[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 6 20:10:39 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf258506 by security tracker role at 2019-11-06T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...)
+ TODO: check
+CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...)
+ TODO: check
+CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...)
+ TODO: check
+CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...)
+ TODO: check
+CVE-2019-18796
+ RESERVED
+CVE-2019-18795
+ RESERVED
+CVE-2019-18794
+ RESERVED
+CVE-2019-18793
+ RESERVED
+CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...)
+ TODO: check
CVE-2019-18792
RESERVED
CVE-2019-18791
@@ -13801,8 +13819,7 @@ CVE-2019-14849
RESERVED
CVE-2019-14848
RESERVED
-CVE-2019-14847
- RESERVED
+CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...)
- samba 2:4.11.0+dfsg-6
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -13842,8 +13859,7 @@ CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2
NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
CVE-2019-14834
RESERVED
-CVE-2019-14833
- RESERVED
+CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...)
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -20103,18 +20119,18 @@ CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+
NOT-FOR-US: XnView
CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_ ...)
NOT-FOR-US: Chamilo LMS
-CVE-2019-13081
- RESERVED
-CVE-2019-13080
- RESERVED
-CVE-2019-13079
- RESERVED
-CVE-2019-13078
- RESERVED
-CVE-2019-13077
- RESERVED
-CVE-2019-13076
- RESERVED
+CVE-2019-13081 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
+ TODO: check
+CVE-2019-13080 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
+ TODO: check
+CVE-2019-13079 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
+ TODO: check
+CVE-2019-13078 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
+ TODO: check
+CVE-2019-13077 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
+ TODO: check
+CVE-2019-13076 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
+ TODO: check
CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerability. I ...)
- firefox-esr 68.2.0esr-1 (unimportant)
- firefox 68.0-1 (unimportant)
@@ -20565,10 +20581,10 @@ CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 d
NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and DOG-2W-V4 devices
CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices
-CVE-2019-12918
- RESERVED
-CVE-2019-12917
- RESERVED
+CVE-2019-12918 (Quest KACE Systems Management Appliance Server Center version 9.1.317 ...)
+ TODO: check
+CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems Management ...)
+ TODO: check
CVE-2019-12916
RESERVED
CVE-2019-12915
@@ -27017,8 +27033,8 @@ CVE-2019-10567
RESERVED
CVE-2019-10566
RESERVED
-CVE-2019-10565
- RESERVED
+CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
+ TODO: check
CVE-2019-10564
RESERVED
CVE-2019-10563
@@ -27066,10 +27082,10 @@ CVE-2019-10544
RESERVED
CVE-2019-10543
RESERVED
-CVE-2019-10542
- RESERVED
-CVE-2019-10541
- RESERVED
+CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted firmware file ...)
+ TODO: check
+CVE-2019-10541 (Dereference on uninitialized buffer can happen when parsing FLV clip w ...)
+ TODO: check
CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of count val ...)
NOT-FOR-US: Snapdragon
CVE-2019-10539 (Possible buffer overflow issue due to lack of length check when parsin ...)
@@ -27082,33 +27098,33 @@ CVE-2019-10536
RESERVED
CVE-2019-10535
RESERVED
-CVE-2019-10534
- RESERVED
-CVE-2019-10533
- RESERVED
+CVE-2019-10534 (Null-pointer dereference can occur while accessing the super index ent ...)
+ TODO: check
+CVE-2019-10533 (Out of bound access due to improper validation of array index cause th ...)
+ TODO: check
CVE-2019-10532
RESERVED
-CVE-2019-10531
- RESERVED
+CVE-2019-10531 (Incorrect reading of system image resulting in buffer overflow when si ...)
+ TODO: check
CVE-2019-10530
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10529
- RESERVED
-CVE-2019-10528
- RESERVED
+CVE-2019-10529 (Possible use after free issue due to race condition while attempting t ...)
+ TODO: check
+CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog session inf ...)
+ TODO: check
CVE-2019-10527
RESERVED
CVE-2019-10526
RESERVED
CVE-2019-10525
RESERVED
-CVE-2019-10524
- RESERVED
+CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrongly int ...)
+ TODO: check
CVE-2019-10523
RESERVED
-CVE-2019-10522
- RESERVED
+CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow can occur ...)
+ TODO: check
CVE-2019-10521
RESERVED
CVE-2019-10520
@@ -27122,14 +27138,14 @@ CVE-2019-10517
RESERVED
CVE-2019-10516
RESERVED
-CVE-2019-10515
- RESERVED
+CVE-2019-10515 (DCI client which might be preemptively freed up might be accessed for ...)
+ TODO: check
CVE-2019-10514
RESERVED
CVE-2019-10513
RESERVED
-CVE-2019-10512
- RESERVED
+CVE-2019-10512 (Payload size is not checked before using it as array index in audio in ...)
+ TODO: check
CVE-2019-10511
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -27143,14 +27159,14 @@ CVE-2019-10507 (Lack of check of extscan change results received from firmware c
NOT-FOR-US: Snapdragon
CVE-2019-10506 (While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor comm ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10505
- RESERVED
-CVE-2019-10504
- RESERVED
+CVE-2019-10505 (Out of bound access while processing a non-standard IE measurement req ...)
+ TODO: check
+CVE-2019-10504 (Firmware not able to send EXT scan response to host within 1 sec due t ...)
+ TODO: check
CVE-2019-10503
RESERVED
-CVE-2019-10502
- RESERVED
+CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size is acces ...)
+ TODO: check
CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
NOT-FOR-US: Snapdragon
CVE-2019-10500
@@ -27161,10 +27177,10 @@ CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 io_vec
NOT-FOR-US: Snapdragon
CVE-2019-10497 (Use after free issue occurs If another instance of open for voice_svc ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10496
- RESERVED
-CVE-2019-10495
- RESERVED
+CVE-2019-10496 (Lack of checking a variable received from driver and populating in Fir ...)
+ TODO: check
+CVE-2019-10495 (Arbitrary buffer write issue while processing sequence header during H ...)
+ TODO: check
CVE-2019-10494
RESERVED
CVE-2019-10493
@@ -27172,14 +27188,14 @@ CVE-2019-10493
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10491
- RESERVED
+CVE-2019-10491 (ADSP can be compromised since it`s a general-purpose CPU processing un ...)
+ TODO: check
CVE-2019-10490
RESERVED
CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10488
- RESERVED
+CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks while ...)
+ TODO: check
CVE-2019-10487
RESERVED
CVE-2019-10486
@@ -27809,8 +27825,7 @@ CVE-2019-10219
- libhibernate-validator-java <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673
TODO: 20190910: Asked for more information in #1738673. (apo)
-CVE-2019-10218
- RESERVED
+CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba ...)
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -39711,12 +39726,12 @@ CVE-2019-6124
RESERVED
CVE-2019-6123
RESERVED
-CVE-2019-6122
- RESERVED
-CVE-2019-6121
- RESERVED
-CVE-2019-6120
- RESERVED
+CVE-2019-6122 (A Username Enumeration via Error Message issue was discovered in NiceH ...)
+ TODO: check
+CVE-2019-6121 (An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Auth ...)
+ TODO: check
+CVE-2019-6120 (An issue was discovered in NiceHash Miner before 2.0.3.0. A missing ra ...)
+ TODO: check
CVE-2019-6119
RESERVED
CVE-2019-6118
@@ -41059,12 +41074,12 @@ CVE-2019-5646
RESERVED
CVE-2019-5645
RESERVED
-CVE-2019-5644
- RESERVED
-CVE-2019-5643
- RESERVED
-CVE-2019-5642
- RESERVED
+CVE-2019-5644 (Computing For Good's Basic Laboratory Information System (also known a ...)
+ TODO: check
+CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also known a ...)
+ TODO: check
+CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from ...)
+ TODO: check
CVE-2019-5641
RESERVED
CVE-2019-5640
@@ -41113,8 +41128,8 @@ CVE-2019-5619
RESERVED
CVE-2019-5618
RESERVED
-CVE-2019-5617
- RESERVED
+CVE-2019-5617 (Computing For Good's Basic Laboratory Information System (also known a ...)
+ TODO: check
CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical ...)
NOT-FOR-US: CircuitWerkes Sicon-8
CVE-2019-5615 (Users with Site-level permissions can access files containing the user ...)
@@ -46044,6 +46059,7 @@ CVE-2019-3466
RESERVED
CVE-2019-3465
RESERVED
+ {DSA-4560-1 DLA-1983-1}
- simplesamlphp 1.17.6-2 (bug #944107)
NOTE: https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ
CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...)
@@ -47128,7 +47144,7 @@ CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS)
CVE-2018-20321 (An issue was discovered in Rancher 2 through 2.1.5. Any project member ...)
NOT-FOR-US: Rancher
CVE-2018-20320
- RESERVED
+ REJECTED
CVE-2018-20319
RESERVED
CVE-2018-20318 (An issue was discovered in weixin-java-tools v3.2.0. There is an XXE v ...)
@@ -50530,10 +50546,10 @@ CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2332
- RESERVED
-CVE-2019-2331
- RESERVED
+CVE-2019-2332 (Memory corruption while accessing the memory as payload size is not va ...)
+ TODO: check
+CVE-2019-2331 (Possible Integer overflow because of subtracting two integers without ...)
+ TODO: check
CVE-2019-2330 (improper input validation in allocation request for secure allocations ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2329
@@ -50544,12 +50560,12 @@ CVE-2019-2327 (Possible buffer overflow can occur when playing clip with incorre
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2326 (Data token is received from ADSP and is used without validation as an ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2325
- RESERVED
-CVE-2019-2324
- RESERVED
-CVE-2019-2323
- RESERVED
+CVE-2019-2325 (Out of boundary access due to token received from ADSP and is used wit ...)
+ TODO: check
+CVE-2019-2324 (When ADSP is compromised, the audio port index that`s returned from AD ...)
+ TODO: check
+CVE-2019-2323 (Lack of check to ensure crypto engine data passed by user is initializ ...)
+ TODO: check
CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non-stan ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2321
@@ -50594,8 +50610,8 @@ CVE-2019-2304
RESERVED
CVE-2019-2303
RESERVED
-CVE-2019-2302
- RESERVED
+CVE-2019-2302 (While processing vendor command which contains corrupted channel count ...)
+ TODO: check
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
NOT-FOR-US: Snapdragon
CVE-2019-2300
@@ -50629,12 +50645,12 @@ CVE-2019-2287 (Improper validation for inputs received from firmware can lead to
NOT-FOR-US: Snapdragon
CVE-2019-2286
RESERVED
-CVE-2019-2285
- RESERVED
+CVE-2019-2285 (Out of bound write issue is observed while giving information about pr ...)
+ TODO: check
CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2283
- RESERVED
+CVE-2019-2283 (Improper validation of read and write index of tx and rx fifo`s before ...)
+ TODO: check
CVE-2019-2282
RESERVED
CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...)
@@ -50649,8 +50665,8 @@ CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on u
NOT-FOR-US: Snapdragon
CVE-2019-2276 (Possible out of bound read occurs while processing beaconing request d ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2275
- RESERVED
+CVE-2019-2275 (While deserializing any key blob during key operations, buffer overflo ...)
+ TODO: check
CVE-2019-2274
RESERVED
CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of serv ...)
@@ -50683,8 +50699,8 @@ CVE-2019-2260 (A race condition occurs while processing perf-event which can lea
NOT-FOR-US: Snapdragon
CVE-2019-2259 (Resource allocation error while playing the video whose dimensions are ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2258
- RESERVED
+CVE-2019-2258 (Improper validation of array index causes OOB write and then leads to ...)
+ TODO: check
CVE-2019-2257 (Wrong permissions in configuration file can lead to unauthorized permi ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2256 (An unprivileged user can craft a bitstream such that the payload encod ...)
@@ -50701,14 +50717,14 @@ CVE-2019-2251
RESERVED
CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2249
- RESERVED
+CVE-2019-2249 (Kernel can do a memory read from arbitrary address passed by user duri ...)
+ TODO: check
CVE-2019-2248 (Buffer overflow can occur if invalid header tries to overwrite the exi ...)
NOT-FOR-US: Snapdragon
CVE-2019-2247 (Possibility of double free issue while running multiple instances of s ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2246
- RESERVED
+CVE-2019-2246 (Thread start can cause invalid memory writes to arbitrary memory locat ...)
+ TODO: check
CVE-2019-2245 (Possible integer underflow can happen when calculating length of eleme ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2244 (Possible integer underflow can happen when calculating length of eleme ...)
@@ -172639,8 +172655,7 @@ CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout durin ...)
NOT-FOR-US: F5
-CVE-2016-1000037
- RESERVED
+CVE-2016-1000037 (Pagure: XSS possible in file attachment endpoint ...)
- pagure <itp> (bug #829046)
CVE-2016-1000030 (Pidgin version <2.11.0 contains a vulnerability in X.509 Certificat ...)
- pidgin 2.11.0-1 (unimportant)
@@ -179121,8 +179136,8 @@ CVE-2016-4403 (A security vulnerability was identified in the Filter SDK compone
NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4402 (A security vulnerability was identified in the Filter SDK component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
-CVE-2016-4401
- RESERVED
+CVE-2016-4401 (Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 all ...)
+ TODO: check
CVE-2016-4400 (A security vulnerability was identified in HP Network Node Manager i ( ...)
NOT-FOR-US: HP Network Node Manager i
CVE-2016-4399 (A security vulnerability was identified in HP Network Node Manager i ( ...)
@@ -196987,8 +197002,8 @@ CVE-2015-7278 (Cross-site request forgery (CSRF) vulnerability on Amped Wireless
NOT-FOR-US: Amped Wireless
CVE-2015-7277 (The web administration interface on Amped Wireless R10000 devices with ...)
NOT-FOR-US: Amped Wireless
-CVE-2015-7276
- RESERVED
+CVE-2015-7276 (Technicolor C2000T and C2100T uses hard-coded cryptographic keys. ...)
+ TODO: check
CVE-2015-7275 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 ...)
NOT-FOR-US: Dell iDRAC
CVE-2015-7274 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows ...)
@@ -222454,8 +222469,7 @@ CVE-2014-8182 [crash in ldap_domain2hostlist when processing SRV records]
NOTE: Reference for upstream fix: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
NOTE: and: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26 claims this flaw was never in a OpenLDAP release
-CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer]
- RESERVED
+CVE-2014-8181 (The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garb ...)
- linux <not-affected> (Specific to RHEL 7)
CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass authentica ...)
NOT-FOR-US: Red Hat Satellite
@@ -280254,24 +280268,19 @@ CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cau
- apache2 2.2.15-3 (medium; bug #533661)
- apache <removed> (medium; bug #533662)
[lenny] - apache2 <no-dsa> (Minor issue)
-CVE-2011-4904
- RESERVED
+CVE-2011-4904 (TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4903
- RESERVED
+CVE-2011-4903 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4902
- RESERVED
+CVE-2011-4902 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4901
- RESERVED
+CVE-2011-4901 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4900
- RESERVED
+CVE-2011-4900 (TYPO3 before 4.5.4 allows Information Disclosure in the backend. ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2012-0264 (op5 Monitor and op5 Appliance before 5.5.0 do not properly manage sess ...)
@@ -281556,36 +281565,28 @@ CVE-2011-4634 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-4633
RESERVED
-CVE-2011-4632
- RESERVED
+CVE-2011-4632 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4631
- RESERVED
+CVE-2011-4631 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4630
- RESERVED
+CVE-2011-4630 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4629
- RESERVED
+CVE-2011-4629 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4628
- RESERVED
+CVE-2011-4628 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4627
- RESERVED
+CVE-2011-4627 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4626
- RESERVED
+CVE-2011-4626 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4625 [simplesamlphp xml encryption issues]
- RESERVED
+CVE-2011-4625 (simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectl ...)
{DSA-2330-1}
- simplesamlphp 1.8.1-1
CVE-2011-4624 (Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND ...)
@@ -291554,8 +291555,8 @@ CVE-2011-1300 (The Program::getActiveUniformMaxLength function in libGLESv2/Prog
NOT-FOR-US: Mozilla Firefox on Windows, Google Chrome on Windows
CVE-2011-1299
RESERVED
-CVE-2011-1298
- RESERVED
+CVE-2011-1298 (An Integer Overflow exists in WebKit in Google Chrome before Blink M11 ...)
+ TODO: check
CVE-2011-1297
RESERVED
CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG text, w ...)
@@ -296802,8 +296803,7 @@ CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSC
NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, Realt ...)
NOT-FOR-US: RedHat documentation of MRG
-CVE-2010-4178
- RESERVED
+CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into process lis ...)
- mysql-gui-tools <unfixed> (low; bug #605542)
[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
@@ -302135,8 +302135,7 @@ CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x befo
CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel befor ...)
{DSA-2094-1}
- linux-2.6 2.6.32-12 (low)
-CVE-2010-2247 [makepasswd: insecure passwords generated with default settings]
- RESERVED
+CVE-2010-2247 (makepasswd 1.10 default settings generate insecure passwords ...)
- makepasswd 1.10-5 (low; bug #564559)
[lenny] - makepasswd 1.10-3+lenny1
CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might all ...)
@@ -305519,8 +305518,7 @@ CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to
- freeciv 2.2.1-1 (low; bug #584589)
[lenny] - freeciv <no-dsa> (Minor issue)
NOTE: http://gna.org/bugs/?15624
-CVE-2010-2446 [Rbot Owner Reaction Command Execution]
- RESERVED
+CVE-2010-2446 (Rbot Reaction plugin allows command execution ...)
- rbot 0.9.14-2 (bug #575286)
[lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
[etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
@@ -306437,8 +306435,7 @@ CVE-2010-2472 [Locale module cross site scripting]
RESERVED
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2471 [Open redirection]
- RESERVED
+CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
CVE-2010-2250 [Installation cross site scripting]
@@ -306852,8 +306849,7 @@ CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows re
CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
- linux-2.6 2.6.12-1
- linux-2.6.24 <not-affected> (fixed before 2.6.24)
-CVE-2009-5050 [konversation DoS]
- RESERVED
+CVE-2009-5050 (konversation before 1.2.3 allows attackers to cause a denial of servic ...)
- konversation 1.2.3-1 (low)
[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
@@ -311008,13 +311004,11 @@ CVE-2009-5047 [multiple vulnerabilities in jetty]
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5048 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5048 (Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5049 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5049 (WebApp JSP Snoop page XSS in jetty though 6.1.21. ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf2585062ff2a934362d783a7d8323738427beb3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf2585062ff2a934362d783a7d8323738427beb3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191106/0269d2a1/attachment.html>
More information about the debian-security-tracker-commits
mailing list