diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-10-29 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-10-29 20:10:27 +0000 |
commit | c27d4b0c3d8792ddf4f030d7516923d4e6016ee7 (patch) | |
tree | a4951948a0024154ed1c2c03d27545bee9a72ac8 | |
parent | 8f38d177216732b765c3626066b413bfa66a4da4 (diff) |
automatic update
-rw-r--r-- | data/CVE/2009.list | 6 | ||||
-rw-r--r-- | data/CVE/2010.list | 9 | ||||
-rw-r--r-- | data/CVE/2011.list | 6 | ||||
-rw-r--r-- | data/CVE/2012.list | 6 | ||||
-rw-r--r-- | data/CVE/2016.list | 4 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 220 |
7 files changed, 173 insertions, 82 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index dee72bd1e4..f77ca77177 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -3099,8 +3099,7 @@ CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2. ...) - linux-2.6 <not-affected> (Vulnerable code not built) - linux-2.6.24 <not-affected> (Vulnerable code not built) -CVE-2009-3887 [ytnef path traversal] - RESERVED +CVE-2009-3887 (ytnef has directory traversal ...) - ytnef <removed> (bug #567631) [lenny] - ytnef <no-dsa> (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2009-013.html @@ -3637,8 +3636,7 @@ CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not CVE-2009-3724 RESERVED NOT-FOR-US: python-markdown2 (not our markdown, different code base) -CVE-2009-3723 [Unauthorized calls allowed on prohibited networks in asterisk] - RESERVED +CVE-2009-3723 (asterisk allows calls on prohibited networks ...) [etch] - asterisk <not-affected> [lenny] - asterisk <not-affected> - asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 8f67ea5078..9afb592776 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -3645,8 +3645,7 @@ CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki. CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in pl ...) - libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712) [lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1 -CVE-2010-4237 - RESERVED +CVE-2010-4237 (Mercurial before 1.6.4 fails to verify the Common Name field of SSL ce ...) - mercurial 1.6.4-1 (low; bug #598841) [lenny] - mercurial <no-dsa> (Minor issue) CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...) @@ -4964,14 +4963,12 @@ CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and ( CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ...) - root-system 5.34.00-1 (bug #598420; bug #598419) [lenny] - root-system <no-dsa> (minor issue) -CVE-2010-3375 - RESERVED +CVE-2010-3375 (qtparted has insecure library loading which may allow arbitrary code e ...) - qtparted 0.4.5-8 (low; bug #598301) [lenny] - qtparted <no-dsa> (Minor issue) CVE-2010-3374 (Qt Creator before 2.0.1 places a zero-length directory name in the LD_ ...) - qtcreator 1.3.1-3 (bug #598300) -CVE-2010-3373 - RESERVED +CVE-2010-3373 (paxtest handles temporary files insecurely ...) - paxtest 1:0.9.9-1 (unimportant; bug #598413) CVE-2010-3372 (Untrusted search path vulnerability in NorduGrid Advanced Resource Con ...) - nordugrid-arc-nox 1.1.0~rc6-2.1 (bug #606151) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 776d875f69..9751b56923 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -916,8 +916,7 @@ CVE-2011-4933 REJECTED CVE-2011-4932 (Eval injection vulnerability in ip_cms/modules/standard/content_manage ...) NOT-FOR-US: ImpressPages CMS not in Debian -CVE-2011-4931 - RESERVED +CVE-2011-4931 (gpw generates shorter passwords than required ...) - gpw <unfixed> (unimportant; bug #651510) NOTE: This has only marginal security impact CVE-2011-4930 (Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, ...) @@ -13133,8 +13132,7 @@ CVE-2011-0430 (Double free vulnerability in the Rx server process in OpenAFS 1.4 - openafs 1.4.14+dfsg-1 CVE-2011-0429 RESERVED -CVE-2011-0428 - RESERVED +CVE-2011-0428 (Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow re ...) - ikiwiki 3.20110122 [squeeze] - ikiwiki 3.20100815.5 [lenny] - ikiwiki <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index bdf82b61c4..e3098f92dc 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -13626,8 +13626,7 @@ CVE-2012-1189 (Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cp - speed-dreams <itp> (bug #599884) CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...) NOT-FOR-US: Fork CMS -CVE-2012-1187 - RESERVED +CVE-2012-1187 (Bitlbee does not drop extra group privileges correctly in unix.c ...) - bitlbee 3.0.4+bzr855-1 (low) [squeeze] - bitlbee <no-dsa> (Minor issue) CVE-2012-1186 (Integer overflow in the SyncImageProfiles function in profile.c in Ima ...) @@ -16527,8 +16526,7 @@ CVE-2012-0048 (OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a de NOTE: contacted MITRE, will be rejected CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) NOT-FOR-US: Apache Wicket -CVE-2012-0046 [mediawiki info leak] - RESERVED +CVE-2012-0046 (mediawiki allows deleted text to be exposed ...) - mediawiki 1:1.15.5-6 (low; bug #655694) [squeeze] - mediawiki 1:1.15.5-2squeeze3 [lenny] - mediawiki <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index d62dec0dac..ce468b27b7 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -20484,8 +20484,8 @@ CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a stru NOT-FOR-US: Hancom Office CVE-2016-4290 (When opening a Hangul HShow Document (.hpt) and processing a structure ...) NOT-FOR-US: Hancom Office -CVE-2016-4289 - RESERVED +CVE-2016-4289 (A stack based buffer overflow vulnerability exists in the method recei ...) + TODO: check CVE-2016-4288 (A local privilege escalation vulnerability exists in BlueStacks App Pl ...) NOT-FOR-US: BlueStacks CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x thro ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 9bc450e112..c4f4fafa68 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -27546,8 +27546,8 @@ CVE-2018-10729 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products CVE-2018-10728 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...) NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products -CVE-2018-10727 - RESERVED +CVE-2018-10727 (Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_refer ...) + TODO: check CVE-2018-10726 (** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yell ...) NOT-FOR-US: Datenstrom Yellow CVE-2018-10725 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index d1b2f441b1..cb0f21ca85 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,107 @@ +CVE-2019-18625 + RESERVED +CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...) + TODO: check +CVE-2019-18623 + RESERVED +CVE-2019-18622 + RESERVED +CVE-2019-18621 + RESERVED +CVE-2019-18620 + RESERVED +CVE-2019-18619 + RESERVED +CVE-2019-18618 + RESERVED +CVE-2019-18617 + RESERVED +CVE-2019-18616 + RESERVED +CVE-2019-18615 + RESERVED +CVE-2019-18614 + RESERVED +CVE-2019-18613 + RESERVED +CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) + TODO: check +CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34 for Me ...) + TODO: check +CVE-2019-18610 + RESERVED +CVE-2019-18609 + RESERVED +CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information modification bec ...) + TODO: check +CVE-2019-18607 + RESERVED +CVE-2019-18606 + RESERVED +CVE-2019-18605 + RESERVED +CVE-2019-18604 (In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distr ...) + TODO: check +CVE-2019-18600 + RESERVED +CVE-2019-18599 + RESERVED +CVE-2019-18598 + RESERVED +CVE-2019-18597 + RESERVED +CVE-2019-18596 + RESERVED +CVE-2019-18595 + RESERVED +CVE-2019-18594 + RESERVED +CVE-2019-18593 + RESERVED +CVE-2019-18592 + RESERVED +CVE-2019-18591 + RESERVED +CVE-2019-18590 + RESERVED +CVE-2019-18589 + RESERVED +CVE-2019-18588 + RESERVED +CVE-2019-18587 + RESERVED +CVE-2019-18586 + RESERVED +CVE-2019-18585 + RESERVED +CVE-2019-18584 + RESERVED +CVE-2019-18583 + RESERVED +CVE-2019-18582 + RESERVED +CVE-2019-18581 + RESERVED +CVE-2019-18580 + RESERVED +CVE-2019-18579 + RESERVED +CVE-2019-18578 + RESERVED +CVE-2019-18577 + RESERVED +CVE-2019-18576 + RESERVED +CVE-2019-18575 + RESERVED +CVE-2019-18574 + RESERVED +CVE-2019-18573 + RESERVED +CVE-2019-18572 + RESERVED +CVE-2019-18571 + RESERVED CVE-2019-18570 RESERVED CVE-2019-18569 @@ -208,13 +312,13 @@ CVE-2019-18467 REJECTED CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It resolves ...) NOT-FOR-US: libpod (podman library used to create container pods) -CVE-2019-18601 [database server crash from unserialized data access] +CVE-2019-18601 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of ser ...) - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt -CVE-2019-18602 [information leakage from uninitialized scalars] +CVE-2019-18602 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an informatio ...) - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt -CVE-2019-18603 [information leakage in failed RPC output] +CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...) - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt CVE-2019-18465 @@ -4173,8 +4277,8 @@ CVE-2019-16649 (On Supermicro H11, H12, M11, X9, X10, and X11 products, a combin NOT-FOR-US: Supermicro CVE-2019-16648 RESERVED -CVE-2019-16647 - RESERVED +CVE-2019-16647 (Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. ...) + TODO: check CVE-2019-16646 RESERVED CVE-2019-16645 (An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (suc ...) @@ -6461,18 +6565,18 @@ CVE-2019-15685 RESERVED CVE-2019-15684 RESERVED -CVE-2019-15683 - RESERVED +CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...) + TODO: check CVE-2019-15682 RESERVED -CVE-2019-15681 - RESERVED -CVE-2019-15680 - RESERVED -CVE-2019-15679 - RESERVED -CVE-2019-15678 - RESERVED +CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...) + TODO: check +CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...) + TODO: check +CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in Initiali ...) + TODO: check +CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in rfbServe ...) + TODO: check CVE-2019-15677 RESERVED CVE-2019-15676 @@ -13034,8 +13138,8 @@ CVE-2019-13068 (public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 NOTE: https://github.com/grafana/grafana/issues/17718 CVE-2019-13067 (njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_d ...) NOT-FOR-US: njs -CVE-2019-13066 - RESERVED +CVE-2019-13066 (Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBRep ...) + TODO: check CVE-2019-13065 RESERVED CVE-2019-13064 @@ -18473,7 +18577,7 @@ CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz NOTE: Crash in CLI tool, no security impact CVE-2019-11022 RESERVED -CVE-2019-11021 (admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unre ...) +CVE-2019-11021 (** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Aut ...) NOT-FOR-US: Schlix CMS CVE-2019-11020 (Lack of authentication in file-viewing components in DDRT Dashcom Live ...) NOT-FOR-US: DDRT Dashcom @@ -19146,8 +19250,8 @@ CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vu NOTE: https://github.com/jakubroztocil/httpie/commit/df36d6255df5793129b02ac82f1010171bd8a0a8 CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 3.1.0. ...) NOT-FOR-US: deeply -CVE-2019-10749 - RESERVED +CVE-2019-10749 (sequelize before version 3.35.1 allows attackers to perform a SQL Inje ...) + TODO: check CVE-2019-10748 (Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnera ...) NOT-FOR-US: sequelize CVE-2019-10747 (set-value is vulnerable to Prototype Pollution in versions lower than ...) @@ -19173,7 +19277,7 @@ CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototyp NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-450202 NOTE: https://github.com/lodash/lodash/issues/4348 NOTE: https://github.com/lodash/lodash/pull/4336 -CVE-2019-10743 (github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are ...) +CVE-2019-10743 (All versions of archiver allow attacker to perform a Zip Slip attack v ...) NOT-FOR-US: archiver CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a denial of ...) - node-axios 0.17.1+dfsg-2 (bug #928624) @@ -20500,21 +20604,17 @@ CVE-2019-10212 (A flaw was found in, all under 2.0.20, in the Undertow DEBUG log - undertow 2.0.27-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1731984 NOTE: https://github.com/undertow-io/undertow/pull/815 -CVE-2019-10211 - RESERVED +CVE-2019-10211 (Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5. ...) NOT-FOR-US: EnterpriseDB Windows installer -CVE-2019-10210 - RESERVED +CVE-2019-10210 (Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5. ...) NOT-FOR-US: EnterpriseDB Windows installer -CVE-2019-10209 [postgres: Fix execution of hashed subplans that require cross-type comparison] - RESERVED +CVE-2019-10209 (Postgresql, versions 11.x before 11.5, is vulnerable to a memory discl ...) {DSA-4493-1} - postgresql-11 11.5-1 - postgresql-9.6 <not-affected> (Only affects PostgreSQL 11) - postgresql-9.4 <not-affected> (Only affects PostgreSQL 11) NOTE: https://www.postgresql.org/about/news/1960/ -CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary type when using functional cast syntax] - RESERVED +CVE-2019-10208 (A flaw was discovered in postgresql where arbitrary SQL statements can ...) {DSA-4493-1 DSA-4492-1 DLA-1874-1} - postgresql-11 11.5-1 - postgresql-9.6 <removed> @@ -21436,8 +21536,8 @@ CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the R NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/commit/f672277509705c4034bc92a141eefee4524d15aa (1.15.90) CVE-2019-9927 (Caret before 2019-02-22 allows Remote Code Execution. ...) NOT-FOR-US: Caret editor -CVE-2019-9926 - RESERVED +CVE-2019-9926 (An issue was discovered in LabKey Server 19.1.0. It is possible to for ...) + TODO: check CVE-2019-9925 (S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. ...) NOT-FOR-US: S-CMS PHP CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user from mod ...) @@ -22773,7 +22873,7 @@ CVE-2019-9765 (In Blog_mini 1.0, XSS exists via the author name of a comment rep NOT-FOR-US: Blog_mini CVE-2019-9764 (HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to ...) NOT-FOR-US: HashiCorp Consul -CVE-2019-9763 (An issue was discovered in Openfind Mail2000 v6 Webmail. XSS can occur ...) +CVE-2019-9763 (An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS ...) NOT-FOR-US: Openfind Mail2000 Webmail CVE-2019-9762 (A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment ...) NOT-FOR-US: PHPSHE @@ -22783,10 +22883,10 @@ CVE-2019-9760 (FTPGetter Standard v.5.97.0.177 allows remote code execution when NOT-FOR-US: FTPGetter CVE-2019-9759 (An issue was discovered in TONGDA Office Anywhere 10.18.190121. There ...) NOT-FOR-US: TONGDA Office Anywhere -CVE-2019-9758 - RESERVED -CVE-2019-9757 - RESERVED +CVE-2019-9758 (An issue was discovered in LabKey Server 19.1.0. The display name of a ...) + TODO: check +CVE-2019-9757 (An issue was discovered in LabKey Server 19.1.0. Sending an SVG contai ...) + TODO: check CVE-2019-9756 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) @@ -26773,8 +26873,8 @@ CVE-2019-8289 (Vulnerability in Online Store v1.0, stored XSS in admin/user_view NOT-FOR-US: Online Store System CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php where ...) NOT-FOR-US: Online Store System -CVE-2019-8287 - RESERVED +CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in Handle ...) + TODO: check CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...) NOT-FOR-US: Kaspersky CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-b ...) @@ -30154,28 +30254,28 @@ CVE-2019-6853 RESERVED CVE-2019-6852 RESERVED -CVE-2019-6851 - RESERVED -CVE-2019-6850 - RESERVED -CVE-2019-6849 - RESERVED -CVE-2019-6848 - RESERVED -CVE-2019-6847 - RESERVED -CVE-2019-6846 - RESERVED -CVE-2019-6845 - RESERVED -CVE-2019-6844 - RESERVED -CVE-2019-6843 - RESERVED -CVE-2019-6842 - RESERVED -CVE-2019-6841 - RESERVED +CVE-2019-6851 (A CWE-538: File and Directory Information Exposure vulnerability exist ...) + TODO: check +CVE-2019-6850 (A CWE-200: Information Exposure vulnerability exists in Modicon M580, ...) + TODO: check +CVE-2019-6849 (A CWE-200: Information Exposure vulnerability exists in Modicon M580, ...) + TODO: check +CVE-2019-6848 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...) + TODO: check +CVE-2019-6847 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...) + TODO: check +CVE-2019-6846 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) + TODO: check +CVE-2019-6845 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) + TODO: check +CVE-2019-6844 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...) + TODO: check +CVE-2019-6843 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...) + TODO: check +CVE-2019-6842 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...) + TODO: check +CVE-2019-6841 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...) + TODO: check CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...) NOT-FOR-US: Schneider CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...) |