diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-09-13 20:10:24 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-09-13 20:10:24 +0000 |
commit | fb865505307925464be8873413931b237a710a05 (patch) | |
tree | a61dfb86c7c6145b512eb551e37ed5ceb95d755e /data | |
parent | edd10c727f5028d3391ba227d58036ec5c5a31ef (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2010.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 72 | ||||
-rw-r--r-- | data/CVE/2017.list | 18 | ||||
-rw-r--r-- | data/CVE/2018.list | 21 | ||||
-rw-r--r-- | data/CVE/2019.list | 125 |
5 files changed, 162 insertions, 76 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 8928f5acff..5041588822 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1,3 +1,5 @@ +CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...) + TODO: check CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 54de743731..91d7bb07ec 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,39 +1,75 @@ -CVE-2016-10955 +CVE-2016-10973 RESERVED -CVE-2016-10954 +CVE-2016-10972 RESERVED -CVE-2016-10953 +CVE-2016-10971 RESERVED -CVE-2016-10952 +CVE-2016-10970 RESERVED -CVE-2016-10951 +CVE-2016-10969 RESERVED -CVE-2016-10950 +CVE-2016-10968 RESERVED -CVE-2016-10949 +CVE-2016-10967 RESERVED -CVE-2016-10948 +CVE-2016-10966 RESERVED -CVE-2016-10947 +CVE-2016-10965 RESERVED -CVE-2016-10946 +CVE-2016-10964 RESERVED -CVE-2016-10945 +CVE-2016-10963 RESERVED -CVE-2016-10944 +CVE-2016-10962 RESERVED -CVE-2016-10943 +CVE-2016-10961 RESERVED -CVE-2016-10942 +CVE-2016-10960 RESERVED -CVE-2016-10941 +CVE-2016-10959 RESERVED -CVE-2016-10940 +CVE-2016-10958 RESERVED -CVE-2016-10939 +CVE-2016-10957 RESERVED -CVE-2016-10938 +CVE-2016-10956 RESERVED +CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...) + TODO: check +CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...) + TODO: check +CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...) + TODO: check +CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...) + TODO: check +CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...) + TODO: check +CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...) + TODO: check +CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...) + TODO: check +CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...) + TODO: check +CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...) + TODO: check +CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...) + TODO: check +CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...) + TODO: check +CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...) + TODO: check +CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id ...) + TODO: check +CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...) + TODO: check +CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...) + TODO: check +CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...) + TODO: check +CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...) + TODO: check +CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...) + TODO: check CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...) - imapfilter <unfixed> (bug #939702) [buster] - imapfilter <no-dsa> (Minor issue) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index a84b0c6303..1d8ec31b84 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,5 @@ +CVE-2017-18634 + RESERVED CVE-2017-18633 RESERVED CVE-2017-18632 @@ -34,14 +36,14 @@ CVE-2017-18617 RESERVED CVE-2017-18616 RESERVED -CVE-2017-18615 - RESERVED -CVE-2017-18614 - RESERVED -CVE-2017-18613 - RESERVED -CVE-2017-18612 - RESERVED +CVE-2017-18615 (The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. ...) + TODO: check +CVE-2017-18614 (The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via ...) + TODO: check +CVE-2017-18613 (The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin ...) + TODO: check +CVE-2017-18612 (The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/f ...) + TODO: check CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...) NOT-FOR-US: magic-fields plugin for WordPress CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index a1721411db..5724f75555 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1897,12 +1897,13 @@ CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7 NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...) - {DLA-1791-1} + {DSA-4522-1 DLA-1791-1} - faad2 2.8.8-2 (low) [stretch] - faad2 <no-dsa> (Minor issue) NOTE: https://github.com/knik0/faad2/issues/26 NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45 CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_assembl ...) + {DSA-4522-1} - faad2 2.8.8-2 (low) [buster] - faad2 <no-dsa> (Minor issue) [stretch] - faad2 <no-dsa> (Minor issue) @@ -1917,12 +1918,14 @@ CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_ NOTE: https://github.com/knik0/faad2/issues/32 NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54 CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...) + {DSA-4522-1} - faad2 2.8.8-2 (low) [stretch] - faad2 <no-dsa> (Minor issue) [jessie] - faad2 2.7-8+deb8u2 NOTE: https://github.com/knik0/faad2/issues/29 NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3 CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_predict ...) + {DSA-4522-1} - faad2 2.8.8-2 (low) [buster] - faad2 <no-dsa> (Minor issue) [stretch] - faad2 <no-dsa> (Minor issue) @@ -1930,6 +1933,7 @@ CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_p NOTE: https://github.com/knik0/faad2/issues/31 NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45 CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel of li ...) + {DSA-4522-1} - faad2 2.8.8-2 (low) [stretch] - faad2 <no-dsa> (Minor issue) [jessie] - faad2 2.7-8+deb8u2 @@ -2493,14 +2497,14 @@ CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of lib NOTE: https://github.com/knik0/faad2/issues/24 NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...) - {DLA-1791-1} + {DSA-4522-1 DLA-1791-1} - faad2 2.8.8-2 (low) [stretch] - faad2 <no-dsa> (Minor issue) NOTE: https://github.com/knik0/faad2/issues/23 NOTE: same underlying issue as CVE-2018-20362, same fix: NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45 CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...) - {DLA-1791-1} + {DSA-4522-1 DLA-1791-1} - faad2 2.8.8-2 NOTE: https://github.com/knik0/faad2/issues/20 NOTE: very similar to CVE-2018-20194, same fix: @@ -2511,13 +2515,14 @@ CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of NOTE: https://github.com/knik0/faad2/issues/19 NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879 CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...) + {DSA-4522-1} - faad2 2.8.8-2 (low) [stretch] - faad2 <no-dsa> (Minor issue) [jessie] - faad2 2.7-8+deb8u2 NOTE: https://github.com/knik0/faad2/issues/25 NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14 CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the c ...) - {DLA-1791-1} + {DSA-4522-1 DLA-1791-1} - faad2 2.8.8-2 NOTE: https://github.com/knik0/faad2/issues/21 NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c @@ -4482,6 +4487,7 @@ CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct ...) NOT-FOR-US: Remedy AR System Server in BMC Remedy CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...) + {DSA-4522-1} - faad2 2.8.8-2 (low; bug #914641) [stretch] - faad2 <no-dsa> (Minor issue) [jessie] - faad2 2.7-8+deb8u2 @@ -4489,13 +4495,14 @@ CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FA NOTE: https://github.com/knik0/faad2/issues/26 NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45 CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...) + {DSA-4522-1} - faad2 2.8.8-2 (bug #914641) [jessie] - faad2 2.7-8+deb8u2 NOTE: https://sourceforge.net/p/faac/bugs/240/ NOTE: https://github.com/knik0/faad2/issues/18 NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3 CVE-2018-19502 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...) - {DLA-1899-1} + {DSA-4522-1 DLA-1899-1} - faad2 2.8.8-3 (bug #914641) NOTE: https://sourceforge.net/p/faac/bugs/240/ NOTE: https://github.com/knik0/faad2/issues/22 @@ -36819,8 +36826,8 @@ CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave b NOT-FOR-US: Aruba CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...) NOT-FOR-US: Aruba -CVE-2018-7081 - RESERVED +CVE-2018-7081 (A remote code execution vulnerability is present in network-listening ...) + TODO: check CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...) NOT-FOR-US: Aruba CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ad ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 559193bb80..5542bea9e1 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,43 @@ +CVE-2019-16296 + RESERVED +CVE-2019-16295 + RESERVED +CVE-2019-16294 + RESERVED +CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...) + TODO: check +CVE-2019-16292 + RESERVED +CVE-2019-16291 + RESERVED +CVE-2019-16290 + RESERVED +CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...) + TODO: check +CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...) + TODO: check +CVE-2019-16287 + RESERVED +CVE-2019-16286 + RESERVED +CVE-2019-16285 + RESERVED +CVE-2019-16284 + RESERVED +CVE-2019-16283 + RESERVED +CVE-2019-16282 + RESERVED +CVE-2019-16281 + RESERVED +CVE-2019-16280 + RESERVED +CVE-2019-16279 + RESERVED +CVE-2019-16278 + RESERVED +CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...) + TODO: check CVE-2019-XXXX [wireshark wnpa-sec-2019-21] - wireshark 3.0.4-1 (low) [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) @@ -2209,7 +2249,7 @@ CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5. NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28495 CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...) - {DLA-1899-1} + {DSA-4522-1 DLA-1899-1} - faad2 2.8.8-3 NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174 CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...) @@ -2832,12 +2872,10 @@ CVE-2019-15033 RESERVED CVE-2019-15032 RESERVED -CVE-2019-15031 [powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts] - RESERVED +CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/a8318c13e79badb92bc6640704a64cc022a6eb97 -CVE-2019-15030 [powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction] - RESERVED +CVE-2019-15030 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/8205d5d98ef7f155de211f5e2eb6ca03d95a5a60 CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system command ...) @@ -4061,6 +4099,7 @@ CVE-2019-14515 CVE-2019-14514 RESERVED CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...) + {DLA-1921-1} - dnsmasq 2.76-1 NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76 TODO: Find the relevant isolated changes in the 2.76 release to address the issue. @@ -5534,18 +5573,18 @@ CVE-2019-13925 RESERVED CVE-2019-13924 RESERVED -CVE-2019-13923 - RESERVED -CVE-2019-13922 - RESERVED +CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...) + TODO: check +CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + TODO: check CVE-2019-13921 RESERVED -CVE-2019-13920 - RESERVED -CVE-2019-13919 - RESERVED -CVE-2019-13918 - RESERVED +CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + TODO: check +CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + TODO: check +CVE-2019-13918 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + TODO: check CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...) {DSA-4488-1} - exim4 4.92-10 @@ -6370,8 +6409,8 @@ CVE-2019-13550 RESERVED CVE-2019-13549 RESERVED -CVE-2019-13548 - RESERVED +CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...) + TODO: check CVE-2019-13547 RESERVED CVE-2019-13546 @@ -6402,8 +6441,8 @@ CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version NOT-FOR-US: Philips CVE-2019-13533 RESERVED -CVE-2019-13532 - RESERVED +CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...) + TODO: check CVE-2019-13531 RESERVED CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...) @@ -6810,10 +6849,10 @@ CVE-2019-13366 RESERVED CVE-2019-13365 RESERVED -CVE-2019-13364 - RESERVED -CVE-2019-13363 - RESERVED +CVE-2019-13364 (admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat& ...) + TODO: check +CVE-2019-13363 (admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nb ...) + TODO: check CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...) NOT-FOR-US: Codedoc CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an ...) @@ -8051,8 +8090,8 @@ CVE-2019-12924 (MailEnable Enterprise Premium 10.23 was vulnerable to XML Extern NOT-FOR-US: MailEnable Enterprise Premium CVE-2019-12923 (In MailEnable Enterprise Premium 10.23, the potential cross-site reque ...) NOT-FOR-US: MailEnable Enterprise Premium -CVE-2019-12922 - RESERVED +CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in th ...) + TODO: check CVE-2019-12921 RESERVED CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...) @@ -9016,10 +9055,10 @@ CVE-2019-12519 RESERVED CVE-2019-12518 RESERVED -CVE-2019-12517 - RESERVED -CVE-2019-12516 - RESERVED +CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 fo ...) + TODO: check +CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injectio ...) + TODO: check CVE-2019-12515 (There is an out-of-bounds read vulnerability in the function FlateStre ...) - xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed) NOTE: https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar @@ -11371,8 +11410,8 @@ CVE-2019-11662 RESERVED CVE-2019-11661 RESERVED -CVE-2019-11660 - RESERVED +CVE-2019-11660 (Privileges manipulation in Micro Focus Data Protector, versions 10.00, ...) + TODO: check CVE-2019-11659 RESERVED CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...) @@ -13191,8 +13230,8 @@ CVE-2019-10939 RESERVED CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communication ...) NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices -CVE-2019-10937 - RESERVED +CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...) + TODO: check CVE-2019-10936 RESERVED CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) @@ -27792,10 +27831,10 @@ CVE-2019-5487 RESERVED CVE-2019-5486 RESERVED -CVE-2019-5485 - RESERVED -CVE-2019-5484 - RESERVED +CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...) + TODO: check +CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file ...) + TODO: check CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to exposing ...) TODO: check CVE-2019-5482 [TFTP small blocksize heap buffer overflow] @@ -28219,10 +28258,10 @@ CVE-2019-5317 RESERVED CVE-2019-5316 RESERVED -CVE-2019-5315 - RESERVED -CVE-2019-5314 - RESERVED +CVE-2019-5315 (A command injection vulnerability is present in the web management int ...) + TODO: check +CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...) + TODO: check CVE-2019-5313 RESERVED CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...) @@ -31913,8 +31952,8 @@ CVE-2019-3648 RESERVED CVE-2019-3647 RESERVED -CVE-2019-3646 - RESERVED +CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...) + TODO: check CVE-2019-3645 RESERVED CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...) |