automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-12-03 20:10:19 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-12-03 20:10:19 +0000
commit: 24435d387ad0b4cbe4456381380da39bdc7f7e41 (patch)
tree: 7e716bbef41045a5259d7f96e8c684c734e53f23
parent: 6e98fea9287c1c366bfc4c5d645541697775637f (diff)
2 files changed, 85 insertions, 48 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index a9f1fb233c..51543c2e48 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -7782,8 +7782,7 @@ CVE-2013-4487 (Off-by-one error in the dane_raw_tlsa in the DANE library (libdan
 	- gnutls28 <not-affected> (libdane is not built; original patch for CVE-2013-4466 not applied)
 	- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
 	NOTE: off-by one issue in original fix for CVE-2013-4466
-CVE-2013-4486
-	RESERVED
+CVE-2013-4486 (Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging ...)
 	NOT-FOR-US: Zanata
 CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8. ...)
 	- 389-ds-base 1.3.2.9-1 (bug #730115)
@@ -8032,8 +8031,7 @@ CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from
 	[wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
 	[squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
 	NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
-CVE-2013-4411
-	RESERVED
+CVE-2013-4411 (Review Board: URL processing gives unauthorized users access to review ...)
 	- reviewboard <itp> (bug #653113)
 CVE-2013-4410 (ReviewBoard: has an access-control problem in REST API ...)
 	- reviewboard <itp> (bug #653113)
@@ -8689,8 +8687,7 @@ CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc
 	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
 CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged  ...)
 	- vdsm <itp> (bug #668538)
-CVE-2013-4235 [TOCTOU race conditions by copying and removing directory trees]
-	RESERVED
+CVE-2013-4235 (shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...)
 	- shadow <unfixed> (unimportant; bug #778950)
 CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2)  ...)
 	{DSA-2751-1}
@@ -13661,8 +13658,7 @@ CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allo
 	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
 CVE-2013-2229
 	REJECTED
-CVE-2013-2228 [RSA exponent of 1]
-	RESERVED
+CVE-2013-2228 (SaltStack RSA Key Generation allows remote users to decrypt communicat ...)
 	- salt 0.15.1-1
 	NOTE: https://github.com/saltstack/salt/commit/e8ce66cf688b43aeb3e716e78b1af3a08e9940e3
 CVE-2013-2227 (GLPI 0.83.7 has Local File Inclusion in common.tabs.php. ...)
@@ -14081,8 +14077,7 @@ CVE-2013-2108
 	NOT-FOR-US: WordPress plugin wp-cleanfix
 CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update  ...)
 	NOT-FOR-US: WordPress plugin mail-on-update
-CVE-2013-2106 [Authentication credential disclosure]
-	RESERVED
+CVE-2013-2106 (webauth before 4.6.1 has authentication credential disclosure ...)
 	- webauth <not-affected> (vulnerable code only in 4.4.1 up to 4.5.2)
 CVE-2013-2105 (The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local  ...)
 	NOT-FOR-US: Show In Browser Ruby Gem
@@ -14094,13 +14089,11 @@ CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone
 	NOTE: Keystone Folsom fix: https://review.openstack.org/#/c/30743/
 	NOTE: python-keystoneclient fix: https://review.openstack.org/#/c/30742/
 	NOTE: Starting with 2013.1-1 code in keystone/middleware/auth_token.py moved to python-keystoneclient
-CVE-2013-2103
-	RESERVED
+CVE-2013-2103 (OpenShift cartridge allows remote URL retrieval ...)
 	NOT-FOR-US: OpenShift
 CVE-2013-2102 (The default configuration of Red Hat JBoss Portal before 6.1.0 enables ...)
 	NOT-FOR-US: GateIn Portal
-CVE-2013-2101
-	RESERVED
+CVE-2013-2101 (Katello has multiple XSS issues in various entities ...)
 	NOT-FOR-US: Katello
 CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...)
 	NOT-FOR-US: Gentoo Portage binary package installer
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index c79455e2d1..b11e38525f 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,47 @@
+CVE-2019-19539
+	RESERVED
+CVE-2019-19538
+	RESERVED
+CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that  ...)
+	TODO: check
+CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
+	TODO: check
+CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
+	TODO: check
+CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can  ...)
+	TODO: check
+CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...)
+	TODO: check
+CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...)
+	TODO: check
+CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...)
+	TODO: check
+CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that  ...)
+	TODO: check
+CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that  ...)
+	TODO: check
+CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
+	TODO: check
+CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that  ...)
+	TODO: check
+CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...)
+	TODO: check
+CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...)
+	TODO: check
+CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that  ...)
+	TODO: check
+CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
+	TODO: check
+CVE-2019-19522
+	RESERVED
+CVE-2019-19521
+	RESERVED
+CVE-2019-19520
+	RESERVED
+CVE-2019-19519
+	RESERVED
+CVE-2019-19518
+	RESERVED
 CVE-2019-19517
 	RESERVED
 CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...)
@@ -40,7 +84,7 @@ CVE-2019-19498
 	RESERVED
 CVE-2019-19497
 	RESERVED
-CVE-2019-19496 (Alfresco Enterprise 5.2.4 allows stored XSS via an uploaded HTML docum ...)
+CVE-2019-19496 (Alfresco Enterprise before 5.2.6 allows stored XSS via an uploaded HTM ...)
 	NOT-FOR-US: Alfresco
 CVE-2019-19495
 	RESERVED
@@ -131,14 +175,14 @@ CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 a
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 CVE-2019-19461
 	RESERVED
-CVE-2019-19460
-	RESERVED
-CVE-2019-19459
-	RESERVED
-CVE-2019-19458
-	RESERVED
-CVE-2019-19457
-	RESERVED
+CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...)
+	TODO: check
+CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker  ...)
+	TODO: check
+CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data E ...)
+	TODO: check
+CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
+	TODO: check
 CVE-2019-19456
 	RESERVED
 CVE-2019-19455
@@ -290,8 +334,8 @@ CVE-2019-19385 (A cross-site scripting (XSS) vulnerability in app/dialplans/dial
 	NOT-FOR-US: FusionPBX
 CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php ...)
 	NOT-FOR-US: FusionPBX
-CVE-2019-19383
-	RESERVED
+CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...)
+	TODO: check
 CVE-2019-19382
 	RESERVED
 CVE-2019-19381
@@ -23724,7 +23768,7 @@ CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerab
 CVE-2019-10076 (A carefully crafted malicious attachment could trigger an XSS vulnerab ...)
 	- jspwiki <removed>
 CVE-2019-10075
-	RESERVED
+	REJECTED
 CVE-2019-10074 (An RCE is possible by entering Freemarker markup in an Apache OFBiz Fo ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template "ecommerce"  ...)
@@ -31750,10 +31794,10 @@ CVE-2019-7368
 	RESERVED
 CVE-2019-7367
 	RESERVED
-CVE-2019-7366
-	RESERVED
-CVE-2019-7365
-	RESERVED
+CVE-2019-7366 (Buffer overflow vulnerability in Autodesk FBX Software Development Kit ...)
+	TODO: check
+CVE-2019-7365 (DLL preloading vulnerability in Autodesk Desktop Application versions  ...)
+	TODO: check
 CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...)
 	NOT-FOR-US: Autodesk
 CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011,  ...)
@@ -38484,14 +38528,14 @@ CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scr
 	NOT-FOR-US: IBM
 CVE-2019-4469
 	RESERVED
-CVE-2019-4468
-	RESERVED
-CVE-2019-4467
-	RESERVED
+CVE-2019-4468 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+	TODO: check
+CVE-2019-4467 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+	TODO: check
 CVE-2019-4466
 	RESERVED
-CVE-2019-4465
-	RESERVED
+CVE-2019-4465 (IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored loc ...)
+	TODO: check
 CVE-2019-4464
 	RESERVED
 CVE-2019-4463
@@ -38968,8 +39012,8 @@ CVE-2019-4228
 	RESERVED
 CVE-2019-4227 (IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9 ...)
 	NOT-FOR-US: IBM
-CVE-2019-4226
-	RESERVED
+CVE-2019-4226 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+	TODO: check
 CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQ ...)
@@ -39160,8 +39204,8 @@ CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impro
 	NOT-FOR-US: IBM
 CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...)
 	NOT-FOR-US: IBM
-CVE-2019-4130
-	RESERVED
+CVE-2019-4130 (IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to  ...)
+	TODO: check
 CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...)
 	NOT-FOR-US: IBM
 CVE-2019-4128
@@ -39224,8 +39268,8 @@ CVE-2019-4100
 	RESERVED
 CVE-2019-4099
 	RESERVED
-CVE-2019-4098
-	RESERVED
+CVE-2019-4098 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+	TODO: check
 CVE-2019-4097
 	RESERVED
 CVE-2019-4096
@@ -39440,8 +39484,8 @@ CVE-2019-3992
 	RESERVED
 CVE-2019-3991
 	RESERVED
-CVE-2019-3990
-	RESERVED
+CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the  ...)
+	TODO: check
 CVE-2019-3989
 	RESERVED
 CVE-2019-3988
@@ -40373,10 +40417,10 @@ CVE-2019-3668
 	RESERVED
 CVE-2019-3667
 	RESERVED
-CVE-2019-3666
-	RESERVED
-CVE-2019-3665
-	RESERVED
+CVE-2019-3666 (API Abuse/Misuse vulnerability in the web interface in McAfee Web Advi ...)
+	TODO: check
+CVE-2019-3665 (Code Injection vulnerability in the web interface in McAfee Web Adviso ...)
+	TODO: check
 CVE-2019-3664
 	RESERVED
 CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...)
author	security tracker role <sectracker@soriano.debian.org>	2019-12-03 20:10:19 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-12-03 20:10:19 +0000
commit	24435d387ad0b4cbe4456381380da39bdc7f7e41 (patch)
tree	7e716bbef41045a5259d7f96e8c684c734e53f23
parent	6e98fea9287c1c366bfc4c5d645541697775637f (diff)