diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-11-06 08:10:18 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-06 08:10:18 +0000 |
| commit | dc322fe6468fe2ade33357a4b76cdb4ba6183e38 (patch) | |
| tree | 2d4bdb676ab4dff92f31192874623776e9ece018 | |
| parent | 38689dee1bd274e8ea09d9e37dbd2bf273c0fec4 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2005.list | 3 | ||||
| -rw-r--r-- | data/CVE/2006.list | 15 | ||||
| -rw-r--r-- | data/CVE/2007.list | 3 | ||||
| -rw-r--r-- | data/CVE/2010.list | 18 | ||||
| -rw-r--r-- | data/CVE/2011.list | 17 | ||||
| -rw-r--r-- | data/CVE/2013.list | 3 | ||||
| -rw-r--r-- | data/CVE/2016.list | 3 | ||||
| -rw-r--r-- | data/CVE/2018.list | 60 | ||||
| -rw-r--r-- | data/CVE/2019.list | 342 |
9 files changed, 235 insertions, 229 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 000cbf1909..1033c03948 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -8219,8 +8219,7 @@ CVE-2005-XXXX [Missing input validation in xtradius] - xtradius 1.2.1-beta2-2 (bug #307796; unimportant) CVE-2005-XXXX [fai tempfile vulnerability] - fai 2.8.2 -CVE-2005-2354 [nvu uses old copy of mozilla xpcom] - RESERVED +CVE-2005-2354 (Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in ...) NOTE: have not checked to see which security holes are in it exactly - nvu <removed> (bug #306822; medium) CVE-2005-2356 diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 6c99180d3a..9035d966d1 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -6707,14 +6707,12 @@ CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read arbitr ...) {DSA-1177-1} - usermin <removed> (bug #374609) -CVE-2006-4245 - RESERVED +CVE-2006-4245 (archivemail 0.6.2 uses temporary files insecurely leading to a possibl ...) - archivemail 0.6.2-2 (bug #385253) CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...) {DSA-1239-1} - sql-ledger 2.6.18-1 (medium; bug #386519) -CVE-2006-4243 [linux vserver priviledge escalation in remount code] - RESERVED +CVE-2006-4243 (linux vserver 2.6 before 2.6.17 suffers from privilege escalation in r ...) - linux-2.6 2.6.17-9 CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...) NOT-FOR-US: JIM component for Joomla or Mambo @@ -9350,8 +9348,7 @@ CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versi CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x be ...) {DSA-1112} - mysql-dfsg-5.0 5.0.19-1 (bug #373913; high) -CVE-2006-3100 [termnetd buffer overflow] - RESERVED +CVE-2006-3100 (termpkg 3.3 suffers from buffer overflow. ...) - termpkg 3.3-7 (bug #358028; medium) CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...) - linux-2.6 2.6.16-15 @@ -16329,11 +16326,9 @@ CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "A NOTE: According to the maintainer only affects a config option that is strongly NOTE: discouraged due to potential security problems NOTE: (Upstream fix was in 2.0.20.) -CVE-2006-0062 [Potential xlockmore bypass] - RESERVED +CVE-2006-0062 (xlockmore 5.13 allows potential xlock bypass when FVWM switches to the ...) - xlockmore 1:5.13-2.1 (bug #309760) -CVE-2006-0061 [xlock segfaults when using libpam-opensc] - RESERVED +CVE-2006-0061 (xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns ...) - xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low) [sarge] - xlockmore <no-dsa> (Minor issue) CVE-2006-0060 diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 24dec9688b..c6e61768a3 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -13938,8 +13938,7 @@ CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...) NOT-FOR-US: TagIt! Tagboard -CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c] - RESERVED +CVE-2007-0899 (There is a possible heap overflow in libclamav/fsg.c before 0.100.0. ...) {DSA-1263-1} - clamav 0.90-1 [etch] - clamav 0.88.7-2 diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 6aab1a1991..232e0d5065 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -4326,24 +4326,19 @@ CVE-2010-3668 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and CVE-2010-3669 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) -CVE-2010-3670 [Multiple security issues] - RESERVED +CVE-2010-3670 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) -CVE-2010-3671 [Multiple security issues] - RESERVED +CVE-2010-3671 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) -CVE-2010-3672 [Multiple security issues] - RESERVED +CVE-2010-3672 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea v ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) -CVE-2010-3673 [Multiple security issues] - RESERVED +CVE-2010-3673 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) -CVE-2010-3674 [Multiple security issues] - RESERVED +CVE-2010-3674 (TYPO3 before 4.4.1 allows XSS in the frontend search box. ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-XXXX [piwigo] @@ -7916,8 +7911,7 @@ CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise Virtuali NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M) CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...) - vdsm <itp> (bug #668538) -CVE-2010-2222 - RESERVED +CVE-2010-2222 (The _ger_parse_control function in Red Hat Directory Server 8 and the ...) NOT-FOR-US: Red Hat Directory Server CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...) - iscsitarget 1.4.20.1-1 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 6c306a53b0..42a99f3b0a 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -10301,10 +10301,10 @@ CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attac NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-1461 RESERVED -CVE-2011-1460 - RESERVED -CVE-2011-1459 - RESERVED +CVE-2011-1460 (WebKit in Google Chrome before Blink M11 contains a bad cast to Render ...) + TODO: check +CVE-2011-1459 (The WebKit::WebPluginContainerImpl::handleEvent function in Google Chr ...) + TODO: check CVE-2011-1458 RESERVED CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) @@ -11685,24 +11685,21 @@ CVE-2011-XXXX [kfreebsd dos] [lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny) - kfreebsd-7 <removed> [lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny) -CVE-2011-1133 [xinha XSS mode param] - RESERVED +CVE-2011-1133 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...) - serendipity <removed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) [squeeze] - serendipity <no-dsa> (Minor issue) - openacs <not-affected> (PHP bindings not used) - dotlrn <not-affected> (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ -CVE-2011-1134 [xinha XSS image manager] - RESERVED +CVE-2011-1134 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...) - serendipity <removed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) [squeeze] - serendipity <no-dsa> (Minor issue) - openacs <not-affected> (PHP bindings not used) - dotlrn <not-affected> (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ -CVE-2011-1135 [xinha multiple vulns] - RESERVED +CVE-2011-1135 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...) - serendipity <removed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) [squeeze] - serendipity <no-dsa> (Minor issue) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index d6f48d26ef..e1a1d8db26 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -6153,8 +6153,7 @@ CVE-2013-5125 (WebKit, as used in Apple iOS before 7, allows remote attackers to NOT-FOR-US: Apple iOS CVE-2013-5124 RESERVED -CVE-2013-5123 [insecure mirroring] - RESERVED +CVE-2013-5123 (The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ...) - python-pip 1.4.1-1 (unimportant) [squeeze] - python-pip <not-affected> (Support for mirroring introduced in 0.8.1) NOTE: This is additional hardening / security feature, not a vulnerabily (despite diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 0e6528443f..06b2593b71 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -18412,8 +18412,7 @@ CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) NOTE: Affects >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1 CVE-2016-4984 (/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...) - openldap <not-affected> (Red Hat-specific) -CVE-2016-4983 - RESERVED +CVE-2016-4983 (A postinstall script in the dovecot rpm allows local users to read the ...) - dovecot <not-affected> (Specific to Red Hat packaging) CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows local use ...) NOT-FOR-US: authd diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 49d3bf0e3b..a46c49e12d 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -5470,38 +5470,38 @@ CVE-2018-19169 RESERVED CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi (a ...) NOT-FOR-US: FruityWifi -CVE-2018-19167 - RESERVED -CVE-2018-19166 - RESERVED -CVE-2018-19165 - RESERVED -CVE-2018-19164 - RESERVED -CVE-2018-19163 - RESERVED -CVE-2018-19162 - RESERVED -CVE-2018-19161 - RESERVED -CVE-2018-19160 - RESERVED -CVE-2018-19159 - RESERVED +CVE-2018-19167 (CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency ...) + TODO: check +CVE-2018-19166 (peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) a ...) + TODO: check +CVE-2018-19165 (neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) all ...) + TODO: check +CVE-2018-19164 (reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) ...) + TODO: check +CVE-2018-19163 (stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) ...) + TODO: check +CVE-2018-19162 (Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allow ...) + TODO: check +CVE-2018-19161 (alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows ...) + TODO: check +CVE-2018-19160 (Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) ...) + TODO: check +CVE-2018-19159 (lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows ...) + TODO: check CVE-2018-19158 (ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurre ...) NOT-FOR-US: ColossusCoinXT -CVE-2018-19157 - RESERVED -CVE-2018-19156 - RESERVED -CVE-2018-19155 - RESERVED -CVE-2018-19154 - RESERVED -CVE-2018-19153 - RESERVED -CVE-2018-19152 - RESERVED +CVE-2018-19157 (Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) al ...) + TODO: check +CVE-2018-19156 (PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allo ...) + TODO: check +CVE-2018-19155 (navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) al ...) + TODO: check +CVE-2018-19154 (HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) al ...) + TODO: check +CVE-2018-19153 (particl through 0.17 (a chain-based proof-of-stake cryptocurrency) all ...) + TODO: check +CVE-2018-19152 (emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) all ...) + TODO: check CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows ...) NOT-FOR-US: qtum CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 13834fde1a..8e64902d42 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,4 +1,26 @@ -CVE-2019-18786 [media: rcar_drif: fix a memory disclosure] +CVE-2019-18792 + RESERVED +CVE-2019-18791 + RESERVED +CVE-2019-18790 + RESERVED +CVE-2019-18789 + RESERVED +CVE-2019-18788 + RESERVED +CVE-2019-18787 + RESERVED +CVE-2019-18785 + RESERVED +CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...) + TODO: check +CVE-2019-18783 + RESERVED +CVE-2019-18782 + RESERVED +CVE-2019-18781 + RESERVED +CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitial ...) - linux <unfixed> NOTE: https://patchwork.linuxtv.org/patch/59542/ CVE-2019-18780 (An arbitrary command injection vulnerability in the Cluster Server com ...) @@ -216,8 +238,8 @@ CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the L NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1 CVE-2019-18675 RESERVED -CVE-2019-18674 - RESERVED +CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...) + TODO: check CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...) NOT-FOR-US: SHIFT BitBox02 devices CVE-2019-18672 @@ -264,8 +286,8 @@ CVE-2019-18652 RESERVED CVE-2019-18651 RESERVED -CVE-2019-18650 - RESERVED +CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...) + TODO: check CVE-2019-18649 RESERVED CVE-2019-18648 @@ -633,12 +655,15 @@ CVE-2019-18467 CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It resolves ...) NOT-FOR-US: libpod (podman library used to create container pods) CVE-2019-18601 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of ser ...) + {DLA-1982-1} - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt CVE-2019-18602 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an informatio ...) + {DLA-1982-1} - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...) + {DLA-1982-1} - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has be ...) @@ -1225,7 +1250,7 @@ CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not re NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...) - {DLA-1974-1} + {DSA-4559-1 DLA-1974-1} - proftpd-dfsg 1.3.6a-2 (bug #942831) NOTE: https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4 NOTE: https://github.com/proftpd/proftpd/issues/846 @@ -2411,7 +2436,7 @@ CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...) NOT-FOR-US: Rambox -CVE-2019-17624 (In X.Org X Server 1.20.4, there is a stack-based buffer overflow in th ...) +CVE-2019-17624 ("" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in ...) - xorg-server <undetermined> NOTE: https://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html CVE-2019-17623 @@ -5462,8 +5487,8 @@ CVE-2019-16286 RESERVED CVE-2019-16285 RESERVED -CVE-2019-16284 - RESERVED +CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...) + TODO: check CVE-2019-16283 RESERVED CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...) @@ -21554,8 +21579,7 @@ CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector cl NOTE: https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58 CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...) NOT-FOR-US: Apache Allura -CVE-2019-10084 - RESERVED +CVE-2019-10084 (In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to ...) NOT-FOR-US: Apache Impala CVE-2019-10083 RESERVED @@ -27508,20 +27532,20 @@ CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists i NOT-FOR-US: Magento CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...) NOT-FOR-US: Adobe -CVE-2019-8233 - RESERVED -CVE-2019-8232 - RESERVED -CVE-2019-8231 - RESERVED -CVE-2019-8230 - RESERVED -CVE-2019-8229 - RESERVED -CVE-2019-8228 - RESERVED -CVE-2019-8227 - RESERVED +CVE-2019-8233 (In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 ...) + TODO: check +CVE-2019-8232 (In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 pr ...) + TODO: check +CVE-2019-8231 (In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated ...) + TODO: check +CVE-2019-8230 (In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenti ...) + TODO: check +CVE-2019-8229 (In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authent ...) + TODO: check +CVE-2019-8228 (in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) + TODO: check +CVE-2019-8227 (In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) + TODO: check CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) @@ -27656,112 +27680,112 @@ CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2 NOT-FOR-US: Adobe CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe -CVE-2019-8159 - RESERVED -CVE-2019-8158 - RESERVED -CVE-2019-8157 - RESERVED -CVE-2019-8156 - RESERVED -CVE-2019-8155 - RESERVED -CVE-2019-8154 - RESERVED -CVE-2019-8153 - RESERVED -CVE-2019-8152 - RESERVED -CVE-2019-8151 - RESERVED -CVE-2019-8150 - RESERVED -CVE-2019-8149 - RESERVED -CVE-2019-8148 - RESERVED -CVE-2019-8147 - RESERVED -CVE-2019-8146 - RESERVED -CVE-2019-8145 - RESERVED -CVE-2019-8144 - RESERVED -CVE-2019-8143 - RESERVED -CVE-2019-8142 - RESERVED -CVE-2019-8141 - RESERVED -CVE-2019-8140 - RESERVED -CVE-2019-8139 - RESERVED -CVE-2019-8138 - RESERVED -CVE-2019-8137 - RESERVED -CVE-2019-8136 - RESERVED -CVE-2019-8135 - RESERVED -CVE-2019-8134 - RESERVED -CVE-2019-8133 - RESERVED -CVE-2019-8132 - RESERVED -CVE-2019-8131 - RESERVED -CVE-2019-8130 - RESERVED -CVE-2019-8129 - RESERVED -CVE-2019-8128 - RESERVED -CVE-2019-8127 - RESERVED -CVE-2019-8126 - RESERVED -CVE-2019-8125 - RESERVED -CVE-2019-8124 - RESERVED -CVE-2019-8123 - RESERVED -CVE-2019-8122 - RESERVED -CVE-2019-8121 - RESERVED -CVE-2019-8120 - RESERVED -CVE-2019-8119 - RESERVED -CVE-2019-8118 - RESERVED -CVE-2019-8117 - RESERVED -CVE-2019-8116 - RESERVED -CVE-2019-8115 - RESERVED -CVE-2019-8114 - RESERVED -CVE-2019-8113 - RESERVED -CVE-2019-8112 - RESERVED -CVE-2019-8111 - RESERVED -CVE-2019-8110 - RESERVED -CVE-2019-8109 - RESERVED -CVE-2019-8108 - RESERVED -CVE-2019-8107 - RESERVED +CVE-2019-8159 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8158 (An XPath entity injection vulnerability exists in Magento 2.2 prior to ...) + TODO: check +CVE-2019-8157 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8156 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) + TODO: check +CVE-2019-8155 (Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF ...) + TODO: check +CVE-2019-8154 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8153 (A mitigation bypass to prevent cross-site scripting (XSS) exists in Ma ...) + TODO: check +CVE-2019-8152 (A stored cross-site scripting (XSS) vulnerability exists in in Magento ...) + TODO: check +CVE-2019-8151 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8150 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8149 (Insecure authentication and session management vulnerability exists in ...) + TODO: check +CVE-2019-8148 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8147 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8146 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8145 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8144 (A remote code execution vulnerability exists in Magento 2.3 prior to 2 ...) + TODO: check +CVE-2019-8143 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) + TODO: check +CVE-2019-8142 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8141 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check +CVE-2019-8140 (An unrestricted file upload vulnerability exists in Magento 2.2 prior ...) + TODO: check +CVE-2019-8139 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8138 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8137 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8136 (An insecure component vulnerability exists in Magento 2.2 prior to 2.2 ...) + TODO: check +CVE-2019-8135 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8134 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) + TODO: check +CVE-2019-8133 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...) + TODO: check +CVE-2019-8132 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8131 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8130 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) + TODO: check +CVE-2019-8129 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8128 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8127 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) + TODO: check +CVE-2019-8126 (An XML entity injection vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8125 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) + TODO: check +CVE-2019-8124 (An insufficient logging and monitoring vulnerability exists in Magento ...) + TODO: check +CVE-2019-8123 (An insufficient logging and monitoring vulnerability exists in Magento ...) + TODO: check +CVE-2019-8122 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check +CVE-2019-8121 (An insecure component vulnerability exists in Magento 2.1 prior to 2.1 ...) + TODO: check +CVE-2019-8120 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8119 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check +CVE-2019-8118 (Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 ...) + TODO: check +CVE-2019-8117 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) + TODO: check +CVE-2019-8116 (Insecure authentication and session management vulnerability exists in ...) + TODO: check +CVE-2019-8115 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...) + TODO: check +CVE-2019-8114 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) + TODO: check +CVE-2019-8113 (Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 us ...) + TODO: check +CVE-2019-8112 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...) + TODO: check +CVE-2019-8111 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8110 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8109 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) + TODO: check +CVE-2019-8108 (Insecure authentication and session management vulnerability exists in ...) + TODO: check +CVE-2019-8107 (An arbitrary file deletion vulnerability exists in Magento 2.2 prior t ...) + TODO: check CVE-2019-8106 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...) NOT-FOR-US: Adobe CVE-2019-8105 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...) @@ -27788,14 +27812,14 @@ CVE-2019-8095 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 20 NOT-FOR-US: Adobe CVE-2019-8094 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...) NOT-FOR-US: Adobe -CVE-2019-8093 - RESERVED -CVE-2019-8092 - RESERVED -CVE-2019-8091 - RESERVED -CVE-2019-8090 - RESERVED +CVE-2019-8093 (An arbitrary file access vulnerability exists in Magento 2.2 prior to ...) + TODO: check +CVE-2019-8092 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...) + TODO: check +CVE-2019-8091 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) + TODO: check +CVE-2019-8090 (An arbitrary file deletion vulnerability exists in Magento 2.1 prior t ...) + TODO: check CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...) NOT-FOR-US: Adobe CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...) @@ -32409,8 +32433,8 @@ CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable th NOT-FOR-US: Forcepoint CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...) NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW) -CVE-2019-6142 - RESERVED +CVE-2019-6142 (It has been reported that XSS is possible in Forcepoint Email Security ...) + TODO: check CVE-2019-6141 RESERVED CVE-2019-6140 (A configuration issue has been discovered in Forcepoint Email Security ...) @@ -34894,10 +34918,10 @@ CVE-2019-5091 RESERVED CVE-2019-5090 RESERVED -CVE-2019-5089 - RESERVED -CVE-2019-5088 - RESERVED +CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investintech ...) + TODO: check +CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...) + TODO: check CVE-2019-5087 RESERVED CVE-2019-5086 @@ -34936,8 +34960,8 @@ CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthen NOT-FOR-US: eFront LMS CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...) NOT-FOR-US: Epignosis eFront LMS -CVE-2019-5068 - RESERVED +CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...) + TODO: check CVE-2019-5067 (An uninitialized memory access vulnerability exists in the way Aspose. ...) NOT-FOR-US: Aspose CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW-comp ...) @@ -41789,16 +41813,16 @@ CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualizat NOT-FOR-US: Cisco CVE-2019-1983 RESERVED -CVE-2019-1982 - RESERVED -CVE-2019-1981 - RESERVED -CVE-2019-1980 - RESERVED +CVE-2019-1982 (A vulnerability in the HTTP traffic filtering component of Cisco Firep ...) + TODO: check +CVE-2019-1981 (A vulnerability in the normalization functionality of Cisco Firepower ...) + TODO: check +CVE-2019-1980 (A vulnerability in the protocol detection component of Cisco Firepower ...) + TODO: check CVE-2019-1979 RESERVED -CVE-2019-1978 - RESERVED +CVE-2019-1978 (A vulnerability in the stream reassembly component of Cisco Firepower ...) + TODO: check CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...) NOT-FOR-US: Cisco CVE-2019-1976 (A vulnerability in the &ldquo;plug-and-play&rdquo; services co ...) @@ -41999,8 +42023,8 @@ CVE-2019-1879 (A vulnerability in the CLI of Cisco Integrated Management Control NOT-FOR-US: Cisco CVE-2019-1878 (A vulnerability in the Cisco Discovery Protocol (CDP) implementation f ...) NOT-FOR-US: Cisco -CVE-2019-1877 - RESERVED +CVE-2019-1877 (A vulnerability in the HTTP API of Cisco Enterprise Chat and Email cou ...) + TODO: check CVE-2019-1876 (A vulnerability in the HTTPS proxy feature of Cisco Wide Area Applicat ...) NOT-FOR-US: Cisco CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Prime S ...) @@ -42309,8 +42333,8 @@ CVE-2019-1736 RESERVED CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco -CVE-2019-1734 - RESERVED +CVE-2019-1734 (A vulnerability in the implementation of a CLI diagnostic command in C ...) + TODO: check CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX- ...) NOT-FOR-US: Cisco CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco ...) |