diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-04-11 08:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-04-11 08:10:16 +0000 |
commit | 4fd5617be25c712dec62e925cd1ade424cb2204a (patch) | |
tree | 94e0eb8817aca270572a8b3f0a8501b2beabb0aa /data | |
parent | 99bb8f1f7836af6e42f6e49e769705d6c0ded44b (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2005 | 2 | ||||
-rw-r--r-- | data/CVE/list.2006 | 2 | ||||
-rw-r--r-- | data/CVE/list.2018 | 8 | ||||
-rw-r--r-- | data/CVE/list.2019 | 159 |
4 files changed, 105 insertions, 66 deletions
diff --git a/data/CVE/list.2005 b/data/CVE/list.2005 index ae04c12361..c1a3f99ea6 100644 --- a/data/CVE/list.2005 +++ b/data/CVE/list.2005 @@ -1,3 +1,5 @@ +CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version ...) + TODO: check CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for context-de ...) NOT-FOR-US: Generic protocol issue CVE-2005-4899 diff --git a/data/CVE/list.2006 b/data/CVE/list.2006 index f24c30bd61..a55e9762d8 100644 --- a/data/CVE/list.2006 +++ b/data/CVE/list.2006 @@ -1,3 +1,5 @@ +CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...) + TODO: check CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...) NOT-FOR-US: GE Healthcare Infinia II CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 88fe06385f..21ddab2790 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -4127,8 +4127,8 @@ CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb CVE-2018-19454 RESERVED -CVE-2018-19453 - RESERVED +CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...) + TODO: check CVE-2018-19452 RESERVED CVE-2018-19451 @@ -16103,8 +16103,8 @@ CVE-2018-14685 (The add function in www/Lib/Lib/Action/Admin/TplAction.class.php NOT-FOR-US: Gxlcms CVE-2018-14684 RESERVED -CVE-2018-14683 - RESERVED +CVE-2018-14683 (PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. ...) + TODO: check CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used i ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.17.14-1 diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 6c59f142f3..6d4f111abf 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -1,16 +1,49 @@ -CVE-2019-11067 +CVE-2019-11084 + RESERVED +CVE-2019-11083 + RESERVED +CVE-2019-11082 + RESERVED +CVE-2019-11081 + RESERVED +CVE-2019-11080 + RESERVED +CVE-2019-11079 + RESERVED +CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the uc ...) + TODO: check +CVE-2019-11077 (FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new a ...) + TODO: check +CVE-2019-11076 + RESERVED +CVE-2019-11075 RESERVED -CVE-2019-1003050 +CVE-2019-11074 RESERVED -CVE-2019-1003049 +CVE-2019-11073 RESERVED +CVE-2019-11072 (lighttpd before 1.4.54 has a signed integer overflow, which might allo ...) + TODO: check +CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly ap ...) + TODO: check +CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard conformi ...) + TODO: check +CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...) + TODO: check +CVE-2019-11067 + RESERVED +CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly ...) + TODO: check +CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...) + TODO: check CVE-2019-11066 RESERVED CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...) - gradle <unfixed> [stretch] - gradle <no-dsa> (Minor issue) NOTE: https://github.com/gradle/gradle/pull/8927 -CVE-2019-11071 [arbitrary code execution by any identified visitor] +CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ...) + {DSA-4429-1} - spip 3.2.4-1 (bug #926764) [jessie] - spip <not-affected> (SPIP 3.0 and earlier are not affected) NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html @@ -3911,8 +3944,8 @@ CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible NOT-FOR-US: Symantec CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...) NOT-FOR-US: Norton Core -CVE-2019-9694 - RESERVED +CVE-2019-9694 (Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptibl ...) + TODO: check CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...) NOT-FOR-US: CMS Made Simple CVE-2019-9692 (class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 doe ...) @@ -4440,16 +4473,19 @@ CVE-2019-9500 RESERVED CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element] RESERVED + {DSA-4430-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt NOTE: Patches: https://w1.fi/security/2019-4/ CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element] RESERVED + {DSA-4430-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt NOTE: Patches: https://w1.fi/security/2019-4/ CVE-2019-9497 [EAP-pwd server not checking for reflection attack] RESERVED + {DSA-4430-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt NOTE: Patches: https://w1.fi/security/2019-4/ @@ -4463,6 +4499,7 @@ CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP] NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1 CVE-2019-9495 [cache attack against EAP-pwd] RESERVED + {DSA-4430-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt NOTE: Patches: https://w1.fi/security/2019-2/ @@ -11276,8 +11313,8 @@ CVE-2019-6558 RESERVED CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...) NOT-FOR-US: Moxa -CVE-2019-6556 - RESERVED +CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...) + TODO: check CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...) NOT-FOR-US: Cscape CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...) @@ -16842,8 +16879,8 @@ CVE-2019-3945 RESERVED CVE-2019-3944 RESERVED -CVE-2019-3943 - RESERVED +CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...) + TODO: check CVE-2019-3942 RESERVED CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to ...) @@ -17697,8 +17734,8 @@ CVE-2019-3614 RESERVED CVE-2019-3613 RESERVED -CVE-2019-3612 - RESERVED +CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...) + TODO: check CVE-2019-3611 RESERVED CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...) @@ -24530,22 +24567,22 @@ CVE-2019-0287 RESERVED CVE-2019-0286 RESERVED -CVE-2019-0285 - RESERVED -CVE-2019-0284 - RESERVED -CVE-2019-0283 - RESERVED -CVE-2019-0282 - RESERVED +CVE-2019-0285 (The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio ( ...) + TODO: check +CVE-2019-0284 (SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not suf ...) + TODO: check +CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in versions ...) + TODO: check +CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...) + TODO: check CVE-2019-0281 RESERVED CVE-2019-0280 RESERVED -CVE-2019-0279 - RESERVED -CVE-2019-0278 - RESERVED +CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...) + TODO: check +CVE-2019-0278 (Under certain conditions the Monitoring Servlet of the SAP NetWeaver P ...) + TODO: check CVE-2019-0277 (SAP HANA extended application services, version 1, advanced does not s ...) NOT-FOR-US: SAP CVE-2019-0276 (Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Finan ...) @@ -24642,8 +24679,7 @@ CVE-2019-0231 RESERVED CVE-2019-0230 RESERVED -CVE-2019-0229 - RESERVED +CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...) - airflow <itp> (bug #819700) CVE-2019-0228 RESERVED @@ -24679,8 +24715,7 @@ CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condit - apache2 2.4.38-3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217 NOTE: https://svn.apache.org/r1855298 -CVE-2019-0216 - RESERVED +CVE-2019-0216 (A malicious admin user could edit the state of objects in the Airflow ...) - airflow <itp> (bug #819700) CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...) - apache2 2.4.38-3 @@ -25061,40 +25096,40 @@ CVE-2019-0046 RESERVED CVE-2019-0045 RESERVED -CVE-2019-0044 - RESERVED -CVE-2019-0043 - RESERVED -CVE-2019-0042 - RESERVED -CVE-2019-0041 - RESERVED -CVE-2019-0040 - RESERVED -CVE-2019-0039 - RESERVED -CVE-2019-0038 - RESERVED -CVE-2019-0037 - RESERVED -CVE-2019-0036 - RESERVED -CVE-2019-0035 - RESERVED -CVE-2019-0034 - RESERVED -CVE-2019-0033 - RESERVED -CVE-2019-0032 - RESERVED -CVE-2019-0031 - RESERVED +CVE-2019-0044 (Receipt of a specific packet on the out-of-band management interface f ...) + TODO: check +CVE-2019-0043 (In MPLS environments, receipt of a specific SNMP packet may cause the ...) + TODO: check +CVE-2019-0042 (Juniper Identity Management Service (JIMS) for Windows versions prior ...) + TODO: check +CVE-2019-0041 (On EX4300-MP Series devices with any lo0 filters applied, transit netw ...) + TODO: check +CVE-2019-0040 (On Junos OS, rpcbind should only be listening to port 111 on the inter ...) + TODO: check +CVE-2019-0039 (If REST API is enabled, the Junos OS login credentials are vulnerable ...) + TODO: check +CVE-2019-0038 (Crafted packets destined to the management interface (fxp0) of an SRX3 ...) + TODO: check +CVE-2019-0037 (In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environmen ...) + TODO: check +CVE-2019-0036 (When configuring a stateless firewall filter in Junos OS, terms named ...) + TODO: check +CVE-2019-0035 (When "set system ports console insecure" is enabled, root login is dis ...) + TODO: check +CVE-2019-0034 (Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface s ...) + TODO: check +CVE-2019-0033 (A firewall bypass vulnerability in the proxy ARP service of Juniper Ne ...) + TODO: check +CVE-2019-0032 (A password management issue exists where the Organization authenticati ...) + TODO: check +CVE-2019-0031 (Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a ...) + TODO: check CVE-2019-0030 (Juniper ATP uses DES and a hardcoded salt for password hashing, allowi ...) NOT-FOR-US: Juniper CVE-2019-0029 (Juniper ATP Series Splunk credentials are logged in a file readable by ...) NOT-FOR-US: Juniper -CVE-2019-0028 - RESERVED +CVE-2019-0028 (On Junos devices with the BGP graceful restart helper mode enabled or ...) + TODO: check CVE-2019-0027 (A persistent cross-site scripting (XSS) vulnerability in the Snort Rul ...) NOT-FOR-US: Juniper CVE-2019-0026 (A persistent cross-site scripting (XSS) vulnerability in the Zone conf ...) @@ -25111,8 +25146,8 @@ CVE-2019-0021 (On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", NOT-FOR-US: Juniper CVE-2019-0020 (Juniper ATP ships with hard coded credentials in the Web Collector ins ...) NOT-FOR-US: Juniper -CVE-2019-0019 - RESERVED +CVE-2019-0019 (When BGP tracing is enabled an incoming BGP message may cause the Juno ...) + TODO: check CVE-2019-0018 (A persistent cross-site scripting (XSS) vulnerability in the file uplo ...) NOT-FOR-US: Juniper CVE-2019-0017 (The Junos Space application, which allows Device Image files to be upl ...) @@ -25133,8 +25168,8 @@ CVE-2019-0010 (An SRX Series Service Gateway configured for Unified Threat Manag NOT-FOR-US: Juniper CVE-2019-0009 (On EX2300 and EX3400 series, high disk I/O operations may disrupt the ...) NOT-FOR-US: Juniper -CVE-2019-0008 - RESERVED +CVE-2019-0008 (A certain sequence of valid BGP or IPv6 BFD packets may trigger a stac ...) + TODO: check CVE-2019-0007 (The vMX Series software uses a predictable IP ID Sequence Number. This ...) NOT-FOR-US: Juniper CVE-2019-0006 (A certain crafted HTTP packet can trigger an uninitialized function po ...) |