[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 21 09:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb2e5586 by security tracker role at 2019-08-21T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,18 +1,139 @@
-CVE-2019-15292 [appletalk: Fix use-after-free in atalk_proc_exit]
+CVE-2019-15302
+ RESERVED
+CVE-2019-15301
+ RESERVED
+CVE-2019-15300
+ RESERVED
+CVE-2019-15299
+ RESERVED
+CVE-2019-15298
+ RESERVED
+CVE-2019-15297
+ RESERVED
+CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+ TODO: check
+CVE-2019-15295
+ RESERVED
+CVE-2019-15294
+ RESERVED
+CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
+ TODO: check
+CVE-2019-15289
+ RESERVED
+CVE-2019-15288
+ RESERVED
+CVE-2019-15287
+ RESERVED
+CVE-2019-15286
+ RESERVED
+CVE-2019-15285
+ RESERVED
+CVE-2019-15284
+ RESERVED
+CVE-2019-15283
+ RESERVED
+CVE-2019-15282
+ RESERVED
+CVE-2019-15281
+ RESERVED
+CVE-2019-15280
+ RESERVED
+CVE-2019-15279
+ RESERVED
+CVE-2019-15278
+ RESERVED
+CVE-2019-15277
+ RESERVED
+CVE-2019-15276
+ RESERVED
+CVE-2019-15275
+ RESERVED
+CVE-2019-15274
+ RESERVED
+CVE-2019-15273
+ RESERVED
+CVE-2019-15272
+ RESERVED
+CVE-2019-15271
+ RESERVED
+CVE-2019-15270
+ RESERVED
+CVE-2019-15269
+ RESERVED
+CVE-2019-15268
+ RESERVED
+CVE-2019-15267
+ RESERVED
+CVE-2019-15266
+ RESERVED
+CVE-2019-15265
+ RESERVED
+CVE-2019-15264
+ RESERVED
+CVE-2019-15263
+ RESERVED
+CVE-2019-15262
+ RESERVED
+CVE-2019-15261
+ RESERVED
+CVE-2019-15260
+ RESERVED
+CVE-2019-15259
+ RESERVED
+CVE-2019-15258
+ RESERVED
+CVE-2019-15257
+ RESERVED
+CVE-2019-15256
+ RESERVED
+CVE-2019-15255
+ RESERVED
+CVE-2019-15254
+ RESERVED
+CVE-2019-15253
+ RESERVED
+CVE-2019-15252
+ RESERVED
+CVE-2019-15251
+ RESERVED
+CVE-2019-15250
+ RESERVED
+CVE-2019-15249
+ RESERVED
+CVE-2019-15248
+ RESERVED
+CVE-2019-15247
+ RESERVED
+CVE-2019-15246
+ RESERVED
+CVE-2019-15245
+ RESERVED
+CVE-2019-15244
+ RESERVED
+CVE-2019-15243
+ RESERVED
+CVE-2019-15242
+ RESERVED
+CVE-2019-15241
+ RESERVED
+CVE-2019-15240
+ RESERVED
+CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There is a u ...)
- linux 4.19.37-1
-CVE-2019-15291 [general protection fault in flexcop_usb_probe]
+CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
-CVE-2019-15290 [general protection fault in ath6kl_usb_alloc_urb_from_pipe]
+CVE-2019-15290 (An issue was discovered in the Linux kernel through 5.2.9. There is a ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
-CVE-2019-15239 [TCP reconnection use-after-free]
+CVE-2019-15239 (In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was ...)
+ {DSA-4497-1 DLA-1884-1}
- linux 4.15.4-1
NOTE: https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf
NOTE: Workaround entry for main entry as the issue never affected upstream version
NOTE: actually and is specific to the stable versions backports.
-CVE-2019-15238
- RESERVED
+CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the ...)
+ TODO: check
CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...)
- roundcube <unfixed>
NOTE: https://github.com/roundcube/roundcubemail/issues/6891
@@ -22,8 +143,8 @@ CVE-2019-15235
RESERVED
CVE-2019-15234
RESERVED
-CVE-2019-15233
- RESERVED
+CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...)
+ TODO: check
CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...)
- liblivemedia <unfixed>
[jessie] - liblivemedia <postponed> (Can be fixed along with more important patches)
@@ -66,12 +187,14 @@ CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e
CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a ...)
+ {DLA-1884-1}
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/ef61eb43ada6c1d6b94668f0f514e4c268093ff3
CVE-2019-15215 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/eff73de2b1600ad8230692f00bc0ab49b166512a
CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There is a ...)
+ {DLA-1884-1}
- linux 4.19.37-1
CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...)
- linux <unfixed>
@@ -83,18 +206,18 @@ CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There
CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0
-CVE-2018-20978
- RESERVED
+CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
+ TODO: check
CVE-2018-20977
RESERVED
-CVE-2017-18569
- RESERVED
-CVE-2017-18568
- RESERVED
-CVE-2017-18567
- RESERVED
-CVE-2017-18566
- RESERVED
+CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18567 (The wp-all-import plugin before 3.4.6 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18566 (The user-role plugin before 1.5.6 for WordPress has multiple XSS issue ...)
+ TODO: check
CVE-2017-18565
RESERVED
CVE-2017-18564
@@ -121,12 +244,12 @@ CVE-2017-18554
RESERVED
CVE-2017-18553
RESERVED
-CVE-2016-10915
- RESERVED
-CVE-2016-10914
- RESERVED
-CVE-2016-10913
- RESERVED
+CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
+ TODO: check
+CVE-2016-10913 (The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. ...)
+ TODO: check
CVE-2016-10912
RESERVED
CVE-2016-10911
@@ -137,20 +260,20 @@ CVE-2016-10909
RESERVED
CVE-2016-10908
RESERVED
-CVE-2015-9332
- RESERVED
-CVE-2015-9331
- RESERVED
-CVE-2015-9330
- RESERVED
-CVE-2015-9329
- RESERVED
+CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...)
+ TODO: check
+CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention ...)
+ TODO: check
+CVE-2015-9330 (The wp-all-import plugin before 3.2.5 for WordPress has blind SQL inje ...)
+ TODO: check
+CVE-2015-9329 (The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. ...)
+ TODO: check
CVE-2015-9328
RESERVED
CVE-2015-9327
RESERVED
-CVE-2014-10381
- RESERVED
+CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...)
+ TODO: check
CVE-2014-10380
RESERVED
CVE-2014-10379
@@ -163,8 +286,8 @@ CVE-2012-6715
RESERVED
CVE-2012-6714
RESERVED
-CVE-2011-5328
- RESERVED
+CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...)
+ TODO: check
CVE-2019-15210
RESERVED
CVE-2019-15209
@@ -390,8 +513,8 @@ CVE-2019-15126
RESERVED
CVE-2019-15125
RESERVED
-CVE-2018-20975
- RESERVED
+CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/t ...)
+ TODO: check
CVE-2019-15124
RESERVED
CVE-2019-15123
@@ -516,22 +639,22 @@ CVE-2017-18535
RESERVED
CVE-2017-18534
RESERVED
-CVE-2017-18533
- RESERVED
-CVE-2017-18532
- RESERVED
-CVE-2017-18531
- RESERVED
-CVE-2017-18530
- RESERVED
-CVE-2017-18529
- RESERVED
-CVE-2017-18528
- RESERVED
-CVE-2017-18527
- RESERVED
-CVE-2017-18526
- RESERVED
+CVE-2017-18533 (The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18532 (The realty plugin before 1.1.0 for WordPress has multiple XSS issues. ...)
+ TODO: check
+CVE-2017-18531 (The raygun4wp plugin before 1.8.3 for WordPress has XSS in the setting ...)
+ TODO: check
+CVE-2017-18530 (The rating-bws plugin before 0.2 for WordPress has multiple XSS issues ...)
+ TODO: check
+CVE-2017-18529 (The promobar plugin before 1.1.1 for WordPress has multiple XSS issues ...)
+ TODO: check
+CVE-2017-18528 (The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issue ...)
+ TODO: check
+CVE-2017-18527 (The pagination plugin before 1.0.7 for WordPress has multiple XSS issu ...)
+ TODO: check
+CVE-2017-18526 (The moreads-se plugin before 1.4.7 for WordPress has XSS. ...)
+ TODO: check
CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
NOT-FOR-US: olimometer plugin for WordPress
CVE-2016-10903
@@ -550,8 +673,8 @@ CVE-2016-10897
RESERVED
CVE-2016-10896
RESERVED
-CVE-2016-10895
- RESERVED
+CVE-2016-10895 (The option-tree plugin before 2.6.0 for WordPress has XSS via an add_l ...)
+ TODO: check
CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPress ha ...)
NOT-FOR-US: wp-business-intelligence-lite plugin for WordPress
CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
@@ -564,8 +687,8 @@ CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for Word
NOT-FOR-US: erident-custom-login-and-dashboard plugin for WordPress
CVE-2015-9321
RESERVED
-CVE-2015-9320
- RESERVED
+CVE-2015-9320 (The option-tree plugin before 2.5.4 for WordPress has XSS related to a ...)
+ TODO: check
CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
NOT-FOR-US: i-recommend-this plugin for WordPress
CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
@@ -581,8 +704,8 @@ CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the L
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/c09581a52765a85f19fc35340127396d5e3379cc
-CVE-2019-15082
- RESERVED
+CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has reflect ...)
+ TODO: check
CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
NOT-FOR-US: OpenCart
CVE-2019-15080
@@ -621,40 +744,40 @@ CVE-2019-15064
RESERVED
CVE-2017-18525
RESERVED
-CVE-2017-18524
- RESERVED
-CVE-2017-18523
- RESERVED
-CVE-2017-18522
- RESERVED
+CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has multiple XSS i ...)
+ TODO: check
+CVE-2017-18523 (The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the ...)
+ TODO: check
+CVE-2017-18522 (The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the a ...)
+ TODO: check
CVE-2017-18521
RESERVED
-CVE-2017-18520
- RESERVED
-CVE-2017-18519
- RESERVED
-CVE-2017-18518
- RESERVED
-CVE-2017-18517
- RESERVED
+CVE-2017-18520 (The democracy-poll plugin before 5.4 for WordPress has XSS via update_ ...)
+ TODO: check
+CVE-2017-18519 (The customer-area plugin before 7.4.3 for WordPress has XSS via admin ...)
+ TODO: check
+CVE-2017-18518 (The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues ...)
+ TODO: check
+CVE-2017-18517 (The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS i ...)
+ TODO: check
CVE-2017-18516
RESERVED
CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
- xtrlock <unfixed> (bug #830726)
-CVE-2016-10893
- RESERVED
-CVE-2016-10892
- RESERVED
+CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
+ TODO: check
+CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
+ TODO: check
CVE-2016-10891
RESERVED
CVE-2016-10890
RESERVED
-CVE-2015-9319
- RESERVED
-CVE-2015-9318
- RESERVED
-CVE-2015-9317
- RESERVED
+CVE-2015-9319 (The gregs-high-performance-seo plugin before 1.6.2 for WordPress has X ...)
+ TODO: check
+CVE-2015-9318 (The awesome-support plugin before 3.1.7 for WordPress has a security i ...)
+ TODO: check
+CVE-2015-9317 (The awesome-support plugin before 3.1.7 for WordPress has XSS via cust ...)
+ TODO: check
CVE-2019-15063
RESERVED
CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an ...)
@@ -921,6 +1044,7 @@ CVE-2019-14971
RESERVED
CVE-2019-14970
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...)
NOT-FOR-US: Netwrix Auditor
@@ -1452,12 +1576,15 @@ CVE-2019-14779
RESERVED
CVE-2019-14778
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14777
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14776
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14775
RESERVED
@@ -1670,14 +1797,14 @@ CVE-2019-14689
RESERVED
CVE-2019-14688
RESERVED
-CVE-2019-14687
- RESERVED
+CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
+ TODO: check
CVE-2019-14686
RESERVED
CVE-2019-14685
RESERVED
-CVE-2019-14684
- RESERVED
+CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
+ TODO: check
CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
@@ -2031,12 +2158,15 @@ CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the
NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2019-14535
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14534
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14533
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14532 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...)
- sleuthkit <unfixed> (unimportant)
@@ -2127,6 +2257,7 @@ CVE-2019-14499
RESERVED
CVE-2019-14498
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
- milkytracker <unfixed> (bug #933964)
@@ -2865,9 +2996,11 @@ CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1pa
NOTE: https://savannah.nongnu.org/bugs/?45923
CVE-2019-14438
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14437
RESERVED
+ {DSA-4504-1}
- vlc 3.0.8-1
CVE-2019-14436
RESERVED
@@ -2886,8 +3019,8 @@ CVE-2019-14432 (Incorrect authentication of application WebSocket connections in
NOT-FOR-US: Loom Desktop for Mac
CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...)
- matrixssl <removed>
-CVE-2019-14430
- RESERVED
+CVE-2019-14430 (plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows S ...)
+ TODO: check
CVE-2019-14429
RESERVED
CVE-2019-14428
@@ -4072,6 +4205,7 @@ CVE-2019-13964
CVE-2019-13963
RESERVED
CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...)
+ {DSA-4504-1}
- vlc 3.0.8-1 (low)
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
@@ -5871,6 +6005,7 @@ CVE-2019-13604 (There is a short key vulnerability in HID Global DigitalPersona
CVE-2019-13603 (An issue was discovered in the HID Global DigitalPersona (formerly Cro ...)
NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver
CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...)
+ {DSA-4504-1}
- vlc 3.0.7.1-2 (bug #932131)
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
@@ -6060,8 +6195,8 @@ CVE-2019-13522
RESERVED
CVE-2019-13521
RESERVED
-CVE-2019-13520
- RESERVED
+CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...)
+ TODO: check
CVE-2019-13519
RESERVED
CVE-2019-13518
@@ -7793,8 +7928,8 @@ CVE-2019-12891
RESERVED
CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for database opera ...)
NOT-FOR-US: RedwoodHQ
-CVE-2019-12889
- RESERVED
+CVE-2019-12889 (An unauthenticated privilege escalation exists in SailPoint Desktop Pa ...)
+ TODO: check
CVE-2019-12888
REJECTED
CVE-2019-12887 (KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue ...)
@@ -10230,8 +10365,8 @@ CVE-2019-11926
RESERVED
CVE-2019-11925
RESERVED
-CVE-2019-11924
- RESERVED
+CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...)
+ TODO: check
CVE-2019-11923
RESERVED
CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...)
@@ -10507,8 +10642,8 @@ CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryp
NOT-FOR-US: Ratpack
CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...)
NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress
-CVE-2019-11806
- RESERVED
+CVE-2019-11806 (OX App Suite 7.10.1 and earlier has Insecure Permissions. ...)
+ TODO: check
CVE-2019-11805
RESERVED
CVE-2019-11804
@@ -11353,10 +11488,10 @@ CVE-2019-11524
RESERVED
CVE-2019-11523 (Anviz Global M3 Outdoor RFID Access Control executes any command recei ...)
NOT-FOR-US: Anviz Global M3 Outdoor RFID Access Control
-CVE-2019-11522
- RESERVED
-CVE-2019-11521
- RESERVED
+CVE-2019-11522 (OX App Suite 7.10.0 to 7.10.2 allows XSS. ...)
+ TODO: check
+CVE-2019-11521 (OX App Suite 7.10.1 allows Content Spoofing. ...)
+ TODO: check
CVE-2019-11520
RESERVED
CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in nopComme ...)
@@ -12204,8 +12339,8 @@ CVE-2019-11211
RESERVED
CVE-2019-11210
RESERVED
-CVE-2019-11209
- RESERVED
+CVE-2019-11209 (The realm configuration component of TIBCO Software Inc.'s TIBCO FTL C ...)
+ TODO: check
CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
NOT-FOR-US: TIBCO
CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...)
@@ -12851,8 +12986,8 @@ CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build
NOT-FOR-US: BD Alaris Gateway
CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
NOT-FOR-US: Advantech WebAccess HMI Designer
-CVE-2019-10960
- RESERVED
+CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipped wit ...)
+ TODO: check
CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
NOT-FOR-US: BD Alaris Gateway
CVE-2019-10958
@@ -13396,8 +13531,8 @@ CVE-2019-10746 [prototype pollution]
NOTE: https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
NOTE: https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6
-CVE-2019-10745
- RESERVED
+CVE-2019-10745 (assign-deep is vulnerable to Prototype Pollution in versions before 0. ...)
+ TODO: check
CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ...)
- node-lodash 4.17.15+dfsg-1 (bug #933079)
[buster] - node-lodash <no-dsa> (Minor issue; can be fixed in point release)
@@ -15176,8 +15311,7 @@ CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apac
NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
CVE-2019-10087
RESERVED
-CVE-2019-10086 [BeanUtils2 mitigate CVE-2014-0114]
- RESERVED
+CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...)
- commons-beanutils 1.9.4-1
NOTE: https://issues.apache.org/jira/browse/BEANUTILS-520
NOTE: https://github.com/apache/commons-beanutils/pull/7
@@ -21249,32 +21383,32 @@ CVE-2019-8108
RESERVED
CVE-2019-8107
RESERVED
-CVE-2019-8106
- RESERVED
-CVE-2019-8105
- RESERVED
-CVE-2019-8104
- RESERVED
-CVE-2019-8103
- RESERVED
-CVE-2019-8102
- RESERVED
-CVE-2019-8101
- RESERVED
-CVE-2019-8100
- RESERVED
-CVE-2019-8099
- RESERVED
-CVE-2019-8098
- RESERVED
-CVE-2019-8097
- RESERVED
-CVE-2019-8096
- RESERVED
-CVE-2019-8095
- RESERVED
-CVE-2019-8094
- RESERVED
+CVE-2019-8106 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8105 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8104 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8103 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8102 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8101 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8100 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8099 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8098 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8097 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8096 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8095 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8094 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
CVE-2019-8093
RESERVED
CVE-2019-8092
@@ -21307,8 +21441,8 @@ CVE-2019-8079
RESERVED
CVE-2019-8078
RESERVED
-CVE-2019-8077
- RESERVED
+CVE-2019-8077 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
CVE-2019-8076
RESERVED
CVE-2019-8075
@@ -21339,126 +21473,126 @@ CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions hav
NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...)
NOT-FOR-US: Adobe
-CVE-2019-8061
- RESERVED
-CVE-2019-8060
- RESERVED
-CVE-2019-8059
- RESERVED
-CVE-2019-8058
- RESERVED
-CVE-2019-8057
- RESERVED
-CVE-2019-8056
- RESERVED
-CVE-2019-8055
- RESERVED
-CVE-2019-8054
- RESERVED
-CVE-2019-8053
- RESERVED
-CVE-2019-8052
- RESERVED
-CVE-2019-8051
- RESERVED
-CVE-2019-8050
- RESERVED
-CVE-2019-8049
- RESERVED
-CVE-2019-8048
- RESERVED
-CVE-2019-8047
- RESERVED
-CVE-2019-8046
- RESERVED
-CVE-2019-8045
- RESERVED
-CVE-2019-8044
- RESERVED
-CVE-2019-8043
- RESERVED
-CVE-2019-8042
- RESERVED
-CVE-2019-8041
- RESERVED
-CVE-2019-8040
- RESERVED
-CVE-2019-8039
- RESERVED
-CVE-2019-8038
- RESERVED
-CVE-2019-8037
- RESERVED
-CVE-2019-8036
- RESERVED
-CVE-2019-8035
- RESERVED
-CVE-2019-8034
- RESERVED
-CVE-2019-8033
- RESERVED
-CVE-2019-8032
- RESERVED
-CVE-2019-8031
- RESERVED
-CVE-2019-8030
- RESERVED
-CVE-2019-8029
- RESERVED
-CVE-2019-8028
- RESERVED
-CVE-2019-8027
- RESERVED
-CVE-2019-8026
- RESERVED
-CVE-2019-8025
- RESERVED
-CVE-2019-8024
- RESERVED
-CVE-2019-8023
- RESERVED
-CVE-2019-8022
- RESERVED
-CVE-2019-8021
- RESERVED
-CVE-2019-8020
- RESERVED
-CVE-2019-8019
- RESERVED
-CVE-2019-8018
- RESERVED
-CVE-2019-8017
- RESERVED
-CVE-2019-8016
- RESERVED
-CVE-2019-8015
- RESERVED
-CVE-2019-8014
- RESERVED
-CVE-2019-8013
- RESERVED
-CVE-2019-8012
- RESERVED
-CVE-2019-8011
- RESERVED
-CVE-2019-8010
- RESERVED
-CVE-2019-8009
- RESERVED
-CVE-2019-8008
- RESERVED
-CVE-2019-8007
- RESERVED
-CVE-2019-8006
- RESERVED
-CVE-2019-8005
- RESERVED
-CVE-2019-8004
- RESERVED
-CVE-2019-8003
- RESERVED
-CVE-2019-8002
- RESERVED
+CVE-2019-8061 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8060 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8059 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8058 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8057 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8056 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8055 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8054 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8053 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8052 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8051 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8050 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8049 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8048 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8047 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8046 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8045 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8044 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8043 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8042 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8041 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8040 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8039 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8038 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8037 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8036 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8035 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8034 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8033 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8032 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8031 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8030 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8029 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8028 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8027 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8026 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8025 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8024 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8023 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8022 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8021 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8020 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8019 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8018 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8017 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8016 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8015 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8014 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8013 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8012 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8011 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8010 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8009 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+ TODO: check
+CVE-2019-8008 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8007 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8006 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8005 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8004 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8003 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
+CVE-2019-8002 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
CVE-2019-8001
RESERVED
CVE-2019-8000
@@ -21531,8 +21665,8 @@ CVE-2019-7967
RESERVED
CVE-2019-7966
RESERVED
-CVE-2019-7965
- RESERVED
+CVE-2019-7965 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+ TODO: check
CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an authentication ...)
NOT-FOR-US: Adobe Experience Manager
CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of boun ...)
@@ -21797,7 +21931,7 @@ CVE-2019-7834 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201
NOT-FOR-US: Adobe
CVE-2019-7833 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7832 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
+CVE-2019-7832 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
NOT-FOR-US: Adobe
CVE-2019-7831 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
@@ -22409,10 +22543,10 @@ CVE-2019-7596
RESERVED
CVE-2019-7595
RESERVED
-CVE-2019-7594
- RESERVED
-CVE-2019-7593
- RESERVED
+CVE-2019-7594 (Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...)
+ TODO: check
+CVE-2019-7593 (Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...)
+ TODO: check
CVE-2019-7592
RESERVED
CVE-2019-7591
@@ -26179,8 +26313,8 @@ CVE-2019-6145
RESERVED
CVE-2019-6144
RESERVED
-CVE-2019-6143
- RESERVED
+CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...)
+ TODO: check
CVE-2019-6142
RESERVED
CVE-2019-6141
@@ -28932,20 +29066,20 @@ CVE-2019-5042
RESERVED
CVE-2019-5041
RESERVED
-CVE-2019-5040
- RESERVED
-CVE-2019-5039
- RESERVED
-CVE-2019-5038
- RESERVED
-CVE-2019-5037
- RESERVED
-CVE-2019-5036
- RESERVED
-CVE-2019-5035
- RESERVED
-CVE-2019-5034
- RESERVED
+CVE-2019-5040 (An exploitable information disclosure vulnerability exists in the Weav ...)
+ TODO: check
+CVE-2019-5039 (An exploitable command execution vulnerability exists in the ASN1 cert ...)
+ TODO: check
+CVE-2019-5038 (An exploitable command execution vulnerability exists in the print-tlv ...)
+ TODO: check
+CVE-2019-5037 (An exploitable denial-of-service vulnerability exists in the Weave cer ...)
+ TODO: check
+CVE-2019-5036 (An exploitable denial-of-service vulnerability exists in the Weave err ...)
+ TODO: check
+CVE-2019-5035 (An exploitable information disclosure vulnerability exists in the Weav ...)
+ TODO: check
+CVE-2019-5034 (An exploitable information disclosure vulnerability exists in the Weav ...)
+ TODO: check
CVE-2019-5033
RESERVED
CVE-2019-5032
@@ -30083,16 +30217,16 @@ CVE-2019-4487
RESERVED
CVE-2019-4486
RESERVED
-CVE-2019-4485
- RESERVED
-CVE-2019-4484
- RESERVED
-CVE-2019-4483
- RESERVED
-CVE-2019-4482
- RESERVED
-CVE-2019-4481
- RESERVED
+CVE-2019-4485 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
+ TODO: check
+CVE-2019-4484 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
+ TODO: check
+CVE-2019-4483 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...)
+ TODO: check
+CVE-2019-4482 (IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cro ...)
+ TODO: check
+CVE-2019-4481 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...)
+ TODO: check
CVE-2019-4480
RESERVED
CVE-2019-4479
@@ -30133,8 +30267,8 @@ CVE-2019-4462
RESERVED
CVE-2019-4461
RESERVED
-CVE-2019-4460
- RESERVED
+CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
+ TODO: check
CVE-2019-4459
RESERVED
CVE-2019-4458
@@ -30179,16 +30313,16 @@ CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate ses
NOT-FOR-US: IBM
CVE-2019-4438
RESERVED
-CVE-2019-4437
- RESERVED
+CVE-2019-4437 (IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensi ...)
+ TODO: check
CVE-2019-4436
RESERVED
CVE-2019-4435
RESERVED
CVE-2019-4434
RESERVED
-CVE-2019-4433
- RESERVED
+CVE-2019-4433 (IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere I ...)
+ TODO: check
CVE-2019-4432
RESERVED
CVE-2019-4431
@@ -30203,20 +30337,20 @@ CVE-2019-4427
RESERVED
CVE-2019-4426
RESERVED
-CVE-2019-4425
- RESERVED
-CVE-2019-4424
- RESERVED
+CVE-2019-4425 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
+ TODO: check
+CVE-2019-4424 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
+ TODO: check
CVE-2019-4423
RESERVED
CVE-2019-4422
RESERVED
CVE-2019-4421
RESERVED
-CVE-2019-4420
- RESERVED
-CVE-2019-4419
- RESERVED
+CVE-2019-4420 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose ...)
+ TODO: check
+CVE-2019-4419 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable ...)
+ TODO: check
CVE-2019-4418
RESERVED
CVE-2019-4417
@@ -30249,8 +30383,8 @@ CVE-2019-4404
RESERVED
CVE-2019-4403 (IBM Connections 6.0 is vulnerable to cross-site scripting. This vulner ...)
NOT-FOR-US: IBM
-CVE-2019-4402
- RESERVED
+CVE-2019-4402 (IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow ...)
+ TODO: check
CVE-2019-4401
RESERVED
CVE-2019-4400
@@ -30373,12 +30507,12 @@ CVE-2019-4342
RESERVED
CVE-2019-4341
RESERVED
-CVE-2019-4340
- RESERVED
+CVE-2019-4340 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable ...)
+ TODO: check
CVE-2019-4339
RESERVED
-CVE-2019-4338
- RESERVED
+CVE-2019-4338 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not prop ...)
+ TODO: check
CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
NOT-FOR-US: IBM
CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses an ina ...)
@@ -30433,12 +30567,12 @@ CVE-2019-4312
RESERVED
CVE-2019-4311
RESERVED
-CVE-2019-4310
- RESERVED
+CVE-2019-4310 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inade ...)
+ TODO: check
CVE-2019-4309
RESERVED
-CVE-2019-4308
- RESERVED
+CVE-2019-4308 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
+ TODO: check
CVE-2019-4307
RESERVED
CVE-2019-4306
@@ -30465,8 +30599,8 @@ CVE-2019-4296 (IBM Robotic Process Automation with Automation Anywhere 11 inform
NOT-FOR-US: IBM
CVE-2019-4295 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
NOT-FOR-US: IBM
-CVE-2019-4294
- RESERVED
+CVE-2019-4294 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7 ...)
+ TODO: check
CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...)
NOT-FOR-US: IBM
CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
@@ -30547,8 +30681,8 @@ CVE-2019-4255
RESERVED
CVE-2019-4254
RESERVED
-CVE-2019-4253
- RESERVED
+CVE-2019-4253 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+ TODO: check
CVE-2019-4252 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 co ...)
NOT-FOR-US: IBM
CVE-2019-4251
@@ -30719,8 +30853,8 @@ CVE-2019-4169
RESERVED
CVE-2019-4168
RESERVED
-CVE-2019-4167
- RESERVED
+CVE-2019-4167 (IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which c ...)
+ TODO: check
CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...)
NOT-FOR-US: IBM
CVE-2019-4165 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to ...)
@@ -30813,14 +30947,14 @@ CVE-2019-4122
RESERVED
CVE-2019-4121
RESERVED
-CVE-2019-4120
- RESERVED
+CVE-2019-4120 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scriptin ...)
+ TODO: check
CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...)
NOT-FOR-US: IBM
CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could all ...)
NOT-FOR-US: IBM
-CVE-2019-4117
- RESERVED
+CVE-2019-4117 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request ...)
+ TODO: check
CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensit ...)
NOT-FOR-US: IBM
CVE-2019-4115
@@ -30955,8 +31089,8 @@ CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose syste
NOT-FOR-US: IBM
CVE-2019-4050
RESERVED
-CVE-2019-4049
- RESERVED
+CVE-2019-4049 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial ...)
+ TODO: check
CVE-2019-4048 (IBM Maximo Asset Management 7.6 could allow a physical user of the sys ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated us ...)
@@ -31117,18 +31251,18 @@ CVE-2019-3970 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arb
NOT-FOR-US: Comodo Antivirus
CVE-2019-3969 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Pr ...)
NOT-FOR-US: Comodo Antivirus
-CVE-2019-3968
- RESERVED
-CVE-2019-3967
- RESERVED
-CVE-2019-3966
- RESERVED
-CVE-2019-3965
- RESERVED
-CVE-2019-3964
- RESERVED
-CVE-2019-3963
- RESERVED
+CVE-2019-3968 (In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute ar ...)
+ TODO: check
+CVE-2019-3967 (In OpenEMR 5.0.1 and earlier, the patient file download interface cont ...)
+ TODO: check
+CVE-2019-3966 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
+ TODO: check
+CVE-2019-3965 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
+ TODO: check
+CVE-2019-3964 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
+ TODO: check
+CVE-2019-3963 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
+ TODO: check
CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may a ...)
NOT-FOR-US: Nessus
CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...)
@@ -31822,8 +31956,8 @@ CVE-2019-3755
RESERVED
CVE-2019-3754
RESERVED
-CVE-2019-3753
- RESERVED
+CVE-2019-3753 (Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K runn ...)
+ TODO: check
CVE-2019-3752
RESERVED
CVE-2019-3751
@@ -37302,42 +37436,42 @@ CVE-2019-2139
RESERVED
CVE-2019-2138
RESERVED
-CVE-2019-2137
- RESERVED
-CVE-2019-2136
- RESERVED
-CVE-2019-2135
- RESERVED
-CVE-2019-2134
- RESERVED
-CVE-2019-2133
- RESERVED
-CVE-2019-2132
- RESERVED
-CVE-2019-2131
- RESERVED
-CVE-2019-2130
- RESERVED
-CVE-2019-2129
- RESERVED
-CVE-2019-2128
- RESERVED
-CVE-2019-2127
- RESERVED
-CVE-2019-2126
- RESERVED
-CVE-2019-2125
- RESERVED
+CVE-2019-2137 (In the endCall() function of TelecomManager.java, there is a possible ...)
+ TODO: check
+CVE-2019-2136 (In Status::readFromParcel of Status.cpp, there is a possible out of bo ...)
+ TODO: check
+CVE-2019-2135 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...)
+ TODO: check
+CVE-2019-2134 (In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a po ...)
+ TODO: check
+CVE-2019-2133 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...)
+ TODO: check
+CVE-2019-2132 (It is possible to overlay the VPN dialog by a malicious application. T ...)
+ TODO: check
+CVE-2019-2131 (An application with overlay permission can display overlays on top of ...)
+ TODO: check
+CVE-2019-2130 (In CompilationJob::FinalizeJob of compiler.cc, there is a possible rem ...)
+ TODO: check
+CVE-2019-2129 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...)
+ TODO: check
+CVE-2019-2128 (In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2019-2127 (In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, ...)
+ TODO: check
+CVE-2019-2126 (In ParseContentEncodingEntry of mkvparser.cc, there is a possible doub ...)
+ TODO: check
+CVE-2019-2125 (In ChangeDefaultDialerDialog.java, there is a possible escalation of p ...)
+ TODO: check
CVE-2019-2124
RESERVED
CVE-2019-2123
RESERVED
-CVE-2019-2122
- RESERVED
-CVE-2019-2121
- RESERVED
-CVE-2019-2120
- RESERVED
+CVE-2019-2122 (In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.j ...)
+ TODO: check
+CVE-2019-2121 (In ActivityManagerService.attachApplication of ActivityManagerService, ...)
+ TODO: check
+CVE-2019-2120 (In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there i ...)
+ TODO: check
CVE-2019-2119 (In multiple functions of key_store_service.cpp, there is a possible In ...)
NOT-FOR-US: Android
CVE-2019-2118 (In various functions of Parcel.cpp, there are uninitialized or partial ...)
@@ -46943,8 +47077,8 @@ CVE-2018-18058 (An issue was discovered in Bitdefender Engines before 7.76662. A
NOT-FOR-US: Bitdefender
CVE-2018-18057
RESERVED
-CVE-2018-18056
- RESERVED
+CVE-2018-18056 (An issue was discovered in the Texas Instruments (TI) TM4C microcontro ...)
+ TODO: check
CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...)
- rustc 1.30.0+dfsg1-1
[stretch] - rustc <not-affected> (Introduced in 1.26)
@@ -91607,8 +91741,8 @@ CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulner
NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterpri ...)
NOT-FOR-US: IBM
-CVE-2018-1796
- RESERVED
+CVE-2018-1796 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+ TODO: check
CVE-2018-1795 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10 ...)
NOT-FOR-US: IBM
CVE-2018-1794 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ea ...)
@@ -91927,20 +92061,20 @@ CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce
NOT-FOR-US: IBM
CVE-2018-1637
RESERVED
-CVE-2018-1636
- RESERVED
-CVE-2018-1635
- RESERVED
-CVE-2018-1634
- RESERVED
-CVE-2018-1633
- RESERVED
-CVE-2018-1632
- RESERVED
-CVE-2018-1631
- RESERVED
-CVE-2018-1630
- RESERVED
+CVE-2018-1636 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
+ TODO: check
+CVE-2018-1635 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
+ TODO: check
+CVE-2018-1634 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+ TODO: check
+CVE-2018-1633 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+ TODO: check
+CVE-2018-1632 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+ TODO: check
+CVE-2018-1631 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+ TODO: check
+CVE-2018-1630 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+ TODO: check
CVE-2018-1629
RESERVED
CVE-2018-1628
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb2e55863808cfa6595e0d72185cde7fc80f4a66
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb2e55863808cfa6595e0d72185cde7fc80f4a66
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190821/450625e0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list