[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Oct 30 08:10:26 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e39cc841 by security tracker role at 2019-10-30T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5668,6 +5668,7 @@ CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account
 CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
 	NOT-FOR-US: Home Assistant
 CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default enviro ...)
+	{DSA-4555-1}
 	- pam-python 1.0.7-1 (bug #942514)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
 	NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
@@ -17310,7 +17311,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
 	NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
-CVE-2019-13116 (The MuleSoft Mule runtime engine before 3.8 allows remote attackers to ...)
+CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 allows r ...)
 	NOT-FOR-US: MuleSoft Mule
 CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
 	{DLA-1730-3}
@@ -31695,8 +31696,8 @@ CVE-2019-8237 (Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 201
 	NOT-FOR-US: Adobe
 CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier versions  ...)
 	NOT-FOR-US: Adobe
-CVE-2019-8235
-	RESERVED
+CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...)
+	TODO: check
 CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...)
 	NOT-FOR-US: Adobe
 CVE-2019-8233
@@ -54901,8 +54902,8 @@ CVE-2018-19153
 	RESERVED
 CVE-2018-19152
 	RESERVED
-CVE-2018-19151
-	RESERVED
+CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows ...)
+	TODO: check
 CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...)
 	NOT-FOR-US: pdfforge PDF Architect
 CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...)
@@ -55448,12 +55449,12 @@ CVE-2018-18933 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in Foxit
 	NOT-FOR-US: Foxit Reader
 CVE-2018-18932
 	RESERVED
-CVE-2018-18931
-	RESERVED
-CVE-2018-18930
-	RESERVED
-CVE-2018-18929
-	RESERVED
+CVE-2018-18931 (An issue was discovered in the Tightrope Media Carousel digital signag ...)
+	TODO: check
+CVE-2018-18930 (The Tightrope Media Carousel digital signage product 7.0.4.104 contain ...)
+	TODO: check
+CVE-2018-18929 (The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4. ...)
+	TODO: check
 CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has an integ ...)
 	- icu 63.1-3
 	[stretch] - icu <not-affected> (Vulnerable code not present)
@@ -275865,8 +275866,7 @@ CVE-2012-0696 (Multiple cross-site scripting (XSS) vulnerabilities in the Execut
 	NOT-FOR-US: IBM Cognos
 CVE-2012-0695 (Multiple unspecified vulnerabilities in Google Chrome before 17.0.963. ...)
 	NOT-FOR-US: Google Chrome books
-CVE-2012-0694 [SugarCRM CE unserialize PHP code execution in multiple files]
-	RESERVED
+CVE-2012-0694 (SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with ...)
 	- sugarcrm-ce-5.0 <itp> (bug #457876)
 	NOTE: http://seclists.org/bugtraq/2012/Jun/165
 CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 al ...)
@@ -288561,8 +288561,7 @@ CVE-2011-1410
 CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly othe ...)
 	{DSA-2259-1}
 	- fex 20110610-1
-CVE-2011-1408 [ikiwiki tty hijacking vulnerability]
-	RESERVED
+CVE-2011-1408 (ikiwiki before 3.20110608 allows remote attackers to hijack root's tty ...)
 	- ikiwiki 3.20110608 (low)
 	[squeeze] - ikiwiki <no-dsa> (Minor issue)
 CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for  ...)
@@ -299875,8 +299874,7 @@ CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3
 	[lenny] - tiff <not-affected> (Only affects 3.9.x)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
-CVE-2010-2064
-	RESERVED
+CVE-2010-2064 (rpcbind 0.2.0 allows local users to write to arbitrary files or gain p ...)
 	- rpcbind 0.2.0-4.1
 	NOTE: This version changed the state directory to /var/run/rpcbind, which is only writable by root
 CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the chai ...)
@@ -299893,8 +299891,7 @@ CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, a
 	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
 	NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
 	NOTE: DSA-2043 and DSA-2044
-CVE-2010-2061
-	RESERVED
+CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2)  ...)
 	- rpcbind 0.2.0-4.1
 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows r ...)
 	- beanstalkd 1.4.6-1 (unimportant; bug #585162)
@@ -300958,8 +300955,7 @@ CVE-2010-1680
 CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before 1.14.3 ...)
 	{DSA-2142-1}
 	- dpkg 1.15.8.8
-CVE-2010-1678
-	RESERVED
+CVE-2010-1678 (Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol  ...)
 	- mapserver 5.6.5-2
 	NOTE: http://trac.osgeo.org/mapserver/ticket/3641
 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (C ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e39cc841393e49eb77e27d652f2b1e3e91c71149

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e39cc841393e49eb77e27d652f2b1e3e91c71149
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191030/834a9bd6/attachment.html>

More information about the debian-security-tracker-commits mailing list