Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf258506 by security tracker role at 2019-11-06T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can
capture a vict ...)
+ TODO: check
+CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in
Sass::Parser ...)
+ TODO: check
+CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in
Sass::wea ...)
+ TODO: check
+CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in
Sass::Eval::operator()(Sas ...)
+ TODO: check
+CVE-2019-18796
+ RESERVED
+CVE-2019-18795
+ RESERVED
+CVE-2019-18794
+ RESERVED
+CVE-2019-18793
+ RESERVED
+CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages
Parameter : ...)
+ TODO: check
CVE-2019-18792
RESERVED
CVE-2019-18791
@@ -13801,8 +13819,7 @@ CVE-2019-14849
RESERVED
CVE-2019-14848
RESERVED
-CVE-2019-14847
- RESERVED
+CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba
4.10.x b ...)
- samba 2:4.11.0+dfsg-6
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -13842,8 +13859,7 @@ CVE-2019-14835 (A buffer overflow flaw was found, in
versions from 2.6.34 to 5.2
NOTE:
https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
CVE-2019-14834
RESERVED
-CVE-2019-14833
- RESERVED
+CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0
before sa ...)
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -20103,18 +20119,18 @@ CVE-2019-13083 (XnView Classic 2.48 has a User Mode
Write AV starting at xnview+
NOT-FOR-US: XnView
CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution
through an lp_ ...)
NOT-FOR-US: Chamilo LMS
-CVE-2019-13081
- RESERVED
-CVE-2019-13080
- RESERVED
-CVE-2019-13079
- RESERVED
-CVE-2019-13078
- RESERVED
-CVE-2019-13077
- RESERVED
-CVE-2019-13076
- RESERVED
+CVE-2019-13081 (Quest KACE Systems Management Appliance Server Center 9.1.317
has an X ...)
+ TODO: check
+CVE-2019-13080 (Quest KACE Systems Management Appliance Server Center 9.1.317
has an X ...)
+ TODO: check
+CVE-2019-13079 (Quest KACE Systems Management Appliance Server Center 9.1.317
is vulne ...)
+ TODO: check
+CVE-2019-13078 (Quest KACE Systems Management Appliance Server Center 9.1.317
is vulne ...)
+ TODO: check
+CVE-2019-13077 (Quest KACE Systems Management Appliance Server Center 9.1.317
has an X ...)
+ TODO: check
+CVE-2019-13076 (Quest KACE Systems Management Appliance Server Center 9.1.317
is vulne ...)
+ TODO: check
CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure
vulnerability. I ...)
- firefox-esr 68.2.0esr-1 (unimportant)
- firefox 68.0-1 (unimportant)
@@ -20565,10 +20581,10 @@ CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart
Camera DOG-2W and DOG-2W-V4 d
NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and
DOG-2W-V4 devices
CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices ...)
NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices
-CVE-2019-12918
- RESERVED
-CVE-2019-12917
- RESERVED
+CVE-2019-12918 (Quest KACE Systems Management Appliance Server Center version
9.1.317 ...)
+ TODO: check
+CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems
Management ...)
+ TODO: check
CVE-2019-12916
RESERVED
CVE-2019-12915
@@ -27017,8 +27033,8 @@ CVE-2019-10567
RESERVED
CVE-2019-10566
RESERVED
-CVE-2019-10565
- RESERVED
+CVE-2019-10565 (Double free issue can happen when sensor power settings is
freed by so ...)
+ TODO: check
CVE-2019-10564
RESERVED
CVE-2019-10563
@@ -27066,10 +27082,10 @@ CVE-2019-10544
RESERVED
CVE-2019-10543
RESERVED
-CVE-2019-10542
- RESERVED
-CVE-2019-10541
- RESERVED
+CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted
firmware file ...)
+ TODO: check
+CVE-2019-10541 (Dereference on uninitialized buffer can happen when parsing
FLV clip w ...)
+ TODO: check
CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of
count val ...)
NOT-FOR-US: Snapdragon
CVE-2019-10539 (Possible buffer overflow issue due to lack of length check
when parsin ...)
@@ -27082,33 +27098,33 @@ CVE-2019-10536
RESERVED
CVE-2019-10535
RESERVED
-CVE-2019-10534
- RESERVED
-CVE-2019-10533
- RESERVED
+CVE-2019-10534 (Null-pointer dereference can occur while accessing the super
index ent ...)
+ TODO: check
+CVE-2019-10533 (Out of bound access due to improper validation of array index
cause th ...)
+ TODO: check
CVE-2019-10532
RESERVED
-CVE-2019-10531
- RESERVED
+CVE-2019-10531 (Incorrect reading of system image resulting in buffer overflow
when si ...)
+ TODO: check
CVE-2019-10530
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10529
- RESERVED
-CVE-2019-10528
- RESERVED
+CVE-2019-10529 (Possible use after free issue due to race condition while
attempting t ...)
+ TODO: check
+CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog
session inf ...)
+ TODO: check
CVE-2019-10527
RESERVED
CVE-2019-10526
RESERVED
CVE-2019-10525
RESERVED
-CVE-2019-10524
- RESERVED
+CVE-2019-10524 (Lack of check for a negative value returned for get_clk is
wrongly int ...)
+ TODO: check
CVE-2019-10523
RESERVED
-CVE-2019-10522
- RESERVED
+CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow
can occur ...)
+ TODO: check
CVE-2019-10521
RESERVED
CVE-2019-10520
@@ -27122,14 +27138,14 @@ CVE-2019-10517
RESERVED
CVE-2019-10516
RESERVED
-CVE-2019-10515
- RESERVED
+CVE-2019-10515 (DCI client which might be preemptively freed up might be
accessed for ...)
+ TODO: check
CVE-2019-10514
RESERVED
CVE-2019-10513
RESERVED
-CVE-2019-10512
- RESERVED
+CVE-2019-10512 (Payload size is not checked before using it as array index in
audio in ...)
+ TODO: check
CVE-2019-10511
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -27143,14 +27159,14 @@ CVE-2019-10507 (Lack of check of extscan change
results received from firmware c
NOT-FOR-US: Snapdragon
CVE-2019-10506 (While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY
vendor comm ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10505
- RESERVED
-CVE-2019-10504
- RESERVED
+CVE-2019-10505 (Out of bound access while processing a non-standard IE
measurement req ...)
+ TODO: check
+CVE-2019-10504 (Firmware not able to send EXT scan response to host within 1
sec due t ...)
+ TODO: check
CVE-2019-10503
RESERVED
-CVE-2019-10502
- RESERVED
+CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size
is acces ...)
+ TODO: check
CVE-2019-10501 (Possible use after free issue due to improper input validation
in volu ...)
NOT-FOR-US: Snapdragon
CVE-2019-10500
@@ -27161,10 +27177,10 @@ CVE-2019-10498 (Buffer overflow scenario if the
client sends more than 5 io_vec
NOT-FOR-US: Snapdragon
CVE-2019-10497 (Use after free issue occurs If another instance of open for
voice_svc ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10496
- RESERVED
-CVE-2019-10495
- RESERVED
+CVE-2019-10496 (Lack of checking a variable received from driver and
populating in Fir ...)
+ TODO: check
+CVE-2019-10495 (Arbitrary buffer write issue while processing sequence header
during H ...)
+ TODO: check
CVE-2019-10494
RESERVED
CVE-2019-10493
@@ -27172,14 +27188,14 @@ CVE-2019-10493
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto,
Snapdragon ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10491
- RESERVED
+CVE-2019-10491 (ADSP can be compromised since it`s a general-purpose CPU
processing un ...)
+ TODO: check
CVE-2019-10490
RESERVED
CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi
clip dur ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10488
- RESERVED
+CVE-2019-10488 (Null pointer dereference can occur while parsing invalid
chunks while ...)
+ TODO: check
CVE-2019-10487
RESERVED
CVE-2019-10486
@@ -27809,8 +27825,7 @@ CVE-2019-10219
- libhibernate-validator-java <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673
TODO: 20190910: Asked for more information in #1738673. (apo)
-CVE-2019-10218
- RESERVED
+CVE-2019-10218 (A flaw was found in the samba client, all samba versions
before samba ...)
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -39711,12 +39726,12 @@ CVE-2019-6124
RESERVED
CVE-2019-6123
RESERVED
-CVE-2019-6122
- RESERVED
-CVE-2019-6121
- RESERVED
-CVE-2019-6120
- RESERVED
+CVE-2019-6122 (A Username Enumeration via Error Message issue was discovered
in NiceH ...)
+ TODO: check
+CVE-2019-6121 (An issue was discovered in NiceHash Miner before 2.0.3.0.
Missing Auth ...)
+ TODO: check
+CVE-2019-6120 (An issue was discovered in NiceHash Miner before 2.0.3.0. A
missing ra ...)
+ TODO: check
CVE-2019-6119
RESERVED
CVE-2019-6118
@@ -41059,12 +41074,12 @@ CVE-2019-5646
RESERVED
CVE-2019-5645
RESERVED
-CVE-2019-5644
- RESERVED
-CVE-2019-5643
- RESERVED
-CVE-2019-5642
- RESERVED
+CVE-2019-5644 (Computing For Good's Basic Laboratory Information System (also
known a ...)
+ TODO: check
+CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also
known a ...)
+ TODO: check
+CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior
suffers from ...)
+ TODO: check
CVE-2019-5641
RESERVED
CVE-2019-5640
@@ -41113,8 +41128,8 @@ CVE-2019-5619
RESERVED
CVE-2019-5618
RESERVED
-CVE-2019-5617
- RESERVED
+CVE-2019-5617 (Computing For Good's Basic Laboratory Information System (also
known a ...)
+ TODO: check
CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing
electrical ...)
NOT-FOR-US: CircuitWerkes Sicon-8
CVE-2019-5615 (Users with Site-level permissions can access files containing
the user ...)
@@ -46044,6 +46059,7 @@ CVE-2019-3466
RESERVED
CVE-2019-3465
RESERVED
+ {DSA-4560-1 DLA-1983-1}
- simplesamlphp 1.17.6-2 (bug #944107)
NOTE:
https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ
CVE-2019-3464 (Insufficient sanitization of environment variables passed to
rsync can ...)
@@ -47128,7 +47144,7 @@ CVE-2018-20322 (LimeSurvey version 3.15.5 contains a
Cross-site scripting (XSS)
CVE-2018-20321 (An issue was discovered in Rancher 2 through 2.1.5. Any
project member ...)
NOT-FOR-US: Rancher
CVE-2018-20320
- RESERVED
+ REJECTED
CVE-2018-20319
RESERVED
CVE-2018-20318 (An issue was discovered in weixin-java-tools v3.2.0. There is
an XXE v ...)
@@ -50530,10 +50546,10 @@ CVE-2019-2334 (Null pointer dereferencing can happen
when playing the clip with
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while
IPA dr ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2332
- RESERVED
-CVE-2019-2331
- RESERVED
+CVE-2019-2332 (Memory corruption while accessing the memory as payload size is
not va ...)
+ TODO: check
+CVE-2019-2331 (Possible Integer overflow because of subtracting two integers
without ...)
+ TODO: check
CVE-2019-2330 (improper input validation in allocation request for secure
allocations ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2329
@@ -50544,12 +50560,12 @@ CVE-2019-2327 (Possible buffer overflow can occur
when playing clip with incorre
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2326 (Data token is received from ADSP and is used without validation
as an ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2325
- RESERVED
-CVE-2019-2324
- RESERVED
-CVE-2019-2323
- RESERVED
+CVE-2019-2325 (Out of boundary access due to token received from ADSP and is
used wit ...)
+ TODO: check
+CVE-2019-2324 (When ADSP is compromised, the audio port index that`s returned
from AD ...)
+ TODO: check
+CVE-2019-2323 (Lack of check to ensure crypto engine data passed by user is
initializ ...)
+ TODO: check
CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is
non-stan ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2321
@@ -50594,8 +50610,8 @@ CVE-2019-2304
RESERVED
CVE-2019-2303
RESERVED
-CVE-2019-2302
- RESERVED
+CVE-2019-2302 (While processing vendor command which contains corrupted
channel count ...)
+ TODO: check
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not
in ran ...)
NOT-FOR-US: Snapdragon
CVE-2019-2300
@@ -50629,12 +50645,12 @@ CVE-2019-2287 (Improper validation for inputs
received from firmware can lead to
NOT-FOR-US: Snapdragon
CVE-2019-2286
RESERVED
-CVE-2019-2285
- RESERVED
+CVE-2019-2285 (Out of bound write issue is observed while giving information
about pr ...)
+ TODO: check
CVE-2019-2284 (Possible use-after-free issue due to a race condition while
calling ca ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2283
- RESERVED
+CVE-2019-2283 (Improper validation of read and write index of tx and rx fifo`s
before ...)
+ TODO: check
CVE-2019-2282
RESERVED
CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and
subsequ ...)
@@ -50649,8 +50665,8 @@ CVE-2019-2277 (Out of bound read can happen due to lack
of NULL termination on u
NOT-FOR-US: Snapdragon
CVE-2019-2276 (Possible out of bound read occurs while processing beaconing
request d ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2275
- RESERVED
+CVE-2019-2275 (While deserializing any key blob during key operations, buffer
overflo ...)
+ TODO: check
CVE-2019-2274
RESERVED
CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial
of serv ...)
@@ -50683,8 +50699,8 @@ CVE-2019-2260 (A race condition occurs while processing
perf-event which can lea
NOT-FOR-US: Snapdragon
CVE-2019-2259 (Resource allocation error while playing the video whose
dimensions are ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2258
- RESERVED
+CVE-2019-2258 (Improper validation of array index causes OOB write and then
leads to ...)
+ TODO: check
CVE-2019-2257 (Wrong permissions in configuration file can lead to
unauthorized permi ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2256 (An unprivileged user can craft a bitstream such that the
payload encod ...)
@@ -50701,14 +50717,14 @@ CVE-2019-2251
RESERVED
CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user
while free ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2249
- RESERVED
+CVE-2019-2249 (Kernel can do a memory read from arbitrary address passed by
user duri ...)
+ TODO: check
CVE-2019-2248 (Buffer overflow can occur if invalid header tries to overwrite
the exi ...)
NOT-FOR-US: Snapdragon
CVE-2019-2247 (Possibility of double free issue while running multiple
instances of s ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2246
- RESERVED
+CVE-2019-2246 (Thread start can cause invalid memory writes to arbitrary
memory locat ...)
+ TODO: check
CVE-2019-2245 (Possible integer underflow can happen when calculating length
of eleme ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2244 (Possible integer underflow can happen when calculating length
of eleme ...)
@@ -172639,8 +172655,7 @@ CVE-2016-6261 (The idna_to_ascii_4i function in
lib/idna.c in libidn before 1.33
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which
timeout durin ...)
NOT-FOR-US: F5
-CVE-2016-1000037
- RESERVED
+CVE-2016-1000037 (Pagure: XSS possible in file attachment endpoint ...)
- pagure <itp> (bug #829046)
CVE-2016-1000030 (Pidgin version <2.11.0 contains a vulnerability in X.509
Certificat ...)
- pidgin 2.11.0-1 (unimportant)
@@ -179121,8 +179136,8 @@ CVE-2016-4403 (A security vulnerability was
identified in the Filter SDK compone
NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4402 (A security vulnerability was identified in the Filter SDK
component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
-CVE-2016-4401
- RESERVED
+CVE-2016-4401 (Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before
6.6.2 all ...)
+ TODO: check
CVE-2016-4400 (A security vulnerability was identified in HP Network Node
Manager i ( ...)
NOT-FOR-US: HP Network Node Manager i
CVE-2016-4399 (A security vulnerability was identified in HP Network Node
Manager i ( ...)
@@ -196987,8 +197002,8 @@ CVE-2015-7278 (Cross-site request forgery (CSRF)
vulnerability on Amped Wireless
NOT-FOR-US: Amped Wireless
CVE-2015-7277 (The web administration interface on Amped Wireless R10000
devices with ...)
NOT-FOR-US: Amped Wireless
-CVE-2015-7276
- RESERVED
+CVE-2015-7276 (Technicolor C2000T and C2100T uses hard-coded cryptographic
keys. ...)
+ TODO: check
CVE-2015-7275 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85
and 7/8 ...)
NOT-FOR-US: Dell iDRAC
CVE-2015-7274 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80
allows ...)
@@ -222454,8 +222469,7 @@ CVE-2014-8182 [crash in ldap_domain2hostlist when
processing SRV records]
NOTE: Reference for upstream fix:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
NOTE: and:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26 claims
this flaw was never in a OpenLDAP release
-CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer]
- RESERVED
+CVE-2014-8181 (The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not
clear garb ...)
- linux <not-affected> (Specific to RHEL 7)
CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass
authentica ...)
NOT-FOR-US: Red Hat Satellite
@@ -280254,24 +280268,19 @@ CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x
allows remote attackers to cau
- apache2 2.2.15-3 (medium; bug #533661)
- apache <removed> (medium; bug #533662)
[lenny] - apache2 <no-dsa> (Minor issue)
-CVE-2011-4904
- RESERVED
+CVE-2011-4904 (TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper
access ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4903
- RESERVED
+CVE-2011-4903 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before
4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4902
- RESERVED
+CVE-2011-4902 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4
allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4901
- RESERVED
+CVE-2011-4901 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4
allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4900
- RESERVED
+CVE-2011-4900 (TYPO3 before 4.5.4 allows Information Disclosure in the
backend. ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2012-0264 (op5 Monitor and op5 Appliance before 5.5.0 do not properly
manage sess ...)
@@ -281556,36 +281565,28 @@ CVE-2011-4634 (Multiple cross-site scripting (XSS)
vulnerabilities in phpMyAdmin
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-4633
RESERVED
-CVE-2011-4632
- RESERVED
+CVE-2011-4632 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before
4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4631
- RESERVED
+CVE-2011-4631 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before
4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4630
- RESERVED
+CVE-2011-4630 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before
4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4629
- RESERVED
+CVE-2011-4629 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before
4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4628
- RESERVED
+CVE-2011-4628 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4
allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4627
- RESERVED
+CVE-2011-4627 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4
allows ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4626
- RESERVED
+CVE-2011-4626 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before
4.4.9, ...)
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2011-4625 [simplesamlphp xml encryption issues]
- RESERVED
+CVE-2011-4625 (simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid)
incorrectl ...)
{DSA-2330-1}
- simplesamlphp 1.8.1-1
CVE-2011-4624 (Cross-site scripting (XSS) vulnerability in facebook.php in the
GRAND ...)
@@ -291554,8 +291555,8 @@ CVE-2011-1300 (The Program::getActiveUniformMaxLength
function in libGLESv2/Prog
NOT-FOR-US: Mozilla Firefox on Windows, Google Chrome on Windows
CVE-2011-1299
RESERVED
-CVE-2011-1298
- RESERVED
+CVE-2011-1298 (An Integer Overflow exists in WebKit in Google Chrome before
Blink M11 ...)
+ TODO: check
CVE-2011-1297
RESERVED
CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG
text, w ...)
@@ -296802,8 +296803,7 @@ CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x
before 1.0.0c, when SSL_OP_NETSC
NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise
Messaging, Realt ...)
NOT-FOR-US: RedHat documentation of MRG
-CVE-2010-4178
- RESERVED
+CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into
process lis ...)
- mysql-gui-tools <unfixed> (low; bug #605542)
[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
@@ -302135,8 +302135,7 @@ CVE-2010-2249 (Memory leak in pngrutil.c in libpng
before 1.2.44, and 1.4.x befo
CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux
kernel befor ...)
{DSA-2094-1}
- linux-2.6 2.6.32-12 (low)
-CVE-2010-2247 [makepasswd: insecure passwords generated with default settings]
- RESERVED
+CVE-2010-2247 (makepasswd 1.10 default settings generate insecure passwords
...)
- makepasswd 1.10-5 (low; bug #564559)
[lenny] - makepasswd 1.10-3+lenny1
CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled,
might all ...)
@@ -305519,8 +305518,7 @@ CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3
before 2.3.0 allows attackers to
- freeciv 2.2.1-1 (low; bug #584589)
[lenny] - freeciv <no-dsa> (Minor issue)
NOTE: http://gna.org/bugs/?15624
-CVE-2010-2446 [Rbot Owner Reaction Command Execution]
- RESERVED
+CVE-2010-2446 (Rbot Reaction plugin allows command execution ...)
- rbot 0.9.14-2 (bug #575286)
[lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
[etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
@@ -306437,8 +306435,7 @@ CVE-2010-2472 [Locale module cross site scripting]
RESERVED
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2471 [Open redirection]
- RESERVED
+CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
CVE-2010-2250 [Installation cross site scripting]
@@ -306852,8 +306849,7 @@ CVE-2009-4644 (Accellion Secure File Transfer
Appliance before 8_0_105 allows re
CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c
in the ...)
- linux-2.6 2.6.12-1
- linux-2.6.24 <not-affected> (fixed before 2.6.24)
-CVE-2009-5050 [konversation DoS]
- RESERVED
+CVE-2009-5050 (konversation before 1.2.3 allows attackers to cause a denial of
servic ...)
- konversation 1.2.3-1 (low)
[lenny] - konversation <not-affected> (Doesn't affect the combination
of kdelibs/QT in Lenny)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
@@ -311008,13 +311004,11 @@ CVE-2009-5047 [multiple vulnerabilities in jetty]
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5048 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5048 (Cookie Dump Servlet stored XSS vulnerability in jetty though
6.1.20. ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5049 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5049 (WebApp JSP Snoop page XSS in jetty though 6.1.21. ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf2585062ff2a934362d783a7d8323738427beb3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf2585062ff2a934362d783a7d8323738427beb3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
