[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 9 09:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80fbc499 by security tracker role at 2019-08-09T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-14801
+ RESERVED
+CVE-2019-14800
+ RESERVED
+CVE-2019-14799
+ RESERVED
+CVE-2019-14798
+ RESERVED
+CVE-2019-14797
+ RESERVED
+CVE-2019-14796
+ RESERVED
+CVE-2019-14795
+ RESERVED
+CVE-2019-14794
+ RESERVED
+CVE-2019-14793
+ RESERVED
+CVE-2019-14792
+ RESERVED
+CVE-2019-14791
+ RESERVED
+CVE-2019-14790
+ RESERVED
+CVE-2019-14789
+ RESERVED
+CVE-2019-14788
+ RESERVED
+CVE-2019-14787
+ RESERVED
+CVE-2019-14786
+ RESERVED
+CVE-2019-14785
+ RESERVED
+CVE-2019-14784
+ RESERVED
+CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
+ TODO: check
+CVE-2019-14782
+ RESERVED
+CVE-2019-14781
+ RESERVED
+CVE-2019-14780
+ RESERVED
+CVE-2016-10865
+ RESERVED
CVE-2019-14779
RESERVED
CVE-2019-14778
@@ -14,10 +60,10 @@ CVE-2019-XXXX [clamav zip DoS]
[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356
-CVE-2019-14774
- RESERVED
-CVE-2019-14773
- RESERVED
+CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...)
+ TODO: check
+CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...)
+ TODO: check
CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
NOT-FOR-US: verdaccio
CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the ...)
@@ -56,8 +102,8 @@ CVE-2019-14755
RESERVED
CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
NOT-FOR-US: Open-School
-CVE-2018-20962
- RESERVED
+CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows X ...)
+ TODO: check
CVE-2019-14753
RESERVED
CVE-2019-14752
@@ -215,16 +261,16 @@ CVE-2019-14685
RESERVED
CVE-2019-14684
RESERVED
-CVE-2019-14683
- RESERVED
-CVE-2019-14682
- RESERVED
-CVE-2019-14681
- RESERVED
-CVE-2019-14680
- RESERVED
-CVE-2019-14679
- RESERVED
+CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
+ TODO: check
+CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
+ TODO: check
+CVE-2019-14681 (The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admi ...)
+ TODO: check
+CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 f ...)
+ TODO: check
+CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...)
+ TODO: check
CVE-2019-14678
RESERVED
CVE-2019-14677
@@ -249,8 +295,8 @@ CVE-2019-14668 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack
NOT-FOR-US: Firefly
CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due t ...)
NOT-FOR-US: Firefly
-CVE-2015-9292
- RESERVED
+CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code p ...)
+ TODO: check
CVE-2019-14666
RESERVED
CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
@@ -273,26 +319,26 @@ CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability i
- linux 4.16.5-1
[stretch] - linux 4.9.107-1
NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f
-CVE-2018-20960
- RESERVED
+CVE-2018-20960 (Nespresso Prodigio devices lack Bluetooth connection security. ...)
+ TODO: check
CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
NOT-FOR-US: Jura E8 devices
CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
NOT-FOR-US: Tapplock devices
-CVE-2018-20957
- RESERVED
-CVE-2018-20956
- RESERVED
-CVE-2018-20955
- RESERVED
-CVE-2017-18485
- RESERVED
-CVE-2017-18484
- RESERVED
+CVE-2018-20957 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
+ TODO: check
+CVE-2018-20956 (Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory re ...)
+ TODO: check
+CVE-2018-20955 (Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to ...)
+ TODO: check
+CVE-2017-18485 (Cognitoys Dino devices allow profiles_add.html CSRF. ...)
+ TODO: check
+CVE-2017-18484 (Cognitoys Dino devices allow XSS via the SSID. ...)
+ TODO: check
CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. ...)
NOT-FOR-US: NETGEAR
-CVE-2016-10863
- RESERVED
+CVE-2016-10863 (Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with ...)
+ TODO: check
CVE-2019-14661
RESERVED
CVE-2019-14660
@@ -309,8 +355,8 @@ CVE-2019-14655
REJECTED
CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...)
NOT-FOR-US: Joomla!
-CVE-2018-20954
- RESERVED
+CVE-2018-20954 (The "Security and Privacy" Encryption feature in Mailpile before 1.0.0 ...)
+ TODO: check
CVE-2019-XXXX [Buffer overflow during processing of large server replies]
- pump <unfixed> (bug #933674)
CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...)
@@ -559,8 +605,8 @@ CVE-2019-14536
RESERVED
CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a ...)
NOT-FOR-US: ANNKE SP1 HD wireless camera devices
-CVE-2016-10862
- RESERVED
+CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for the root ...)
+ TODO: check
CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...)
NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2019-14535
@@ -13127,13 +13173,14 @@ CVE-2019-10210
NOT-FOR-US: EnterpriseDB Windows installer
CVE-2019-10209 [postgres: Fix execution of hashed subplans that require cross-type comparison]
RESERVED
+ {DSA-4493-1}
- postgresql-11 11.5-1
- postgresql-9.6 <not-affected> (Only affects PostgreSQL 11)
- postgresql-9.4 <not-affected> (Only affects PostgreSQL 11)
NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary type when using functional cast syntax]
RESERVED
- {DLA-1874-1}
+ {DSA-4493-1 DSA-4492-1 DLA-1874-1}
- postgresql-11 11.5-1
- postgresql-9.6 <removed>
- postgresql-9.4 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80fbc4995664d478104cb276705b3be9004dd806
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80fbc4995664d478104cb276705b3be9004dd806
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/32328938/attachment.html>
More information about the debian-security-tracker-commits
mailing list