diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-01-28 08:10:28 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-28 08:10:28 +0000 |
| commit | e5aa6b792f3424e2105a9a3c36bb318151e5a6d7 (patch) | |
| tree | ab1faa1959924e6d9ad93d43bbb045b99be4b9f5 /data/CVE/2019.list | |
| parent | 68cea85b91679126255f436a7897e1146add7b45 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2019.list')
| -rw-r--r-- | data/CVE/2019.list | 111 |
1 files changed, 61 insertions, 50 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index cc6d1f1553..1302c7e60d 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,23 @@ +CVE-2019-20443 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + TODO: check +CVE-2019-20442 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + TODO: check +CVE-2019-20441 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored ...) + TODO: check +CVE-2019-20440 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check +CVE-2019-20439 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check +CVE-2019-20438 (An issue was discovered in WSO2 API Manager 2.6.0. A potential stored ...) + TODO: check +CVE-2019-20437 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + TODO: check +CVE-2019-20436 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + TODO: check +CVE-2019-20435 (An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS att ...) + TODO: check +CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...) - aspell 0.60.7-3 (bug #935128) [buster] - aspell <no-dsa> (Minor issue) @@ -6755,8 +6775,8 @@ CVE-2019-17653 RESERVED CVE-2019-17652 RESERVED -CVE-2019-17651 - RESERVED +CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...) + TODO: check CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...) NOT-FOR-US: Fortiguard CVE-2019-17649 @@ -11876,8 +11896,8 @@ CVE-2019-15609 RESERVED CVE-2019-15608 RESERVED -CVE-2019-15607 - RESERVED +CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <= ...) + TODO: check CVE-2019-15606 RESERVED CVE-2019-15605 @@ -11914,8 +11934,8 @@ CVE-2019-15592 CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/676976 -CVE-2019-15590 - RESERVED +CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and < 1 ...) + TODO: check CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/497047 @@ -11925,25 +11945,25 @@ CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript {DSA-4554-1} - ruby-loofah 2.3.1+dfsg-1 (bug #942894) NOTE: https://github.com/flavorjones/loofah/issues/171 -CVE-2019-15586 - RESERVED -CVE-2019-15585 - RESERVED +CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. ...) + TODO: check +CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...) + TODO: check CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and < ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/670572 -CVE-2019-15583 - RESERVED -CVE-2019-15582 - RESERVED -CVE-2019-15581 - RESERVED +CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check +CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...) + TODO: check +CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...) + TODO: check CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...) - gitlab <not-affected> (Only affects EE) -CVE-2019-15579 - RESERVED -CVE-2019-15578 - RESERVED +CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check +CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/636560 @@ -17266,12 +17286,12 @@ CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the in NOT-FOR-US: Honeywell CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...) NOT-FOR-US: EZ PLC Editor -CVE-2019-13521 - RESERVED +CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting user of R ...) + TODO: check CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...) NOT-FOR-US: Fuji Electric -CVE-2019-13519 - RESERVED +CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting user of R ...) + TODO: check CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...) NOT-FOR-US: EZAutomation CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...) @@ -24734,8 +24754,8 @@ CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScri TODO: check CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...) NOT-FOR-US: BibTeX-ruby -CVE-2019-10779 - RESERVED +CVE-2019-10779 (All versions of stroom:stroom-app before 5.5.12 and all versions of th ...) + TODO: check CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...) NOT-FOR-US: devcert-sanscache CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...) @@ -24759,8 +24779,8 @@ CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 us NOT-FOR-US: svg-sanitize CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...) NOT-FOR-US: IOBroker -CVE-2019-10770 - RESERVED +CVE-2019-10770 (All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and befo ...) + TODO: check CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of code used ...) NOT-FOR-US: safer-eval Node module CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...) @@ -32637,8 +32657,8 @@ CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) i NOT-FOR-US: UltraVNC CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC -CVE-2019-8257 - RESERVED +CVE-2019-8257 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...) + TODO: check CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...) NOT-FOR-US: ColdFusion CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...) @@ -35343,8 +35363,8 @@ CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnera NOT-FOR-US: Adobe CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...) NOT-FOR-US: Adobe -CVE-2019-7131 - RESERVED +CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...) + TODO: check CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...) NOT-FOR-US: Adobe CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...) @@ -39210,22 +39230,19 @@ CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (runn NOT-FOR-US: Nextcloud Lookup-Server CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Exe ...) NOT-FOR-US: Nexus Yum Repository Plugin -CVE-2019-5474 [Override Merge Request Approval Rules] - RESERVED +CVE-2019-5474 (An authorization issue was discovered in GitLab EE < 12.1.2, < 1 ...) - gitlab <not-affected> (Only affects Gitlab EE 11.8 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5473 (An authentication issue was discovered in GitLab that allowed a bypass ...) - gitlab <not-affected> (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5472 [Denial Of Service Epic Comments] - RESERVED +CVE-2019-5472 (An authorization issue was discovered in Gitlab versions < 12.1.2, ...) - gitlab <not-affected> (Only affects Gitlab EE 10.7 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5471 (An input validation and output encoding issue was discovered in the Gi ...) - gitlab <not-affected> (Only affects Gitlab EE 8.9 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5470 [Information Disclosure Vulnerability Feedback] - RESERVED +CVE-2019-5470 (An information disclosure issue was discovered GitLab versions < 12 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -39233,8 +39250,7 @@ CVE-2019-5469 (An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5468 [User Revokation Bypass with Mattermost Integration] - RESERVED +CVE-2019-5468 (An privilege escalation issue was discovered in Gitlab versions < 1 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -39242,18 +39258,15 @@ CVE-2019-5467 (An input validation and output encoding issue was discovered in t [experimental] - gitlab <unfixed> - gitlab <not-affected> (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5466 [IDOR Label Name Enumeration] - RESERVED +CVE-2019-5466 (An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5465 [Information Disclosure New Issue ID] - RESERVED +CVE-2019-5465 (An information disclosure issue was discovered in GitLab CE/EE 8.14 an ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5464 [SSRF Mitigation Bypass] - RESERVED +CVE-2019-5464 (A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -39261,8 +39274,7 @@ CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badg [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5462 [Trigger Token Impersonation] - RESERVED +CVE-2019-5462 (A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -50039,8 +50051,7 @@ CVE-2019-0544 REJECTED CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft -CVE-2019-0542 - REJECTED +CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the comp ...) - node-xterm 3.8.1-1 (unimportant; bug #926670) NOTE: nodejs not covered by security support CVE-2019-0541 (A remote code execution vulnerability exists in the way that the MSHTM ...) |