diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-12-03 20:10:19 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-12-03 20:10:19 +0000 |
commit | 24435d387ad0b4cbe4456381380da39bdc7f7e41 (patch) | |
tree | 7e716bbef41045a5259d7f96e8c684c734e53f23 | |
parent | 6e98fea9287c1c366bfc4c5d645541697775637f (diff) |
automatic update
-rw-r--r-- | data/CVE/2013.list | 21 | ||||
-rw-r--r-- | data/CVE/2019.list | 112 |
2 files changed, 85 insertions, 48 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index a9f1fb233c..51543c2e48 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -7782,8 +7782,7 @@ CVE-2013-4487 (Off-by-one error in the dane_raw_tlsa in the DANE library (libdan - gnutls28 <not-affected> (libdane is not built; original patch for CVE-2013-4466 not applied) - gnutls26 <not-affected> (only 3.1.x and 3.2.x) NOTE: off-by one issue in original fix for CVE-2013-4466 -CVE-2013-4486 - RESERVED +CVE-2013-4486 (Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging ...) NOT-FOR-US: Zanata CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8. ...) - 389-ds-base 1.3.2.9-1 (bug #730115) @@ -8032,8 +8031,7 @@ CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from [wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later) [squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later) NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f -CVE-2013-4411 - RESERVED +CVE-2013-4411 (Review Board: URL processing gives unauthorized users access to review ...) - reviewboard <itp> (bug #653113) CVE-2013-4410 (ReviewBoard: has an access-control problem in REST API ...) - reviewboard <itp> (bug #653113) @@ -8689,8 +8687,7 @@ CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...) - vdsm <itp> (bug #668538) -CVE-2013-4235 [TOCTOU race conditions by copying and removing directory trees] - RESERVED +CVE-2013-4235 (shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...) - shadow <unfixed> (unimportant; bug #778950) CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) ...) {DSA-2751-1} @@ -13661,8 +13658,7 @@ CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allo [squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea) CVE-2013-2229 REJECTED -CVE-2013-2228 [RSA exponent of 1] - RESERVED +CVE-2013-2228 (SaltStack RSA Key Generation allows remote users to decrypt communicat ...) - salt 0.15.1-1 NOTE: https://github.com/saltstack/salt/commit/e8ce66cf688b43aeb3e716e78b1af3a08e9940e3 CVE-2013-2227 (GLPI 0.83.7 has Local File Inclusion in common.tabs.php. ...) @@ -14081,8 +14077,7 @@ CVE-2013-2108 NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update ...) NOT-FOR-US: WordPress plugin mail-on-update -CVE-2013-2106 [Authentication credential disclosure] - RESERVED +CVE-2013-2106 (webauth before 4.6.1 has authentication credential disclosure ...) - webauth <not-affected> (vulnerable code only in 4.4.1 up to 4.5.2) CVE-2013-2105 (The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local ...) NOT-FOR-US: Show In Browser Ruby Gem @@ -14094,13 +14089,11 @@ CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone NOTE: Keystone Folsom fix: https://review.openstack.org/#/c/30743/ NOTE: python-keystoneclient fix: https://review.openstack.org/#/c/30742/ NOTE: Starting with 2013.1-1 code in keystone/middleware/auth_token.py moved to python-keystoneclient -CVE-2013-2103 - RESERVED +CVE-2013-2103 (OpenShift cartridge allows remote URL retrieval ...) NOT-FOR-US: OpenShift CVE-2013-2102 (The default configuration of Red Hat JBoss Portal before 6.1.0 enables ...) NOT-FOR-US: GateIn Portal -CVE-2013-2101 - RESERVED +CVE-2013-2101 (Katello has multiple XSS issues in various entities ...) NOT-FOR-US: Katello CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...) NOT-FOR-US: Gentoo Portage binary package installer diff --git a/data/CVE/2019.list b/data/CVE/2019.list index c79455e2d1..b11e38525f 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,47 @@ +CVE-2019-19539 + RESERVED +CVE-2019-19538 + RESERVED +CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) + TODO: check +CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) + TODO: check +CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) + TODO: check +CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...) + TODO: check +CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...) + TODO: check +CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...) + TODO: check +CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19522 + RESERVED +CVE-2019-19521 + RESERVED +CVE-2019-19520 + RESERVED +CVE-2019-19519 + RESERVED +CVE-2019-19518 + RESERVED CVE-2019-19517 RESERVED CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...) @@ -40,7 +84,7 @@ CVE-2019-19498 RESERVED CVE-2019-19497 RESERVED -CVE-2019-19496 (Alfresco Enterprise 5.2.4 allows stored XSS via an uploaded HTML docum ...) +CVE-2019-19496 (Alfresco Enterprise before 5.2.6 allows stored XSS via an uploaded HTM ...) NOT-FOR-US: Alfresco CVE-2019-19495 RESERVED @@ -131,14 +175,14 @@ CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 a [jessie] - linux <not-affected> (Vulnerability introduced later) CVE-2019-19461 RESERVED -CVE-2019-19460 - RESERVED -CVE-2019-19459 - RESERVED -CVE-2019-19458 - RESERVED -CVE-2019-19457 - RESERVED +CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...) + TODO: check +CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker ...) + TODO: check +CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data E ...) + TODO: check +CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...) + TODO: check CVE-2019-19456 RESERVED CVE-2019-19455 @@ -290,8 +334,8 @@ CVE-2019-19385 (A cross-site scripting (XSS) vulnerability in app/dialplans/dial NOT-FOR-US: FusionPBX CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php ...) NOT-FOR-US: FusionPBX -CVE-2019-19383 - RESERVED +CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...) + TODO: check CVE-2019-19382 RESERVED CVE-2019-19381 @@ -23724,7 +23768,7 @@ CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerab CVE-2019-10076 (A carefully crafted malicious attachment could trigger an XSS vulnerab ...) - jspwiki <removed> CVE-2019-10075 - RESERVED + REJECTED CVE-2019-10074 (An RCE is possible by entering Freemarker markup in an Apache OFBiz Fo ...) NOT-FOR-US: Apache OFBiz CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" ...) @@ -31750,10 +31794,10 @@ CVE-2019-7368 RESERVED CVE-2019-7367 RESERVED -CVE-2019-7366 - RESERVED -CVE-2019-7365 - RESERVED +CVE-2019-7366 (Buffer overflow vulnerability in Autodesk FBX Software Development Kit ...) + TODO: check +CVE-2019-7365 (DLL preloading vulnerability in Autodesk Desktop Application versions ...) + TODO: check CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...) NOT-FOR-US: Autodesk CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011, ...) @@ -38484,14 +38528,14 @@ CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scr NOT-FOR-US: IBM CVE-2019-4469 RESERVED -CVE-2019-4468 - RESERVED -CVE-2019-4467 - RESERVED +CVE-2019-4468 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) + TODO: check +CVE-2019-4467 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) + TODO: check CVE-2019-4466 RESERVED -CVE-2019-4465 - RESERVED +CVE-2019-4465 (IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored loc ...) + TODO: check CVE-2019-4464 RESERVED CVE-2019-4463 @@ -38968,8 +39012,8 @@ CVE-2019-4228 RESERVED CVE-2019-4227 (IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9 ...) NOT-FOR-US: IBM -CVE-2019-4226 - RESERVED +CVE-2019-4226 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) + TODO: check CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially ...) NOT-FOR-US: IBM CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQ ...) @@ -39160,8 +39204,8 @@ CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impro NOT-FOR-US: IBM CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...) NOT-FOR-US: IBM -CVE-2019-4130 - RESERVED +CVE-2019-4130 (IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to ...) + TODO: check CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...) NOT-FOR-US: IBM CVE-2019-4128 @@ -39224,8 +39268,8 @@ CVE-2019-4100 RESERVED CVE-2019-4099 RESERVED -CVE-2019-4098 - RESERVED +CVE-2019-4098 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) + TODO: check CVE-2019-4097 RESERVED CVE-2019-4096 @@ -39440,8 +39484,8 @@ CVE-2019-3992 RESERVED CVE-2019-3991 RESERVED -CVE-2019-3990 - RESERVED +CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the ...) + TODO: check CVE-2019-3989 RESERVED CVE-2019-3988 @@ -40373,10 +40417,10 @@ CVE-2019-3668 RESERVED CVE-2019-3667 RESERVED -CVE-2019-3666 - RESERVED -CVE-2019-3665 - RESERVED +CVE-2019-3666 (API Abuse/Misuse vulnerability in the web interface in McAfee Web Advi ...) + TODO: check +CVE-2019-3665 (Code Injection vulnerability in the web interface in McAfee Web Adviso ...) + TODO: check CVE-2019-3664 RESERVED CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...) |