diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-12-27 20:10:29 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-12-27 20:10:29 +0000 |
commit | e326d4dbbbb7685e5f933a75681686e5227d9506 (patch) | |
tree | 0eebf5e62e0483441b67941849479b100dbb5710 /data | |
parent | 51f04a1b27faf72ff04858439afe68974a9b293a (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2007.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 74 | ||||
-rw-r--r-- | data/CVE/2014.list | 44 | ||||
-rw-r--r-- | data/CVE/2016.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 28 |
5 files changed, 84 insertions, 74 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 5aa7361057..fb3b5cee72 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -15662,8 +15662,8 @@ CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support (hooks/ljh CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) - geoip 1.3.17-1.1 (bug #406628; low) [sarge] - geoip <no-dsa> (Minor issue) -CVE-2007-0158 - RESERVED +CVE-2007-0158 (thttpd 2007 has buffer underflow. ...) + TODO: check CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neo ...) - neon26 0.26.2-3.1 (medium; bug #404723) NOTE: neon25 doesn't have the uri_lookup macro diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 482282a10b..857c3a1e26 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -6343,8 +6343,8 @@ CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers t [wheezy] - phpmyadmin <no-dsa> (Backport not feasible and X-Frame-Options protection enough on any modern browser) CVE-2013-5028 (SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok In ...) NOT-FOR-US: Kwok Information Server -CVE-2013-5027 - RESERVED +CVE-2013-5027 (Collabtive 1.0 has incorrect access control ...) + TODO: check CVE-2013-5026 (An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.o ...) NOT-FOR-US: National Instruments Lookout CVE-2013-5025 (An ActiveX control in exlauncher.dll in the Help subsystem in National ...) @@ -6411,15 +6411,13 @@ CVE-2013-4987 (PineApp Mail-SeCure before 3.70 allows remote authenticated users NOT-FOR-US: PinApp CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 i ...) NOT-FOR-US: PDFCool -CVE-2013-4985 - RESERVED +CVE-2013-4985 (Multiple Vivotek IP Cameras remote authentication bypass that could al ...) NOT-FOR-US: Vivotek IP Cameras CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos ...) NOT-FOR-US: Sophos Web Protection Appliance CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appl ...) NOT-FOR-US: Sophos Web Protection Appliance -CVE-2013-4982 - RESERVED +CVE-2013-4982 (AVTECH AVN801 DVR has a security bypass via the administration login c ...) NOT-FOR-US: AVTECH DVR CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with f ...) NOT-FOR-US: AVTECH DVR @@ -6431,10 +6429,10 @@ CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlie NOT-FOR-US: Aloaha PDF Suite CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E I ...) NOT-FOR-US: Hikvision IP camera -CVE-2013-4976 - RESERVED -CVE-2013-4975 - RESERVED +CVE-2013-4976 (Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded cre ...) + TODO: check +CVE-2013-4975 (Hikvision DS-2CD7153-E IP Camera has Privilege Escalation ...) + TODO: check CVE-2013-4974 (RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 throug ...) NOT-FOR-US: RealPlayer CVE-2013-4973 (Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.5 ...) @@ -6724,10 +6722,10 @@ CVE-2013-4870 (SQL injection vulnerability in the News Search (news_search) exte NOT-FOR-US: TYPO3 extension news_search CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and ...) NOT-FOR-US: Cisco -CVE-2013-4868 - RESERVED -CVE-2013-4867 - RESERVED +CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure ...) + TODO: check +CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module h ...) + TODO: check CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...) NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android CVE-2013-4865 @@ -6742,8 +6740,8 @@ CVE-2013-4861 RESERVED CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does n ...) NOT-FOR-US: Radio Thermostat -CVE-2013-4859 - RESERVED +CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...) + TODO: check CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remo ...) NOT-FOR-US: Microsoft Windows Movie Maker CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. ...) @@ -6880,8 +6878,8 @@ CVE-2013-4798 (Unspecified vulnerability in HP LoadRunner before 11.52 allows re NOT-FOR-US: HP LoadRunner CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner -CVE-2013-4796 - RESERVED +CVE-2013-4796 (ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to r ...) + TODO: check CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list in Rev ...) - reviewboard <itp> (bug #653113) CVE-2013-4794 @@ -6948,10 +6946,10 @@ CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote a - eucalyptus <removed> CVE-2013-4765 RESERVED -CVE-2013-4764 - RESERVED -CVE-2013-4763 - RESERVED +CVE-2013-4764 (Samsung Galaxy S3/S4 exposes an unprotected component allowing an unpr ...) + TODO: check +CVE-2013-4763 (Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitra ...) + TODO: check CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate a sess ...) - puppet <not-affected> (Only affects Puppet Enterprise) CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x befo ...) @@ -6997,8 +6995,8 @@ CVE-2013-4745 (SQL injection vulnerability in the My quiz and poll (myquizpoll) NOT-FOR-US: My quiz and poll TYPO3 extension CVE-2013-4744 (Cross-site scripting (XSS) vulnerability in the PHPUnit extension befo ...) NOT-FOR-US: PHPUnit TYPO3 extension -CVE-2013-4743 - RESERVED +CVE-2013-4743 (Static HTTP Server 1.0 has a Local Overflow ...) + TODO: check CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers ...) NOT-FOR-US: SurgeFTP CVE-2013-4741 @@ -7102,16 +7100,16 @@ CVE-2013-4698 (Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users NOT-FOR-US: Cybozu Mailwise CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Managem ...) NOT-FOR-US: Hitachi -CVE-2013-4695 - RESERVED +CVE-2013-4695 (Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Exe ...) + TODO: check CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Bu ...) NOT-FOR-US: Winamp -CVE-2013-4693 - RESERVED -CVE-2013-4692 - RESERVED -CVE-2013-4691 - RESERVED +CVE-2013-4693 (WordPress Xorbin Digital Flash Clock 1.0 has XSS ...) + TODO: check +CVE-2013-4692 (Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS ...) + TODO: check +CVE-2013-4691 (Sencha Labs Connect has XSS with connect.methodOverride() ...) + TODO: check CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before ...) NOT-FOR-US: Juniper Junos CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R befor ...) @@ -7163,10 +7161,10 @@ CVE-2013-4667 RESERVED CVE-2013-4666 RESERVED -CVE-2013-4665 - RESERVED -CVE-2013-4664 - RESERVED +CVE-2013-4665 (SPBAS Business Automation Software 2012 has CSRF. ...) + TODO: check +CVE-2013-4664 (SPBAS Business Automation Software 2012 has XSS. ...) + TODO: check CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine a ...) NOT-FOR-US: Redmine plugin redmine_git_hosting CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...) @@ -7261,8 +7259,8 @@ CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1 - polarssl 1.2.8-1 (low; bug #719954) CVE-2013-4622 (The 3G Mobile Hotspot feature on the HTC Droid Incredible has a defaul ...) NOT-FOR-US: HTC Droid Incredible -CVE-2013-4621 - RESERVED +CVE-2013-4621 (Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities ...) + TODO: check CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in interface/main/onotes/offi ...) NOT-FOR-US: OpenEMR CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote a ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 871bd2d682..4bbac1070a 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -15055,8 +15055,8 @@ CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the Word NOT-FOR-US: WordPress plugin Responsive Preview CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php i ...) NOT-FOR-US: WordPress plugin WP Plugin Manager -CVE-2014-4592 - RESERVED +CVE-2014-4592 (Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_d ...) + TODO: check CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php in the W ...) NOT-FOR-US: WordPress plugin WP-Picasa-Image CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP Microblo ...) @@ -15105,8 +15105,8 @@ CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in th NOT-FOR-US: WordPress plugin VideoWhisper Live Streaming Integration CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logou ...) NOT-FOR-US: WordPress plugin -CVE-2014-4567 - RESERVED +CVE-2014-4567 (Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_l ...) + TODO: check CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php ...) NOT-FOR-US: WordPress plugin CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in t ...) @@ -15121,10 +15121,10 @@ CVE-2014-4561 RESERVED CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in includes/getTipo.php in th ...) NOT-FOR-US: WordPress plugin ToolPage -CVE-2014-4559 - RESERVED -CVE-2014-4558 - RESERVED +CVE-2014-4559 (Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php ...) + TODO: check +CVE-2014-4558 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...) + TODO: check CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...) NOT-FOR-US: WordPress plugin Swipe Checkout for Jigoshop CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...) @@ -15143,16 +15143,16 @@ CVE-2014-4550 RESERVED CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplet ...) NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway -CVE-2014-4548 - RESERVED +CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the R ...) + TODO: check CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in templates/defau ...) NOT-FOR-US: WordPress plugin Rezgo Online Booking CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo ...) NOT-FOR-US: WordPress plugin Rezgo CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php i ...) NOT-FOR-US: WordPress plugin Pro Quoter -CVE-2014-4544 - RESERVED +CVE-2014-4544 (Cross-site scripting (XSS) vulnerability in the Podcast Channels plugi ...) + TODO: check CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.p ...) NOT-FOR-US: WordPress plugin Pay Per Media Player CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl ...) @@ -15161,14 +15161,14 @@ CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in shortcode-generator/p NOT-FOR-US: WordPress plugin OMFG Mobile Pro CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_log ...) NOT-FOR-US: WordPress plugin Oleggo LiveStream -CVE-2014-4539 - RESERVED +CVE-2014-4539 (Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and ...) + TODO: check CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the Malware ...) NOT-FOR-US: WordPress plugin Malware Finder CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyw ...) NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links -CVE-2014-4536 - RESERVED +CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_t ...) + TODO: check CVE-2014-4535 RESERVED CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/aut ...) @@ -15189,20 +15189,20 @@ CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in paginas/vi NOT-FOR-US: WordPress plugin envialosimple-email-marketing-y-newsletters-gratis CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in callback.php in ...) NOT-FOR-US: WordPress plugin efence -CVE-2014-4525 - RESERVED +CVE-2014-4525 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...) + TODO: check CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in classes/custom-image/media ...) NOT-FOR-US: WordPress plugin WP Easy Post Types -CVE-2014-4523 - RESERVED +CVE-2014-4523 (Cross-site scripting (XSS) vulnerability in the Easy Career Openings p ...) + TODO: check CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...) NOT-FOR-US: WordPress plugin dsSearchAgent: WordPress Edition CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...) NOT-FOR-US: WordPress plugin dsIDXpress IDX CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA Wa ...) NOT-FOR-US: WordPress plugin DMCA WaterMarker -CVE-2014-4519 - RESERVED +CVE-2014-4519 (Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.6 ...) + TODO: check CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in the Conta ...) NOT-FOR-US: WordPress plugin Contact Form by ContactMe.com CVE-2014-4517 (Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index eaebd4023e..074f07d94c 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -14461,10 +14461,10 @@ CVE-2016-6251 REJECTED CVE-2016-6248 RESERVED -CVE-2016-1000029 - RESERVED -CVE-2016-1000028 - RESERVED +CVE-2016-1000029 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...) + TODO: check +CVE-2016-1000028 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...) + TODO: check CVE-2016-6247 (OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of se ...) NOT-FOR-US: OpenBSD kernel CVE-2016-6246 (OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount pri ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 8e855b9ff9..e5cda359fe 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,15 @@ +CVE-2019-20049 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A re ...) + TODO: check +CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices befor ...) + TODO: check +CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and ...) + TODO: check +CVE-2019-20046 + RESERVED +CVE-2019-20045 + RESERVED +CVE-2019-20044 + RESERVED CVE-2019-20040 RESERVED CVE-2019-20039 @@ -58,7 +70,7 @@ CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in CVE-2019-20017 (A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 ...) - libmatio <unfixed> NOTE: https://github.com/tbeu/matio/issues/127 -CVE-2019-20016 (libmysofa 0.9 does not properly restrict recursive function calls, as ...) +CVE-2019-20016 (libmysofa before 2019-11-24 does not properly restrict recursive funct ...) - libmysofa 0.9~dfsg0-1 [buster] - libmysofa <no-dsa> (Minor issue) NOTE: https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f @@ -510,17 +522,17 @@ CVE-2019-19835 RESERVED CVE-2019-19834 RESERVED -CVE-2019-20043 +CVE-2019-20043 (WordPress before 5.3.1 allowed an unauthenticated user to make a post ...) - wordpress <unfixed> (bug #946905) NOTE: https://core.trac.wordpress.org/changeset/46893/trunk NOTE: https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ -CVE-2019-20042 +CVE-2019-20042 (WordPress before 5.3.1 allowed an attacker to create a cross-site scri ...) - wordpress <unfixed> (bug #946905) NOTE: https://core.trac.wordpress.org/changeset/46894/trunk NOTE: https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ -CVE-2019-20041 +CVE-2019-20041 (wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 ...) - wordpress <unfixed> (bug #946905) NOTE: https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53 NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ @@ -665,8 +677,8 @@ CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x befor NOTE: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long ...) NOT-FOR-US: AceaXe Plus -CVE-2019-19781 - RESERVED +CVE-2019-19781 (An issue was discovered in Citrix Application Delivery Controller (ADC ...) + TODO: check CVE-2019-19780 RESERVED CVE-2019-19779 @@ -7522,8 +7534,8 @@ CVE-2019-16898 REJECTED CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security ...) NOT-FOR-US: K7 -CVE-2019-16896 - RESERVED +CVE-2019-16896 (In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the ba ...) + TODO: check CVE-2019-16895 REJECTED CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...) |