diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-15 20:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-15 20:10:28 +0000 |
commit | 9e5dcf3f7d60b5e8eb30b0179166baa57486a2c1 (patch) | |
tree | 80883ccdbdd72f191d52bcbb0001d0e37e8b3058 /data/CVE | |
parent | 6fae28ed4727e4037f0910539e807201baf55b5f (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2009.list | 3 | ||||
-rw-r--r-- | data/CVE/2011.list | 12 | ||||
-rw-r--r-- | data/CVE/2013.list | 12 | ||||
-rw-r--r-- | data/CVE/2014.list | 6 | ||||
-rw-r--r-- | data/CVE/2016.list | 3 | ||||
-rw-r--r-- | data/CVE/2017.list | 3 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 70 |
8 files changed, 67 insertions, 46 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 189351bf18..4c87550204 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -3385,8 +3385,7 @@ CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ... - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 -CVE-2009-5047 [multiple vulnerabilities in jetty] - RESERVED +CVE-2009-5047 (Jetty 6.x before 6.1.22 suffers from an escape sequence injection vuln ...) - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index ed31864701..01716fcb2a 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -6301,8 +6301,7 @@ CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 d [lenny] - linux-2.6 <not-affected> (perf not yet present) CVE-2011-2917 (SQL injection vulnerability in administrator/index2.php in Mambo CMS 4 ...) NOT-FOR-US: Mambo -CVE-2011-2916 - RESERVED +CVE-2011-2916 (qtnx 0.9 stores non-custom SSH keys in a world-readable configuration ...) - qtnx <removed> (low; bug #637439) [squeeze] - qtnx <no-dsa> (Minor issue) CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams. ...) @@ -6320,8 +6319,7 @@ CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function i CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.c ...) {DSA-2415-1} - libmodplug 1:0.8.8.4-1 -CVE-2011-2910 - RESERVED +CVE-2011-2910 (The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check ...) - ax25-tools 0.0.8-13.2 (low; bug #638198) [lenny] - ax25-tools <no-dsa> (Minor issue) [squeeze] - ax25-tools <no-dsa> (Minor issue) @@ -6920,8 +6918,7 @@ CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5. NOTE: requires the attacker to manipulate glob flags CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3 ...) NOT-FOR-US: Tribiq CMS -CVE-2011-2726 [SA-CORE-2011-003] - RESERVED +CVE-2011-2726 (An access bypass issue was found in Drupal 7.x before version 7.5. If ...) - drupal7 7.6-1 CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows remo ...) - kdeutils 4:4.6.5-4 (low; bug #635541) @@ -12420,8 +12417,7 @@ CVE-2011-0705 REJECTED CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote a ...) NOT-FOR-US: 389 Directory Server -CVE-2011-0703 - RESERVED +CVE-2011-0703 (In gksu-polkit before 0.0.3, the source file for xauth may contain arb ...) - gksu-polkit <removed> (bug #684489) [squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts) CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index e1fed6f547..dee1129e38 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1270,17 +1270,14 @@ CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before - linux 3.12.5-1 [wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b) - linux-2.6 <not-affected> (Introduced in 8b8d52ac382b) -CVE-2013-7089 [dbg_printhex possible information leak] - RESERVED +CVE-2013-7089 (ClamAV before 0.97.7: dbg_printhex possible information leak ...) - clamav 0.97.7+dfsg-1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804 -CVE-2013-7088 [buffer overflow] - RESERVED +CVE-2013-7088 (ClamAV before 0.97.7 has buffer overflow in the libclamav component ...) - clamav 0.97.7+dfsg-1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809 NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd -CVE-2013-7087 [[clamav: WWPack corrupt heap memory] - RESERVED +CVE-2013-7087 (ClamAV before 0.97.7 has WWPack corrupt heap memory ...) - clamav 0.97.7+dfsg-1 NOTE: https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38 NOTE: from https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c @@ -7368,8 +7365,7 @@ CVE-2013-4586 RESERVED CVE-2013-4585 RESERVED -CVE-2013-4584 [ssl_outgoing_ciphers not applied to STARTTLS connections] - RESERVED +CVE-2013-4584 (Perdition before 2.2 may have weak security when handling outbound con ...) - perdition 2.1-1 (low; bug #729028) [wheezy] - perdition <no-dsa> (Minor issue) [squeeze] - perdition <no-dsa> (Minor issue) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index ac978c7c60..4f33fe52a1 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -26831,13 +26831,11 @@ CVE-2014-0025 REJECTED CVE-2014-0024 RESERVED -CVE-2014-0023 - RESERVED +CVE-2014-0023 (OpenShift: Install script has temporary file creation vulnerability wh ...) NOT-FOR-US: OpenShift CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and e ...) NOT-FOR-US: yum cron -CVE-2014-0021 [traffic amplification in cmdmon protocol] - RESERVED +CVE-2014-0021 (Chrony before 1.29.1 has traffic amplification in cmdmon protocol ...) - chrony 1.29.1-1 (low; bug #737644) [squeeze] - chrony <no-dsa> (Minor issue) [wheezy] - chrony <no-dsa> (Minor issue) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index c0c1a7f1bd..aa72a7ed0e 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -17339,8 +17339,7 @@ CVE-2016-5287 (A potentially exploitable use-after-free crash during actor destr NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823 CVE-2016-5286 RESERVED -CVE-2016-5285 - RESERVED +CVE-2016-5285 (Null pointer dereference vulnerability exists in K11_SignWithSymKey / ...) - nss 2:3.25-1 NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4 NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index ee7a30b3e0..69a2257245 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -37525,8 +37525,7 @@ CVE-2017-5732 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686 NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150 NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html -CVE-2017-5731 - REJECTED +CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allow an ...) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686 NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150 NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 91e0bf0358..e458db0e22 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -7511,8 +7511,8 @@ CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP co NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...) NOT-FOR-US: Norton Security -CVE-2018-18368 - RESERVED +CVE-2018-18368 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be ...) + TODO: check CVE-2018-18367 (Symantec Endpoint Protection Manager (SEPM) prior to and including 12. ...) NOT-FOR-US: Symantec CVE-2018-18366 (Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 67df7e2ac7..08e933a00f 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,37 @@ +CVE-2019-19005 + RESERVED +CVE-2019-19004 + RESERVED +CVE-2019-19003 + RESERVED +CVE-2019-19002 + RESERVED +CVE-2019-19001 + RESERVED +CVE-2019-19000 + RESERVED +CVE-2019-18999 + RESERVED +CVE-2019-18998 + RESERVED +CVE-2019-18997 + RESERVED +CVE-2019-18996 + RESERVED +CVE-2019-18995 + RESERVED +CVE-2019-18994 + RESERVED +CVE-2019-18993 + RESERVED +CVE-2019-18992 + RESERVED +CVE-2019-18991 + RESERVED +CVE-2019-18990 + RESERVED +CVE-2019-18989 + RESERVED CVE-2019-18988 RESERVED CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) @@ -1395,8 +1429,8 @@ CVE-2019-18374 RESERVED CVE-2019-18373 RESERVED -CVE-2019-18372 - RESERVED +CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...) + TODO: check CVE-2019-18371 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...) NOT-FOR-US: Xiaomi CVE-2019-18370 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...) @@ -9377,8 +9411,7 @@ CVE-2019-14871 RESERVED CVE-2019-14870 RESERVED -CVE-2019-14869 [-dSAFER escape in .charkeys] - RESERVED +CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.28, where ...) {DSA-4569-1 DLA-1992-1} - ghostscript <unfixed> (bug #944760) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef @@ -10866,12 +10899,12 @@ CVE-2019-14347 (Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote NOT-FOR-US: Schben Adive CVE-2019-14346 (Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CS ...) NOT-FOR-US: Schben Adive -CVE-2019-14345 - RESERVED +CVE-2019-14345 (TemaTres 3.0 allows remote unprivileged users to create an administrat ...) + TODO: check CVE-2019-14344 RESERVED -CVE-2019-14343 - RESERVED +CVE-2019-14343 (TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin ...) + TODO: check CVE-2019-14342 RESERVED CVE-2019-14341 @@ -15007,14 +15040,14 @@ CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way NOTE: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7 NOTE: https://github.com/davidhalter/parso/issues/75 NOTE: Not considered a security issue by upstream -CVE-2019-12759 - RESERVED -CVE-2019-12758 - RESERVED -CVE-2019-12757 - RESERVED -CVE-2019-12756 - RESERVED +CVE-2019-12759 (Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security ...) + TODO: check +CVE-2019-12758 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...) + TODO: check +CVE-2019-12757 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 M ...) + TODO: check +CVE-2019-12756 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptib ...) + TODO: check CVE-2019-12755 (Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an ...) NOT-FOR-US: Norton CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...) @@ -35711,6 +35744,7 @@ CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthen CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...) NOT-FOR-US: Epignosis eFront LMS CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...) + {DLA-1993-1} - mesa <unfixed> (bug #944298) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html @@ -39301,7 +39335,7 @@ CVE-2019-3467 RESERVED CVE-2019-3466 RESERVED - {DSA-4568-1} + {DSA-4568-1 DLA-1994-1} - postgresql-common 210 NOTE: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c NOTE: https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/ @@ -39408,7 +39442,7 @@ CVE-2019-3424 RESERVED CVE-2019-3423 RESERVED -CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab report ...) +CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure vulner ...) NOT-FOR-US: ZTE CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...) NOT-FOR-US: ZTE |