diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-08 08:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-08 08:10:18 +0000 |
commit | ee84d0f512826fb35bf663665f0d7d284fd9b7e0 (patch) | |
tree | 8beec06209795d9ffafb7f8eba8930f80a7d76aa | |
parent | 7b26bb1ca34a1c53ba93bd7a56ae9cff61726f02 (diff) |
automatic update
-rw-r--r-- | data/CVE/2007.list | 12 | ||||
-rw-r--r-- | data/CVE/2008.list | 12 | ||||
-rw-r--r-- | data/CVE/2010.list | 12 | ||||
-rw-r--r-- | data/CVE/2013.list | 21 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 52 |
6 files changed, 66 insertions, 47 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index c6e61768a3..495d2f2295 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -41,8 +41,7 @@ CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer - telepathy-idle 0.1.15-1 (low; bug #706094) [wheezy] - telepathy-idle <no-dsa> (Minor issue) [squeeze] - telepathy-idle <no-dsa> (Minor issue) -CVE-2007-6745 [clamav floating point exception in OLE2 scanner DoS] - RESERVED +CVE-2007-6745 (clamav 0.91.2 suffers from a floating point exception when using ScanO ...) - clamav 0.91.2-1~volatile1 [etch] - clamav <not-affected> (Vulnerable code not present) [sarge] - clamav <not-affected> (Vulnerable code not present) @@ -2440,8 +2439,7 @@ CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 - openoffice.org 2.4.0~ooh680m5-1 CVE-2007-5744 RESERVED -CVE-2007-5743 - RESERVED +CVE-2007-5743 (viewvc 1.0.3 allows improper access control to files in a repository w ...) - viewvc 1.0.3-2.1 (bug #416696) CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for W ...) {DSA-1421-1 DTSA-90-1} @@ -6773,8 +6771,7 @@ CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local - skktools 1.2+0.20061004-3 (low) [sarge] - skktools <no-dsa> (Minor issue) [etch] - skktools <no-dsa> (Minor issue) -CVE-2007-3915 [mondo insecure handling of temporary files] - RESERVED +CVE-2007-3915 (Mondo 2.24 has insecure handling of temporary files. ...) - mondo 2.24-2 (low) CVE-2007-3914 RESERVED @@ -7233,8 +7230,7 @@ CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Moz NOTE: MFSA2007-18 CVE-2007-3733 RESERVED -CVE-2007-3732 - RESERVED +CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...) - linux-2.6 2.6.23-1 NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1) CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index a5872700dc..42afa18ac2 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -938,8 +938,7 @@ CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote attacker NOT-FOR-US: TaskDriver 1.3 CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ThePort ...) NOT-FOR-US: ThePortal2 -CVE-2008-7291 [gri: insecure temp file generation] - RESERVED +CVE-2008-7291 (gri before 2.12.18 generates temporary files in an insecure way. ...) - gri 2.12.18-1 (low) [etch] - gri <no-dsa> (Minor issue) [lenny] - gri <no-dsa> (Minor issue) @@ -2691,8 +2690,7 @@ CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4 NOT-FOR-US: eChat plugin CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) compone ...) NOT-FOR-US: Joomla! -CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery] - RESERVED +CVE-2008-7272 (FireGPG before 0.6 handle user’s passphrase and decrypted cleart ...) - iceweasel-firegpg <removed> (bug #514386) CVE-2008-7273 [iceweasel-firegpg: Passphrase and Cleartext Recovery] RESERVED @@ -5092,8 +5090,7 @@ CVE-2008-5085 RESERVED CVE-2008-5084 RESERVED -CVE-2008-5083 - RESERVED +CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security ...) NOT-FOR-US: Red Hat JBoss Operations Network CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...) NOT-FOR-US: Red Hat Certificate System @@ -9462,8 +9459,7 @@ CVE-2008-3280 RESERVED CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...) - brltty <not-affected> (RedHat-specific) -CVE-2008-3278 - RESERVED +CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Lin ...) - frysk <removed> CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script ...) - ibutils <not-affected> (RedHat-specific) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 775bd71a59..1aa3d10daa 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -7336,8 +7336,7 @@ CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enter - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...) - bugzilla <not-affected> (Only affects 3.5 to 3.7) -CVE-2010-2476 [syscp open_basedir bypassing] - RESERVED +CVE-2010-2476 (syscp 1.4.2.1 allows attackers to add arbitrary paths via the document ...) - syscp <removed> (bug #587481) CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for th ...) NOT-FOR-US: Linear eMerge @@ -9593,8 +9592,7 @@ CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 NOT-FOR-US: IBM DB2 CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...) NOT-FOR-US: com_sermonspeaker component for joomla! -CVE-2010-2447 [gitolite "not filtering src/ or hooks/ from pathnames"] - RESERVED +CVE-2010-2447 (gitolite before 1.4.1 does not filter src/ or hooks/ from path names. ...) - gitolite 1.4.2-1 (low) NOTE: http://secunia.com/advisories/39587/ CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...) @@ -10201,8 +10199,7 @@ CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...) - sun-java6 6.20-1 (high) [lenny] - sun-java6 6-20-0lenny1 -CVE-2010-2449 [gource: predictable log file located in /tmp] - RESERVED +CVE-2010-2449 (Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID. ...) - gource 0.26-2 (low; bug #577958) CVE-2010-1564 REJECTED @@ -11585,8 +11582,7 @@ CVE-2010-XXXX [esmtp: world-readable config file] NOTE: Documentation advises against adding password data to the respective config file CVE-2010-XXXX [irssi emote leak] - irssi-plugin-otr 1.0.0~alpha2-1 (unimportant; bug #569506) -CVE-2010-2450 [shibboleth-sp2: world-readable key] - RESERVED +CVE-2010-2450 (The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/s ...) - shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631) [lenny] - shibboleth-sp2 <no-dsa> (Minor issue) - shibboleth-sp <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index e1a1d8db26..a7aab11c99 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -15121,15 +15121,13 @@ CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID pr - ruby-openid 2.1.8debian-6 (bug #702217) - libopenid-ruby <removed> (bug #702217) [squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1 -CVE-2013-1811 [Reporter can change issue status to 'new'] - RESERVED +CVE-2013-1811 (An access control issue in MantisBT before 1.2.13 allows users with "R ...) {DSA-3120-1} - mantis <removed> (low; bug #698481) [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) CVE-2013-1810 (Multiple cross-site scripting (XSS) vulnerabilities in core/summary_ap ...) - mantis <not-affected> (only affects MantisBT 1.2.12) -CVE-2013-1809 [Gambas creates hijackable directory in /tmp] - RESERVED +CVE-2013-1809 (Gambas before 3.4.0 allows remote attackers to move or manipulate dire ...) - gambas3 3.5.1-1 (low; bug #702184) - gambas2 <removed> [wheezy] - gambas3 <no-dsa> (Minor issue) @@ -15237,8 +15235,7 @@ CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linu CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x bef ...) - linux 3.2.39-1 - linux-2.6 <not-affected> (Vulnerability exposed since 3.0) -CVE-2013-1771 [monkey: world-readable logdir] - RESERVED +CVE-2013-1771 (The web server Monkeyd produces a world-readable log (/var/log/monkeyd ...) - monkey <removed> (low) [squeeze] - monkey <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5 @@ -15309,8 +15306,7 @@ CVE-2013-1753 NOTE: preliminary patch: http://bugs.python.org/file28796/xmlrpc_gzip_27.patch CVE-2013-1752 REJECTED -CVE-2013-1751 - RESERVED +CVE-2013-1751 (TWiki before 5.1.4 allows remote attackers to execute arbitrary shell ...) - twiki <removed> NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751 CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...) @@ -16510,8 +16506,7 @@ CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully l NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the NOTE: equivalent of the users clear text password, DES encrypted with a known NOTE: key. -CVE-2013-1429 [Lintian unsafe symlinks] - RESERVED +CVE-2013-1429 (Lintian before 2.5.12 allows remote attackers to gather information ab ...) - lintian 2.5.10.5 (bug #705553; unimportant) CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in net_p ...) {DSA-2663-1} @@ -16519,14 +16514,12 @@ CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighttpd before ...) {DSA-2649-1} - lighttpd 1.4.31-4 -CVE-2013-1426 [mahara: stored XSS in tinyMCE editor] - RESERVED +CVE-2013-1426 (Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6 ...) - mahara <removed> (low) [wheezy] - mahara <no-dsa> (Minor issue) [squeeze] - mahara <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/mahara/+bug/1153423 -CVE-2013-1425 [ldap-git-backup: Incorrect directory permissions exposes password hashes] - RESERVED +CVE-2013-1425 (ldap-git-backup before 1.0.4 exposes password hashes due to incorrect ...) - ldap-git-backup 1.0.4-1 (bug #699227) CVE-2013-1424 [matplotlib buffer overrun] RESERVED diff --git a/data/CVE/2018.list b/data/CVE/2018.list index bcd78715d9..bc162497f1 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -6644,8 +6644,8 @@ CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject NOT-FOR-US: GNU Board CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...) NOT-FOR-US: GNU Board -CVE-2018-18674 - RESERVED +CVE-2018-18674 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...) + TODO: check CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...) NOT-FOR-US: GNU Board CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e36713bc72..8ba4d6f3b8 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,41 @@ +CVE-2019-18836 + RESERVED +CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...) + TODO: check +CVE-2019-18834 + RESERVED +CVE-2019-18833 + RESERVED +CVE-2019-18832 + RESERVED +CVE-2019-18831 + RESERVED +CVE-2019-18830 + RESERVED +CVE-2019-18829 + RESERVED +CVE-2019-18828 + RESERVED +CVE-2019-18827 + RESERVED +CVE-2019-18826 + RESERVED +CVE-2019-18825 + RESERVED +CVE-2019-18824 + RESERVED +CVE-2019-18823 + RESERVED +CVE-2019-18822 + RESERVED +CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...) + TODO: check +CVE-2019-18820 (Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!Rtlp ...) + TODO: check +CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVe ...) + TODO: check +CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...) + TODO: check CVE-2019-18817 RESERVED CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...) @@ -5,7 +43,7 @@ CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allo CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...) NOT-FOR-US: PopojiCMS CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a ...) - - linux <unfixed> + - linux <unfixed> NOTE: https://lore.kernel.org/patchwork/patch/1142523/ CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...) - linux <unfixed> @@ -933,6 +971,7 @@ CVE-2019-18398 RESERVED CVE-2019-18397 RESERVED + {DSA-4561-1} - fribidi <unfixed> (bug #944327) [stretch] - fribidi <not-affected> (Vulnerable code not present) [jessie] - fribidi <not-affected> (Vulnerable code not present) @@ -8644,8 +8683,8 @@ CVE-2019-15007 RESERVED CVE-2019-15006 RESERVED -CVE-2019-15005 - RESERVED +CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...) + TODO: check CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...) NOT-FOR-US: Atlassian CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...) @@ -38644,8 +38683,7 @@ CVE-2019-3467 RESERVED CVE-2019-3466 RESERVED -CVE-2019-3465 - RESERVED +CVE-2019-3465 (Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ...) {DSA-4560-1 DLA-1983-1} - simplesamlphp 1.17.6-2 (bug #944107) NOTE: https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ @@ -38748,8 +38786,8 @@ CVE-2019-3424 RESERVED CVE-2019-3423 RESERVED -CVE-2019-3422 - RESERVED +CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab report ...) + TODO: check CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...) NOT-FOR-US: ZTE CVE-2019-3420 |