automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-09-13 20:10:24 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-09-13 20:10:24 +0000
commit: fb865505307925464be8873413931b237a710a05 (patch)
tree: a61dfb86c7c6145b512eb551e37ed5ceb95d755e /data
parent: edd10c727f5028d3391ba227d58036ec5c5a31ef (diff)
5 files changed, 162 insertions, 76 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 8928f5acff..5041588822 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,5 @@
+CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...)
+	TODO: check
 CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...)
 	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
 	NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 54de743731..91d7bb07ec 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,39 +1,75 @@
-CVE-2016-10955
+CVE-2016-10973
 	RESERVED
-CVE-2016-10954
+CVE-2016-10972
 	RESERVED
-CVE-2016-10953
+CVE-2016-10971
 	RESERVED
-CVE-2016-10952
+CVE-2016-10970
 	RESERVED
-CVE-2016-10951
+CVE-2016-10969
 	RESERVED
-CVE-2016-10950
+CVE-2016-10968
 	RESERVED
-CVE-2016-10949
+CVE-2016-10967
 	RESERVED
-CVE-2016-10948
+CVE-2016-10966
 	RESERVED
-CVE-2016-10947
+CVE-2016-10965
 	RESERVED
-CVE-2016-10946
+CVE-2016-10964
 	RESERVED
-CVE-2016-10945
+CVE-2016-10963
 	RESERVED
-CVE-2016-10944
+CVE-2016-10962
 	RESERVED
-CVE-2016-10943
+CVE-2016-10961
 	RESERVED
-CVE-2016-10942
+CVE-2016-10960
 	RESERVED
-CVE-2016-10941
+CVE-2016-10959
 	RESERVED
-CVE-2016-10940
+CVE-2016-10958
 	RESERVED
-CVE-2016-10939
+CVE-2016-10957
 	RESERVED
-CVE-2016-10938
+CVE-2016-10956
 	RESERVED
+CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...)
+	TODO: check
+CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...)
+	TODO: check
+CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...)
+	TODO: check
+CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...)
+	TODO: check
+CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...)
+	TODO: check
+CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...)
+	TODO: check
+CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...)
+	TODO: check
+CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...)
+	TODO: check
+CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...)
+	TODO: check
+CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...)
+	TODO: check
+CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...)
+	TODO: check
+CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id  ...)
+	TODO: check
+CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
+	TODO: check
+CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
+	TODO: check
+CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...)
+	TODO: check
+CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...)
+	TODO: check
+CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
+	TODO: check
 CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
 	- imapfilter <unfixed> (bug #939702)
 	[buster] - imapfilter <no-dsa> (Minor issue)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index a84b0c6303..1d8ec31b84 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,5 @@
+CVE-2017-18634
+	RESERVED
 CVE-2017-18633
 	RESERVED
 CVE-2017-18632
@@ -34,14 +36,14 @@ CVE-2017-18617
 	RESERVED
 CVE-2017-18616
 	RESERVED
-CVE-2017-18615
-	RESERVED
-CVE-2017-18614
-	RESERVED
-CVE-2017-18613
-	RESERVED
-CVE-2017-18612
-	RESERVED
+CVE-2017-18615 (The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. ...)
+	TODO: check
+CVE-2017-18614 (The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via ...)
+	TODO: check
+CVE-2017-18613 (The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin ...)
+	TODO: check
+CVE-2017-18612 (The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/f ...)
+	TODO: check
 CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
 	NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index a1721411db..5724f75555 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1897,12 +1897,13 @@ CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL
 	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
 	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
 CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
-	{DLA-1791-1}
+	{DSA-4522-1 DLA-1791-1}
 	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/26
 	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_assembl ...)
+	{DSA-4522-1}
 	- faad2 2.8.8-2 (low)
 	[buster] - faad2 <no-dsa> (Minor issue)
 	[stretch] - faad2 <no-dsa> (Minor issue)
@@ -1917,12 +1918,14 @@ CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_
 	NOTE: https://github.com/knik0/faad2/issues/32
 	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
 CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...)
+	{DSA-4522-1}
 	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	[jessie] - faad2 2.7-8+deb8u2
 	NOTE: https://github.com/knik0/faad2/issues/29
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
 CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_predict ...)
+	{DSA-4522-1}
 	- faad2 2.8.8-2 (low)
 	[buster] - faad2 <no-dsa> (Minor issue)
 	[stretch] - faad2 <no-dsa> (Minor issue)
@@ -1930,6 +1933,7 @@ CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_p
 	NOTE: https://github.com/knik0/faad2/issues/31
 	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel of li ...)
+	{DSA-4522-1}
 	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	[jessie] - faad2 2.7-8+deb8u2
@@ -2493,14 +2497,14 @@ CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of lib
 	NOTE: https://github.com/knik0/faad2/issues/24
 	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
-	{DLA-1791-1}
+	{DSA-4522-1 DLA-1791-1}
 	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/23
 	NOTE: same underlying issue as CVE-2018-20362, same fix:
 	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...)
-	{DLA-1791-1}
+	{DSA-4522-1 DLA-1791-1}
 	- faad2 2.8.8-2
 	NOTE: https://github.com/knik0/faad2/issues/20
 	NOTE: very similar to CVE-2018-20194, same fix:
@@ -2511,13 +2515,14 @@ CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of
 	NOTE: https://github.com/knik0/faad2/issues/19
 	NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
 CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...)
+	{DSA-4522-1}
 	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	[jessie] - faad2 2.7-8+deb8u2
 	NOTE: https://github.com/knik0/faad2/issues/25
 	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14
 CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the c ...)
-	{DLA-1791-1}
+	{DSA-4522-1 DLA-1791-1}
 	- faad2 2.8.8-2
 	NOTE: https://github.com/knik0/faad2/issues/21
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
@@ -4482,6 +4487,7 @@ CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in
 CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct  ...)
 	NOT-FOR-US: Remedy AR System Server in BMC Remedy
 CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+	{DSA-4522-1}
 	- faad2 2.8.8-2 (low; bug #914641)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	[jessie] - faad2 2.7-8+deb8u2
@@ -4489,13 +4495,14 @@ CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FA
 	NOTE: https://github.com/knik0/faad2/issues/26
 	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+	{DSA-4522-1}
 	- faad2 2.8.8-2 (bug #914641)
 	[jessie] - faad2 2.7-8+deb8u2
 	NOTE: https://sourceforge.net/p/faac/bugs/240/
 	NOTE: https://github.com/knik0/faad2/issues/18
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
 CVE-2018-19502 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
-	{DLA-1899-1}
+	{DSA-4522-1 DLA-1899-1}
 	- faad2 2.8.8-3 (bug #914641)
 	NOTE: https://sourceforge.net/p/faac/bugs/240/
 	NOTE: https://github.com/knik0/faad2/issues/22
@@ -36819,8 +36826,8 @@ CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave b
 	NOT-FOR-US: Aruba
 CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...)
 	NOT-FOR-US: Aruba
-CVE-2018-7081
-	RESERVED
+CVE-2018-7081 (A remote code execution vulnerability is present in network-listening  ...)
+	TODO: check
 CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
 	NOT-FOR-US: Aruba
 CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ad ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 559193bb80..5542bea9e1 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,43 @@
+CVE-2019-16296
+	RESERVED
+CVE-2019-16295
+	RESERVED
+CVE-2019-16294
+	RESERVED
+CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...)
+	TODO: check
+CVE-2019-16292
+	RESERVED
+CVE-2019-16291
+	RESERVED
+CVE-2019-16290
+	RESERVED
+CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...)
+	TODO: check
+CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
+	TODO: check
+CVE-2019-16287
+	RESERVED
+CVE-2019-16286
+	RESERVED
+CVE-2019-16285
+	RESERVED
+CVE-2019-16284
+	RESERVED
+CVE-2019-16283
+	RESERVED
+CVE-2019-16282
+	RESERVED
+CVE-2019-16281
+	RESERVED
+CVE-2019-16280
+	RESERVED
+CVE-2019-16279
+	RESERVED
+CVE-2019-16278
+	RESERVED
+CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...)
+	TODO: check
 CVE-2019-XXXX [wireshark wnpa-sec-2019-21]
 	- wireshark 3.0.4-1 (low)
 	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
@@ -2209,7 +2249,7 @@ CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28495
 CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
-	{DLA-1899-1}
+	{DSA-4522-1 DLA-1899-1}
 	- faad2 2.8.8-3
 	NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
 CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...)
@@ -2832,12 +2872,10 @@ CVE-2019-15033
 	RESERVED
 CVE-2019-15032
 	RESERVED
-CVE-2019-15031 [powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts]
-	RESERVED
+CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/a8318c13e79badb92bc6640704a64cc022a6eb97
-CVE-2019-15030 [powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction]
-	RESERVED
+CVE-2019-15030 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
 CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system command ...)
@@ -4061,6 +4099,7 @@ CVE-2019-14515
 CVE-2019-14514
 	RESERVED
 CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...)
+	{DLA-1921-1}
 	- dnsmasq 2.76-1
 	NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76
 	TODO: Find the relevant isolated changes in the 2.76 release to address the issue.
@@ -5534,18 +5573,18 @@ CVE-2019-13925
 	RESERVED
 CVE-2019-13924
 	RESERVED
-CVE-2019-13923
-	RESERVED
-CVE-2019-13922
-	RESERVED
+CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...)
+	TODO: check
+CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+	TODO: check
 CVE-2019-13921
 	RESERVED
-CVE-2019-13920
-	RESERVED
-CVE-2019-13919
-	RESERVED
-CVE-2019-13918
-	RESERVED
+CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+	TODO: check
+CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+	TODO: check
+CVE-2019-13918 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+	TODO: check
 CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution  ...)
 	{DSA-4488-1}
 	- exim4 4.92-10
@@ -6370,8 +6409,8 @@ CVE-2019-13550
 	RESERVED
 CVE-2019-13549
 	RESERVED
-CVE-2019-13548
-	RESERVED
+CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
+	TODO: check
 CVE-2019-13547
 	RESERVED
 CVE-2019-13546
@@ -6402,8 +6441,8 @@ CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version
 	NOT-FOR-US: Philips
 CVE-2019-13533
 	RESERVED
-CVE-2019-13532
-	RESERVED
+CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
+	TODO: check
 CVE-2019-13531
 	RESERVED
 CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
@@ -6810,10 +6849,10 @@ CVE-2019-13366
 	RESERVED
 CVE-2019-13365
 	RESERVED
-CVE-2019-13364
-	RESERVED
-CVE-2019-13363
-	RESERVED
+CVE-2019-13364 (admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat&amp ...)
+	TODO: check
+CVE-2019-13363 (admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nb ...)
+	TODO: check
 CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...)
 	NOT-FOR-US: Codedoc
 CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an ...)
@@ -8051,8 +8090,8 @@ CVE-2019-12924 (MailEnable Enterprise Premium 10.23 was vulnerable to XML Extern
 	NOT-FOR-US: MailEnable Enterprise Premium
 CVE-2019-12923 (In MailEnable Enterprise Premium 10.23, the potential cross-site reque ...)
 	NOT-FOR-US: MailEnable Enterprise Premium
-CVE-2019-12922
-	RESERVED
+CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in th ...)
+	TODO: check
 CVE-2019-12921
 	RESERVED
 CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
@@ -9016,10 +9055,10 @@ CVE-2019-12519
 	RESERVED
 CVE-2019-12518
 	RESERVED
-CVE-2019-12517
-	RESERVED
-CVE-2019-12516
-	RESERVED
+CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 fo ...)
+	TODO: check
+CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injectio ...)
+	TODO: check
 CVE-2019-12515 (There is an out-of-bounds read vulnerability in the function FlateStre ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 	NOTE: https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar
@@ -11371,8 +11410,8 @@ CVE-2019-11662
 	RESERVED
 CVE-2019-11661
 	RESERVED
-CVE-2019-11660
-	RESERVED
+CVE-2019-11660 (Privileges manipulation in Micro Focus Data Protector, versions 10.00, ...)
+	TODO: check
 CVE-2019-11659
 	RESERVED
 CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...)
@@ -13191,8 +13230,8 @@ CVE-2019-10939
 	RESERVED
 CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communication  ...)
 	NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices
-CVE-2019-10937
-	RESERVED
+CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
+	TODO: check
 CVE-2019-10936
 	RESERVED
 CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
@@ -27792,10 +27831,10 @@ CVE-2019-5487
 	RESERVED
 CVE-2019-5486
 	RESERVED
-CVE-2019-5485
-	RESERVED
-CVE-2019-5484
-	RESERVED
+CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...)
+	TODO: check
+CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file  ...)
+	TODO: check
 CVE-2019-5483 (Seneca &lt; 3.9.0 contains a vulnerability that could lead to exposing ...)
 	TODO: check
 CVE-2019-5482 [TFTP small blocksize heap buffer overflow]
@@ -28219,10 +28258,10 @@ CVE-2019-5317
 	RESERVED
 CVE-2019-5316
 	RESERVED
-CVE-2019-5315
-	RESERVED
-CVE-2019-5314
-	RESERVED
+CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
+	TODO: check
+CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...)
+	TODO: check
 CVE-2019-5313
 	RESERVED
 CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...)
@@ -31913,8 +31952,8 @@ CVE-2019-3648
 	RESERVED
 CVE-2019-3647
 	RESERVED
-CVE-2019-3646
-	RESERVED
+CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
+	TODO: check
 CVE-2019-3645
 	RESERVED
 CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
author	security tracker role <sectracker@soriano.debian.org>	2019-09-13 20:10:24 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-09-13 20:10:24 +0000
commit	fb865505307925464be8873413931b237a710a05 (patch)
tree	a61dfb86c7c6145b512eb551e37ed5ceb95d755e /data
parent	edd10c727f5028d3391ba227d58036ec5c5a31ef (diff)