diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-07-31 08:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-07-31 08:10:17 +0000 |
commit | 68e2999547d0a96237f831cfe60229148bb84052 (patch) | |
tree | 1f48cd1760a0ff4003729c6b181e9b8d5ce53477 /data | |
parent | 594a394b9b7a8148e7ee5d139f2984a34d50b984 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 105 |
2 files changed, 58 insertions, 49 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index e5555115d7..679a5d8e31 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,3 +1,5 @@ +CVE-2007-6763 + RESERVED CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/2a2f11c227bdf292b3a2900ad04139d301b56ac4 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 9a6a1598f1..043ca674a6 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,17 @@ +CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...) + TODO: check +CVE-2019-14451 + RESERVED +CVE-2019-14450 + RESERVED +CVE-2019-14449 + RESERVED +CVE-2019-14448 + RESERVED +CVE-2019-14447 + RESERVED +CVE-2019-14446 + RESERVED CVE-2019-14445 RESERVED CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...) @@ -3246,8 +3260,8 @@ CVE-2019-13028 (An incorrect implementation of a local web server in eID client NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic) CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has S ...) NOT-FOR-US: Realization Concerto Critical Chain Planner -CVE-2019-13026 - RESERVED +CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Inject ...) + TODO: check CVE-2019-13025 RESERVED CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...) @@ -10430,28 +10444,24 @@ CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed to readonly clients] NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720114 NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a -CVE-2019-10165 - RESERVED +CVE-2019-10165 (OpenShift Container Platform before version 4.1.3 writes OAuth tokens ...) NOT-FOR-US: OpenShift CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are ...) - postgresql-11 11.4-1 - postgresql-9.6 <not-affected> (Only affects 10.x and later) - postgresql-9.4 <not-affected> (Only affects 10.x and later) NOTE: https://www.postgresql.org/about/news/1949/ -CVE-2019-10163 [Denial of service via NOTIFY packets] - RESERVED +CVE-2019-10163 (A Vulnerability has been found in PowerDNS Authoritative Server before ...) {DSA-4470-1 DLA-1843-1} - pdns 4.1.6-3 NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5 NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html -CVE-2019-10162 [Denial of service via crafted zone records] - RESERVED +CVE-2019-10162 (A vulnerability has been found in PowerDNS Authoritative Server before ...) {DSA-4470-1 DLA-1843-1} - pdns 4.1.6-3 NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5 NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html -CVE-2019-10161 [arbitrary file read/exec via virDomainSaveImageGetXMLDesc API] - RESERVED +CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...) {DSA-4469-1 DLA-1832-1} - libvirt 5.0.0-4 NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities @@ -10480,8 +10490,7 @@ CVE-2019-10158 NOT-FOR-US: infinispan CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did ...) NOT-FOR-US: Keycloak -CVE-2019-10156 [templating causing an unexpected key file to be set on remote node] - RESERVED +CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...) - ansible <unfixed> (low; bug #930065) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) @@ -10496,16 +10505,14 @@ CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processin NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web service f ...) - moodle <removed> -CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields] - RESERVED +CVE-2019-10153 (A flaw was discovered in fence-agents, prior to version 4.3.4, where u ...) - fence-agents 4.3.3-2 (low; bug #930887) [stretch] - fence-agents <no-dsa> (Minor issue) [jessie] - fence-agents <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460 NOTE: https://github.com/ClusterLabs/fence-agents/pull/255 NOTE: https://github.com/ClusterLabs/fence-agents/pull/272 -CVE-2019-10152 - RESERVED +CVE-2019-10152 (A path traversal vulnerability has been discovered in podman before ve ...) NOT-FOR-US: Podman CVE-2019-10151 RESERVED @@ -17585,19 +17592,19 @@ CVE-2019-7618 RESERVED CVE-2019-7617 RESERVED -CVE-2019-7616 - RESERVED -CVE-2019-7615 - RESERVED -CVE-2019-7614 - RESERVED +CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...) + TODO: check +CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM agent for R ...) + TODO: check +CVE-2019-7614 (A race condition flaw was found in the response headers Elasticsearch ...) + TODO: check CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient loggin ...) NOT-FOR-US: Winlogbeat CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash version ...) - logstash <itp> (bug #664841) CVE-2019-7611 (A permission issue was found in Elasticsearch versions before 5.6.15 a ...) - elasticsearch <removed> -CVE-2019-7610 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...) +CVE-2019-7610 (Kibana versions before 6.6.1 contain an arbitrary code execution flaw ...) - kibana <itp> (bug #700337) CVE-2019-7609 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...) - kibana <itp> (bug #700337) @@ -22733,32 +22740,32 @@ CVE-2019-5461 [GitHub Integration SSRF] RESERVED - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5460 - RESERVED -CVE-2019-5459 - RESERVED -CVE-2019-5458 - RESERVED -CVE-2019-5457 - RESERVED -CVE-2019-5456 - RESERVED -CVE-2019-5455 - RESERVED -CVE-2019-5454 - RESERVED -CVE-2019-5453 - RESERVED -CVE-2019-5452 - RESERVED -CVE-2019-5451 - RESERVED -CVE-2019-5450 - RESERVED -CVE-2019-5449 - RESERVED -CVE-2019-5448 - RESERVED +CVE-2019-5460 (Double Free in VLC versions <= 3.0.6 leads to a crash. ...) + TODO: check +CVE-2019-5459 (An Integer underflow in VLC Media Player versions < 3.0.7 leads to ...) + TODO: check +CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...) + TODO: check +CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...) + TODO: check +CVE-2019-5456 (SMTP MITM refers to a malicious actor setting up an SMTP proxy server ...) + TODO: check +CVE-2019-5455 (Bypassing lock protection exists in Nextcloud Android app 3.6.0 when c ...) + TODO: check +CVE-2019-5454 (SQL Injection in the Nextcloud Android app prior to version 3.0.0 allo ...) + TODO: check +CVE-2019-5453 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) + TODO: check +CVE-2019-5452 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) + TODO: check +CVE-2019-5451 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) + TODO: check +CVE-2019-5450 (Improper sanitization of HTML in directory names in the Nextcloud Andr ...) + TODO: check +CVE-2019-5449 (A missing check in the Nextcloud Server prior to version 15.0.1 causes ...) + TODO: check +CVE-2019-5448 (Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...) + TODO: check CVE-2019-5447 (A path traversal vulnerability in <= v0.2.6 of http-file-server npm ...) NOT-FOR-US: http-file-server Node.js module CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin ...) |