[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 9 21:10:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ce91c7b by security tracker role at 2019-08-09T20:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,37 +1,53 @@
-CVE-2019-14801
+CVE-2019-14808
RESERVED
-CVE-2019-14800
- RESERVED
-CVE-2019-14799
+CVE-2019-14807
RESERVED
-CVE-2019-14798
+CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...)
+ TODO: check
+CVE-2019-14805 (studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the ...)
+ TODO: check
+CVE-2019-14804 (studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via t ...)
+ TODO: check
+CVE-2019-14803
RESERVED
-CVE-2019-14797
+CVE-2019-14802
RESERVED
-CVE-2019-14796
+CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privi ...)
+ TODO: check
+CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress ...)
+ TODO: check
+CVE-2019-14800
RESERVED
+CVE-2019-14799 (The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress ...)
+ TODO: check
+CVE-2019-14798 (The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authent ...)
+ TODO: check
+CVE-2019-14797 (The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authent ...)
+ TODO: check
+CVE-2019-14796 (The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products ...)
+ TODO: check
CVE-2019-14795
RESERVED
-CVE-2019-14794
- RESERVED
-CVE-2019-14793
- RESERVED
-CVE-2019-14792
- RESERVED
-CVE-2019-14791
- RESERVED
+CVE-2019-14794 (The Meta Box plugin before 4.16.2 for WordPress mishandles the uploadi ...)
+ TODO: check
+CVE-2019-14793 (The Meta Box plugin before 4.16.3 for WordPress allows file deletion v ...)
+ TODO: check
+CVE-2019-14792 (The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via ...)
+ TODO: check
+CVE-2019-14791 (The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XS ...)
+ TODO: check
CVE-2019-14790
RESERVED
CVE-2019-14789
RESERVED
CVE-2019-14788
RESERVED
-CVE-2019-14787
- RESERVED
+CVE-2019-14787 (The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XS ...)
+ TODO: check
CVE-2019-14786
RESERVED
-CVE-2019-14785
- RESERVED
+CVE-2019-14785 (The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress h ...)
+ TODO: check
CVE-2019-14784
RESERVED
CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
@@ -42,8 +58,8 @@ CVE-2019-14781
RESERVED
CVE-2019-14780
RESERVED
-CVE-2016-10865
- RESERVED
+CVE-2016-10865 (The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cros ...)
+ TODO: check
CVE-2019-14779
RESERVED
CVE-2019-14778
@@ -124,6 +140,7 @@ CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exist
- radare2 <unfixed> (bug #934204)
NOTE: https://github.com/radare/radare2/pull/14690
CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...)
+ {DSA-4494-1}
- kconfig 5.54.0-2 (bug #934267)
- kde4libs <unfixed> (bug #934268)
[buster] - kde4libs <no-dsa> (Minor issue)
@@ -1449,8 +1466,7 @@ CVE-2019-14435
RESERVED
CVE-2019-14434
RESERVED
-CVE-2019-14433 [Nova Server Resource Faults Leak External Exception Details]
- RESERVED
+CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x before ...)
- nova <unfixed> (bug #934114)
NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html
NOTE: https://launchpad.net/bugs/1837877
@@ -1606,8 +1622,8 @@ CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed c
NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10617 (0.2.10635-beta34)
CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a Chemical ...)
NOT-FOR-US: Open edX
-CVE-2018-20858
- RESERVED
+CVE-2018-20858 (Recommender before 2018-07-18 allows XSS. ...)
+ TODO: check
CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes a Mongo ...)
NOT-FOR-US: Open edX
CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger password-re ...)
@@ -1750,8 +1766,8 @@ CVE-2019-14314
RESERVED
CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...)
NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
-CVE-2019-14312
- RESERVED
+CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...)
+ TODO: check
CVE-2019-14311
RESERVED
CVE-2019-14310
@@ -2022,8 +2038,7 @@ CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x b
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x)
NOTE: https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79 (1.11.x)
-CVE-2019-14234 [SQL injection possibility in key and index lookups for JSONField/HStoreField]
- RESERVED
+CVE-2019-14234 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...)
- python-django 2:2.2.4-1 (bug #934026)
[jessie] - python-django <not-affected> (Vulnerable code not present)
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
@@ -6516,8 +6531,8 @@ CVE-2019-12807
RESERVED
CVE-2019-12806
RESERVED
-CVE-2019-12805
- RESERVED
+CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have ...)
+ TODO: check
CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...)
NOT-FOR-US: Hunesion i-oneNet
CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the sp ...)
@@ -7883,7 +7898,7 @@ CVE-2019-12281
RESERVED
CVE-2019-12280 (PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. ...)
NOT-FOR-US: PC-Doctor Toolbox
-CVE-2019-12279 (Nagios XI 5.6.1 allows SQL injection via the username parameter to log ...)
+CVE-2019-12279 (** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username p ...)
NOT-FOR-US: Nagios XI
CVE-2019-12278
RESERVED
@@ -7915,26 +7930,26 @@ CVE-2019-12267
RESERVED
CVE-2019-12266
RESERVED
-CVE-2019-12265
- RESERVED
+CVE-2019-12265 (Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Le ...)
+ TODO: check
CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect ...)
NOT-FOR-US: Wind River VxWorks
-CVE-2019-12263
- RESERVED
+CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP comp ...)
+ TODO: check
CVE-2019-12262
RESERVED
CVE-2019-12261
RESERVED
CVE-2019-12260
RESERVED
-CVE-2019-12259
- RESERVED
+CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3 ...)
+ TODO: check
CVE-2019-12258
RESERVED
-CVE-2019-12257
- RESERVED
-CVE-2019-12256
- RESERVED
+CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP clien ...)
+ TODO: check
+CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...)
+ TODO: check
CVE-2019-12255
RESERVED
CVE-2019-12254
@@ -9074,8 +9089,8 @@ CVE-2019-11778
RESERVED
CVE-2019-11777
RESERVED
-CVE-2019-11776
- RESERVED
+CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflecte ...)
+ TODO: check
CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11774
@@ -26185,8 +26200,8 @@ CVE-2019-5500
RESERVED
CVE-2019-5499
RESERVED
-CVE-2019-5498
- RESERVED
+CVE-2019-5498 (OnCommand Insight versions through 7.3.6 may disclose sensitive accoun ...)
+ TODO: check
CVE-2019-5497 (NetApp AFF A700s Baseboard Management Controller (BMC) firmware versio ...)
NOT-FOR-US: NetApp AFF A700s Baseboard Management Controller firmware
CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...)
@@ -26433,34 +26448,34 @@ CVE-2019-5410
RESERVED
CVE-2019-5409
RESERVED
-CVE-2019-5408
- RESERVED
-CVE-2019-5407
- RESERVED
-CVE-2019-5406
- RESERVED
-CVE-2019-5405
- RESERVED
-CVE-2019-5404
- RESERVED
-CVE-2019-5403
- RESERVED
-CVE-2019-5402
- RESERVED
+CVE-2019-5408 (Command View Advanced Edition (CVAE) products contain a vulnerability ...)
+ TODO: check
+CVE-2019-5407 (A remote information disclosure vulnerability was discovered in HPE 3P ...)
+ TODO: check
+CVE-2019-5406 (A remote session reuse vulnerability was discovered in HPE 3PAR StoreS ...)
+ TODO: check
+CVE-2019-5405 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...)
+ TODO: check
+CVE-2019-5404 (A remote script injection vulnerability was discovered in HPE 3PAR Sto ...)
+ TODO: check
+CVE-2019-5403 (A remote multiple cross-site scripting vulnerability was discovered in ...)
+ TODO: check
+CVE-2019-5402 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...)
+ TODO: check
CVE-2019-5401 (A potential security vulnerability has been identified in HP2910al-48G ...)
NOT-FOR-US: HP HP2910al-48G
-CVE-2019-5400
- RESERVED
-CVE-2019-5399
- RESERVED
-CVE-2019-5398
- RESERVED
-CVE-2019-5397
- RESERVED
-CVE-2019-5396
- RESERVED
-CVE-2019-5395
- RESERVED
+CVE-2019-5400 (A remote session reuse vulnerability was discovered in HPE 3PAR Servic ...)
+ TODO: check
+CVE-2019-5399 (A remote gain authorized access vulnerability was discovered in HPE 3P ...)
+ TODO: check
+CVE-2019-5398 (A remote multiple multiple cross-site vulnerability was discovered in ...)
+ TODO: check
+CVE-2019-5397 (A remote bypass of security restrictions vulnerability was discovered ...)
+ TODO: check
+CVE-2019-5396 (A remote authentication bypass vulnerability was discovered in HPE 3PA ...)
+ TODO: check
+CVE-2019-5395 (A remote arbitrary file upload vulnerability was discovered in HPE 3PA ...)
+ TODO: check
CVE-2019-5394 (The HPE Nonstop Maintenance Entity family of products are vulnerable t ...)
NOT-FOR-US: HPE
CVE-2019-5393 (A remote code execution vulnerability was identified in HPE Intelligen ...)
@@ -63332,7 +63347,7 @@ CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0 (1.4.2)
CVE-2018-11211
RESERVED
-CVE-2018-11210 (TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::P ...)
+CVE-2018-11210 (** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the ...)
- tinyxml2 <unfixed> (bug #899063; unimportant)
NOTE: https://github.com/leethomason/tinyxml2/issues/675
NOTE: Non-real issue, missuse of API
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ce91c7bcf3085269b04760fef6bc22b2510bcf6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ce91c7bcf3085269b04760fef6bc22b2510bcf6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/2ee67ee7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list