diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-10-31 08:10:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-10-31 08:10:12 +0000 |
commit | 327e1c50a9bacc2428f22b4d9a995919599709e1 (patch) | |
tree | 34a2506eb94cab5ec80c3e3baf0351707a5f1096 /data/CVE | |
parent | 77d23e3d8dc2e0248d81de69dac05af81148fe4d (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2010.list | 24 | ||||
-rw-r--r-- | data/CVE/2013.list | 4 | ||||
-rw-r--r-- | data/CVE/2014.list | 10 | ||||
-rw-r--r-- | data/CVE/2016.list | 4 | ||||
-rw-r--r-- | data/CVE/2018.list | 28 | ||||
-rw-r--r-- | data/CVE/2019.list | 86 |
6 files changed, 99 insertions, 57 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index da774617ba..a397a915e5 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -9305,8 +9305,7 @@ CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows ...) {DSA-2197-1} - quagga 0.99.18-1 -CVE-2010-1673 [ikiwiki xss due to insufficient html scrubbing] - RESERVED +CVE-2010-1673 (A cross-site scripting (XSS) vulnerability in ikiwiki before 3.2010111 ...) - ikiwiki 3.20101112 [squeeze] - ikiwiki 3.20100815.2 [lenny] - ikiwiki <not-affected> @@ -11243,8 +11242,7 @@ CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Downl CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...) {DSA-2020-1} - ikiwiki 3.20100312 (low) -CVE-2010-0747 [linux-2.6 drbd connector issue] - RESERVED +CVE-2010-0747 (drbd8 allows local users to bypass intended restrictions for certain a ...) {DSA-2015-1} - linux-2.6 <not-affected> (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected) - drbd8 2:8.3.7-1 @@ -11804,11 +11802,9 @@ CVE-2010-1144 CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users t ...) - policykit-1 <not-affected> (pkexec introduced in 0.92) [lenny] - policykit-1 <not-affected> (pkexec introduced in 0.92) -CVE-2010-0749 - RESERVED +CVE-2010-0749 (Transmission before 1.92 allows attackers to prevent download of a fil ...) - transmission 1.92-1 (unimportant; bug #574507) -CVE-2010-0748 [transmission magnet links parser buffer overflow] - RESERVED +CVE-2010-0748 (Transmission before 1.92 allows an attacker to cause a denial of servi ...) - transmission 1.92-1 (medium; bug #574507) [lenny] - transmission <not-affected> (Support for Magnet links not yet available) CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as ...) @@ -11843,8 +11839,7 @@ CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in d [lenny] - texlive-bin 2007.dfsg.2-4+lenny3 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) -CVE-2010-0737 - RESERVED +CVE-2010-0737 (A missing permission check was found in The CLI in JBoss Operations Ne ...) NOT-FOR-US: JBoss Operations Network CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform functio ...) - viewvc 1.1.5-1 (bug #575787) @@ -12691,8 +12686,7 @@ CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allow - mahara 1.2.4-1 (medium) CVE-2010-0399 RESERVED -CVE-2010-0398 [autokey arbitrary file overwriting via symlinks] - RESERVED +CVE-2010-0398 (The init script in autokey before 0.61.3-2 allows local attackers to w ...) - autokey 0.61.3-2 CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing m ...) {DSA-2018-1} @@ -13209,16 +13203,14 @@ CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and NOT-FOR-US: Adobe Flash Plugin CVE-2010-0208 RESERVED -CVE-2010-0207 [xpdf: XRef table parsing infinite loop] - RESERVED +CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows remote ...) - kdegraphics 4:4.0.0-1 (unimportant) - xpdf <unfixed> (unimportant) - poppler 0.16.3-1 (unimportant) [squeeze] - poppler 0.12.4-1.2+squeeze1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172 NOTE: Just a crasher, not treated as a security issue -CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects] - RESERVED +CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...) - kdegraphics 4:4.0.0-1 (unimportant) - xpdf <unfixed> (unimportant) - poppler 0.16.3-1 (unimportant) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 8fcb2511a4..a0175c4915 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -16660,8 +16660,8 @@ CVE-2013-1393 (Cross-site scripting (XSS) vulnerability in the CurvyCorners modu NOT-FOR-US: Drupal module CurvyCorners CVE-2013-1392 RESERVED -CVE-2013-1391 - RESERVED +CVE-2013-1391 (Authentication bypass vulnerability in the the web interface in Hunt C ...) + TODO: check CVE-2013-1390 RESERVED CVE-2013-1389 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9. ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index eb90a76c93..9e26c7602e 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -11630,7 +11630,7 @@ CVE-2014-6057 CVE-2014-6056 RESERVED CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in ...) - {DSA-3081-1 DLA-197-1} + {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc <removed> NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e @@ -11638,7 +11638,7 @@ CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer featur NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement) NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2 CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...) - {DSA-3081-1 DLA-197-1} + {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc <removed> NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446 @@ -11647,17 +11647,17 @@ CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbser NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening) NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening) CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...) - {DSA-3081-1 DLA-197-1} + {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc <removed> NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...) - {DSA-3081-1 DLA-197-1} + {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc <removed> NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812 CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in L ...) - {DSA-3081-1 DLA-197-1} + {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc <removed> NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index e2487eb47c..cb737f53e7 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -2984,13 +2984,13 @@ CVE-2016-9944 CVE-2016-9943 RESERVED CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer ...) - {DSA-3753-1 DLA-777-1} + {DSA-3753-1 DLA-1979-1 DLA-777-1} - libvncserver 0.9.11+dfsg-1 (bug #850008) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/pull/137 NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServ ...) - {DSA-3753-1 DLA-777-1} + {DSA-3753-1 DLA-1979-1 DLA-777-1} - libvncserver 0.9.11+dfsg-1 (bug #850007) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/pull/137 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 6feef884de..70d8dbf5ad 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,5 @@ +CVE-2018-21029 (systemd 239 through 243 accepts any certificate signed by a trusted ce ...) + TODO: check CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...) - boa <removed> CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...) @@ -3074,35 +3076,35 @@ CVE-2018-20026 (Improper Communication Address Filtering exists in CODESYS V3 pr CVE-2018-20025 (Use of Insufficiently Random Values exists in CODESYS V3 products vers ...) NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/254 NOTE: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/ CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-66 ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/253 NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858 NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/ CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multip ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/252 NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/251 NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/250 @@ -3110,7 +3112,7 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/ CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulner ...) - {DLA-1652-1} + {DLA-1979-1 DLA-1652-1} - libvncserver 0.9.11+dfsg-1.3 (bug #920941) - italc <removed> [stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-20019 not applied) @@ -3119,7 +3121,7 @@ CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7 NOTE: https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/247 @@ -15716,19 +15718,19 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=artic CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, H ...) NOT-FOR-US: Polycom Group Series CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerabilit ...) - {DLA-1652-1} + {DLA-1979-1 DLA-1652-1} - libvncserver 0.9.11+dfsg-1.3 (bug #920941) - italc <removed> [stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied) NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...) - {DLA-1652-1} + {DLA-1979-1 DLA-1652-1} - libvncserver 0.9.11+dfsg-1.3 (bug #920941) - italc <removed> [stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied) NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707 CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/243 @@ -15739,7 +15741,7 @@ CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de co NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707 NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...) - {DSA-4383-1 DLA-1652-1} + {DSA-4383-1 DLA-1979-1 DLA-1652-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) NOTE: https://github.com/LibVNC/libvncserver/issues/242 NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242) @@ -36560,7 +36562,7 @@ CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in [stretch] - vncterm <no-dsa> (Minor issue) NOTE: https://github.com/LibVNC/vncterm/issues/6 CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClie ...) - {DSA-4221-1 DLA-1332-1} + {DSA-4221-1 DLA-1979-1 DLA-1332-1} - libvncserver 0.9.11+dfsg-1.1 (bug #894045) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/218 @@ -39073,7 +39075,7 @@ CVE-2018-6309 CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and ...) NOT-FOR-US: SugarCRM CVE-2018-6307 (LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains ...) - {DSA-4383-1 DLA-1617-1} + {DSA-4383-1 DLA-1979-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/issues/241 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 74363cfe79..ff08733025 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,51 @@ +CVE-2019-18649 + RESERVED +CVE-2019-18648 + RESERVED +CVE-2019-18647 + RESERVED +CVE-2019-18646 + RESERVED +CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus 11.5.2 ...) + TODO: check +CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...) + TODO: check +CVE-2019-18643 + RESERVED +CVE-2019-18642 + RESERVED +CVE-2019-18641 + RESERVED +CVE-2019-18640 + RESERVED +CVE-2019-18639 + RESERVED +CVE-2019-18638 + RESERVED +CVE-2019-18637 + RESERVED +CVE-2019-18636 + RESERVED +CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...) + TODO: check +CVE-2019-18634 + RESERVED +CVE-2019-18633 (European Commission eIDAS-Node Integration Package before 2.3.1 has Mi ...) + TODO: check +CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 allows ...) + TODO: check +CVE-2019-18631 + RESERVED +CVE-2019-18630 + RESERVED +CVE-2019-18629 + RESERVED +CVE-2019-18628 + RESERVED +CVE-2019-18627 + RESERVED +CVE-2019-18626 + RESERVED CVE-2019-18625 RESERVED CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...) @@ -2275,8 +2323,8 @@ CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Inj NOT-FOR-US: MetInfo CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...) NOT-FOR-US: idreamsoft iCMS -CVE-2019-17551 - RESERVED +CVE-2019-17551 (Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS ...) + TODO: check CVE-2019-17550 RESERVED CVE-2019-17549 @@ -2797,18 +2845,18 @@ CVE-2019-17328 RESERVED CVE-2019-17327 RESERVED -CVE-2019-17326 - RESERVED -CVE-2019-17325 - RESERVED -CVE-2019-17324 - RESERVED -CVE-2019-17323 - RESERVED -CVE-2019-17322 - RESERVED -CVE-2019-17321 - RESERVED +CVE-2019-17326 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...) + TODO: check +CVE-2019-17325 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...) + TODO: check +CVE-2019-17324 (ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traver ...) + TODO: check +CVE-2019-17323 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...) + TODO: check +CVE-2019-17322 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...) + TODO: check +CVE-2019-17321 (ClipSoft REXPERT 1.0.0.527 and earlier version have an information dis ...) + TODO: check CVE-2019-17320 (NetSarang XFTP Client 6.0149 and earlier version contains a buffer ove ...) NOT-FOR-US: NetSarang XFTP Client CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) @@ -6617,7 +6665,7 @@ CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerabilit CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...) TODO: check CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...) - {DLA-1977-1} + {DLA-1979-1 DLA-1977-1} - libvncserver <unfixed> (bug #943793) - italc <removed> NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a @@ -14883,8 +14931,8 @@ CVE-2019-12419 RESERVED CVE-2019-12418 RESERVED -CVE-2019-12417 - RESERVED +CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow ...) + TODO: check CVE-2019-12416 RESERVED CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...) @@ -19285,8 +19333,8 @@ CVE-2019-10764 RESERVED CVE-2019-10763 RESERVED -CVE-2019-10762 - RESERVED +CVE-2019-10762 (columnQuote in medoo before 1.7.5 allows remote attackers to perform a ...) + TODO: check CVE-2019-10761 RESERVED CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A ...) |