[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Nov 14 08:10:27 GMT 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc996581 by security tracker role at 2019-11-14T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-18959
+	RESERVED
+CVE-2019-18958
+	RESERVED
+CVE-2019-18957
+	RESERVED
+CVE-2019-18956
+	RESERVED
+CVE-2019-18955
+	RESERVED
+CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...)
+	TODO: check
+CVE-2019-18953
+	RESERVED
+CVE-2019-18952 (SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary fil ...)
+	TODO: check
+CVE-2019-18951 (SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directo ...)
+	TODO: check
+CVE-2019-18950
+	RESERVED
+CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaSc ...)
+	TODO: check
+CVE-2019-18948
+	RESERVED
 CVE-2019-18947
 	RESERVED
 CVE-2019-18946
@@ -46,8 +70,8 @@ CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be acce
 	NOT-FOR-US: Systematic IRIS WebForms
 CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By  ...)
 	NOT-FOR-US: Systematic IRIS WebForms
-CVE-2019-18923
-	RESERVED
+CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...)
+	TODO: check
 CVE-2019-18922
 	RESERVED
 CVE-2019-18921
@@ -137,10 +161,10 @@ CVE-2019-18886 [Prevent user enumeration using switch user functionality]
 	NOTE: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332
 CVE-2019-18885
 	RESERVED
-CVE-2019-18884
-	RESERVED
-CVE-2019-18883
-	RESERVED
+CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate Project Manage ...)
+	TODO: check
+CVE-2019-18883 (XSS exists in Lavalite CMS 5.7 via the admin/profile name or designati ...)
+	TODO: check
 CVE-2019-18882 (WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.ja ...)
 	NOT-FOR-US: WSO2 IS
 CVE-2019-18881 (WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in t ...)
@@ -222,8 +246,8 @@ CVE-2019-18846
 	RESERVED
 CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1  ...)
 	NOT-FOR-US: Patriot Viper RGB
-CVE-2019-18844
-	RESERVED
+CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on assert cal ...)
+	TODO: check
 CVE-2019-18843
 	RESERVED
 CVE-2019-18842
@@ -240,8 +264,8 @@ CVE-2019-18839 (FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parame
 	TODO: check
 CVE-2019-18838
 	RESERVED
-CVE-2019-18837
-	RESERVED
+CVE-2019-18837 (An issue was discovered in crun before 0.10.5. With a crafted image, i ...)
+	TODO: check
 CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...)
@@ -366,8 +390,8 @@ CVE-2019-18795
 	RESERVED
 CVE-2019-18794
 	RESERVED
-CVE-2019-18793
-	RESERVED
+CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...)
+	TODO: check
 CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter :  ...)
 	NOT-FOR-US: Progress Sitefinity CMS
 CVE-2019-18792
@@ -3983,8 +4007,8 @@ CVE-2019-18242
 	RESERVED
 CVE-2019-18241
 	RESERVED
-CVE-2019-18240
-	RESERVED
+CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...)
+	TODO: check
 CVE-2019-18239
 	RESERVED
 CVE-2019-18238
@@ -6447,8 +6471,8 @@ CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a s
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an atta ...)
 	NOT-FOR-US: Apak Wholesale Floorplanning Finance
-CVE-2019-17550
-	RESERVED
+CVE-2019-17550 (The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cros ...)
+	TODO: check
 CVE-2019-17549
 	RESERVED
 CVE-2019-17548
@@ -6664,8 +6688,8 @@ CVE-2019-17517
 	RESERVED
 CVE-2019-17516
 	RESERVED
-CVE-2019-17515
-	RESERVED
+CVE-2019-17515 (The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPre ...)
+	TODO: check
 CVE-2019-17514 (library/glob.html in the Python 2 and 3 documentation before 2016 has  ...)
 	NOT-FOR-US: Non-actionable CVE assignment for Python docs
 CVE-2019-17513 (An issue was discovered in Ratpack before 1.7.5. Due to a misuse of th ...)
@@ -8347,8 +8371,8 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe
 	NOTE: https://github.com/python-pillow/Pillow/pull/4104
 CVE-2019-16864
 	RESERVED
-CVE-2019-16863
-	RESERVED
+CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...)
+	TODO: check
 CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)
 	NOT-FOR-US: OpenEMR
 CVE-2019-16861
@@ -19269,8 +19293,8 @@ CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there
 	NOT-FOR-US: Tasy
 CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...)
 	NOT-FOR-US: WebAccess
-CVE-2019-13555
-	RESERVED
+CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...)
+	TODO: check
 CVE-2019-13554
 	RESERVED
 CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
@@ -31654,11 +31678,9 @@ CVE-2019-9469
 	RESERVED
 CVE-2019-9468
 	RESERVED
-CVE-2019-9467
-	RESERVED
+CVE-2019-9467 (In the Bootloader, there is a possible kernel command injection due to ...)
 	NOT-FOR-US: LG components for Android
-CVE-2019-9466
-	RESERVED
+CVE-2019-9466 (In the Broadcom Wi-Fi driver, there is a possible out of bounds write  ...)
 	- linux 4.19.37-4
 	[stretch] - linux 4.9.168-1+deb9u3
 	[jessie] - linux 3.16.68-1
@@ -43102,8 +43124,8 @@ CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the Java
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint document conv ...)
 	NOT-FOR-US: Rainbow PDF Office Server Document Converter
-CVE-2019-5029
-	RESERVED
+CVE-2019-5029 (An exploitable command injection vulnerability exists in the Config ed ...)
+	TODO: check
 CVE-2019-5028
 	REJECTED
 CVE-2019-5027
@@ -46172,14 +46194,14 @@ CVE-2019-3665
 	RESERVED
 CVE-2019-3664
 	RESERVED
-CVE-2019-3663
-	RESERVED
-CVE-2019-3662
-	RESERVED
-CVE-2019-3661
-	RESERVED
-CVE-2019-3660
-	RESERVED
+CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...)
+	TODO: check
+CVE-2019-3662 (Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Adva ...)
+	TODO: check
+CVE-2019-3661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2019-3660 (Improper Neutralization of HTTP requests in McAfee Advanced Threat Def ...)
+	TODO: check
 CVE-2019-3659
 	RESERVED
 CVE-2019-3658
@@ -46196,12 +46218,12 @@ CVE-2019-3653 (Improper access control vulnerability in Configuration tool in Mc
 	NOT-FOR-US: McAfee Endpoint Security (ENS)
 CVE-2019-3652 (Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Securit ...)
 	NOT-FOR-US: McAfee Endpoint Security (ENS)
-CVE-2019-3651
-	RESERVED
-CVE-2019-3650
-	RESERVED
-CVE-2019-3649
-	RESERVED
+CVE-2019-3651 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
+	TODO: check
+CVE-2019-3650 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
+	TODO: check
+CVE-2019-3649 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
+	TODO: check
 CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows client i ...)
 	NOT-FOR-US: McAfee Total Protection
 CVE-2019-3647
@@ -46218,8 +46240,8 @@ CVE-2019-3642
 	RESERVED
 CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE server in  ...)
 	NOT-FOR-US: McAfee
-CVE-2019-3640
-	RESERVED
+CVE-2019-3640 (Unprotected Transport of Credentials in ePO extension in McAfee Data L ...)
+	TODO: check
 CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators web con ...)
@@ -46791,8 +46813,8 @@ CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab r
 	NOT-FOR-US: ZTE
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
 	NOT-FOR-US: ZTE
-CVE-2019-3420
-	RESERVED
+CVE-2019-3420 (The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by ...)
+	TODO: check
 CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
@@ -51435,8 +51457,7 @@ CVE-2019-2212 (In poisson_distribution of random, there is an out of bounds read
 	NOTE: https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a
 CVE-2019-2211 (In createProjectionMapForQuery of TvProvider.java, there is possible S ...)
 	NOT-FOR-US: Android
-CVE-2019-2210
-	RESERVED
+CVE-2019-2210 (In load_logging_config of qmi_vs_service.cc, there is a possible out o ...)
 	NOT-FOR-US: Android
 CVE-2019-2209 (In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds  ...)
 	NOT-FOR-US: Android
@@ -56507,36 +56528,36 @@ CVE-2019-0398
 	RESERVED
 CVE-2019-0397
 	RESERVED
-CVE-2019-0396
-	RESERVED
+CVE-2019-0396 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
+	TODO: check
 CVE-2019-0395
 	RESERVED
 CVE-2019-0394
 	RESERVED
-CVE-2019-0393
-	RESERVED
+CVE-2019-0393 (An SQL Injection vulnerability in SAP Quality Management (corrected in ...)
+	TODO: check
 CVE-2019-0392
 	RESERVED
-CVE-2019-0391
-	RESERVED
-CVE-2019-0390
-	RESERVED
-CVE-2019-0389
-	RESERVED
-CVE-2019-0388
-	RESERVED
+CVE-2019-0391 (Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.2 ...)
+	TODO: check
+CVE-2019-0390 (Under certain conditions SAP Data Hub (corrected in DH_Foundation vers ...)
+	TODO: check
+CVE-2019-0389 (An administrator of SAP NetWeaver Application Server Java (J2EE-Framew ...)
+	TODO: check
+CVE-2019-0388 (SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7. ...)
+	TODO: check
 CVE-2019-0387
 	RESERVED
-CVE-2019-0386
-	RESERVED
-CVE-2019-0385
-	RESERVED
+CVE-2019-0386 (Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6. ...)
+	TODO: check
+CVE-2019-0385 (SAP Enable Now, before version 1908, does not sufficiently encode user ...)
+	TODO: check
 CVE-2019-0384
 	RESERVED
 CVE-2019-0383
 	RESERVED
-CVE-2019-0382
-	RESERVED
+CVE-2019-0382 (A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Bus ...)
+	TODO: check
 CVE-2019-0381 (A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, be ...)
 	NOT-FOR-US: SAP
 CVE-2019-0380 (Under certain conditions, SAP Landscape Management enterprise edition, ...)
@@ -241474,8 +241495,7 @@ CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attac
 	NOT-FOR-US: Fitnesse Wiki
 CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build 508 allo ...)
 	NOT-FOR-US: Core FTP Server
-CVE-2014-1214
-	RESERVED
+CVE-2014-1214 (views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component ...)
 	NOT-FOR-US: Projoom NovaSFH Plugin
 CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9. ...)
 	NOT-FOR-US: Sophos Anti Virus
@@ -252270,8 +252290,7 @@ CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or l
 	[squeeze] - lcms <no-dsa> (Minor issue)
 	[wheezy] - lcms 1.19.dfsg2-1.2+deb7u1
 	- lcms2 <not-affected> (Vulnerable code not present)
-CVE-2013-4275
-	RESERVED
+CVE-2013-4275 (Cross-site scripting (XSS) vulnerability in the zen_breadcrumb functio ...)
 	NOT-FOR-US: Drupal contributed module Zen
 CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the password_policy_admin_ ...)
 	NOT-FOR-US: Drupal addon
@@ -254255,8 +254274,8 @@ CVE-2013-3518
 	RESERVED
 CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR35 ...)
 	NOT-FOR-US: NETGEAR
-CVE-2013-3516
-	RESERVED
+CVE-2013-3516 (NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely o ...)
+	TODO: check
 CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2. ...)
 	NOT-FOR-US: OpenX
 CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 re ...)
@@ -254568,10 +254587,10 @@ CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x befo
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
-CVE-2013-3367
-	RESERVED
-CVE-2013-3366
-	RESERVED
+CVE-2013-3367 (Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a ...)
+	TODO: check
+CVE-2013-3366 (Undocumented TELNET service in TRENDnet TEW-812DRU when a web page nam ...)
+	TODO: check
 CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to execut ...)
 	NOT-FOR-US: TRENDnet TEW-812DRU router
 CVE-2013-3364
@@ -255167,8 +255186,8 @@ CVE-2013-3099
 	RESERVED
 CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...)
 	NOT-FOR-US: TRENDnet TEW-812DRU router
-CVE-2013-3097
-	RESERVED
+CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...)
+	TODO: check
 CVE-2013-3096
 	RESERVED
 CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
@@ -267455,8 +267474,8 @@ CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util
 	- perl 5.14.2-14 (bug #689314)
 CVE-2012-5194
 	RESERVED
-CVE-2012-5193
-	RESERVED
+CVE-2012-5193 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 ...)
+	TODO: check
 CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bitweave ...)
 	NOT-FOR-US: Bitweaver
 CVE-2012-5191
@@ -274934,8 +274953,7 @@ CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yera
 	- claws-mail 3.11.1-2 (bug #771360)
 	[squeeze] - claws-mail <not-affected> (In Squeeze, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
 	[wheezy] - claws-mail <not-affected> (In Wheezy, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
-CVE-2010-5108 [Trac Ticket Modification Workflow Permission Restriction Bypass]
-	RESERVED
+CVE-2010-5108 (Trac 0.11.6 does not properly check workflow permissions before modify ...)
 	- trac 0.11.7-1 (bug #573260)
 CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...)
 	- openssh 1:6.0p1-4 (low; bug #700102)
@@ -280668,8 +280686,7 @@ CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remot
 	NOTE: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html
 	NOTE: https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1017197
-CVE-2011-4972 [CKEditor module for Drupal access bypass]
-	RESERVED
+CVE-2011-4972 (hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not  ...)
 	NOT-FOR-US: Drupal module
 CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ( ...)
 	{DSA-2832-1}
@@ -286694,8 +286711,7 @@ CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authentica
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f
-CVE-2010-4817 [overwriting of arbitrary file via symlinks]
-	RESERVED
+CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. ...)
 	- pithos 0.3.5-1
 CVE-2010-4816
 	RESERVED
@@ -290296,8 +290312,7 @@ CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpe
 	- libav 4:0.6.2-3 (bug #624339)
 	- ffmpeg <not-affected> (vulnerability introduced in 0.6)
 	- ffmpeg-debian <not-affected> (vulnerability introduced in 0.6)
-CVE-2011-1930
-	RESERVED
+CVE-2011-1930 (In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /t ...)
 	- klibc 1.5.22-1 (low)
 	[squeeze] - klibc 1.5.20-1+squeeze1
 	[lenny] - klibc 1.5.12-2lenny1
@@ -291260,8 +291275,7 @@ CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x
 CVE-2011-1589 (Directory traversal vulnerability in Path.pm in Mojolicious before 1.1 ...)
 	{DSA-2221-1}
 	- libmojolicious-perl 1.16-1
-CVE-2011-1588
-	RESERVED
+CVE-2011-1588 (Thunar 1.2 through 1.2.1 could crash when copy and pasting a file name ...)
 	- thunar <not-affected> (Introduced in 1.2, only in experimental)
 	NOTE: http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
 CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, w ...)
@@ -291600,18 +291614,15 @@ CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not
 CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly han ...)
 	- roundcube 0.5.1-1 (low)
 	[squeeze] - roundcube <no-dsa> (Minor issue)
-CVE-2011-1490
-	RESERVED
+CVE-2011-1490 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
 	- rsyslog 5.7.6-1 (low)
 	[squeeze] - rsyslog <no-dsa> (Minor issue)
 	[lenny] - rsyslog <no-dsa> (Minor issue)
-CVE-2011-1489
-	RESERVED
+CVE-2011-1489 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
 	- rsyslog 5.7.6-1 (low)
 	[squeeze] - rsyslog <no-dsa> (Minor issue)
 	[lenny] - rsyslog <no-dsa> (Minor issue)
-CVE-2011-1488
-	RESERVED
+CVE-2011-1488 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
 	- rsyslog 5.7.6-1 (low)
 	[squeeze] - rsyslog <no-dsa> (Minor issue)
 	[lenny] - rsyslog <no-dsa> (Minor issue)
@@ -292652,8 +292663,7 @@ CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly r
 	- libvirt 0.8.8-3 (low; bug #617773)
 	[lenny] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
-CVE-2011-1145 [buffer overflow in unixODBC's SQLDriverConnect()]
-	RESERVED
+CVE-2011-1145 (The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a pos ...)
 	- unixodbc 2.2.14p2-3 (low; bug #617655)
 	[squeeze] - unixodbc <no-dsa> (Only exploitable through a malicious server)
 	[lenny] - unixodbc <no-dsa> (Only exploitable through a malicious server)
@@ -292927,8 +292937,7 @@ CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded
 	- glibc 2.11.2-12
 	- eglibc 2.11.2-12 (bug #615120)
 	[squeeze] - eglibc 2.11.3-2
-CVE-2011-1070
-	RESERVED
+CVE-2011-1070 (v86d before 0.1.10 do not verify if received netlink messages are sent ...)
 	- v86d 0.1.10-1 (low; bug #619404)
 	[squeeze] - v86d 0.1.9-1+squeeze1
 	[lenny] - v86d 0.1.5.2-1+lenny1
@@ -293783,8 +293792,7 @@ CVE-2011-XXXX [php-gettext XSS]
 	- php-gettext <unfixed> (unimportant)
 	NOTE: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html
 	NOTE: Vulnerable code only in examples/
-CVE-2011-1136 [tesseract tempfile]
-	RESERVED
+CVE-2011-1136 (In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user  ...)
 	- tesseract 2.04-2.1 (low; bug #612032)
 	[squeeze] - tesseract 2.04-2+squeeze1
 	[lenny] - tesseract 2.03-2+lenny1 (bug #612032)
@@ -294432,8 +294440,7 @@ CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not
 	NOT-FOR-US: Symantec Backup Exec
 CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in Syman ...)
 	NOT-FOR-US: Symantec LiveUpdate Administrator
-CVE-2011-0544
-	RESERVED
+CVE-2011-0544 (phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. ...)
 	- phpbb3 3.0.7-PL1-5 (low; bug #612477)
 	[squeeze] - phpbb3 <no-dsa> (Minor issue)
 CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier,  ...)
@@ -295229,8 +295236,7 @@ CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in t
 	{DSA-2552-1}
 	- tiff <not-affected> (vulnerable code not present)
 	- tiff3 3.9.5
-CVE-2010-4664
-	RESERVED
+CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restriction by ...)
 	- consolekit 0.4.2-1 (low)
 	[squeeze] - consolekit <no-dsa> (Minor issue)
 CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...)
@@ -295238,8 +295244,7 @@ CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (
 CVE-2010-4662
 	RESERVED
 	NOT-FOR-US: pmwiki
-CVE-2010-4661 [arbitrary kernel module loading]
-	RESERVED
+CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...)
 	- udisks 1.0.3-1
 	[squeeze] - udisks <no-dsa> (Minor issue)
 	NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
@@ -295253,8 +295258,7 @@ CVE-2010-4659
 CVE-2010-4658
 	RESERVED
 	- statusnet <itp> (bug #491723)
-CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure]
-	RESERVED
+CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...)
 	- php5 5.4.4-1 (low)
 	[squeeze] - php5 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
@@ -295268,16 +295272,14 @@ CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in t
 CVE-2010-4655 (net/core/ethtool.c in the Linux kernel before 2.6.36 does not initiali ...)
 	{DSA-2264-1}
 	- linux-2.6 2.6.32-27
-CVE-2010-4654 [Malformed commands may cause corruption of the internal stack]
-	RESERVED
+CVE-2010-4654 (poppler before 0.16.3 has malformed commands that may cause corruption ...)
 	- kdegraphics <not-affected> (no stackheight)
 	- xpdf <not-affected> (no stackheight)
 	- poppler 0.16.3-1
 	[lenny] - poppler <not-affected> (stackheights introduced after 0.12)
 	[squeeze] - poppler <not-affected> (stackheights introduced after 0.12)
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
-CVE-2010-4653 [integer overflow when parsing CharCodes for fonts]
-	RESERVED
+CVE-2010-4653 (An integer overflow condition in poppler before 0.16.3 can occur when  ...)
 	- kdegraphics 4:4.0.0-1
 	- xpdf 3.02-9
 	- poppler 0.16.3-1 (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc9965813b939ff44932e918022b25010ef971e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc9965813b939ff44932e918022b25010ef971e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191114/26fd9ccd/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list