automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-04-11 08:10:16 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-04-11 08:10:16 +0000
commit: f39c8ac8d38157fbb56344558e40f477f6437b33 (patch)
tree: a22ea964e90516339c63c2d7a86c9f933ad7b19f /data
parent: 31a772c3a33e0e049c0384f55c1095f51a8bede5 (diff)
4 files changed, 105 insertions, 66 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index ae04c12361..c1a3f99ea6 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,3 +1,5 @@
+CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version  ...)
+	TODO: check
 CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for context-de ...)
 	NOT-FOR-US: Generic protocol issue
 CVE-2005-4899
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index f24c30bd61..a55e9762d8 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,3 +1,5 @@
+CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
+	TODO: check
 CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...)
 	NOT-FOR-US: GE Healthcare Infinia II
 CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 88fe06385f..21ddab2790 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -4127,8 +4127,8 @@ CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb
 CVE-2018-19454
 	RESERVED
-CVE-2018-19453
-	RESERVED
+CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
+	TODO: check
 CVE-2018-19452
 	RESERVED
 CVE-2018-19451
@@ -16103,8 +16103,8 @@ CVE-2018-14685 (The add function in www/Lib/Lib/Action/Admin/TplAction.class.php
 	NOT-FOR-US: Gxlcms
 CVE-2018-14684
 	RESERVED
-CVE-2018-14683
-	RESERVED
+CVE-2018-14683 (PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. ...)
+	TODO: check
 CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used i ...)
 	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
 	- linux 4.17.14-1
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 6c59f142f3..6d4f111abf 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,16 +1,49 @@
-CVE-2019-11067
+CVE-2019-11084
+	RESERVED
+CVE-2019-11083
+	RESERVED
+CVE-2019-11082
+	RESERVED
+CVE-2019-11081
+	RESERVED
+CVE-2019-11080
+	RESERVED
+CVE-2019-11079
+	RESERVED
+CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the uc ...)
+	TODO: check
+CVE-2019-11077 (FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new a ...)
+	TODO: check
+CVE-2019-11076
+	RESERVED
+CVE-2019-11075
 	RESERVED
-CVE-2019-1003050
+CVE-2019-11074
 	RESERVED
-CVE-2019-1003049
+CVE-2019-11073
 	RESERVED
+CVE-2019-11072 (lighttpd before 1.4.54 has a signed integer overflow, which might allo ...)
+	TODO: check
+CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly ap ...)
+	TODO: check
+CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard conformi ...)
+	TODO: check
+CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
+	TODO: check
+CVE-2019-11067
+	RESERVED
+CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly  ...)
+	TODO: check
+CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
+	TODO: check
 CVE-2019-11066
 	RESERVED
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
 	- gradle <unfixed>
 	[stretch] - gradle <no-dsa> (Minor issue)
 	NOTE: https://github.com/gradle/gradle/pull/8927
-CVE-2019-11071 [arbitrary code execution by any identified visitor]
+CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ...)
+	{DSA-4429-1}
 	- spip 3.2.4-1 (bug #926764)
 	[jessie] - spip <not-affected> (SPIP 3.0 and earlier are not affected)
 	NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html
@@ -3911,8 +3944,8 @@ CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible
 	NOT-FOR-US: Symantec
 CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
 	NOT-FOR-US: Norton Core
-CVE-2019-9694
-	RESERVED
+CVE-2019-9694 (Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptibl ...)
+	TODO: check
 CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2019-9692 (class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 doe ...)
@@ -4440,16 +4473,19 @@ CVE-2019-9500
 	RESERVED
 CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element]
 	RESERVED
+	{DSA-4430-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
 	NOTE: Patches: https://w1.fi/security/2019-4/
 CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element]
 	RESERVED
+	{DSA-4430-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
 	NOTE: Patches: https://w1.fi/security/2019-4/
 CVE-2019-9497 [EAP-pwd server not checking for reflection attack]
 	RESERVED
+	{DSA-4430-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
 	NOTE: Patches: https://w1.fi/security/2019-4/
@@ -4463,6 +4499,7 @@ CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP]
 	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
 CVE-2019-9495 [cache attack against EAP-pwd]
 	RESERVED
+	{DSA-4430-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
 	NOTE: Patches: https://w1.fi/security/2019-2/
@@ -11276,8 +11313,8 @@ CVE-2019-6558
 	RESERVED
 CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...)
 	NOT-FOR-US: Moxa
-CVE-2019-6556
-	RESERVED
+CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...)
+	TODO: check
 CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
 	NOT-FOR-US: Cscape
 CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...)
@@ -16842,8 +16879,8 @@ CVE-2019-3945
 	RESERVED
 CVE-2019-3944
 	RESERVED
-CVE-2019-3943
-	RESERVED
+CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...)
+	TODO: check
 CVE-2019-3942
 	RESERVED
 CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to  ...)
@@ -17697,8 +17734,8 @@ CVE-2019-3614
 	RESERVED
 CVE-2019-3613
 	RESERVED
-CVE-2019-3612
-	RESERVED
+CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
+	TODO: check
 CVE-2019-3611
 	RESERVED
 CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...)
@@ -24530,22 +24567,22 @@ CVE-2019-0287
 	RESERVED
 CVE-2019-0286
 	RESERVED
-CVE-2019-0285
-	RESERVED
-CVE-2019-0284
-	RESERVED
-CVE-2019-0283
-	RESERVED
-CVE-2019-0282
-	RESERVED
+CVE-2019-0285 (The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio ( ...)
+	TODO: check
+CVE-2019-0284 (SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not suf ...)
+	TODO: check
+CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in versions  ...)
+	TODO: check
+CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...)
+	TODO: check
 CVE-2019-0281
 	RESERVED
 CVE-2019-0280
 	RESERVED
-CVE-2019-0279
-	RESERVED
-CVE-2019-0278
-	RESERVED
+CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...)
+	TODO: check
+CVE-2019-0278 (Under certain conditions the Monitoring Servlet of the SAP NetWeaver P ...)
+	TODO: check
 CVE-2019-0277 (SAP HANA extended application services, version 1, advanced does not s ...)
 	NOT-FOR-US: SAP
 CVE-2019-0276 (Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Finan ...)
@@ -24642,8 +24679,7 @@ CVE-2019-0231
 	RESERVED
 CVE-2019-0230
 	RESERVED
-CVE-2019-0229
-	RESERVED
+CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)
 	- airflow <itp> (bug #819700)
 CVE-2019-0228
 	RESERVED
@@ -24679,8 +24715,7 @@ CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condit
 	- apache2 2.4.38-3
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
 	NOTE: https://svn.apache.org/r1855298
-CVE-2019-0216
-	RESERVED
+CVE-2019-0216 (A malicious admin user could edit the state of objects in the Airflow  ...)
 	- airflow <itp> (bug #819700)
 CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...)
 	- apache2 2.4.38-3
@@ -25061,40 +25096,40 @@ CVE-2019-0046
 	RESERVED
 CVE-2019-0045
 	RESERVED
-CVE-2019-0044
-	RESERVED
-CVE-2019-0043
-	RESERVED
-CVE-2019-0042
-	RESERVED
-CVE-2019-0041
-	RESERVED
-CVE-2019-0040
-	RESERVED
-CVE-2019-0039
-	RESERVED
-CVE-2019-0038
-	RESERVED
-CVE-2019-0037
-	RESERVED
-CVE-2019-0036
-	RESERVED
-CVE-2019-0035
-	RESERVED
-CVE-2019-0034
-	RESERVED
-CVE-2019-0033
-	RESERVED
-CVE-2019-0032
-	RESERVED
-CVE-2019-0031
-	RESERVED
+CVE-2019-0044 (Receipt of a specific packet on the out-of-band management interface f ...)
+	TODO: check
+CVE-2019-0043 (In MPLS environments, receipt of a specific SNMP packet may cause the  ...)
+	TODO: check
+CVE-2019-0042 (Juniper Identity Management Service (JIMS) for Windows versions prior  ...)
+	TODO: check
+CVE-2019-0041 (On EX4300-MP Series devices with any lo0 filters applied, transit netw ...)
+	TODO: check
+CVE-2019-0040 (On Junos OS, rpcbind should only be listening to port 111 on the inter ...)
+	TODO: check
+CVE-2019-0039 (If REST API is enabled, the Junos OS login credentials are vulnerable  ...)
+	TODO: check
+CVE-2019-0038 (Crafted packets destined to the management interface (fxp0) of an SRX3 ...)
+	TODO: check
+CVE-2019-0037 (In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environmen ...)
+	TODO: check
+CVE-2019-0036 (When configuring a stateless firewall filter in Junos OS, terms named  ...)
+	TODO: check
+CVE-2019-0035 (When "set system ports console insecure" is enabled, root login is dis ...)
+	TODO: check
+CVE-2019-0034 (Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface s ...)
+	TODO: check
+CVE-2019-0033 (A firewall bypass vulnerability in the proxy ARP service of Juniper Ne ...)
+	TODO: check
+CVE-2019-0032 (A password management issue exists where the Organization authenticati ...)
+	TODO: check
+CVE-2019-0031 (Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a  ...)
+	TODO: check
 CVE-2019-0030 (Juniper ATP uses DES and a hardcoded salt for password hashing, allowi ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0029 (Juniper ATP Series Splunk credentials are logged in a file readable by ...)
 	NOT-FOR-US: Juniper
-CVE-2019-0028
-	RESERVED
+CVE-2019-0028 (On Junos devices with the BGP graceful restart helper mode enabled or  ...)
+	TODO: check
 CVE-2019-0027 (A persistent cross-site scripting (XSS) vulnerability in the Snort Rul ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0026 (A persistent cross-site scripting (XSS) vulnerability in the Zone conf ...)
@@ -25111,8 +25146,8 @@ CVE-2019-0021 (On Juniper ATP, secret passphrase CLI inputs, such as "set mcm",
 	NOT-FOR-US: Juniper
 CVE-2019-0020 (Juniper ATP ships with hard coded credentials in the Web Collector ins ...)
 	NOT-FOR-US: Juniper
-CVE-2019-0019
-	RESERVED
+CVE-2019-0019 (When BGP tracing is enabled an incoming BGP message may cause the Juno ...)
+	TODO: check
 CVE-2019-0018 (A persistent cross-site scripting (XSS) vulnerability in the file uplo ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0017 (The Junos Space application, which allows Device Image files to be upl ...)
@@ -25133,8 +25168,8 @@ CVE-2019-0010 (An SRX Series Service Gateway configured for Unified Threat Manag
 	NOT-FOR-US: Juniper
 CVE-2019-0009 (On EX2300 and EX3400 series, high disk I/O operations may disrupt the  ...)
 	NOT-FOR-US: Juniper
-CVE-2019-0008
-	RESERVED
+CVE-2019-0008 (A certain sequence of valid BGP or IPv6 BFD packets may trigger a stac ...)
+	TODO: check
 CVE-2019-0007 (The vMX Series software uses a predictable IP ID Sequence Number. This ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0006 (A certain crafted HTTP packet can trigger an uninitialized function po ...)
author	security tracker role <sectracker@soriano.debian.org>	2019-04-11 08:10:16 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-04-11 08:10:16 +0000
commit	f39c8ac8d38157fbb56344558e40f477f6437b33 (patch)
tree	a22ea964e90516339c63c2d7a86c9f933ad7b19f /data
parent	31a772c3a33e0e049c0384f55c1095f51a8bede5 (diff)