diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-12 20:10:38 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-12 20:10:38 +0000 |
commit | 7787f3d7e640e348f8e63bbc6eb03cd60ee6d584 (patch) | |
tree | ac0ef6ab6d1fb35957e652705e6038ebaf5dc47f /data/CVE | |
parent | 5e696d4e49c0814248f812682484d2ea2853a1af (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2010.list | 3 | ||||
-rw-r--r-- | data/CVE/2011.list | 18 | ||||
-rw-r--r-- | data/CVE/2012.list | 6 | ||||
-rw-r--r-- | data/CVE/2014.list | 6 | ||||
-rw-r--r-- | data/CVE/2018.list | 9 | ||||
-rw-r--r-- | data/CVE/2019.list | 436 |
6 files changed, 280 insertions, 198 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 1aa3d10daa..6e9139c7da 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -4987,8 +4987,7 @@ CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2. CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...) - hipo <removed> (bug #598291) [lenny] - hipo <no-dsa> (Minor issue) -CVE-2010-3359 [gargoyle: insecure library loading] - RESERVED +CVE-2010-3359 (If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, th ...) - gargoyle-free 2009-08-25-2 NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6 CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in th ...) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 20610afb31..8b4a764a4f 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -140,8 +140,7 @@ CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in - dtc 0.34.1-1 CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...) - dtc 0.34.1-1 -CVE-2011-5271 [configure creates temp files insecurely] - RESERVED +CVE-2011-5271 (Pacemaker before 1.1.6 configure script creates temporary files insecu ...) - pacemaker 1.1.6-1 (unimportant; bug #633964) NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834 NOTE: Only exploitable at build time @@ -4227,8 +4226,7 @@ CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in t - linux-2.6 3.0.0-1 [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36) [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36) -CVE-2011-3618 [atop insecure tempfile handling] - RESERVED +CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling ...) - atop 1.23-1.1 (low; bug #622794) [lenny] - atop 1.23-1+lenny1 (bug #622794) [squeeze] - atop 1.23-1+squeeze1 (bug #622794) @@ -4963,8 +4961,7 @@ CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x bef [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts) CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in include/functio ...) NOT-FOR-US: PunBB -CVE-2011-3370 - RESERVED +CVE-2011-3370 (statusnet before 0.9.9 has XSS ...) - statusnet <itp> (bug #491723) CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before 0. ...) - etherape 0.9.12-1 (low; bug #645324) @@ -6252,11 +6249,9 @@ CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages functional ...) - roundcube 0.5.4+dfsg-1 (low; bug #641996) [squeeze] - roundcube <no-dsa> (Minor issue) -CVE-2011-2936 - RESERVED +CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...) - elgg <itp> (bug #526197) -CVE-2011-2935 - RESERVED +CVE-2011-2935 (Elgg through 1.7.10 has XSS ...) - elgg <itp> (bug #526197) CVE-2011-2934 RESERVED @@ -6370,8 +6365,7 @@ CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does n {DSA-2389-1} - linux-2.6 3.0.0-1 [lenny] - linux-2.6 <not-affected> (introduced in 2.6.27) -CVE-2011-2897 - RESERVED +CVE-2011-2897 (gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initiali ...) - gdk-pixbuf <not-affected> (This only applies to the old standalone copy shipped until Lenny) CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...) {DSA-2426-1 DSA-2354-1} diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 252fcea19c..74bb3671c7 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -12804,8 +12804,7 @@ CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x bef {DSA-2441-1} - gnutls26 2.12.18-1 (high) - gnutls28 3.0.17-2 (high) -CVE-2012-1572 - RESERVED +CVE-2012-1572 (OpenStack Keystone: extremely long passwords can crash Keystone by exh ...) - keystone 2012.1~rc2-1 CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial ...) {DSA-2422-1} @@ -13872,8 +13871,7 @@ CVE-2012-1111 (lightdm before 1.0.9 does not properly close file descriptors bef - lightdm 1.0.9-1 (bug #658678) CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and ...) NOT-FOR-US: etano not in Debian -CVE-2012-1109 - RESERVED +CVE-2012-1109 (mwlib 0.13 through 0.13.4 has a denial of service vulnerability when p ...) NOT-FOR-US: mwlib not in Debian CVE-2012-1108 (The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier al ...) - taglib 1.7.1-1 (low; bug #662705) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index b210b16d40..360012d2c8 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -10205,8 +10205,7 @@ CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x - python-keystonemiddleware 1.0.0-3 (bug #762748) - python-keystoneclient 1:0.10.1-2 (bug #762749) [wheezy] - python-keystoneclient <no-dsa> (Minor issue) -CVE-2014-7143 [twisted: trustRoot not respected in HTTP client] - RESERVED +CVE-2014-7143 (Python Twisted 14.0 trustRoot is not respected in HTTP client ...) - twisted 14.0.2-1 (bug #761983) [wheezy] - twisted <not-affected> (Only affects 14.0 series) [squeeze] - twisted <not-affected> (Only affects 14.0 series) @@ -17539,8 +17538,7 @@ CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x be - activemq 5.6.0+dfsg1-4 (low; bug #777196) [wheezy] - activemq 5.6.0+dfsg-1+deb7u1 NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt -CVE-2014-3599 - RESERVED +CVE-2014-3599 (HornetQ REST is vulnerable to XML External Entity due to insecure conf ...) NOT-FOR-US: HornetQ CVE-2014-3598 (The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ...) - pillow 2.5.3-1 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index d7fd231eef..f0fb7f8293 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -11,8 +11,8 @@ CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a mem - boa <removed> CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...) - boa <removed> -CVE-2018-21026 - RESERVED +CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 a ...) + TODO: check CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to ...) NOT-FOR-US: Centreon web UI (not packaged in Debian) CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows attackers to up ...) @@ -6312,8 +6312,8 @@ CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication backe NOTE: Fixed by: https://gitlab.xiph.org/xiph/icecast-server/commit/b21a7283bd1598c5af0bbb250a041ba8198f98f2 NOTE: Additional issue fixed with https://gitlab.xiph.org/xiph/icecast-server/commit/03ea74c04a5966114c2fe66e4e6892d11a68181e NOTE: https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820 -CVE-2018-18819 - RESERVED +CVE-2018-18819 (A vulnerability in the web conference chat component of MiCollab, vers ...) + TODO: check CVE-2018-18818 RESERVED CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with Leostream Conn ...) @@ -23410,6 +23410,7 @@ CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versio NOT-FOR-US: Intel CVE-2018-12207 [iTLB Multihit] RESERVED + {DSA-4564-1} - linux <unfixed> [jessie] - linux <ignored> (Untrusted guests are no longer supportable) - xen <unfixed> diff --git a/data/CVE/2019.list b/data/CVE/2019.list index f07a4bd12e..d6e0cba6e2 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,73 @@ +CVE-2019-18927 + RESERVED +CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable t ...) + TODO: check +CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be accessed a ...) + TODO: check +CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By ...) + TODO: check +CVE-2019-18923 + RESERVED +CVE-2019-18922 + RESERVED +CVE-2019-18921 + RESERVED +CVE-2019-18920 + RESERVED +CVE-2019-18919 + RESERVED +CVE-2019-18918 + RESERVED +CVE-2019-18917 + RESERVED +CVE-2019-18916 + RESERVED +CVE-2019-18915 + RESERVED +CVE-2019-18914 + RESERVED +CVE-2019-18913 + RESERVED +CVE-2019-18912 + RESERVED +CVE-2019-18911 + RESERVED +CVE-2019-18910 + RESERVED +CVE-2019-18909 + RESERVED +CVE-2019-18908 + RESERVED +CVE-2019-18907 + RESERVED +CVE-2019-18906 + RESERVED +CVE-2019-18905 + RESERVED +CVE-2019-18904 + RESERVED +CVE-2019-18903 + RESERVED +CVE-2019-18902 + RESERVED +CVE-2019-18901 + RESERVED +CVE-2019-18900 + RESERVED +CVE-2019-18899 + RESERVED +CVE-2019-18898 + RESERVED +CVE-2019-18897 + RESERVED +CVE-2019-18896 + RESERVED +CVE-2019-18895 + RESERVED +CVE-2019-18894 + RESERVED +CVE-2019-18893 + RESERVED CVE-2019-18892 RESERVED CVE-2019-18891 @@ -90,8 +160,8 @@ CVE-2019-18850 CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...) - tnef <unfixed> NOTE: https://github.com/verdammelt/tnef/pull/40 -CVE-2019-18848 - RESERVED +CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...) + TODO: check CVE-2019-18847 RESERVED CVE-2019-18846 @@ -118,7 +188,7 @@ CVE-2019-18838 RESERVED CVE-2019-18837 RESERVED -CVE-2019-18836 (Envoy before 1.12.1 allows a remote denial of service because of resou ...) +CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...) - matrix-synapse 1.5.0-1 (bug #944355) @@ -158,8 +228,8 @@ CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at NOT-FOR-US: Eximious Logo Designer CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...) NOT-FOR-US: strapi CMS -CVE-2019-18817 - RESERVED +CVE-2019-18817 (Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_ ...) + TODO: check CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...) NOT-FOR-US: PopojiCMS CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...) @@ -516,14 +586,14 @@ CVE-2019-18660 RESERVED CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...) NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol -CVE-2019-18658 - RESERVED +CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a chart as ...) + TODO: check CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url ...) NOT-FOR-US: ClickHouse CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...) NOT-FOR-US: Pimcore -CVE-2019-18655 - RESERVED +CVE-2019-18655 (File Sharing Wizard version 1.5.0 build 2008 is affected by a Structur ...) + TODO: check CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet S ...) NOT-FOR-US: AVG CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, In ...) @@ -3387,8 +3457,8 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string functi NOTE: https://github.com/libtom/libtomcrypt/pull/508 CVE-2019-17361 RESERVED -CVE-2019-17360 - RESERVED +CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 a ...) + TODO: check CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigge ...) - bouncycastle <not-affected> (Vulnerable code introduced n 1.63) NOTE: Introduced only in 1.63, fixed in 1.64. @@ -3628,14 +3698,14 @@ CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the NOT-FOR-US: Wordpress plugin CVE-2019-17238 RESERVED -CVE-2019-17237 - RESERVED -CVE-2019-17236 - RESERVED -CVE-2019-17235 - RESERVED -CVE-2019-17234 - RESERVED +CVE-2019-17237 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) + TODO: check +CVE-2019-17236 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) + TODO: check +CVE-2019-17235 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) + TODO: check +CVE-2019-17234 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) + TODO: check CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...) NOT-FOR-US: Wordpress plugin CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...) @@ -6934,8 +7004,8 @@ CVE-2019-15817 (The easy-property-listings plugin before 3.4 for WordPress has X NOT-FOR-US: easy-property-listings plugin for WordPress CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has no pro ...) NOT-FOR-US: wp-private-content-plus plugin for WordPress -CVE-2019-15815 - RESERVED +CVE-2019-15815 (ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and ea ...) + TODO: check CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow auth ...) NOT-FOR-US: Sentrifugo CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in Sentrifugo ...) @@ -12404,7 +12474,7 @@ CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or r - ghidra <itp> (bug #923851) CVE-2019-13624 (In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...) NOT-FOR-US: ONOS -CVE-2019-13623 (In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.j ...) +CVE-2019-13623 (In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java ...) - ghidra <itp> (bug #923851) CVE-2019-13622 RESERVED @@ -14856,10 +14926,10 @@ CVE-2019-12722 RESERVED CVE-2019-12721 RESERVED -CVE-2019-12720 - RESERVED -CVE-2019-12719 - RESERVED +CVE-2019-12720 (AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc ...) + TODO: check +CVE-2019-12719 (An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance ...) + TODO: check CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small Business Sma ...) NOT-FOR-US: Cisco CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...) @@ -19050,6 +19120,7 @@ CVE-2019-11136 RESERVED CVE-2019-11135 [TSX Asynchronous Abort] RESERVED + {DSA-4565-1 DSA-4564-1} - linux <unfixed> - intel-microcode <unfixed> - xen <unfixed> @@ -26297,30 +26368,35 @@ CVE-2019-8824 RESERVED CVE-2019-8823 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8822 RESERVED + {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8821 RESERVED + {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8820 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8819 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -26331,28 +26407,34 @@ CVE-2019-8817 RESERVED CVE-2019-8816 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8815 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8814 RESERVED + {DSA-4563-1} CVE-2019-8813 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8812 RESERVED + {DSA-4563-1} CVE-2019-8811 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -26363,6 +26445,7 @@ CVE-2019-8809 RESERVED CVE-2019-8808 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -26417,12 +26500,14 @@ CVE-2019-8784 RESERVED CVE-2019-8783 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8782 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -26473,18 +26558,21 @@ CVE-2019-8767 RESERVED CVE-2019-8766 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8765 RESERVED + {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8764 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -26536,6 +26624,7 @@ CVE-2019-8744 RESERVED CVE-2019-8743 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -26629,6 +26718,7 @@ CVE-2019-8711 RESERVED CVE-2019-8710 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -36316,8 +36406,8 @@ CVE-2019-4654 RESERVED CVE-2019-4653 RESERVED -CVE-2019-4652 - RESERVED +CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...) + TODO: check CVE-2019-4651 RESERVED CVE-2019-4650 @@ -43411,10 +43501,10 @@ CVE-2019-1459 RESERVED CVE-2019-1458 RESERVED -CVE-2019-1457 - RESERVED -CVE-2019-1456 - RESERVED +CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft Office sof ...) + TODO: check +CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft Windows when ...) + TODO: check CVE-2019-1455 RESERVED CVE-2019-1454 @@ -43427,148 +43517,148 @@ CVE-2019-1451 RESERVED CVE-2019-1450 RESERVED -CVE-2019-1449 - RESERVED -CVE-2019-1448 - RESERVED -CVE-2019-1447 - RESERVED -CVE-2019-1446 - RESERVED -CVE-2019-1445 - RESERVED +CVE-2019-1449 (A security feature bypass vulnerability exists in the way that Office ...) + TODO: check +CVE-2019-1448 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + TODO: check +CVE-2019-1447 (A spoofing vulnerability exists when Office Online does not validate o ...) + TODO: check +CVE-2019-1446 (An information disclosure vulnerability exists when Microsoft Excel im ...) + TODO: check +CVE-2019-1445 (A spoofing vulnerability exists when Office Online does not validate o ...) + TODO: check CVE-2019-1444 RESERVED -CVE-2019-1443 - RESERVED -CVE-2019-1442 - RESERVED -CVE-2019-1441 - RESERVED -CVE-2019-1440 - RESERVED -CVE-2019-1439 - RESERVED -CVE-2019-1438 - RESERVED -CVE-2019-1437 - RESERVED -CVE-2019-1436 - RESERVED -CVE-2019-1435 - RESERVED -CVE-2019-1434 - RESERVED -CVE-2019-1433 - RESERVED -CVE-2019-1432 - RESERVED +CVE-2019-1443 (An information disclosure vulnerability exists in Microsoft SharePoint ...) + TODO: check +CVE-2019-1442 (A security feature bypass vulnerability exists when Microsoft Office d ...) + TODO: check +CVE-2019-1441 (A remote code execution vulnerability exists when the Windows font lib ...) + TODO: check +CVE-2019-1440 (An information disclosure vulnerability exists when the win32k compone ...) + TODO: check +CVE-2019-1439 (An information disclosure vulnerability exists when the Windows GDI co ...) + TODO: check +CVE-2019-1438 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check +CVE-2019-1437 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check +CVE-2019-1436 (An information disclosure vulnerability exists when the win32k compone ...) + TODO: check +CVE-2019-1435 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check +CVE-2019-1434 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2019-1433 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check +CVE-2019-1432 (An information disclosure vulnerability exists when DirectWrite improp ...) + TODO: check CVE-2019-1431 RESERVED -CVE-2019-1430 - RESERVED -CVE-2019-1429 - RESERVED -CVE-2019-1428 - RESERVED -CVE-2019-1427 - RESERVED -CVE-2019-1426 - RESERVED -CVE-2019-1425 - RESERVED -CVE-2019-1424 - RESERVED -CVE-2019-1423 - RESERVED -CVE-2019-1422 - RESERVED +CVE-2019-1430 (A remote code execution vulnerability exists when Windows Media Founda ...) + TODO: check +CVE-2019-1429 (A remote code execution vulnerability exists in the way that the scrip ...) + TODO: check +CVE-2019-1428 (A remote code execution vulnerability exists in the way that the scrip ...) + TODO: check +CVE-2019-1427 (A remote code execution vulnerability exists in the way that the scrip ...) + TODO: check +CVE-2019-1426 (A remote code execution vulnerability exists in the way that the scrip ...) + TODO: check +CVE-2019-1425 (An elevation of privilege vulnerability exists when Visual Studio fail ...) + TODO: check +CVE-2019-1424 (A security feature bypass vulnerability exists when Windows Netlogon i ...) + TODO: check +CVE-2019-1423 (An elevation of privilege vulnerability exists in the way that the Sta ...) + TODO: check +CVE-2019-1422 (An elevation of privilege vulnerability exists in the way that the iph ...) + TODO: check CVE-2019-1421 RESERVED -CVE-2019-1420 - RESERVED -CVE-2019-1419 - RESERVED -CVE-2019-1418 - RESERVED -CVE-2019-1417 - RESERVED -CVE-2019-1416 - RESERVED -CVE-2019-1415 - RESERVED +CVE-2019-1420 (An elevation of privilege vulnerability exists in the way that the dss ...) + TODO: check +CVE-2019-1419 (A remote code execution vulnerability exists in Microsoft Windows when ...) + TODO: check +CVE-2019-1418 (An information vulnerability exists when Windows Modules Installer Ser ...) + TODO: check +CVE-2019-1417 (An elevation of privilege vulnerability exists when the Windows Data S ...) + TODO: check +CVE-2019-1416 (An elevation of privilege vulnerability exists due to a race condition ...) + TODO: check +CVE-2019-1415 (An elevation of privilege vulnerability exists in Windows Installer be ...) + TODO: check CVE-2019-1414 RESERVED -CVE-2019-1413 - RESERVED -CVE-2019-1412 - RESERVED -CVE-2019-1411 - RESERVED +CVE-2019-1413 (A security feature bypass vulnerability exists when Microsoft Edge imp ...) + TODO: check +CVE-2019-1412 (An information disclosure vulnerability exists in Windows Adobe Type M ...) + TODO: check +CVE-2019-1411 (An information disclosure vulnerability exists when DirectWrite improp ...) + TODO: check CVE-2019-1410 RESERVED -CVE-2019-1409 - RESERVED -CVE-2019-1408 - RESERVED -CVE-2019-1407 - RESERVED -CVE-2019-1406 - RESERVED -CVE-2019-1405 - RESERVED +CVE-2019-1409 (An information disclosure vulnerability exists when the Windows Remote ...) + TODO: check +CVE-2019-1408 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2019-1407 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check +CVE-2019-1406 (A remote code execution vulnerability exists when the Windows Jet Data ...) + TODO: check +CVE-2019-1405 (An elevation of privilege vulnerability exists when the Windows Univer ...) + TODO: check CVE-2019-1404 RESERVED CVE-2019-1403 RESERVED -CVE-2019-1402 - RESERVED +CVE-2019-1402 (An information disclosure vulnerability exists in Microsoft Office sof ...) + TODO: check CVE-2019-1401 RESERVED CVE-2019-1400 RESERVED -CVE-2019-1399 - RESERVED -CVE-2019-1398 - RESERVED -CVE-2019-1397 - RESERVED -CVE-2019-1396 - RESERVED -CVE-2019-1395 - RESERVED -CVE-2019-1394 - RESERVED -CVE-2019-1393 - RESERVED -CVE-2019-1392 - RESERVED -CVE-2019-1391 - RESERVED -CVE-2019-1390 - RESERVED -CVE-2019-1389 - RESERVED -CVE-2019-1388 - RESERVED +CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) + TODO: check +CVE-2019-1398 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) + TODO: check +CVE-2019-1397 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) + TODO: check +CVE-2019-1396 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2019-1395 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2019-1394 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2019-1393 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2019-1392 (An elevation of privilege vulnerability exists when the Windows kernel ...) + TODO: check +CVE-2019-1391 (A denial of service vulnerability exists when Windows improperly handl ...) + TODO: check +CVE-2019-1390 (A remote code execution vulnerability exists in the way that the VBScr ...) + TODO: check +CVE-2019-1389 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) + TODO: check +CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows Certific ...) + TODO: check CVE-2019-1387 RESERVED CVE-2019-1386 RESERVED -CVE-2019-1385 - RESERVED -CVE-2019-1384 - RESERVED -CVE-2019-1383 - RESERVED -CVE-2019-1382 - RESERVED -CVE-2019-1381 - RESERVED -CVE-2019-1380 - RESERVED -CVE-2019-1379 - RESERVED +CVE-2019-1385 (An elevation of privilege vulnerability exists when the Windows AppX D ...) + TODO: check +CVE-2019-1384 (A security feature bypass vulnerability exists where a NETLOGON messag ...) + TODO: check +CVE-2019-1383 (An elevation of privilege vulnerability exists when the Windows Data S ...) + TODO: check +CVE-2019-1382 (An elevation of privilege vulnerability exists when ActiveX Installer ...) + TODO: check +CVE-2019-1381 (An information disclosure vulnerability exists when the Windows Servic ...) + TODO: check +CVE-2019-1380 (A local elevation of privilege vulnerability exists in how splwow64.ex ...) + TODO: check +CVE-2019-1379 (An elevation of privilege vulnerability exists when the Windows Data S ...) + TODO: check CVE-2019-1378 (An elevation of privilege vulnerability exists in Windows 10 Update As ...) NOT-FOR-US: Microsoft CVE-2019-1377 @@ -43577,16 +43667,16 @@ CVE-2019-1376 (An information disclosure vulnerability exists in Microsoft SQL S NOT-FOR-US: Microsoft CVE-2019-1375 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft -CVE-2019-1374 - RESERVED -CVE-2019-1373 - RESERVED +CVE-2019-1374 (An information disclosure vulnerability exists in the way Windows Erro ...) + TODO: check +CVE-2019-1373 (A remote code execution vulnerability exists in Microsoft Exchange thr ...) + TODO: check CVE-2019-1372 (An remote code execution vulnerability exists when Azure App Service/ ...) NOT-FOR-US: Microsoft CVE-2019-1371 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft -CVE-2019-1370 - RESERVED +CVE-2019-1370 (An information disclosure vulnerability exists when affected Open Encl ...) + TODO: check CVE-2019-1369 (An information disclosure vulnerability exists when affected Open Encl ...) NOT-FOR-US: Microsoft CVE-2019-1368 (A security feature bypass exists when Windows Secure Boot improperly r ...) @@ -43677,8 +43767,8 @@ CVE-2019-1326 (A denial of service vulnerability exists in Remote Desktop Protoc NOT-FOR-US: Microsoft CVE-2019-1325 (An elevation of privilege vulnerability exists in the Windows redirect ...) NOT-FOR-US: Microsoft -CVE-2019-1324 - RESERVED +CVE-2019-1324 (An information disclosure vulnerability exists when the Windows TCP/IP ...) + TODO: check CVE-2019-1323 (An elevation of privilege vulnerability exists in the Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2019-1322 (An elevation of privilege vulnerability exists when Windows improperly ...) @@ -43705,10 +43795,10 @@ CVE-2019-1312 RESERVED CVE-2019-1311 (A remote code execution vulnerability exists when the Windows Imaging ...) NOT-FOR-US: Microsoft -CVE-2019-1310 - RESERVED -CVE-2019-1309 - RESERVED +CVE-2019-1310 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) + TODO: check +CVE-2019-1309 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) + TODO: check CVE-2019-1308 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1307 (A remote code execution vulnerability exists in the way that the Chakr ...) @@ -43857,8 +43947,8 @@ CVE-2019-1236 (A remote code execution vulnerability exists in the way that the NOT-FOR-US: Microsoft CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text Service ...) NOT-FOR-US: Microsoft -CVE-2019-1234 - RESERVED +CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to validate cer ...) + TODO: check CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange Server ...) NOT-FOR-US: Microsoft CVE-2019-1232 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) @@ -44897,12 +44987,12 @@ CVE-2019-0723 (A denial of service vulnerability exists when Microsoft Hyper-V N NOT-FOR-US: Microsoft CVE-2019-0722 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft -CVE-2019-0721 - RESERVED +CVE-2019-0721 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...) + TODO: check CVE-2019-0720 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...) NOT-FOR-US: Microsoft -CVE-2019-0719 - RESERVED +CVE-2019-0719 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...) + TODO: check CVE-2019-0718 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0717 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) @@ -44915,8 +45005,8 @@ CVE-2019-0714 (A denial of service vulnerability exists when Microsoft Hyper-V N NOT-FOR-US: Microsoft CVE-2019-0713 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft -CVE-2019-0712 - RESERVED +CVE-2019-0712 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) + TODO: check CVE-2019-0711 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0710 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) @@ -46128,10 +46218,12 @@ CVE-2019-0156 RESERVED CVE-2019-0155 RESERVED + {DSA-4564-1} - linux <unfixed> [jessie] - linux <not-affected> (Driver doesn't support this hardware) CVE-2019-0154 RESERVED + {DSA-4564-1} - linux <unfixed> CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...) NOT-FOR-US: Intel(R) CSME |