diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-14 08:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-14 08:10:14 +0000 |
commit | 6228f02a9244be2e81880dae3fcfbe80605acbe5 (patch) | |
tree | 409e6ff4239721f174b3cbe5eaa9680b6f853800 /data/CVE | |
parent | 8ddd221eecde82f0f1b5f1c9f8a6e2076450a026 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2010.list | 21 | ||||
-rw-r--r-- | data/CVE/2011.list | 30 | ||||
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 19 | ||||
-rw-r--r-- | data/CVE/2014.list | 3 | ||||
-rw-r--r-- | data/CVE/2019.list | 153 |
6 files changed, 116 insertions, 114 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 718b64f2ed..d39c58fbab 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -511,8 +511,7 @@ CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yera - claws-mail 3.11.1-2 (bug #771360) [squeeze] - claws-mail <not-affected> (In Squeeze, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins) [wheezy] - claws-mail <not-affected> (In Wheezy, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins) -CVE-2010-5108 [Trac Ticket Modification Workflow Permission Restriction Bypass] - RESERVED +CVE-2010-5108 (Trac 0.11.6 does not properly check workflow permissions before modify ...) - trac 0.11.7-1 (bug #573260) CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...) - openssh 1:6.0p1-4 (low; bug #700102) @@ -1129,8 +1128,7 @@ CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authentica NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543 NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4 NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f -CVE-2010-4817 [overwriting of arbitrary file via symlinks] - RESERVED +CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. ...) - pithos 0.3.5-1 CVE-2010-4816 RESERVED @@ -1517,8 +1515,7 @@ CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in t {DSA-2552-1} - tiff <not-affected> (vulnerable code not present) - tiff3 3.9.5 -CVE-2010-4664 - RESERVED +CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restriction by ...) - consolekit 0.4.2-1 (low) [squeeze] - consolekit <no-dsa> (Minor issue) CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...) @@ -1526,8 +1523,7 @@ CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple ( CVE-2010-4662 RESERVED NOT-FOR-US: pmwiki -CVE-2010-4661 [arbitrary kernel module loading] - RESERVED +CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...) - udisks 1.0.3-1 [squeeze] - udisks <no-dsa> (Minor issue) NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232 @@ -1541,8 +1537,7 @@ CVE-2010-4659 CVE-2010-4658 RESERVED - statusnet <itp> (bug #491723) -CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure] - RESERVED +CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...) - php5 5.4.4-1 (low) [squeeze] - php5 <no-dsa> (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551 @@ -1556,16 +1551,14 @@ CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in t CVE-2010-4655 (net/core/ethtool.c in the Linux kernel before 2.6.36 does not initiali ...) {DSA-2264-1} - linux-2.6 2.6.32-27 -CVE-2010-4654 [Malformed commands may cause corruption of the internal stack] - RESERVED +CVE-2010-4654 (poppler before 0.16.3 has malformed commands that may cause corruption ...) - kdegraphics <not-affected> (no stackheight) - xpdf <not-affected> (no stackheight) - poppler 0.16.3-1 [lenny] - poppler <not-affected> (stackheights introduced after 0.12) [squeeze] - poppler <not-affected> (stackheights introduced after 0.12) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9 -CVE-2010-4653 [integer overflow when parsing CharCodes for fonts] - RESERVED +CVE-2010-4653 (An integer overflow condition in poppler before 0.16.3 can occur when ...) - kdegraphics 4:4.0.0-1 - xpdf 3.02-9 - poppler 0.16.3-1 (low) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 3b17566537..ed31864701 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -794,8 +794,7 @@ CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remot NOTE: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html NOTE: https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1017197 -CVE-2011-4972 [CKEditor module for Drupal access bypass] - RESERVED +CVE-2011-4972 (hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not ...) NOT-FOR-US: Drupal module CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ( ...) {DSA-2832-1} @@ -8999,8 +8998,7 @@ CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpe - libav 4:0.6.2-3 (bug #624339) - ffmpeg <not-affected> (vulnerability introduced in 0.6) - ffmpeg-debian <not-affected> (vulnerability introduced in 0.6) -CVE-2011-1930 - RESERVED +CVE-2011-1930 (In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /t ...) - klibc 1.5.22-1 (low) [squeeze] - klibc 1.5.20-1+squeeze1 [lenny] - klibc 1.5.12-2lenny1 @@ -9889,8 +9887,7 @@ CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x CVE-2011-1589 (Directory traversal vulnerability in Path.pm in Mojolicious before 1.1 ...) {DSA-2221-1} - libmojolicious-perl 1.16-1 -CVE-2011-1588 - RESERVED +CVE-2011-1588 (Thunar 1.2 through 1.2.1 could crash when copy and pasting a file name ...) - thunar <not-affected> (Introduced in 1.2, only in experimental) NOTE: http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, w ...) @@ -10182,18 +10179,15 @@ CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly han ...) - roundcube 0.5.1-1 (low) [squeeze] - roundcube <no-dsa> (Minor issue) -CVE-2011-1490 - RESERVED +CVE-2011-1490 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...) - rsyslog 5.7.6-1 (low) [squeeze] - rsyslog <no-dsa> (Minor issue) [lenny] - rsyslog <no-dsa> (Minor issue) -CVE-2011-1489 - RESERVED +CVE-2011-1489 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...) - rsyslog 5.7.6-1 (low) [squeeze] - rsyslog <no-dsa> (Minor issue) [lenny] - rsyslog <no-dsa> (Minor issue) -CVE-2011-1488 - RESERVED +CVE-2011-1488 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...) - rsyslog 5.7.6-1 (low) [squeeze] - rsyslog <no-dsa> (Minor issue) [lenny] - rsyslog <no-dsa> (Minor issue) @@ -11156,8 +11150,7 @@ CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly r - libvirt 0.8.8-3 (low; bug #617773) [lenny] - libvirt <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650 -CVE-2011-1145 [buffer overflow in unixODBC's SQLDriverConnect()] - RESERVED +CVE-2011-1145 (The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a pos ...) - unixodbc 2.2.14p2-3 (low; bug #617655) [squeeze] - unixodbc <no-dsa> (Only exploitable through a malicious server) [lenny] - unixodbc <no-dsa> (Only exploitable through a malicious server) @@ -11407,8 +11400,7 @@ CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded - glibc 2.11.2-12 - eglibc 2.11.2-12 (bug #615120) [squeeze] - eglibc 2.11.3-2 -CVE-2011-1070 - RESERVED +CVE-2011-1070 (v86d before 0.1.10 do not verify if received netlink messages are sent ...) - v86d 0.1.10-1 (low; bug #619404) [squeeze] - v86d 0.1.9-1+squeeze1 [lenny] - v86d 0.1.5.2-1+lenny1 @@ -12219,8 +12211,7 @@ CVE-2011-XXXX [php-gettext XSS] - php-gettext <unfixed> (unimportant) NOTE: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html NOTE: Vulnerable code only in examples/ -CVE-2011-1136 [tesseract tempfile] - RESERVED +CVE-2011-1136 (In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user ...) - tesseract 2.04-2.1 (low; bug #612032) [squeeze] - tesseract 2.04-2+squeeze1 [lenny] - tesseract 2.03-2+lenny1 (bug #612032) @@ -12776,8 +12767,7 @@ CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not NOT-FOR-US: Symantec Backup Exec CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in Syman ...) NOT-FOR-US: Symantec LiveUpdate Administrator -CVE-2011-0544 - RESERVED +CVE-2011-0544 (phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. ...) - phpbb3 3.0.7-PL1-5 (low; bug #612477) [squeeze] - phpbb3 <no-dsa> (Minor issue) CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 91b4f041ac..71653edbb7 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -3851,8 +3851,8 @@ CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util - perl 5.14.2-14 (bug #689314) CVE-2012-5194 RESERVED -CVE-2012-5193 - RESERVED +CVE-2012-5193 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 ...) + TODO: check CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bitweave ...) NOT-FOR-US: Bitweaver CVE-2012-5191 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 4d69bd1278..ffddc64f67 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -8551,8 +8551,7 @@ CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or l [squeeze] - lcms <no-dsa> (Minor issue) [wheezy] - lcms 1.19.dfsg2-1.2+deb7u1 - lcms2 <not-affected> (Vulnerable code not present) -CVE-2013-4275 - RESERVED +CVE-2013-4275 (Cross-site scripting (XSS) vulnerability in the zen_breadcrumb functio ...) NOT-FOR-US: Drupal contributed module Zen CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the password_policy_admin_ ...) NOT-FOR-US: Drupal addon @@ -10512,8 +10511,8 @@ CVE-2013-3518 RESERVED CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR35 ...) NOT-FOR-US: NETGEAR -CVE-2013-3516 - RESERVED +CVE-2013-3516 (NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely o ...) + TODO: check CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2. ...) NOT-FOR-US: OpenX CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 re ...) @@ -10825,10 +10824,10 @@ CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x befo {DSA-2671-1 DSA-2670-1} - request-tracker3.8 <removed> - request-tracker4 4.0.12-2 (bug #709836) -CVE-2013-3367 - RESERVED -CVE-2013-3366 - RESERVED +CVE-2013-3367 (Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a ...) + TODO: check +CVE-2013-3366 (Undocumented TELNET service in TRENDnet TEW-812DRU when a web page nam ...) + TODO: check CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to execut ...) NOT-FOR-US: TRENDnet TEW-812DRU router CVE-2013-3364 @@ -11420,8 +11419,8 @@ CVE-2013-3099 RESERVED CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...) NOT-FOR-US: TRENDnet TEW-812DRU router -CVE-2013-3097 - RESERVED +CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...) + TODO: check CVE-2013-3096 RESERVED CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index a4e5eb8355..ac978c7c60 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -24231,8 +24231,7 @@ CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attac NOT-FOR-US: Fitnesse Wiki CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build 508 allo ...) NOT-FOR-US: Core FTP Server -CVE-2014-1214 - RESERVED +CVE-2014-1214 (views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component ...) NOT-FOR-US: Projoom NovaSFH Plugin CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9. ...) NOT-FOR-US: Sophos Anti Virus diff --git a/data/CVE/2019.list b/data/CVE/2019.list index d13932cd15..735bd9b77e 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,27 @@ +CVE-2019-18959 + RESERVED +CVE-2019-18958 + RESERVED +CVE-2019-18957 + RESERVED +CVE-2019-18956 + RESERVED +CVE-2019-18955 + RESERVED +CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...) + TODO: check +CVE-2019-18953 + RESERVED +CVE-2019-18952 (SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary fil ...) + TODO: check +CVE-2019-18951 (SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directo ...) + TODO: check +CVE-2019-18950 + RESERVED +CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaSc ...) + TODO: check +CVE-2019-18948 + RESERVED CVE-2019-18947 RESERVED CVE-2019-18946 @@ -46,8 +70,8 @@ CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be acce NOT-FOR-US: Systematic IRIS WebForms CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By ...) NOT-FOR-US: Systematic IRIS WebForms -CVE-2019-18923 - RESERVED +CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...) + TODO: check CVE-2019-18922 RESERVED CVE-2019-18921 @@ -137,10 +161,10 @@ CVE-2019-18886 [Prevent user enumeration using switch user functionality] NOTE: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 CVE-2019-18885 RESERVED -CVE-2019-18884 - RESERVED -CVE-2019-18883 - RESERVED +CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate Project Manage ...) + TODO: check +CVE-2019-18883 (XSS exists in Lavalite CMS 5.7 via the admin/profile name or designati ...) + TODO: check CVE-2019-18882 (WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.ja ...) NOT-FOR-US: WSO2 IS CVE-2019-18881 (WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in t ...) @@ -222,8 +246,8 @@ CVE-2019-18846 RESERVED CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 ...) NOT-FOR-US: Patriot Viper RGB -CVE-2019-18844 - RESERVED +CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on assert cal ...) + TODO: check CVE-2019-18843 RESERVED CVE-2019-18842 @@ -240,8 +264,8 @@ CVE-2019-18839 (FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parame TODO: check CVE-2019-18838 RESERVED -CVE-2019-18837 - RESERVED +CVE-2019-18837 (An issue was discovered in crun before 0.10.5. With a crafted image, i ...) + TODO: check CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...) @@ -366,8 +390,8 @@ CVE-2019-18795 RESERVED CVE-2019-18794 RESERVED -CVE-2019-18793 - RESERVED +CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...) + TODO: check CVE-2019-18792 RESERVED CVE-2019-18791 @@ -1594,8 +1618,8 @@ CVE-2019-18242 RESERVED CVE-2019-18241 RESERVED -CVE-2019-18240 - RESERVED +CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...) + TODO: check CVE-2019-18239 RESERVED CVE-2019-18238 @@ -3046,8 +3070,8 @@ CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a s NOT-FOR-US: idreamsoft iCMS CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an atta ...) NOT-FOR-US: Apak Wholesale Floorplanning Finance -CVE-2019-17550 - RESERVED +CVE-2019-17550 (The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cros ...) + TODO: check CVE-2019-17549 RESERVED CVE-2019-17548 @@ -3175,8 +3199,8 @@ CVE-2019-17517 RESERVED CVE-2019-17516 RESERVED -CVE-2019-17515 - RESERVED +CVE-2019-17515 (The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPre ...) + TODO: check CVE-2019-17514 (library/glob.html in the Python 2 and 3 documentation before 2016 has ...) NOT-FOR-US: Non-actionable CVE assignment for Python docs CVE-2019-17513 (An issue was discovered in Ratpack before 1.7.5. Due to a misuse of th ...) @@ -4641,8 +4665,8 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe NOTE: https://github.com/python-pillow/Pillow/pull/4104 CVE-2019-16864 RESERVED -CVE-2019-16863 - RESERVED +CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...) + TODO: check CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...) NOT-FOR-US: OpenEMR CVE-2019-16861 @@ -12752,8 +12776,8 @@ CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there NOT-FOR-US: Tasy CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...) NOT-FOR-US: WebAccess -CVE-2019-13555 - RESERVED +CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...) + TODO: check CVE-2019-13554 RESERVED CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...) @@ -24841,11 +24865,9 @@ CVE-2019-9469 RESERVED CVE-2019-9468 RESERVED -CVE-2019-9467 - RESERVED +CVE-2019-9467 (In the Bootloader, there is a possible kernel command injection due to ...) NOT-FOR-US: LG components for Android -CVE-2019-9466 - RESERVED +CVE-2019-9466 (In the Broadcom Wi-Fi driver, there is a possible out of bounds write ...) - linux 4.19.37-4 [stretch] - linux 4.9.168-1+deb9u3 [jessie] - linux 3.16.68-1 @@ -35753,8 +35775,8 @@ CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the Java NOT-FOR-US: Foxit PDF Reader CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint document conv ...) NOT-FOR-US: Rainbow PDF Office Server Document Converter -CVE-2019-5029 - RESERVED +CVE-2019-5029 (An exploitable command injection vulnerability exists in the Config ed ...) + TODO: check CVE-2019-5028 REJECTED CVE-2019-5027 @@ -38795,14 +38817,14 @@ CVE-2019-3665 RESERVED CVE-2019-3664 RESERVED -CVE-2019-3663 - RESERVED -CVE-2019-3662 - RESERVED -CVE-2019-3661 - RESERVED -CVE-2019-3660 - RESERVED +CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...) + TODO: check +CVE-2019-3662 (Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Adva ...) + TODO: check +CVE-2019-3661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2019-3660 (Improper Neutralization of HTTP requests in McAfee Advanced Threat Def ...) + TODO: check CVE-2019-3659 RESERVED CVE-2019-3658 @@ -38819,12 +38841,12 @@ CVE-2019-3653 (Improper access control vulnerability in Configuration tool in Mc NOT-FOR-US: McAfee Endpoint Security (ENS) CVE-2019-3652 (Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Securit ...) NOT-FOR-US: McAfee Endpoint Security (ENS) -CVE-2019-3651 - RESERVED -CVE-2019-3650 - RESERVED -CVE-2019-3649 - RESERVED +CVE-2019-3651 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...) + TODO: check +CVE-2019-3650 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...) + TODO: check +CVE-2019-3649 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...) + TODO: check CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows client i ...) NOT-FOR-US: McAfee Total Protection CVE-2019-3647 @@ -38841,8 +38863,8 @@ CVE-2019-3642 RESERVED CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE server in ...) NOT-FOR-US: McAfee -CVE-2019-3640 - RESERVED +CVE-2019-3640 (Unprotected Transport of Credentials in ePO extension in McAfee Data L ...) + TODO: check CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...) NOT-FOR-US: McAfee CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators web con ...) @@ -39318,8 +39340,8 @@ CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab r NOT-FOR-US: ZTE CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...) NOT-FOR-US: ZTE -CVE-2019-3420 - RESERVED +CVE-2019-3420 (The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by ...) + TODO: check CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...) NOT-FOR-US: ZTE CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) @@ -42014,8 +42036,7 @@ CVE-2019-2212 (In poisson_distribution of random, there is an out of bounds read NOTE: https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a CVE-2019-2211 (In createProjectionMapForQuery of TvProvider.java, there is possible S ...) NOT-FOR-US: Android -CVE-2019-2210 - RESERVED +CVE-2019-2210 (In load_logging_config of qmi_vs_service.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2019-2209 (In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds ...) NOT-FOR-US: Android @@ -45747,36 +45768,36 @@ CVE-2019-0398 RESERVED CVE-2019-0397 RESERVED -CVE-2019-0396 - RESERVED +CVE-2019-0396 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) + TODO: check CVE-2019-0395 RESERVED CVE-2019-0394 RESERVED -CVE-2019-0393 - RESERVED +CVE-2019-0393 (An SQL Injection vulnerability in SAP Quality Management (corrected in ...) + TODO: check CVE-2019-0392 RESERVED -CVE-2019-0391 - RESERVED -CVE-2019-0390 - RESERVED -CVE-2019-0389 - RESERVED -CVE-2019-0388 - RESERVED +CVE-2019-0391 (Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.2 ...) + TODO: check +CVE-2019-0390 (Under certain conditions SAP Data Hub (corrected in DH_Foundation vers ...) + TODO: check +CVE-2019-0389 (An administrator of SAP NetWeaver Application Server Java (J2EE-Framew ...) + TODO: check +CVE-2019-0388 (SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7. ...) + TODO: check CVE-2019-0387 RESERVED -CVE-2019-0386 - RESERVED -CVE-2019-0385 - RESERVED +CVE-2019-0386 (Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6. ...) + TODO: check +CVE-2019-0385 (SAP Enable Now, before version 1908, does not sufficiently encode user ...) + TODO: check CVE-2019-0384 RESERVED CVE-2019-0383 RESERVED -CVE-2019-0382 - RESERVED +CVE-2019-0382 (A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Bus ...) + TODO: check CVE-2019-0381 (A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, be ...) NOT-FOR-US: SAP CVE-2019-0380 (Under certain conditions, SAP Landscape Management enterprise edition, ...) |