automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-11-01 08:10:12 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-11-01 08:10:12 +0000
commit: 0fbc8207838d73043498d91e83a693dba6883409 (patch)
tree: ef57089bf494184b17d5429b6af65c0debf12a40
parent: dfd3be3cba23de99312cd399ac732f21de01fc36 (diff)
5 files changed, 66 insertions, 75 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 7a4f57dffc..fc8f4eb637 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -6504,8 +6504,7 @@ CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_regi
 	- qemu-kvm 0.12.5+dfsg-3 (bug #594478)
 	- kvm <removed>
 	[lenny] - kvm 72+dfsg-5~lenny6
-CVE-2010-2783
-	RESERVED
+CVE-2010-2783 (IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary  ...)
 	- openjdk-6 6b18-1.8.1-1
 CVE-2010-2782
 	RESERVED
@@ -7163,8 +7162,7 @@ CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Serve
 	NOT-FOR-US: Microsoft
 CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
 	NOT-FOR-US: Microsoft
-CVE-2010-2548
-	RESERVED
+CVE-2010-2548 (IcedTea6 before 1.7.4 does not properly check property access, which a ...)
 	- openjdk-6 6b18-1.8.1-1
 CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...)
 	{DSA-2076-1}
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 14140e2605..2d180da6f8 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1453,23 +1453,19 @@ CVE-2012-6127
 	REJECTED
 CVE-2012-6126
 	REJECTED
-CVE-2012-6125
-	RESERVED
+CVE-2012-6125 (Chicken before 4.8.0 is susceptible to algorithmic complexity attacks  ...)
 	- chicken 4.8.0-1 (low; bug #702410)
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	[squeeze] - chicken <no-dsa> (Minor issue)
-CVE-2012-6124
-	RESERVED
+CVE-2012-6124 (A casting error in Chicken before 4.8.0 on 64-bit platform caused the  ...)
 	- chicken 4.8.0-1 (low; bug #702410)
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	[squeeze] - chicken <no-dsa> (Minor issue)
-CVE-2012-6123
-	RESERVED
+CVE-2012-6123 (Chicken before 4.8.0 does not properly handle NUL bytes in certain str ...)
 	- chicken 4.8.0-1 (low; bug #702410)
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	[squeeze] - chicken <no-dsa> (Minor issue)
-CVE-2012-6122
-	RESERVED
+CVE-2012-6122 (Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allo ...)
 	- chicken 4.8.0.3-1 (low; bug #702410)
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	[squeeze] - chicken <no-dsa> (Minor issue)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index b193da2fa7..ceeea3cccb 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -14255,8 +14255,7 @@ CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, on
 	- xen 4.2.2-1
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
-CVE-2013-2075
-	RESERVED
+CVE-2013-2075 (Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-r ...)
 	- chicken <not-affected> (Incomplete fix was never applied)
 CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows att ...)
 	{DLA-952-1}
@@ -14422,8 +14421,7 @@ CVE-2013-2026
 	REJECTED
 CVE-2013-2025 (Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x th ...)
 	NOT-FOR-US: Ushahidi
-CVE-2013-2024 [OS command injection vulnerability in Chicken Scheme]
-	RESERVED
+CVE-2013-2024 (OS command injection vulnerability in the "qs" procedure from the "uti ...)
 	- chicken 4.8.0.3-1 (bug #706525)
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	[squeeze] - chicken <no-dsa> (Minor issue)
@@ -14482,8 +14480,7 @@ CVE-2013-2013 (The user-password-update command in python-keystoneclient before
 	[wheezy] - python-keystoneclient 2012.1-3+deb7u1
 	NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315
 	NOTE: https://review.openstack.org/28702
-CVE-2013-2012 [autojump profile will load random stuff from a directory called custom_install]
-	RESERVED
+CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via a Tro ...)
 	- autojump <not-affected> (vulnerable code not present for unstable)
 	NOTE: experimental affected as per 21.5.1-1, see #706252
 	NOTE: experimental fixed as 21.5.1-2
@@ -14680,8 +14677,7 @@ CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c
 CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, ...)
 	{DSA-2666-1}
 	- xen 4.1.4-4
-CVE-2013-1951
-	RESERVED
+CVE-2013-1951 (A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5  ...)
 	- mediawiki 1:1.19.5-1
 	[squeeze] - mediawiki <end-of-life>
 CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remot ...)
@@ -14697,8 +14693,7 @@ CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attac
 	NOT-FOR-US: Ruby Gem kelredd-pruview
 CVE-2013-1946 (The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7. ...)
 	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
-CVE-2013-1945
-	RESERVED
+CVE-2013-1945 (ruby193 uses an insecure LD_LIBRARY_PATH setting. ...)
 	NOT-FOR-US: Red Hat specific packaging flaw of Ruby in Red Hat OpenShift Enterprise
 CVE-2013-1944 (The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 d ...)
 	{DSA-2660-1}
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 6c7081ec42..f4020e77b8 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -45049,8 +45049,8 @@ CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in
 	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
 CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...)
 	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
-CVE-2018-4064
-	RESERVED
+CVE-2018-4064 (An exploitable unverified password change vulnerability exists in the  ...)
+	TODO: check
 CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...)
 	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
 CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...)
@@ -45118,8 +45118,8 @@ CVE-2018-4033 (The CleanMyMac X software contains an exploitable privilege escal
 	NOT-FOR-US: Clean My Mac X
 CVE-2018-4032 (An exploitable privilege escalation vulnerability exists in the way th ...)
 	NOT-FOR-US: Clean My Mac X
-CVE-2018-4031
-	RESERVED
+CVE-2018-4031 (An exploitable vulnerability exists in the safe browsing function of t ...)
+	TODO: check
 CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function of the  ...)
 	NOT-FOR-US: CUJO Smart Firewall
 CVE-2018-4029 (An exploitable code execution vulnerability exists in the HTTP request ...)
@@ -45183,8 +45183,8 @@ CVE-2018-4004 (An exploitable privilege escalation vulnerability exists in the S
 	NOT-FOR-US: Shimo VPN
 CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the mdnscap binar ...)
 	NOT-FOR-US: CUJO Smart Firewall
-CVE-2018-4002
-	RESERVED
+CVE-2018-4002 (An exploitable denial-of-service vulnerability exists in the mdnscap b ...)
+	TODO: check
 CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in the Offic ...)
 	NOT-FOR-US: Atlantis Word Processor
 CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office Open XML ...)
@@ -45221,8 +45221,8 @@ CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap bi
 	NOT-FOR-US: CUJO Smart Firewall
 CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the Wo ...)
 	NOT-FOR-US: Atlantis Word Processor
-CVE-2018-3983
-	RESERVED
+CVE-2018-3983 (An exploitable uninitialized pointer vulnerability exists in the Word  ...)
+	TODO: check
 CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word docume ...)
 	NOT-FOR-US: Atlantis Word Processor
 CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 7d7b0fcbdc..a22be10065 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-18658
+	RESERVED
 CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url  ...)
 	NOT-FOR-US: ClickHouse
 CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...)
@@ -563,7 +565,7 @@ CVE-2019-18410
 CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...)
 	NOT-FOR-US: ruby_parser-legacy packaging issue
 CVE-2019-18408 (archive_read_format_rar_read_data in archive_read_support_format_rar.c ...)
-	{DLA-1971-1}
+	{DSA-4557-1 DLA-1971-1}
 	- libarchive 3.4.0-1
 	NOTE: https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689
@@ -589,8 +591,8 @@ CVE-2019-18398
 	RESERVED
 CVE-2019-18397
 	RESERVED
-CVE-2019-18396
-	RESERVED
+CVE-2019-18396 (An issue was discovered in certain Oi third-party firmware that may be ...)
+	TODO: check
 CVE-2019-18395
 	RESERVED
 CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.j ...)
@@ -828,6 +830,7 @@ CVE-2019-18283
 CVE-2019-18282
 	RESERVED
 CVE-2019-18281 (An out-of-bounds memory access in the generateDirectionalRuns() functi ...)
+	{DSA-4556-1}
 	- qtbase-opensource-src-gles 5.12.5+dfsg-1
 	- qtbase-opensource-src 5.12.5+dfsg-2
 	[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -940,16 +943,16 @@ CVE-2019-18232
 	RESERVED
 CVE-2019-18231
 	RESERVED
-CVE-2019-18230
-	RESERVED
-CVE-2019-18229
-	RESERVED
-CVE-2019-18228
-	RESERVED
-CVE-2019-18227
-	RESERVED
-CVE-2019-18226
-	RESERVED
+CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions,  ...)
+	TODO: check
+CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitizati ...)
+	TODO: check
+CVE-2019-18228 (Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vul ...)
+	TODO: check
+CVE-2019-18227 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilitie ...)
+	TODO: check
+CVE-2019-18226 (Honeywell equIP series and Performance series IP cameras and recorders ...)
+	TODO: check
 CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
 	NOT-FOR-US: Citrix
 CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
@@ -3820,10 +3823,10 @@ CVE-2019-16909
 	RESERVED
 CVE-2019-16908
 	RESERVED
-CVE-2019-16907
-	RESERVED
-CVE-2019-16906
-	RESERVED
+CVE-2019-16907 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
+	TODO: check
+CVE-2019-16906 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
+	TODO: check
 CVE-2019-16905 (OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...)
 	- openssh 1:8.1p1-1 (unimportant)
 	[stretch] - openssh <not-affected> (Vulnerable code introduced later)
@@ -4355,8 +4358,8 @@ CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in file_m
 	NOTE: http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/
 	NOTE: https://github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6
 	NOTE: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
-CVE-2019-16675
-	RESERVED
+CVE-2019-16675 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
+	TODO: check
 CVE-2019-16674
 	RESERVED
 CVE-2019-16673
@@ -5163,8 +5166,8 @@ CVE-2019-16297
 	RESERVED
 CVE-2019-16296
 	RESERVED
-CVE-2019-16295
-	RESERVED
+CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...)
+	TODO: check
 CVE-2019-16294 (SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote  ...)
 	NOT-FOR-US: Notepad++
 CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...)
@@ -6643,8 +6646,8 @@ CVE-2019-15712
 	RESERVED
 CVE-2019-15711
 	RESERVED
-CVE-2019-15710
-	RESERVED
+CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.1 and below ...)
+	TODO: check
 CVE-2019-15709
 	RESERVED
 CVE-2019-15708
@@ -11971,16 +11974,16 @@ CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel
 	NOT-FOR-US: Rittal Chiller SK 3232-Series
 CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
 	NOT-FOR-US: WebAccess
-CVE-2019-13551
-	RESERVED
+CVE-2019-13551 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vul ...)
+	TODO: check
 CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...)
 	NOT-FOR-US: WebAccess
 CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
 	NOT-FOR-US: Rittal Chiller SK 3232-Series
 CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
 	NOT-FOR-US: CODESYS
-CVE-2019-13547
-	RESERVED
+CVE-2019-13547 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecu ...)
+	TODO: check
 CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a vulnerability withi ...)
 	NOT-FOR-US: IntelliSpace Perinatal
 CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...)
@@ -12058,8 +12061,8 @@ CVE-2019-13510 (Rockwell Automation Arena Simulation Software versions 16.00.00
 CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06. ...)
 	{DSA-4521-1}
 	- docker.io 18.09.1+dfsg1-8 (bug #932673)
-CVE-2019-13508
-	RESERVED
+CVE-2019-13508 (FreeTDS through 1.1.11 has a Buffer Overflow. ...)
+	TODO: check
 CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...)
 	NOT-FOR-US: hidea.com AZ Admin
 CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandle ...)
@@ -34451,10 +34454,10 @@ CVE-2019-5153
 	RESERVED
 CVE-2019-5152
 	RESERVED
-CVE-2019-5151
-	RESERVED
-CVE-2019-5150
-	RESERVED
+CVE-2019-5151 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A  ...)
+	TODO: check
+CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Wh ...)
+	TODO: check
 CVE-2019-5149
 	RESERVED
 CVE-2019-5148
@@ -34563,8 +34566,8 @@ CVE-2019-5097
 	RESERVED
 CVE-2019-5096
 	RESERVED
-CVE-2019-5095
-	RESERVED
+CVE-2019-5095 (An issue summary information disclosure vulnerability exists in Atlass ...)
+	TODO: check
 CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...)
 	{DSA-4535-1 DLA-1935-1}
 	- e2fsprogs 1.45.4-1 (bug #941139)
@@ -34711,8 +34714,8 @@ CVE-2019-5051 (An exploitable heap-based buffer overflow vulnerability exists wh
 	NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
 CVE-2019-5050 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
 	NOT-FOR-US: NitroPDF
-CVE-2019-5049
-	RESERVED
+CVE-2019-5049 (An exploitable memory corruption vulnerability exists in AMD ATIDXX64. ...)
+	TODO: check
 CVE-2019-5048 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
 	NOT-FOR-US: NitroPDF
 CVE-2019-5047 (An exploitable Use After Free vulnerability exists in the CharProcs pa ...)
@@ -34723,8 +34726,8 @@ CVE-2019-5045 (A specifically crafted jpeg2000 file embedded in a PDF file can l
 	NOT-FOR-US: NitroPDF
 CVE-2019-5044
 	REJECTED
-CVE-2019-5043
-	RESERVED
+CVE-2019-5043 (An exploitable denial-of-service vulnerability exists in the Weave dae ...)
+	TODO: check
 CVE-2019-5042 (An exploitable Use-After-Free vulnerability exists in the way Function ...)
 	NOT-FOR-US: Aspose
 CVE-2019-5041 (An exploitable Stack Based Buffer Overflow vulnerability exists in the ...)
@@ -34749,8 +34752,8 @@ CVE-2019-5032 (An exploitable out-of-bounds read vulnerability exists in the Lab
 	NOT-FOR-US: Aspose
 CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the JavaScrip ...)
 	NOT-FOR-US: Foxit PDF Reader
-CVE-2019-5030
-	RESERVED
+CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint document conv ...)
+	TODO: check
 CVE-2019-5029
 	RESERVED
 CVE-2019-5028
@@ -34763,8 +34766,8 @@ CVE-2019-5025
 	REJECTED
 CVE-2019-5024 (A restricted environment escape vulnerability exists in the "kiosk mod ...)
 	NOT-FOR-US: Capsule Technologies SmartLinx Neuron
-CVE-2019-5023
-	RESERVED
+CVE-2019-5023 (An exploitable vulnerability exists in the grsecurity PaX patch for th ...)
+	TODO: check
 CVE-2019-5022
 	REJECTED
 CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...)
@@ -34798,8 +34801,7 @@ CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the W
 	NOT-FOR-US: Wacom MacOS driver
 CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
 	NOT-FOR-US: CleanMyMac
-CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certificate]
-	RESERVED
+CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 cert ...)
 	{DLA-1834-1 DLA-1663-1}
 	- python3.7 3.7.2-2 (bug #921064)
 	- python3.6 <removed> (bug #921063)
author	security tracker role <sectracker@soriano.debian.org>	2019-11-01 08:10:12 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-11-01 08:10:12 +0000
commit	0fbc8207838d73043498d91e83a693dba6883409 (patch)
tree	ef57089bf494184b17d5429b6af65c0debf12a40
parent	dfd3be3cba23de99312cd399ac732f21de01fc36 (diff)