diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-11-07 08:10:19 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-07 08:10:19 +0000 |
| commit | 40a734225524783d1e9592c4cc8570f20b518b52 (patch) | |
| tree | 598a5effc5454589f737d9299f49780618805de0 | |
| parent | fbb94d92f8e26107b83d1c65d8bdcad9d5899a77 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2009.list | 6 | ||||
| -rw-r--r-- | data/CVE/2011.list | 4 | ||||
| -rw-r--r-- | data/CVE/2014.list | 12 | ||||
| -rw-r--r-- | data/CVE/2018.list | 4 | ||||
| -rw-r--r-- | data/CVE/2019.list | 48 |
5 files changed, 38 insertions, 36 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index af9ea9bb97..c218530496 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -3379,13 +3379,11 @@ CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x- NOT-FOR-US: module for Drupal CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, ...) NOT-FOR-US: module for Drupal -CVE-2009-5045 [multiple vulnerabilities in jetty] - RESERVED +CVE-2009-5045 (Dump Servlet information leak in jetty before 6.1.22. ...) - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 -CVE-2009-5046 [multiple vulnerabilities in jetty] - RESERVED +CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...) - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index d37c89419c..18f7d0e16c 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -6665,8 +6665,8 @@ CVE-2011-2810 REJECTED CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2011-2808 - RESERVED +CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...) + TODO: check CVE-2011-2807 RESERVED CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 21183d3fd6..64f88ce08e 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -4302,10 +4302,10 @@ CVE-2014-9028 (Heap-based buffer overflow in stream_decoder.c in libFLAC before NOTE: Upstream patches: NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660 -CVE-2014-9014 - RESERVED -CVE-2014-9013 - RESERVED +CVE-2014-9014 (Directory traversal vulnerability in the ajaxinit function in wpmarket ...) + TODO: check +CVE-2014-9013 (The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketp ...) + TODO: check CVE-2014-9012 RESERVED CVE-2014-9011 @@ -18925,8 +18925,8 @@ CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100 NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3) -CVE-2014-3180 - RESERVED +CVE-2014-3180 (** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as ...) + TODO: check CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062 ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index beaa9eb5e4..e8fc967d56 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -404,8 +404,8 @@ CVE-2018-20855 (An issue was discovered in the Linux kernel before 4.18.7. In cr CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20. drivers/phy/m ...) - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1 -CVE-2018-20853 - RESERVED +CVE-2018-20853 (An issue was discovered in the MailPoet Newsletters (aka wysija-newsle ...) + TODO: check CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...) {DLA-1906-1 DLA-1889-1} - python3.7 3.7.3~rc1-1 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 2cb3fe01b7..3a4e70f8f7 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,11 @@ +CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...) + TODO: check +CVE-2019-18803 + RESERVED +CVE-2019-18802 + RESERVED +CVE-2019-18801 + RESERVED CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...) TODO: check CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...) @@ -854,8 +862,8 @@ CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation NOT-FOR-US: TypeStack class-validator CVE-2019-18412 RESERVED -CVE-2019-18411 - RESERVED +CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...) + TODO: check CVE-2019-18410 RESERVED CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...) @@ -5239,10 +5247,10 @@ CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customer NOT-FOR-US: Webkul Bagisto CVE-2019-16402 RESERVED -CVE-2019-16401 - RESERVED -CVE-2019-16400 - RESERVED +CVE-2019-16401 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...) + TODO: check +CVE-2019-16400 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...) + TODO: check CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers from Broke ...) NOT-FOR-US: Western Digital CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution ca ...) @@ -8594,11 +8602,9 @@ CVE-2019-15006 RESERVED CVE-2019-15005 RESERVED -CVE-2019-15004 - RESERVED +CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...) NOT-FOR-US: Atlassian -CVE-2019-15003 - RESERVED +CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...) NOT-FOR-US: Atlassian CVE-2019-15002 RESERVED @@ -15321,8 +15327,7 @@ CVE-2019-12421 RESERVED CVE-2019-12420 RESERVED -CVE-2019-12419 - RESERVED +CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...) NOT-FOR-US: Apache CFX CVE-2019-12418 RESERVED @@ -15348,8 +15353,7 @@ CVE-2019-12408 RESERVED CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki <removed> -CVE-2019-12406 - RESERVED +CVE-2019-12406 (Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of mes ...) NOT-FOR-US: Apache CFX CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...) NOT-FOR-US: Apache Traffic Control @@ -34885,8 +34889,8 @@ CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A succ NOT-FOR-US: YouPHPTube Encoder CVE-2019-5126 RESERVED -CVE-2019-5125 - RESERVED +CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...) + TODO: check CVE-2019-5124 RESERVED CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube ...) @@ -34935,10 +34939,10 @@ CVE-2019-5102 RESERVED CVE-2019-5101 RESERVED -CVE-2019-5100 - RESERVED -CVE-2019-5099 - RESERVED +CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP header ...) + TODO: check +CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...) + TODO: check CVE-2019-5098 RESERVED CVE-2019-5097 @@ -34970,8 +34974,8 @@ CVE-2019-5086 RESERVED CVE-2019-5085 RESERVED -CVE-2019-5084 - RESERVED +CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...) + TODO: check CVE-2019-5083 RESERVED CVE-2019-5082 |