Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c31b7a4 by security tracker role at 2019-08-22T20:10:30Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,139 +1,187 @@
-CVE-2019-15324
- RESERVED
-CVE-2019-15323
- RESERVED
-CVE-2019-15322
+CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before
9.1.2 for W ...)
+ TODO: check
+CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has
insufficient ...)
+ TODO: check
+CVE-2019-15329
RESERVED
-CVE-2019-15321
+CVE-2019-15328
RESERVED
-CVE-2019-15320
+CVE-2019-15327
RESERVED
-CVE-2019-15319
+CVE-2019-15326
RESERVED
-CVE-2019-15318
+CVE-2019-15325
RESERVED
-CVE-2019-15317
+CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval
injection in the ...)
+ TODO: check
+CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has
PHP objec ...)
+ TODO: check
+CVE-2017-18586 (The insert-pages plugin before 3.2.4 for WordPress has
directory trave ...)
+ TODO: check
+CVE-2016-10930 (The wp-support-plus-responsive-ticket-system plugin before
7.1.0 for W ...)
+ TODO: check
+CVE-2015-9341 (The wp-file-upload plugin before 3.4.1 for WordPress has
insufficient ...)
+ TODO: check
+CVE-2015-9340 (The wp-file-upload plugin before 3.0.0 for WordPress has
insufficient ...)
+ TODO: check
+CVE-2015-9339 (The wp-file-upload plugin before 2.7.1 for WordPress has
insufficient ...)
+ TODO: check
+CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for WordPress has
insufficient ...)
+ TODO: check
+CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has
JavaScript inje ...)
+ TODO: check
+CVE-2014-10393
RESERVED
+CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...)
+ TODO: check
+CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1
for Wor ...)
+ TODO: check
+CVE-2014-10390 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
+ TODO: check
+CVE-2014-10389 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
+ TODO: check
+CVE-2014-10388 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
+ TODO: check
+CVE-2014-10387 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
+ TODO: check
+CVE-2014-10386 (The wp-live-chat-support plugin before 4.1.0 for WordPress has
JavaScr ...)
+ TODO: check
+CVE-2019-15324 (The ad-inserter plugin before 2.4.22 for WordPress has remote
code exe ...)
+ TODO: check
+CVE-2019-15323 (The ad-inserter plugin before 2.4.20 for WordPress has path
traversal. ...)
+ TODO: check
+CVE-2019-15322 (The shortcode-factory plugin before 2.8 for WordPress has
Local File I ...)
+ TODO: check
+CVE-2019-15321 (The option-tree plugin before 2.7.3 for WordPress has Object
Injection ...)
+ TODO: check
+CVE-2019-15320 (The option-tree plugin before 2.7.3 for WordPress has Object
Injection ...)
+ TODO: check
+CVE-2019-15319 (The option-tree plugin before 2.7.0 for WordPress has Object
Injection ...)
+ TODO: check
+CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for
WordPres ...)
+ TODO: check
+CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor
name. ...)
+ TODO: check
CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak
folder perm ...)
TODO: check
CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows
privilege esc ...)
TODO: check
CVE-2018-20986
RESERVED
-CVE-2018-20985
- RESERVED
-CVE-2018-20984
- RESERVED
-CVE-2018-20983
- RESERVED
-CVE-2018-20982
- RESERVED
-CVE-2018-20981
- RESERVED
-CVE-2018-20980
- RESERVED
-CVE-2018-20979
- RESERVED
+CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local
file inc ...)
+ TODO: check
+CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has
Object Injec ...)
+ TODO: check
+CVE-2018-20983 (The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.
...)
+ TODO: check
+CVE-2018-20982 (The media-library-assistant plugin before 2.74 for WordPress
has XSS v ...)
+ TODO: check
+CVE-2018-20981 (The ninja-forms plugin before 3.3.9 for WordPress has
insufficient res ...)
+ TODO: check
+CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for WordPress has
parameter tampe ...)
+ TODO: check
+CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has
privilege esc ...)
+ TODO: check
CVE-2017-18585
RESERVED
-CVE-2017-18584
- RESERVED
-CVE-2017-18583
- RESERVED
-CVE-2017-18582
- RESERVED
-CVE-2017-18581
- RESERVED
-CVE-2017-18580
- RESERVED
+CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no
permissi ...)
+ TODO: check
+CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP
Object ...)
+ TODO: check
+CVE-2017-18582 (The time-sheets plugin before 1.5.2 for WordPress has multiple
XSS iss ...)
+ TODO: check
+CVE-2017-18581 (The time-sheets plugin before 1.5.0 for WordPress has XSS via
the old ...)
+ TODO: check
+CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has
remote c ...)
+ TODO: check
CVE-2017-18579
RESERVED
CVE-2017-18578
RESERVED
-CVE-2017-18577
- RESERVED
-CVE-2017-18576
- RESERVED
-CVE-2017-18575
- RESERVED
-CVE-2017-18574
- RESERVED
-CVE-2017-18573
- RESERVED
-CVE-2017-18572
- RESERVED
-CVE-2017-18571
- RESERVED
-CVE-2017-18570
- RESERVED
+CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS
via the ...)
+ TODO: check
+CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS
via the l ...)
+ TODO: check
+CVE-2017-18575 (The newstatpress plugin before 1.2.5 for WordPress has
multiple stored ...)
+ TODO: check
+CVE-2017-18574 (The ninja-forms plugin before 3.0.31 for WordPress has
insufficient HT ...)
+ TODO: check
+CVE-2017-18573 (The simple-login-log plugin before 1.1.2 for WordPress has SQL
injecti ...)
+ TODO: check
+CVE-2017-18572 (The gnucommerce plugin before 1.4.2 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18571 (The search-everything plugin before 8.1.7 for WordPress has
SQL inject ...)
+ TODO: check
+CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL
injection in the ...)
+ TODO: check
CVE-2016-10929
RESERVED
CVE-2016-10928
RESERVED
-CVE-2016-10927
- RESERVED
-CVE-2016-10926
- RESERVED
-CVE-2016-10925
- RESERVED
-CVE-2016-10924
- RESERVED
-CVE-2016-10923
- RESERVED
-CVE-2016-10922
- RESERVED
-CVE-2016-10921
- RESERVED
-CVE-2016-10920
- RESERVED
-CVE-2016-10919
- RESERVED
-CVE-2016-10918
- RESERVED
-CVE-2016-10917
- RESERVED
-CVE-2016-10916
- RESERVED
-CVE-2015-9337
- RESERVED
-CVE-2015-9336
- RESERVED
-CVE-2015-9335
- RESERVED
+CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has
SSRF in aj ...)
+ TODO: check
+CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has
SSRF in aja ...)
+ TODO: check
+CVE-2016-10925 (The peters-login-redirect plugin before 2.9.1 for WordPress
has XSS du ...)
+ TODO: check
+CVE-2016-10924 (The ebook-download plugin before 1.2 for WordPress has
directory trave ...)
+ TODO: check
+CVE-2016-10923 (The woocommerce-store-toolkit plugin before 1.5.8 for
WordPress has pr ...)
+ TODO: check
+CVE-2016-10922 (The woocommerce-store-toolkit plugin before 1.5.7 for
WordPress has pr ...)
+ TODO: check
+CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress
has SQL in ...)
+ TODO: check
+CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has
XSS. ...)
+ TODO: check
+CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the
Top stats ...)
+ TODO: check
+CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has
CSRF. ...)
+ TODO: check
+CVE-2016-10917 (The search-everything plugin before 8.1.6 for WordPress has
SQL inject ...)
+ TODO: check
+CVE-2016-10916 (The appointment-booking-calendar plugin before 1.1.24 for
WordPress ha ...)
+ TODO: check
+CVE-2015-9337 (The profile-builder plugin before 2.1.4 for WordPress has no
access co ...)
+ TODO: check
+CVE-2015-9336 (The clean-login plugin before 1.5.1 for WordPress has reflected
XSS. ...)
+ TODO: check
+CVE-2015-9335 (The limit-attempts plugin before 1.1.1 for WordPress has SQL
injection ...)
+ TODO: check
CVE-2015-9334
RESERVED
-CVE-2015-9333
- RESERVED
-CVE-2014-10385
- RESERVED
-CVE-2014-10384
- RESERVED
-CVE-2014-10383
- RESERVED
+CVE-2015-9333 (The cforms2 plugin before 14.6.10 for WordPress has SQL
injection. ...)
+ TODO: check
+CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress
has XSS ...)
+ TODO: check
+CVE-2014-10384 (The memphis-documents-library plugin before 3.0 for WordPress
has Loca ...)
+ TODO: check
+CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress
has Remo ...)
+ TODO: check
CVE-2014-10382
RESERVED
CVE-2013-7483
RESERVED
-CVE-2013-7482
- RESERVED
-CVE-2013-7481
- RESERVED
-CVE-2013-7480
- RESERVED
-CVE-2013-7479
- RESERVED
-CVE-2013-7478
- RESERVED
-CVE-2013-7477
- RESERVED
-CVE-2012-6716
- RESERVED
-CVE-2009-5158
- RESERVED
-CVE-2008-7321
- RESERVED
-CVE-2019-15314
- RESERVED
+CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS.
...)
+ TODO: check
+CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has
XSS. ...)
+ TODO: check
+CVE-2013-7480 (The events-manager plugin before 5.3.6.1 for WordPress has XSS
via the ...)
+ TODO: check
+CVE-2013-7479 (The events-manager plugin before 5.3.9 for WordPress has XSS in
the se ...)
+ TODO: check
+CVE-2013-7478 (The events-manager plugin before 5.5 for WordPress has XSS via
EM_Tick ...)
+ TODO: check
+CVE-2013-7477 (The events-manager plugin before 5.5.2 for WordPress has XSS in
the bo ...)
+ TODO: check
+CVE-2012-6716 (The events-manager plugin before 5.1.7 for WordPress has XSS
via JSON ...)
+ TODO: check
+CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has
insuffic ...)
+ TODO: check
+CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...)
+ TODO: check
+CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers
to uplo ...)
+ TODO: check
CVE-2019-15313
RESERVED
CVE-2019-15312
@@ -310,7 +358,8 @@ CVE-2019-15232 (Live555 before 2019.08.16 has a
Use-After-Free because GenericMe
[stretch] - liblivemedia <postponed> (Can be fixed along in future
update)
[jessie] - liblivemedia <postponed> (Can be fixed along with more
important patches)
NOTE: Fixed upstream in 2019.08.16 according to available information.
-CVE-2019-15231 (Webmin 1.890, in a default installation, contains a backdoor
that allo ...)
+CVE-2019-15231
+ REJECTED
- webmin <removed>
CVE-2019-15230
RESERVED
@@ -324,7 +373,7 @@ CVE-2019-15226
RESERVED
CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match
incoming ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2019-15224 (The rest-client gem 1.6.13 for Ruby, as distributed on
RubyGems.org, i ...)
+CVE-2019-15224 (The rest-client gem 1.6.10 through 1.6.13 for Ruby, as
distributed on ...)
- ruby-rest-client <not-affected> (Backdoored version not uploaded to
Debian)
CVE-2019-15223 (An issue was discovered in the Linux kernel before 5.1.8.
There is a N ...)
- linux <not-affected> (Vulnerable code not present)
@@ -712,7 +761,7 @@ CVE-2019-15109 (The the-events-calendar plugin before 4.8.2
for WordPress has XS
NOT-FOR-US: the-events-calendar plugin for WordPress
CVE-2019-15108 (An issue was discovered in WSO2 API Manager 2.6.0 before
WSO2-CARBON-P ...)
NOT-FOR-US: WSO2 API Manager
-CVE-2019-15107 (An issue was discovered in Webmin 1.882 through 1.921. The
parameter o ...)
+CVE-2019-15107 (An issue was discovered in Webmin <=1.920. The parameter
old in pas ...)
- webmin <removed>
CVE-2019-15106 (An issue was discovered in Zoho ManageEngine OpManager through
12.4x. ...)
NOT-FOR-US: Zoho ManageEngine OpManager
@@ -948,8 +997,8 @@ CVE-2019-15062 (An issue was discovered in Dolibarr
11.0.0-alpha. A user can sto
NOTE: https://github.com/Dolibarr/dolibarr/issues/11671
CVE-2019-15061
RESERVED
-CVE-2019-15060
- RESERVED
+CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router
with firmwa ...)
+ TODO: check
CVE-2019-15059
RESERVED
CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based
buffer ov ...)
@@ -1819,8 +1868,7 @@ CVE-2019-14753
RESERVED
CVE-2019-14752
RESERVED
-CVE-2019-14751 [Zip Slip in NLTK]
- RESERVED
+CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory
traversal, a ...)
- nltk <unfixed> (bug #935201)
NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/
NOTE:
https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10
@@ -2409,8 +2457,8 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq
before 2.76 allows an attack
TODO: Find the relevant isolated changes in the 2.76 release to address
the issue.
CVE-2019-14512
RESERVED
-CVE-2019-14511
- RESERVED
+CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no
authentication and ...)
+ TODO: check
CVE-2019-14510
RESERVED
CVE-2019-14509
@@ -2511,8 +2559,8 @@ CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php
message parameter. ...
NOT-FOR-US: TestLink
CVE-2019-14470
RESERVED
-CVE-2019-14469
- RESERVED
+CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated
privile ...)
+ TODO: check
CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in
cobc/field.c via c ...)
- gnucobol <unfixed> (bug #933884)
[buster] - gnucobol <no-dsa> (Minor issue)
@@ -9414,10 +9462,10 @@ CVE-2019-12387 (In Twisted before 19.2.1, twisted.web
did not validate or saniti
[stretch] - twisted <no-dsa> (Minor issue)
[jessie] - twisted <no-dsa> (Minor issue)
NOTE:
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
-CVE-2019-12386
- RESERVED
-CVE-2019-12385
- RESERVED
+CVE-2019-12386 (An issue was discovered in Ampache through 3.9.1. A stored XSS
exists ...)
+ TODO: check
+CVE-2019-12385 (An issue was discovered in Ampache through 3.9.1. The search
engine is ...)
+ TODO: check
CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow
attackers to ...)
{DLA-1831-1}
- jackson-databind 2.9.8-3 (bug #930750)
@@ -12989,12 +13037,12 @@ CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag
fields for HTML inputs in a fo
NOT-FOR-US: Applaud HCM
CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the
Candida ...)
NOT-FOR-US: EasyToRecruit
-CVE-2019-11031
- RESERVED
-CVE-2019-11030
- RESERVED
-CVE-2019-11029
- RESERVED
+CVE-2019-11031 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the
auto-up ...)
+ TODO: check
+CVE-2019-11030 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the
Mirasys ...)
+ TODO: check
+CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the
Downloa ...)
+ TODO: check
CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability
allowing ...)
NOT-FOR-US: GAT-Ship Web Module
CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to
Cross-Site ...)
@@ -13046,8 +13094,8 @@ CVE-2019-11015 (A vulnerability was found in the MIUI
OS version 10.1.3.0 that a
NOT-FOR-US: MIUI OS
CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared
object, a ...)
NOT-FOR-US: VStarCam
-CVE-2019-11013
- RESERVED
+CVE-2019-11013 (Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory
traversal ...)
+ TODO: check
CVE-2019-11012
RESERVED
CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution.
...)
@@ -17987,6 +18035,7 @@ CVE-2019-9517 (Some HTTP/2 implementations are
vulnerable to unconstrained inter
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-9517
NOTE:
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak,
potential ...)
+ {DSA-4505-1}
- nginx 1.14.2-3 (bug #935037)
[jessie] - nginx <not-affected> (HTTP2 support only exists since
version 1.9.5)
NOTE:
https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
@@ -18024,6 +18073,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are
vulnerable to a reset flood, pote
NOTE: https://github.com/h2o/h2o/issues/2090
NOTE:
https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops,
potentia ...)
+ {DSA-4505-1}
- nginx 1.14.2-3 (bug #935037)
[jessie] - nginx <not-affected> (HTTP2 support only exists since
version 1.9.5)
- nodejs <unfixed> (bug #934885)
@@ -18056,6 +18106,7 @@ CVE-2019-9512 (Some HTTP/2 implementations are
vulnerable to ping floods, potent
NOTE: https://github.com/h2o/h2o/issues/2090
NOTE:
https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size
manipulation ...)
+ {DSA-4505-1}
- nginx 1.14.2-3 (bug #935037)
[jessie] - nginx <not-affected> (HTTP2 support only exists since
version 1.9.5)
- nodejs <unfixed> (bug #934885)
@@ -18941,12 +18992,12 @@ CVE-2019-9162 (In the Linux kernel before 4.20.12,
net/ipv4/netfilter/nf_nat_snm
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1776
-CVE-2019-9155
- RESERVED
-CVE-2019-9154
- RESERVED
-CVE-2019-9153
- RESERVED
+CVE-2019-9155 (A cryptographic issue in OpenPGP.js <=4.2.0 allows an
attacker who ...)
+ TODO: check
+CVE-2019-9154 (Improper Verification of a Cryptographic Signature in
OpenPGP.js <= ...)
+ TODO: check
+CVE-2019-9153 (Improper Verification of a Cryptographic Signature in
OpenPGP.js <= ...)
+ TODO: check
CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
- hdf5 <unfixed>
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -22688,8 +22739,8 @@ CVE-2019-7619
RESERVED
CVE-2019-7618
RESERVED
-CVE-2019-7617
- RESERVED
+CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is
run as ...)
+ TODO: check
CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side
request f ...)
- kibana <itp> (bug #700337)
CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM
agent for R ...)
@@ -27920,14 +27971,14 @@ CVE-2019-5637
RESERVED
CVE-2019-5636
RESERVED
-CVE-2019-5635
- RESERVED
-CVE-2019-5634
- RESERVED
-CVE-2019-5633
- RESERVED
-CVE-2019-5632
- RESERVED
+CVE-2019-5635 (A cleartext transmission of sensitive information vulnerability
is pre ...)
+ TODO: check
+CVE-2019-5634 (An inclusion of sensitive information in log files
vulnerability is pr ...)
+ TODO: check
+CVE-2019-5633 (An insecure storage of sensitive information vulnerability is
present ...)
+ TODO: check
+CVE-2019-5632 (An insecure storage of sensitive information vulnerability is
present ...)
+ TODO: check
CVE-2019-5631 (The Rapid7 InsightAppSec broker suffers from a DLL injection
vulnerabi ...)
TODO: check
CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
Rapid7 ...)
@@ -45736,10 +45787,10 @@ CVE-2018-18575
RESERVED
CVE-2018-18574
RESERVED
-CVE-2018-18573
- RESERVED
-CVE-2018-18572
- RESERVED
+CVE-2018-18573 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist
filteri ...)
+ TODO: check
+CVE-2018-18572 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist
filteri ...)
+ TODO: check
CVE-2018-18571 (An Incorrect Access Control vulnerability has been identified
in Citri ...)
NOT-FOR-US: Citrix
CVE-2018-18570 (Planon before Live Build 41 has XSS. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c31b7a42c3773292fd0ac13400ce77494125577
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c31b7a42c3773292fd0ac13400ce77494125577
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
