[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 28 20:10:39 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb58783f by security tracker role at 2019-10-28T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,513 @@
+CVE-2020-0600
+ RESERVED
+CVE-2020-0599
+ RESERVED
+CVE-2020-0598
+ RESERVED
+CVE-2020-0597
+ RESERVED
+CVE-2020-0596
+ RESERVED
+CVE-2020-0595
+ RESERVED
+CVE-2020-0594
+ RESERVED
+CVE-2020-0593
+ RESERVED
+CVE-2020-0592
+ RESERVED
+CVE-2020-0591
+ RESERVED
+CVE-2020-0590
+ RESERVED
+CVE-2020-0589
+ RESERVED
+CVE-2020-0588
+ RESERVED
+CVE-2020-0587
+ RESERVED
+CVE-2020-0586
+ RESERVED
+CVE-2020-0585
+ RESERVED
+CVE-2020-0584
+ RESERVED
+CVE-2020-0583
+ RESERVED
+CVE-2020-0582
+ RESERVED
+CVE-2020-0581
+ RESERVED
+CVE-2020-0580
+ RESERVED
+CVE-2020-0579
+ RESERVED
+CVE-2020-0578
+ RESERVED
+CVE-2020-0577
+ RESERVED
+CVE-2020-0576
+ RESERVED
+CVE-2020-0575
+ RESERVED
+CVE-2020-0574
+ RESERVED
+CVE-2020-0573
+ RESERVED
+CVE-2020-0572
+ RESERVED
+CVE-2020-0571
+ RESERVED
+CVE-2020-0570
+ RESERVED
+CVE-2020-0569
+ RESERVED
+CVE-2020-0568
+ RESERVED
+CVE-2020-0567
+ RESERVED
+CVE-2020-0566
+ RESERVED
+CVE-2020-0565
+ RESERVED
+CVE-2020-0564
+ RESERVED
+CVE-2020-0563
+ RESERVED
+CVE-2020-0562
+ RESERVED
+CVE-2020-0561
+ RESERVED
+CVE-2020-0560
+ RESERVED
+CVE-2020-0559
+ RESERVED
+CVE-2020-0558
+ RESERVED
+CVE-2020-0557
+ RESERVED
+CVE-2020-0556
+ RESERVED
+CVE-2020-0555
+ RESERVED
+CVE-2020-0554
+ RESERVED
+CVE-2020-0553
+ RESERVED
+CVE-2020-0552
+ RESERVED
+CVE-2020-0551
+ RESERVED
+CVE-2020-0550
+ RESERVED
+CVE-2020-0549
+ RESERVED
+CVE-2020-0548
+ RESERVED
+CVE-2020-0547
+ RESERVED
+CVE-2020-0546
+ RESERVED
+CVE-2020-0545
+ RESERVED
+CVE-2020-0544
+ RESERVED
+CVE-2020-0543
+ RESERVED
+CVE-2020-0542
+ RESERVED
+CVE-2020-0541
+ RESERVED
+CVE-2020-0540
+ RESERVED
+CVE-2020-0539
+ RESERVED
+CVE-2020-0538
+ RESERVED
+CVE-2020-0537
+ RESERVED
+CVE-2020-0536
+ RESERVED
+CVE-2020-0535
+ RESERVED
+CVE-2020-0534
+ RESERVED
+CVE-2020-0533
+ RESERVED
+CVE-2020-0532
+ RESERVED
+CVE-2020-0531
+ RESERVED
+CVE-2020-0530
+ RESERVED
+CVE-2020-0529
+ RESERVED
+CVE-2020-0528
+ RESERVED
+CVE-2020-0527
+ RESERVED
+CVE-2020-0526
+ RESERVED
+CVE-2020-0525
+ RESERVED
+CVE-2020-0524
+ RESERVED
+CVE-2020-0523
+ RESERVED
+CVE-2020-0522
+ RESERVED
+CVE-2020-0521
+ RESERVED
+CVE-2020-0520
+ RESERVED
+CVE-2020-0519
+ RESERVED
+CVE-2020-0518
+ RESERVED
+CVE-2020-0517
+ RESERVED
+CVE-2020-0516
+ RESERVED
+CVE-2020-0515
+ RESERVED
+CVE-2020-0514
+ RESERVED
+CVE-2020-0513
+ RESERVED
+CVE-2020-0512
+ RESERVED
+CVE-2020-0511
+ RESERVED
+CVE-2020-0510
+ RESERVED
+CVE-2020-0509
+ RESERVED
+CVE-2020-0508
+ RESERVED
+CVE-2020-0507
+ RESERVED
+CVE-2020-0506
+ RESERVED
+CVE-2020-0505
+ RESERVED
+CVE-2020-0504
+ RESERVED
+CVE-2020-0503
+ RESERVED
+CVE-2020-0502
+ RESERVED
+CVE-2020-0501
+ RESERVED
+CVE-2019-18570
+ RESERVED
+CVE-2019-18569
+ RESERVED
+CVE-2019-18568
+ RESERVED
+CVE-2019-18567
+ RESERVED
+CVE-2019-18566
+ REJECTED
+ TODO: check
+CVE-2019-18565
+ REJECTED
+ TODO: check
+CVE-2019-18564
+ REJECTED
+ TODO: check
+CVE-2019-18563
+ REJECTED
+ TODO: check
+CVE-2019-18562
+ REJECTED
+ TODO: check
+CVE-2019-18561
+ REJECTED
+ TODO: check
+CVE-2019-18560
+ REJECTED
+ TODO: check
+CVE-2019-18559
+ REJECTED
+ TODO: check
+CVE-2019-18558
+ REJECTED
+ TODO: check
+CVE-2019-18557
+ REJECTED
+ TODO: check
+CVE-2019-18556
+ REJECTED
+ TODO: check
+CVE-2019-18555
+ REJECTED
+ TODO: check
+CVE-2019-18554
+ REJECTED
+ TODO: check
+CVE-2019-18553
+ REJECTED
+ TODO: check
+CVE-2019-18552
+ REJECTED
+ TODO: check
+CVE-2019-18551
+ REJECTED
+ TODO: check
+CVE-2019-18550
+ REJECTED
+ TODO: check
+CVE-2019-18549
+ REJECTED
+ TODO: check
+CVE-2019-18548
+ REJECTED
+ TODO: check
+CVE-2019-18547
+ REJECTED
+ TODO: check
+CVE-2019-18546
+ REJECTED
+ TODO: check
+CVE-2019-18545
+ REJECTED
+ TODO: check
+CVE-2019-18544
+ REJECTED
+ TODO: check
+CVE-2019-18543
+ REJECTED
+ TODO: check
+CVE-2019-18542
+ REJECTED
+ TODO: check
+CVE-2019-18541
+ REJECTED
+ TODO: check
+CVE-2019-18540
+ REJECTED
+ TODO: check
+CVE-2019-18539
+ REJECTED
+ TODO: check
+CVE-2019-18538
+ REJECTED
+ TODO: check
+CVE-2019-18537
+ REJECTED
+ TODO: check
+CVE-2019-18536
+ REJECTED
+ TODO: check
+CVE-2019-18535
+ REJECTED
+ TODO: check
+CVE-2019-18534
+ REJECTED
+ TODO: check
+CVE-2019-18533
+ REJECTED
+ TODO: check
+CVE-2019-18532
+ REJECTED
+ TODO: check
+CVE-2019-18531
+ REJECTED
+ TODO: check
+CVE-2019-18530
+ REJECTED
+ TODO: check
+CVE-2019-18529
+ REJECTED
+ TODO: check
+CVE-2019-18528
+ REJECTED
+ TODO: check
+CVE-2019-18527
+ REJECTED
+ TODO: check
+CVE-2019-18526
+ REJECTED
+ TODO: check
+CVE-2019-18525
+ REJECTED
+ TODO: check
+CVE-2019-18524
+ REJECTED
+ TODO: check
+CVE-2019-18523
+ REJECTED
+ TODO: check
+CVE-2019-18522
+ REJECTED
+ TODO: check
+CVE-2019-18521
+ REJECTED
+ TODO: check
+CVE-2019-18520
+ REJECTED
+ TODO: check
+CVE-2019-18519
+ REJECTED
+ TODO: check
+CVE-2019-18518
+ REJECTED
+ TODO: check
+CVE-2019-18517
+ REJECTED
+ TODO: check
+CVE-2019-18516
+ REJECTED
+ TODO: check
+CVE-2019-18515
+ REJECTED
+ TODO: check
+CVE-2019-18514
+ REJECTED
+ TODO: check
+CVE-2019-18513
+ REJECTED
+ TODO: check
+CVE-2019-18512
+ REJECTED
+ TODO: check
+CVE-2019-18511
+ REJECTED
+ TODO: check
+CVE-2019-18510
+ REJECTED
+ TODO: check
+CVE-2019-18509
+ REJECTED
+ TODO: check
+CVE-2019-18508
+ REJECTED
+ TODO: check
+CVE-2019-18507
+ REJECTED
+ TODO: check
+CVE-2019-18506
+ REJECTED
+ TODO: check
+CVE-2019-18505
+ REJECTED
+ TODO: check
+CVE-2019-18504
+ REJECTED
+ TODO: check
+CVE-2019-18503
+ REJECTED
+ TODO: check
+CVE-2019-18502
+ REJECTED
+ TODO: check
+CVE-2019-18501
+ REJECTED
+ TODO: check
+CVE-2019-18500
+ REJECTED
+ TODO: check
+CVE-2019-18499
+ REJECTED
+ TODO: check
+CVE-2019-18498
+ REJECTED
+ TODO: check
+CVE-2019-18497
+ REJECTED
+ TODO: check
+CVE-2019-18496
+ REJECTED
+ TODO: check
+CVE-2019-18495
+ REJECTED
+ TODO: check
+CVE-2019-18494
+ REJECTED
+ TODO: check
+CVE-2019-18493
+ REJECTED
+ TODO: check
+CVE-2019-18492
+ REJECTED
+ TODO: check
+CVE-2019-18491
+ REJECTED
+ TODO: check
+CVE-2019-18490
+ REJECTED
+ TODO: check
+CVE-2019-18489
+ REJECTED
+ TODO: check
+CVE-2019-18488
+ REJECTED
+ TODO: check
+CVE-2019-18487
+ REJECTED
+ TODO: check
+CVE-2019-18486
+ REJECTED
+ TODO: check
+CVE-2019-18485
+ REJECTED
+ TODO: check
+CVE-2019-18484
+ REJECTED
+ TODO: check
+CVE-2019-18483
+ REJECTED
+ TODO: check
+CVE-2019-18482
+ REJECTED
+ TODO: check
+CVE-2019-18481
+ REJECTED
+ TODO: check
+CVE-2019-18480
+ REJECTED
+ TODO: check
+CVE-2019-18479
+ REJECTED
+ TODO: check
+CVE-2019-18478
+ REJECTED
+ TODO: check
+CVE-2019-18477
+ REJECTED
+ TODO: check
+CVE-2019-18476
+ REJECTED
+ TODO: check
+CVE-2019-18475
+ REJECTED
+ TODO: check
+CVE-2019-18474
+ REJECTED
+ TODO: check
+CVE-2019-18473
+ REJECTED
+ TODO: check
+CVE-2019-18472
+ REJECTED
+ TODO: check
+CVE-2019-18471
+ REJECTED
+ TODO: check
+CVE-2019-18470
+ REJECTED
+ TODO: check
+CVE-2019-18469
+ REJECTED
+ TODO: check
+CVE-2019-18468
+ REJECTED
+ TODO: check
+CVE-2019-18467
+ REJECTED
+ TODO: check
+CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It resolves ...)
+ TODO: check
CVE-2019-XXXX [database server crash from unserialized data access]
- openafs 1.8.5-1 (bug #943587)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
@@ -584,8 +1094,8 @@ CVE-2019-18198 (In the Linux kernel before 5.3.4, a reference count usage error
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26
NOTE: https://launchpad.net/bugs/1847478
-CVE-2019-18195
- RESERVED
+CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal u ...)
+ TODO: check
CVE-2019-18194
RESERVED
CVE-2019-18193
@@ -3860,8 +4370,8 @@ CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin >
NOT-FOR-US: CMS Made Simple
CVE-2019-17225 (Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, o ...)
NOT-FOR-US: Subrion CMS
-CVE-2019-17224
- RESERVED
+CVE-2019-17224 (The web interface of the Compal Broadband CH7465LG modem (version CH74 ...)
+ TODO: check
CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 v ...)
- dolibarr <removed>
CVE-2019-17222
@@ -3948,8 +4458,8 @@ CVE-2019-17183 (Foxit Reader before 9.7 allows an Access Violation and crash if
NOT-FOR-US: Foxit Reader
CVE-2019-17182
RESERVED
-CVE-2019-17181
- RESERVED
+CVE-2019-17181 (A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007 ...)
+ TODO: check
CVE-2019-17180 (Valve Steam Client before 2019-09-12 allows placing or appending parti ...)
NOT-FOR-US: Steam on Windows
CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5 ...)
@@ -4624,8 +5134,8 @@ CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulti
NOT-FOR-US: Advantech
CVE-2019-16898
RESERVED
-CVE-2019-16897
- RESERVED
+CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security ...)
+ TODO: check
CVE-2019-16896
RESERVED
CVE-2019-16895
@@ -5249,10 +5759,10 @@ CVE-2019-16665 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the
NOT-FOR-US: ThinkSAAS
CVE-2019-16664 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the index. ...)
NOT-FOR-US: ThinkSAAS
-CVE-2019-16663
- RESERVED
-CVE-2019-16662
- RESERVED
+CVE-2019-16663 (An issue was discovered in rConfig 3.9.2. An attacker can directly exe ...)
+ TODO: check
+CVE-2019-16662 (An issue was discovered in rConfig 3.9.2. An attacker can directly exe ...)
+ TODO: check
CVE-2019-16661 (Ogma CMS 0.5 has XSS via creation of a new blog. ...)
NOT-FOR-US: Ogma CMS
CVE-2019-16660 (joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CS ...)
@@ -6306,7 +6816,7 @@ CVE-2019-16267
RESERVED
CVE-2019-16266
RESERVED
-CVE-2019-16265 (3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow. ...)
+CVE-2019-16265 (CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. ...)
NOT-FOR-US: 3S-Smart CODESYS
CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...)
NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)
@@ -10416,20 +10926,20 @@ CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS.
NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2012-6713 (The job-manager plugin before 0.7.19 for WordPress has multiple XSS is ...)
NOT-FOR-US: job-manager plugin for WordPress
-CVE-2019-14931
- RESERVED
-CVE-2019-14930
- RESERVED
-CVE-2019-14929
- RESERVED
-CVE-2019-14928
- RESERVED
-CVE-2019-14927
- RESERVED
-CVE-2019-14926
- RESERVED
-CVE-2019-14925
- RESERVED
+CVE-2019-14931 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+ TODO: check
+CVE-2019-14930 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+ TODO: check
+CVE-2019-14929 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+ TODO: check
+CVE-2019-14928 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+ TODO: check
+CVE-2019-14927 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+ TODO: check
+CVE-2019-14926 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+ TODO: check
+CVE-2019-14925 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+ TODO: check
CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The method moveI ...)
NOT-FOR-US: GCDWebServer
CVE-2019-14923 (EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharac ...)
@@ -12338,8 +12848,8 @@ CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allo
NOTE: https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4
CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not proper ...)
NOT-FOR-US: Repetier-Server
-CVE-2019-14450
- RESERVED
+CVE-2019-14450 (A directory traversal vulnerability was discovered in RepetierServer.e ...)
+ TODO: check
CVE-2019-14449
RESERVED
CVE-2019-14448
@@ -22476,8 +22986,7 @@ CVE-2019-11045
RESERVED
CVE-2019-11044
RESERVED
-CVE-2019-11043
- RESERVED
+CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...)
{DLA-1970-1}
- php7.3 <unfixed>
- php7.0 <removed>
@@ -25157,6 +25666,7 @@ CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example co
CVE-2019-10080
RESERVED
CVE-2019-10079 (Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...)
+ {DSA-4520-1}
- trafficserver 8.0.5+ds-1
NOTE: https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
CVE-2019-10078 (A carefully crafted plugin link invocation could trigger an XSS vulner ...)
@@ -38007,12 +38517,12 @@ CVE-2019-5540
RESERVED
CVE-2019-5539
RESERVED
-CVE-2019-5538
- RESERVED
-CVE-2019-5537
- RESERVED
-CVE-2019-5536
- RESERVED
+CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a lack o ...)
+ TODO: check
+CVE-2019-5537 (Sensitive information disclosure vulnerability resulting from a lack o ...)
+ TODO: check
+CVE-2019-5536 (VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-20 ...)
+ TODO: check
CVE-2019-5535 (VMware Workstation and Fusion contain a network denial-of-service vuln ...)
NOT-FOR-US: VMware
CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...)
@@ -42300,8 +42810,8 @@ CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators we
NOT-FOR-US: McAfee
CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.20 ...)
NOT-FOR-US: McAfee
-CVE-2019-3636
- RESERVED
+CVE-2019-3636 (A File Masquerade vulnerability in McAfee Total Protection (MTP) versi ...)
+ TODO: check
CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8. ...)
NOT-FOR-US: McAfee
CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
@@ -96903,7 +97413,7 @@ CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel
CVE-2018-3631
RESERVED
CVE-2018-3630 [Logic error in FV parsing in MdeModulePkg\Core\Pei\FwVol\FwVol.c]
- RESERVED
+ REJECTED
- edk2 <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683653
NOTE: Non issue, no security impact
@@ -112068,8 +112578,8 @@ CVE-2017-15727 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (
NOT-FOR-US: phpMyFAQ
CVE-2017-15726
RESERVED
-CVE-2017-15725
- RESERVED
+CVE-2017-15725 (An XML External Entity Injection vulnerability exists in Dzone AnswerH ...)
+ TODO: check
CVE-2017-15724
RESERVED
CVE-2017-15723 (In Irssi before 1.0.5, overlong nicks or targets may result in a NULL ...)
@@ -142883,27 +143393,27 @@ CVE-2017-5737
CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...)
NOT-FOR-US: Intel
CVE-2017-5735
- RESERVED
+ REJECTED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
CVE-2017-5734
- RESERVED
+ REJECTED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
CVE-2017-5733
- RESERVED
+ REJECTED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
CVE-2017-5732
- RESERVED
+ REJECTED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
CVE-2017-5731
- RESERVED
+ REJECTED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
@@ -143181,7 +143691,7 @@ CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2 a
CVE-2017-5679
RESERVED
CVE-2017-5678
- RESERVED
+ REJECTED
CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerab ...)
NOT-FOR-US: PEAR HTML_AJAX
NOTE: http://karmainsecurity.com/KIS-2017-01
@@ -262579,8 +263089,7 @@ CVE-2012-5578 [Python keyring insecure permissions on new databases]
- python-keyring 0.9.2-1.1 (bug #696736)
[wheezy] - python-keyring 0.7.1-1+deb7u1
[squeeze] - python-keyring <no-dsa> (Minor issue)
-CVE-2012-5577 [Python keyring insecure permissions on migrated files]
- RESERVED
+CVE-2012-5577 (Python keyring lib before 0.10 created keyring files with world-readab ...)
- python-keyring 0.9.2-1.1 (bug #696736)
[wheezy] - python-keyring 0.7.1-1+deb7u1
[squeeze] - python-keyring <no-dsa> (Minor issue)
@@ -276452,8 +276961,7 @@ CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php
NOT-FOR-US: WordPress plugin wp-links
CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...)
- wordpress 1.0.1-1
-CVE-2002-2444 [snoopy: Security hole in exec cURL]
- RESERVED
+CVE-2002-2444 (Snoopy 2.0.0-1 has a security hole in exec cURL ...)
- libphp-snoopy <not-affected> (affected version never was in the repo)
NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
NOTE: http://sourceforge.net/p/snoopy/bugs/13/
@@ -293359,8 +293867,7 @@ CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c
- linux-2.6 <not-affected> (changes included since introduction of dom0 support)
CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pf ...)
NOT-FOR-US: pfSense
-CVE-2010-4245
- RESERVED
+CVE-2010-4245 (pootle 2.0.5-0.2 has XSS via 'match_names' parameter ...)
- pootle 2.0.5-0.3 (low; bug #604060)
[lenny] - pootle <not-affected> (Vulnerable code not present)
CVE-2010-4244
@@ -293371,14 +293878,11 @@ CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the O
CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver (drivers/bluetoo ...)
{DSA-2153-1}
- linux-2.6 2.6.32-28
-CVE-2010-4241
- RESERVED
+CVE-2010-4241 (Tiki Wiki CMS Groupware 5.2 has CSRF ...)
- tikiwiki <removed>
-CVE-2010-4240
- RESERVED
+CVE-2010-4240 (Tiki Wiki CMS Groupware 5.2 has XSS ...)
- tikiwiki <removed>
-CVE-2010-4239
- RESERVED
+CVE-2010-4239 (Tiki Wiki CMS Groupware 5.2 has Local File Inclusion ...)
- tikiwiki <removed>
CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on ...)
- linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian)
@@ -295974,8 +296478,7 @@ CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Altern
- php-apc <unfixed> (unimportant)
NOTE: vulnerable script is, mainly, for debugging purposes
NOTE: and is distributed gzip-compressed
-CVE-2010-3293 [mailscanner virus updates DoS]
- RESERVED
+CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...)
- mailscanner <removed> (bug #596397; unimportant)
NOTE: or even unimportant, the script is not used by default
CVE-2010-3292 [mailscanner may use spoofed data]
@@ -298741,12 +299244,10 @@ CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome befor
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/58829
-CVE-2009-4900 [pixelpost XSS]
- RESERVED
+CVE-2009-4900 (pixelpost 1.7.1-5 has XSS ...)
- pixelpost <removed> (bug #597224)
NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
-CVE-2009-4899 [pixelpost SQL injection]
- RESERVED
+CVE-2009-4899 (pixelpost 1.7.1-5 has SQL injection ...)
- pixelpost <removed> (bug #597224)
NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 ...)
@@ -378662,8 +379163,7 @@ CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris,
CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory f ...)
{DSA-744-1}
- fuse 2.3.0-1
-CVE-2005-2349 [Directory traversal in zoo]
- RESERVED
+CVE-2005-2349 (Zoo 2.10-27 has Directory traversal ...)
- zoo 2.10-4 (low; bug #309594)
CVE-2005-2350 [Cross Site Scripting in websieve]
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb58783f55fbad627a6824ac9d9aaf280fd26c22
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb58783f55fbad627a6824ac9d9aaf280fd26c22
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191028/1c5bf62c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list