diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-07-31 20:10:20 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-07-31 20:10:20 +0000 |
| commit | 2a88596fafa175b2971882ce18e26123f125a324 (patch) | |
| tree | 16db26cdf2ebd27b28b5bd712bfdb404c5c5d208 | |
| parent | 20960e0d63821c1256b61fa66917d8ae1e2738a4 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2007.list | 4 | ||||
| -rw-r--r-- | data/CVE/2015.list | 2 | ||||
| -rw-r--r-- | data/CVE/2016.list | 188 | ||||
| -rw-r--r-- | data/CVE/2017.list | 202 | ||||
| -rw-r--r-- | data/CVE/2018.list | 169 | ||||
| -rw-r--r-- | data/CVE/2019.list | 191 |
6 files changed, 658 insertions, 98 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 679a5d8e31..fb7d17b7a7 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,5 +1,5 @@ -CVE-2007-6763 - RESERVED +CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...) + TODO: check CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/2a2f11c227bdf292b3a2900ad04139d301b56ac4 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index a677dc750b..a9c5adc924 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,3 +1,5 @@ +CVE-2015-9291 + RESERVED CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ...) - freetype 2.6.1-0.1 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index e7b5476a27..d261581acc 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,191 @@ +CVE-2016-10860 + RESERVED +CVE-2016-10859 + RESERVED +CVE-2016-10858 + RESERVED +CVE-2016-10857 + RESERVED +CVE-2016-10856 + RESERVED +CVE-2016-10855 + RESERVED +CVE-2016-10854 + RESERVED +CVE-2016-10853 + RESERVED +CVE-2016-10852 + RESERVED +CVE-2016-10851 + RESERVED +CVE-2016-10850 + RESERVED +CVE-2016-10849 + RESERVED +CVE-2016-10848 + RESERVED +CVE-2016-10847 + RESERVED +CVE-2016-10846 + RESERVED +CVE-2016-10845 + RESERVED +CVE-2016-10844 + RESERVED +CVE-2016-10843 + RESERVED +CVE-2016-10842 + RESERVED +CVE-2016-10841 + RESERVED +CVE-2016-10840 + RESERVED +CVE-2016-10839 + RESERVED +CVE-2016-10838 + RESERVED +CVE-2016-10837 + RESERVED +CVE-2016-10836 + RESERVED +CVE-2016-10835 + RESERVED +CVE-2016-10834 + RESERVED +CVE-2016-10833 + RESERVED +CVE-2016-10832 + RESERVED +CVE-2016-10831 + RESERVED +CVE-2016-10830 + RESERVED +CVE-2016-10829 + RESERVED +CVE-2016-10828 + RESERVED +CVE-2016-10827 + RESERVED +CVE-2016-10826 + RESERVED +CVE-2016-10825 + RESERVED +CVE-2016-10824 + RESERVED +CVE-2016-10823 + RESERVED +CVE-2016-10822 + RESERVED +CVE-2016-10821 + RESERVED +CVE-2016-10820 + RESERVED +CVE-2016-10819 + RESERVED +CVE-2016-10818 + RESERVED +CVE-2016-10817 + RESERVED +CVE-2016-10816 + RESERVED +CVE-2016-10815 + RESERVED +CVE-2016-10814 + RESERVED +CVE-2016-10813 + RESERVED +CVE-2016-10812 + RESERVED +CVE-2016-10811 + RESERVED +CVE-2016-10810 + RESERVED +CVE-2016-10809 + RESERVED +CVE-2016-10808 + RESERVED +CVE-2016-10807 + RESERVED +CVE-2016-10806 + RESERVED +CVE-2016-10805 + RESERVED +CVE-2016-10804 + RESERVED +CVE-2016-10803 + RESERVED +CVE-2016-10802 + RESERVED +CVE-2016-10801 + RESERVED +CVE-2016-10800 + RESERVED +CVE-2016-10799 + RESERVED +CVE-2016-10798 + RESERVED +CVE-2016-10797 + RESERVED +CVE-2016-10796 + RESERVED +CVE-2016-10795 + RESERVED +CVE-2016-10794 + RESERVED +CVE-2016-10793 + RESERVED +CVE-2016-10792 + RESERVED +CVE-2016-10791 + RESERVED +CVE-2016-10790 + RESERVED +CVE-2016-10789 + RESERVED +CVE-2016-10788 + RESERVED +CVE-2016-10787 + RESERVED +CVE-2016-10786 + RESERVED +CVE-2016-10785 + RESERVED +CVE-2016-10784 + RESERVED +CVE-2016-10783 + RESERVED +CVE-2016-10782 + RESERVED +CVE-2016-10781 + RESERVED +CVE-2016-10780 + RESERVED +CVE-2016-10779 + RESERVED +CVE-2016-10778 + RESERVED +CVE-2016-10777 + RESERVED +CVE-2016-10776 + RESERVED +CVE-2016-10775 + RESERVED +CVE-2016-10774 + RESERVED +CVE-2016-10773 + RESERVED +CVE-2016-10772 + RESERVED +CVE-2016-10771 + RESERVED +CVE-2016-10770 + RESERVED +CVE-2016-10769 + RESERVED +CVE-2016-10768 + RESERVED +CVE-2016-10767 + RESERVED CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...) NOT-FOR-US: Open edX CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 81888d1cc1..047220d3c2 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,205 @@ +CVE-2017-18482 + RESERVED +CVE-2017-18481 + RESERVED +CVE-2017-18480 + RESERVED +CVE-2017-18479 + RESERVED +CVE-2017-18478 + RESERVED +CVE-2017-18477 + RESERVED +CVE-2017-18476 + RESERVED +CVE-2017-18475 + RESERVED +CVE-2017-18474 + RESERVED +CVE-2017-18473 + RESERVED +CVE-2017-18472 + RESERVED +CVE-2017-18471 + RESERVED +CVE-2017-18470 + RESERVED +CVE-2017-18469 + RESERVED +CVE-2017-18468 + RESERVED +CVE-2017-18467 + RESERVED +CVE-2017-18466 + RESERVED +CVE-2017-18465 + RESERVED +CVE-2017-18464 + RESERVED +CVE-2017-18463 + RESERVED +CVE-2017-18462 + RESERVED +CVE-2017-18461 + RESERVED +CVE-2017-18460 + RESERVED +CVE-2017-18459 + RESERVED +CVE-2017-18458 + RESERVED +CVE-2017-18457 + RESERVED +CVE-2017-18456 + RESERVED +CVE-2017-18455 + RESERVED +CVE-2017-18454 + RESERVED +CVE-2017-18453 + RESERVED +CVE-2017-18452 + RESERVED +CVE-2017-18451 + RESERVED +CVE-2017-18450 + RESERVED +CVE-2017-18449 + RESERVED +CVE-2017-18448 + RESERVED +CVE-2017-18447 + RESERVED +CVE-2017-18446 + RESERVED +CVE-2017-18445 + RESERVED +CVE-2017-18444 + RESERVED +CVE-2017-18443 + RESERVED +CVE-2017-18442 + RESERVED +CVE-2017-18441 + RESERVED +CVE-2017-18440 + RESERVED +CVE-2017-18439 + RESERVED +CVE-2017-18438 + RESERVED +CVE-2017-18437 + RESERVED +CVE-2017-18436 + RESERVED +CVE-2017-18435 + RESERVED +CVE-2017-18434 + RESERVED +CVE-2017-18433 + RESERVED +CVE-2017-18432 + RESERVED +CVE-2017-18431 + RESERVED +CVE-2017-18430 + RESERVED +CVE-2017-18429 + RESERVED +CVE-2017-18428 + RESERVED +CVE-2017-18427 + RESERVED +CVE-2017-18426 + RESERVED +CVE-2017-18425 + RESERVED +CVE-2017-18424 + RESERVED +CVE-2017-18423 + RESERVED +CVE-2017-18422 + RESERVED +CVE-2017-18421 + RESERVED +CVE-2017-18420 + RESERVED +CVE-2017-18419 + RESERVED +CVE-2017-18418 + RESERVED +CVE-2017-18417 + RESERVED +CVE-2017-18416 + RESERVED +CVE-2017-18415 + RESERVED +CVE-2017-18414 + RESERVED +CVE-2017-18413 + RESERVED +CVE-2017-18412 + RESERVED +CVE-2017-18411 + RESERVED +CVE-2017-18410 + RESERVED +CVE-2017-18409 + RESERVED +CVE-2017-18408 + RESERVED +CVE-2017-18407 + RESERVED +CVE-2017-18406 + RESERVED +CVE-2017-18405 + RESERVED +CVE-2017-18404 + RESERVED +CVE-2017-18403 + RESERVED +CVE-2017-18402 + RESERVED +CVE-2017-18401 + RESERVED +CVE-2017-18400 + RESERVED +CVE-2017-18399 + RESERVED +CVE-2017-18398 + RESERVED +CVE-2017-18397 + RESERVED +CVE-2017-18396 + RESERVED +CVE-2017-18395 + RESERVED +CVE-2017-18394 + RESERVED +CVE-2017-18393 + RESERVED +CVE-2017-18392 + RESERVED +CVE-2017-18391 + RESERVED +CVE-2017-18390 + RESERVED +CVE-2017-18389 + RESERVED +CVE-2017-18388 + RESERVED +CVE-2017-18387 + RESERVED +CVE-2017-18386 + RESERVED +CVE-2017-18385 + RESERVED +CVE-2017-18384 + RESERVED +CVE-2017-18383 + RESERVED +CVE-2017-18382 + RESERVED CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes a Mongo ...) NOT-FOR-US: Open edX CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger password-re ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 5dfd559c5c..b90903f882 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,167 @@ +CVE-2018-20953 + RESERVED +CVE-2018-20952 + RESERVED +CVE-2018-20951 + RESERVED +CVE-2018-20950 + RESERVED +CVE-2018-20949 + RESERVED +CVE-2018-20948 + RESERVED +CVE-2018-20947 + RESERVED +CVE-2018-20946 + RESERVED +CVE-2018-20945 + RESERVED +CVE-2018-20944 + RESERVED +CVE-2018-20943 + RESERVED +CVE-2018-20942 + RESERVED +CVE-2018-20941 + RESERVED +CVE-2018-20940 + RESERVED +CVE-2018-20939 + RESERVED +CVE-2018-20938 + RESERVED +CVE-2018-20937 + RESERVED +CVE-2018-20936 + RESERVED +CVE-2018-20935 + RESERVED +CVE-2018-20934 + RESERVED +CVE-2018-20933 + RESERVED +CVE-2018-20932 + RESERVED +CVE-2018-20931 + RESERVED +CVE-2018-20930 + RESERVED +CVE-2018-20929 + RESERVED +CVE-2018-20928 + RESERVED +CVE-2018-20927 + RESERVED +CVE-2018-20926 + RESERVED +CVE-2018-20925 + RESERVED +CVE-2018-20924 + RESERVED +CVE-2018-20923 + RESERVED +CVE-2018-20922 + RESERVED +CVE-2018-20921 + RESERVED +CVE-2018-20920 + RESERVED +CVE-2018-20919 + RESERVED +CVE-2018-20918 + RESERVED +CVE-2018-20917 + RESERVED +CVE-2018-20916 + RESERVED +CVE-2018-20915 + RESERVED +CVE-2018-20914 + RESERVED +CVE-2018-20913 + RESERVED +CVE-2018-20912 + RESERVED +CVE-2018-20911 + RESERVED +CVE-2018-20910 + RESERVED +CVE-2018-20909 + RESERVED +CVE-2018-20908 + RESERVED +CVE-2018-20907 + RESERVED +CVE-2018-20906 + RESERVED +CVE-2018-20905 + RESERVED +CVE-2018-20904 + RESERVED +CVE-2018-20903 + RESERVED +CVE-2018-20902 + RESERVED +CVE-2018-20901 + RESERVED +CVE-2018-20900 + RESERVED +CVE-2018-20899 + RESERVED +CVE-2018-20898 + RESERVED +CVE-2018-20897 + RESERVED +CVE-2018-20896 + RESERVED +CVE-2018-20895 + RESERVED +CVE-2018-20894 + RESERVED +CVE-2018-20893 + RESERVED +CVE-2018-20892 + RESERVED +CVE-2018-20891 + RESERVED +CVE-2018-20890 + RESERVED +CVE-2018-20889 + RESERVED +CVE-2018-20888 + RESERVED +CVE-2018-20887 + RESERVED +CVE-2018-20886 + RESERVED +CVE-2018-20885 + RESERVED +CVE-2018-20884 + RESERVED +CVE-2018-20883 + RESERVED +CVE-2018-20882 + RESERVED +CVE-2018-20881 + RESERVED +CVE-2018-20880 + RESERVED +CVE-2018-20879 + RESERVED +CVE-2018-20878 + RESERVED +CVE-2018-20877 + RESERVED +CVE-2018-20876 + RESERVED +CVE-2018-20875 + RESERVED +CVE-2018-20874 + RESERVED +CVE-2018-20873 + RESERVED +CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...) + TODO: check CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...) TODO: check CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...) @@ -10857,8 +11021,7 @@ CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the NOTE: Fixed by: https://git.kernel.org/linus/6ff38bd40230af35e446239396e5fc8ebd6a5248 CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman component o ...) - foreman <itp> (bug #663101) -CVE-2018-16860 [Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum] - RESERVED +CVE-2018-16860 (A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x ...) {DSA-4455-1 DSA-4443-1 DLA-1788-1} - heimdal 7.5.0+dfsg-3 (bug #928966) [jessie] - heimdal <no-dsa> (Minor issue) @@ -12048,11 +12211,13 @@ CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read vulnerabi NOTE: https://gnunet.org/bugs/view.php?id=5405 NOTE: https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7 CVE-2018-16429 (GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_ ...) + {DLA-1866-1} - glib2.0 2.58.0-1 (low) [stretch] - glib2.0 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1361 CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c ...) + {DLA-1866-1} - glib2.0 2.58.0-1 (low) [stretch] - glib2.0 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index c55e6486d4..6e02df05b5 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-14453 + RESERVED CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...) TODO: check CVE-2019-14451 @@ -194,7 +196,7 @@ CVE-2019-14363 (A stack-based buffer overflow in the upnpd binary running on NET CVE-2019-14362 (Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. T ...) NOT-FOR-US: Openbravo ERP CVE-2019-14361 - RESERVED + REJECTED CVE-2019-14360 RESERVED CVE-2019-14359 @@ -577,32 +579,32 @@ CVE-2019-14206 (An Arbitrary File Deletion vulnerability in the Nevma Adaptive I NOT-FOR-US: Nevma Adaptive Images plugin for WordPress CVE-2019-14205 (A Local File Inclusion vulnerability in the Nevma Adaptive Images plug ...) NOT-FOR-US: Nevma Adaptive Images plugin for WordPress -CVE-2019-14204 - RESERVED -CVE-2019-14203 - RESERVED -CVE-2019-14202 - RESERVED -CVE-2019-14201 - RESERVED -CVE-2019-14200 - RESERVED -CVE-2019-14199 - RESERVED -CVE-2019-14198 - RESERVED -CVE-2019-14197 - RESERVED -CVE-2019-14196 - RESERVED -CVE-2019-14195 - RESERVED -CVE-2019-14194 - RESERVED -CVE-2019-14193 - RESERVED -CVE-2019-14192 - RESERVED +CVE-2019-14204 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) + TODO: check +CVE-2019-14203 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) + TODO: check +CVE-2019-14202 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) + TODO: check +CVE-2019-14201 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) + TODO: check +CVE-2019-14200 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) + TODO: check +CVE-2019-14199 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) + TODO: check +CVE-2019-14198 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) + TODO: check +CVE-2019-14197 (An issue was discovered in Das U-Boot through 2019.07. There is a read ...) + TODO: check +CVE-2019-14196 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) + TODO: check +CVE-2019-14195 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) + TODO: check +CVE-2019-14194 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) + TODO: check +CVE-2019-14193 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) + TODO: check +CVE-2019-14192 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) + TODO: check CVE-2019-14191 RESERVED CVE-2019-14190 @@ -1908,8 +1910,8 @@ CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Inj NOT-FOR-US: WordPress plugin AJdG AdRotate CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress -CVE-2019-13568 - RESERVED +CVE-2019-13568 (CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CI ...) + TODO: check CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote code exec ...) NOT-FOR-US: Zoom CVE-2019-13566 @@ -3854,8 +3856,8 @@ CVE-2019-12799 (In createInstanceFromNamedArguments in Shopware through 5.6.x, a NOT-FOR-US: Shopware CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c do ...) NOT-FOR-US: MuJS -CVE-2019-12797 - RESERVED +CVE-2019-12797 (A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN ...) + TODO: check CVE-2019-12796 RESERVED CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...) @@ -3989,8 +3991,8 @@ CVE-2019-12752 RESERVED CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...) NOT-FOR-US: Symantec -CVE-2019-12750 - RESERVED +CVE-2019-12750 (Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 an ...) + TODO: check CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...) {DSA-4462-1 DLA-1818-1} - dbus 1.12.16-1 (bug #930375) @@ -4704,6 +4706,7 @@ CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when CVE-2019-12451 RESERVED CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 ...) + {DLA-1866-1} [experimental] - glib2.0 2.60.0-1 - glib2.0 2.60.5-1 (bug #931234) [buster] - glib2.0 <no-dsa> (Minor issue) @@ -9911,30 +9914,30 @@ CVE-2019-10368 RESERVED CVE-2019-10367 RESERVED -CVE-2019-10366 - RESERVED -CVE-2019-10365 - RESERVED -CVE-2019-10364 - RESERVED -CVE-2019-10363 - RESERVED -CVE-2019-10362 - RESERVED -CVE-2019-10361 - RESERVED -CVE-2019-10360 - RESERVED -CVE-2019-10359 - RESERVED -CVE-2019-10358 - RESERVED -CVE-2019-10357 - RESERVED -CVE-2019-10356 - RESERVED -CVE-2019-10355 - RESERVED +CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...) + TODO: check +CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...) + TODO: check +CVE-2019-10364 (Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of priv ...) + TODO: check +CVE-2019-10363 (Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably ...) + TODO: check +CVE-2019-10362 (Jenkins Configuration as Code Plugin 1.24 and earlier did not escape v ...) + TODO: check +CVE-2019-10361 (Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials une ...) + TODO: check +CVE-2019-10360 (A stored cross site scripting vulnerability in Jenkins Maven Release P ...) + TODO: check +CVE-2019-10359 (A cross-site request forgery vulnerability in Jenkins Maven Release Pl ...) + TODO: check +CVE-2019-10358 (Jenkins Maven Integration Plugin 3.3 and earlier did not apply build l ...) + TODO: check +CVE-2019-10357 (A missing permission check in Jenkins Pipeline: Shared Groovy Librarie ...) + TODO: check +CVE-2019-10356 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...) + TODO: check +CVE-2019-10355 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...) + TODO: check CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...) NOT-FOR-US: Jenkins CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did ...) @@ -9953,12 +9956,12 @@ CVE-2019-10347 (Jenkins Mashup Portlets Plugin stored credentials unencrypted on NOT-FOR-US: Jenkins plugin CVE-2019-10346 (A reflected cross site scripting vulnerability in Jenkins Embeddable B ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10345 - RESERVED -CVE-2019-10344 - RESERVED -CVE-2019-10343 - RESERVED +CVE-2019-10345 (Jenkins Configuration as Code Plugin 1.20 and earlier did not treat th ...) + TODO: check +CVE-2019-10344 (Missing permission checks in Jenkins Configuration as Code Plugin 1.24 ...) + TODO: check +CVE-2019-10343 (Jenkins Configuration as Code Plugin 1.24 and earlier did not properly ...) + TODO: check CVE-2019-10342 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2019-10341 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...) @@ -13861,7 +13864,7 @@ CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as eT NOT-FOR-US: ETSI protocol CVE-2019-9190 RESERVED -CVE-2019-9189 (On Prima Systems FlexAir devices through 2.4.9api3, an authenticated u ...) +CVE-2019-9189 (Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application a ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-9188 RESERVED @@ -17419,19 +17422,19 @@ CVE-2019-7674 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /adm NOT-FOR-US: MOBOTIX CVE-2019-7673 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administr ...) NOT-FOR-US: MOBOTIX -CVE-2019-7672 (Prima Systems FlexAir devices have Hard-coded Credentials. ...) +CVE-2019-7672 (Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of ...) NOT-FOR-US: Prima Systems FlexAir devices -CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS. ...) +CVE-2019-7671 (Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to s ...) NOT-FOR-US: Prima Systems FlexAir devices -CVE-2019-7670 (Prima Systems FlexAir devices allow Authenticated Command Injection re ...) +CVE-2019-7670 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application inco ...) NOT-FOR-US: Prima Systems FlexAir devices -CVE-2019-7669 (Prima Systems FlexAir devices allow Unauthenticated Command Injection ...) +CVE-2019-7669 (Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7668 (Prima Systems FlexAir devices have Default Credentials. ...) NOT-FOR-US: Prima Systems FlexAir devices -CVE-2019-7667 (Prima Systems FlexAir devices allow unauthenticated download of the da ...) +CVE-2019-7667 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application gene ...) NOT-FOR-US: Prima Systems FlexAir devices -CVE-2019-7666 (Prima Systems FlexAir devices allow authentication with MD5 hashes dir ...) +CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application allo ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...) {DLA-1689-1} @@ -18547,9 +18550,9 @@ CVE-2019-7285 NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-7284 RESERVED -CVE-2019-7281 (Prima Systems FlexAir devices allow Cross-Site Request Forgery (CSRF). ...) +CVE-2019-7281 (Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated u ...) NOT-FOR-US: Prima Systems FlexAir -CVE-2019-7280 (Prima Systems FlexAir devices have an Insufficient Session-ID Length. ...) +CVE-2019-7280 (Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of ...) NOT-FOR-US: Prima Systems FlexAir CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials. ...) NOT-FOR-US: Optergy Proton @@ -23599,14 +23602,14 @@ CVE-2019-5062 RESERVED CVE-2019-5061 RESERVED -CVE-2019-5060 - RESERVED -CVE-2019-5059 - RESERVED -CVE-2019-5058 - RESERVED -CVE-2019-5057 - RESERVED +CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM image re ...) + TODO: check +CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...) + TODO: check +CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...) + TODO: check +CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...) + TODO: check CVE-2019-5056 RESERVED CVE-2019-5055 @@ -23695,8 +23698,8 @@ CVE-2019-5022 REJECTED CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...) NOT-FOR-US: Official Alpine Linux Docker images -CVE-2019-5020 - RESERVED +CVE-2019-5020 (An exploitable denial of service vulnerability exists in the object lo ...) + TODO: check CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint document ...) NOT-FOR-US: Rainbow PDF Office Server Document Converter CVE-2019-5018 (An exploitable use after free vulnerability exists in the window funct ...) @@ -25427,12 +25430,12 @@ CVE-2019-4167 RESERVED CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...) NOT-FOR-US: IBM -CVE-2019-4165 - RESERVED +CVE-2019-4165 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to ...) + TODO: check CVE-2019-4164 RESERVED -CVE-2019-4163 - RESERVED +CVE-2019-4163 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated use ...) + TODO: check CVE-2019-4162 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missi ...) NOT-FOR-US: IBM CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 disclose ...) @@ -25837,12 +25840,12 @@ CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 NOT-FOR-US: Nessus CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...) NOT-FOR-US: Nessus -CVE-2019-3960 - RESERVED -CVE-2019-3959 - RESERVED -CVE-2019-3958 - RESERVED +CVE-2019-3960 (Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 al ...) + TODO: check +CVE-2019-3959 (Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacke ...) + TODO: check +CVE-2019-3958 (Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, ...) + TODO: check CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...) NOT-FOR-US: Dameware Remote Mini Control CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...) @@ -30419,8 +30422,8 @@ CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an unauthen NOT-FOR-US: Cisco CVE-2019-1902 RESERVED -CVE-2019-1901 - RESERVED +CVE-2019-1901 (A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem ...) + TODO: check CVE-2019-1900 RESERVED CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W, and RV21 ...) |