diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-07 20:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-07 20:10:17 +0000 |
commit | f6c1efda8e38bc6b3bee23313f01e2271f13fc6a (patch) | |
tree | 63e4b631640e9908c99006a0e03135d1c0b49553 /data | |
parent | 033bb12fb3959e92f710bb25e95304c0fc9ff7b8 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2010.list | 12 | ||||
-rw-r--r-- | data/CVE/2011.list | 16 | ||||
-rw-r--r-- | data/CVE/2012.list | 6 | ||||
-rw-r--r-- | data/CVE/2019.list | 83 |
4 files changed, 69 insertions, 48 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 756c077d8a..775bd71a59 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -7847,8 +7847,7 @@ CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in ...) {DSA-2086-1} - avahi 0.6.26-1 -CVE-2010-2243 [timekeeping oops] - RESERVED +CVE-2010-2243 (A vulnerability exists in kernel/time/clocksource.c in the Linux kerne ...) - linux-2.6 2.6.32-11 [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...) @@ -11600,19 +11599,16 @@ CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware S CVE-2010-XXXX [argyll unsafe udev rules] - argyll <not-affected> (issue with redhat-specific changes to the package) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050 -CVE-2010-2473 [Blocked user session regeneration] - RESERVED +CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly b ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) -CVE-2010-2472 [Locale module cross site scripting] - RESERVED +CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) CVE-2010-2471 (drupal6 version 6.16 has open redirection ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) -CVE-2010-2250 [Installation cross site scripting] - RESERVED +CVE-2010-2250 (Drupal 6.x before 6.16 uses a user-supplied value in output during sit ...) {DSA-2016-1} - drupal6 6.18-1 (bug #592716) CVE-2010-XXXX [linux-ftpd: null ptr dereference] diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 18f7d0e16c..b3c208332b 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -6667,8 +6667,8 @@ CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-mi NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...) TODO: check -CVE-2011-2807 - RESERVED +CVE-2011-2807 (Incorrect handling of timer information in Timer.cpp in WebKit in Goog ...) + TODO: check CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle ...) - chromium-browser <not-affected> (It's in Windows-specific code) CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...) @@ -7959,8 +7959,8 @@ CVE-2011-2355 RESERVED CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2011-2353 - RESERVED +CVE-2011-2353 (Use after free vulnerability in documentloader in WebKit in Google Chr ...) + TODO: check CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...) @@ -8005,10 +8005,10 @@ CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-mi NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2011-2337 - RESERVED -CVE-2011-2336 - RESERVED +CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in Googl ...) + TODO: check +CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...) + TODO: check CVE-2011-2335 RESERVED CVE-2011-2334 diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 78f7bc0609..252fcea19c 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -16503,15 +16503,13 @@ CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does no - apache2 2.2.22-1 (low) CVE-2012-0052 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...) NOT-FOR-US: JBoss Operations Network -CVE-2012-0051 - RESERVED +CVE-2012-0051 (Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attacke ...) - tahoe-lafs <not-affected> (Only affects 1.9.0, not uploaded to the archive) CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...) {DSA-2392-1} - openssl 1.0.0g-1 NOTE: http://www.openssl.org/news/secadv/20120118.txt -CVE-2012-0049 - RESERVED +CVE-2012-0049 (OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) t ...) {DSA-2524-1} - openttd 1.1.5-1 (low) NOTE: http://vcs.openttd.org/svn/changeset/23764 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e5866b7210..9d13535fd0 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,29 @@ +CVE-2019-18817 + RESERVED +CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...) + TODO: check +CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...) + TODO: check +CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a ...) + TODO: check +CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...) + TODO: check +CVE-2019-18812 (A memory leak in the sof_dfsentry_write() function in sound/soc/sof/de ...) + TODO: check +CVE-2019-18811 (A memory leak in the sof_set_get_large_ctrl_data() function in sound/s ...) + TODO: check +CVE-2019-18810 (A memory leak in the komeda_wb_connector_add() function in drivers/gpu ...) + TODO: check +CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers/media ...) + TODO: check +CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...) + TODO: check +CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...) + TODO: check +CVE-2019-18806 (A memory leak in the ql_alloc_large_buffers() function in drivers/net/ ...) + TODO: check +CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux ker ...) + TODO: check CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...) - djvulibre <unfixed> NOTE: https://sourceforge.net/p/djvu/bugs/309/ @@ -244,7 +270,7 @@ CVE-2019-18686 REJECTED CVE-2019-18685 REJECTED -CVE-2019-18684 (Sudo through 1.8.29 allows local users to escalate to root if they hav ...) +CVE-2019-18684 (** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to r ...) - sudo <unfixed> (unimportant) NOTE: https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd NOTE: Issue is bogus and a non-security issue (confirmed by upstream and in progress @@ -2548,10 +2574,10 @@ CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername param NOT-FOR-US: HongCMS CVE-2019-17606 (The Post editor functionality in the hexo-admin plugin versions 2.3.0 ...) NOT-FOR-US: hexo-admin Node module -CVE-2019-17605 - RESERVED -CVE-2019-17604 - RESERVED +CVE-2019-17605 (A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 ...) + TODO: check +CVE-2019-17604 (An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms e ...) + TODO: check CVE-2019-17603 RESERVED CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...) @@ -2679,7 +2705,7 @@ CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Inj NOT-FOR-US: MetInfo CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...) NOT-FOR-US: idreamsoft iCMS -CVE-2019-17551 (Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS ...) +CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an atta ...) NOT-FOR-US: Apak Wholesale Floorplanning Finance CVE-2019-17550 RESERVED @@ -2699,6 +2725,7 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233) CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...) + {DLA-1984-1} - gdal 2.4.2+dfsg-2 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb @@ -3435,8 +3462,8 @@ CVE-2019-17224 (The web interface of the Compal Broadband CH7465LG modem (versio NOT-FOR-US: Compal Broadband CH7465LG modem CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 v ...) - dolibarr <removed> -CVE-2019-17222 - RESERVED +CVE-2019-17222 (An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is ...) + TODO: check CVE-2019-17221 (PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ...) - phantomjs <unfixed> NOTE: https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/ @@ -4224,20 +4251,20 @@ CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rus NOT-FOR-US: Rust linea crate CVE-2019-16879 RESERVED -CVE-2019-16878 - RESERVED -CVE-2019-16877 - RESERVED -CVE-2019-16876 - RESERVED +CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...) + TODO: check +CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...) + TODO: check +CVE-2019-16876 (Portainer before 1.22.1 allows Directory Traversal. ...) + TODO: check CVE-2019-16875 RESERVED -CVE-2019-16874 - RESERVED -CVE-2019-16873 - RESERVED -CVE-2019-16872 - RESERVED +CVE-2019-16874 (Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). ...) + TODO: check +CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...) + TODO: check +CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...) + TODO: check CVE-2019-16871 RESERVED CVE-2019-16870 @@ -15549,8 +15576,8 @@ CVE-2019-12333 RESERVED CVE-2019-12332 RESERVED -CVE-2019-12331 - RESERVED +CVE-2019-12331 (PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner ...) + TODO: check CVE-2019-12330 RESERVED CVE-2019-12329 @@ -16388,8 +16415,8 @@ CVE-2019-11998 RESERVED CVE-2019-11997 RESERVED -CVE-2019-11996 - RESERVED +CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE Nimbl ...) + TODO: check CVE-2019-11995 RESERVED CVE-2019-11994 @@ -32022,8 +32049,8 @@ CVE-2019-6342 CVE-2019-6340 (Some field types do not properly sanitize data from non-form sources i ...) - drupal7 <not-affected> (Drupal 7 core not affected) NOTE: https://www.drupal.org/sa-core-2019-003 -CVE-2019-6337 - RESERVED +CVE-2019-6337 (For the printers listed a maliciously crafted print file might cause c ...) + TODO: check CVE-2019-6336 RESERVED CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...) @@ -37969,8 +37996,8 @@ CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restri NOT-FOR-US: EMC CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...) NOT-FOR-US: EMC -CVE-2019-3764 - RESERVED +CVE-2019-3764 (Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior ...) + TODO: check CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...) NOT-FOR-US: RSA CVE-2019-3762 |