diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-10-30 08:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-10-30 08:10:14 +0000 |
commit | 4e5bcefbe8e2e0e66f3d4fac0f7a756c6fc02df6 (patch) | |
tree | 5fbf537cc65840d331c28e7f2da85421d5b11869 | |
parent | 967f9c3975fce1db39ada22611258a783bfeeeff (diff) |
automatic update
-rw-r--r-- | data/CVE/2010.list | 9 | ||||
-rw-r--r-- | data/CVE/2011.list | 3 | ||||
-rw-r--r-- | data/CVE/2012.list | 3 | ||||
-rw-r--r-- | data/CVE/2018.list | 16 | ||||
-rw-r--r-- | data/CVE/2019.list | 7 |
5 files changed, 17 insertions, 21 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 9afb592776..da774617ba 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -8292,8 +8292,7 @@ CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 [lenny] - tiff <not-affected> (Only affects 3.9.x) NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145 NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565 -CVE-2010-2064 - RESERVED +CVE-2010-2064 (rpcbind 0.2.0 allows local users to write to arbitrary files or gain p ...) - rpcbind 0.2.0-4.1 NOTE: This version changed the state directory to /var/run/rpcbind, which is only writable by root CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the chai ...) @@ -8310,8 +8309,7 @@ CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, a NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/ NOTE: DSA-2043 and DSA-2044 -CVE-2010-2061 - RESERVED +CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) ...) - rpcbind 0.2.0-4.1 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows r ...) - beanstalkd 1.4.6-1 (unimportant; bug #585162) @@ -9292,8 +9290,7 @@ CVE-2010-1680 CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before 1.14.3 ...) {DSA-2142-1} - dpkg 1.15.8.8 -CVE-2010-1678 - RESERVED +CVE-2010-1678 (Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol ...) - mapserver 5.6.5-2 NOTE: http://trac.osgeo.org/mapserver/ticket/3641 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (C ...) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 9751b56923..fee7a86738 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -10462,8 +10462,7 @@ CVE-2011-1410 CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly othe ...) {DSA-2259-1} - fex 20110610-1 -CVE-2011-1408 [ikiwiki tty hijacking vulnerability] - RESERVED +CVE-2011-1408 (ikiwiki before 3.20110608 allows remote attackers to hijack root's tty ...) - ikiwiki 3.20110608 (low) [squeeze] - ikiwiki <no-dsa> (Minor issue) CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index c93384b236..14140e2605 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -14888,8 +14888,7 @@ CVE-2012-0696 (Multiple cross-site scripting (XSS) vulnerabilities in the Execut NOT-FOR-US: IBM Cognos CVE-2012-0695 (Multiple unspecified vulnerabilities in Google Chrome before 17.0.963. ...) NOT-FOR-US: Google Chrome books -CVE-2012-0694 [SugarCRM CE unserialize PHP code execution in multiple files] - RESERVED +CVE-2012-0694 (SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with ...) - sugarcrm-ce-5.0 <itp> (bug #457876) NOTE: http://seclists.org/bugtraq/2012/Jun/165 CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 al ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index c4f4fafa68..094cc871f8 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -5485,8 +5485,8 @@ CVE-2018-19153 RESERVED CVE-2018-19152 RESERVED -CVE-2018-19151 - RESERVED +CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows ...) + TODO: check CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...) NOT-FOR-US: pdfforge PDF Architect CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...) @@ -6024,12 +6024,12 @@ CVE-2018-18933 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in Foxit NOT-FOR-US: Foxit Reader CVE-2018-18932 RESERVED -CVE-2018-18931 - RESERVED -CVE-2018-18930 - RESERVED -CVE-2018-18929 - RESERVED +CVE-2018-18931 (An issue was discovered in the Tightrope Media Carousel digital signag ...) + TODO: check +CVE-2018-18930 (The Tightrope Media Carousel digital signage product 7.0.4.104 contain ...) + TODO: check +CVE-2018-18929 (The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4. ...) + TODO: check CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has an integ ...) - icu 63.1-3 [stretch] - icu <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e9cb869aaa..c2a400884c 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4152,6 +4152,7 @@ CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::left CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account via ad ...) NOT-FOR-US: kkcms CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default enviro ...) + {DSA-4555-1} - pam-python 1.0.7-1 (bug #942514) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1 NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/ @@ -12983,7 +12984,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816 -CVE-2019-13116 (The MuleSoft Mule runtime engine before 3.8 allows remote attackers to ...) +CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 allows r ...) NOT-FOR-US: MuleSoft Mule CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...) {DLA-1730-3} @@ -26986,8 +26987,8 @@ CVE-2019-8237 (Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 201 NOT-FOR-US: Adobe CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier versions ...) NOT-FOR-US: Adobe -CVE-2019-8235 - RESERVED +CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...) + TODO: check CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...) NOT-FOR-US: Adobe CVE-2019-8233 |