suffers from privilege escalation in r ...)
- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
NOT-FOR-US: JIM component for Joomla or Mambo
@@ -364879,8 +364889,7 @@ CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versi
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x be ...)
{DSA-1112}
- mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
-CVE-2006-3100 [termnetd buffer overflow]
- RESERVED
+CVE-2006-3100 (termpkg 3.3 suffers from buffer overflow. ...)
- termpkg 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
- linux-2.6 2.6.16-15
@@ -372414,11 +372423,9 @@ CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other version
- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
- xshisen 1.51-1-2 (bug #291613)
-CVE-2006-0062 [Potential xlockmore bypass]
- RESERVED
+CVE-2006-0062 (xlockmore 5.13 allows potential xlock bypass when FVWM switches to the ...)
- xlockmore 1:5.13-2.1 (bug #309760)
-CVE-2006-0061 [xlock segfaults when using libpam-opensc]
- RESERVED
+CVE-2006-0061 (xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns ...)
- xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
[sarge] - xlockmore <no-dsa> (Minor issue)
CVE-2006-0060
@@ -383608,8 +383615,7 @@ CVE-2005-XXXX [Missing input validation in xtradius]
- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
- fai 2.8.2
-CVE-2005-2354 [nvu uses old copy of mozilla xpcom]
- RESERVED
+CVE-2005-2354 (Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in ...)
NOTE: have not checked to see which security holes are in it exactly
- nvu <removed> (bug #306822; medium)
CVE-2005-2356
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e83c53f4a3f2f371eae07738bc6240dcae7154bf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e83c53f4a3f2f371eae07738bc6240dcae7154bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191106/ff0dc3af/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list