diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-20 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-20 20:10:22 +0000 |
commit | bc9f68f2890ab1257b1ec27533a5191f84febf13 (patch) | |
tree | 25c62b7cf883cddbe50236db55c5253d27171f5e /data | |
parent | e3ec0abafb63815b610cc5d00ce13a61a5569e19 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2010.list | 6 | ||||
-rw-r--r-- | data/CVE/2011.list | 12 | ||||
-rw-r--r-- | data/CVE/2012.list | 3 | ||||
-rw-r--r-- | data/CVE/2013.list | 9 | ||||
-rw-r--r-- | data/CVE/2015.list | 6 | ||||
-rw-r--r-- | data/CVE/2016.list | 6 | ||||
-rw-r--r-- | data/CVE/2018.list | 3 | ||||
-rw-r--r-- | data/CVE/2019.list | 35 |
8 files changed, 33 insertions, 47 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index caf308ed6b..d0191780c2 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1528,11 +1528,9 @@ CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux k [squeeze] - udisks <no-dsa> (Minor issue) NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232 NOTE: fixed by http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037 -CVE-2010-4660 - RESERVED +CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the way add ...) - statusnet <itp> (bug #491723) -CVE-2010-4659 - RESERVED +CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through 2010 in ...) - statusnet <itp> (bug #491723) CVE-2010-4658 RESERVED diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 5184c2afb9..32ab8b3359 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -2023,12 +2023,10 @@ CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, w NOT-FOR-US: OWASP HTML Sanitizer CVE-2011-4456 REJECTED -CVE-2011-4455 - RESERVED +CVE-2011-4455 (Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier ...) - tikiwiki <removed> NOTE: http://secunia.com/advisories/46740/ -CVE-2011-4454 - RESERVED +CVE-2011-4454 (Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earl ...) - tikiwiki <removed> NOTE: http://secunia.com/advisories/46740/ CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...) @@ -11485,8 +11483,7 @@ CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component i NOT-FOR-US: IBM CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...) NOT-FOR-US: IBM -CVE-2011-1028 - RESERVED +CVE-2011-1028 (The $smarty.template variable in Smarty3 allows attackers to possibly ...) - smarty3 3.0.8-1 - smarty <removed> [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) @@ -12803,8 +12800,7 @@ CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the s {DSA-2183-1} - nbd 1:2.9.16-8 (bug #611187) [etch] - nbd <not-affected> (reintroduced in 2.9.0) -CVE-2011-0529 - RESERVED +CVE-2011-0529 (Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to m ...) - weborf 0.12.5-1 CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to node r ...) - puppet 2.6.2-3 diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 7cd7c725d7..cfba087cd4 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1416,8 +1416,7 @@ CVE-2012-6138 REJECTED CVE-2012-6137 (rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does ...) NOT-FOR-US: Red Hat subscription-manager -CVE-2012-6136 - RESERVED +CVE-2012-6136 (tuned 2.10.0 creates its PID file with insecure permissions which allo ...) - tuned <not-affected> (Fixed before initial release to Debian) CVE-2012-6135 (RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to dele ...) - ruby-passenger <not-affected> (Vulnerable code not present; bug #702219) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index dee1129e38..1b13c03fe5 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -19665,16 +19665,13 @@ CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selec CVE-2013-0196 RESERVED NOT-FOR-US: OpenShift -CVE-2013-0195 [Unspecified XSS] - RESERVED +CVE-2013-0195 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...) - piwik <itp> (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ -CVE-2013-0194 [Unspecified XSS] - RESERVED +CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...) - piwik <itp> (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ -CVE-2013-0193 [Unspecified XSS] - RESERVED +CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...) - piwik <itp> (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ CVE-2013-0192 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 3404d90594..0fcf258961 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -22680,8 +22680,7 @@ CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and NOTE: https://github.com/airtower-luna/mod_gnutls/commit/5a8a32bbfb8a83fe6358c5c31c443325a7775fc2 CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Imag ...) NOT-FOR-US: WordPress plugin image-metadata-cruncher -CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts] - RESERVED +CVE-2015-1607 (kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2 ...) [experimental] - gnupg2 2.1.2-1 - gnupg2 2.0.26-5 (bug #778577) [wheezy] - gnupg2 <no-dsa> (Minor issue) @@ -22691,8 +22690,7 @@ CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise [squeeze] - gnupg <no-dsa> (Too intrusive to backport; minor issue) NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392 -CVE-2015-1606 [use after free resulting from failure to skip invalid packets] - RESERVED +CVE-2015-1606 (The keyring DB in GnuPG before 2.1.2 does not properly handle invalid ...) {DSA-3184-1 DLA-175-1} [experimental] - gnupg2 2.1.2-1 - gnupg2 2.0.26-5 (bug #778577) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 86aed6b019..1d82ba52fa 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -3907,8 +3907,7 @@ CVE-2016-9654 REJECTED CVE-2016-9653 REJECTED -CVE-2016-9652 - RESERVED +CVE-2016-9652 (Unspecified vulnerabilities in Google Chrome before 55.0.2883.75. ...) {DSA-3731-1} - chromium-browser 55.0.2883.75-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -17779,8 +17778,7 @@ CVE-2016-5195 (Race condition in mm/gup.c in the Linux kernel 2.x through 4.x be - linux 4.7.8-1 NOTE: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails NOTE: Fixed by: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 -CVE-2016-5194 - RESERVED +CVE-2016-5194 (Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. ...) {DSA-3731-1} - chromium-browser 54.0.2840.101-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 2467f87170..0c6292455c 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -27273,7 +27273,8 @@ CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was NOTE: https://eprint.iacr.org/2018/747 CVE-2018-10843 (source-to-image component of Openshift Container Platform before versi ...) NOT-FOR-US: source-to-image in OpenShift -CVE-2018-10842 (It was found that an authenticated user could manipulate user session ...) +CVE-2018-10842 + REJECTED NOT-FOR-US: Keycloak CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...) - glusterfs 4.1.2-1 (bug #901968) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 04c04a2651..a1972f64db 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -617,8 +617,8 @@ CVE-2019-18860 RESERVED CVE-2019-18859 RESERVED -CVE-2019-18858 - RESERVED +CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...) + TODO: check CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...) NOT-FOR-US: darylldoyle svg-sanitizer CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer module t ...) @@ -6593,8 +6593,8 @@ CVE-2019-16201 [Regular Expression Denial of Service vulnerability of WEBrick's - jruby <unfixed> NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03 NOTE: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/ -CVE-2019-16200 - RESERVED +CVE-2019-16200 (GNU Serveez through 0.2.2 has an Information Leak. An attacker may sen ...) + TODO: check CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remot ...) NOT-FOR-US: eQ-3 Homematic CCU2 CVE-2019-16198 (KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by t ...) @@ -20715,8 +20715,8 @@ CVE-2019-10767 RESERVED CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL In ...) TODO: check -CVE-2019-10765 - RESERVED +CVE-2019-10765 (iobroker.admin before 3.6.12 allows attacker to include file contents ...) + TODO: check CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might be possi ...) NOT-FOR-US: elliptic-php CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attack ...) @@ -35075,12 +35075,12 @@ CVE-2019-5544 RESERVED CVE-2019-5543 RESERVED -CVE-2019-5542 - RESERVED -CVE-2019-5541 - RESERVED -CVE-2019-5540 - RESERVED +CVE-2019-5542 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...) + TODO: check +CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...) + TODO: check +CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...) + TODO: check CVE-2019-5539 RESERVED CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a lack o ...) @@ -37220,8 +37220,8 @@ CVE-2019-4563 RESERVED CVE-2019-4562 RESERVED -CVE-2019-4561 - RESERVED +CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...) + TODO: check CVE-2019-4560 RESERVED CVE-2019-4559 @@ -37282,8 +37282,8 @@ CVE-2019-4532 RESERVED CVE-2019-4531 RESERVED -CVE-2019-4530 - RESERVED +CVE-2019-4530 (IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an aut ...) + TODO: check CVE-2019-4529 RESERVED CVE-2019-4528 @@ -39713,8 +39713,7 @@ CVE-2019-3468 RESERVED CVE-2019-3467 RESERVED -CVE-2019-3466 - RESERVED +CVE-2019-3466 (The pg_ctlcluster script in postgresql-common in versions prior to 210 ...) {DSA-4568-1 DLA-1994-1} - postgresql-common 210 NOTE: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c |