[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 30 Oct 2019 01:11:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e39cc841 by security tracker role at 2019-10-30T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5668,6 +5668,7 @@ CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that 
can add an user account
 CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information 
disclosu ...)
        NOT-FOR-US: Home Assistant
 CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the 
default enviro ...)
+       {DSA-4555-1}
        - pam-python 1.0.7-1 (bug #942514)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
        NOTE: 
https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
@@ -17310,7 +17311,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an 
xsl:number with certain forma
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
        NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
-CVE-2019-13116 (The MuleSoft Mule runtime engine before 3.8 allows remote 
attackers to ...)
+CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 
allows r ...)
        NOT-FOR-US: MuleSoft Mule
 CVE-2019-13115 (In libssh2 before 1.9.0, 
kex_method_diffie_hellman_group_exchange_sha2 ...)
        {DLA-1730-3}
@@ -31695,8 +31696,8 @@ CVE-2019-8237 (Adobe Acrobat and Reader versions 
2019.012.20034 and earlier; 201
        NOT-FOR-US: Adobe
 CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier 
versions  ...)
        NOT-FOR-US: Adobe
-CVE-2019-8235
-       RESERVED
+CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists 
in Mag ...)
+       TODO: check
 CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a 
cross-site r ...)
        NOT-FOR-US: Adobe
 CVE-2019-8233
@@ -54901,8 +54902,8 @@ CVE-2018-19153
        RESERVED
 CVE-2018-19152
        RESERVED
-CVE-2018-19151
-       RESERVED
+CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake 
cryptocurrency) allows ...)
+       TODO: check
 CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll 
in pdffor ...)
        NOT-FOR-US: pdfforge PDF Architect
 CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in 
_poppler_attac ...)
@@ -55448,12 +55449,12 @@ CVE-2018-18933 (The u3d plugin 9.3.0.10809 (aka 
plugins\U3DBrowser.fpi) in Foxit
        NOT-FOR-US: Foxit Reader
 CVE-2018-18932
        RESERVED
-CVE-2018-18931
-       RESERVED
-CVE-2018-18930
-       RESERVED
-CVE-2018-18929
-       RESERVED
+CVE-2018-18931 (An issue was discovered in the Tightrope Media Carousel 
digital signag ...)
+       TODO: check
+CVE-2018-18930 (The Tightrope Media Carousel digital signage product 7.0.4.104 
contain ...)
+       TODO: check
+CVE-2018-18929 (The Tightrope Media Carousel Seneca HDn Windows-based 
appliance 7.0.4. ...)
+       TODO: check
 CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has 
an integ ...)
        - icu 63.1-3
        [stretch] - icu <not-affected> (Vulnerable code not present)
@@ -275865,8 +275866,7 @@ CVE-2012-0696 (Multiple cross-site scripting (XSS) 
vulnerabilities in the Execut
        NOT-FOR-US: IBM Cognos
 CVE-2012-0695 (Multiple unspecified vulnerabilities in Google Chrome before 
17.0.963. ...)
        NOT-FOR-US: Google Chrome books
-CVE-2012-0694 [SugarCRM CE unserialize PHP code execution in multiple files]
-       RESERVED
+CVE-2012-0694 (SugarCRM CE &lt;= 6.3.1 contains scripts that use 
"unserialize()" with ...)
        - sugarcrm-ce-5.0 <itp> (bug #457876)
        NOTE: http://seclists.org/bugtraq/2012/Jun/165
 CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 
5.03 al ...)
@@ -288561,8 +288561,7 @@ CVE-2011-1410
 CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and 
possibly othe ...)
        {DSA-2259-1}
        - fex 20110610-1
-CVE-2011-1408 [ikiwiki tty hijacking vulnerability]
-       RESERVED
+CVE-2011-1408 (ikiwiki before 3.20110608 allows remote attackers to hijack 
root's tty ...)
        - ikiwiki 3.20110608 (low)
        [squeeze] - ikiwiki <no-dsa> (Minor issue)
 CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits 
matching for  ...)
@@ -299875,8 +299874,7 @@ CVE-2010-2065 (Integer overflow in the TIFFroundup 
macro in LibTIFF before 3.9.3
        [lenny] - tiff <not-affected> (Only affects 3.9.x)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
        NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
-CVE-2010-2064
-       RESERVED
+CVE-2010-2064 (rpcbind 0.2.0 allows local users to write to arbitrary files or 
gain p ...)
        - rpcbind 0.2.0-4.1
        NOTE: This version changed the state directory to /var/run/rpcbind, 
which is only writable by root
 CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in 
the chai ...)
@@ -299893,8 +299891,7 @@ CVE-2010-2062 (Integer underflow in the 
real_get_rdt_chunk function in real.c, a
        NOTE: 
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
        NOTE: 
http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
        NOTE: DSA-2043 and DSA-2044
-CVE-2010-2061
-       RESERVED
+CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr 
and (2)  ...)
        - rpcbind 0.2.0-4.1
 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier 
allows r ...)
        - beanstalkd 1.4.6-1 (unimportant; bug #585162)
@@ -300958,8 +300955,7 @@ CVE-2010-1680
 CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before 
1.14.3 ...)
        {DSA-2142-1}
        - dpkg 1.15.8.8
-CVE-2010-1678
-       RESERVED
+CVE-2010-1678 (Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates 
symbol  ...)
        - mapserver 5.6.5-2
        NOTE: http://trac.osgeo.org/mapserver/ticket/3641
 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of 
service (C ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e39cc841393e49eb77e27d652f2b1e3e91c71149

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e39cc841393e49eb77e27d652f2b1e3e91c71149
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to