[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 9 09:10:31 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80fbc499 by security tracker role at 2019-08-09T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-14801
+	RESERVED
+CVE-2019-14800
+	RESERVED
+CVE-2019-14799
+	RESERVED
+CVE-2019-14798
+	RESERVED
+CVE-2019-14797
+	RESERVED
+CVE-2019-14796
+	RESERVED
+CVE-2019-14795
+	RESERVED
+CVE-2019-14794
+	RESERVED
+CVE-2019-14793
+	RESERVED
+CVE-2019-14792
+	RESERVED
+CVE-2019-14791
+	RESERVED
+CVE-2019-14790
+	RESERVED
+CVE-2019-14789
+	RESERVED
+CVE-2019-14788
+	RESERVED
+CVE-2019-14787
+	RESERVED
+CVE-2019-14786
+	RESERVED
+CVE-2019-14785
+	RESERVED
+CVE-2019-14784
+	RESERVED
+CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
+	TODO: check
+CVE-2019-14782
+	RESERVED
+CVE-2019-14781
+	RESERVED
+CVE-2019-14780
+	RESERVED
+CVE-2016-10865
+	RESERVED
 CVE-2019-14779
 	RESERVED
 CVE-2019-14778
@@ -14,10 +60,10 @@ CVE-2019-XXXX [clamav zip DoS]
 	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356
-CVE-2019-14774
-	RESERVED
-CVE-2019-14773
-	RESERVED
+CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...)
+	TODO: check
+CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...)
+	TODO: check
 CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
 	NOT-FOR-US: verdaccio
 CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the  ...)
@@ -56,8 +102,8 @@ CVE-2019-14755
 	RESERVED
 CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
 	NOT-FOR-US: Open-School
-CVE-2018-20962
-	RESERVED
+CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows X ...)
+	TODO: check
 CVE-2019-14753
 	RESERVED
 CVE-2019-14752
@@ -215,16 +261,16 @@ CVE-2019-14685
 	RESERVED
 CVE-2019-14684
 	RESERVED
-CVE-2019-14683
-	RESERVED
-CVE-2019-14682
-	RESERVED
-CVE-2019-14681
-	RESERVED
-CVE-2019-14680
-	RESERVED
-CVE-2019-14679
-	RESERVED
+CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
+	TODO: check
+CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
+	TODO: check
+CVE-2019-14681 (The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admi ...)
+	TODO: check
+CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 f ...)
+	TODO: check
+CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...)
+	TODO: check
 CVE-2019-14678
 	RESERVED
 CVE-2019-14677
@@ -249,8 +295,8 @@ CVE-2019-14668 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack
 	NOT-FOR-US: Firefly
 CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due t ...)
 	NOT-FOR-US: Firefly
-CVE-2015-9292
-	RESERVED
+CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code p ...)
+	TODO: check
 CVE-2019-14666
 	RESERVED
 CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
@@ -273,26 +319,26 @@ CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability i
 	- linux 4.16.5-1
 	[stretch] - linux 4.9.107-1
 	NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f
-CVE-2018-20960
-	RESERVED
+CVE-2018-20960 (Nespresso Prodigio devices lack Bluetooth connection security. ...)
+	TODO: check
 CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
 	NOT-FOR-US: Jura E8 devices
 CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
 	NOT-FOR-US: Tapplock devices
-CVE-2018-20957
-	RESERVED
-CVE-2018-20956
-	RESERVED
-CVE-2018-20955
-	RESERVED
-CVE-2017-18485
-	RESERVED
-CVE-2017-18484
-	RESERVED
+CVE-2018-20957 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
+	TODO: check
+CVE-2018-20956 (Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory re ...)
+	TODO: check
+CVE-2018-20955 (Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to ...)
+	TODO: check
+CVE-2017-18485 (Cognitoys Dino devices allow profiles_add.html CSRF. ...)
+	TODO: check
+CVE-2017-18484 (Cognitoys Dino devices allow XSS via the SSID. ...)
+	TODO: check
 CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. ...)
 	NOT-FOR-US: NETGEAR
-CVE-2016-10863
-	RESERVED
+CVE-2016-10863 (Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with  ...)
+	TODO: check
 CVE-2019-14661
 	RESERVED
 CVE-2019-14660
@@ -309,8 +355,8 @@ CVE-2019-14655
 	REJECTED
 CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...)
 	NOT-FOR-US: Joomla!
-CVE-2018-20954
-	RESERVED
+CVE-2018-20954 (The "Security and Privacy" Encryption feature in Mailpile before 1.0.0 ...)
+	TODO: check
 CVE-2019-XXXX [Buffer overflow during processing of large server replies]
 	- pump <unfixed> (bug #933674)
 CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...)
@@ -559,8 +605,8 @@ CVE-2019-14536
 	RESERVED
 CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a  ...)
 	NOT-FOR-US: ANNKE SP1 HD wireless camera devices
-CVE-2016-10862
-	RESERVED
+CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for the root ...)
+	TODO: check
 CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...)
 	NOT-FOR-US: Neet AirStream NAS1.1 devices
 CVE-2019-14535
@@ -13127,13 +13173,14 @@ CVE-2019-10210
 	NOT-FOR-US: EnterpriseDB Windows installer
 CVE-2019-10209 [postgres: Fix execution of hashed subplans that require cross-type comparison]
 	RESERVED
+	{DSA-4493-1}
 	- postgresql-11 11.5-1
 	- postgresql-9.6 <not-affected> (Only affects PostgreSQL 11)
 	- postgresql-9.4 <not-affected> (Only affects PostgreSQL 11)
 	NOTE: https://www.postgresql.org/about/news/1960/
 CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary type when using functional cast syntax]
 	RESERVED
-	{DLA-1874-1}
+	{DSA-4493-1 DSA-4492-1 DLA-1874-1}
 	- postgresql-11 11.5-1
 	- postgresql-9.6 <removed>
 	- postgresql-9.4 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80fbc4995664d478104cb276705b3be9004dd806

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80fbc4995664d478104cb276705b3be9004dd806
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/32328938/attachment.html>

More information about the debian-security-tracker-commits mailing list