[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Aug 22 09:10:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8f310d2 by security tracker role at 2019-08-22T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,137 @@
+CVE-2019-15324
+	RESERVED
+CVE-2019-15323
+	RESERVED
+CVE-2019-15322
+	RESERVED
+CVE-2019-15321
+	RESERVED
+CVE-2019-15320
+	RESERVED
+CVE-2019-15319
+	RESERVED
+CVE-2019-15318
+	RESERVED
+CVE-2019-15317
+	RESERVED
+CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...)
+	TODO: check
+CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...)
+	TODO: check
+CVE-2018-20986
+	RESERVED
+CVE-2018-20985
+	RESERVED
+CVE-2018-20984
+	RESERVED
+CVE-2018-20983
+	RESERVED
+CVE-2018-20982
+	RESERVED
+CVE-2018-20981
+	RESERVED
+CVE-2018-20980
+	RESERVED
+CVE-2018-20979
+	RESERVED
+CVE-2017-18585
+	RESERVED
+CVE-2017-18584
+	RESERVED
+CVE-2017-18583
+	RESERVED
+CVE-2017-18582
+	RESERVED
+CVE-2017-18581
+	RESERVED
+CVE-2017-18580
+	RESERVED
+CVE-2017-18579
+	RESERVED
+CVE-2017-18578
+	RESERVED
+CVE-2017-18577
+	RESERVED
+CVE-2017-18576
+	RESERVED
+CVE-2017-18575
+	RESERVED
+CVE-2017-18574
+	RESERVED
+CVE-2017-18573
+	RESERVED
+CVE-2017-18572
+	RESERVED
+CVE-2017-18571
+	RESERVED
+CVE-2017-18570
+	RESERVED
+CVE-2016-10929
+	RESERVED
+CVE-2016-10928
+	RESERVED
+CVE-2016-10927
+	RESERVED
+CVE-2016-10926
+	RESERVED
+CVE-2016-10925
+	RESERVED
+CVE-2016-10924
+	RESERVED
+CVE-2016-10923
+	RESERVED
+CVE-2016-10922
+	RESERVED
+CVE-2016-10921
+	RESERVED
+CVE-2016-10920
+	RESERVED
+CVE-2016-10919
+	RESERVED
+CVE-2016-10918
+	RESERVED
+CVE-2016-10917
+	RESERVED
+CVE-2016-10916
+	RESERVED
+CVE-2015-9337
+	RESERVED
+CVE-2015-9336
+	RESERVED
+CVE-2015-9335
+	RESERVED
+CVE-2015-9334
+	RESERVED
+CVE-2015-9333
+	RESERVED
+CVE-2014-10385
+	RESERVED
+CVE-2014-10384
+	RESERVED
+CVE-2014-10383
+	RESERVED
+CVE-2014-10382
+	RESERVED
+CVE-2013-7483
+	RESERVED
+CVE-2013-7482
+	RESERVED
+CVE-2013-7481
+	RESERVED
+CVE-2013-7480
+	RESERVED
+CVE-2013-7479
+	RESERVED
+CVE-2013-7478
+	RESERVED
+CVE-2013-7477
+	RESERVED
+CVE-2012-6716
+	RESERVED
+CVE-2009-5158
+	RESERVED
+CVE-2008-7321
+	RESERVED
 CVE-2019-15314
 	RESERVED
 CVE-2019-15313
@@ -1620,6 +1754,7 @@ CVE-2019-14776
 CVE-2019-14775
 	RESERVED
 CVE-2019-12625 [clamav zip DoS]
+	RESERVED
 	- clamav <unfixed> (bug #934359)
 	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
 	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
@@ -1831,10 +1966,10 @@ CVE-2019-14688
 	RESERVED
 CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
 	NOT-FOR-US: Trend Micro
-CVE-2019-14686
-	RESERVED
-CVE-2019-14685
-	RESERVED
+CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...)
+	TODO: check
+CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend Micro Secur ...)
+	TODO: check
 CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
@@ -11282,12 +11417,12 @@ CVE-2019-11605
 	RESERVED
 CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...)
 	NOT-FOR-US: Quest KACE Systems Management Appliance
-CVE-2019-11603
-	RESERVED
-CVE-2019-11602
-	RESERVED
-CVE-2019-11601
-	RESERVED
+CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...)
+	TODO: check
+CVE-2019-11602 (Leakage of stack traces in remote access to backup & restore in ea ...)
+	TODO: check
+CVE-2019-11601 (A directory traversal vulnerability in remote access to backup & r ...)
+	TODO: check
 CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...)
 	NOT-FOR-US: OpenProject
 CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
@@ -13824,8 +13959,8 @@ CVE-2019-10689 (VVX products using UCS software version 5.9.2 and earlier with B
 	NOT-FOR-US: VVX products using UCS software
 CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2  ...)
 	NOT-FOR-US: VVX products using UCS
-CVE-2019-10687
-	RESERVED
+CVE-2019-10687 (KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...)
+	TODO: check
 CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
 	NOT-FOR-US: Ctrip Apollo
 CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
@@ -26287,8 +26422,8 @@ CVE-2019-6179
 	RESERVED
 CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...)
 	NOT-FOR-US: Iomega and LenovoEMC NAS products
-CVE-2019-6177
-	RESERVED
+CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003,  ...)
+	TODO: check
 CVE-2019-6176
 	RESERVED
 CVE-2019-6175
@@ -27764,8 +27899,8 @@ CVE-2019-5640
 	RESERVED
 CVE-2019-5639
 	RESERVED
-CVE-2019-5638
-	RESERVED
+CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)
+	TODO: check
 CVE-2019-5637
 	RESERVED
 CVE-2019-5636
@@ -47837,8 +47972,8 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "py
 	NOTE: No real security impact. 3rd party requested CVE rejection
 CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
 	NOT-FOR-US: MDaemon Webmail
-CVE-2018-17791
-	RESERVED
+CVE-2018-17791 (Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...)
+	TODO: check
 CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
 	NOT-FOR-US: Prospecta Master Data Online (MDO)
 CVE-2018-17789



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8f310d283733764a988b359a009b240020d0898

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8f310d283733764a988b359a009b240020d0898
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190822/f4e7b1ea/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list