diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-04 20:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-04 20:10:28 +0000 |
commit | 91055725ef079fb642d7d6bfcc71999f28731828 (patch) | |
tree | 20d9a19a252686aecbdc58af38488130e45c3f34 /data/CVE | |
parent | 2fa2d626357e88503826b4244c0ccd2f21b2a40d (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2005.list | 3 | ||||
-rw-r--r-- | data/CVE/2013.list | 48 | ||||
-rw-r--r-- | data/CVE/2014.list | 3 | ||||
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 40 |
6 files changed, 51 insertions, 49 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 454f869138..000cbf1909 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -24,8 +24,7 @@ CVE-2005-4892 RESERVED CVE-2005-4891 RESERVED -CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl] - RESERVED +CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ...) - shadow 1:4.1.5-1 (low; bug #628843) [squeeze] - shadow <no-dsa> (Minor issue) [lenny] - shadow <no-dsa> (Minor issue) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index a63dae54f6..65a38b960e 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -7661,8 +7661,7 @@ CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent attacker - libxslt <not-affected> (The versions in wheezy and squeeze contain the full patch) CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1. ...) - reviewboard <itp> (bug #653113) -CVE-2013-4518 - RESERVED +CVE-2013-4518 (RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI enti ...) NOT-FOR-US: Red Hat Update Infrastructure CVE-2013-4517 (Apache Santuario XML Security for Java before 1.5.6, when applying Tra ...) - libxml-security-java 1.5.6-1 (bug #733938) @@ -8007,8 +8006,7 @@ CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when s NOT-FOR-US: Osirix CVE-2013-4424 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Port ...) NOT-FOR-US: GateIn -CVE-2013-4423 - RESERVED +CVE-2013-4423 (CloudForms stores user passwords in recoverable format ...) NOT-FOR-US: Red Hat CloudForms CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...) - quassel 0.9.1-1 @@ -8044,8 +8042,7 @@ CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for NOT-FOR-US: Cumin CVE-2013-4413 (Directory traversal vulnerability in controller/concerns/render_redire ...) NOT-FOR-US: Wicked Ruby Gem -CVE-2013-4412 [NULL ptr dereference] - RESERVED +CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from glibc ...) - slim 1.3.6-0.1 (bug #725902) [wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later) [squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later) @@ -8545,8 +8542,7 @@ CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 CVE-2013-4281 RESERVED -CVE-2013-4280 - RESERVED +CVE-2013-4280 (Insecure temporary file vulnerability in RedHat vsdm 4.9.6. ...) - vdsm <itp> (bug #668538) CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which ...) - imapsync <removed> @@ -9159,23 +9155,17 @@ CVE-2013-4107 CVE-2013-4106 RESERVED NOT-FOR-US: Cryptocat -CVE-2013-4105 - RESERVED +CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information D ...) NOT-FOR-US: Cryptocat -CVE-2013-4104 - RESERVED +CVE-2013-4104 (Cryptocat before 2.0.22 has weak encryption in the Socialist Millionna ...) NOT-FOR-US: Cryptocat -CVE-2013-4103 - RESERVED +CVE-2013-4103 (Cryptocat before 2.0.22 has Remote Script Injection due to improperly ...) NOT-FOR-US: Cryptocat -CVE-2013-4102 - RESERVED +CVE-2013-4102 (Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generat ...) NOT-FOR-US: Cryptocat -CVE-2013-4101 - RESERVED +CVE-2013-4101 (Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness ...) NOT-FOR-US: Cryptocat -CVE-2013-4100 - RESERVED +CVE-2013-4100 (Cryptocat before 2.0.22 has Remote Denial of Service via username ...) NOT-FOR-US: Cryptocat CVE-2013-4099 (Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, ...) NOT-FOR-US: JOGAMP @@ -13600,23 +13590,17 @@ CVE-2013-2264 (The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.2 NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-21013 CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 5. ...) NOT-FOR-US: Citrix Access Gateway -CVE-2013-2262 - RESERVED +CVE-2013-2262 (Cryptocat strophe.js before 2.0.22 has information disclosure ...) NOT-FOR-US: Cryptocat -CVE-2013-2261 - RESERVED +CVE-2013-2261 (Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Informat ...) NOT-FOR-US: Cryptocat -CVE-2013-2260 - RESERVED +CVE-2013-2260 (Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Ent ...) NOT-FOR-US: Cryptocat -CVE-2013-2259 - RESERVED +CVE-2013-2259 (Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conver ...) NOT-FOR-US: Cryptocat -CVE-2013-2258 - RESERVED +CVE-2013-2258 (Cryptocat before 2.0.22 has Nickname User Impersonation ...) NOT-FOR-US: Cryptocat -CVE-2013-2257 - RESERVED +CVE-2013-2257 (Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brut ...) NOT-FOR-US: Cryptocat CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 do ...) - nova 2013.1.2-3 (bug #718905) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 9e26c7602e..76e846ff5e 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -17326,8 +17326,7 @@ CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to caus CVE-2014-3650 RESERVED NOT-FOR-US: JBoss AeroGear -CVE-2014-3649 - RESERVED +CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...) NOT-FOR-US: JBoss AeroGear CVE-2014-3648 RESERVED diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 09766e610b..d9f83a2dab 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -42261,7 +42261,7 @@ CVE-2017-3991 CVE-2017-3990 REJECTED CVE-2017-3989 - RESERVED + REJECTED CVE-2017-3988 RESERVED CVE-2017-3987 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 8fb9dcd941..b3882ef461 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -5828,8 +5828,8 @@ CVE-2018-19033 RESERVED CVE-2018-19032 RESERVED -CVE-2018-19031 - RESERVED +CVE-2018-19031 (A command injection vulnerability exists when the authorized user pass ...) + TODO: check CVE-2018-19030 RESERVED CVE-2018-19029 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 9d48324584..5cc63f7d7d 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,4 +1,20 @@ -CVE-2019-18683 [media: vivid: Fix wrong locking that causes race conditions on streaming stop] +CVE-2019-18684 (Sudo through 1.8.29 allows local users to escalate to root if they hav ...) + TODO: check +CVE-2019-18682 + RESERVED +CVE-2019-18681 + RESERVED +CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...) + TODO: check +CVE-2019-18679 + RESERVED +CVE-2019-18678 + RESERVED +CVE-2019-18677 + RESERVED +CVE-2019-18676 + RESERVED +CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the Linux k ...) - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1 CVE-2019-18675 @@ -25,8 +41,8 @@ CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inc NOT-FOR-US: SECUDOS DOMOS CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...) NOT-FOR-US: SECUDOS DOMOS -CVE-2019-18663 - RESERVED +CVE-2019-18663 (A SQL injection vulnerability in a /login/forgot1 POST request in ARP- ...) + TODO: check CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input passed t ...) NOT-FOR-US: YouPHPTube CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...) @@ -6693,7 +6709,7 @@ CVE-2019-15712 RESERVED CVE-2019-15711 RESERVED -CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.1 and below ...) +CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...) NOT-FOR-US: FortiExtender CVE-2019-15709 RESERVED @@ -12152,10 +12168,10 @@ CVE-2019-13499 RESERVED CVE-2019-13498 (One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Trans ...) NOT-FOR-US: One Identity Cloud Access Manager -CVE-2019-13497 - RESERVED -CVE-2019-13496 - RESERVED +CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF fo ...) + TODO: check +CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...) + TODO: check CVE-2019-13495 RESERVED CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...) @@ -25774,6 +25790,7 @@ CVE-2019-8772 RESERVED CVE-2019-8771 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -25782,6 +25799,7 @@ CVE-2019-8770 RESERVED CVE-2019-8769 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -25906,6 +25924,7 @@ CVE-2019-8721 RESERVED CVE-2019-8720 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -26230,6 +26249,7 @@ CVE-2019-8626 RESERVED CVE-2019-8625 RESERVED + {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -44883,8 +44903,8 @@ CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before ve NOT-FOR-US: SAP CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...) NOT-FOR-US: SAP -CVE-2019-0350 - RESERVED +CVE-2019-0350 (SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker ...) + TODO: check CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...) NOT-FOR-US: SAP CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...) |