diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-02-26 08:10:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-02-26 08:10:12 +0000 |
commit | 6d6837521fbc9666b9d8087c72da221390dfd786 (patch) | |
tree | 0361b42114a43bdf0d1c7fc15d567c9ba2fefdec /data | |
parent | 596521b9ab74421737cd5e869edb5c50ab1cd8f3 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2009.list | 2 | ||||
-rw-r--r-- | data/CVE/2017.list | 5 | ||||
-rw-r--r-- | data/CVE/2018.list | 70 | ||||
-rw-r--r-- | data/CVE/2019.list | 69 |
4 files changed, 101 insertions, 45 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index dc7d139e28..184eb072e6 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,3 +1,5 @@ +CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in ...) + TODO: check CVE-2009-5154 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a ...) NOT-FOR-US: MOBOTIX CVE-2009-5153 (In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 154a1512a0..811d814d14 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -31477,24 +31477,28 @@ CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/ NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8 CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859990) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859991) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859992) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859993) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320 @@ -31507,6 +31511,7 @@ CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compr NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/ CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859995) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 586818d9b4..78a7e2f1e0 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,5 @@ +CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, ...) + TODO: check CVE-2018-20795 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read ...) TODO: check CVE-2018-20794 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...) @@ -2325,8 +2327,8 @@ CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...) - chromium 71.0.3578.80-1 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...) NOT-FOR-US: doorGets -CVE-2018-20063 - RESERVED +CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An ...) + TODO: check CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php ...) NOT-FOR-US: NoneCms CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...) @@ -2403,8 +2405,8 @@ CVE-2018-20035 RESERVED CVE-2018-20034 RESERVED -CVE-2018-20033 - RESERVED +CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon ...) + TODO: check CVE-2018-20032 RESERVED CVE-2018-20031 @@ -6290,12 +6292,14 @@ CVE-2018-18523 CVE-2018-18522 RESERVED CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...) + {DLA-1689-1} - elfutils 0.175-1 (low; bug #911413) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...) + {DLA-1689-1} - elfutils 0.175-1 (low; bug #911414) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787 @@ -6927,6 +6931,7 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87 NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850 CVE-2018-18310 (An invalid memory address dereference was discovered in ...) + {DLA-1689-1} - elfutils 0.175-1 (bug #911083) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752 @@ -12596,6 +12601,7 @@ CVE-2018-16064 CVE-2018-16063 RESERVED CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before ...) + {DLA-1689-1} - elfutils 0.175-1 (bug #907562) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541 @@ -13322,7 +13328,7 @@ CVE-2018-15779 CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...) NOT-FOR-US: Dell CVE-2018-15777 - RESERVED + REJECTED CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an ...) NOT-FOR-US: EMC iDRAC CVE-2018-15775 @@ -18145,12 +18151,12 @@ CVE-2018-13916 RESERVED CVE-2018-13915 RESERVED -CVE-2018-13914 - RESERVED -CVE-2018-13913 - RESERVED -CVE-2018-13912 - RESERVED +CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...) + TODO: check +CVE-2018-13913 (Improper validation of array index can lead to unauthorized access ...) + TODO: check +CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in ...) + TODO: check CVE-2018-13911 RESERVED CVE-2018-13910 @@ -18163,11 +18169,9 @@ CVE-2018-13907 RESERVED CVE-2018-13906 RESERVED -CVE-2018-13905 - RESERVED +CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource cleanup ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-13904 - RESERVED +CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13903 RESERVED @@ -18175,8 +18179,7 @@ CVE-2018-13902 RESERVED CVE-2018-13901 RESERVED -CVE-2018-13900 - RESERVED +CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13899 RESERVED @@ -23114,15 +23117,13 @@ CVE-2018-11950 (Unapproved TrustZone applications can be loaded and executed in NOT-FOR-US: Qualcomm components for Android CVE-2018-11949 RESERVED -CVE-2018-11948 - RESERVED +CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11947 RESERVED CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11945 - RESERVED +CVE-2018-11945 (Improper input validation in wireless service messaging module for ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11944 RESERVED @@ -23136,25 +23137,21 @@ CVE-2018-11940 RESERVED CVE-2018-11939 RESERVED -CVE-2018-11938 - RESERVED +CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11937 RESERVED CVE-2018-11936 RESERVED -CVE-2018-11935 - RESERVED +CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11934 RESERVED CVE-2018-11933 RESERVED -CVE-2018-11932 - RESERVED +CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11931 - RESERVED +CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11930 RESERVED @@ -23288,8 +23285,7 @@ CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal NOT-FOR-US: Qualcomm components for Android CVE-2018-11865 (Integer overflow may happen when calculating an internal structure ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11864 - RESERVED +CVE-2018-11864 (Bytes can be written to fuses from Secure region which can be read ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android @@ -23327,8 +23323,7 @@ CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by NOT-FOR-US: Qualcomm components for Android CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11845 - RESERVED +CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11844 RESERVED @@ -23378,8 +23373,7 @@ CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory ... NOT-FOR-US: Qualcomm components for Android CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11820 - RESERVED +CVE-2018-11820 (Use of non-time constant memcmp function creates side channel that ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11819 RESERVED @@ -24930,8 +24924,7 @@ CVE-2018-11291 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM NOT-FOR-US: Qualcomm components for Android CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11289 - RESERVED +CVE-2018-11289 (Data truncation during higher to lower type conversion which causes ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for ...) NOT-FOR-US: Qualcomm components for Android @@ -39555,8 +39548,7 @@ CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that is NOT-FOR-US: Qualcomm components for Android CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the DRM ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-5839 - RESERVED +CVE-2018-5839 (Improperly configured memory protection allows read/write access to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in ...) NOT-FOR-US: Qualcomm components for Android diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 97b61c1f1b..ac7bcb6484 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,4 +1,58 @@ -CVE-2019-9162 [netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs] +CVE-2019-9183 + RESERVED +CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a ...) + TODO: check +CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...) + TODO: check +CVE-2019-9180 + RESERVED +CVE-2019-9179 + RESERVED +CVE-2019-9178 + RESERVED +CVE-2019-9177 + RESERVED +CVE-2019-9176 + RESERVED +CVE-2019-9175 + RESERVED +CVE-2019-9174 + RESERVED +CVE-2019-9173 + RESERVED +CVE-2019-9172 + RESERVED +CVE-2019-9171 + RESERVED +CVE-2019-9170 + RESERVED +CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, ...) + TODO: check +CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...) + TODO: check +CVE-2019-9167 + RESERVED +CVE-2019-9166 + RESERVED +CVE-2019-9165 + RESERVED +CVE-2019-9164 + RESERVED +CVE-2019-9163 + RESERVED +CVE-2019-9161 + RESERVED +CVE-2019-9160 + RESERVED +CVE-2019-9159 + RESERVED +CVE-2019-9158 + RESERVED +CVE-2019-9157 + RESERVED +CVE-2019-9156 + RESERVED +CVE-2019-9162 (In the Linux kernel before 4.20.12, ...) - linux <unfixed> [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) @@ -3165,6 +3219,7 @@ CVE-2019-7667 CVE-2019-7666 RESERVED CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...) + {DLA-1689-1} - elfutils 0.176-1 (low; bug #921880) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089 @@ -4481,12 +4536,14 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in ...) NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can ...) + {DLA-1689-1} - elfutils 0.176-1 (low; bug #920909) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 CVE-2019-7149 (A heap-based buffer over-read was discovered in the function ...) + {DLA-1689-1} - elfutils 0.176-1 (low; bug #920910) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102 @@ -6075,7 +6132,7 @@ CVE-2019-6448 RESERVED CVE-2019-6447 (The ES File Explorer File Manager application through 4.1.9.7.4 for ...) NOT-FOR-US: ES File Explorer File Manager application -CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle ...) +CVE-2019-6446 (** DISPUTED ** ...) - python-numpy 1:1.10.4-1 [jessie] - python-numpy <no-dsa> (Minor issue) NOTE: https://github.com/numpy/numpy/issues/12759 @@ -6473,10 +6530,10 @@ CVE-2019-6268 RESERVED CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for ...) NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress -CVE-2019-6266 - RESERVED -CVE-2019-6265 - RESERVED +CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is ...) + TODO: check +CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware bestinformed ...) + TODO: check CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...) NOT-FOR-US: Joomla! CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...) |