automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-10-31 08:10:12 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-10-31 08:10:12 +0000
commit: 327e1c50a9bacc2428f22b4d9a995919599709e1 (patch)
tree: 34a2506eb94cab5ec80c3e3baf0351707a5f1096 /data/CVE
parent: 77d23e3d8dc2e0248d81de69dac05af81148fe4d (diff)
6 files changed, 99 insertions, 57 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index da774617ba..a397a915e5 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -9305,8 +9305,7 @@ CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a
 CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows  ...)
 	{DSA-2197-1}
 	- quagga 0.99.18-1
-CVE-2010-1673 [ikiwiki xss due to insufficient html scrubbing]
-	RESERVED
+CVE-2010-1673 (A cross-site scripting (XSS) vulnerability in ikiwiki before 3.2010111 ...)
 	- ikiwiki 3.20101112
 	[squeeze] - ikiwiki 3.20100815.2
 	[lenny] - ikiwiki <not-affected>
@@ -11243,8 +11242,7 @@ CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Downl
 CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...)
 	{DSA-2020-1}
 	- ikiwiki 3.20100312 (low)
-CVE-2010-0747 [linux-2.6 drbd connector issue]
-	RESERVED
+CVE-2010-0747 (drbd8 allows local users to bypass intended restrictions for certain a ...)
 	{DSA-2015-1}
 	- linux-2.6 <not-affected> (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected)
 	- drbd8 2:8.3.7-1
@@ -11804,11 +11802,9 @@ CVE-2010-1144
 CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users t ...)
 	- policykit-1 <not-affected> (pkexec introduced in 0.92)
 	[lenny] - policykit-1 <not-affected> (pkexec introduced in 0.92)
-CVE-2010-0749
-	RESERVED
+CVE-2010-0749 (Transmission before 1.92 allows attackers to prevent download of a fil ...)
 	- transmission 1.92-1 (unimportant; bug #574507)
-CVE-2010-0748 [transmission magnet links parser buffer overflow]
-	RESERVED
+CVE-2010-0748 (Transmission before 1.92 allows an attacker to cause a denial of servi ...)
 	- transmission 1.92-1 (medium; bug #574507)
 	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
 CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as  ...)
@@ -11843,8 +11839,7 @@ CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in d
 	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2010-0737
-	RESERVED
+CVE-2010-0737 (A missing permission check was found in The CLI in JBoss Operations Ne ...)
 	NOT-FOR-US: JBoss Operations Network
 CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform functio ...)
 	- viewvc 1.1.5-1 (bug #575787)
@@ -12691,8 +12686,7 @@ CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allow
 	- mahara 1.2.4-1 (medium)
 CVE-2010-0399
 	RESERVED
-CVE-2010-0398 [autokey arbitrary file overwriting via symlinks]
-	RESERVED
+CVE-2010-0398 (The init script in autokey before 0.61.3-2 allows local attackers to w ...)
 	- autokey 0.61.3-2
 CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing m ...)
 	{DSA-2018-1}
@@ -13209,16 +13203,14 @@ CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-0208
 	RESERVED
-CVE-2010-0207 [xpdf: XRef table parsing infinite loop]
-	RESERVED
+CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows remote  ...)
 	- kdegraphics 4:4.0.0-1 (unimportant)
 	- xpdf <unfixed> (unimportant)
 	- poppler 0.16.3-1 (unimportant)
 	[squeeze] - poppler 0.12.4-1.2+squeeze1
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
 	NOTE: Just a crasher, not treated as a security issue
-CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects]
-	RESERVED
+CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...)
 	- kdegraphics 4:4.0.0-1 (unimportant)
 	- xpdf <unfixed>  (unimportant)
 	- poppler 0.16.3-1 (unimportant)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 8fcb2511a4..a0175c4915 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -16660,8 +16660,8 @@ CVE-2013-1393 (Cross-site scripting (XSS) vulnerability in the CurvyCorners modu
 	NOT-FOR-US: Drupal module CurvyCorners
 CVE-2013-1392
 	RESERVED
-CVE-2013-1391
-	RESERVED
+CVE-2013-1391 (Authentication bypass vulnerability in the the web interface in Hunt C ...)
+	TODO: check
 CVE-2013-1390
 	RESERVED
 CVE-2013-1389 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9. ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index eb90a76c93..9e26c7602e 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -11630,7 +11630,7 @@ CVE-2014-6057
 CVE-2014-6056
 	RESERVED
 CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in  ...)
-	{DSA-3081-1 DLA-197-1}
+	{DSA-3081-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc <removed>
 	NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
@@ -11638,7 +11638,7 @@ CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer featur
 	NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement)
 	NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2
 CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
-	{DSA-3081-1 DLA-197-1}
+	{DSA-3081-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc <removed>
 	NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
@@ -11647,17 +11647,17 @@ CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbser
 	NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
 	NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
 CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
-	{DSA-3081-1 DLA-197-1}
+	{DSA-3081-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc <removed>
 	NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...)
-	{DSA-3081-1 DLA-197-1}
+	{DSA-3081-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc <removed>
 	NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
 CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in L ...)
-	{DSA-3081-1 DLA-197-1}
+	{DSA-3081-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc <removed>
 	NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index e2487eb47c..cb737f53e7 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -2984,13 +2984,13 @@ CVE-2016-9944
 CVE-2016-9943
 	RESERVED
 CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer  ...)
-	{DSA-3753-1 DLA-777-1}
+	{DSA-3753-1 DLA-1979-1 DLA-777-1}
 	- libvncserver 0.9.11+dfsg-1 (bug #850008)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/pull/137
 	NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb
 CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServ ...)
-	{DSA-3753-1 DLA-777-1}
+	{DSA-3753-1 DLA-1979-1 DLA-777-1}
 	- libvncserver 0.9.11+dfsg-1 (bug #850007)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/pull/137
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 6feef884de..70d8dbf5ad 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,5 @@
+CVE-2018-21029 (systemd 239 through 243 accepts any certificate signed by a trusted ce ...)
+	TODO: check
 CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...)
 	- boa <removed>
 CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...)
@@ -3074,35 +3076,35 @@ CVE-2018-20026 (Improper Communication Address Filtering exists in CODESYS V3 pr
 CVE-2018-20025 (Use of Insufficiently Random Values exists in CODESYS V3 products vers ...)
 	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
 CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/254
 	NOTE: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/
 CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-66 ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/253
 	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
 CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multip ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/252
 	NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
 CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/251
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
 CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/250
@@ -3110,7 +3112,7 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
 	NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
 CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulner ...)
-	{DLA-1652-1}
+	{DLA-1979-1 DLA-1652-1}
 	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
 	- italc <removed>
 	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
@@ -3119,7 +3121,7 @@ CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
 	NOTE: https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae
 CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/247
@@ -15716,19 +15718,19 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=artic
 CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, H ...)
 	NOT-FOR-US: Polycom Group Series
 CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerabilit ...)
-	{DLA-1652-1}
+	{DLA-1979-1 DLA-1652-1}
 	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
 	- italc <removed>
 	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
 CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...)
-	{DLA-1652-1}
+	{DLA-1979-1 DLA-1652-1}
 	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
 	- italc <removed>
 	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
 CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/243
@@ -15739,7 +15741,7 @@ CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de co
 	NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
 	NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
 CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...)
-	{DSA-4383-1 DLA-1652-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1652-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	NOTE: https://github.com/LibVNC/libvncserver/issues/242
 	NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242)
@@ -36560,7 +36562,7 @@ CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in
 	[stretch] - vncterm <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibVNC/vncterm/issues/6
 CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClie ...)
-	{DSA-4221-1 DLA-1332-1}
+	{DSA-4221-1 DLA-1979-1 DLA-1332-1}
 	- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/218
@@ -39073,7 +39075,7 @@ CVE-2018-6309
 CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and ...)
 	NOT-FOR-US: SugarCRM
 CVE-2018-6307 (LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains ...)
-	{DSA-4383-1 DLA-1617-1}
+	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/issues/241
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 74363cfe79..ff08733025 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,51 @@
+CVE-2019-18649
+	RESERVED
+CVE-2019-18648
+	RESERVED
+CVE-2019-18647
+	RESERVED
+CVE-2019-18646
+	RESERVED
+CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus 11.5.2 ...)
+	TODO: check
+CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...)
+	TODO: check
+CVE-2019-18643
+	RESERVED
+CVE-2019-18642
+	RESERVED
+CVE-2019-18641
+	RESERVED
+CVE-2019-18640
+	RESERVED
+CVE-2019-18639
+	RESERVED
+CVE-2019-18638
+	RESERVED
+CVE-2019-18637
+	RESERVED
+CVE-2019-18636
+	RESERVED
+CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...)
+	TODO: check
+CVE-2019-18634
+	RESERVED
+CVE-2019-18633 (European Commission eIDAS-Node Integration Package before 2.3.1 has Mi ...)
+	TODO: check
+CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 allows ...)
+	TODO: check
+CVE-2019-18631
+	RESERVED
+CVE-2019-18630
+	RESERVED
+CVE-2019-18629
+	RESERVED
+CVE-2019-18628
+	RESERVED
+CVE-2019-18627
+	RESERVED
+CVE-2019-18626
+	RESERVED
 CVE-2019-18625
 	RESERVED
 CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...)
@@ -2275,8 +2323,8 @@ CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Inj
 	NOT-FOR-US: MetInfo
 CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...)
 	NOT-FOR-US: idreamsoft iCMS
-CVE-2019-17551
-	RESERVED
+CVE-2019-17551 (Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS  ...)
+	TODO: check
 CVE-2019-17550
 	RESERVED
 CVE-2019-17549
@@ -2797,18 +2845,18 @@ CVE-2019-17328
 	RESERVED
 CVE-2019-17327
 	RESERVED
-CVE-2019-17326
-	RESERVED
-CVE-2019-17325
-	RESERVED
-CVE-2019-17324
-	RESERVED
-CVE-2019-17323
-	RESERVED
-CVE-2019-17322
-	RESERVED
-CVE-2019-17321
-	RESERVED
+CVE-2019-17326 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker  ...)
+	TODO: check
+CVE-2019-17325 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker  ...)
+	TODO: check
+CVE-2019-17324 (ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traver ...)
+	TODO: check
+CVE-2019-17323 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...)
+	TODO: check
+CVE-2019-17322 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...)
+	TODO: check
+CVE-2019-17321 (ClipSoft REXPERT 1.0.0.527 and earlier version have an information dis ...)
+	TODO: check
 CVE-2019-17320 (NetSarang XFTP Client 6.0149 and earlier version contains a buffer ove ...)
 	NOT-FOR-US: NetSarang XFTP Client
 CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
@@ -6617,7 +6665,7 @@ CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerabilit
 CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...)
 	TODO: check
 CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...)
-	{DLA-1977-1}
+	{DLA-1979-1 DLA-1977-1}
 	- libvncserver <unfixed> (bug #943793)
 	- italc <removed>
 	NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
@@ -14883,8 +14931,8 @@ CVE-2019-12419
 	RESERVED
 CVE-2019-12418
 	RESERVED
-CVE-2019-12417
-	RESERVED
+CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow  ...)
+	TODO: check
 CVE-2019-12416
 	RESERVED
 CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...)
@@ -19285,8 +19333,8 @@ CVE-2019-10764
 	RESERVED
 CVE-2019-10763
 	RESERVED
-CVE-2019-10762
-	RESERVED
+CVE-2019-10762 (columnQuote in medoo before 1.7.5 allows remote attackers to perform a ...)
+	TODO: check
 CVE-2019-10761
 	RESERVED
 CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A  ...)
author	security tracker role <sectracker@soriano.debian.org>	2019-10-31 08:10:12 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-10-31 08:10:12 +0000
commit	327e1c50a9bacc2428f22b4d9a995919599709e1 (patch)
tree	34a2506eb94cab5ec80c3e3baf0351707a5f1096 /data/CVE
parent	77d23e3d8dc2e0248d81de69dac05af81148fe4d (diff)