diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-08-22 20:10:30 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-08-22 20:10:30 +0000 |
commit | 7092b4c9800568b7df9b85feeed320620403539b (patch) | |
tree | bb7b2ae617dd40bba529c86f4c77261ea6db5cfd /data | |
parent | 9fbec0d2d191d80a99e746f64c845030f9052efd (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2008.list | 4 | ||||
-rw-r--r-- | data/CVE/2009.list | 4 | ||||
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 24 | ||||
-rw-r--r-- | data/CVE/2014.list | 30 | ||||
-rw-r--r-- | data/CVE/2015.list | 24 | ||||
-rw-r--r-- | data/CVE/2016.list | 50 | ||||
-rw-r--r-- | data/CVE/2017.list | 54 | ||||
-rw-r--r-- | data/CVE/2018.list | 40 | ||||
-rw-r--r-- | data/CVE/2019.list | 121 |
10 files changed, 203 insertions, 152 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 88cbbb700c..7a1025db91 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -1,5 +1,5 @@ -CVE-2008-7321 - RESERVED +CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...) + TODO: check CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...) - seahorse <unfixed> (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774 diff --git a/data/CVE/2009.list b/data/CVE/2009.list index c55ccacd3d..5fedcfb7f6 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,5 +1,5 @@ -CVE-2009-5158 - RESERVED +CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has insuffic ...) + TODO: check CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...) NOT-FOR-US: Linksys CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 8167fd98f8..d79a5e8b6c 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1,5 +1,5 @@ -CVE-2012-6716 - RESERVED +CVE-2012-6716 (The events-manager plugin before 5.1.7 for WordPress has XSS via JSON ...) + TODO: check CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a Refere ...) NOT-FOR-US: formbuilder plugin for WordPress CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 06f4b3e96c..75775ec3c6 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,17 +1,17 @@ CVE-2013-7483 RESERVED -CVE-2013-7482 - RESERVED -CVE-2013-7481 - RESERVED -CVE-2013-7480 - RESERVED -CVE-2013-7479 - RESERVED -CVE-2013-7478 - RESERVED -CVE-2013-7477 - RESERVED +CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. ...) + TODO: check +CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. ...) + TODO: check +CVE-2013-7480 (The events-manager plugin before 5.3.6.1 for WordPress has XSS via the ...) + TODO: check +CVE-2013-7479 (The events-manager plugin before 5.3.9 for WordPress has XSS in the se ...) + TODO: check +CVE-2013-7478 (The events-manager plugin before 5.5 for WordPress has XSS via EM_Tick ...) + TODO: check +CVE-2013-7477 (The events-manager plugin before 5.5.2 for WordPress has XSS in the bo ...) + TODO: check CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...) NOT-FOR-US: simple-fields plugin for WordPress CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS. ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 4ef69e0f14..4301a25041 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1,9 +1,27 @@ -CVE-2014-10385 - RESERVED -CVE-2014-10384 - RESERVED -CVE-2014-10383 - RESERVED +CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has JavaScript inje ...) + TODO: check +CVE-2014-10393 + RESERVED +CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...) + TODO: check +CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1 for Wor ...) + TODO: check +CVE-2014-10390 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) + TODO: check +CVE-2014-10389 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) + TODO: check +CVE-2014-10388 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) + TODO: check +CVE-2014-10387 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) + TODO: check +CVE-2014-10386 (The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScr ...) + TODO: check +CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress has XSS ...) + TODO: check +CVE-2014-10384 (The memphis-documents-library plugin before 3.0 for WordPress has Loca ...) + TODO: check +CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress has Remo ...) + TODO: check CVE-2014-10382 RESERVED CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 929cd37c38..8814685eea 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,13 +1,21 @@ -CVE-2015-9337 - RESERVED -CVE-2015-9336 - RESERVED -CVE-2015-9335 - RESERVED +CVE-2015-9341 (The wp-file-upload plugin before 3.4.1 for WordPress has insufficient ...) + TODO: check +CVE-2015-9340 (The wp-file-upload plugin before 3.0.0 for WordPress has insufficient ...) + TODO: check +CVE-2015-9339 (The wp-file-upload plugin before 2.7.1 for WordPress has insufficient ...) + TODO: check +CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for WordPress has insufficient ...) + TODO: check +CVE-2015-9337 (The profile-builder plugin before 2.1.4 for WordPress has no access co ...) + TODO: check +CVE-2015-9336 (The clean-login plugin before 1.5.1 for WordPress has reflected XSS. ...) + TODO: check +CVE-2015-9335 (The limit-attempts plugin before 1.1.1 for WordPress has SQL injection ...) + TODO: check CVE-2015-9334 RESERVED -CVE-2015-9333 - RESERVED +CVE-2015-9333 (The cforms2 plugin before 14.6.10 for WordPress has SQL injection. ...) + TODO: check CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...) NOT-FOR-US: Wordpress plugin CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index cc934a793b..33d8e53b21 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,31 +1,33 @@ +CVE-2016-10930 (The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for W ...) + TODO: check CVE-2016-10929 RESERVED CVE-2016-10928 RESERVED -CVE-2016-10927 - RESERVED -CVE-2016-10926 - RESERVED -CVE-2016-10925 - RESERVED -CVE-2016-10924 - RESERVED -CVE-2016-10923 - RESERVED -CVE-2016-10922 - RESERVED -CVE-2016-10921 - RESERVED -CVE-2016-10920 - RESERVED -CVE-2016-10919 - RESERVED -CVE-2016-10918 - RESERVED -CVE-2016-10917 - RESERVED -CVE-2016-10916 - RESERVED +CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in aj ...) + TODO: check +CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in aja ...) + TODO: check +CVE-2016-10925 (The peters-login-redirect plugin before 2.9.1 for WordPress has XSS du ...) + TODO: check +CVE-2016-10924 (The ebook-download plugin before 1.2 for WordPress has directory trave ...) + TODO: check +CVE-2016-10923 (The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has pr ...) + TODO: check +CVE-2016-10922 (The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has pr ...) + TODO: check +CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL in ...) + TODO: check +CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. ...) + TODO: check +CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats ...) + TODO: check +CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. ...) + TODO: check +CVE-2016-10917 (The search-everything plugin before 8.1.6 for WordPress has SQL inject ...) + TODO: check +CVE-2016-10916 (The appointment-booking-calendar plugin before 1.1.24 for WordPress ha ...) + TODO: check CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 186ed3bd87..0b6c2b98fb 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,35 +1,37 @@ +CVE-2017-18586 (The insert-pages plugin before 3.2.4 for WordPress has directory trave ...) + TODO: check CVE-2017-18585 RESERVED -CVE-2017-18584 - RESERVED -CVE-2017-18583 - RESERVED -CVE-2017-18582 - RESERVED -CVE-2017-18581 - RESERVED -CVE-2017-18580 - RESERVED +CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no permissi ...) + TODO: check +CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP Object ...) + TODO: check +CVE-2017-18582 (The time-sheets plugin before 1.5.2 for WordPress has multiple XSS iss ...) + TODO: check +CVE-2017-18581 (The time-sheets plugin before 1.5.0 for WordPress has XSS via the old ...) + TODO: check +CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote c ...) + TODO: check CVE-2017-18579 RESERVED CVE-2017-18578 RESERVED -CVE-2017-18577 - RESERVED -CVE-2017-18576 - RESERVED -CVE-2017-18575 - RESERVED -CVE-2017-18574 - RESERVED -CVE-2017-18573 - RESERVED -CVE-2017-18572 - RESERVED -CVE-2017-18571 - RESERVED -CVE-2017-18570 - RESERVED +CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the ...) + TODO: check +CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS via the l ...) + TODO: check +CVE-2017-18575 (The newstatpress plugin before 1.2.5 for WordPress has multiple stored ...) + TODO: check +CVE-2017-18574 (The ninja-forms plugin before 3.0.31 for WordPress has insufficient HT ...) + TODO: check +CVE-2017-18573 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...) + TODO: check +CVE-2017-18572 (The gnucommerce plugin before 1.4.2 for WordPress has XSS. ...) + TODO: check +CVE-2017-18571 (The search-everything plugin before 8.1.7 for WordPress has SQL inject ...) + TODO: check +CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL injection in the ...) + TODO: check CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 5b2832e5b1..5f045f1f4c 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,19 +1,23 @@ +CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval injection in the ...) + TODO: check +CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP objec ...) + TODO: check CVE-2018-20986 RESERVED -CVE-2018-20985 - RESERVED -CVE-2018-20984 - RESERVED -CVE-2018-20983 - RESERVED -CVE-2018-20982 - RESERVED -CVE-2018-20981 - RESERVED -CVE-2018-20980 - RESERVED -CVE-2018-20979 - RESERVED +CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...) + TODO: check +CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has Object Injec ...) + TODO: check +CVE-2018-20983 (The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. ...) + TODO: check +CVE-2018-20982 (The media-library-assistant plugin before 2.74 for WordPress has XSS v ...) + TODO: check +CVE-2018-20981 (The ninja-forms plugin before 3.3.9 for WordPress has insufficient res ...) + TODO: check +CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for WordPress has parameter tampe ...) + TODO: check +CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has privilege esc ...) + TODO: check CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...) NOT-FOR-US: Wordpress plugin CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...) @@ -6730,10 +6734,10 @@ CVE-2018-18575 RESERVED CVE-2018-18574 RESERVED -CVE-2018-18573 - RESERVED -CVE-2018-18572 - RESERVED +CVE-2018-18573 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...) + TODO: check +CVE-2018-18572 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...) + TODO: check CVE-2018-18571 (An Incorrect Access Control vulnerability has been identified in Citri ...) NOT-FOR-US: Citrix CVE-2018-18570 (Planon before Live Build 41 has XSS. ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 056639212c..88310e8e8c 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,25 +1,39 @@ -CVE-2019-15324 - RESERVED -CVE-2019-15323 - RESERVED -CVE-2019-15322 - RESERVED -CVE-2019-15321 +CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for W ...) + TODO: check +CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has insufficient ...) + TODO: check +CVE-2019-15329 RESERVED -CVE-2019-15320 +CVE-2019-15328 RESERVED -CVE-2019-15319 +CVE-2019-15327 RESERVED -CVE-2019-15318 +CVE-2019-15326 RESERVED -CVE-2019-15317 +CVE-2019-15325 RESERVED +CVE-2019-15324 (The ad-inserter plugin before 2.4.22 for WordPress has remote code exe ...) + TODO: check +CVE-2019-15323 (The ad-inserter plugin before 2.4.20 for WordPress has path traversal. ...) + TODO: check +CVE-2019-15322 (The shortcode-factory plugin before 2.8 for WordPress has Local File I ...) + TODO: check +CVE-2019-15321 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...) + TODO: check +CVE-2019-15320 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...) + TODO: check +CVE-2019-15319 (The option-tree plugin before 2.7.0 for WordPress has Object Injection ...) + TODO: check +CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPres ...) + TODO: check +CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor name. ...) + TODO: check CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...) TODO: check CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...) TODO: check -CVE-2019-15314 - RESERVED +CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to uplo ...) + TODO: check CVE-2019-15313 RESERVED CVE-2019-15312 @@ -196,7 +210,8 @@ CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMe [stretch] - liblivemedia <postponed> (Can be fixed along in future update) [jessie] - liblivemedia <postponed> (Can be fixed along with more important patches) NOTE: Fixed upstream in 2019.08.16 according to available information. -CVE-2019-15231 (Webmin 1.890, in a default installation, contains a backdoor that allo ...) +CVE-2019-15231 + REJECTED - webmin <removed> CVE-2019-15230 RESERVED @@ -210,7 +225,7 @@ CVE-2019-15226 RESERVED CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match incoming ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) -CVE-2019-15224 (The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, i ...) +CVE-2019-15224 (The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on ...) - ruby-rest-client <not-affected> (Backdoored version not uploaded to Debian) CVE-2019-15223 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...) - linux <not-affected> (Vulnerable code not present) @@ -481,7 +496,7 @@ CVE-2019-15109 (The the-events-calendar plugin before 4.8.2 for WordPress has XS NOT-FOR-US: the-events-calendar plugin for WordPress CVE-2019-15108 (An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-P ...) NOT-FOR-US: WSO2 API Manager -CVE-2019-15107 (An issue was discovered in Webmin 1.882 through 1.921. The parameter o ...) +CVE-2019-15107 (An issue was discovered in Webmin <=1.920. The parameter old in pas ...) - webmin <removed> CVE-2019-15106 (An issue was discovered in Zoho ManageEngine OpManager through 12.4x. ...) NOT-FOR-US: Zoho ManageEngine OpManager @@ -585,8 +600,8 @@ CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can sto NOTE: https://github.com/Dolibarr/dolibarr/issues/11671 CVE-2019-15061 RESERVED -CVE-2019-15060 - RESERVED +CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router with firmwa ...) + TODO: check CVE-2019-15059 RESERVED CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...) @@ -1274,8 +1289,7 @@ CVE-2019-14753 RESERVED CVE-2019-14752 RESERVED -CVE-2019-14751 [Zip Slip in NLTK] - RESERVED +CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...) - nltk <unfixed> (bug #935201) NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/ NOTE: https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10 @@ -1824,8 +1838,8 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack TODO: Find the relevant isolated changes in the 2.76 release to address the issue. CVE-2019-14512 RESERVED -CVE-2019-14511 - RESERVED +CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...) + TODO: check CVE-2019-14510 RESERVED CVE-2019-14509 @@ -1926,8 +1940,8 @@ CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ... NOT-FOR-US: TestLink CVE-2019-14470 RESERVED -CVE-2019-14469 - RESERVED +CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated privile ...) + TODO: check CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...) - gnucobol <unfixed> (bug #933884) [buster] - gnucobol <no-dsa> (Minor issue) @@ -7115,10 +7129,10 @@ CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or saniti [stretch] - twisted <no-dsa> (Minor issue) [jessie] - twisted <no-dsa> (Minor issue) NOTE: https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 -CVE-2019-12386 - RESERVED -CVE-2019-12385 - RESERVED +CVE-2019-12386 (An issue was discovered in Ampache through 3.9.1. A stored XSS exists ...) + TODO: check +CVE-2019-12385 (An issue was discovered in Ampache through 3.9.1. The search engine is ...) + TODO: check CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to ...) {DLA-1831-1} - jackson-databind 2.9.8-3 (bug #930750) @@ -10544,12 +10558,12 @@ CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a fo NOT-FOR-US: Applaud HCM CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the Candida ...) NOT-FOR-US: EasyToRecruit -CVE-2019-11031 - RESERVED -CVE-2019-11030 - RESERVED -CVE-2019-11029 - RESERVED +CVE-2019-11031 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-up ...) + TODO: check +CVE-2019-11030 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys ...) + TODO: check +CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Downloa ...) + TODO: check CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing ...) NOT-FOR-US: GAT-Ship Web Module CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...) @@ -10595,8 +10609,8 @@ CVE-2019-11015 (A vulnerability was found in the MIUI OS version 10.1.3.0 that a NOT-FOR-US: MIUI OS CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared object, a ...) NOT-FOR-US: VStarCam -CVE-2019-11013 - RESERVED +CVE-2019-11013 (Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal ...) + TODO: check CVE-2019-11012 RESERVED CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution. ...) @@ -15462,6 +15476,7 @@ CVE-2019-9517 (Some HTTP/2 implementations are vulnerable to unconstrained inter NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-9517 NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak, potential ...) + {DSA-4505-1} - nginx 1.14.2-3 (bug #935037) [jessie] - nginx <not-affected> (HTTP2 support only exists since version 1.9.5) NOTE: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/ @@ -15499,6 +15514,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote NOTE: https://github.com/h2o/h2o/issues/2090 NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, potentia ...) + {DSA-4505-1} - nginx 1.14.2-3 (bug #935037) [jessie] - nginx <not-affected> (HTTP2 support only exists since version 1.9.5) - nodejs <unfixed> (bug #934885) @@ -15531,6 +15547,7 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent NOTE: https://github.com/h2o/h2o/issues/2090 NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipulation ...) + {DSA-4505-1} - nginx 1.14.2-3 (bug #935037) [jessie] - nginx <not-affected> (HTTP2 support only exists since version 1.9.5) - nodejs <unfixed> (bug #934885) @@ -16384,12 +16401,12 @@ CVE-2019-9162 (In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snm [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1776 -CVE-2019-9155 - RESERVED -CVE-2019-9154 - RESERVED -CVE-2019-9153 - RESERVED +CVE-2019-9155 (A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who ...) + TODO: check +CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...) + TODO: check +CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...) + TODO: check CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...) - hdf5 <unfixed> [buster] - hdf5 <no-dsa> (Minor issue) @@ -20024,8 +20041,8 @@ CVE-2019-7619 RESERVED CVE-2019-7618 RESERVED -CVE-2019-7617 - RESERVED +CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is run as ...) + TODO: check CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...) - kibana <itp> (bug #700337) CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM agent for R ...) @@ -24855,14 +24872,14 @@ CVE-2019-5637 RESERVED CVE-2019-5636 RESERVED -CVE-2019-5635 - RESERVED -CVE-2019-5634 - RESERVED -CVE-2019-5633 - RESERVED -CVE-2019-5632 - RESERVED +CVE-2019-5635 (A cleartext transmission of sensitive information vulnerability is pre ...) + TODO: check +CVE-2019-5634 (An inclusion of sensitive information in log files vulnerability is pr ...) + TODO: check +CVE-2019-5633 (An insecure storage of sensitive information vulnerability is present ...) + TODO: check +CVE-2019-5632 (An insecure storage of sensitive information vulnerability is present ...) + TODO: check CVE-2019-5631 (The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerabi ...) TODO: check CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 ...) |