diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-08-22 08:10:21 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-08-22 08:10:21 +0000 |
commit | 2a6da094c3179687b3d681e31013faeb45cb56cb (patch) | |
tree | c25f17d2036d84b8a410a3026f544dc8c94d966e /data/CVE | |
parent | 0170dc2eb6c9413a6f0afeece8658fcbb8c4e3f5 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2008 | 2 | ||||
-rw-r--r-- | data/CVE/list.2009 | 2 | ||||
-rw-r--r-- | data/CVE/list.2012 | 2 | ||||
-rw-r--r-- | data/CVE/list.2013 | 14 | ||||
-rw-r--r-- | data/CVE/list.2014 | 8 | ||||
-rw-r--r-- | data/CVE/list.2015 | 10 | ||||
-rw-r--r-- | data/CVE/list.2016 | 28 | ||||
-rw-r--r-- | data/CVE/list.2017 | 32 | ||||
-rw-r--r-- | data/CVE/list.2018 | 20 | ||||
-rw-r--r-- | data/CVE/list.2019 | 53 |
10 files changed, 153 insertions, 18 deletions
diff --git a/data/CVE/list.2008 b/data/CVE/list.2008 index 06824e3b56..88cbbb700c 100644 --- a/data/CVE/list.2008 +++ b/data/CVE/list.2008 @@ -1,3 +1,5 @@ +CVE-2008-7321 + RESERVED CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...) - seahorse <unfixed> (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774 diff --git a/data/CVE/list.2009 b/data/CVE/list.2009 index 3941088dac..c55ccacd3d 100644 --- a/data/CVE/list.2009 +++ b/data/CVE/list.2009 @@ -1,3 +1,5 @@ +CVE-2009-5158 + RESERVED CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...) NOT-FOR-US: Linksys CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...) diff --git a/data/CVE/list.2012 b/data/CVE/list.2012 index d2c3a04260..8167fd98f8 100644 --- a/data/CVE/list.2012 +++ b/data/CVE/list.2012 @@ -1,3 +1,5 @@ +CVE-2012-6716 + RESERVED CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a Refere ...) NOT-FOR-US: formbuilder plugin for WordPress CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...) diff --git a/data/CVE/list.2013 b/data/CVE/list.2013 index f80084b150..06f4b3e96c 100644 --- a/data/CVE/list.2013 +++ b/data/CVE/list.2013 @@ -1,3 +1,17 @@ +CVE-2013-7483 + RESERVED +CVE-2013-7482 + RESERVED +CVE-2013-7481 + RESERVED +CVE-2013-7480 + RESERVED +CVE-2013-7479 + RESERVED +CVE-2013-7478 + RESERVED +CVE-2013-7477 + RESERVED CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...) NOT-FOR-US: simple-fields plugin for WordPress CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS. ...) diff --git a/data/CVE/list.2014 b/data/CVE/list.2014 index 992e8dceea..ecf6502cb2 100644 --- a/data/CVE/list.2014 +++ b/data/CVE/list.2014 @@ -1,3 +1,11 @@ +CVE-2014-10385 + RESERVED +CVE-2014-10384 + RESERVED +CVE-2014-10383 + RESERVED +CVE-2014-10382 + RESERVED CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2014-10380 (The profile-builder plugin before 1.1.66 for WordPress has multiple XS ...) diff --git a/data/CVE/list.2015 b/data/CVE/list.2015 index 12d07dabd4..929cd37c38 100644 --- a/data/CVE/list.2015 +++ b/data/CVE/list.2015 @@ -1,3 +1,13 @@ +CVE-2015-9337 + RESERVED +CVE-2015-9336 + RESERVED +CVE-2015-9335 + RESERVED +CVE-2015-9334 + RESERVED +CVE-2015-9333 + RESERVED CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...) NOT-FOR-US: Wordpress plugin CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention ...) diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 87ad88c818..cc934a793b 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -1,3 +1,31 @@ +CVE-2016-10929 + RESERVED +CVE-2016-10928 + RESERVED +CVE-2016-10927 + RESERVED +CVE-2016-10926 + RESERVED +CVE-2016-10925 + RESERVED +CVE-2016-10924 + RESERVED +CVE-2016-10923 + RESERVED +CVE-2016-10922 + RESERVED +CVE-2016-10921 + RESERVED +CVE-2016-10920 + RESERVED +CVE-2016-10919 + RESERVED +CVE-2016-10918 + RESERVED +CVE-2016-10917 + RESERVED +CVE-2016-10916 + RESERVED CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...) diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 50457aa165..186ed3bd87 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -1,3 +1,35 @@ +CVE-2017-18585 + RESERVED +CVE-2017-18584 + RESERVED +CVE-2017-18583 + RESERVED +CVE-2017-18582 + RESERVED +CVE-2017-18581 + RESERVED +CVE-2017-18580 + RESERVED +CVE-2017-18579 + RESERVED +CVE-2017-18578 + RESERVED +CVE-2017-18577 + RESERVED +CVE-2017-18576 + RESERVED +CVE-2017-18575 + RESERVED +CVE-2017-18574 + RESERVED +CVE-2017-18573 + RESERVED +CVE-2017-18572 + RESERVED +CVE-2017-18571 + RESERVED +CVE-2017-18570 + RESERVED CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 7dd32b191e..2223477189 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -1,3 +1,19 @@ +CVE-2018-20986 + RESERVED +CVE-2018-20985 + RESERVED +CVE-2018-20984 + RESERVED +CVE-2018-20983 + RESERVED +CVE-2018-20982 + RESERVED +CVE-2018-20981 + RESERVED +CVE-2018-20980 + RESERVED +CVE-2018-20979 + RESERVED CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...) NOT-FOR-US: Wordpress plugin CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...) @@ -8763,8 +8779,8 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "py NOTE: No real security impact. 3rd party requested CVE rejection CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...) NOT-FOR-US: MDaemon Webmail -CVE-2018-17791 - RESERVED +CVE-2018-17791 (Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...) + TODO: check CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...) NOT-FOR-US: Prospecta Master Data Online (MDO) CVE-2018-17789 diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 5ef97808d5..fbb0f53788 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -1,3 +1,23 @@ +CVE-2019-15324 + RESERVED +CVE-2019-15323 + RESERVED +CVE-2019-15322 + RESERVED +CVE-2019-15321 + RESERVED +CVE-2019-15320 + RESERVED +CVE-2019-15319 + RESERVED +CVE-2019-15318 + RESERVED +CVE-2019-15317 + RESERVED +CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...) + TODO: check +CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...) + TODO: check CVE-2019-15314 RESERVED CVE-2019-15313 @@ -1192,6 +1212,7 @@ CVE-2019-14776 CVE-2019-14775 RESERVED CVE-2019-12625 [clamav zip DoS] + RESERVED - clamav <unfixed> (bug #934359) [buster] - clamav <no-dsa> (ClamAV is updated via -updates) [stretch] - clamav <no-dsa> (ClamAV is updated via -updates) @@ -1401,10 +1422,10 @@ CVE-2019-14688 RESERVED CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...) NOT-FOR-US: Trend Micro -CVE-2019-14686 - RESERVED -CVE-2019-14685 - RESERVED +CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...) + TODO: check +CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend Micro Secur ...) + TODO: check CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...) NOT-FOR-US: Trend Micro CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...) @@ -9031,12 +9052,12 @@ CVE-2019-11605 RESERVED CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...) NOT-FOR-US: Quest KACE Systems Management Appliance -CVE-2019-11603 - RESERVED -CVE-2019-11602 - RESERVED -CVE-2019-11601 - RESERVED +CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...) + TODO: check +CVE-2019-11602 (Leakage of stack traces in remote access to backup & restore in ea ...) + TODO: check +CVE-2019-11601 (A directory traversal vulnerability in remote access to backup & r ...) + TODO: check CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...) NOT-FOR-US: OpenProject CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an un ...) @@ -11480,8 +11501,8 @@ CVE-2019-10689 (VVX products using UCS software version 5.9.2 and earlier with B NOT-FOR-US: VVX products using UCS software CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2 ...) NOT-FOR-US: VVX products using UCS -CVE-2019-10687 - RESERVED +CVE-2019-10687 (KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...) + TODO: check CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...) NOT-FOR-US: Ctrip Apollo CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) @@ -23490,8 +23511,8 @@ CVE-2019-6179 RESERVED CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...) NOT-FOR-US: Iomega and LenovoEMC NAS products -CVE-2019-6177 - RESERVED +CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003, ...) + TODO: check CVE-2019-6176 RESERVED CVE-2019-6175 @@ -24814,8 +24835,8 @@ CVE-2019-5640 RESERVED CVE-2019-5639 RESERVED -CVE-2019-5638 - RESERVED +CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...) + TODO: check CVE-2019-5637 RESERVED CVE-2019-5636 |