[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 21 21:10:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7d62350 by security tracker role at 2019-08-21T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-15314
+ RESERVED
+CVE-2019-15313
+ RESERVED
+CVE-2019-15312
+ RESERVED
+CVE-2019-15311
+ RESERVED
+CVE-2019-15310
+ RESERVED
+CVE-2019-15309
+ RESERVED
+CVE-2019-15308
+ RESERVED
+CVE-2019-15307
+ RESERVED
+CVE-2019-15306
+ RESERVED
+CVE-2019-15305
+ RESERVED
+CVE-2019-15304
+ RESERVED
+CVE-2019-15303
+ RESERVED
CVE-2019-15302
RESERVED
CVE-2019-15301
@@ -13,8 +37,8 @@ CVE-2019-15297
CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
- faad2 2.8.8-3
NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
-CVE-2019-15295
- RESERVED
+CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...)
+ TODO: check
CVE-2019-15294
RESERVED
CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
@@ -211,8 +235,8 @@ CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There
NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0
CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2018-20977
- RESERVED
+CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...)
+ TODO: check
CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...)
@@ -221,48 +245,48 @@ CVE-2017-18567 (The wp-all-import plugin before 3.4.6 for WordPress has XSS. ...
NOT-FOR-US: Wordpress plugin
CVE-2017-18566 (The user-role plugin before 1.5.6 for WordPress has multiple XSS issue ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-18565
- RESERVED
-CVE-2017-18564
- RESERVED
-CVE-2017-18563
- RESERVED
-CVE-2017-18562
- RESERVED
-CVE-2017-18561
- RESERVED
-CVE-2017-18560
- RESERVED
-CVE-2017-18559
- RESERVED
-CVE-2017-18558
- RESERVED
-CVE-2017-18557
- RESERVED
-CVE-2017-18556
- RESERVED
-CVE-2017-18555
- RESERVED
-CVE-2017-18554
- RESERVED
-CVE-2017-18553
- RESERVED
+CVE-2017-18565 (The updater plugin before 1.35 for WordPress has multiple XSS issues. ...)
+ TODO: check
+CVE-2017-18564 (The sender plugin before 1.2.1 for WordPress has multiple XSS issues. ...)
+ TODO: check
+CVE-2017-18563 (The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the ...)
+ TODO: check
+CVE-2017-18562 (The error-log-viewer plugin before 1.0.6 for WordPress has multiple XS ...)
+ TODO: check
+CVE-2017-18561 (The embed-comment-images plugin before 0.6 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18560 (The content-audit plugin before 1.9.2 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18559 (The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issue ...)
+ TODO: check
+CVE-2017-18558 (The bws-testimonials plugin before 0.1.9 for WordPress has multiple XS ...)
+ TODO: check
+CVE-2017-18557 (The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS ...)
+ TODO: check
+CVE-2017-18556 (The bws-google-analytics plugin before 1.7.1 for WordPress has multipl ...)
+ TODO: check
+CVE-2017-18555 (The booking-sms plugin before 1.1.0 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18554 (The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a ...)
+ TODO: check
+CVE-2017-18553 (The ad-buttons plugin before 2.3.2 for WordPress has XSS. ...)
+ TODO: check
CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-10913 (The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2016-10912
- RESERVED
-CVE-2016-10911
- RESERVED
-CVE-2016-10910
- RESERVED
-CVE-2016-10909
- RESERVED
-CVE-2016-10908
- RESERVED
+CVE-2016-10912 (The universal-analytics plugin before 1.3.1 for WordPress has XSS. ...)
+ TODO: check
+CVE-2016-10911 (The profile-builder plugin before 2.4.2 for WordPress has multiple XSS ...)
+ TODO: check
+CVE-2016-10910 (The formbuilder plugin before 1.06 for WordPress has multiple XSS issu ...)
+ TODO: check
+CVE-2016-10909 (The booking-calendar-contact-form plugin before 1.0.24 for WordPress h ...)
+ TODO: check
+CVE-2016-10908 (The booking-calendar-contact-form plugin before 1.0.24 for WordPress h ...)
+ TODO: check
CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...)
NOT-FOR-US: Wordpress plugin
CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention ...)
@@ -271,24 +295,24 @@ CVE-2015-9330 (The wp-all-import plugin before 3.2.5 for WordPress has blind SQL
NOT-FOR-US: Wordpress plugin
CVE-2015-9329 (The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2015-9328
- RESERVED
-CVE-2015-9327
- RESERVED
+CVE-2015-9328 (The profile-builder plugin before 2.2.5 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9327 (The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS ...)
+ TODO: check
CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2014-10380
- RESERVED
-CVE-2014-10379
- RESERVED
-CVE-2014-10378
- RESERVED
-CVE-2014-10377
- RESERVED
-CVE-2012-6715
- RESERVED
-CVE-2012-6714
- RESERVED
+CVE-2014-10380 (The profile-builder plugin before 1.1.66 for WordPress has multiple XS ...)
+ TODO: check
+CVE-2014-10379 (The duplicate-post plugin before 2.6 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2014-10378 (The duplicate-post plugin before 2.6 for WordPress has XSS. ...)
+ TODO: check
+CVE-2014-10377 (The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. ...)
+ TODO: check
+CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a Refere ...)
+ TODO: check
+CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...)
+ TODO: check
CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-15210
@@ -510,8 +534,8 @@ CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.
NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2019-15128
RESERVED
-CVE-2019-15127
- RESERVED
+CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...)
+ TODO: check
CVE-2019-15126
RESERVED
CVE-2019-15125
@@ -544,17 +568,17 @@ CVE-2019-15114 (The formcraft-form-builder plugin before 1.2.2 for WordPress has
NOT-FOR-US: formcraft-form-builder plugin for WordPress
CVE-2019-15113 (The companion-sitemap-generator plugin before 3.7.0 for WordPress has ...)
NOT-FOR-US: companion-sitemap-generator plugin for WordPress
-CVE-2019-15112
- RESERVED
-CVE-2019-15111
- RESERVED
-CVE-2019-15110
- RESERVED
-CVE-2019-15109
- RESERVED
+CVE-2019-15112 (The wp-slimstat plugin before 4.8.1 for WordPress has XSS. ...)
+ TODO: check
+CVE-2019-15111 (The wp-front-end-profile plugin before 0.2.2 for WordPress has a privi ...)
+ TODO: check
+CVE-2019-15110 (The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. ...)
+ TODO: check
+CVE-2019-15109 (The the-events-calendar plugin before 4.8.2 for WordPress has XSS via ...)
+ TODO: check
CVE-2019-15108 (An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-P ...)
NOT-FOR-US: WSO2 API Manager
-CVE-2019-15107 (An issue was discovered in Webmin through 1.920. The parameter old in ...)
+CVE-2019-15107 (An issue was discovered in Webmin 1.882 through 1.921. The parameter o ...)
- webmin <removed>
CVE-2019-15106 (An issue was discovered in Zoho ManageEngine OpManager through 12.4x. ...)
NOT-FOR-US: Zoho ManageEngine OpManager
@@ -606,8 +630,8 @@ CVE-2018-20972 (The companion-auto-update plugin before 3.2.1 for WordPress has
NOT-FOR-US: companion-auto-update plugin for WordPress
CVE-2018-20971 (The church-admin plugin before 1.2550 for WordPress has CSRF affecting ...)
NOT-FOR-US: church-admin plugin for WordPress
-CVE-2018-20970
- RESERVED
+CVE-2018-20970 (The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issue ...)
+ TODO: check
CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...)
{DSA-4489-1 DLA-1864-1}
- patch 2.7.6-5
@@ -628,20 +652,20 @@ CVE-2017-18542 (The zendesk-help-center plugin before 1.0.5 for WordPress has mu
NOT-FOR-US: zendesk-help-center plugin for WordPress
CVE-2017-18541 (The xo-security plugin before 1.5.3 for WordPress has XSS. ...)
NOT-FOR-US: xo-security plugin for WordPress
-CVE-2017-18540
- RESERVED
-CVE-2017-18539
- RESERVED
-CVE-2017-18538
- RESERVED
-CVE-2017-18537
- RESERVED
-CVE-2017-18536
- RESERVED
-CVE-2017-18535
- RESERVED
-CVE-2017-18534
- RESERVED
+CVE-2017-18540 (The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front ...)
+ TODO: check
+CVE-2017-18539 (The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front ...)
+ TODO: check
+CVE-2017-18538 (The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front ...)
+ TODO: check
+CVE-2017-18537 (The visitors-online plugin before 1.0.0 for WordPress has multiple XSS ...)
+ TODO: check
+CVE-2017-18536 (The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18535 (The smokesignal plugin before 1.2.7 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18534 (The share-on-diaspora plugin before 0.7.2 for WordPress has reflected ...)
+ TODO: check
CVE-2017-18533 (The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-18532 (The realty plugin before 1.1.0 for WordPress has multiple XSS issues. ...)
@@ -660,22 +684,22 @@ CVE-2017-18526 (The moreads-se plugin before 1.4.7 for WordPress has XSS. ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
NOT-FOR-US: olimometer plugin for WordPress
-CVE-2016-10903
- RESERVED
-CVE-2016-10902
- RESERVED
-CVE-2016-10901
- RESERVED
-CVE-2016-10900
- RESERVED
-CVE-2016-10899
- RESERVED
-CVE-2016-10898
- RESERVED
-CVE-2016-10897
- RESERVED
-CVE-2016-10896
- RESERVED
+CVE-2016-10903 (The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 ...)
+ TODO: check
+CVE-2016-10902 (The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in ...)
+ TODO: check
+CVE-2016-10901 (The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in t ...)
+ TODO: check
+CVE-2016-10900 (The uji-countdown plugin before 2.0.7 for WordPress has XSS. ...)
+ TODO: check
+CVE-2016-10899 (The total-security plugin before 3.4.1 for WordPress has a settings-ch ...)
+ TODO: check
+CVE-2016-10898 (The total-security plugin before 3.4.1 for WordPress has XSS. ...)
+ TODO: check
+CVE-2016-10897 (The sermon-browser plugin before 0.45.16 for WordPress has multiple XS ...)
+ TODO: check
+CVE-2016-10896 (The seo-redirection plugin before 4.3 for WordPress has stored XSS. ...)
+ TODO: check
CVE-2016-10895 (The option-tree plugin before 2.6.0 for WordPress has XSS via an add_l ...)
NOT-FOR-US: Wordpress plugin
CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPress ha ...)
@@ -688,8 +712,8 @@ CVE-2015-9323 (The 404-to-301 plugin before 2.0.3 for WordPress has SQL injectio
NOT-FOR-US: 404-to-301 plugin for WordPress
CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for WordPress ...)
NOT-FOR-US: erident-custom-login-and-dashboard plugin for WordPress
-CVE-2015-9321
- RESERVED
+CVE-2015-9321 (The shortcode-factory plugin before 1.1.1 for WordPress has XSS via ad ...)
+ TODO: check
CVE-2015-9320 (The option-tree plugin before 2.5.4 for WordPress has XSS related to a ...)
NOT-FOR-US: Wordpress plugin
CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
@@ -723,8 +747,8 @@ CVE-2019-15076
RESERVED
CVE-2019-15075
RESERVED
-CVE-2019-15074
- RESERVED
+CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.21.1 ha ...)
+ TODO: check
CVE-2019-15073
RESERVED
CVE-2019-15072
@@ -745,16 +769,16 @@ CVE-2019-15065
RESERVED
CVE-2019-15064
RESERVED
-CVE-2017-18525
- RESERVED
+CVE-2017-18525 (The megamenu plugin before 2.4 for WordPress has XSS. ...)
+ TODO: check
CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has multiple XSS i ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-18523 (The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-18522 (The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the a ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-18521
- RESERVED
+CVE-2017-18521 (The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-adm ...)
+ TODO: check
CVE-2017-18520 (The democracy-poll plugin before 5.4 for WordPress has XSS via update_ ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-18519 (The customer-area plugin before 7.4.3 for WordPress has XSS via admin ...)
@@ -763,18 +787,18 @@ CVE-2017-18518 (The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS
NOT-FOR-US: Wordpress plugin
CVE-2017-18517 (The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS i ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-18516
- RESERVED
+CVE-2017-18516 (The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS is ...)
+ TODO: check
CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
- xtrlock <unfixed> (bug #830726)
CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
NOT-FOR-US: Wordpress plugin
-CVE-2016-10891
- RESERVED
-CVE-2016-10890
- RESERVED
+CVE-2016-10891 (The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. ...)
+ TODO: check
+CVE-2016-10890 (The aryo-activity-log plugin before 2.3.2 for WordPress has XSS. ...)
+ TODO: check
CVE-2015-9319 (The gregs-high-performance-seo plugin before 1.6.2 for WordPress has X ...)
NOT-FOR-US: Wordpress plugin
CVE-2015-9318 (The awesome-support plugin before 3.1.7 for WordPress has a security i ...)
@@ -820,8 +844,8 @@ CVE-2019-15047 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based
NOT-FOR-US: Bento4
CVE-2019-15046 (Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthentica ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
-CVE-2019-15045
- RESERVED
+CVE-2019-15045 (** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus ...)
+ TODO: check
CVE-2019-15044
RESERVED
CVE-2019-15043
@@ -3526,10 +3550,10 @@ CVE-2019-14260 (On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskph
NOT-FOR-US: Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone
CVE-2019-14259 (On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a comma ...)
NOT-FOR-US: Polycom Obihai Obi1022 VoIP phone
-CVE-2019-14258
- RESERVED
-CVE-2019-14257
- RESERVED
+CVE-2019-14258 (The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to ...)
+ TODO: check
+CVE-2019-14257 (pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying e ...)
+ TODO: check
CVE-2019-14256
RESERVED
CVE-2019-14255 (A Server Side Request Forgery (SSRF) vulnerability in go-camo up to ve ...)
@@ -3562,10 +3586,10 @@ CVE-2019-14247 (The scan() function in mad.c in mpg321 0.3.2 allows remote attac
[jessie] - mpg321 <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mpg321/bugs/51/
NOTE: Fixed by handle_illegal_bitrate_value.patch
-CVE-2019-14246
- RESERVED
-CVE-2019-14245
- RESERVED
+CVE-2019-14246 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14245 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
CVE-2019-14244
RESERVED
CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...)
@@ -6017,8 +6041,8 @@ CVE-2019-13601
RESERVED
CVE-2019-13600
RESERVED
-CVE-2019-13599
- RESERVED
+CVE-2019-13599 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login ...)
+ TODO: check
CVE-2019-13598 (LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenti ...)
NOT-FOR-US: LuaUPnP in Vera Edge Home Controller
CVE-2019-13597 (_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command ...)
@@ -6305,10 +6329,10 @@ CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...)
NOT-FOR-US: Helpy
CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-13477
- RESERVED
-CVE-2019-13476
- RESERVED
+CVE-2019-13477 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in t ...)
+ TODO: check
+CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in th ...)
+ TODO: check
CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument injectio ...)
NOT-FOR-US: MobaXterm
CVE-2019-13474
@@ -6343,8 +6367,7 @@ CVE-2019-13460
RESERVED
CVE-2019-13459
RESERVED
-CVE-2019-13458
- RESERVED
+CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -8334,8 +8357,7 @@ CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. .
NOT-FOR-US: Typo3
CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization ...)
NOT-FOR-US: Typo3
-CVE-2019-12746
- RESERVED
+CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...)
{DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -8573,8 +8595,8 @@ CVE-2019-12636
RESERVED
CVE-2019-12635
RESERVED
-CVE-2019-12634
- RESERVED
+CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
CVE-2019-12633
RESERVED
CVE-2019-12632
@@ -8587,20 +8609,20 @@ CVE-2019-12629
RESERVED
CVE-2019-12628
RESERVED
-CVE-2019-12627
- RESERVED
-CVE-2019-12626
- RESERVED
+CVE-2019-12627 (A vulnerability in the application policy configuration of the Cisco F ...)
+ TODO: check
+CVE-2019-12626 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2019-12625
RESERVED
-CVE-2019-12624
- RESERVED
-CVE-2019-12623
- RESERVED
-CVE-2019-12622
- RESERVED
-CVE-2019-12621
- RESERVED
+CVE-2019-12624 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
+ TODO: check
+CVE-2019-12623 (A vulnerability in the web server functionality of Cisco Enterprise Ne ...)
+ TODO: check
+CVE-2019-12622 (A vulnerability in Cisco RoomOS Software could allow an authenticated, ...)
+ TODO: check
+CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...)
+ TODO: check
CVE-2019-12620
RESERVED
CVE-2019-12619
@@ -10421,8 +10443,8 @@ CVE-2019-11899
RESERVED
CVE-2019-11898
RESERVED
-CVE-2019-11897
- RESERVED
+CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...)
+ TODO: check
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...)
NOT-FOR-US: Bosch
CVE-2019-11895 (A potential improper access control vulnerability exists in the JSON-R ...)
@@ -11419,8 +11441,8 @@ CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without
NOT-FOR-US: Code42 for Enterprise
CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client version 6.7 ...)
NOT-FOR-US: Code42
-CVE-2019-11551
- RESERVED
+CVE-2019-11551 (In Code42 Enterprise and Crashplan for Small Business through Client v ...)
+ TODO: check
CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before ...)
NOT-FOR-US: Citrix
CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly]
@@ -29070,8 +29092,8 @@ CVE-2019-5043
RESERVED
CVE-2019-5042
RESERVED
-CVE-2019-5041
- RESERVED
+CVE-2019-5041 (An exploitable Stack Based Buffer Overflow vulnerability exists in the ...)
+ TODO: check
CVE-2019-5040 (An exploitable information disclosure vulnerability exists in the Weav ...)
TODO: check
CVE-2019-5039 (An exploitable command execution vulnerability exists in the ASN1 cert ...)
@@ -29086,10 +29108,10 @@ CVE-2019-5035 (An exploitable information disclosure vulnerability exists in the
TODO: check
CVE-2019-5034 (An exploitable information disclosure vulnerability exists in the Weav ...)
TODO: check
-CVE-2019-5033
- RESERVED
-CVE-2019-5032
- RESERVED
+CVE-2019-5033 (An exploitable out-of-bounds read vulnerability exists in the Number r ...)
+ TODO: check
+CVE-2019-5032 (An exploitable out-of-bounds read vulnerability exists in the LabelSst ...)
+ TODO: check
CVE-2019-5031
RESERVED
CVE-2019-5030
@@ -32206,10 +32228,10 @@ CVE-2019-3636
RESERVED
CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8. ...)
NOT-FOR-US: McAfee
-CVE-2019-3634
- RESERVED
-CVE-2019-3633
- RESERVED
+CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
+ TODO: check
+CVE-2019-3633 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
+ TODO: check
CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security Manage ...)
NOT-FOR-US: McAfee
CVE-2019-3631 (Command Injection vulnerability in McAfee Enterprise Security Manager ...)
@@ -38041,8 +38063,8 @@ CVE-2018-19934 (SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site
NOT-FOR-US: SolarWinds
CVE-2018-19933 (Bolt CMS <3.6.2 allows XSS via text input click preview button as d ...)
NOT-FOR-US: Bolt CMS
-CVE-2019-1984
- RESERVED
+CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualization I ...)
+ TODO: check
CVE-2019-1983
RESERVED
CVE-2019-1982
@@ -38061,8 +38083,8 @@ CVE-2019-1976
RESERVED
CVE-2019-1975
RESERVED
-CVE-2019-1974
- RESERVED
+CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...)
NOT-FOR-US: Cisco
CVE-2019-1972 (A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVI ...)
@@ -38113,8 +38135,8 @@ CVE-2019-1950
RESERVED
CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
NOT-FOR-US: Cisco
-CVE-2019-1948
- RESERVED
+CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an un ...)
+ TODO: check
CVE-2019-1947
RESERVED
CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
@@ -38133,14 +38155,14 @@ CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA) featu
NOT-FOR-US: Cisco
CVE-2019-1939
RESERVED
-CVE-2019-1938
- RESERVED
-CVE-2019-1937
- RESERVED
-CVE-2019-1936
- RESERVED
-CVE-2019-1935
- RESERVED
+CVE-2019-1938 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
+ TODO: check
+CVE-2019-1937 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
+CVE-2019-1936 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
+CVE-2019-1935 (A vulnerability in Cisco Integrated Management Controller (IMC) Superv ...)
+ TODO: check
CVE-2019-1934 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
NOT-FOR-US: Cisco
CVE-2019-1933 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
@@ -38193,10 +38215,10 @@ CVE-2019-1910 (A vulnerability in the implementation of the Intermediate System&
NOT-FOR-US: Cisco
CVE-2019-1909 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
NOT-FOR-US: Cisco
-CVE-2019-1908
- RESERVED
-CVE-2019-1907
- RESERVED
+CVE-2019-1908 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...)
+ TODO: check
+CVE-2019-1907 (A vulnerability in the web server of Cisco Integrated Management Contr ...)
+ TODO: check
CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime Infrastruc ...)
NOT-FOR-US: Cisco
CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco AsyncOS Soft ...)
@@ -38209,16 +38231,16 @@ CVE-2019-1902
RESERVED
CVE-2019-1901 (A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem ...)
NOT-FOR-US: Cisco
-CVE-2019-1900
- RESERVED
+CVE-2019-1900 (A vulnerability in the web server of Cisco Integrated Management Contr ...)
+ TODO: check
CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W, and RV21 ...)
NOT-FOR-US: Cisco
CVE-2019-1898 (A vulnerability in the web-based management interface of Cisco RV110W, ...)
NOT-FOR-US: Cisco
CVE-2019-1897 (A vulnerability in the web-based management interface of Cisco RV110W, ...)
NOT-FOR-US: Cisco
-CVE-2019-1896
- RESERVED
+CVE-2019-1896 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
CVE-2019-1895 (A vulnerability in the Virtual Network Computing (VNC) console impleme ...)
NOT-FOR-US: Cisco
CVE-2019-1894 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
@@ -38239,12 +38261,12 @@ CVE-2019-1887 (A vulnerability in the Session Initiation Protocol (SIP) protocol
NOT-FOR-US: Cisco
CVE-2019-1886 (A vulnerability in the HTTPS decryption feature of Cisco Web Security ...)
NOT-FOR-US: Cisco
-CVE-2019-1885
- RESERVED
+CVE-2019-1885 (A vulnerability in the Redfish protocol of Cisco Integrated Management ...)
+ TODO: check
CVE-2019-1884 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...)
NOT-FOR-US: Cisco
-CVE-2019-1883
- RESERVED
+CVE-2019-1883 (A vulnerability in the command-line interface of Cisco Integrated Mana ...)
+ TODO: check
CVE-2019-1882 (A vulnerability in Cisco Industrial Network Director could allow an au ...)
NOT-FOR-US: Cisco
CVE-2019-1881 (A vulnerability in the web-based management interface of Cisco Industr ...)
@@ -38267,8 +38289,8 @@ CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive Se
NOT-FOR-US: Cisco
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication Server (VCS) ...)
NOT-FOR-US: Cisco
-CVE-2019-1871
- RESERVED
+CVE-2019-1871 (A vulnerability in the Import Cisco IMC configuration utility of Cisco ...)
+ TODO: check
CVE-2019-1870 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
NOT-FOR-US: Cisco
CVE-2019-1869 (A vulnerability in the internal packet-processing functionality of the ...)
@@ -38279,12 +38301,12 @@ CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services Control
NOT-FOR-US: Cisco
CVE-2019-1866
RESERVED
-CVE-2019-1865
- RESERVED
-CVE-2019-1864
- RESERVED
-CVE-2019-1863
- RESERVED
+CVE-2019-1865 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
+CVE-2019-1864 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
+CVE-2019-1863 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2019-1861 (A vulnerability in the software update feature of Cisco Industrial Net ...)
@@ -38309,8 +38331,8 @@ CVE-2019-1852 (A vulnerability in the web-based management interface of Cisco Pr
NOT-FOR-US: Cisco
CVE-2019-1851 (A vulnerability in the External RESTful Services (ERS) API of the Cisc ...)
NOT-FOR-US: Cisco
-CVE-2019-1850
- RESERVED
+CVE-2019-1850 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label ...)
NOT-FOR-US: Cisco
CVE-2019-1848 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
@@ -38331,8 +38353,8 @@ CVE-2019-1841 (A vulnerability in the Software Image Management feature of Cisco
NOT-FOR-US: Cisco
CVE-2019-1840 (A vulnerability in the DHCPv6 input packet processor of Cisco Prime Ne ...)
NOT-FOR-US: Cisco
-CVE-2019-1839
- RESERVED
+CVE-2019-1839 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
+ TODO: check
CVE-2019-1838 (A vulnerability in the web-based management interface of Cisco Applica ...)
NOT-FOR-US: Cisco
CVE-2019-1837 (A vulnerability in the User Data Services (UDS) API of Cisco Unified C ...)
@@ -38766,8 +38788,8 @@ CVE-2019-1636 (A vulnerability in the Cisco Webex Teams client, formerly Cisco S
NOT-FOR-US: Cisco
CVE-2019-1635 (A vulnerability in the call-handling functionality of Session Initiati ...)
NOT-FOR-US: Cisco
-CVE-2019-1634
- RESERVED
+CVE-2019-1634 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...)
+ TODO: check
CVE-2019-1633
RESERVED
CVE-2019-1632 (A vulnerability in the web-based management interface of Cisco Integra ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7d62350bb2523ab56dcefc1cf3682d56bff934f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7d62350bb2523ab56dcefc1cf3682d56bff934f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190821/580d1c19/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list