[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Aug 21 09:10:29 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb2e5586 by security tracker role at 2019-08-21T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,18 +1,139 @@
-CVE-2019-15292 [appletalk: Fix use-after-free in atalk_proc_exit]
+CVE-2019-15302
+	RESERVED
+CVE-2019-15301
+	RESERVED
+CVE-2019-15300
+	RESERVED
+CVE-2019-15299
+	RESERVED
+CVE-2019-15298
+	RESERVED
+CVE-2019-15297
+	RESERVED
+CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+	TODO: check
+CVE-2019-15295
+	RESERVED
+CVE-2019-15294
+	RESERVED
+CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
+	TODO: check
+CVE-2019-15289
+	RESERVED
+CVE-2019-15288
+	RESERVED
+CVE-2019-15287
+	RESERVED
+CVE-2019-15286
+	RESERVED
+CVE-2019-15285
+	RESERVED
+CVE-2019-15284
+	RESERVED
+CVE-2019-15283
+	RESERVED
+CVE-2019-15282
+	RESERVED
+CVE-2019-15281
+	RESERVED
+CVE-2019-15280
+	RESERVED
+CVE-2019-15279
+	RESERVED
+CVE-2019-15278
+	RESERVED
+CVE-2019-15277
+	RESERVED
+CVE-2019-15276
+	RESERVED
+CVE-2019-15275
+	RESERVED
+CVE-2019-15274
+	RESERVED
+CVE-2019-15273
+	RESERVED
+CVE-2019-15272
+	RESERVED
+CVE-2019-15271
+	RESERVED
+CVE-2019-15270
+	RESERVED
+CVE-2019-15269
+	RESERVED
+CVE-2019-15268
+	RESERVED
+CVE-2019-15267
+	RESERVED
+CVE-2019-15266
+	RESERVED
+CVE-2019-15265
+	RESERVED
+CVE-2019-15264
+	RESERVED
+CVE-2019-15263
+	RESERVED
+CVE-2019-15262
+	RESERVED
+CVE-2019-15261
+	RESERVED
+CVE-2019-15260
+	RESERVED
+CVE-2019-15259
+	RESERVED
+CVE-2019-15258
+	RESERVED
+CVE-2019-15257
+	RESERVED
+CVE-2019-15256
+	RESERVED
+CVE-2019-15255
+	RESERVED
+CVE-2019-15254
+	RESERVED
+CVE-2019-15253
+	RESERVED
+CVE-2019-15252
+	RESERVED
+CVE-2019-15251
+	RESERVED
+CVE-2019-15250
+	RESERVED
+CVE-2019-15249
+	RESERVED
+CVE-2019-15248
+	RESERVED
+CVE-2019-15247
+	RESERVED
+CVE-2019-15246
+	RESERVED
+CVE-2019-15245
+	RESERVED
+CVE-2019-15244
+	RESERVED
+CVE-2019-15243
+	RESERVED
+CVE-2019-15242
+	RESERVED
+CVE-2019-15241
+	RESERVED
+CVE-2019-15240
+	RESERVED
+CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There is a u ...)
 	- linux 4.19.37-1
-CVE-2019-15291 [general protection fault in flexcop_usb_probe]
+CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a  ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
-CVE-2019-15290 [general protection fault in ath6kl_usb_alloc_urb_from_pipe]
+CVE-2019-15290 (An issue was discovered in the Linux kernel through 5.2.9. There is a  ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
-CVE-2019-15239 [TCP reconnection use-after-free]
+CVE-2019-15239 (In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was ...)
+	{DSA-4497-1 DLA-1884-1}
 	- linux 4.15.4-1
 	NOTE: https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf
 	NOTE: Workaround entry for main entry as the issue never affected upstream version
 	NOTE: actually and is specific to the stable versions backports.
-CVE-2019-15238
-	RESERVED
+CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the ...)
+	TODO: check
 CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...)
 	- roundcube <unfixed>
 	NOTE: https://github.com/roundcube/roundcubemail/issues/6891
@@ -22,8 +143,8 @@ CVE-2019-15235
 	RESERVED
 CVE-2019-15234
 	RESERVED
-CVE-2019-15233
-	RESERVED
+CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...)
+	TODO: check
 CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...)
 	- liblivemedia <unfixed>
 	[jessie] - liblivemedia <postponed> (Can be fixed along with more important patches)
@@ -66,12 +187,14 @@ CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There
 	- linux 5.2.6-1
 	NOTE: https://git.kernel.org/linus/5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e
 CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a  ...)
+	{DLA-1884-1}
 	- linux 5.2.6-1
 	NOTE: https://git.kernel.org/linus/ef61eb43ada6c1d6b94668f0f514e4c268093ff3
 CVE-2019-15215 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
 	- linux 5.2.6-1
 	NOTE: https://git.kernel.org/linus/eff73de2b1600ad8230692f00bc0ab49b166512a
 CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There is a  ...)
+	{DLA-1884-1}
 	- linux 4.19.37-1
 CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...)
 	- linux <unfixed>
@@ -83,18 +206,18 @@ CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There
 CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
 	- linux 5.2.6-1
 	NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0
-CVE-2018-20978
-	RESERVED
+CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
+	TODO: check
 CVE-2018-20977
 	RESERVED
-CVE-2017-18569
-	RESERVED
-CVE-2017-18568
-	RESERVED
-CVE-2017-18567
-	RESERVED
-CVE-2017-18566
-	RESERVED
+CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...)
+	TODO: check
+CVE-2017-18567 (The wp-all-import plugin before 3.4.6 for WordPress has XSS. ...)
+	TODO: check
+CVE-2017-18566 (The user-role plugin before 1.5.6 for WordPress has multiple XSS issue ...)
+	TODO: check
 CVE-2017-18565
 	RESERVED
 CVE-2017-18564
@@ -121,12 +244,12 @@ CVE-2017-18554
 	RESERVED
 CVE-2017-18553
 	RESERVED
-CVE-2016-10915
-	RESERVED
-CVE-2016-10914
-	RESERVED
-CVE-2016-10913
-	RESERVED
+CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
+	TODO: check
+CVE-2016-10913 (The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. ...)
+	TODO: check
 CVE-2016-10912
 	RESERVED
 CVE-2016-10911
@@ -137,20 +260,20 @@ CVE-2016-10909
 	RESERVED
 CVE-2016-10908
 	RESERVED
-CVE-2015-9332
-	RESERVED
-CVE-2015-9331
-	RESERVED
-CVE-2015-9330
-	RESERVED
-CVE-2015-9329
-	RESERVED
+CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...)
+	TODO: check
+CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention  ...)
+	TODO: check
+CVE-2015-9330 (The wp-all-import plugin before 3.2.5 for WordPress has blind SQL inje ...)
+	TODO: check
+CVE-2015-9329 (The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. ...)
+	TODO: check
 CVE-2015-9328
 	RESERVED
 CVE-2015-9327
 	RESERVED
-CVE-2014-10381
-	RESERVED
+CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...)
+	TODO: check
 CVE-2014-10380
 	RESERVED
 CVE-2014-10379
@@ -163,8 +286,8 @@ CVE-2012-6715
 	RESERVED
 CVE-2012-6714
 	RESERVED
-CVE-2011-5328
-	RESERVED
+CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...)
+	TODO: check
 CVE-2019-15210
 	RESERVED
 CVE-2019-15209
@@ -390,8 +513,8 @@ CVE-2019-15126
 	RESERVED
 CVE-2019-15125
 	RESERVED
-CVE-2018-20975
-	RESERVED
+CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/t ...)
+	TODO: check
 CVE-2019-15124
 	RESERVED
 CVE-2019-15123
@@ -516,22 +639,22 @@ CVE-2017-18535
 	RESERVED
 CVE-2017-18534
 	RESERVED
-CVE-2017-18533
-	RESERVED
-CVE-2017-18532
-	RESERVED
-CVE-2017-18531
-	RESERVED
-CVE-2017-18530
-	RESERVED
-CVE-2017-18529
-	RESERVED
-CVE-2017-18528
-	RESERVED
-CVE-2017-18527
-	RESERVED
-CVE-2017-18526
-	RESERVED
+CVE-2017-18533 (The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. ...)
+	TODO: check
+CVE-2017-18532 (The realty plugin before 1.1.0 for WordPress has multiple XSS issues. ...)
+	TODO: check
+CVE-2017-18531 (The raygun4wp plugin before 1.8.3 for WordPress has XSS in the setting ...)
+	TODO: check
+CVE-2017-18530 (The rating-bws plugin before 0.2 for WordPress has multiple XSS issues ...)
+	TODO: check
+CVE-2017-18529 (The promobar plugin before 1.1.1 for WordPress has multiple XSS issues ...)
+	TODO: check
+CVE-2017-18528 (The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issue ...)
+	TODO: check
+CVE-2017-18527 (The pagination plugin before 1.0.7 for WordPress has multiple XSS issu ...)
+	TODO: check
+CVE-2017-18526 (The moreads-se plugin before 1.4.7 for WordPress has XSS. ...)
+	TODO: check
 CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
 	NOT-FOR-US: olimometer plugin for WordPress
 CVE-2016-10903
@@ -550,8 +673,8 @@ CVE-2016-10897
 	RESERVED
 CVE-2016-10896
 	RESERVED
-CVE-2016-10895
-	RESERVED
+CVE-2016-10895 (The option-tree plugin before 2.6.0 for WordPress has XSS via an add_l ...)
+	TODO: check
 CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPress ha ...)
 	NOT-FOR-US: wp-business-intelligence-lite plugin for WordPress
 CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
@@ -564,8 +687,8 @@ CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for Word
 	NOT-FOR-US: erident-custom-login-and-dashboard plugin for WordPress
 CVE-2015-9321
 	RESERVED
-CVE-2015-9320
-	RESERVED
+CVE-2015-9320 (The option-tree plugin before 2.5.4 for WordPress has XSS related to a ...)
+	TODO: check
 CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
 	NOT-FOR-US: i-recommend-this plugin for WordPress
 CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
@@ -581,8 +704,8 @@ CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the L
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/c09581a52765a85f19fc35340127396d5e3379cc
-CVE-2019-15082
-	RESERVED
+CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has reflect ...)
+	TODO: check
 CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
 	NOT-FOR-US: OpenCart
 CVE-2019-15080
@@ -621,40 +744,40 @@ CVE-2019-15064
 	RESERVED
 CVE-2017-18525
 	RESERVED
-CVE-2017-18524
-	RESERVED
-CVE-2017-18523
-	RESERVED
-CVE-2017-18522
-	RESERVED
+CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has multiple XSS i ...)
+	TODO: check
+CVE-2017-18523 (The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the  ...)
+	TODO: check
+CVE-2017-18522 (The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the a ...)
+	TODO: check
 CVE-2017-18521
 	RESERVED
-CVE-2017-18520
-	RESERVED
-CVE-2017-18519
-	RESERVED
-CVE-2017-18518
-	RESERVED
-CVE-2017-18517
-	RESERVED
+CVE-2017-18520 (The democracy-poll plugin before 5.4 for WordPress has XSS via update_ ...)
+	TODO: check
+CVE-2017-18519 (The customer-area plugin before 7.4.3 for WordPress has XSS via admin  ...)
+	TODO: check
+CVE-2017-18518 (The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues ...)
+	TODO: check
+CVE-2017-18517 (The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS i ...)
+	TODO: check
 CVE-2017-18516
 	RESERVED
 CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
 	- xtrlock <unfixed> (bug #830726)
-CVE-2016-10893
-	RESERVED
-CVE-2016-10892
-	RESERVED
+CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
+	TODO: check
+CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
+	TODO: check
 CVE-2016-10891
 	RESERVED
 CVE-2016-10890
 	RESERVED
-CVE-2015-9319
-	RESERVED
-CVE-2015-9318
-	RESERVED
-CVE-2015-9317
-	RESERVED
+CVE-2015-9319 (The gregs-high-performance-seo plugin before 1.6.2 for WordPress has X ...)
+	TODO: check
+CVE-2015-9318 (The awesome-support plugin before 3.1.7 for WordPress has a security i ...)
+	TODO: check
+CVE-2015-9317 (The awesome-support plugin before 3.1.7 for WordPress has XSS via cust ...)
+	TODO: check
 CVE-2019-15063
 	RESERVED
 CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an  ...)
@@ -921,6 +1044,7 @@ CVE-2019-14971
 	RESERVED
 CVE-2019-14970
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...)
 	NOT-FOR-US: Netwrix Auditor
@@ -1452,12 +1576,15 @@ CVE-2019-14779
 	RESERVED
 CVE-2019-14778
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14777
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14776
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14775
 	RESERVED
@@ -1670,14 +1797,14 @@ CVE-2019-14689
 	RESERVED
 CVE-2019-14688
 	RESERVED
-CVE-2019-14687
-	RESERVED
+CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
+	TODO: check
 CVE-2019-14686
 	RESERVED
 CVE-2019-14685
 	RESERVED
-CVE-2019-14684
-	RESERVED
+CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
+	TODO: check
 CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
@@ -2031,12 +2158,15 @@ CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the
 	NOT-FOR-US: Neet AirStream NAS1.1 devices
 CVE-2019-14535
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14534
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14533
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14532 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...)
 	- sleuthkit <unfixed> (unimportant)
@@ -2127,6 +2257,7 @@ CVE-2019-14499
 	RESERVED
 CVE-2019-14498
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
 	- milkytracker <unfixed> (bug #933964)
@@ -2865,9 +2996,11 @@ CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1pa
 	NOTE: https://savannah.nongnu.org/bugs/?45923
 CVE-2019-14438
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14437
 	RESERVED
+	{DSA-4504-1}
 	- vlc 3.0.8-1
 CVE-2019-14436
 	RESERVED
@@ -2886,8 +3019,8 @@ CVE-2019-14432 (Incorrect authentication of application WebSocket connections in
 	NOT-FOR-US: Loom Desktop for Mac
 CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...)
 	- matrixssl <removed>
-CVE-2019-14430
-	RESERVED
+CVE-2019-14430 (plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows S ...)
+	TODO: check
 CVE-2019-14429
 	RESERVED
 CVE-2019-14428
@@ -4072,6 +4205,7 @@ CVE-2019-13964
 CVE-2019-13963
 	RESERVED
 CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...)
+	{DSA-4504-1}
 	- vlc 3.0.8-1 (low)
 	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
@@ -5871,6 +6005,7 @@ CVE-2019-13604 (There is a short key vulnerability in HID Global DigitalPersona
 CVE-2019-13603 (An issue was discovered in the HID Global DigitalPersona (formerly Cro ...)
 	NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver
 CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...)
+	{DSA-4504-1}
 	- vlc 3.0.7.1-2 (bug #932131)
 	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
@@ -6060,8 +6195,8 @@ CVE-2019-13522
 	RESERVED
 CVE-2019-13521
 	RESERVED
-CVE-2019-13520
-	RESERVED
+CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...)
+	TODO: check
 CVE-2019-13519
 	RESERVED
 CVE-2019-13518
@@ -7793,8 +7928,8 @@ CVE-2019-12891
 	RESERVED
 CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for database opera ...)
 	NOT-FOR-US: RedwoodHQ
-CVE-2019-12889
-	RESERVED
+CVE-2019-12889 (An unauthenticated privilege escalation exists in SailPoint Desktop Pa ...)
+	TODO: check
 CVE-2019-12888
 	REJECTED
 CVE-2019-12887 (KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue ...)
@@ -10230,8 +10365,8 @@ CVE-2019-11926
 	RESERVED
 CVE-2019-11925
 	RESERVED
-CVE-2019-11924
-	RESERVED
+CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...)
+	TODO: check
 CVE-2019-11923
 	RESERVED
 CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...)
@@ -10507,8 +10642,8 @@ CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryp
 	NOT-FOR-US: Ratpack
 CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...)
 	NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress
-CVE-2019-11806
-	RESERVED
+CVE-2019-11806 (OX App Suite 7.10.1 and earlier has Insecure Permissions. ...)
+	TODO: check
 CVE-2019-11805
 	RESERVED
 CVE-2019-11804
@@ -11353,10 +11488,10 @@ CVE-2019-11524
 	RESERVED
 CVE-2019-11523 (Anviz Global M3 Outdoor RFID Access Control executes any command recei ...)
 	NOT-FOR-US: Anviz Global M3 Outdoor RFID Access Control
-CVE-2019-11522
-	RESERVED
-CVE-2019-11521
-	RESERVED
+CVE-2019-11522 (OX App Suite 7.10.0 to 7.10.2 allows XSS. ...)
+	TODO: check
+CVE-2019-11521 (OX App Suite 7.10.1 allows Content Spoofing. ...)
+	TODO: check
 CVE-2019-11520
 	RESERVED
 CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in nopComme ...)
@@ -12204,8 +12339,8 @@ CVE-2019-11211
 	RESERVED
 CVE-2019-11210
 	RESERVED
-CVE-2019-11209
-	RESERVED
+CVE-2019-11209 (The realm configuration component of TIBCO Software Inc.'s TIBCO FTL C ...)
+	TODO: check
 CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...)
@@ -12851,8 +12986,8 @@ CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build
 	NOT-FOR-US: BD Alaris Gateway
 CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
 	NOT-FOR-US: Advantech WebAccess HMI Designer
-CVE-2019-10960
-	RESERVED
+CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipped wit ...)
+	TODO: check
 CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
 	NOT-FOR-US: BD Alaris Gateway
 CVE-2019-10958
@@ -13396,8 +13531,8 @@ CVE-2019-10746 [prototype pollution]
 	NOTE: https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
 	NOTE: https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
 	NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6
-CVE-2019-10745
-	RESERVED
+CVE-2019-10745 (assign-deep is vulnerable to Prototype Pollution in versions before 0. ...)
+	TODO: check
 CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ...)
 	- node-lodash 4.17.15+dfsg-1 (bug #933079)
 	[buster] - node-lodash <no-dsa> (Minor issue; can be fixed in point release)
@@ -15176,8 +15311,7 @@ CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apac
 	NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
 CVE-2019-10087
 	RESERVED
-CVE-2019-10086 [BeanUtils2 mitigate CVE-2014-0114]
-	RESERVED
+CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...)
 	- commons-beanutils 1.9.4-1
 	NOTE: https://issues.apache.org/jira/browse/BEANUTILS-520
 	NOTE: https://github.com/apache/commons-beanutils/pull/7
@@ -21249,32 +21383,32 @@ CVE-2019-8108
 	RESERVED
 CVE-2019-8107
 	RESERVED
-CVE-2019-8106
-	RESERVED
-CVE-2019-8105
-	RESERVED
-CVE-2019-8104
-	RESERVED
-CVE-2019-8103
-	RESERVED
-CVE-2019-8102
-	RESERVED
-CVE-2019-8101
-	RESERVED
-CVE-2019-8100
-	RESERVED
-CVE-2019-8099
-	RESERVED
-CVE-2019-8098
-	RESERVED
-CVE-2019-8097
-	RESERVED
-CVE-2019-8096
-	RESERVED
-CVE-2019-8095
-	RESERVED
-CVE-2019-8094
-	RESERVED
+CVE-2019-8106 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8105 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8104 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8103 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8102 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8101 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8100 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8099 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8098 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8097 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8096 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8095 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8094 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
 CVE-2019-8093
 	RESERVED
 CVE-2019-8092
@@ -21307,8 +21441,8 @@ CVE-2019-8079
 	RESERVED
 CVE-2019-8078
 	RESERVED
-CVE-2019-8077
-	RESERVED
+CVE-2019-8077 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
 CVE-2019-8076
 	RESERVED
 CVE-2019-8075
@@ -21339,126 +21473,126 @@ CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions hav
 	NOT-FOR-US: Creative Cloud Desktop Application
 CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...)
 	NOT-FOR-US: Adobe
-CVE-2019-8061
-	RESERVED
-CVE-2019-8060
-	RESERVED
-CVE-2019-8059
-	RESERVED
-CVE-2019-8058
-	RESERVED
-CVE-2019-8057
-	RESERVED
-CVE-2019-8056
-	RESERVED
-CVE-2019-8055
-	RESERVED
-CVE-2019-8054
-	RESERVED
-CVE-2019-8053
-	RESERVED
-CVE-2019-8052
-	RESERVED
-CVE-2019-8051
-	RESERVED
-CVE-2019-8050
-	RESERVED
-CVE-2019-8049
-	RESERVED
-CVE-2019-8048
-	RESERVED
-CVE-2019-8047
-	RESERVED
-CVE-2019-8046
-	RESERVED
-CVE-2019-8045
-	RESERVED
-CVE-2019-8044
-	RESERVED
-CVE-2019-8043
-	RESERVED
-CVE-2019-8042
-	RESERVED
-CVE-2019-8041
-	RESERVED
-CVE-2019-8040
-	RESERVED
-CVE-2019-8039
-	RESERVED
-CVE-2019-8038
-	RESERVED
-CVE-2019-8037
-	RESERVED
-CVE-2019-8036
-	RESERVED
-CVE-2019-8035
-	RESERVED
-CVE-2019-8034
-	RESERVED
-CVE-2019-8033
-	RESERVED
-CVE-2019-8032
-	RESERVED
-CVE-2019-8031
-	RESERVED
-CVE-2019-8030
-	RESERVED
-CVE-2019-8029
-	RESERVED
-CVE-2019-8028
-	RESERVED
-CVE-2019-8027
-	RESERVED
-CVE-2019-8026
-	RESERVED
-CVE-2019-8025
-	RESERVED
-CVE-2019-8024
-	RESERVED
-CVE-2019-8023
-	RESERVED
-CVE-2019-8022
-	RESERVED
-CVE-2019-8021
-	RESERVED
-CVE-2019-8020
-	RESERVED
-CVE-2019-8019
-	RESERVED
-CVE-2019-8018
-	RESERVED
-CVE-2019-8017
-	RESERVED
-CVE-2019-8016
-	RESERVED
-CVE-2019-8015
-	RESERVED
-CVE-2019-8014
-	RESERVED
-CVE-2019-8013
-	RESERVED
-CVE-2019-8012
-	RESERVED
-CVE-2019-8011
-	RESERVED
-CVE-2019-8010
-	RESERVED
-CVE-2019-8009
-	RESERVED
-CVE-2019-8008
-	RESERVED
-CVE-2019-8007
-	RESERVED
-CVE-2019-8006
-	RESERVED
-CVE-2019-8005
-	RESERVED
-CVE-2019-8004
-	RESERVED
-CVE-2019-8003
-	RESERVED
-CVE-2019-8002
-	RESERVED
+CVE-2019-8061 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8060 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8059 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8058 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8057 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8056 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8055 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8054 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8053 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8052 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8051 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8050 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8049 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8048 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8047 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8046 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8045 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8044 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8043 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8042 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8041 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8040 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8039 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8038 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8037 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8036 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8035 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8034 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8033 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8032 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8031 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8030 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8029 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8028 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8027 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8026 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8025 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8024 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8023 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8022 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8021 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8020 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8019 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8018 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8017 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8016 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8015 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8014 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8013 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8012 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8011 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8010 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8009 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+	TODO: check
+CVE-2019-8008 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8007 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8006 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8005 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8004 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8003 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
+CVE-2019-8002 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
 CVE-2019-8001
 	RESERVED
 CVE-2019-8000
@@ -21531,8 +21665,8 @@ CVE-2019-7967
 	RESERVED
 CVE-2019-7966
 	RESERVED
-CVE-2019-7965
-	RESERVED
+CVE-2019-7965 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+	TODO: check
 CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an authentication  ...)
 	NOT-FOR-US: Adobe Experience Manager
 CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of boun ...)
@@ -21797,7 +21931,7 @@ CVE-2019-7834 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201
 	NOT-FOR-US: Adobe
 CVE-2019-7833 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
 	NOT-FOR-US: Adobe
-CVE-2019-7832 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
+CVE-2019-7832 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7831 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
 	NOT-FOR-US: Adobe
@@ -22409,10 +22543,10 @@ CVE-2019-7596
 	RESERVED
 CVE-2019-7595
 	RESERVED
-CVE-2019-7594
-	RESERVED
-CVE-2019-7593
-	RESERVED
+CVE-2019-7594 (Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...)
+	TODO: check
+CVE-2019-7593 (Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...)
+	TODO: check
 CVE-2019-7592
 	RESERVED
 CVE-2019-7591
@@ -26179,8 +26313,8 @@ CVE-2019-6145
 	RESERVED
 CVE-2019-6144
 	RESERVED
-CVE-2019-6143
-	RESERVED
+CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...)
+	TODO: check
 CVE-2019-6142
 	RESERVED
 CVE-2019-6141
@@ -28932,20 +29066,20 @@ CVE-2019-5042
 	RESERVED
 CVE-2019-5041
 	RESERVED
-CVE-2019-5040
-	RESERVED
-CVE-2019-5039
-	RESERVED
-CVE-2019-5038
-	RESERVED
-CVE-2019-5037
-	RESERVED
-CVE-2019-5036
-	RESERVED
-CVE-2019-5035
-	RESERVED
-CVE-2019-5034
-	RESERVED
+CVE-2019-5040 (An exploitable information disclosure vulnerability exists in the Weav ...)
+	TODO: check
+CVE-2019-5039 (An exploitable command execution vulnerability exists in the ASN1 cert ...)
+	TODO: check
+CVE-2019-5038 (An exploitable command execution vulnerability exists in the print-tlv ...)
+	TODO: check
+CVE-2019-5037 (An exploitable denial-of-service vulnerability exists in the Weave cer ...)
+	TODO: check
+CVE-2019-5036 (An exploitable denial-of-service vulnerability exists in the Weave err ...)
+	TODO: check
+CVE-2019-5035 (An exploitable information disclosure vulnerability exists in the Weav ...)
+	TODO: check
+CVE-2019-5034 (An exploitable information disclosure vulnerability exists in the Weav ...)
+	TODO: check
 CVE-2019-5033
 	RESERVED
 CVE-2019-5032
@@ -30083,16 +30217,16 @@ CVE-2019-4487
 	RESERVED
 CVE-2019-4486
 	RESERVED
-CVE-2019-4485
-	RESERVED
-CVE-2019-4484
-	RESERVED
-CVE-2019-4483
-	RESERVED
-CVE-2019-4482
-	RESERVED
-CVE-2019-4481
-	RESERVED
+CVE-2019-4485 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
+	TODO: check
+CVE-2019-4484 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
+	TODO: check
+CVE-2019-4483 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...)
+	TODO: check
+CVE-2019-4482 (IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cro ...)
+	TODO: check
+CVE-2019-4481 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...)
+	TODO: check
 CVE-2019-4480
 	RESERVED
 CVE-2019-4479
@@ -30133,8 +30267,8 @@ CVE-2019-4462
 	RESERVED
 CVE-2019-4461
 	RESERVED
-CVE-2019-4460
-	RESERVED
+CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
+	TODO: check
 CVE-2019-4459
 	RESERVED
 CVE-2019-4458
@@ -30179,16 +30313,16 @@ CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate ses
 	NOT-FOR-US: IBM
 CVE-2019-4438
 	RESERVED
-CVE-2019-4437
-	RESERVED
+CVE-2019-4437 (IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensi ...)
+	TODO: check
 CVE-2019-4436
 	RESERVED
 CVE-2019-4435
 	RESERVED
 CVE-2019-4434
 	RESERVED
-CVE-2019-4433
-	RESERVED
+CVE-2019-4433 (IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere I ...)
+	TODO: check
 CVE-2019-4432
 	RESERVED
 CVE-2019-4431
@@ -30203,20 +30337,20 @@ CVE-2019-4427
 	RESERVED
 CVE-2019-4426
 	RESERVED
-CVE-2019-4425
-	RESERVED
-CVE-2019-4424
-	RESERVED
+CVE-2019-4425 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
+	TODO: check
+CVE-2019-4424 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
+	TODO: check
 CVE-2019-4423
 	RESERVED
 CVE-2019-4422
 	RESERVED
 CVE-2019-4421
 	RESERVED
-CVE-2019-4420
-	RESERVED
-CVE-2019-4419
-	RESERVED
+CVE-2019-4420 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose ...)
+	TODO: check
+CVE-2019-4419 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable  ...)
+	TODO: check
 CVE-2019-4418
 	RESERVED
 CVE-2019-4417
@@ -30249,8 +30383,8 @@ CVE-2019-4404
 	RESERVED
 CVE-2019-4403 (IBM Connections 6.0 is vulnerable to cross-site scripting. This vulner ...)
 	NOT-FOR-US: IBM
-CVE-2019-4402
-	RESERVED
+CVE-2019-4402 (IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow ...)
+	TODO: check
 CVE-2019-4401
 	RESERVED
 CVE-2019-4400
@@ -30373,12 +30507,12 @@ CVE-2019-4342
 	RESERVED
 CVE-2019-4341
 	RESERVED
-CVE-2019-4340
-	RESERVED
+CVE-2019-4340 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable ...)
+	TODO: check
 CVE-2019-4339
 	RESERVED
-CVE-2019-4338
-	RESERVED
+CVE-2019-4338 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not prop ...)
+	TODO: check
 CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
 	NOT-FOR-US: IBM
 CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses an ina ...)
@@ -30433,12 +30567,12 @@ CVE-2019-4312
 	RESERVED
 CVE-2019-4311
 	RESERVED
-CVE-2019-4310
-	RESERVED
+CVE-2019-4310 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inade ...)
+	TODO: check
 CVE-2019-4309
 	RESERVED
-CVE-2019-4308
-	RESERVED
+CVE-2019-4308 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
+	TODO: check
 CVE-2019-4307
 	RESERVED
 CVE-2019-4306
@@ -30465,8 +30599,8 @@ CVE-2019-4296 (IBM Robotic Process Automation with Automation Anywhere 11 inform
 	NOT-FOR-US: IBM
 CVE-2019-4295 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
 	NOT-FOR-US: IBM
-CVE-2019-4294
-	RESERVED
+CVE-2019-4294 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7 ...)
+	TODO: check
 CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...)
 	NOT-FOR-US: IBM
 CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
@@ -30547,8 +30681,8 @@ CVE-2019-4255
 	RESERVED
 CVE-2019-4254
 	RESERVED
-CVE-2019-4253
-	RESERVED
+CVE-2019-4253 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+	TODO: check
 CVE-2019-4252 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 co ...)
 	NOT-FOR-US: IBM
 CVE-2019-4251
@@ -30719,8 +30853,8 @@ CVE-2019-4169
 	RESERVED
 CVE-2019-4168
 	RESERVED
-CVE-2019-4167
-	RESERVED
+CVE-2019-4167 (IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which c ...)
+	TODO: check
 CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...)
 	NOT-FOR-US: IBM
 CVE-2019-4165 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to ...)
@@ -30813,14 +30947,14 @@ CVE-2019-4122
 	RESERVED
 CVE-2019-4121
 	RESERVED
-CVE-2019-4120
-	RESERVED
+CVE-2019-4120 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scriptin ...)
+	TODO: check
 CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...)
 	NOT-FOR-US: IBM
 CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could all ...)
 	NOT-FOR-US: IBM
-CVE-2019-4117
-	RESERVED
+CVE-2019-4117 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request  ...)
+	TODO: check
 CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensit ...)
 	NOT-FOR-US: IBM
 CVE-2019-4115
@@ -30955,8 +31089,8 @@ CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose syste
 	NOT-FOR-US: IBM
 CVE-2019-4050
 	RESERVED
-CVE-2019-4049
-	RESERVED
+CVE-2019-4049 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial  ...)
+	TODO: check
 CVE-2019-4048 (IBM Maximo Asset Management 7.6 could allow a physical user of the sys ...)
 	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated us ...)
@@ -31117,18 +31251,18 @@ CVE-2019-3970 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arb
 	NOT-FOR-US: Comodo Antivirus
 CVE-2019-3969 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Pr ...)
 	NOT-FOR-US: Comodo Antivirus
-CVE-2019-3968
-	RESERVED
-CVE-2019-3967
-	RESERVED
-CVE-2019-3966
-	RESERVED
-CVE-2019-3965
-	RESERVED
-CVE-2019-3964
-	RESERVED
-CVE-2019-3963
-	RESERVED
+CVE-2019-3968 (In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute ar ...)
+	TODO: check
+CVE-2019-3967 (In OpenEMR 5.0.1 and earlier, the patient file download interface cont ...)
+	TODO: check
+CVE-2019-3966 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
+	TODO: check
+CVE-2019-3965 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
+	TODO: check
+CVE-2019-3964 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
+	TODO: check
+CVE-2019-3963 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
+	TODO: check
 CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may a ...)
 	NOT-FOR-US: Nessus
 CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...)
@@ -31822,8 +31956,8 @@ CVE-2019-3755
 	RESERVED
 CVE-2019-3754
 	RESERVED
-CVE-2019-3753
-	RESERVED
+CVE-2019-3753 (Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K runn ...)
+	TODO: check
 CVE-2019-3752
 	RESERVED
 CVE-2019-3751
@@ -37302,42 +37436,42 @@ CVE-2019-2139
 	RESERVED
 CVE-2019-2138
 	RESERVED
-CVE-2019-2137
-	RESERVED
-CVE-2019-2136
-	RESERVED
-CVE-2019-2135
-	RESERVED
-CVE-2019-2134
-	RESERVED
-CVE-2019-2133
-	RESERVED
-CVE-2019-2132
-	RESERVED
-CVE-2019-2131
-	RESERVED
-CVE-2019-2130
-	RESERVED
-CVE-2019-2129
-	RESERVED
-CVE-2019-2128
-	RESERVED
-CVE-2019-2127
-	RESERVED
-CVE-2019-2126
-	RESERVED
-CVE-2019-2125
-	RESERVED
+CVE-2019-2137 (In the endCall() function of TelecomManager.java, there is a possible  ...)
+	TODO: check
+CVE-2019-2136 (In Status::readFromParcel of Status.cpp, there is a possible out of bo ...)
+	TODO: check
+CVE-2019-2135 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...)
+	TODO: check
+CVE-2019-2134 (In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a po ...)
+	TODO: check
+CVE-2019-2133 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...)
+	TODO: check
+CVE-2019-2132 (It is possible to overlay the VPN dialog by a malicious application. T ...)
+	TODO: check
+CVE-2019-2131 (An application with overlay permission can display overlays on top of  ...)
+	TODO: check
+CVE-2019-2130 (In CompilationJob::FinalizeJob of compiler.cc, there is a possible rem ...)
+	TODO: check
+CVE-2019-2129 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...)
+	TODO: check
+CVE-2019-2128 (In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write ...)
+	TODO: check
+CVE-2019-2127 (In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp,  ...)
+	TODO: check
+CVE-2019-2126 (In ParseContentEncodingEntry of mkvparser.cc, there is a possible doub ...)
+	TODO: check
+CVE-2019-2125 (In ChangeDefaultDialerDialog.java, there is a possible escalation of p ...)
+	TODO: check
 CVE-2019-2124
 	RESERVED
 CVE-2019-2123
 	RESERVED
-CVE-2019-2122
-	RESERVED
-CVE-2019-2121
-	RESERVED
-CVE-2019-2120
-	RESERVED
+CVE-2019-2122 (In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.j ...)
+	TODO: check
+CVE-2019-2121 (In ActivityManagerService.attachApplication of ActivityManagerService, ...)
+	TODO: check
+CVE-2019-2120 (In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there i ...)
+	TODO: check
 CVE-2019-2119 (In multiple functions of key_store_service.cpp, there is a possible In ...)
 	NOT-FOR-US: Android
 CVE-2019-2118 (In various functions of Parcel.cpp, there are uninitialized or partial ...)
@@ -46943,8 +47077,8 @@ CVE-2018-18058 (An issue was discovered in Bitdefender Engines before 7.76662. A
 	NOT-FOR-US: Bitdefender
 CVE-2018-18057
 	RESERVED
-CVE-2018-18056
-	RESERVED
+CVE-2018-18056 (An issue was discovered in the Texas Instruments (TI) TM4C microcontro ...)
+	TODO: check
 CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...)
 	- rustc 1.30.0+dfsg1-1
 	[stretch] - rustc <not-affected> (Introduced in 1.26)
@@ -91607,8 +91741,8 @@ CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulner
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterpri ...)
 	NOT-FOR-US: IBM
-CVE-2018-1796
-	RESERVED
+CVE-2018-1796 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+	TODO: check
 CVE-2018-1795 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10  ...)
 	NOT-FOR-US: IBM
 CVE-2018-1794 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ea ...)
@@ -91927,20 +92061,20 @@ CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce
 	NOT-FOR-US: IBM
 CVE-2018-1637
 	RESERVED
-CVE-2018-1636
-	RESERVED
-CVE-2018-1635
-	RESERVED
-CVE-2018-1634
-	RESERVED
-CVE-2018-1633
-	RESERVED
-CVE-2018-1632
-	RESERVED
-CVE-2018-1631
-	RESERVED
-CVE-2018-1630
-	RESERVED
+CVE-2018-1636 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
+	TODO: check
+CVE-2018-1635 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
+	TODO: check
+CVE-2018-1634 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+	TODO: check
+CVE-2018-1633 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+	TODO: check
+CVE-2018-1632 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+	TODO: check
+CVE-2018-1631 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+	TODO: check
+CVE-2018-1630 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
+	TODO: check
 CVE-2018-1629
 	RESERVED
 CVE-2018-1628



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb2e55863808cfa6595e0d72185cde7fc80f4a66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb2e55863808cfa6595e0d72185cde7fc80f4a66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190821/450625e0/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list